{"_module.args": {"declarations": ["lib/modules.nix"], "description": "Additional arguments passed to each module in addition to ones\nlike `lib`, `config`,\nand `pkgs`, `modulesPath`.\n\nThis option is also available to all submodules. Submodules do not\ninherit args from their parent module, nor do they provide args to\ntheir parent module or sibling submodules. The sole exception to\nthis is the argument `name` which is provided by\nparent modules to a submodule and contains the attribute name\nthe submodule is bound to, or a unique generated name if it is\nnot bound to an attribute.\n\nSome arguments are already passed by default, of which the\nfollowing *cannot* be changed with this option:\n- {var}`lib`: The nixpkgs library.\n- {var}`config`: The results of all options after merging the values from all modules together.\n- {var}`options`: The options declared in all modules.\n- {var}`specialArgs`: The `specialArgs` argument passed to `evalModules`.\n- All attributes of {var}`specialArgs`\n\n  Whereas option values can generally depend on other option values\n  thanks to laziness, this does not apply to `imports`, which\n  must be computed statically before anything else.\n\n  For this reason, callers of the module system can provide `specialArgs`\n  which are available during import resolution.\n\n  For NixOS, `specialArgs` includes\n  {var}`modulesPath`, which allows you to import\n  extra modules from the nixpkgs package tree without having to\n  somehow make the module aware of the location of the\n  `nixpkgs` or NixOS directories.\n  ```\n  { modulesPath, ... }: {\n    imports = [\n      (modulesPath + \"/profiles/minimal.nix\")\n    ];\n  }\n  ```\n\nFor NixOS, the default value for this option includes at least this argument:\n- {var}`pkgs`: The nixpkgs package set according to\n  the {option}`nixpkgs.pkgs` option.\n", "loc": ["_module", "args"], "readOnly": false, "type": "lazy attribute set of raw value"}, "appstream.enable": {"declarations": ["nixos/modules/config/appstream.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install files to support the\n[AppStream metadata specification](https://www.freedesktop.org/software/appstream/docs/index.html).\n", "loc": ["appstream", "enable"], "readOnly": false, "type": "boolean"}, "boot.bcache.enable": {"declarations": ["nixos/modules/tasks/bcache.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable bcache mount support.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["boot", "bcache", "enable"], "readOnly": false, "type": "boolean"}, "boot.bcachefs.package": {"declarations": ["nixos/modules/tasks/filesystems/bcachefs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bcachefs-tools"}, "description": "The bcachefs-tools package to use. This package should also provide a passthru 'kernelModule'\nattribute to build the out-of-tree kernel module.\n", "loc": ["boot", "bcachefs", "package"], "readOnly": false, "type": "package"}, "boot.binfmt.addEmulatedSystemsToNixSandbox": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add the {option}`boot.binfmt.emulatedSystems` to {option}`nix.settings.extra-platforms`.\nDisable this to use remote builders for those platforms, while allowing testing binaries locally.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["boot", "binfmt", "addEmulatedSystemsToNixSandbox"], "readOnly": false, "type": "boolean"}, "boot.binfmt.emulatedSystems": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of systems to emulate. Will also configure Nix to\nsupport your new systems.\nWarning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wasm32-wasi\"\n  \"x86_64-windows\"\n  \"aarch64-linux\"\n]"}, "loc": ["boot", "binfmt", "emulatedSystems"], "readOnly": false, "type": "list of (one of \"aarch64-linux\", \"aarch64_be-linux\", \"alpha-linux\", \"armv6l-linux\", \"armv7l-linux\", \"i386-linux\", \"i486-linux\", \"i586-linux\", \"i686-linux\", \"i686-windows\", \"loongarch64-linux\", \"mips-linux\", \"mips64-linux\", \"mips64-linuxabin32\", \"mips64el-linux\", \"mips64el-linuxabin32\", \"mipsel-linux\", \"powerpc-linux\", \"powerpc64-linux\", \"powerpc64le-linux\", \"riscv32-linux\", \"riscv64-linux\", \"s390x-linux\", \"sparc-linux\", \"sparc64-linux\", \"wasm32-wasi\", \"wasm64-wasi\", \"x86_64-linux\", \"x86_64-windows\")"}, "boot.binfmt.preferStaticEmulators": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use static emulators when available.\n\nThis enables the kernel to preload the emulator binaries when\nthe binfmt registrations are added, obviating the need to make\nthe emulator binaries available inside chroots and chroot-like\nsandboxes.\n", "loc": ["boot", "binfmt", "preferStaticEmulators"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra binary formats to register with the kernel.\nSee <https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html> for more details.\n", "loc": ["boot", "binfmt", "registrations"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.binfmt.registrations.<name>.fixBinary": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the interpreter file as soon as the\nregistration is loaded, rather than waiting for a\nrelevant file to be invoked.\n\nSee the description of the 'F' flag in the kernel docs\nfor more details.\n", "loc": ["boot", "binfmt", "registrations", "<name>", "fixBinary"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations.<name>.interpreter": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "description": "The interpreter to invoke to run the program.\n\nNote that the actual registration will point to\n/run/binfmt/${name}, so the kernel interpreter length\nlimit doesn't apply.\n", "loc": ["boot", "binfmt", "registrations", "<name>", "interpreter"], "readOnly": false, "type": "absolute path"}, "boot.binfmt.registrations.<name>.magicOrExtension": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "description": "The magic number or extension to match on.", "loc": ["boot", "binfmt", "registrations", "<name>", "magicOrExtension"], "readOnly": false, "type": "string"}, "boot.binfmt.registrations.<name>.mask": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A mask to be ANDed with the byte sequence of the file before matching", "loc": ["boot", "binfmt", "registrations", "<name>", "mask"], "readOnly": false, "type": "null or string"}, "boot.binfmt.registrations.<name>.matchCredentials": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to launch with the credentials and security\ntoken of the binary, not the interpreter (e.g. setuid\nbit).\n\nSee the description of the 'C' flag in the kernel docs\nfor more details.\n\nImplies/requires openBinary = true.\n", "loc": ["boot", "binfmt", "registrations", "<name>", "matchCredentials"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations.<name>.offset": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The byte offset of the magic number used for recognition.", "loc": ["boot", "binfmt", "registrations", "<name>", "offset"], "readOnly": false, "type": "null or signed integer"}, "boot.binfmt.registrations.<name>.openBinary": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to pass the binary to the interpreter as an open\nfile descriptor, instead of a path.\n", "loc": ["boot", "binfmt", "registrations", "<name>", "openBinary"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations.<name>.preserveArgvZero": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to pass the original argv[0] to the interpreter.\n\nSee the description of the 'P' flag in the kernel docs\nfor more details;\n", "loc": ["boot", "binfmt", "registrations", "<name>", "preserveArgvZero"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations.<name>.recognitionType": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "\"magic\""}, "description": "Whether to recognize executables by magic number or extension.", "loc": ["boot", "binfmt", "registrations", "<name>", "recognitionType"], "readOnly": false, "type": "one of \"magic\", \"extension\""}, "boot.binfmt.registrations.<name>.wrapInterpreterInShell": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to wrap the interpreter in a shell script.\n\nThis allows a shell command to be set as the interpreter.\n", "loc": ["boot", "binfmt", "registrations", "<name>", "wrapInterpreterInShell"], "readOnly": false, "type": "boolean"}, "boot.blacklistedKernelModules": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of names of kernel modules that should not be loaded\nautomatically by the hardware probing code. This can either be\na list of modules or an attrset. In an attrset, names that are\nset to `true` represent modules that will be blacklisted.\n", "example": {"_type": "literalExpression", "text": "[\n  \"cirrusfb\"\n  \"i2c_piix4\"\n]"}, "loc": ["boot", "blacklistedKernelModules"], "readOnly": false, "type": "(attribute set of boolean) or (list of string) convertible to it"}, "boot.bootspec.enableValidation": {"declarations": ["nixos/modules/system/activation/bootspec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the validation of bootspec documents for each build.\n      This will introduce Go in the build-time closure as we are relying on [Cuelang](https://cuelang.org/) for schema validation.\n      Enable this option if you want to ascertain that your documents are correct\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "bootspec", "enableValidation"], "readOnly": false, "type": "boolean"}, "boot.bootspec.extensions": {"declarations": ["nixos/modules/system/activation/bootspec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "User-defined data that extends the bootspec document.\n\nTo reduce incompatibility and prevent names from clashing\nbetween applications, it is **highly recommended** to use a\nunique namespace for your extensions.\n", "loc": ["boot", "bootspec", "extensions"], "readOnly": false, "type": "attribute set of anything"}, "boot.bootspec.package": {"declarations": ["nixos/modules/system/activation/bootspec.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bootspec"}, "description": "The bootspec package to use.", "loc": ["boot", "bootspec", "package"], "readOnly": false, "type": "package"}, "boot.consoleLogLevel": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "The kernel console `loglevel`. All Kernel Messages with a log level smaller\nthan this setting will be printed to the console.\n", "loc": ["boot", "consoleLogLevel"], "readOnly": false, "type": "signed integer"}, "boot.crashDump.enable": {"declarations": ["nixos/modules/misc/crashdump.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, NixOS will set up a kernel that will\nboot on crash, and leave the user in systemd rescue\nto be able to save the crashed kernel dump at\n/proc/vmcore.\nIt also activates the NMI watchdog.\n", "loc": ["boot", "crashDump", "enable"], "readOnly": false, "type": "boolean"}, "boot.crashDump.kernelParams": {"declarations": ["nixos/modules/misc/crashdump.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"1\"\n  \"boot.shell_on_fail\"\n]"}, "description": "Parameters that will be passed to the kernel kexec-ed on crash.\n", "loc": ["boot", "crashDump", "kernelParams"], "readOnly": false, "type": "list of string"}, "boot.crashDump.reservedMemory": {"declarations": ["nixos/modules/misc/crashdump.nix"], "default": {"_type": "literalExpression", "text": "\"128M\""}, "description": "The amount of memory reserved for the crashdump kernel.\nIf you choose a too high value, dmesg will mention\n\"crashkernel reservation failed\".\n", "loc": ["boot", "crashDump", "reservedMemory"], "readOnly": false, "type": "string"}, "boot.devShmSize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"50%\""}, "description": "Size limit for the /dev/shm tmpfs. Look at {manpage}`mount(8)`, tmpfs size option,\nfor the accepted syntax.\n", "example": {"_type": "literalExpression", "text": "\"256m\""}, "loc": ["boot", "devShmSize"], "readOnly": false, "type": "string"}, "boot.devSize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"5%\""}, "description": "Size limit for the /dev tmpfs. Look at {manpage}`mount(8)`, tmpfs size option,\nfor the accepted syntax.\n", "example": {"_type": "literalExpression", "text": "\"32m\""}, "loc": ["boot", "devSize"], "readOnly": false, "type": "string"}, "boot.extraModprobeConfig": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional configuration to be appended to the generated\n{file}`modprobe.conf`.  This is typically used to\nspecify module options.  See\n{manpage}`modprobe.d(5)` for details.\n", "example": {"_type": "literalExpression", "text": "''\n  options parport_pc io=0x378 irq=7 dma=1\n''"}, "loc": ["boot", "extraModprobeConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.extraModulePackages": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of additional packages supplying kernel modules.", "example": {"_type": "literalExpression", "text": "[ config.boot.kernelPackages.nvidia_x11 ]"}, "loc": ["boot", "extraModulePackages"], "readOnly": false, "type": "list of package"}, "boot.extraSystemdUnitPaths": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable\nthat can contain mutable unit files.\n", "loc": ["boot", "extraSystemdUnitPaths"], "readOnly": false, "type": "list of string"}, "boot.growPartition": {"declarations": ["nixos/modules/system/boot/grow-partition.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable growing the root partition on boot.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "growPartition"], "readOnly": false, "type": "boolean"}, "boot.hardwareScan": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to try to load kernel modules for all detected hardware.\nUsually this does a good job of providing you with the modules\nyou need, but sometimes it can crash the system or cause other\nnasty effects.\n", "loc": ["boot", "hardwareScan"], "readOnly": false, "type": "boolean"}, "boot.initrd.allowMissingModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the initrd can be built even though modules listed in\n{option}`boot.initrd.kernelModules` or\n{option}`boot.initrd.availableKernelModules` are missing from\nthe kernel. This is useful when combining configurations that\ninclude a lot of modules, such as\n{option}`hardware.enableAllHardware`, with kernels that don't\nprovide as many modules as typical NixOS kernels.\n\nNote that enabling this is discouraged. Instead, try disabling\nindividual modules by setting e.g.\n`boot.initrd.availableKernelModules.foo = lib.mkForce false;`\n", "loc": ["boot", "initrd", "allowMissingModules"], "readOnly": false, "type": "boolean"}, "boot.initrd.availableKernelModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The set of kernel modules in the initial ramdisk used during the\nboot process.  This set must include all modules necessary for\nmounting the root device.  That is, it should include modules\nfor the physical device (e.g., SCSI drivers) and for the file\nsystem (e.g., ext3).  The set specified here is automatically\nclosed under the module dependency relation, i.e., all\ndependencies of the modules list here are included\nautomatically.  The modules listed here are available in the\ninitrd, but are only loaded on demand (e.g., the ext3 module is\nloaded automatically when an ext3 filesystem is mounted, and\nmodules for PCI devices are loaded when they match the PCI ID\nof a device in your system).  To force a module to be loaded,\ninclude it in {option}`boot.initrd.kernelModules`.\n\nThis can either be a list of modules, or an attrset. In an\nattrset, names that are set to `true` represent modules that will\nbe included. Note that setting these names to `false` does not\nprevent the module from being loaded. For that, use\n{option}`boot.blacklistedKernelModules`.\n\n", "example": {"_type": "literalExpression", "text": "[\n  \"sata_nv\"\n  \"ext3\"\n]"}, "loc": ["boot", "initrd", "availableKernelModules"], "readOnly": false, "type": "(attribute set of boolean) or (list of string) convertible to it"}, "boot.initrd.checkJournalingFS": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run {command}`fsck` on journaling filesystems such as ext3.\n", "loc": ["boot", "initrd", "checkJournalingFS"], "readOnly": false, "type": "boolean"}, "boot.initrd.clevis.devices": {"declarations": ["nixos/modules/system/boot/clevis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Encrypted devices that need to be unlocked at boot using Clevis", "loc": ["boot", "initrd", "clevis", "devices"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.clevis.devices.<name>.secretFile": {"declarations": ["nixos/modules/system/boot/clevis.nix"], "description": "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).", "loc": ["boot", "initrd", "clevis", "devices", "<name>", "secretFile"], "readOnly": false, "type": "absolute path"}, "boot.initrd.clevis.enable": {"declarations": ["nixos/modules/system/boot/clevis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Clevis in initrd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "clevis", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.clevis.package": {"declarations": ["nixos/modules/system/boot/clevis.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clevis"}, "description": "The clevis package to use.", "loc": ["boot", "initrd", "clevis", "package"], "readOnly": false, "type": "package"}, "boot.initrd.clevis.useTang": {"declarations": ["nixos/modules/system/boot/clevis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin.", "loc": ["boot", "initrd", "clevis", "useTang"], "readOnly": false, "type": "boolean"}, "boot.initrd.compressor": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalMD", "text": "`zstd` if the kernel supports it (5.9+), `gzip` if not"}, "description": "The compressor to use on the initrd image. May be any of:\n\n- The name of one of the predefined compressors, see {file}`pkgs/build-support/kernel/initrd-compressor-meta.nix` for the definitions.\n- A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. `pkgs: \"${pkgs.pigz}/bin/pigz\"`\n- (not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. `\"${pkgs.pigz}/bin/pigz\"`\n\nThe given program should read data from stdin and write it to stdout compressed.\n", "example": {"_type": "literalExpression", "text": "\"xz\""}, "loc": ["boot", "initrd", "compressor"], "readOnly": false, "type": "string or function that evaluates to a(n) string"}, "boot.initrd.compressorArgs": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults.", "loc": ["boot", "initrd", "compressorArgs"], "readOnly": false, "type": "null or (list of string)"}, "boot.initrd.enable": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.isContainer"}, "description": "Whether to enable the NixOS initial RAM disk (initrd). This may be\nneeded to perform some initialisation tasks (like mounting\nnetwork/encrypted file systems) before continuing the boot process.\n", "loc": ["boot", "initrd", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.extraFiles": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra files to link and copy in to the initrd.\n", "loc": ["boot", "initrd", "extraFiles"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.extraFiles.<name>.source": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "description": "The object to make available inside the initrd.", "loc": ["boot", "initrd", "extraFiles", "<name>", "source"], "readOnly": false, "type": "package"}, "boot.initrd.extraFirmwarePaths": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Other firmware files (relative to `\"${config.hardware.firmware}/lib/firmware\"`) to include in the final initrd we are building.\n", "loc": ["boot", "initrd", "extraFirmwarePaths"], "readOnly": false, "type": "list of string"}, "boot.initrd.includeDefaultModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "This option, if set, adds a collection of default kernel modules\nto {option}`boot.initrd.availableKernelModules` and\n{option}`boot.initrd.kernelModules`.\n", "loc": ["boot", "initrd", "includeDefaultModules"], "readOnly": false, "type": "boolean"}, "boot.initrd.kernelModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of modules that are always loaded by the initrd.\n\nThis can either be a list of modules, or an attrset. In an\nattrset, names that are set to `true` represent modules that will\nbe included. Note that setting these names to `false` does not\nprevent the module from being loaded. For that, use\n{option}`boot.blacklistedKernelModules`.\n\n", "loc": ["boot", "initrd", "kernelModules"], "readOnly": false, "type": "(attribute set of boolean) or (list of string) convertible to it"}, "boot.initrd.luks.cryptoModules": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"aes\"\n  \"aes_generic\"\n  \"blowfish\"\n  \"twofish\"\n  \"serpent\"\n  \"cbc\"\n  \"xts\"\n  \"lrw\"\n  \"sha1\"\n  \"sha256\"\n  \"sha512\"\n  \"af_alg\"\n  \"algif_skcipher\"\n  \"cryptd\"\n  \"input_leds\"\n]"}, "description": "A list of cryptographic kernel modules needed to decrypt the root device(s).\nThe default includes all common modules.\n", "loc": ["boot", "initrd", "luks", "cryptoModules"], "readOnly": false, "type": "list of string"}, "boot.initrd.luks.devices": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The encrypted disk that should be opened before the root\nfilesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM\nsetups are supported. The unencrypted devices can be accessed as\n{file}`/dev/mapper/\u00abname\u00bb`.\n", "example": {"_type": "literalExpression", "text": "{\n  luksroot = {\n    device = \"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08\";\n  };\n}"}, "loc": ["boot", "initrd", "luks", "devices"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.luks.devices.<name>.allowDiscards": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow TRIM requests to the underlying device. This option\nhas security implications; please read the LUKS documentation before\nactivating it.\nThis option is incompatible with authenticated encryption (dm-crypt\nstacked over dm-integrity).\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "allowDiscards"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices.<name>.bypassWorkqueues": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to bypass dm-crypt's internal read and write workqueues.\nEnabling this should improve performance on SSDs; see\n[here](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance)\nfor more information. Needs Linux 5.9 or later.\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "bypassWorkqueues"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices.<name>.device": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "description": "Path of the underlying encrypted block device.", "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08\""}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "device"], "readOnly": false, "type": "string"}, "boot.initrd.luks.devices.<name>.fallbackToPassword": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to fallback to interactive passphrase prompt if the keyfile\ncannot be found. This will prevent unattended boot should the keyfile\ngo missing.\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "fallbackToPassword"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices.<name>.fido2.credential": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The FIDO2 credential ID.", "example": {"_type": "literalExpression", "text": "\"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2\""}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "fido2", "credential"], "readOnly": false, "type": "null or string"}, "boot.initrd.luks.devices.<name>.fido2.credentials": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of FIDO2 credential IDs.\n\nUse this if you have multiple FIDO2 keys you want to use for the same luks device.\n", "example": {"_type": "literalExpression", "text": "[\n  \"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2\"\n]"}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "fido2", "credentials"], "readOnly": false, "type": "list of string"}, "boot.initrd.luks.devices.<name>.fido2.gracePeriod": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Time in seconds to wait for the FIDO2 key.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "fido2", "gracePeriod"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.fido2.passwordLess": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Defines whatever to use an empty string as a default salt.\n\nEnable only when your device is PIN protected, such as [Trezor](https://trezor.io/).\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "fido2", "passwordLess"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices.<name>.gpgCard": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.\nIf null (the default), GPG-Smartcard will be disabled for this device.\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "gpgCard"], "readOnly": false, "type": "null or (submodule)"}, "boot.initrd.luks.devices.<name>.gpgCard.encryptedPass": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "description": "Path to the GPG encrypted passphrase.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "gpgCard", "encryptedPass"], "readOnly": false, "type": "absolute path"}, "boot.initrd.luks.devices.<name>.gpgCard.gracePeriod": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Time in seconds to wait for the GPG Smartcard.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "gpgCard", "gracePeriod"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.gpgCard.publicKey": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "description": "Path to the Public Key.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "gpgCard", "publicKey"], "readOnly": false, "type": "absolute path"}, "boot.initrd.luks.devices.<name>.header": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the file or block device that\nshould be used as header for the encrypted device.\n", "example": {"_type": "literalExpression", "text": "\"/root/header.img\""}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "header"], "readOnly": false, "type": "null or string"}, "boot.initrd.luks.devices.<name>.keyFile": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the file (can be a raw device or a partition) that\nshould be used as the decryption key for the encrypted device. If\nnot specified, you will be prompted for a passphrase instead.\n", "example": {"_type": "literalExpression", "text": "\"/dev/sdb1\""}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "keyFile"], "readOnly": false, "type": "null or string"}, "boot.initrd.luks.devices.<name>.keyFileOffset": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The offset of the key file. Use this in combination with\n`keyFileSize` to use part of a file as key file\n(often the case if a raw device or partition is used as a key file).\nIf not specified, the key begins at the first byte of\n`keyFile`.\n", "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "keyFileOffset"], "readOnly": false, "type": "null or signed integer"}, "boot.initrd.luks.devices.<name>.keyFileSize": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The size of the key file. Use this if only the beginning of the\nkey file should be used as a key (often the case if a raw device\nor partition is used as key file). If not specified, the whole\n`keyFile` will be used decryption, instead of just\nthe first `keyFileSize` bytes.\n", "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "keyFileSize"], "readOnly": false, "type": "null or signed integer"}, "boot.initrd.luks.devices.<name>.keyFileTimeout": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The amount of time in seconds for a keyFile to appear before\ntiming out and trying passwords.\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "keyFileTimeout"], "readOnly": false, "type": "null or signed integer"}, "boot.initrd.luks.devices.<name>.postOpenCommands": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands that should be run right after we have mounted our LUKS device.\n", "example": {"_type": "literalExpression", "text": "''\n  umount /tmp/persistent\n''"}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "postOpenCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.luks.devices.<name>.preLVM": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the luksOpen will be attempted before LVM scan or after it.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "preLVM"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices.<name>.preOpenCommands": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands that should be run right before we try to mount our LUKS device.\nThis can be useful, if the keys needed to open the drive is on another partition.\n", "example": {"_type": "literalExpression", "text": "''\n  mkdir -p /tmp/persistent\n  mount -t zfs rpool/safe/persistent /tmp/persistent\n''"}, "loc": ["boot", "initrd", "luks", "devices", "<name>", "preOpenCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.luks.devices.<name>.tryEmptyPassphrase": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If keyFile fails then try an empty passphrase first before\nprompting for password.\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "tryEmptyPassphrase"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices.<name>.yubikey": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The options to use for this LUKS device in YubiKey-PBA.\nIf null (the default), YubiKey-PBA will be disabled for this device.\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey"], "readOnly": false, "type": "null or (submodule)"}, "boot.initrd.luks.devices.<name>.yubikey.gracePeriod": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Time in seconds to wait for the YubiKey.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "gracePeriod"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.yubikey.iterationStep": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "How much the iteration count for PBKDF2 is increased at each successful authentication.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "iterationStep"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.yubikey.keyLength": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "64"}, "description": "Length of the LUKS slot key derived with PBKDF2 in byte.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "keyLength"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.yubikey.saltLength": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Length of the new salt in byte (64 is the effective maximum).", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "saltLength"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.yubikey.slot": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Which slot on the YubiKey to challenge.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "slot"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices.<name>.yubikey.storage.device": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "description": "An unencrypted device that will temporarily be mounted in stage-1.\nMust contain the current salt to create the challenge for this LUKS device.\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "storage", "device"], "readOnly": false, "type": "absolute path"}, "boot.initrd.luks.devices.<name>.yubikey.storage.fsType": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"vfat\""}, "description": "The filesystem of the unencrypted device.", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "storage", "fsType"], "readOnly": false, "type": "string"}, "boot.initrd.luks.devices.<name>.yubikey.storage.path": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"/crypt-storage/default\""}, "description": "Absolute path of the salt on the unencrypted device with\nthat device's root directory as \"/\".\n", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "storage", "path"], "readOnly": false, "type": "string"}, "boot.initrd.luks.devices.<name>.yubikey.twoFactor": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).", "loc": ["boot", "initrd", "luks", "devices", "<name>", "yubikey", "twoFactor"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.fido2Support": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables support for authenticating with FIDO2 devices.\n", "loc": ["boot", "initrd", "luks", "fido2Support"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.gpgSupport": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables support for authenticating with a GPG encrypted password.\n", "loc": ["boot", "initrd", "luks", "gpgSupport"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.mitigateDMAAttacks": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Unless enabled, encryption keys can be easily recovered by an attacker with physical\naccess to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port.\nMore information is available at <https://en.wikipedia.org/wiki/DMA_attack>.\n\nThis option blacklists FireWire drivers, but doesn't remove them. You can manually\nload the drivers if you need to use a FireWire device, but don't forget to unload them!\n", "loc": ["boot", "initrd", "luks", "mitigateDMAAttacks"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.reusePassphrases": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When opening a new LUKS device try reusing last successful\npassphrase.\n\nUseful for mounting a number of devices that use the same\npassphrase without retyping it several times.\n\nSuch setup can be useful if you use {command}`cryptsetup luksSuspend`.\nDifferent LUKS devices will still have\ndifferent master keys even when using the same passphrase.\n", "loc": ["boot", "initrd", "luks", "reusePassphrases"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.yubikeySupport": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables support for authenticating with a YubiKey on LUKS devices.\nSee the NixOS wiki for information on how to properly setup a LUKS device\nand a YubiKey to work with this feature.\n", "loc": ["boot", "initrd", "luks", "yubikeySupport"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.enable": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add network connectivity support to initrd. The network may be\nconfigured using the `ip` kernel parameter,\nas described in [the kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt).\nOtherwise, if\n{option}`networking.useDHCP` is enabled, an IP address\nis acquired using DHCP.\n\nYou should add the module(s) required for your network card to\nboot.initrd.availableKernelModules.\n`lspci -v | grep -iA8 'network\\|ethernet'`\nwill tell you which.\n", "loc": ["boot", "initrd", "network", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.flushBeforeStage2": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "\"!config.boot.initrd.systemd.enable\""}, "description": "Whether to clear the configuration of the interfaces that were set up in\nthe initrd right before stage 2 takes over. Stage 2 will do the regular network\nconfiguration based on the NixOS networking options.\n\nThe default is false when systemd is enabled in initrd,\nbecause the systemd-networkd documentation suggests it.\n", "loc": ["boot", "initrd", "network", "flushBeforeStage2"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ifstate.allowIfstateToDrasticlyIncreaseInitrdSize": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "IfState in initrd drastically increases the size of initrd, your boot partition may be too small and/or you may have significantly fewer generations. By setting this option, you acknowledge this fact and keep it in mind when reporting issues.", "loc": ["boot", "initrd", "network", "ifstate", "allowIfstateToDrasticlyIncreaseInitrdSize"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ifstate.cleanupSettings": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "{\n  interfaces = { };\n}"}, "description": "Content of IfState's initrd cleanup configuration file. See <https://ifstate.net/2.0/schema/> for details. This configuration gets applied before systemd switches to stage two. The goal is to deconfigurate the whole network in order to prevent access to services, before the firewall is configured. The stage two IfState configuration will start after the firewall is configured.", "loc": ["boot", "initrd", "network", "ifstate", "cleanupSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "boot.initrd.network.ifstate.enable": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable initrd networking using IfState.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "network", "ifstate", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ifstate.package": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ifstate.override { withConfigValidation = false; }"}, "description": "The initrd IfState package to use.", "loc": ["boot", "initrd", "network", "ifstate", "package"], "readOnly": false, "type": "package"}, "boot.initrd.network.ifstate.settings": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Content of IfState's initrd configuration file. See <https://ifstate.net/2.2/schema/> for details.", "loc": ["boot", "initrd", "network", "ifstate", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "boot.initrd.network.openvpn.configuration": {"declarations": ["nixos/modules/system/boot/initrd-openvpn.nix"], "description": "The configuration file for OpenVPN.\n\n::: {.warning}\nUnless your bootloader supports initrd secrets, this configuration\nis stored insecurely in the global Nix store.\n:::\n", "example": {"_type": "literalExpression", "text": "./configuration.ovpn"}, "loc": ["boot", "initrd", "network", "openvpn", "configuration"], "readOnly": false, "type": "absolute path"}, "boot.initrd.network.openvpn.enable": {"declarations": ["nixos/modules/system/boot/initrd-openvpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Starts an OpenVPN client during initrd boot. It can be used to e.g.\nremotely accessing the SSH service controlled by\n{option}`boot.initrd.network.ssh` or other network services\nincluded. Service is killed when stage-1 boot is finished.\n", "loc": ["boot", "initrd", "network", "openvpn", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.postCommands": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed after stage 1 of the\nboot has initialised the network.\n", "loc": ["boot", "initrd", "network", "postCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.network.ssh.authorizedKeyFiles": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "config.users.users.root.openssh.authorizedKeys.keyFiles"}, "description": "Authorized keys taken from files for the root user on initrd.\nYou can combine the `authorizedKeyFiles` and `authorizedKeys` options.\n", "loc": ["boot", "initrd", "network", "ssh", "authorizedKeyFiles"], "readOnly": false, "type": "list of absolute path"}, "boot.initrd.network.ssh.authorizedKeys": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "config.users.users.root.openssh.authorizedKeys.keys"}, "description": "Authorized keys for the root user on initrd.\nYou can combine the `authorizedKeys` and `authorizedKeyFiles` options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host\"\n  \"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar\"\n]"}, "loc": ["boot", "initrd", "network", "ssh", "authorizedKeys"], "readOnly": false, "type": "list of string"}, "boot.initrd.network.ssh.enable": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Start SSH service during initrd boot. It can be used to debug failing\nboot on a remote server, enter pasphrase for an encrypted partition etc.\nService is killed when stage-1 boot is finished.\n\nThe sshd configuration is largely inherited from\n{option}`services.openssh`.\n", "loc": ["boot", "initrd", "network", "ssh", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ssh.extraConfig": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim contents of {file}`sshd_config`.", "loc": ["boot", "initrd", "network", "ssh", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.network.ssh.hostKeys": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify SSH host keys to import into the initrd.\n\nTo generate keys, use\n{manpage}`ssh-keygen(1)`\nas root:\n\n```\nssh-keygen -t rsa -N \"\" -f /etc/secrets/initrd/ssh_host_rsa_key\nssh-keygen -t ed25519 -N \"\" -f /etc/secrets/initrd/ssh_host_ed25519_key\n```\n\n::: {.warning}\nUnless your bootloader supports initrd secrets, these keys\nare stored insecurely in the global Nix store. Do NOT use\nyour regular SSH host private keys for this purpose or\nyou'll expose them to regular users!\n\nAdditionally, even if your initrd supports secrets, if\nyou're using initrd SSH to unlock an encrypted disk then\nusing your regular host keys exposes the private keys on\nyour unencrypted boot partition.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/secrets/initrd/ssh_host_rsa_key\"\n  \"/etc/secrets/initrd/ssh_host_ed25519_key\"\n]"}, "loc": ["boot", "initrd", "network", "ssh", "hostKeys"], "readOnly": false, "type": "list of (string or absolute path)"}, "boot.initrd.network.ssh.ignoreEmptyHostKeys": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow leaving {option}`config.boot.initrd.network.ssh.hostKeys` empty,\nto deploy ssh host keys out of band.\n", "loc": ["boot", "initrd", "network", "ssh", "ignoreEmptyHostKeys"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ssh.port": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "22"}, "description": "Port on which SSH initrd service should listen.\n", "loc": ["boot", "initrd", "network", "ssh", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "boot.initrd.network.ssh.shell": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "\"\\\"/bin/ash\\\"\""}, "description": "Login shell of the remote user. Can be used to limit actions user can do.\n", "loc": ["boot", "initrd", "network", "ssh", "shell"], "readOnly": false, "type": "null or string"}, "boot.initrd.network.udhcpc.enable": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "config.networking.useDHCP"}, "description": "Enables the udhcpc service during stage 1 of the boot process. This\ndefaults to {option}`networking.useDHCP`. Therefore, this useful if\nuseDHCP is off but the initramfs should do dhcp.\n", "loc": ["boot", "initrd", "network", "udhcpc", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.udhcpc.extraArgs": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments passed verbatim to\nudhcpc if {option}`boot.initrd.network.enable` and\n{option}`boot.initrd.network.udhcpc.enable` are enabled.\n", "loc": ["boot", "initrd", "network", "udhcpc", "extraArgs"], "readOnly": false, "type": "list of string"}, "boot.initrd.nix-store-veritysetup.enable": {"declarations": ["nixos/modules/system/boot/nix-store-veritysetup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nix-store-veritysetup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "nix-store-veritysetup", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.postDeviceCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed immediately after stage 1 of the\nboot has loaded kernel modules and created device nodes in\n{file}`/dev`.\n", "loc": ["boot", "initrd", "postDeviceCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.postMountCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed immediately after the stage 1\nfilesystems have been mounted.\n", "loc": ["boot", "initrd", "postMountCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.postResumeCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed immediately after attempting to resume.\n", "loc": ["boot", "initrd", "postResumeCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.preDeviceCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed before udev is started to create\ndevice nodes.\n", "loc": ["boot", "initrd", "preDeviceCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.preFailCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed before the failure prompt is shown.\n", "loc": ["boot", "initrd", "preFailCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.preLVMCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed immediately before LVM discovery.\n", "loc": ["boot", "initrd", "preLVMCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.prepend": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Other initrd files to prepend to the final initrd we are building.\n", "loc": ["boot", "initrd", "prepend"], "readOnly": false, "type": "list of string"}, "boot.initrd.secrets": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Secrets to append to the initrd. The attribute name is the\npath the secret should have inside the initrd, the value\nis the path it should be copied from (or null for the same\npath inside and out).\n\nNote that `nixos-rebuild switch` will generate the initrd\nalso for past generations, so if secrets are moved or deleted\nyou will also have to garbage collect the generations that\nuse those secrets.\n", "example": {"_type": "literalExpression", "text": "{ \"/etc/dropbear/dropbear_rsa_host_key\" =\n    ./secret-dropbear-key;\n}\n"}, "loc": ["boot", "initrd", "secrets"], "readOnly": false, "type": "attribute set of (null or absolute path)"}, "boot.initrd.services.bcache.enable": {"declarations": ["nixos/modules/tasks/bcache.nix"], "default": {"_type": "literalExpression", "text": "config.boot.initrd.systemd.enable && config.boot.bcache.enable"}, "description": "*This will only be used when systemd is used in stage 1.*\n\nWhether to enable bcache support in the initrd.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "services", "bcache", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.services.lvm.enable": {"declarations": ["nixos/modules/tasks/lvm.nix"], "default": {"_type": "literalExpression", "text": "config.boot.initrd.systemd.enable && config.services.lvm.enable"}, "description": "*This will only be used when systemd is used in stage 1.*\n\nWhether to enable booting from LVM2 in the initrd.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "services", "lvm", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.services.resolved.enable": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "\"config.boot.initrd.systemd.network.enable\""}, "description": "Whether to enable resolved for stage 1 networking.\nUses the toplevel 'services.resolved' options for 'resolved.conf'\n", "loc": ["boot", "initrd", "services", "resolved", "enable"], "readOnly": false, "type": "unspecified value"}, "boot.initrd.services.udev.binPackages": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "*This will only be used when systemd is used in stage 1.*\n\nPackages to search for binaries that are referenced by the udev rules in stage 1.\nThis list always contains /bin of the initrd.\n", "loc": ["boot", "initrd", "services", "udev", "binPackages"], "readOnly": false, "type": "list of absolute path"}, "boot.initrd.services.udev.packages": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "*This will only be used when systemd is used in stage 1.*\n\nList of packages containing {command}`udev` rules that will be copied to stage 1.\nAll files found in\n{file}`\u00abpkg\u00bb/etc/udev/rules.d` and\n{file}`\u00abpkg\u00bb/lib/udev/rules.d`\nwill be included.\n", "loc": ["boot", "initrd", "services", "udev", "packages"], "readOnly": false, "type": "list of absolute path"}, "boot.initrd.services.udev.rules": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "{command}`udev` rules to include in the initrd\n*only*. They'll be written into file\n{file}`99-local.rules`. Thus they are read and applied\nafter the essential initrd rules.\n", "example": {"_type": "literalExpression", "text": "''\n  SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"00:1D:60:B9:6D:4F\", KERNEL==\"eth*\", NAME=\"my_fast_network_card\"\n''"}, "loc": ["boot", "initrd", "services", "udev", "rules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.stage1Greeting": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"<<< ${config.system.nixos.distroName} Stage 1 >>>\""}, "description": "The greeting message displayed during NixOS stage 1 boot.\n", "loc": ["boot", "initrd", "stage1Greeting"], "readOnly": false, "type": "string"}, "boot.initrd.supportedFilesystems": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Names of supported filesystem types, or an attribute set of file system types\nand their state. The set form may be used together with `lib.mkForce` to\nexplicitly disable support for specific filesystems, e.g. to disable ZFS\nwith an unsupported kernel.\n", "example": {"_type": "literalExpression", "text": "{\n  btrfs = true;\n  zfs = lib.mkForce false;\n}\n"}, "loc": ["boot", "initrd", "supportedFilesystems"], "readOnly": false, "type": "(attribute set of boolean) or (list of string) convertible to it"}, "boot.initrd.systemd.additionalUpstreamUnits": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional units shipped with systemd that shall be enabled.\n", "example": {"_type": "literalExpression", "text": "[\n  \"debug-shell.service\"\n  \"systemd-quotacheck.service\"\n]"}, "loc": ["boot", "initrd", "systemd", "additionalUpstreamUnits"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.automounts": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Definition of systemd automount units.\nThis is a list instead of an attrSet, because systemd mandates the names to be derived from\nthe 'where' attribute.\n", "loc": ["boot", "initrd", "systemd", "automounts"], "readOnly": false, "type": "list of (submodule)"}, "boot.initrd.systemd.contents": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of files that have to be linked into the initrd", "example": {"_type": "literalExpression", "text": "{\n  \"/etc/machine-id\".source = /etc/machine-id;\n}\n"}, "loc": ["boot", "initrd", "systemd", "contents"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.contents.<name>.dlopen.features": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Features to enable via dlopen ELF notes. These will be in\naddition to anything included via 'usePriority',\nregardless of their priority.\n", "loc": ["boot", "initrd", "systemd", "contents", "<name>", "dlopen", "features"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "boot.initrd.systemd.contents.<name>.dlopen.usePriority": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "\"recommended\""}, "description": "Priority of dlopen ELF notes to include. \"required\" is\nminimal, \"recommended\" includes \"required\", and\n\"suggested\" includes \"recommended\".\n\nSee: <https://systemd.io/ELF_DLOPEN_METADATA/>\n", "loc": ["boot", "initrd", "systemd", "contents", "<name>", "dlopen", "usePriority"], "readOnly": false, "type": "one of \"required\", \"recommended\", \"suggested\""}, "boot.initrd.systemd.contents.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable copying of this file and symlinking it.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "contents", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.contents.<name>.source": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "description": "Path of the source file.", "loc": ["boot", "initrd", "systemd", "contents", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "boot.initrd.systemd.contents.<name>.target": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the symlink.\n", "loc": ["boot", "initrd", "systemd", "contents", "<name>", "target"], "readOnly": false, "type": "null or absolute path"}, "boot.initrd.systemd.contents.<name>.text": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["boot", "initrd", "systemd", "contents", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "boot.initrd.systemd.dbus.enable": {"declarations": ["nixos/modules/services/system/dbus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dbus in stage 1.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "dbus", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.dmVerity.enable": {"declarations": ["nixos/modules/system/boot/systemd/dm-verity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Mount verity-protected block devices in the initrd.\n\nEnabling this option allows to use `systemd-veritysetup` and\n`systemd-veritysetup-generator` in the initrd.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "dmVerity", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.emergencyAccess": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to true for unauthenticated emergency access, and false or\nnull for no emergency access.\n\nCan also be set to a hashed super user password to allow\nauthenticated access to the emergency mode.\n\nFor emergency access after initrd, use `systemd.enableEmergencyMode` instead.\n", "loc": ["boot", "initrd", "systemd", "emergencyAccess"], "readOnly": false, "type": "boolean or null or (string, not containing newlines or colons)"}, "boot.initrd.systemd.enable": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable systemd in initrd. The unit options such as\n{option}`boot.initrd.systemd.services` are the same as their\nstage 2 counterparts such as {option}`systemd.services`,\nexcept that `restartTriggers` and `reloadTriggers` are not\nsupported.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.extraBin": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Tools to add to /bin\n", "example": {"_type": "literalExpression", "text": "{\n  umount = ${pkgs.util-linux}/bin/umount;\n}\n"}, "loc": ["boot", "initrd", "systemd", "extraBin"], "readOnly": false, "type": "attribute set of absolute path"}, "boot.initrd.systemd.fido2.enable": {"declarations": ["nixos/modules/system/boot/systemd/fido2.nix"], "default": {"_type": "literalExpression", "text": "config.boot.initrd.systemd.package.withFido2"}, "description": "Whether to enable systemd FIDO2 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "fido2", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.groups": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Groups to include in initrd.\n", "loc": ["boot", "initrd", "systemd", "groups"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.groups.<name>.gid": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "config.users.groups.${name}.gid"}, "description": "ID of the group in initrd.\n", "loc": ["boot", "initrd", "systemd", "groups", "<name>", "gid"], "readOnly": false, "type": "signed integer"}, "boot.initrd.systemd.initrdBin": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages to include in /bin for the stage 1 emergency shell.\n", "loc": ["boot", "initrd", "systemd", "initrdBin"], "readOnly": false, "type": "list of package"}, "boot.initrd.systemd.managerEnvironment": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    PATH = \"/bin:/sbin\";\n  }\n''"}, "description": "Environment variables of PID 1. These variables are\n*not* passed to started units.\n", "example": {"_type": "literalExpression", "text": "{\n  SYSTEMD_LOG_LEVEL = \"debug\";\n}"}, "loc": ["boot", "initrd", "systemd", "managerEnvironment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "boot.initrd.systemd.mounts": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Definition of systemd mount units.\nThis is a list instead of an attrSet, because systemd mandates the names to be derived from\nthe 'where' attribute.\n", "loc": ["boot", "initrd", "systemd", "mounts"], "readOnly": false, "type": "list of (submodule)"}, "boot.initrd.systemd.network.config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of global systemd network config.", "loc": ["boot", "initrd", "systemd", "network", "config"], "readOnly": false, "type": "submodule"}, "boot.initrd.systemd.network.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable networkd or not.\n", "loc": ["boot", "initrd", "systemd", "network", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.network.links": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd network links.", "loc": ["boot", "initrd", "systemd", "network", "links"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.network.netdevs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd network devices.", "loc": ["boot", "initrd", "systemd", "network", "netdevs"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.network.networks": {"declarations": ["nixos/modules/system/boot/networkd.nix", "nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd networks.", "loc": ["boot", "initrd", "systemd", "network", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.network.wait-online.anyInterface": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "\"config.networking.useDHCP\""}, "description": "Whether to consider the network online when any interface is online, as opposed to all of them.\nThis is useful on portable machines with a wired and a wireless interface, for example.\n\nThis is on by default if {option}`networking.useDHCP` is enabled.\n", "loc": ["boot", "initrd", "systemd", "network", "wait-online", "anyInterface"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.network.wait-online.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the systemd-networkd-wait-online service.\n\nsystemd-networkd-wait-online can timeout and fail if there are no network interfaces\navailable for it to manage. When systemd-networkd is enabled but a different service is\nresponsible for managing the system's internet connection (for example, NetworkManager or\nconnman are used to manage WiFi connections), this service is unnecessary and can be\ndisabled.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.network.wait-online.extraArgs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to systemd-networkd-wait-online.\nThese also affect per-interface `systemd-network-wait-online@` services.\n\nSee {manpage}`systemd-networkd-wait-online.service(8)` for all available options.\n", "loc": ["boot", "initrd", "systemd", "network", "wait-online", "extraArgs"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.network.wait-online.ignoredInterfaces": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Network interfaces to be ignored when deciding if the system is online.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wg0\"\n]"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "ignoredInterfaces"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.network.wait-online.timeout": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "Time to wait for the network to come online, in seconds. Set to 0 to disable.\n", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "timeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "boot.initrd.systemd.package": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "config.systemd.package"}, "description": "The systemd package to use.\n", "loc": ["boot", "initrd", "systemd", "package"], "readOnly": false, "type": "package"}, "boot.initrd.systemd.packages": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages providing systemd units and hooks.", "example": {"_type": "literalExpression", "text": "[ pkgs.systemd-cryptsetup-generator ]"}, "loc": ["boot", "initrd", "systemd", "packages"], "readOnly": false, "type": "list of package"}, "boot.initrd.systemd.paths": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd path units.", "loc": ["boot", "initrd", "systemd", "paths"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.repart.device": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The device to operate on.\n\nIf `device == null`, systemd-repart will operate on the device\nbacking the root partition. So in order to dynamically *create* the\nroot partition in the initrd you need to set a device.\n", "example": {"_type": "literalExpression", "text": "\"/dev/vda\""}, "loc": ["boot", "initrd", "systemd", "repart", "device"], "readOnly": false, "type": "null or string"}, "boot.initrd.systemd.repart.discard": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Controls whether to issue the BLKDISCARD I/O control command on the\nspace taken up by any added partitions or on the space in between them.\nUsually, it's a good idea to issue this request since it tells the underlying\nhardware that the covered blocks shall be considered empty, improving performance.\n\nSee {manpage}`systemd-repart(8)` for details.\n", "loc": ["boot", "initrd", "systemd", "repart", "discard"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.repart.empty": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "\"refuse\""}, "description": "Controls how to operate on empty devices that contain no partition table yet.\nSee {manpage}`systemd-repart(8)` for details.\n", "example": {"_type": "literalExpression", "text": "\"require\""}, "loc": ["boot", "initrd", "systemd", "repart", "empty"], "readOnly": false, "type": "one of \"refuse\", \"allow\", \"require\", \"force\", \"create\""}, "boot.initrd.systemd.repart.enable": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Grow and add partitions to a partition table at boot time in the initrd.\nsystemd-repart only works with GPT partition tables.\n\nTo run systemd-repart after the initrd, see\n`options.systemd.repart.enable`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "repart", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.repart.extraArgs": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to systemd-repart.\n\nSee {manpage}`systemd-repart(8)` for all available options.\n", "loc": ["boot", "initrd", "systemd", "repart", "extraArgs"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.root": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "\"fstab\""}, "description": "Controls how systemd will interpret the root FS in initrd. See\n{manpage}`kernel-command-line(7)`. NixOS currently does not\nallow specifying the root file system itself this\nway. Instead, the `fstab` value is used in order to interpret\nthe root file system specified with the `fileSystems` option.\n", "example": {"_type": "literalExpression", "text": "\"gpt-auto\""}, "loc": ["boot", "initrd", "systemd", "root"], "readOnly": false, "type": "one of \"fstab\", \"gpt-auto\""}, "boot.initrd.systemd.services": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd service units.", "loc": ["boot", "initrd", "systemd", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.settings.Manager": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{\n  DefaultEnvironment = \"PATH=/bin:/sbin\";\n}\n"}, "description": "Options for the global systemd service manager used in initrd. See {manpage}`systemd-system.conf(5)` man page\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  KExecWatchdogSec = \"5min\";\n  RebootWatchdogSec = \"10min\";\n  RuntimeWatchdogSec = \"30s\";\n  WatchdogDevice = \"/dev/watchdog\";\n}"}, "loc": ["boot", "initrd", "systemd", "settings", "Manager"], "readOnly": false, "type": "open submodule of attribute set of (systemd option)"}, "boot.initrd.systemd.slices": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of slice configurations.", "loc": ["boot", "initrd", "systemd", "slices"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.sockets": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd socket units.", "loc": ["boot", "initrd", "systemd", "sockets"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.storePaths": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Store paths to copy into the initrd as well.\n", "loc": ["boot", "initrd", "systemd", "storePaths"], "readOnly": false, "type": "list of ((submodule) or ((optionally newline-terminated) single-line string or package) convertible to it)"}, "boot.initrd.systemd.storePaths.*.dlopen.features": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Features to enable via dlopen ELF notes. These will be in\naddition to anything included via 'usePriority',\nregardless of their priority.\n", "loc": ["boot", "initrd", "systemd", "storePaths", "*", "dlopen", "features"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "boot.initrd.systemd.storePaths.*.dlopen.usePriority": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "\"recommended\""}, "description": "Priority of dlopen ELF notes to include. \"required\" is\nminimal, \"recommended\" includes \"required\", and\n\"suggested\" includes \"recommended\".\n\nSee: <https://systemd.io/ELF_DLOPEN_METADATA/>\n", "loc": ["boot", "initrd", "systemd", "storePaths", "*", "dlopen", "usePriority"], "readOnly": false, "type": "one of \"required\", \"recommended\", \"suggested\""}, "boot.initrd.systemd.storePaths.*.enable": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable copying of this file and symlinking it.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "storePaths", "*", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.storePaths.*.source": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "description": "Path of the source file.", "loc": ["boot", "initrd", "systemd", "storePaths", "*", "source"], "readOnly": false, "type": "absolute path"}, "boot.initrd.systemd.storePaths.*.target": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the symlink.\n", "loc": ["boot", "initrd", "systemd", "storePaths", "*", "target"], "readOnly": false, "type": "null or absolute path"}, "boot.initrd.systemd.suppressedStorePaths": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Store paths specified in the storePaths option that\nshould not be copied.\n", "loc": ["boot", "initrd", "systemd", "suppressedStorePaths"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "boot.initrd.systemd.suppressedUnits": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of units to skip when generating system systemd configuration directory. This has\npriority over upstream units, {option}`boot.initrd.systemd.units`, and\n{option}`boot.initrd.systemd.additionalUpstreamUnits`. The main purpose of this is to\nprevent a upstream systemd unit from being added to the initrd with any modifications made to it\nby other NixOS modules.\n", "example": {"_type": "literalExpression", "text": "[\n  \"systemd-backlight@.service\"\n]"}, "loc": ["boot", "initrd", "systemd", "suppressedUnits"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.targets": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd target units.", "loc": ["boot", "initrd", "systemd", "targets"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.timers": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd timer units.", "loc": ["boot", "initrd", "systemd", "timers"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.tmpfiles.settings": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Similar to {option}`systemd.tmpfiles.settings` but the rules are\nonly applied by systemd-tmpfiles before `initrd-switch-root.target`.\n\nSee {manpage}`bootup(7)`.\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-mypackage\" = {\n    \"/var/lib/my-service/statefolder\" = {\n      d = {\n        group = \"root\";\n        mode = \"0755\";\n        user = \"root\";\n      };\n    };\n  };\n}"}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings"], "readOnly": false, "type": "attribute set of attribute set of attribute set of (submodule)"}, "boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "Delete a file when it reaches a certain age.\n\nIf a file or directory is older than the current time minus the age\nfield, it is deleted.\n\nIf set to `\"-\"` no automatic clean-up is done.\n", "example": {"_type": "literalExpression", "text": "\"10d\""}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "age"], "readOnly": false, "type": "string"}, "boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "An argument whose meaning depends on the type of operation.\n\nPlease see the upstream documentation for the meaning of this\nparameter in different situations:\n{manpage}`tmpfiles.d(5)`\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "argument"], "readOnly": false, "type": "string"}, "boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "The group of the file.\n\nThis may either be a numeric ID or a user/group name.\n\nIf omitted or when set to `\"-\"`, the user and group of the user who\ninvokes systemd-tmpfiles is used.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "group"], "readOnly": false, "type": "string"}, "boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "The file access mode to use when creating this file or directory.\n", "example": {"_type": "literalExpression", "text": "\"0755\""}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "mode"], "readOnly": false, "type": "string"}, "boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039tmpfiles-type\u203a\""}, "description": "The type of operation to perform on the file.\n\nThe type consists of a single letter and optionally one or more\nmodifier characters.\n\nPlease see the upstream documentation for the available types and\nmore details:\n{manpage}`tmpfiles.d(5)`\n", "example": {"_type": "literalExpression", "text": "\"d\""}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "type"], "readOnly": false, "type": "string"}, "boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "The user of the file.\n\nThis may either be a numeric ID or a user/group name.\n\nIf omitted or when set to `\"-\"`, the user and group of the user who\ninvokes systemd-tmpfiles is used.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["boot", "initrd", "systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "user"], "readOnly": false, "type": "string"}, "boot.initrd.systemd.tpm2.enable": {"declarations": ["nixos/modules/system/boot/systemd/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"boot.initrd.systemd.package.withTpm2Units\""}, "description": "Whether to enable systemd initrd TPM2 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "tpm2", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.units": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd units.", "loc": ["boot", "initrd", "systemd", "units"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.users": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Users to include in initrd.\n", "loc": ["boot", "initrd", "systemd", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.users.<name>.group": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "config.users.users.${name}.group"}, "description": "Group the user belongs to in initrd.\n", "loc": ["boot", "initrd", "systemd", "users", "<name>", "group"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "boot.initrd.systemd.users.<name>.shell": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "${pkgs.shadow}/bin/nologin"}, "description": "The path to the user's shell in initrd.\n", "loc": ["boot", "initrd", "systemd", "users", "<name>", "shell"], "readOnly": false, "type": "absolute path, not containing newlines or colons"}, "boot.initrd.systemd.users.<name>.uid": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "config.users.users.${name}.uid"}, "description": "ID of the user in initrd.\n", "loc": ["boot", "initrd", "systemd", "users", "<name>", "uid"], "readOnly": false, "type": "signed integer"}, "boot.initrd.unl0kr.allowVendorDrivers": {"declarations": ["nixos/modules/system/boot/unl0kr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to load additional drivers for certain vendors (I.E: Wacom, Intel, etc.)", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "unl0kr", "allowVendorDrivers"], "readOnly": false, "type": "boolean"}, "boot.initrd.unl0kr.enable": {"declarations": ["nixos/modules/system/boot/unl0kr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "unl0kr", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.unl0kr.package": {"declarations": ["nixos/modules/system/boot/unl0kr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.buffybox"}, "description": "The buffybox package to use.", "loc": ["boot", "initrd", "unl0kr", "package"], "readOnly": false, "type": "package"}, "boot.initrd.unl0kr.settings": {"declarations": ["nixos/modules/system/boot/unl0kr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `unl0kr`.\n\nSee `unl0kr.conf(5)` for supported values.\n\nAlternatively, visit `https://gitlab.postmarketos.org/postmarketOS/buffybox/-/blob/3.2.0/unl0kr/unl0kr.conf`\n", "example": {"_type": "literalExpression", "text": "{\n  general.animations = true;\n  general.backend = \"drm\";\n  theme = {\n    default = \"pmos-dark\";\n    alternate = \"pmos-light\";\n  };\n}\n"}, "loc": ["boot", "initrd", "unl0kr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "boot.initrd.verbose": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Verbosity of the initrd. Please note that disabling verbosity removes\nonly the mandatory messages generated by the NixOS scripts. For a\ncompletely silent boot, you might also want to set the two following\nconfiguration options:\n\n- `boot.consoleLogLevel = 0;`\n- `boot.kernelParams = [ \"quiet\" \"udev.log_level=3\" ];`\n", "loc": ["boot", "initrd", "verbose"], "readOnly": false, "type": "boolean"}, "boot.iscsi-initiator.discoverPortal": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "iSCSI portal to boot from.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.1:3260\""}, "loc": ["boot", "iscsi-initiator", "discoverPortal"], "readOnly": false, "type": "null or string"}, "boot.iscsi-initiator.extraConfig": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra lines to append to /etc/iscsid.conf", "loc": ["boot", "iscsi-initiator", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "boot.iscsi-initiator.extraConfigFile": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Append an additional file's contents to `/etc/iscsid.conf`. Use a non-store path\nand store passwords in this file. Note: the file specified here must be available\nin the initrd, see: `boot.initrd.secrets`.\n", "loc": ["boot", "iscsi-initiator", "extraConfigFile"], "readOnly": false, "type": "null or string"}, "boot.iscsi-initiator.extraIscsiCommands": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra iscsi commands to run in the initrd.", "loc": ["boot", "iscsi-initiator", "extraIscsiCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.iscsi-initiator.logLevel": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Higher numbers elicits more logs.\n", "example": {"_type": "literalExpression", "text": "8"}, "loc": ["boot", "iscsi-initiator", "logLevel"], "readOnly": false, "type": "signed integer"}, "boot.iscsi-initiator.loginAll": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not log into a specific target on the portal, but to all that we discover.\nThis overrides setting target.\n", "loc": ["boot", "iscsi-initiator", "loginAll"], "readOnly": false, "type": "boolean"}, "boot.iscsi-initiator.name": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the iSCSI initiator to boot from. Note, booting from iscsi\nrequires networkd based networking.\n", "example": {"_type": "literalExpression", "text": "\"iqn.2020-08.org.linux-iscsi.initiatorhost:example\""}, "loc": ["boot", "iscsi-initiator", "name"], "readOnly": false, "type": "null or string"}, "boot.iscsi-initiator.target": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the iSCSI target to boot from.\n", "example": {"_type": "literalExpression", "text": "\"iqn.2020-08.org.linux-iscsi.targethost:example\""}, "loc": ["boot", "iscsi-initiator", "target"], "readOnly": false, "type": "null or string"}, "boot.kernel.enable": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the Linux kernel. This is useful for systemd-like containers which do not require a kernel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "kernel", "enable"], "readOnly": false, "type": "boolean"}, "boot.kernel.randstructSeed": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Provides a custom seed for the {var}`RANDSTRUCT` security\noption of the Linux kernel. Note that {var}`RANDSTRUCT` is\nonly enabled in NixOS hardened kernels. Using a custom seed requires\nbuilding the kernel and dependent packages locally, since this\ncustomization happens at build time.\n", "example": {"_type": "literalExpression", "text": "\"my secret seed\""}, "loc": ["boot", "kernel", "randstructSeed"], "readOnly": false, "type": "string"}, "boot.kernel.sysctl": {"declarations": ["nixos/modules/config/sysctl.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Runtime parameters of the Linux kernel, as set by\n{manpage}`sysctl(8)`.  Note that sysctl\nparameters names must be enclosed in quotes\n(e.g. `\"vm.swappiness\"` instead of\n`vm.swappiness`).  The value of each\nparameter may be a string, integer, boolean, or null\n(signifying the option will not appear at all).\n", "example": {"_type": "literalExpression", "text": "{ \"net.ipv4.tcp_syncookies\" = false; \"vm.swappiness\" = 60; }\n"}, "loc": ["boot", "kernel", "sysctl"], "readOnly": false, "type": "open submodule of attribute set of (sysctl option value)"}, "boot.kernel.sysctl.\"net.core.rmem_max\"": {"declarations": ["nixos/modules/config/sysctl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used.", "loc": ["boot", "kernel", "sysctl", "net.core.rmem_max"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "boot.kernel.sysctl.\"net.core.wmem_max\"": {"declarations": ["nixos/modules/config/sysctl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used.", "loc": ["boot", "kernel", "sysctl", "net.core.wmem_max"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "boot.kernel.sysfs": {"declarations": ["nixos/modules/config/sysfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "sysfs attributes to be set as soon as they become available.\n\nAttribute names represent path components in the sysfs filesystem and\ncannot be `.` or `..` nor contain any slash character (`/`).\n\nNames may contain shell\u2010style glob patterns (`*`, `?` and `[\u2026]`)\nmatching a single path component, these should however be used with\ncaution, as they may produce unexpected results if attribute paths\noverlap.\n\nValues will be converted to strings, with list elements concatenated\nwith commata and booleans converted to numeric values (`0` or `1`).\n\n`null` values are ignored, allowing removal of values defined in other\nmodules, as are empty attribute sets.\n\nList values defined in different modules will _not_ be concatenated.\n\nThis option may only be used for attributes which can be set\nidempotently, as the configured values might be written more than once.\n", "example": {"_type": "literalExpression", "text": "{\n  # enable transparent hugepages with deferred defragmentaion\n  kernel.mm.transparent_hugepage = {\n    enabled = \"always\";\n    defrag = \"defer\";\n    shmem_enabled = \"within_size\";\n  };\n\n  devices.system.cpu = {\n    # configure powesave frequency governor for all CPUs\n    # the [0-9]* glob pattern ensures that other paths\n    # like cpufreq or cpuidle are not matched\n    \"cpu[0-9]*\" = {\n      scaling_governor = \"powersave\";\n      energy_performance_preference = 8;\n    };\n\n    # disable frequency boost\n    intel_pstate.no_turbo = true;\n  };\n}\n"}, "loc": ["boot", "kernel", "sysfs"], "readOnly": false, "type": "open submodule of nested attribute set of null or sysfs attribute values"}, "boot.kernelModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The set of kernel modules to be loaded in the second stage of\nthe boot process.  Note that modules that are needed to\nmount the root file system should be added to\n{option}`boot.initrd.availableKernelModules` or\n{option}`boot.initrd.kernelModules`.\n\nThis can either be a list of modules, or an attrset. In an\nattrset, names that are set to `true` represent modules that will\nbe included. Note that setting these names to `false` does not\nprevent the module from being loaded. For that, use\n{option}`boot.blacklistedKernelModules`.\n\n", "loc": ["boot", "kernelModules"], "readOnly": false, "type": "(attribute set of boolean) or (list of string) convertible to it"}, "boot.kernelPackages": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linuxPackages"}, "description": "This option allows you to override the Linux kernel used by\nNixOS.  Since things like external kernel module packages are\ntied to the kernel you're using, it also overrides those.\nThis option is a function that takes Nixpkgs as an argument\n(as a convenience), and returns an attribute set containing at\nthe very least an attribute {var}`kernel`.\nAdditional attributes may be needed depending on your\nconfiguration.  For instance, if you use the NVIDIA X driver,\nthen it also needs to contain an attribute\n{var}`nvidia_x11`.\n\nPlease note that we strictly support kernel versions that are\nmaintained by the Linux developers only. More information on the\navailability of kernel versions is documented\n[in the Linux section of the manual](https://nixos.org/manual/nixos/unstable/index.html#sec-kernel-config).\n", "example": {"_type": "literalExpression", "text": "pkgs.linuxKernel.packages.linux_5_10"}, "loc": ["boot", "kernelPackages"], "readOnly": false, "type": "raw value"}, "boot.kernelParams": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Parameters added to the kernel command line.", "loc": ["boot", "kernelParams"], "readOnly": false, "type": "list of string, with spaces inside double quotes"}, "boot.kernelPatches": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of additional patches to apply to the kernel.\n\nEvery item should be an attribute set with the following attributes:\n\n```nix\n{\n  name = \"foo\";                 # descriptive name, required\n\n  patch = ./foo.patch;          # path or derivation that contains the patch source\n                                # (required, but can be null if only config changes\n                                # are needed)\n\n  structuredExtraConfig = {     # attrset of extra configuration parameters without the CONFIG_ prefix\n    FOO = lib.kernel.yes;       # (optional)\n  };                            # values should generally be lib.kernel.yes,\n                                # lib.kernel.no or lib.kernel.module\n\n  features = {                  # attrset of extra \"features\" the kernel is considered to have\n    foo = true;                 # (may be checked by other NixOS modules, optional)\n  };\n\n  extraConfig = \"FOO y\";        # extra configuration options in string form without the CONFIG_ prefix\n                                # (optional, multiple lines allowed to specify multiple options)\n                                # (deprecated, use structuredExtraConfig instead)\n}\n```\n\nThere's a small set of existing kernel patches in Nixpkgs, available as `pkgs.kernelPatches`,\nthat follow this format and can be used directly.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"foo\";\n    patch = ./foo.patch;\n    structuredExtraConfig.FOO = lib.kernel.yes;\n    features.foo = true;\n  }\n  {\n    name = \"foo-ml-mbox\";\n    patch = (fetchurl {\n      url = \"https://lore.kernel.org/lkml/19700205182810.58382-1-email@domain/t.mbox.gz\";\n      hash = \"sha256-...\";\n    });\n  }\n]\n"}, "loc": ["boot", "kernelPatches"], "readOnly": false, "type": "list of (attribute set)"}, "boot.kexec.enable": {"declarations": ["nixos/modules/system/boot/kexec.nix"], "default": {"_type": "literalExpression", "text": "lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools"}, "description": "Whether to enable kexec.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "kexec", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.efi.canTouchEfiVariables": {"declarations": ["nixos/modules/system/boot/loader/efi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the installation process is allowed to modify EFI boot variables.", "loc": ["boot", "loader", "efi", "canTouchEfiVariables"], "readOnly": false, "type": "boolean"}, "boot.loader.efi.efiSysMountPoint": {"declarations": ["nixos/modules/system/boot/loader/efi.nix"], "default": {"_type": "literalExpression", "text": "\"/boot\""}, "description": "Where the EFI System Partition is mounted.", "loc": ["boot", "loader", "efi", "efiSysMountPoint"], "readOnly": false, "type": "string"}, "boot.loader.external.enable": {"declarations": ["nixos/modules/system/boot/loader/external/external.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable using an external tool to install your bootloader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "external", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.external.installHook": {"declarations": ["nixos/modules/system/boot/loader/external/external.nix"], "description": "The full path to a program of your choosing which performs the bootloader installation process.\n\nThe program will be called with an argument pointing to the output of the system's toplevel.\n", "loc": ["boot", "loader", "external", "installHook"], "readOnly": false, "type": "absolute path"}, "boot.loader.generationsDir.copyKernels": {"declarations": ["nixos/modules/system/boot/loader/generations-dir/generations-dir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to copy the necessary boot files into /boot, so\n/nix/store is not needed by the boot loader.\n", "loc": ["boot", "loader", "generationsDir", "copyKernels"], "readOnly": false, "type": "boolean"}, "boot.loader.generationsDir.enable": {"declarations": ["nixos/modules/system/boot/loader/generations-dir/generations-dir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create symlinks to the system generations under\n`/boot`.  When enabled,\n`/boot/default/kernel`,\n`/boot/default/initrd`, etc., are updated to\npoint to the current generation's kernel image, initial RAM\ndisk, and other bootstrap files.\n\nThis optional is not necessary with boot loaders such as GNU GRUB\nfor which the menu is updated to point to the latest bootstrap\nfiles.  However, it is needed for U-Boot on platforms where the\nboot command line is stored in flash memory rather than in a\nmenu file.\n", "loc": ["boot", "loader", "generationsDir", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.generic-extlinux-compatible.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Maximum number of configurations in the boot menu.\n", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["boot", "loader", "generic-extlinux-compatible", "configurationLimit"], "readOnly": false, "type": "signed integer"}, "boot.loader.generic-extlinux-compatible.enable": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate an extlinux-compatible configuration file\nunder `/boot/extlinux.conf`.  For instance,\nU-Boot's generic distro boot support uses this file format.\n\nSee [U-boot's documentation](https://u-boot.readthedocs.io/en/latest/develop/distro.html)\nfor more information.\n", "loc": ["boot", "loader", "generic-extlinux-compatible", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.generic-extlinux-compatible.mirroredBoots": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "[\n  {\n    path = \"/boot\";\n  }\n]"}, "description": "Mirror the boot configuration to multiple paths.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    path = \"/boot1\";\n  }\n  {\n    path = \"/boot2\";\n  }\n]"}, "loc": ["boot", "loader", "generic-extlinux-compatible", "mirroredBoots"], "readOnly": false, "type": "list of (submodule)"}, "boot.loader.generic-extlinux-compatible.mirroredBoots.*.path": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "description": "The path to the boot directory where the extlinux-compatible\nconfiguration files will be written.\n", "example": {"_type": "literalExpression", "text": "\"/boot1\""}, "loc": ["boot", "loader", "generic-extlinux-compatible", "mirroredBoots", "*", "path"], "readOnly": false, "type": "string"}, "boot.loader.generic-extlinux-compatible.populateCmd": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "description": "Contains the builder command used to populate an image,\nhonoring all options except the `-c <path-to-default-configuration>`\nargument.\nUseful to have for sdImage.populateRootCommands\n", "loc": ["boot", "loader", "generic-extlinux-compatible", "populateCmd"], "readOnly": true, "type": "string"}, "boot.loader.generic-extlinux-compatible.useGenerationDeviceTree": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to generate Device Tree-related directives in the\nextlinux configuration.\n\nWhen enabled, the bootloader will attempt to load the device\ntree binaries from the generation's kernel.\n\nNote that this affects all generations, regardless of the\nsetting value used in their configurations.\n", "loc": ["boot", "loader", "generic-extlinux-compatible", "useGenerationDeviceTree"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.backgroundColor": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Background color to be used for GRUB to fill the areas the image isn't filling.\n", "example": {"_type": "literalExpression", "text": "\"#7EBAE4\""}, "loc": ["boot", "loader", "grub", "backgroundColor"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum of configurations in boot menu. GRUB has problems when\nthere are too many entries.\n", "example": {"_type": "literalExpression", "text": "120"}, "loc": ["boot", "loader", "grub", "configurationLimit"], "readOnly": false, "type": "signed integer"}, "boot.loader.grub.configurationName": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "GRUB entry name instead of default.\n", "example": {"_type": "literalExpression", "text": "\"Stable 2.6.21\""}, "loc": ["boot", "loader", "grub", "configurationName"], "readOnly": false, "type": "string"}, "boot.loader.grub.copyKernels": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the GRUB menu builder should copy kernels and initial\nramdisks to /boot.  This is done automatically if /boot is\non a different partition than /.\n", "loc": ["boot", "loader", "grub", "copyKernels"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.default": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Index of the default menu item to be booted.\nCan also be set to \"saved\", which will make GRUB select\nthe menu item that was used at the last boot.\n", "loc": ["boot", "loader", "grub", "default"], "readOnly": false, "type": "signed integer or string"}, "boot.loader.grub.device": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The device on which the GRUB boot loader will be installed.\nThe special value `nodev` means that a GRUB\nboot menu will be generated, but GRUB itself will not\nactually be installed.  To install GRUB on multiple devices,\nuse `boot.loader.grub.devices`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-id/wwn-0x500001234567890a\""}, "loc": ["boot", "loader", "grub", "device"], "readOnly": false, "type": "string"}, "boot.loader.grub.devices": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The devices on which the boot loader, GRUB, will be\ninstalled. Can be used instead of `device` to\ninstall GRUB onto multiple devices.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/disk/by-id/wwn-0x500001234567890a\"\n]"}, "loc": ["boot", "loader", "grub", "devices"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.efiInstallAsRemovable": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to invoke `grub-install` with\n`--removable`.\n\nUnless you turn this on, GRUB will install itself somewhere in\n`boot.loader.efi.efiSysMountPoint` (exactly where\ndepends on other config variables). If you've set\n`boot.loader.efi.canTouchEfiVariables` *AND* you\nare currently booted in UEFI mode, then GRUB will use\n`efibootmgr` to modify the boot order in the\nEFI variables of your firmware to include this location. If you are\n*not* booted in UEFI mode at the time GRUB is being installed, the\nNVRAM will not be modified, and your system will not find GRUB at\nboot time. However, GRUB will still return success so you may miss\nthe warning that gets printed (\"`efibootmgr: EFI variables\nare not supported on this system.`\").\n\nIf you turn this feature on, GRUB will install itself in a\nspecial location within `efiSysMountPoint` (namely\n`EFI/boot/boot$arch.efi`) which the firmwares\nare hardcoded to try first, regardless of NVRAM EFI variables.\n\nTo summarize, turn this on if:\n- You are installing NixOS and want it to boot in UEFI mode,\n  but you are currently booted in legacy mode\n- You want to make a drive that will boot regardless of\n  the NVRAM state of the computer (like a USB \"removable\" drive)\n- You simply dislike the idea of depending on NVRAM\n  state to make your drive bootable\n", "loc": ["boot", "loader", "grub", "efiInstallAsRemovable"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.efiSupport": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether GRUB should be built with EFI support.\n", "loc": ["boot", "loader", "grub", "efiSupport"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.enable": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.isContainer"}, "description": "Whether to enable the GNU GRUB boot loader.\n", "loc": ["boot", "loader", "grub", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.enableCryptodisk": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for encrypted partitions. GRUB should automatically\nunlock the correct encrypted partition and look for filesystems.\n", "loc": ["boot", "loader", "grub", "enableCryptodisk"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.entryOptions": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"--class nixos --unrestricted\""}, "description": "Options applied to the primary NixOS menu entry.\n", "loc": ["boot", "loader", "grub", "entryOptions"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.extraConfig": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional GRUB commands inserted in the configuration file\njust before the menu entries.\n", "example": {"_type": "literalExpression", "text": "''\n  serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1\n  terminal_input --append serial\n  terminal_output --append serial\n''"}, "loc": ["boot", "loader", "grub", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraEntries": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional entries you want added to the GRUB boot menu.\n", "example": {"_type": "literalExpression", "text": "''\n  # GRUB 2 example\n  menuentry \"Windows 7\" {\n    chainloader (hd0,4)+1\n  }\n  \n  # GRUB 2 with UEFI example, chainloading another distro\n  menuentry \"Fedora\" {\n    set root=(hd1,1)\n    chainloader /efi/fedora/grubx64.efi\n  }\n''"}, "loc": ["boot", "loader", "grub", "extraEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraEntriesBeforeNixOS": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether extraEntries are included before the default option.\n", "loc": ["boot", "loader", "grub", "extraEntriesBeforeNixOS"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.extraFiles": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of files to be copied to {file}`/boot`.\nEach attribute name denotes the destination file name in\n{file}`/boot`, while the corresponding\nattribute value specifies the source file.\n", "example": {"_type": "literalExpression", "text": "{ \"memtest.bin\" = pkgs.memtest86plus.efi; }\n"}, "loc": ["boot", "loader", "grub", "extraFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "boot.loader.grub.extraGrubInstallArgs": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments passed to `grub-install`.\n\nA use case for this is to build specific GRUB2 modules\ndirectly into the GRUB2 kernel image, so that they are available\nand activated even in the `grub rescue` shell.\n\nThey are also necessary when the BIOS/UEFI is bugged and cannot\ncorrectly read large disks (e.g. above 2 TB), so GRUB2's own\n`nativedisk` and related modules can be used\nto use its own disk drivers. The example shows one such case.\nThis is also useful for booting from USB.\nSee the\n[\nGRUB source code\n](https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326)\nfor which disk modules are available.\n\nThe list elements are passed directly as `argv`\narguments to the `grub-install` program, in order.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2\"\n]"}, "loc": ["boot", "loader", "grub", "extraGrubInstallArgs"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.extraInstallCommands": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell commands inserted in the bootloader installer\nscript after generating menu entries.\n", "example": {"_type": "literalExpression", "text": "''\n  # the example below generates detached signatures that GRUB can verify\n  # https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures\n  ''${pkgs.findutils}/bin/find /boot -not -path \"/boot/efi/*\" -type f -name '*.sig' -delete\n  old_gpg_home=$GNUPGHOME\n  export GNUPGHOME=\"$(mktemp -d)\"\n  ''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1\n  ''${pkgs.findutils}/bin/find /boot -not -path \"/boot/efi/*\" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign \"{}\" \\; > /dev/null 2>&1\n  rm -rf $GNUPGHOME\n  export GNUPGHOME=$old_gpg_home\n''"}, "loc": ["boot", "loader", "grub", "extraInstallCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraPerEntryConfig": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional GRUB commands inserted in the configuration file\nat the start of each NixOS menu entry.\n", "example": {"_type": "literalExpression", "text": "\"root (hd0)\""}, "loc": ["boot", "loader", "grub", "extraPerEntryConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraPrepareConfig": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional bash commands to be run at the script that\nprepares the GRUB menu entries.\n", "loc": ["boot", "loader", "grub", "extraPrepareConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.font": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.grub2}/share/grub/unicode.pf2\""}, "description": "Path to a TrueType, OpenType, or pf2 font to be used by Grub.\n", "loc": ["boot", "loader", "grub", "font"], "readOnly": false, "type": "null or absolute path"}, "boot.loader.grub.fontSize": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Font size for the grub menu. Ignored unless `font`\nis set to a ttf or otf font.\n", "example": {"_type": "literalExpression", "text": "16"}, "loc": ["boot", "loader", "grub", "fontSize"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.grub.forceInstall": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to try and forcibly install GRUB even if problems are\ndetected. It is not recommended to enable this unless you know what\nyou are doing.\n", "loc": ["boot", "loader", "grub", "forceInstall"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.forcei686": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to force the use of a ia32 boot loader on x64 systems. Required\nto install and run NixOS on 64bit x86 systems with 32bit (U)EFI.\n", "loc": ["boot", "loader", "grub", "forcei686"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.fsIdentifier": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"uuid\""}, "description": "Determines how GRUB will identify devices when generating the\nconfiguration file. A value of uuid / label signifies that grub\nwill always resolve the uuid or label of the device before using\nit in the configuration. A value of provided means that GRUB will\nuse the device name as show in {command}`df` or\n{command}`mount`. Note, zfs zpools / datasets are ignored\nand will always be mounted using their labels.\n", "loc": ["boot", "loader", "grub", "fsIdentifier"], "readOnly": false, "type": "one of \"uuid\", \"label\", \"provided\""}, "boot.loader.grub.gfxmodeBios": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"1024x768\""}, "description": "The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.\n", "example": {"_type": "literalExpression", "text": "\"auto\""}, "loc": ["boot", "loader", "grub", "gfxmodeBios"], "readOnly": false, "type": "string"}, "boot.loader.grub.gfxmodeEfi": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.\n", "example": {"_type": "literalExpression", "text": "\"1024x768\""}, "loc": ["boot", "loader", "grub", "gfxmodeEfi"], "readOnly": false, "type": "string"}, "boot.loader.grub.gfxpayloadBios": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"text\""}, "description": "The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.\n", "example": {"_type": "literalExpression", "text": "\"keep\""}, "loc": ["boot", "loader", "grub", "gfxpayloadBios"], "readOnly": false, "type": "string"}, "boot.loader.grub.gfxpayloadEfi": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"keep\""}, "description": "The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.\n", "example": {"_type": "literalExpression", "text": "\"text\""}, "loc": ["boot", "loader", "grub", "gfxpayloadEfi"], "readOnly": false, "type": "string"}, "boot.loader.grub.ipxe": {"declarations": ["nixos/modules/system/boot/loader/grub/ipxe.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of iPXE scripts available for\nbooting from the GRUB boot menu.\n", "example": {"_type": "literalExpression", "text": "{ demo = ''\n    #!ipxe\n    dhcp\n    chain http://boot.ipxe.org/demo/boot.php\n  '';\n}\n"}, "loc": ["boot", "loader", "grub", "ipxe"], "readOnly": false, "type": "attribute set of (absolute path or string)"}, "boot.loader.grub.memtest86.enable": {"declarations": ["nixos/modules/system/boot/loader/grub/memtest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make Memtest86+, a memory testing program, available from the GRUB\nboot menu.\n", "loc": ["boot", "loader", "grub", "memtest86", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.memtest86.params": {"declarations": ["nixos/modules/system/boot/loader/grub/memtest.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Parameters added to the Memtest86+ command line. As of memtest86+ 5.01\nthe following list of (apparently undocumented) parameters are\naccepted:\n\n- `console=...`, set up a serial console.\n  Examples:\n  `console=ttyS0`,\n  `console=ttyS0,9600` or\n  `console=ttyS0,115200n8`.\n\n- `btrace`, enable boot trace.\n\n- `maxcpus=N`, limit number of CPUs.\n\n- `onepass`, run one pass and exit if there\n  are no errors.\n\n- `tstlist=...`, list of tests to run.\n  Example: `0,1,2`.\n\n- `cpumask=...`, set a CPU mask, to select CPUs\n  to use for testing.\n\nThis list of command line options was obtained by reading the\nMemtest86+ source code.\n", "example": {"_type": "literalExpression", "text": "[\n  \"console=ttyS0,115200\"\n]"}, "loc": ["boot", "loader", "grub", "memtest86", "params"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.mirroredBoots": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mirror the boot configuration to multiple partitions and install grub\nto the respective devices corresponding to those partitions.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    devices = [\n      \"/dev/disk/by-id/wwn-0x500001234567890a\"\n    ];\n    path = \"/boot1\";\n  }\n  {\n    devices = [\n      \"/dev/disk/by-id/wwn-0x500009876543210a\"\n    ];\n    path = \"/boot2\";\n  }\n]"}, "loc": ["boot", "loader", "grub", "mirroredBoots"], "readOnly": false, "type": "list of (submodule)"}, "boot.loader.grub.mirroredBoots.*.devices": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The path to the devices which will have the GRUB MBR written.\nNote these are typically device paths and not paths to partitions.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/disk/by-id/wwn-0x500001234567890a\"\n  \"/dev/disk/by-id/wwn-0x500009876543210a\"\n]"}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "devices"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.mirroredBoots.*.efiBootloaderId": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The id of the bootloader to store in efi nvram.\nThe default is to name it NixOS and append the path or efiSysMountPoint.\nThis is only used if `boot.loader.efi.canTouchEfiVariables` is true.\n", "example": {"_type": "literalExpression", "text": "\"NixOS-fsid\""}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "efiBootloaderId"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.mirroredBoots.*.efiSysMountPoint": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the efi system mount point. Usually this is the same\npartition as the above path and can be left as null.\n", "example": {"_type": "literalExpression", "text": "\"/boot1/efi\""}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "efiSysMountPoint"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.mirroredBoots.*.path": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "description": "The path to the boot directory where GRUB will be written. Generally\nthis boot path should double as an EFI path.\n", "example": {"_type": "literalExpression", "text": "\"/boot1\""}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "path"], "readOnly": false, "type": "string"}, "boot.loader.grub.splashImage": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "description": "Background image used for GRUB.\nSet to `null` to run GRUB in text mode.\n\n::: {.note}\nFile must be one of .png, .tga, .jpg, or .jpeg. JPEG images must\nnot be progressive.\nThe image will be scaled if necessary to fit the screen.\n:::\n", "example": {"_type": "literalExpression", "text": "./my-background.png"}, "loc": ["boot", "loader", "grub", "splashImage"], "readOnly": false, "type": "null or absolute path"}, "boot.loader.grub.splashMode": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"stretch\""}, "description": "Whether to stretch the image or show the image in the top-left corner unstretched.\n", "loc": ["boot", "loader", "grub", "splashMode"], "readOnly": false, "type": "one of \"normal\", \"stretch\""}, "boot.loader.grub.storePath": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/store\""}, "description": "Path to the Nix store when looking for kernels at boot.\nOnly makes sense when copyKernels is false.\n", "loc": ["boot", "loader", "grub", "storePath"], "readOnly": false, "type": "string"}, "boot.loader.grub.subEntryOptions": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"--class nixos\""}, "description": "Options applied to the secondary NixOS submenu entry.\n", "loc": ["boot", "loader", "grub", "subEntryOptions"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.theme": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the grub theme to be used.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.kdePackages.breeze-grub}/grub/themes/breeze\""}, "loc": ["boot", "loader", "grub", "theme"], "readOnly": false, "type": "null or absolute path"}, "boot.loader.grub.timeoutStyle": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"menu\""}, "description": " - `menu` shows the menu.\n - `countdown` uses a text-mode countdown.\n - `hidden` hides GRUB entirely.\n\nWhen using a theme, the default value (`menu`) is appropriate for the graphical countdown.\n\nWhen attempting to do flicker-free boot, `hidden` should be used.\n\nSee the [GRUB documentation section about `timeout_style`](https://www.gnu.org/software/grub/manual/grub/html_node/timeout.html).\n\n::: {.note}\nIf this option is set to \u2018countdown\u2019 or \u2018hidden\u2019 [...] and ESC or F4 are pressed, or SHIFT is held down during that time, it will display the menu and wait for input.\n:::\n\nFrom: [Simple configuration handling page, under GRUB_TIMEOUT_STYLE](https://www.gnu.org/software/grub/manual/grub/html_node/Simple-configuration.html).\n", "loc": ["boot", "loader", "grub", "timeoutStyle"], "readOnly": false, "type": "one of \"menu\", \"countdown\", \"hidden\""}, "boot.loader.grub.useOSProber": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to true, append entries for other OSs detected by os-prober.\n", "loc": ["boot", "loader", "grub", "useOSProber"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.users": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "User accounts for GRUB. When specified, the GRUB command line and\nall boot options except the default are password-protected.\nAll passwords and hashes provided will be stored in /boot/grub/grub.cfg,\nand will be visible to any local user who can read this file. Additionally,\nany passwords and hashes provided directly in a Nix configuration\n(as opposed to external files) will be copied into the Nix store, and\nwill be visible to all local users.\n", "example": {"_type": "literalExpression", "text": "{\n  root = {\n    hashedPasswordFile = \"/path/to/file\";\n  };\n}"}, "loc": ["boot", "loader", "grub", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.loader.grub.users.<name>.hashedPassword": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the password hash for the account,\ngenerated with grub-mkpasswd-pbkdf2.\nThis hash will be copied to the Nix store, and will be visible to all local users.\n", "example": {"_type": "literalExpression", "text": "\"grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355\""}, "loc": ["boot", "loader", "grub", "users", "<name>", "hashedPassword"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.users.<name>.hashedPasswordFile": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the path to a file containing the password hash\nfor the account, generated with grub-mkpasswd-pbkdf2.\nThis hash will be stored in /boot/grub/grub.cfg, and will\nbe visible to any local user who can read this file.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["boot", "loader", "grub", "users", "<name>", "hashedPasswordFile"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.users.<name>.password": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the clear text password for the account.\nThis password will be copied to the Nix store, and will be visible to all local users.\n", "example": {"_type": "literalExpression", "text": "\"Pa$$w0rd!\""}, "loc": ["boot", "loader", "grub", "users", "<name>", "password"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.users.<name>.passwordFile": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the path to a file containing the\nclear text password for the account.\nThis password will be stored in /boot/grub/grub.cfg, and will\nbe visible to any local user who can read this file.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["boot", "loader", "grub", "users", "<name>", "passwordFile"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.zfsSupport": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether GRUB should be built against libzfs.\n", "loc": ["boot", "loader", "grub", "zfsSupport"], "readOnly": false, "type": "boolean"}, "boot.loader.initScript.enable": {"declarations": ["nixos/modules/system/boot/loader/init-script/init-script.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Some systems require a /sbin/init script which is started.\nOr having it makes starting NixOS easier.\nThis applies to some kind of hosting services and user mode linux.\n\nAdditionally this script will create\n/boot/init-other-configurations-contents.txt containing\ncontents of remaining configurations. You can copy paste them into\n/sbin/init manually running a rescue system or such.\n", "loc": ["boot", "loader", "initScript", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.additionalFiles": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of files to be copied to {file}`/boot`. Each attribute name denotes the\ndestination file name in {file}`/boot`, while the corresponding attribute value\nspecifies the source file.\n", "example": {"_type": "literalExpression", "text": "{ \"efi/memtest86/memtest86.efi\" = \"${pkgs.memtest86-efi}/BOOTX64.efi\"; }\n"}, "loc": ["boot", "loader", "limine", "additionalFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "boot.loader.limine.biosDevice": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "\"nodev\""}, "description": "Device to install the BIOS version of limine on.\n", "loc": ["boot", "loader", "limine", "biosDevice"], "readOnly": false, "type": "string"}, "boot.loader.limine.biosSupport": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.loader.limine.efiSupport && pkgs.stdenv.hostPlatform.isx86"}, "description": "Whether or not to install limine for BIOS.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "biosSupport"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.efiInstallAsRemovable": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.loader.efi.canTouchEfiVariables"}, "description": "Whether or not to install the limine EFI files as removable.\n\nSee {option}`boot.loader.grub.efiInstallAsRemovable`\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "efiInstallAsRemovable"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.efiSupport": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stdenv.hostPlatform.isEfi"}, "description": "Whether or not to install the limine EFI files.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "efiSupport"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.enable": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Limine Bootloader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.enableEditor": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow editing the boot entries before booting them.\nIt is recommended to set this to false, as it allows gaining root\naccess by passing `init=/bin/sh` as a kernel parameter.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "enableEditor"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.enrollConfig": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "boot.loader.limine.panicOnChecksumMismatch"}, "description": "Whether or not to enroll the config.\nOnly works on EFI!\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "enrollConfig"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.extraConfig": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A string which is prepended to limine.conf. The config format can be found [here](https://github.com/limine-bootloader/limine/blob/trunk/CONFIG.md).\n", "example": {"_type": "literalExpression", "text": "serial: yes\n"}, "loc": ["boot", "loader", "limine", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.limine.extraEntries": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A string which is appended to the end of limine.conf. The config format can be found [here](https://github.com/limine-bootloader/limine/blob/trunk/CONFIG.md).\n", "example": {"_type": "literalExpression", "text": "/memtest86\n  protocol: chainload\n  path: boot():///efi/memtest86/memtest86.efi\n"}, "loc": ["boot", "loader", "limine", "extraEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.limine.force": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force installation even if the safety checks fail, use absolutely only if necessary!\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "force"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.maxGenerations": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of latest generations in the boot menu.\nUseful to prevent boot partition of running out of disk space.\n`null` means no limit i.e. all generations that were not\ngarbage collected yet.\n", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["boot", "loader", "limine", "maxGenerations"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.limine.package": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "pkgs.limine"}, "description": "The limine package to use.", "loc": ["boot", "loader", "limine", "package"], "readOnly": false, "type": "package"}, "boot.loader.limine.panicOnChecksumMismatch": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not checksum validation failure should be a fatal\nerror at boot time.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "panicOnChecksumMismatch"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.partitionIndex": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The 1-based index of the dedicated partition for limine's second stage.\n", "loc": ["boot", "loader", "limine", "partitionIndex"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.limine.resolution": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The framebuffer resolution to set when booting Linux entries.\nThis controls the GOP mode that Limine sets before handing off to the kernel,\nwhich affects early boot graphics (e.g., simpledrm, efifb).\n\nFormat: `<width>x<height>` or `<width>x<height>x<bpp>`.\nIf bpp is omitted, defaults to 32.\n\nNote: Refresh rate is not supported because the UEFI GOP protocol only\ndefines framebuffer dimensions and pixel format, not display timing.\nRefresh rate is determined later by the GPU driver based on EDID.\n\nThis is distinct from {option}`boot.loader.limine.style.interface.resolution`\nwhich only affects the Limine bootloader's own menu interface.\n", "example": {"_type": "literalExpression", "text": "\"1920x1080x32\""}, "loc": ["boot", "loader", "limine", "resolution"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.secureBoot.enable": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use sign the limine binary with sbctl.\n\n::: {.note}\nThis requires you to already have generated the keys and enrolled them with {command}`sbctl`.\n\nTo create keys use {command}`sbctl create-keys`.\n\nTo enroll them first reset secure boot to \"Setup Mode\". This is device specific.\nThen enroll them using {command}`sbctl enroll-keys -m -f`.\n\nYou can now rebuild your system with this option enabled.\n\nAfterwards turn setup mode off and enable secure boot.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "secureBoot", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.secureBoot.sbctl": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sbctl"}, "description": "The sbctl package to use.", "loc": ["boot", "loader", "limine", "secureBoot", "sbctl"], "readOnly": false, "type": "package"}, "boot.loader.limine.style.backdrop": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Color to fill the rest of the screen with when wallpaper_style is centered in RRGGBB format.\n", "example": {"_type": "literalExpression", "text": "\"7EBAE4\""}, "loc": ["boot", "loader", "limine", "style", "backdrop"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.background": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text background color (TTRRGGBB). TT is transparency.\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "background"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.brightBackground": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text background bright color (RRGGBB).\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "brightBackground"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.brightForeground": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text foreground bright color (RRGGBB).\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "brightForeground"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.brightPalette": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A ; seperated array of 8 colors in the format RRGGBB:\ndark gray, bright red, bright green, yellow, bright blue, bright magenta, bright cyan, and white.\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "brightPalette"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.font.scale": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The scale of the font in the format <width>x<height>.\n", "example": {"_type": "literalExpression", "text": "2x2"}, "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "font", "scale"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.font.spacing": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The horizontal spacing between characters in pixels.\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "font", "spacing"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.limine.style.graphicalTerminal.foreground": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text foreground color (RRGGBB).\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "foreground"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.graphicalTerminal.margin": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The amount of margin around the terminal.\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "margin"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.limine.style.graphicalTerminal.marginGradient": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The thickness in pixels for the margin around the terminal.\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "marginGradient"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.limine.style.graphicalTerminal.palette": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A ; seperated array of 8 colors in the format RRGGBB:\nblack, red, green, brown, blue, magenta, cyan, and gray.\n", "loc": ["boot", "loader", "limine", "style", "graphicalTerminal", "palette"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.interface.branding": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The title at the top of the screen.\n", "loc": ["boot", "loader", "limine", "style", "interface", "branding"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.interface.brandingColor": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Color index of the title at the top of the screen in the range of 0-7 (Limine defaults to 6 (cyan)).\n", "loc": ["boot", "loader", "limine", "style", "interface", "brandingColor"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.limine.style.interface.helpHidden": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to hide the keybinds at the top of the screen.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "style", "interface", "helpHidden"], "readOnly": false, "type": "boolean"}, "boot.loader.limine.style.interface.resolution": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The resolution of the interface.\n", "loc": ["boot", "loader", "limine", "style", "interface", "resolution"], "readOnly": false, "type": "null or string"}, "boot.loader.limine.style.wallpaperStyle": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "\"stretched\""}, "description": "How the wallpaper should be fit to the screen.\n", "loc": ["boot", "loader", "limine", "style", "wallpaperStyle"], "readOnly": false, "type": "one of \"centered\", \"stretched\", \"tiled\""}, "boot.loader.limine.style.wallpapers": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of wallpapers.\nIf more than one is specified, a random one will be selected at boot.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader.gnomeFilePath ]"}, "loc": ["boot", "loader", "limine", "style", "wallpapers"], "readOnly": false, "type": "list of absolute path"}, "boot.loader.limine.validateChecksums": {"declarations": ["nixos/modules/system/boot/loader/limine/limine.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to validate file checksums before booting.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "limine", "validateChecksums"], "readOnly": false, "type": "boolean"}, "boot.loader.refind.additionalFiles": {"declarations": ["nixos/modules/system/boot/loader/refind/refind.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of files to be copied to {file}`/boot`. Each attribute name denotes the\ndestination file name in {file}`/boot`, while the corresponding attribute value\nspecifies the source file.\n", "example": {"_type": "literalExpression", "text": "{ \"efi/memtest86/memtest86.efi\" = \"${pkgs.memtest86-efi}/BOOTX64.efi\"; }\n"}, "loc": ["boot", "loader", "refind", "additionalFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "boot.loader.refind.efiInstallAsRemovable": {"declarations": ["nixos/modules/system/boot/loader/refind/refind.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.loader.efi.canTouchEfiVariables"}, "description": "Whether or not to install the rEFInd EFI files as removable.\n\nSee {option}`boot.loader.grub.efiInstallAsRemovable`\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "refind", "efiInstallAsRemovable"], "readOnly": false, "type": "boolean"}, "boot.loader.refind.enable": {"declarations": ["nixos/modules/system/boot/loader/refind/refind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the rEFInd boot loader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "refind", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.refind.extraConfig": {"declarations": ["nixos/modules/system/boot/loader/refind/refind.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A string which is prepended to refind.conf.\n", "loc": ["boot", "loader", "refind", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.refind.maxGenerations": {"declarations": ["nixos/modules/system/boot/loader/refind/refind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of latest generations in the boot menu.\nUseful to prevent boot partition of running out of disk space.\n`null` means no limit i.e. all generations that were not\ngarbage collected yet.\n", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["boot", "loader", "refind", "maxGenerations"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.refind.package": {"declarations": ["nixos/modules/system/boot/loader/refind/refind.nix"], "default": {"_type": "literalExpression", "text": "pkgs.refind"}, "description": "The refind package to use.", "loc": ["boot", "loader", "refind", "package"], "readOnly": false, "type": "package"}, "boot.loader.systemd-boot.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of latest generations in the boot menu.\nUseful to prevent boot partition running out of disk space.\n\n`null` means no limit i.e. all generations\nthat have not been garbage collected yet.\n", "example": {"_type": "literalExpression", "text": "120"}, "loc": ["boot", "loader", "systemd-boot", "configurationLimit"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.systemd-boot.consoleMode": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"keep\""}, "description": "The resolution of the console. The following values are valid:\n\n- `\"0\"`: Standard UEFI 80x25 mode\n- `\"1\"`: 80x50 mode, not supported by all devices\n- `\"2\"`: The first non-standard mode provided by the device firmware, if any\n- `\"5\"`: Applicable for SteamDeck where this mode represent horizontal mode\n- `\"auto\"`: Pick a suitable mode automatically using heuristics\n- `\"max\"`: Pick the highest-numbered available mode\n- `\"keep\"`: Keep the mode selected by firmware (the default)\n", "loc": ["boot", "loader", "systemd-boot", "consoleMode"], "readOnly": false, "type": "one of \"0\", \"1\", \"2\", \"5\", \"auto\", \"max\", \"keep\""}, "boot.loader.systemd-boot.editor": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to allow editing the kernel command-line before\nboot. It is recommended to set this to false, as it allows\ngaining root access by passing init=/bin/sh as a kernel\nparameter. However, it is enabled by default for backwards\ncompatibility.\n", "loc": ["boot", "loader", "systemd-boot", "editor"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.edk2-uefi-shell.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make the EDK2 UEFI Shell available from the systemd-boot menu.\nIt can be used to manually boot other operating systems or for debugging.\n", "loc": ["boot", "loader", "systemd-boot", "edk2-uefi-shell", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.edk2-uefi-shell.sortKey": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"o_edk2-uefi-shell\""}, "description": "`systemd-boot` orders the menu entries by their sort keys,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n\nSee also {option}`boot.loader.systemd-boot.sortKey`..\n", "loc": ["boot", "loader", "systemd-boot", "edk2-uefi-shell", "sortKey"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager.\nFor more information about systemd-boot:\n<https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/>\n", "loc": ["boot", "loader", "systemd-boot", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.extraEntries": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Any additional entries you want added to the `systemd-boot` menu.\nThese entries will be copied to {file}`$BOOT/loader/entries`.\nEach attribute name denotes the destination file name,\nand the corresponding attribute value is the contents of the entry.\n\nTo control the ordering of the entry in the boot menu, use the sort-key\nfield, see\n<https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting>\nand {option}`boot.loader.systemd-boot.sortKey`.\n", "example": {"_type": "literalExpression", "text": "{ \"memtest86.conf\" = ''\n  title Memtest86+\n  efi /efi/memtest86/memtest.efi\n  sort-key z_memtest\n''; }\n"}, "loc": ["boot", "loader", "systemd-boot", "extraEntries"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "boot.loader.systemd-boot.extraFiles": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of files to be copied to {file}`$BOOT`.\nEach attribute name denotes the destination file name in\n{file}`$BOOT`, while the corresponding\nattribute value specifies the source file.\n", "example": {"_type": "literalExpression", "text": "{ \"efi/memtest86/memtest.efi\" = pkgs.memtest86plus.efi; }\n"}, "loc": ["boot", "loader", "systemd-boot", "extraFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "boot.loader.systemd-boot.extraInstallCommands": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell commands inserted in the bootloader installer\nscript after generating menu entries. It can be used to expand\non extra boot entries that cannot incorporate certain pieces of\ninformation (such as the resulting `init=` kernel parameter).\n", "example": {"_type": "literalExpression", "text": "''\n  default_cfg=$(cat /boot/loader/loader.conf | grep default | awk '{print $2}')\n  init_value=$(cat /boot/loader/entries/$default_cfg | grep init= | awk '{print $2}')\n  sed -i \"s|@INIT@|$init_value|g\" /boot/custom/config_with_placeholder.conf\n''"}, "loc": ["boot", "loader", "systemd-boot", "extraInstallCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.systemd-boot.graceful": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Invoke `bootctl install` with the `--graceful` option,\nwhich ignores errors when EFI variables cannot be written or when the EFI System Partition\ncannot be found. Currently only applies to random seed operations.\n\nOnly enable this option if `systemd-boot` otherwise fails to install, as the\nscope or implication of the `--graceful` option may change in the future.\n", "loc": ["boot", "loader", "systemd-boot", "graceful"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.installDeviceTree": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"with config.hardware.deviceTree; enable && name != null\""}, "description": "Install the devicetree blob specified by `config.hardware.deviceTree.name`\nto the ESP and instruct systemd-boot to pass this DTB to linux.\n", "loc": ["boot", "loader", "systemd-boot", "installDeviceTree"], "readOnly": false, "type": "unspecified value"}, "boot.loader.systemd-boot.memtest86.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make Memtest86+ available from the systemd-boot menu. Memtest86+ is a\nprogram for testing memory.\n", "loc": ["boot", "loader", "systemd-boot", "memtest86", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.memtest86.sortKey": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"o_memtest86\""}, "description": "`systemd-boot` orders the menu entries by their sort keys,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n\nSee also {option}`boot.loader.systemd-boot.sortKey`.\n", "loc": ["boot", "loader", "systemd-boot", "memtest86", "sortKey"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.netbootxyz.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make `netboot.xyz` available from the\n`systemd-boot` menu. `netboot.xyz`\nis a menu system that allows you to boot OS installers and\nutilities over the network.\n", "loc": ["boot", "loader", "systemd-boot", "netbootxyz", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.netbootxyz.sortKey": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"o_netbootxyz\""}, "description": "`systemd-boot` orders the menu entries by their sort keys,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n\nSee also {option}`boot.loader.systemd-boot.sortKey`.\n", "loc": ["boot", "loader", "systemd-boot", "netbootxyz", "sortKey"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.rebootForBitlocker": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable *EXPERIMENTAL* BitLocker support.\n\nTry to detect BitLocker encrypted drives along with an active\nTPM. If both are found and Windows Boot Manager is selected in\nthe boot menu, set the \"BootNext\" EFI variable and restart the\nsystem. The firmware will then start Windows Boot Manager\ndirectly, leaving the TPM PCRs in expected states so that\nWindows can unseal the encryption key.\n", "loc": ["boot", "loader", "systemd-boot", "rebootForBitlocker"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.sortKey": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"nixos\""}, "description": "The sort key used for the NixOS bootloader entries.\nThis key determines sorting relative to non-NixOS entries.\nSee also <https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting>\n\nThis option can also be used to control the sorting of NixOS specialisations.\n\nBy default, specialisations inherit the sort key of their parent generation\nand will have the same value for both the sort-key and the version (i.e. the generation number),\nsystemd-boot will therefore sort them based on their file name, meaning that\nin your boot menu you will have each main generation directly followed by\nits specialisations sorted alphabetically by their names.\n\nIf you want a different ordering for a specialisation, you can override\nits sort-key which will cause the specialisation to be uncoupled from its\nparent generation. It will then be sorted by its new sort-key just like\nany other boot entry.\n\nThe sort-key is stored in the generation's bootspec, which means that\ngenerations keep their sort-keys even if the original definition of the\ngeneration was removed from the NixOS configuration.\nIt also means that updating the sort-key will only affect new generations,\nwhile old ones will keep the sort-key that they were originally built with.\n", "loc": ["boot", "loader", "systemd-boot", "sortKey"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.windows": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Make Windows bootable from systemd-boot. This option is not necessary when Windows and\nNixOS use the same EFI System Partition (ESP). In that case, Windows will automatically be\ndetected by systemd-boot.\n\nHowever, if Windows is installed on a separate drive or ESP, you can use this option to add\na menu entry for each installation manually.\n\nThe attribute name is used for the title of the menu entry and internal file names.\n", "example": {"_type": "literalExpression", "text": "{\n  \"10\".efiDeviceHandle = \"HD0c3\";\n  \"11-ame\" = {\n    title = \"Windows 11 Ameliorated Edition\";\n    efiDeviceHandle = \"HD0b1\";\n  };\n  \"11-home\" = {\n    title = \"Windows 11 Home\";\n    efiDeviceHandle = \"FS1\";\n    sortKey = \"z_windows\";\n  };\n}\n"}, "loc": ["boot", "loader", "systemd-boot", "windows"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.loader.systemd-boot.windows.<name>.efiDeviceHandle": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "description": "The device handle of the EFI System Partition (ESP) where the Windows bootloader is\nlocated. This is the device handle that the EDK2 UEFI Shell uses to load the\nbootloader.\n\nTo find this handle, follow these steps:\n1. Set {option}`boot.loader.systemd-boot.edk2-uefi-shell.enable` to `true`\n2. Run `nixos-rebuild boot`\n3. Reboot and select \"EDK2 UEFI Shell\" from the systemd-boot menu\n4. Run `map -c` to list all consistent device handles\n5. For each device handle (for example, `HD0c1`), run `ls HD0c1:\\EFI`\n6. If the output contains the directory `Microsoft`, you might have found the correct device handle\n7. Run `HD0c1:\\EFI\\Microsoft\\Boot\\Bootmgfw.efi` to check if Windows boots correctly\n8. If it does, this device handle is the one you need (in this example, `HD0c1`)\n\nThis option is required, there is no useful default.\n", "example": {"_type": "literalExpression", "text": "\"HD1b3\""}, "loc": ["boot", "loader", "systemd-boot", "windows", "<name>", "efiDeviceHandle"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.windows.<name>.sortKey": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"attribute name of this entry, prefixed with \\\"o_windows_\\\"\""}, "description": "`systemd-boot` orders the menu entries by their sort keys,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n\nSee also {option}`boot.loader.systemd-boot.sortKey`..\n", "loc": ["boot", "loader", "systemd-boot", "windows", "<name>", "sortKey"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.windows.<name>.title": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"attribute name of this entry, prefixed with \\\"Windows \\\"\""}, "description": "The title of the boot menu entry.\n", "example": {"_type": "literalExpression", "text": "\"Michaelsoft Binbows\""}, "loc": ["boot", "loader", "systemd-boot", "windows", "<name>", "title"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.xbootldrMountPoint": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Where the XBOOTLDR partition is mounted.\n\nIf set, this partition will be used as $BOOT to store boot loader entries and extra files\ninstead of the EFI partition. As per the bootloader specification, it is recommended that\nthe EFI and XBOOTLDR partitions be mounted at `/efi` and `/boot`, respectively.\n", "loc": ["boot", "loader", "systemd-boot", "xbootldrMountPoint"], "readOnly": false, "type": "null or string"}, "boot.loader.timeout": {"declarations": ["nixos/modules/system/boot/loader/loader.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.\n", "loc": ["boot", "loader", "timeout"], "readOnly": false, "type": "null or signed integer"}, "boot.modprobeConfig.enable": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable modprobe config. This is useful for systems like containers which do not require a kernel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "modprobeConfig", "enable"], "readOnly": false, "type": "boolean"}, "boot.modprobeConfig.useUbuntuModuleBlacklist": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Ubuntu distro's module blacklist.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "modprobeConfig", "useUbuntuModuleBlacklist"], "readOnly": false, "type": "boolean"}, "boot.nixStoreMountOpts": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"ro\"\n  \"nodev\"\n  \"nosuid\"\n]"}, "description": "Defines the mount options used on a bind mount for the {file}`/nix/store`.\nThis affects the whole system except the nix store daemon, which will undo the bind mount.\n\n`ro` enforces immutability of the Nix store.\nThe store daemon should already not put device mappers or suid binaries in the store,\nmeaning `nosuid` and `nodev` enforce what should already be the case.\n", "loc": ["boot", "nixStoreMountOpts"], "readOnly": false, "type": "list of non-empty string"}, "boot.plymouth.enable": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Plymouth boot splash screen.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "plymouth", "enable"], "readOnly": false, "type": "boolean"}, "boot.plymouth.extraConfig": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Literal string to append to `configFile`\nand the config file generated by the plymouth module.\n", "loc": ["boot", "plymouth", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.plymouth.font": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf\""}, "description": "Font file made available for displaying text on the splash screen.\n", "loc": ["boot", "plymouth", "font"], "readOnly": false, "type": "absolute path"}, "boot.plymouth.logo": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png\""}, "description": "Logo which is displayed on the splash screen.\nCurrently supports PNG file format only.\n", "example": {"_type": "literalExpression", "text": "pkgs.fetchurl {\n  url = \"https://nixos.org/logo/nixos-hires.png\";\n  sha256 = \"1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si\";\n}\n"}, "loc": ["boot", "plymouth", "logo"], "readOnly": false, "type": "absolute path"}, "boot.plymouth.package": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "pkgs.plymouth.override {\n  systemd = config.boot.initrd.systemd.package;\n}\n"}, "description": "The plymouth package to use.", "loc": ["boot", "plymouth", "package"], "readOnly": false, "type": "package"}, "boot.plymouth.theme": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"bgrt\""}, "description": "Splash screen theme.\n", "loc": ["boot", "plymouth", "theme"], "readOnly": false, "type": "string"}, "boot.plymouth.themePackages": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalMD", "text": "A NixOS branded variant of the breeze theme when\n`config.boot.plymouth.theme == \"breeze\"`, otherwise\n`[ ]`.\n"}, "description": "Extra theme packages for plymouth.\n", "loc": ["boot", "plymouth", "themePackages"], "readOnly": false, "type": "list of package"}, "boot.plymouth.tpm2-totp.enable": {"declarations": ["nixos/modules/system/boot/plymouth-tpm2-totp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to display a TOTP during boot using tpm2-totp and Plymouth.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "plymouth", "tpm2-totp", "enable"], "readOnly": false, "type": "boolean"}, "boot.plymouth.tpm2-totp.package": {"declarations": ["nixos/modules/system/boot/plymouth-tpm2-totp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tpm2-totp-with-plymouth"}, "description": "The tpm2-totp package to use.", "loc": ["boot", "plymouth", "tpm2-totp", "package"], "readOnly": false, "type": "package"}, "boot.postBootCommands": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed just before systemd is started.\n", "example": {"_type": "literalExpression", "text": "\"rm -f /var/log/messages\""}, "loc": ["boot", "postBootCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.resumeDevice": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Device for manual resume attempt during boot. This should be used primarily\nif you want to resume from file. If left empty, the swap partitions are used.\nSpecify here the device where the file resides.\nYou should also use {var}`boot.kernelParams` to specify\n`\u00abresume_offset\u00bb`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/sda3\""}, "loc": ["boot", "resumeDevice"], "readOnly": false, "type": "string"}, "boot.runSize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"25%\""}, "description": "Size limit for the /run tmpfs. Look at {manpage}`mount(8)`, tmpfs size option,\nfor the accepted syntax.\n", "example": {"_type": "literalExpression", "text": "\"256m\""}, "loc": ["boot", "runSize"], "readOnly": false, "type": "string"}, "boot.specialFileSystems.<name>.depends": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths that should be mounted before this one. This filesystem's\n{option}`device` and {option}`mountPoint` are always\nchecked and do not need to be included explicitly. If a path is added\nto this list, any other filesystem whose mount point is a parent of\nthe path will be mounted before this filesystem. The paths do not need\nto actually be the {option}`mountPoint` of some other filesystem.\n\nThis is useful for mounts which require keys and/or configuration files residing on another filesystem.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/persist\"\n]"}, "loc": ["boot", "specialFileSystems", "<name>", "depends"], "readOnly": false, "type": "list of string (with check: non-empty without trailing slash)"}, "boot.specialFileSystems.<name>.device": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The device as passed to `mount`.\n\nThis can be any of:\n\n- a filename of a block special device such as `/dev/sdc3`\n- a tag such as `UUID=fdd68895-c307-4549-8c9c-90e44c71f5b7`\n- (for bind mounts only) the source path\n- something else depending on the {option}`fsType`. For example, `nfs` device may look like `knuth.cwi.nl:/dir`\n\nThis is called `device` in {manpage}`mount(8)` and `fs_spec` in {manpage}`fstab(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/sda\""}, "loc": ["boot", "specialFileSystems", "<name>", "device"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "boot.specialFileSystems.<name>.enable": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the filesystem mount.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "specialFileSystems", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "boot.specialFileSystems.<name>.fsType": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Type of the file system.\n\nThis is the `fstype` passed to `-t` in the {manpage}`mount(8)` command, and is called `fs_vfstype` in {manpage}`fstab(5)`.\n", "example": {"_type": "literalExpression", "text": "\"ext3\""}, "loc": ["boot", "specialFileSystems", "<name>", "fsType"], "readOnly": false, "type": "string (with check: non-empty)"}, "boot.specialFileSystems.<name>.mountPoint": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Location where the file system will be mounted.\n\nThis is called `mountpoint` in {manpage}`mount(8)` and `fs_file` in {manpage}`fstab(5)`\n", "example": {"_type": "literalExpression", "text": "\"/mnt/usb\""}, "loc": ["boot", "specialFileSystems", "<name>", "mountPoint"], "readOnly": false, "type": "string (with check: non-empty without trailing slash)"}, "boot.specialFileSystems.<name>.options": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"defaults\"\n]"}, "description": "Options used to mount the file system.\n\nThis is called `options` in {manpage}`mount(8)` and `fs_mntops` in {manpage}`fstab(5)`\n\nSome options that can be used for all mounts are documented in {manpage}`mount(8)` under `FILESYSTEM-INDEPENDENT MOUNT OPTIONS`.\n\nOptions that systemd understands are documented in {manpage}`systemd.mount(5)` under `FSTAB`.\n\nEach filesystem supports additional options, see the docs for that filesystem.\n", "example": {"_type": "literalExpression", "text": "[\n  \"data=journal\"\n]"}, "loc": ["boot", "specialFileSystems", "<name>", "options"], "readOnly": false, "type": "non-empty (list of string (with check: non-empty))"}, "boot.specialFileSystems.<name>.stratis.poolUuid": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "UUID of the stratis pool that the fs is located in\n\nThis is only relevant if you are using [stratis](https://stratis-storage.github.io/).\n", "example": {"_type": "literalExpression", "text": "\"04c68063-90a5-4235-b9dd-6180098a20d9\""}, "loc": ["boot", "specialFileSystems", "<name>", "stratis", "poolUuid"], "readOnly": false, "type": "null or string"}, "boot.stage2Greeting": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "\"<<< ${config.system.nixos.distroName} Stage 2 >>>\""}, "description": "The greeting message displayed during NixOS stage 2 boot.\n", "loc": ["boot", "stage2Greeting"], "readOnly": false, "type": "string"}, "boot.supportedFilesystems": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Names of supported filesystem types, or an attribute set of file system types\nand their state. The set form may be used together with `lib.mkForce` to\nexplicitly disable support for specific filesystems, e.g. to disable ZFS\nwith an unsupported kernel.\n", "example": {"_type": "literalExpression", "text": "{\n  btrfs = true;\n  zfs = lib.mkForce false;\n}\n"}, "loc": ["boot", "supportedFilesystems"], "readOnly": false, "type": "(attribute set of boolean) or (list of string) convertible to it"}, "boot.swraid.enable": {"declarations": ["nixos/modules/tasks/swraid.nix"], "default": {"_type": "literalExpression", "text": "\"`true` if stateVersion is older than 23.11\""}, "description": "Whether to enable support for Linux MD RAID arrays.\n\nWhen this is enabled, mdadm will be added to the system path,\nand MD RAID arrays will be detected and activated\nautomatically, both in stage-1 (initramfs) and in stage-2 (the\nfinal NixOS system).\n\nThis should be enabled if you want to be able to access and/or\nboot from MD RAID arrays. {command}`nixos-generate-config`\nshould detect it correctly in the standard installation\nprocedure.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "swraid", "enable"], "readOnly": false, "type": "boolean"}, "boot.swraid.mdadmConf": {"declarations": ["nixos/modules/tasks/swraid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of {file}`/etc/mdadm.conf`.", "loc": ["boot", "swraid", "mdadmConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.systemdExecutable": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "\"/run/current-system/systemd/lib/systemd/systemd\""}, "description": "The program to execute to start systemd.\n", "loc": ["boot", "systemdExecutable"], "readOnly": false, "type": "string"}, "boot.tmp.cleanOnBoot": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to delete all files in {file}`/tmp` during boot.\n", "loc": ["boot", "tmp", "cleanOnBoot"], "readOnly": false, "type": "boolean"}, "boot.tmp.tmpfsHugeMemoryPages": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "\"never\""}, "description": "- `never`        - Do not allocate huge memory pages. This is the default.\n- `always`       - Attempt to allocate huge memory page every time a new page is needed.\n- `within_size`  - Only allocate huge memory pages if it will be fully within i_size. Also respect madvise(2) hints. Recommended.\n- `advise`       - Only allocate huge memory pages if requested with madvise(2).\n", "example": {"_type": "literalExpression", "text": "\"within_size\""}, "loc": ["boot", "tmp", "tmpfsHugeMemoryPages"], "readOnly": false, "type": "one of \"never\", \"always\", \"within_size\", \"advise\""}, "boot.tmp.tmpfsSize": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "\"50%\""}, "description": "Size of tmpfs in percentage.\nPercentage is defined by systemd.\n", "loc": ["boot", "tmp", "tmpfsSize"], "readOnly": false, "type": "string or (positive integer, meaning >0)"}, "boot.tmp.useTmpfs": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to mount a tmpfs on {file}`/tmp` during boot.\n\n::: {.note}\nLarge Nix builds can fail if the mounted tmpfs is not large enough.\nIn such a case either increase the tmpfsSize or disable this option.\n:::\n", "loc": ["boot", "tmp", "useTmpfs"], "readOnly": false, "type": "boolean"}, "boot.tmp.useZram": {"declarations": ["nixos/modules/system/boot/zram-as-tmp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to mount a zram device on {file}`/tmp` during boot.\n\n::: {.note}\nLarge Nix builds can fail if the mounted zram device is not large enough.\nIn such a case either increase the zramSettings.zram-size or disable this option.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "tmp", "useZram"], "readOnly": false, "type": "boolean"}, "boot.tmp.zramSettings.compression-algorithm": {"declarations": ["nixos/modules/system/boot/zram-as-tmp.nix"], "default": {"_type": "literalExpression", "text": "\"zstd\""}, "description": "The compression algorithm to use for the zram device.\n\nSee: <https://github.com/systemd/zram-generator/blob/main/zram-generator.conf.example>\n", "example": {"_type": "literalExpression", "text": "\"lzo-rle\""}, "loc": ["boot", "tmp", "zramSettings", "compression-algorithm"], "readOnly": false, "type": "string"}, "boot.tmp.zramSettings.fs-type": {"declarations": ["nixos/modules/system/boot/zram-as-tmp.nix"], "default": {"_type": "literalExpression", "text": "\"ext4\""}, "description": "The file system to put on the device.\n\nSee: <https://github.com/systemd/zram-generator/blob/main/zram-generator.conf.example>\n", "example": {"_type": "literalExpression", "text": "\"ext2\""}, "loc": ["boot", "tmp", "zramSettings", "fs-type"], "readOnly": false, "type": "string"}, "boot.tmp.zramSettings.options": {"declarations": ["nixos/modules/system/boot/zram-as-tmp.nix"], "default": {"_type": "literalExpression", "text": "\"X-mount.mode=1777,discard\""}, "description": "By default, file systems and swap areas are trimmed on-the-go\nby setting \"discard\".\nSetting this to the empty string clears the option.\n\nSee: <https://github.com/systemd/zram-generator/blob/main/zram-generator.conf.example>\n", "loc": ["boot", "tmp", "zramSettings", "options"], "readOnly": false, "type": "string"}, "boot.tmp.zramSettings.zram-size": {"declarations": ["nixos/modules/system/boot/zram-as-tmp.nix"], "default": {"_type": "literalExpression", "text": "\"ram * 0.5\""}, "description": "The size of the zram device, as a function of MemTotal, both in MB.\nFor example, if the machine has 1 GiB, and zram-size=ram/4,\nthen the zram device will have 256 MiB.\nFractions in the range 0.1\u20130.5 are recommended\n\nSee: <https://github.com/systemd/zram-generator/blob/main/zram-generator.conf.example>\n", "example": {"_type": "literalExpression", "text": "\"min(ram / 2, 4096)\""}, "loc": ["boot", "tmp", "zramSettings", "zram-size"], "readOnly": false, "type": "string"}, "boot.uki.configFile": {"declarations": ["nixos/modules/system/boot/uki.nix"], "description": "The configuration file passed to {manpage}`ukify(1)` to create the UKI.\n\nBy default this configuration file is created from {option}`boot.uki.settings`.\n", "loc": ["boot", "uki", "configFile"], "readOnly": false, "type": "absolute path"}, "boot.uki.name": {"declarations": ["nixos/modules/system/boot/uki.nix"], "description": "Name of the UKI", "loc": ["boot", "uki", "name"], "readOnly": false, "type": "string"}, "boot.uki.settings": {"declarations": ["nixos/modules/system/boot/uki.nix"], "description": "The configuration settings for ukify. These control what the UKI\ncontains and how it is built.\n", "loc": ["boot", "uki", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "boot.uki.tries": {"declarations": ["nixos/modules/system/boot/uki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of boot attempts before this UKI is considered bad.\n\nIf no tries are specified (the default) automatic boot assessment remains inactive.\n\nSee documentation on [Automatic Boot Assessment](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT/) and\n[boot counting](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)\nfor more information.\n", "loc": ["boot", "uki", "tries"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "boot.uki.version": {"declarations": ["nixos/modules/system/boot/uki.nix"], "default": {"_type": "literalExpression", "text": "config.system.image.version"}, "description": "Version of the image or generation the UKI belongs to", "loc": ["boot", "uki", "version"], "readOnly": false, "type": "null or string"}, "boot.uvesafb.enable": {"declarations": ["nixos/modules/system/boot/uvesafb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uvesafb.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "uvesafb", "enable"], "readOnly": false, "type": "boolean"}, "boot.uvesafb.gfx-mode": {"declarations": ["nixos/modules/system/boot/uvesafb.nix"], "default": {"_type": "literalExpression", "text": "\"1024x768-32\""}, "description": "Screen resolution in modedb format. See [uvesafb](https://docs.kernel.org/fb/uvesafb.html) and [modedb](https://docs.kernel.org/fb/modedb.html) documentation for more details. The default value is a sensible default but may be not ideal for all setups.", "loc": ["boot", "uvesafb", "gfx-mode"], "readOnly": false, "type": "string"}, "boot.uvesafb.v86d.package": {"declarations": ["nixos/modules/system/boot/uvesafb.nix"], "default": {"_type": "literalExpression", "text": "''\n  config.boot.kernelPackages.v86d.overrideAttrs (old: {\n            hardeningDisable = [ \"all\" ];\n          })''"}, "description": "Which v86d package to use with uvesafb", "loc": ["boot", "uvesafb", "v86d", "package"], "readOnly": false, "type": "package"}, "boot.vesa": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "(Deprecated) This option, if set, activates the VESA 800x600 video\nmode on boot and disables kernel modesetting. It is equivalent to\nspecifying `[ \"vga=0x317\" \"nomodeset\" ]` in the\n{option}`boot.kernelParams` option. This option is\ndeprecated as of 2020: Xorg now works better with modesetting, and\nyou might want a different VESA vga setting, anyway.\n", "loc": ["boot", "vesa"], "readOnly": false, "type": "boolean"}, "boot.zfs.allowHibernation": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow hibernation support, this may be a unsafe option depending on your\nsetup. Make sure to NOT use Swap on ZFS.\n", "loc": ["boot", "zfs", "allowHibernation"], "readOnly": false, "type": "boolean"}, "boot.zfs.devNodes": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/disk/by-id\""}, "description": "Name of directory from which to import ZFS device, this is passed to `zpool import`\nas the value of the `-d` option.\n\nFor guidance on choosing this value, see\n[the ZFS documentation](https://openzfs.github.io/openzfs-docs/Project%20and%20Community/FAQ.html#selecting-dev-names-when-creating-a-pool-linux).\n", "loc": ["boot", "zfs", "devNodes"], "readOnly": false, "type": "absolute path"}, "boot.zfs.enabled": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalMD", "text": "`true` if ZFS filesystem support is enabled"}, "description": "True if ZFS filesystem support is enabled", "loc": ["boot", "zfs", "enabled"], "readOnly": true, "type": "boolean"}, "boot.zfs.extraPools": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Name or GUID of extra ZFS pools that you wish to import during boot.\n\nUsually this is not necessary. Instead, you should set the mountpoint property\nof ZFS filesystems to `legacy` and add the ZFS filesystems to\nNixOS's {option}`fileSystems` option, which makes NixOS automatically\nimport the associated pool.\n\nHowever, in some cases (e.g. if you have many filesystems) it may be preferable\nto exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd\nwill not be managing those filesystems, you will need to specify the ZFS pool here\nso that NixOS automatically imports it on every boot.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tank\"\n  \"data\"\n]"}, "loc": ["boot", "zfs", "extraPools"], "readOnly": false, "type": "list of string"}, "boot.zfs.forceImportAll": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Forcibly import all ZFS pool(s).\n\nIf you set this option to `false` and NixOS subsequently fails to\nimport your non-root ZFS pool(s), you should manually import each pool with\n\"zpool import -f \\<pool-name\\>\", and then reboot. You should only need to do\nthis once.\n", "loc": ["boot", "zfs", "forceImportAll"], "readOnly": false, "type": "boolean"}, "boot.zfs.forceImportRoot": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Forcibly import the ZFS root pool(s) during early boot.\n\nThis is enabled by default for backwards compatibility purposes, but it is highly\nrecommended to disable this option, as it bypasses some of the safeguards ZFS uses\nto protect your ZFS pools.\n\nIf you set this option to `false` and NixOS subsequently fails to\nboot because it cannot import the root pool, you should boot with the\n`zfs_force=1` option as a kernel parameter (e.g. by manually\nediting the kernel params in grub during boot). You should only need to do this\nonce.\n", "loc": ["boot", "zfs", "forceImportRoot"], "readOnly": false, "type": "boolean"}, "boot.zfs.package": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zfs"}, "description": "Configured ZFS userland tools package.", "loc": ["boot", "zfs", "package"], "readOnly": false, "type": "package"}, "boot.zfs.passwordTimeout": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Timeout in seconds to wait for password entry for decrypt at boot.\n\nDefaults to 0, which waits forever.\n", "loc": ["boot", "zfs", "passwordTimeout"], "readOnly": false, "type": "signed integer"}, "boot.zfs.pools": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for individual pools to override global defaults.\n", "loc": ["boot", "zfs", "pools"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.zfs.pools.<name>.devNodes": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"config.boot.zfs.devNodes\""}, "description": "Name of directory from which to import ZFS device, this is passed to `zpool import`\nas the value of the `-d` option.\n\nFor guidance on choosing this value, see\n[the ZFS documentation](https://openzfs.github.io/openzfs-docs/Project%20and%20Community/FAQ.html#selecting-dev-names-when-creating-a-pool-linux).\n", "loc": ["boot", "zfs", "pools", "<name>", "devNodes"], "readOnly": false, "type": "absolute path"}, "boot.zfs.removeLinuxDRM": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Patch the kernel to change symbols needed by ZFS from\nEXPORT_SYMBOL_GPL to EXPORT_SYMBOL.\n\nCurrently has no effect, but may again in future if a kernel\nupdate breaks ZFS due to symbols being newly changed to GPL.\n", "loc": ["boot", "zfs", "removeLinuxDRM"], "readOnly": false, "type": "boolean"}, "boot.zfs.requestEncryptionCredentials": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If true on import encryption keys or passwords for all encrypted datasets\nare requested. To only decrypt selected datasets supply a list of dataset\nnames instead. For root pools the encryption key can be supplied via both\nan interactive prompt (keylocation=prompt) and from a file (keylocation=file://).\n", "example": {"_type": "literalExpression", "text": "[\n  \"tank\"\n  \"data\"\n]"}, "loc": ["boot", "zfs", "requestEncryptionCredentials"], "readOnly": false, "type": "boolean or list of string"}, "boot.zfs.useKeyringForCredentials": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Uses the kernel keyring for encryption credentials with keyname=zfs-<poolname>.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "zfs", "useKeyringForCredentials"], "readOnly": false, "type": "boolean"}, "console.colors": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The 16 colors palette used by the virtual consoles.\nLeave empty to use the default colors.\nColors must be in hexadecimal format and listed in\norder from color 0 to color 15.\n", "example": {"_type": "literalExpression", "text": "[\n  \"002b36\"\n  \"dc322f\"\n  \"859900\"\n  \"b58900\"\n  \"268bd2\"\n  \"d33682\"\n  \"2aa198\"\n  \"eee8d5\"\n  \"002b36\"\n  \"cb4b16\"\n  \"586e75\"\n  \"657b83\"\n  \"839496\"\n  \"6c71c4\"\n  \"93a1a1\"\n  \"fdf6e3\"\n]"}, "loc": ["console", "colors"], "readOnly": false, "type": "list of string matching the pattern [[:xdigit:]]{6}"}, "console.earlySetup": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable setting virtual console options as early as possible (in initrd).\n", "loc": ["console", "earlySetup"], "readOnly": false, "type": "boolean"}, "console.enable": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable virtual console.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["console", "enable"], "readOnly": false, "type": "boolean"}, "console.font": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The font used for the virtual consoles.\nCan be `null`, a font name, or a path to a PSF font file.\n\nUse `null` to let the kernel choose a built-in font.\nThe default is 8x16, and, as of Linux 5.3, Terminus 32 bold for display\nresolutions of 2560x1080 and higher.\nThese fonts cover the [IBM437][] character set.\n\n[IBM437]: https://en.wikipedia.org/wiki/Code_page_437\n", "example": {"_type": "literalExpression", "text": "\"LatArCyrHeb-16\""}, "loc": ["console", "font"], "readOnly": false, "type": "null or string or absolute path"}, "console.keyMap": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "\"us\""}, "description": "The keyboard mapping table for the virtual consoles.\n", "example": {"_type": "literalExpression", "text": "\"fr\""}, "loc": ["console", "keyMap"], "readOnly": false, "type": "string or absolute path"}, "console.packages": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional packages that provide console fonts, keymaps and\nother resources for virtual consoles use.\n", "loc": ["console", "packages"], "readOnly": false, "type": "list of package"}, "console.useXkbConfig": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, configure the virtual console keymap from the xserver\nkeyboard settings.\n", "loc": ["console", "useXkbConfig"], "readOnly": false, "type": "boolean"}, "documentation.dev.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install documentation targeted at developers.\n* This includes man pages targeted at developers if {option}`documentation.man.enable` is\n  set (this also includes \"devman\" outputs).\n* This includes info pages targeted at developers if {option}`documentation.info.enable`\n  is set (this also includes \"devinfo\" outputs).\n* This includes other pages targeted at developers if {option}`documentation.doc.enable`\n  is set (this also includes \"devdoc\" outputs).\n", "loc": ["documentation", "dev", "enable"], "readOnly": false, "type": "boolean"}, "documentation.doc.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install documentation distributed in packages' `/share/doc`.\nUsually plain text and/or HTML.\nThis also includes \"doc\" outputs.\n", "loc": ["documentation", "doc", "enable"], "readOnly": false, "type": "boolean"}, "documentation.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install documentation of packages from\n{option}`environment.systemPackages` into the generated system path.\n\nSee \"Multiple-output packages\" chapter in the nixpkgs manual for more info.\n", "loc": ["documentation", "enable"], "readOnly": false, "type": "boolean"}, "documentation.info.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install info pages and the {command}`info` command.\nThis also includes \"info\" outputs.\n", "loc": ["documentation", "info", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.cache.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate the manual page index caches.\nThis allows searching for a page or\nkeyword using utilities like {manpage}`apropos(1)`\nand the `-k` option of\n{manpage}`man(1)`.\n", "loc": ["documentation", "man", "cache", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.cache.generateAtRuntime": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate the manual page index caches at runtime using\na systemd service. Note that this is currently only supported by the\nman-db module.\n", "loc": ["documentation", "man", "cache", "generateAtRuntime"], "readOnly": false, "type": "boolean"}, "documentation.man.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install manual pages.\nThis also includes `man` outputs.\n", "loc": ["documentation", "man", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.man-db.enable": {"declarations": ["nixos/modules/misc/man-db.nix"], "default": {"_type": "literalExpression", "text": "config.documentation.man.enable"}, "description": "Whether to enable man-db as the default man page viewer.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["documentation", "man", "man-db", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.man-db.manualPages": {"declarations": ["nixos/modules/misc/man-db.nix"], "default": {"_type": "literalMD", "text": "all man pages in {option}`config.environment.systemPackages`"}, "description": "The manual pages to generate caches for if {option}`documentation.man.cache.enable`\nis enabled. Must be a path to a directory with man pages under\n`/share/man`; see the source for an example.\nAdvanced users can make this a content-addressed derivation to save a few rebuilds.\n", "loc": ["documentation", "man", "man-db", "manualPages"], "readOnly": false, "type": "absolute path"}, "documentation.man.man-db.package": {"declarations": ["nixos/modules/misc/man-db.nix"], "default": {"_type": "literalExpression", "text": "pkgs.man-db"}, "description": "The `man-db` derivation to use. Useful to override\nconfiguration options used for the package.\n", "loc": ["documentation", "man", "man-db", "package"], "readOnly": false, "type": "package"}, "documentation.man.mandoc.cachePath": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "config.documentation.man.mandoc.manPath"}, "description": "Change the paths where mandoc {manpage}`makewhatis(8)`generates the\nmanual page index caches. {option}`documentation.man.cache.enable`\nshould be enabled to allow cache generation. This list should only\ninclude the paths to manpages installed in the system configuration,\ni. e. /run/current-system/sw/share/man. {manpage}`makewhatis(8)`\ncreates a database in each directory using the files\n`mansection/[arch/]title.section` and `catsection/[arch/]title.0`\nin it. If a directory contains no manual pages, no database is\ncreated in that directory.\nThis option only needs to be set manually if extra paths should be\nindexed or {option}`documentation.man.manPath` contains paths that\ncan't be indexed.\n", "example": {"_type": "literalExpression", "text": "[ \"share/man\" \"share/man/fr\" ]"}, "loc": ["documentation", "man", "mandoc", "cachePath"], "readOnly": false, "type": "list of string"}, "documentation.man.mandoc.enable": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mandoc as the default man page viewer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["documentation", "man", "mandoc", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.mandoc.extraConfig": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to write to {manpage}`man.conf(5)`.\n", "loc": ["documentation", "man", "mandoc", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "documentation.man.mandoc.manPath": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"share/man\"\n]"}, "description": "Change the paths included in the MANPATH environment variable,\ni. e. the directories where {manpage}`man(1)`\nlooks for section-specific directories of man pages.\nYou only need to change this setting if you want extra man pages\n(e. g. in non-english languages). All values must be strings that\nare a valid path from the target prefix (without including it).\nThe first value given takes priority. Note that this will not\nadd manpath directives to {manpage}`man.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "[ \"share/man\" \"share/man/fr\" ]"}, "loc": ["documentation", "man", "mandoc", "manPath"], "readOnly": false, "type": "list of string"}, "documentation.man.mandoc.package": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mandoc"}, "description": "The `mandoc` derivation to use. Useful to override\nconfiguration options used for the package.\n", "loc": ["documentation", "man", "mandoc", "package"], "readOnly": false, "type": "package"}, "documentation.man.mandoc.settings": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for {manpage}`man.conf(5)`", "loc": ["documentation", "man", "mandoc", "settings"], "readOnly": false, "type": "submodule"}, "documentation.man.mandoc.settings.manpath": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Override the default search path for {manpage}`man(1)`,\n{manpage}`apropos(1)`, and {manpage}`makewhatis(8)`. It can be\nused multiple times to specify multiple paths, with the order\ndetermining the manual page search order.\nThis is not recommended in favor of\n{option}`documentation.man.mandoc.manPath`, but if it's needed to\nspecify the manpath in this way, set\n{option}`documentation.man.mandoc.manPath` to an empty list (`[]`).\n", "example": {"_type": "literalExpression", "text": "[ \"/run/current-system/sw/share/man\" ]"}, "loc": ["documentation", "man", "mandoc", "settings", "manpath"], "readOnly": false, "type": "list of string"}, "documentation.man.mandoc.settings.output.fragment": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to omit the <!DOCTYPE> declaration and the <html>, <head>, and <body>\nelements and only emit the subtree below the <body> element in HTML\noutput of {manpage}`mandoc(1)`. The style argument will be ignored.\nThis is useful when embedding manual content within existing documents.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["documentation", "man", "mandoc", "settings", "output", "fragment"], "readOnly": false, "type": "boolean"}, "documentation.man.mandoc.settings.output.includes": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string of relative path used as a template for the output path of\nlinked header files (usually via the In macro) in HTML output.\nInstances of `%I` are replaced with the include filename. The\ndefault is not to present a hyperlink.\n", "example": {"_type": "literalExpression", "text": "../src/%I.html"}, "loc": ["documentation", "man", "mandoc", "settings", "output", "includes"], "readOnly": false, "type": "null or string"}, "documentation.man.mandoc.settings.output.indent": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of blank characters at the left margin for normal text,\ndefault of `5` for {manpage}`mdoc(7)` and `7` for\n{manpage}`man(7)`. Increasing this is not recommended; it may\nresult in degraded formatting, for example overfull lines or ugly\nline breaks. When output is to a pager on a terminal that is less\nthan 66 columns wide, the default is reduced to three columns.\n", "loc": ["documentation", "man", "mandoc", "settings", "output", "indent"], "readOnly": false, "type": "null or signed integer"}, "documentation.man.mandoc.settings.output.man": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A template for linked manuals (usually via the Xr macro) in HTML\noutput. Instances of \u2018%N\u2019 and \u2018%S\u2019 are replaced with the linked\nmanual's name and section, respectively. If no section is included,\nsection 1 is assumed. The default is not to present a hyperlink.\nIf two formats are given and a file %N.%S exists in the current\ndirectory, the first format is used; otherwise, the second format is used.\n", "example": {"_type": "literalExpression", "text": "../html%S/%N.%S.html"}, "loc": ["documentation", "man", "mandoc", "settings", "output", "man"], "readOnly": false, "type": "null or string"}, "documentation.man.mandoc.settings.output.paper": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option is for generating PostScript and PDF output. The paper\nsize name may be one of `a3`, `a4`, `a5`, `legal`, or `letter`.\nYou may also manually specify dimensions as `NNxNN`, width by\nheight in millimetres. If an unknown value is encountered, letter\nis used. Output pages default to letter sized and are rendered in\nthe Times font family, 11-point. Margins are calculated as 1/9 the\npage length and width. Line-height is 1.4m.\n", "loc": ["documentation", "man", "mandoc", "settings", "output", "paper"], "readOnly": false, "type": "null or string"}, "documentation.man.mandoc.settings.output.style": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file used for an external style-sheet. This must be a\nvalid absolute or relative URI.\n", "loc": ["documentation", "man", "mandoc", "settings", "output", "style"], "readOnly": false, "type": "null or absolute path"}, "documentation.man.mandoc.settings.output.toc": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable printing a table of contents near the beginning of the HTML output\nof {manpage}`mandoc(1)` if an input file contains at least two\nnon-standard sections\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["documentation", "man", "mandoc", "settings", "output", "toc"], "readOnly": false, "type": "boolean"}, "documentation.man.mandoc.settings.output.width": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ASCII and UTF-8 output width, default is `78`. When output is a\npager on a terminal that is less than 79 columns wide, the\ndefault is reduced to one less than the terminal width. In any case,\nlines that are output in literal mode are never wrapped and may\nexceed the output width.\n", "loc": ["documentation", "man", "mandoc", "settings", "output", "width"], "readOnly": false, "type": "null or signed integer"}, "documentation.nixos.checkRedirects": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check redirects for manualHTML.\n", "loc": ["documentation", "nixos", "checkRedirects"], "readOnly": false, "type": "boolean"}, "documentation.nixos.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install NixOS's own documentation.\n\n- This includes man pages like\n  {manpage}`configuration.nix(5)` if {option}`documentation.man.enable` is\n  set.\n- This includes the HTML manual and the {command}`nixos-help` command if\n  {option}`documentation.doc.enable` is set.\n", "loc": ["documentation", "nixos", "enable"], "readOnly": false, "type": "boolean"}, "documentation.nixos.extraModuleSources": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which extra NixOS module paths the generated NixOS's documentation should strip\nfrom options.\n", "example": {"_type": "literalExpression", "text": "# e.g. with options from modules in ${pkgs.customModules}/nix:\n[ pkgs.customModules ]\n"}, "loc": ["documentation", "nixos", "extraModuleSources"], "readOnly": false, "type": "list of (absolute path or string)"}, "documentation.nixos.extraModules": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Modules for which to show options even when not imported.\n", "loc": ["documentation", "nixos", "extraModules"], "readOnly": false, "type": "list of raw value"}, "documentation.nixos.includeAllModules": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the generated NixOS's documentation should include documentation for all\nthe options from all the NixOS modules included in the current\n`configuration.nix`. Disabling this will make the manual\ngenerator to ignore options defined outside of `baseModules`.\n", "loc": ["documentation", "nixos", "includeAllModules"], "readOnly": false, "type": "boolean"}, "documentation.nixos.options.splitBuild": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to split the option docs build into a cacheable and an uncacheable part.\nSplitting the build can substantially decrease the amount of time needed to build\nthe manual, but some user modules may be incompatible with this splitting.\n", "loc": ["documentation", "nixos", "options", "splitBuild"], "readOnly": false, "type": "boolean"}, "documentation.nixos.options.warningsAreErrors": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Treat warning emitted during the option documentation build (eg for missing option\ndescriptions) as errors.\n", "loc": ["documentation", "nixos", "options", "warningsAreErrors"], "readOnly": false, "type": "boolean"}, "ec2.zfs.datasets": {"declarations": ["nixos/modules/virtualisation/amazon-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Datasets to create under the `tank` and `boot` zpools.\n\n**NOTE:** This option is used only at image creation time, and\ndoes not attempt to declaratively create or manage datasets\non an existing system.\n", "loc": ["ec2", "zfs", "datasets"], "readOnly": false, "type": "attribute set of (submodule)"}, "ec2.zfs.datasets.<name>.mount": {"declarations": ["nixos/modules/virtualisation/amazon-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Where to mount this dataset.", "loc": ["ec2", "zfs", "datasets", "<name>", "mount"], "readOnly": false, "type": "null or string"}, "ec2.zfs.datasets.<name>.properties": {"declarations": ["nixos/modules/virtualisation/amazon-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Properties to set on this dataset.", "loc": ["ec2", "zfs", "datasets", "<name>", "properties"], "readOnly": false, "type": "attribute set of string"}, "environment.budgie.excludePackages": {"declarations": ["nixos/modules/services/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which packages Budgie should exclude from the default environment.", "example": {"_type": "literalExpression", "text": "[ pkgs.mate-terminal ]"}, "loc": ["environment", "budgie", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.cinnamon.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which packages cinnamon should exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.blueman ]"}, "loc": ["environment", "cinnamon", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.corePackages": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalMD", "text": "these packages, with their `meta.priority` numerically increased\n(thus lowering their installation priority):\n\n    [ pkgs.acl pkgs.attr pkgs.bashInteractive pkgs.bzip2 pkgs.coreutils-full pkgs.cpio pkgs.curl pkgs.diffutils pkgs.findutils pkgs.gawk pkgs.getent pkgs.getconf pkgs.gnugrep pkgs.gnupatch pkgs.gnused pkgs.gnutar pkgs.gzip pkgs.xz pkgs.less pkgs.libcap pkgs.ncurses pkgs.netcat pkgs.mkpasswd pkgs.procps pkgs.su pkgs.time pkgs.util-linux pkgs.which pkgs.zstd ]\n"}, "description": "Set of core packages for a normal interactive system.\n\nOnly change this if you know what you're doing!\n\nLike with systemPackages, packages are installed to\n{file}`/run/current-system/sw`. They are\nautomatically available to all users, and are\nautomatically updated every time you rebuild the system\nconfiguration.\n", "example": {"_type": "literalExpression", "text": "[ ]"}, "loc": ["environment", "corePackages"], "readOnly": false, "type": "list of package"}, "environment.cosmic.excludePackages": {"declarations": ["nixos/modules/services/desktop-managers/cosmic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages to exclude from the COSMIC environment.", "example": {"_type": "literalExpression", "text": "[ pkgs.cosmic-player ]"}, "loc": ["environment", "cosmic", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.debuginfodServers": {"declarations": ["nixos/modules/config/debug-info.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of urls of debuginfod servers for tools like {command}`gdb` and {command}`valgrind` to use.\n\nUnrelated to {option}`environment.enableDebugInfo`.\n", "loc": ["environment", "debuginfodServers"], "readOnly": false, "type": "list of string"}, "environment.defaultPackages": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalMD", "text": "these packages, with their `meta.priority` numerically increased\n(thus lowering their installation priority):\n\n    [ pkgs.perl pkgs.rsync pkgs.strace ]\n"}, "description": "Set of default packages that aren't strictly necessary\nfor a running system, entries can be removed for a more\nminimal NixOS installation.\n\nLike with systemPackages, packages are installed to\n{file}`/run/current-system/sw`. They are\nautomatically available to all users, and are\nautomatically updated every time you rebuild the system\nconfiguration.\n", "example": {"_type": "literalExpression", "text": "[ ]"}, "loc": ["environment", "defaultPackages"], "readOnly": false, "type": "list of package"}, "environment.enableAllTerminfo": {"declarations": ["nixos/modules/config/terminfo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install all terminfo outputs\n", "loc": ["environment", "enableAllTerminfo"], "readOnly": false, "type": "boolean"}, "environment.enableDebugInfo": {"declarations": ["nixos/modules/config/debug-info.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Some NixOS packages provide debug symbols. However, these are\nnot included in the system closure by default to save disk\nspace. Enabling this option causes the debug symbols to appear\nin {file}`/run/current-system/sw/lib/debug/.build-id`,\nwhere tools such as {command}`gdb` can find them.\nIf you need debug symbols for a package that doesn't\nprovide them by default, you can enable them as follows:\n\n    nixpkgs.config.packageOverrides = pkgs: {\n      hello = pkgs.hello.overrideAttrs (oldAttrs: {\n        separateDebugInfo = true;\n      });\n    };\n", "loc": ["environment", "enableDebugInfo"], "readOnly": false, "type": "boolean"}, "environment.enlightenment.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/enlightenment.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which packages Enlightenment should exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.enlightenment.ephoto ]"}, "loc": ["environment", "enlightenment", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.etc": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of files that have to be linked in {file}`/etc`.\n", "example": {"_type": "literalExpression", "text": "{ example-configuration-file =\n    { source = \"/nix/store/.../etc/dir/file.conf.example\";\n      mode = \"0440\";\n    };\n  \"default/useradd\".text = \"GROUP=100 ...\";\n}\n"}, "loc": ["environment", "etc"], "readOnly": false, "type": "attribute set of (submodule)"}, "environment.etc.<name>.enable": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this /etc file should be generated.  This\noption allows specific /etc files to be disabled.\n", "loc": ["environment", "etc", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "environment.etc.<name>.gid": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "GID of created file. Only takes effect when the file is\ncopied (that is, the mode is not 'symlink').\n", "loc": ["environment", "etc", "<name>", "gid"], "readOnly": false, "type": "signed integer"}, "environment.etc.<name>.group": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "\"+0\""}, "description": "Group name of file owner.\n\nOnly takes effect when the file is copied (that is, the\nmode is not `symlink`).\n\nWhen `services.userborn.enable`, this option has no effect.\nYou have to assign a `gid` instead. Otherwise this option\ntakes precedence over `gid`.\n", "loc": ["environment", "etc", "<name>", "group"], "readOnly": false, "type": "string"}, "environment.etc.<name>.mode": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "\"symlink\""}, "description": "If set to something else than `symlink`,\nthe file is copied instead of symlinked, with the given\nfile mode.\n", "example": {"_type": "literalExpression", "text": "\"0600\""}, "loc": ["environment", "etc", "<name>", "mode"], "readOnly": false, "type": "string"}, "environment.etc.<name>.source": {"declarations": ["nixos/modules/system/etc/etc.nix"], "description": "Path of the source file.", "loc": ["environment", "etc", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "environment.etc.<name>.target": {"declarations": ["nixos/modules/system/etc/etc.nix"], "description": "Name of symlink (relative to\n{file}`/etc`).  Defaults to the attribute\nname.\n", "loc": ["environment", "etc", "<name>", "target"], "readOnly": false, "type": "string"}, "environment.etc.<name>.text": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["environment", "etc", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "environment.etc.<name>.uid": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "UID of created file. Only takes effect when the file is\ncopied (that is, the mode is not 'symlink').\n", "loc": ["environment", "etc", "<name>", "uid"], "readOnly": false, "type": "signed integer"}, "environment.etc.<name>.user": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "\"+0\""}, "description": "User name of file owner.\n\nOnly takes effect when the file is copied (that is, the\nmode is not `symlink`).\n\nWhen `services.userborn.enable`, this option has no effect.\nYou have to assign a `uid` instead. Otherwise this option\ntakes precedence over `uid`.\n", "loc": ["environment", "etc", "<name>", "user"], "readOnly": false, "type": "string"}, "environment.extraInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during global environment initialisation\nafter all variables and profileVariables have been set.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n", "loc": ["environment", "extraInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.extraOutputsToInstall": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Entries listed here will be appended to the `meta.outputsToInstall` attribute for each package in `environment.systemPackages`, and the files from the corresponding derivation outputs symlinked into {file}`/run/current-system/sw`.\n\nFor example, this can be used to install the `dev` and `info` outputs for all packages in the system environment, if they are available.\n\nTo use specific outputs instead of configuring them globally, select the corresponding attribute on the package derivation, e.g. `libxml2.dev` or `coreutils.info`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"dev\"\n  \"info\"\n]"}, "loc": ["environment", "extraOutputsToInstall"], "readOnly": false, "type": "list of string"}, "environment.extraSetup": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.", "loc": ["environment", "extraSetup"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.freetds": {"declarations": ["nixos/modules/programs/freetds.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configure freetds database entries. Each attribute denotes\na section within freetds.conf, and the value (a string) is the config\ncontent for that section. When at least one entry is configured\nthe global environment variables FREETDSCONF, FREETDS and SYBASE\nwill be configured to allow the programs that use freetds to find the\nlibrary and config.\n", "example": {"_type": "literalExpression", "text": "{ MYDATABASE = ''\n    host = 10.0.2.100\n    port = 1433\n    tds version = 7.2\n  '';\n}\n"}, "loc": ["environment", "freetds"], "readOnly": false, "type": "attribute set of string"}, "environment.gnome.excludePackages": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which packages gnome should exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.showtime ]"}, "loc": ["environment", "gnome", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.homeBinInPath": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Include ~/bin/ in $PATH.\n", "loc": ["environment", "homeBinInPath"], "readOnly": false, "type": "boolean"}, "environment.interactiveShellInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during interactive shell initialisation.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n", "loc": ["environment", "interactiveShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.ldso": {"declarations": ["nixos/modules/config/ldso.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The executable to link into the normal FHS location of the ELF loader.\n", "loc": ["environment", "ldso"], "readOnly": false, "type": "null or absolute path"}, "environment.ldso32": {"declarations": ["nixos/modules/config/ldso.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The executable to link into the normal FHS location of the 32-bit ELF loader.\n\nThis currently only works on x86_64 architectures.\n", "loc": ["environment", "ldso32"], "readOnly": false, "type": "null or absolute path"}, "environment.localBinInPath": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add ~/.local/bin/ to $PATH\n", "loc": ["environment", "localBinInPath"], "readOnly": false, "type": "boolean"}, "environment.loginShellInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during login shell initialisation.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n", "loc": ["environment", "loginShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.lxqt.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/lxqt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which LXQt packages to exclude from the default environment", "example": {"_type": "literalExpression", "text": "with pkgs; [ lxqt.qterminal ]"}, "loc": ["environment", "lxqt", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.mate.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which MATE packages to exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.mate-terminal pkgs.pluma ]"}, "loc": ["environment", "mate", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.memoryAllocator.provider": {"declarations": ["nixos/modules/config/malloc.nix"], "default": {"_type": "literalExpression", "text": "\"libc\""}, "description": "The system-wide memory allocator.\n\nBriefly, the system-wide memory allocator providers are:\n\n- `libc`: the standard allocator provided by libc\n- `graphene-hardened`: Hardened memory allocator coming from GrapheneOS project. The default configuration template has all normal optional security features enabled and is quite aggressive in terms of sacrificing performance and memory usage for security. \n- `graphene-hardened-light`: Hardened memory allocator coming from GrapheneOS project. The light configuration template disables the slab quarantines, write after free check, slot randomization and raises the guard slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled. The light configuration has solid performance and memory usage while still being far more secure than mainstream allocators with much better security properties. \n- `jemalloc`: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support. \n- `mimalloc`: A compact and fast general purpose allocator, which may optionally be built with mitigations against various heap vulnerabilities. \n- `scudo`: A user-mode allocator based on LLVM Sanitizer\u2019s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance. \n\n::: {.warning}\nSelecting an alternative allocator (i.e., anything other than\n`libc`) may result in instability, data loss,\nand/or service failure.\n:::\n", "loc": ["environment", "memoryAllocator", "provider"], "readOnly": false, "type": "one of \"libc\", \"graphene-hardened\", \"graphene-hardened-light\", \"jemalloc\", \"mimalloc\", \"scudo\""}, "environment.pantheon.excludePackages": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which packages pantheon should exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.pantheon.elementary-camera ]"}, "loc": ["environment", "pantheon", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.pathsToLink": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of directories to be symlinked in {file}`/run/current-system/sw`.", "example": {"_type": "literalExpression", "text": "[\n  \"/\"\n]"}, "loc": ["environment", "pathsToLink"], "readOnly": false, "type": "list of string"}, "environment.plasma6.excludePackages": {"declarations": ["nixos/modules/services/desktop-managers/plasma6.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of default packages to exclude from the configuration", "example": {"_type": "literalExpression", "text": "[ pkgs.kdePackages.elisa ]"}, "loc": ["environment", "plasma6", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.profileRelativeEnvVars": {"declarations": ["nixos/modules/config/shells-environment.nix"], "description": "Attribute set of environment variable.  Each attribute maps to a list\nof relative paths.  Each relative path is appended to the each profile\nof {option}`environment.profiles` to form the content of the\ncorresponding environment variable.\n", "example": {"_type": "literalExpression", "text": "{\n  MANPATH = [\n    \"/man\"\n    \"/share/man\"\n  ];\n  PATH = [\n    \"/bin\"\n  ];\n}"}, "loc": ["environment", "profileRelativeEnvVars"], "readOnly": false, "type": "attribute set of list of string"}, "environment.profileRelativeSessionVariables": {"declarations": ["nixos/modules/config/system-environment.nix"], "description": "Attribute set of environment variable used in the global\nenvironment. These variables will be set by PAM early in the\nlogin process.\n\nVariable substitution is available as described in\n{manpage}`pam_env.conf(5)`.\n\nEach attribute maps to a list of relative paths. Each relative\npath is appended to the each profile of\n{option}`environment.profiles` to form the content of\nthe corresponding environment variable.\n\nAlso, these variables are merged into\n[](#opt-environment.profileRelativeEnvVars) and it is\ntherefore not possible to use PAM style variables such as\n`@{HOME}`.\n", "example": {"_type": "literalExpression", "text": "{\n  MANPATH = [\n    \"/man\"\n    \"/share/man\"\n  ];\n  PATH = [\n    \"/bin\"\n  ];\n}"}, "loc": ["environment", "profileRelativeSessionVariables"], "readOnly": false, "type": "attribute set of list of string"}, "environment.profiles": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of profiles used to setup the global environment.\n", "loc": ["environment", "profiles"], "readOnly": false, "type": "list of string"}, "environment.sessionVariables": {"declarations": ["nixos/modules/config/system-environment.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of environment variables used in the global environment.\nThese variables will be set by PAM early in the login process.\n\nThe value of each session variable can be either a string or a\nlist of strings. The latter is concatenated, interspersed with\ncolon characters.\n\nSetting a variable to `null` does nothing. You can override a\nvariable set by another module to `null` to unset it.\n\nNote, due to limitations in the PAM format values may not\ncontain the `\"` character.\n\nAlso, these variables are merged into\n[](#opt-environment.variables) and it is\ntherefore not possible to use PAM style variables such as\n`@{HOME}`.\n", "loc": ["environment", "sessionVariables"], "readOnly": false, "type": "attribute set of (null or (list of (signed integer or string or absolute path)) or signed integer or string or absolute path)"}, "environment.shellAliases": {"declarations": ["nixos/modules/config/shells-environment.nix"], "description": "An attribute set that maps aliases (the top level attribute names in\nthis option) to command strings or directly to build outputs. The\naliases are added to all users' shells.\nAliases mapped to `null` are ignored.\n", "example": {"_type": "literalExpression", "text": "{\n  l = null;\n  ll = \"ls -l\";\n}"}, "loc": ["environment", "shellAliases"], "readOnly": false, "type": "attribute set of (null or string or absolute path)"}, "environment.shellInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during shell initialisation.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n", "loc": ["environment", "shellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.shells": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of permissible login shells for user accounts.\nNo need to mention `/bin/sh`\nhere, it is placed into this list implicitly.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.bashInteractive pkgs.zsh ]"}, "loc": ["environment", "shells"], "readOnly": false, "type": "list of (package or absolute path)"}, "environment.stub-ld.enable": {"declarations": ["nixos/modules/config/stub-ld.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Install a stub ELF loader to print an informative error message\nin the event that a user attempts to run an ELF binary not\ncompiled for NixOS.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["environment", "stub-ld", "enable"], "readOnly": false, "type": "boolean"}, "environment.systemPackages": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The set of packages that appear in\n/run/current-system/sw.  These packages are\nautomatically available to all users, and are\nautomatically updated every time you rebuild the system\nconfiguration.  (The latter is the main difference with\ninstalling them in the default profile,\n{file}`/nix/var/nix/profiles/default`.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.firefox pkgs.thunderbird ]"}, "loc": ["environment", "systemPackages"], "readOnly": false, "type": "list of package"}, "environment.unixODBCDrivers": {"declarations": ["nixos/modules/config/unix-odbc-drivers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies Unix ODBC drivers to be registered in\n{file}`/etc/odbcinst.ini`.  You may also want to\nadd `pkgs.unixODBC` to the system path to get\na command line client to connect to ODBC databases.\n", "example": {"_type": "literalExpression", "text": "with pkgs.unixODBCDrivers; [ sqlite psql ]"}, "loc": ["environment", "unixODBCDrivers"], "readOnly": false, "type": "list of package"}, "environment.variables": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of environment variables used in the global environment.\nThese variables will be set on shell initialisation (e.g. in /etc/profile).\n\nThe value of each variable can be either a string or a list of\nstrings.  The latter is concatenated, interspersed with colon\ncharacters.\n\nSetting a variable to `null` does nothing. You can override a\nvariable set by another module to `null` to unset it.\n", "example": {"_type": "literalExpression", "text": "{\n  EDITOR = \"nvim\";\n  VISUAL = \"nvim\";\n}"}, "loc": ["environment", "variables"], "readOnly": false, "type": "attribute set of (null or (list of (signed integer or string or absolute path)) or signed integer or string or absolute path)"}, "environment.wordlist.enable": {"declarations": ["nixos/modules/misc/wordlist.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable environment variables for lists of words.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["environment", "wordlist", "enable"], "readOnly": false, "type": "boolean"}, "environment.wordlist.lists": {"declarations": ["nixos/modules/misc/wordlist.nix"], "default": {"_type": "literalExpression", "text": "{\n  WORDLIST = [ \"${pkgs.scowl}/share/dict/words.txt\" ];\n}\n"}, "description": "A set with the key names being the environment variable you'd like to\nset and the values being a list of paths to text documents containing\nlists of words. The various files will be merged, sorted, duplicates\nremoved, and extraneous spacing removed.\n\nIf you have a handful of words that you want to add to an already\nexisting wordlist, you may find `builtins.toFile` useful for this\ntask.\n", "example": {"_type": "literalExpression", "text": "{\n  WORDLIST = [ \"${pkgs.scowl}/share/dict/words.txt\" ];\n  AUGMENTED_WORDLIST = [\n    \"${pkgs.scowl}/share/dict/words.txt\"\n    \"${pkgs.scowl}/share/dict/words.variants.txt\"\n    (builtins.toFile \"extra-words\" ''\n      desynchonization\n      oobleck'')\n  ];\n}\n"}, "loc": ["environment", "wordlist", "lists"], "readOnly": false, "type": "attribute set of non-empty (list of absolute path)"}, "environment.wvdial.dialerDefaults": {"declarations": ["nixos/modules/services/networking/wvdial.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the \"Dialer Defaults\" section of\n<filename>/etc/wvdial.conf</filename>.\n", "example": {"_type": "literalExpression", "text": "\"Init1 = AT+CGDCONT=1,\\\"IP\\\",\\\"internet.t-mobile\\\"\""}, "loc": ["environment", "wvdial", "dialerDefaults"], "readOnly": false, "type": "string"}, "environment.wvdial.pppDefaults": {"declarations": ["nixos/modules/services/networking/wvdial.nix"], "default": {"_type": "literalExpression", "text": "''\n  noipdefault\n  usepeerdns\n  defaultroute\n  persist\n  noauth\n''"}, "description": "Default ppp settings for wvdial.", "loc": ["environment", "wvdial", "pppDefaults"], "readOnly": false, "type": "string"}, "environment.xfce.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which packages XFCE should exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.xfce4-volumed-pulse ]"}, "loc": ["environment", "xfce", "excludePackages"], "readOnly": false, "type": "list of package"}, "fileSystems": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix", "nixos/modules/tasks/filesystems.nix", "nixos/modules/tasks/encrypted-devices.nix", "nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The file systems to be mounted.  It must include an entry for\nthe root directory (`mountPoint = \"/\"`).  Each\nentry in the list is an attribute set with the following fields:\n`mountPoint`, `device`,\n`fsType` (a file system type recognised by\n{command}`mount`; defaults to\n`\"auto\"`), and `options`\n(the mount options passed to {command}`mount` using the\n{option}`-o` flag; defaults to `[ \"defaults\" ]`).\n\nInstead of specifying `device`, you can also\nspecify a volume label (`label`) for file\nsystems that support it, such as ext2/ext3 (see {command}`mke2fs -L`).\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\".device = \"/dev/hda1\";\n  \"/data\" = {\n    device = \"/dev/hda2\";\n    fsType = \"ext3\";\n    options = [ \"data=journal\" ];\n  };\n  \"/bigdisk\".label = \"bigdisk\";\n}\n"}, "loc": ["fileSystems"], "readOnly": false, "type": "attribute set of (submodule)"}, "fileSystems.<name>.autoFormat": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If the device does not currently contain a filesystem (as\ndetermined by {command}`blkid`), then automatically\nformat it with the filesystem type specified in\n{option}`fsType`.  Use with caution.\n", "loc": ["fileSystems", "<name>", "autoFormat"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.autoResize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the filesystem is grown to its maximum size before\nbeing mounted. (This is typically the size of the containing\npartition.) This is currently only supported for ext2/3/4\nfilesystems that are mounted during early boot.\n", "loc": ["fileSystems", "<name>", "autoResize"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.depends": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths that should be mounted before this one. This filesystem's\n{option}`device` and {option}`mountPoint` are always\nchecked and do not need to be included explicitly. If a path is added\nto this list, any other filesystem whose mount point is a parent of\nthe path will be mounted before this filesystem. The paths do not need\nto actually be the {option}`mountPoint` of some other filesystem.\n\nThis is useful for mounts which require keys and/or configuration files residing on another filesystem.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/persist\"\n]"}, "loc": ["fileSystems", "<name>", "depends"], "readOnly": false, "type": "list of string (with check: non-empty without trailing slash)"}, "fileSystems.<name>.device": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The device as passed to `mount`.\n\nThis can be any of:\n\n- a filename of a block special device such as `/dev/sdc3`\n- a tag such as `UUID=fdd68895-c307-4549-8c9c-90e44c71f5b7`\n- (for bind mounts only) the source path\n- something else depending on the {option}`fsType`. For example, `nfs` device may look like `knuth.cwi.nl:/dir`\n\nThis is called `device` in {manpage}`mount(8)` and `fs_spec` in {manpage}`fstab(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/sda\""}, "loc": ["fileSystems", "<name>", "device"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "fileSystems.<name>.enable": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the filesystem mount.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["fileSystems", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.encrypted.blkDev": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Location of the backing encrypted device.", "example": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "loc": ["fileSystems", "<name>", "encrypted", "blkDev"], "readOnly": false, "type": "null or string"}, "fileSystems.<name>.encrypted.enable": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The block device is backed by an encrypted one, adds this device as a initrd luks entry.", "loc": ["fileSystems", "<name>", "encrypted", "enable"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.encrypted.keyFile": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a keyfile used to unlock the backing encrypted\ndevice. When systemd stage 1 is not enabled, at the time\nthis keyfile is accessed, the `neededForBoot` filesystems\n(see `utils.fsNeededForBoot`) will have been mounted under\n`/mnt-root`, so the keyfile path should usually start with\n\"/mnt-root/\". When systemd stage 1 is enabled,\n`fsNeededForBoot` file systems will be mounted as needed\nunder `/sysroot`, and the keyfile will not be accessed until\nits requisite mounts are done.\n", "example": {"_type": "literalExpression", "text": "\"/mnt-root/root/.swapkey\""}, "loc": ["fileSystems", "<name>", "encrypted", "keyFile"], "readOnly": false, "type": "null or string"}, "fileSystems.<name>.encrypted.label": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label of the unlocked encrypted device. Set `fileSystems.<name?>.device` to `/dev/mapper/<label>` to mount the unlocked device.", "example": {"_type": "literalExpression", "text": "\"rootfs\""}, "loc": ["fileSystems", "<name>", "encrypted", "label"], "readOnly": false, "type": "null or string"}, "fileSystems.<name>.fsType": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Type of the file system.\n\nThis is the `fstype` passed to `-t` in the {manpage}`mount(8)` command, and is called `fs_vfstype` in {manpage}`fstab(5)`.\n", "example": {"_type": "literalExpression", "text": "\"ext3\""}, "loc": ["fileSystems", "<name>", "fsType"], "readOnly": false, "type": "string (with check: non-empty)"}, "fileSystems.<name>.label": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label of the device. This simply sets {option}`device` to\n`/dev/disk/by-label/${label}`. Note that devices will not\nhave a label unless they contain a filesystem which\nsupports labels, such as ext4 or fat32.\n", "example": {"_type": "literalExpression", "text": "\"root-partition\""}, "loc": ["fileSystems", "<name>", "label"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "fileSystems.<name>.mountPoint": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Location where the file system will be mounted.\n\nThis is called `mountpoint` in {manpage}`mount(8)` and `fs_file` in {manpage}`fstab(5)`\n", "example": {"_type": "literalExpression", "text": "\"/mnt/usb\""}, "loc": ["fileSystems", "<name>", "mountPoint"], "readOnly": false, "type": "string (with check: non-empty without trailing slash)"}, "fileSystems.<name>.neededForBoot": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, this file system will be mounted in the initial ramdisk.\nNote that the file system will always be mounted in the initial\nramdisk if its mount point is one of the following:\n{file}`/`, {file}`/nix`, {file}`/nix/store`, {file}`/var`, {file}`/var/log`, {file}`/var/lib`, {file}`/var/lib/nixos`, {file}`/etc`, {file}`/usr`.\n", "loc": ["fileSystems", "<name>", "neededForBoot"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.noCheck": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable running fsck on this filesystem.", "loc": ["fileSystems", "<name>", "noCheck"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.options": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"defaults\"\n]"}, "description": "Options used to mount the file system.\n\nThis is called `options` in {manpage}`mount(8)` and `fs_mntops` in {manpage}`fstab(5)`\n\nSome options that can be used for all mounts are documented in {manpage}`mount(8)` under `FILESYSTEM-INDEPENDENT MOUNT OPTIONS`.\n\nOptions that systemd understands are documented in {manpage}`systemd.mount(5)` under `FSTAB`.\n\nEach filesystem supports additional options, see the docs for that filesystem.\n", "example": {"_type": "literalExpression", "text": "[\n  \"data=journal\"\n]"}, "loc": ["fileSystems", "<name>", "options"], "readOnly": false, "type": "non-empty (list of string (with check: non-empty))"}, "fileSystems.<name>.overlay.lowerdir": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The list of path(s) to the lowerdir(s).\n\nTo create a writable overlay, you MUST provide an `upperdir` and a\n`workdir`.\n\nYou can create a read-only overlay when you provide multiple (at\nleast 2!) lowerdirs and neither an `upperdir` nor a `workdir`.\n", "loc": ["fileSystems", "<name>", "overlay", "lowerdir"], "readOnly": false, "type": "null or (non-empty (list of (string or path in the Nix store)))"}, "fileSystems.<name>.overlay.upperdir": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the upperdir.\n\nIf this is null, a read-only overlay is created using the lowerdir.\n\nIf the filesystem is `neededForBoot`, this will be prefixed with `/sysroot`,\nunless `useStage1BaseDirectories` is set to `true`.\n\nIf you set this to some value you MUST also set `workdir`.\n", "loc": ["fileSystems", "<name>", "overlay", "upperdir"], "readOnly": false, "type": "null or string"}, "fileSystems.<name>.overlay.useStage1BaseDirectories": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, `lowerdir`, `upperdir` and `workdir` will be prefixed with `/sysroot`.\n\nDisabling this can be useful to create an overlay over directories which aren't on the real root.\n\nDisabling this does not work with the scripted (i.e. non-systemd) initrd.\n", "loc": ["fileSystems", "<name>", "overlay", "useStage1BaseDirectories"], "readOnly": false, "type": "boolean"}, "fileSystems.<name>.overlay.workdir": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the workdir.\n\nIf the filesystem is `neededForBoot`, this will be prefixed with `/sysroot`,\nunless `useStage1BaseDirectories` is set to `true`.\n\nThis MUST be set if you set `upperdir`.\n", "loc": ["fileSystems", "<name>", "overlay", "workdir"], "readOnly": false, "type": "null or string"}, "fileSystems.<name>.stratis.poolUuid": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "UUID of the stratis pool that the fs is located in\n\nThis is only relevant if you are using [stratis](https://stratis-storage.github.io/).\n", "example": {"_type": "literalExpression", "text": "\"04c68063-90a5-4235-b9dd-6180098a20d9\""}, "loc": ["fileSystems", "<name>", "stratis", "poolUuid"], "readOnly": false, "type": "null or string"}, "fonts.enableDefaultPackages": {"declarations": ["nixos/modules/config/fonts/packages.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable a basic set of fonts providing several styles\nand families and reasonable coverage of Unicode.\n", "loc": ["fonts", "enableDefaultPackages"], "readOnly": false, "type": "boolean"}, "fonts.enableGhostscriptFonts": {"declarations": ["nixos/modules/config/fonts/ghostscript.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add the fonts provided by Ghostscript (such as\nvarious URW fonts and the \u201cBase-14\u201d Postscript fonts) to the\nlist of system fonts, making them available to X11\napplications.\n", "loc": ["fonts", "enableGhostscriptFonts"], "readOnly": false, "type": "boolean"}, "fonts.fontDir.decompressFonts": {"declarations": ["nixos/modules/config/fonts/fontdir.nix"], "default": {"_type": "literalExpression", "text": "config.programs.xwayland.enable"}, "description": "Whether to decompress fonts in\n{file}`/run/current-system/sw/share/X11/fonts`.\n", "loc": ["fonts", "fontDir", "decompressFonts"], "readOnly": false, "type": "boolean"}, "fonts.fontDir.enable": {"declarations": ["nixos/modules/config/fonts/fontdir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create a directory with links to all fonts in\n{file}`/run/current-system/sw/share/X11/fonts`.\n", "loc": ["fonts", "fontDir", "enable"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.allowBitmaps": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow bitmap fonts. Set to `false` to ban all\nbitmap fonts.\n", "loc": ["fonts", "fontconfig", "allowBitmaps"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.allowType1": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow Type-1 fonts. Default is `false` because of\npoor rendering.\n", "loc": ["fonts", "fontconfig", "allowType1"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.antialias": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable font antialiasing. At high resolution (> 200 DPI),\nantialiasing has no visible effect; users of such displays may want\nto disable this option.\n", "loc": ["fonts", "fontconfig", "antialias"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.cache32Bit": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Generate system fonts cache for 32-bit applications.\n", "loc": ["fonts", "fontconfig", "cache32Bit"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.defaultFonts.emoji": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"Noto Color Emoji\"\n]"}, "description": "System-wide default emoji font(s). Multiple fonts may be listed\nin case a font does not support all emoji.\n\nNote that fontconfig matches color emoji fonts preferentially,\nso if you want to use a black and white font while having\na color font installed (eg. Noto Color Emoji installed alongside\nNoto Emoji), fontconfig will still choose the color font even\nwhen it is later in the list.\n", "loc": ["fonts", "fontconfig", "defaultFonts", "emoji"], "readOnly": false, "type": "list of string"}, "fonts.fontconfig.defaultFonts.monospace": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"DejaVu Sans Mono\"\n]"}, "description": "System-wide default monospace font(s). Multiple fonts may be\nlisted in case multiple languages must be supported.\n", "loc": ["fonts", "fontconfig", "defaultFonts", "monospace"], "readOnly": false, "type": "list of string"}, "fonts.fontconfig.defaultFonts.sansSerif": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"DejaVu Sans\"\n]"}, "description": "System-wide default sans serif font(s). Multiple fonts may be\nlisted in case multiple languages must be supported.\n", "loc": ["fonts", "fontconfig", "defaultFonts", "sansSerif"], "readOnly": false, "type": "list of string"}, "fonts.fontconfig.defaultFonts.serif": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"DejaVu Serif\"\n]"}, "description": "System-wide default serif font(s). Multiple fonts may be listed\nin case multiple languages must be supported.\n", "loc": ["fonts", "fontconfig", "defaultFonts", "serif"], "readOnly": false, "type": "list of string"}, "fonts.fontconfig.enable": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, a Fontconfig configuration file will be built\npointing to a set of default fonts.  If you don't care about\nrunning X11 applications or any other program that uses\nFontconfig, you can turn this option off and prevent a\ndependency on all those fonts.\n", "loc": ["fonts", "fontconfig", "enable"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.hinting.autohint": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the autohinter in place of the default interpreter.\nThe results are usually lower quality than correctly-hinted\nfonts, but better than unhinted fonts.\n", "loc": ["fonts", "fontconfig", "hinting", "autohint"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.hinting.enable": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable font hinting. Hinting aligns glyphs to pixel boundaries to\nimprove rendering sharpness at low resolution. At high resolution\n(> 200 dpi) hinting will do nothing (at best); users of such\ndisplays may want to disable this option.\n", "loc": ["fonts", "fontconfig", "hinting", "enable"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.hinting.style": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "\"slight\""}, "description": "Hintstyle is the amount of font reshaping done to line up\nto the grid.\n\nslight will make the font more fuzzy to line up to the grid but\nwill be better in retaining font shape, while full will be a\ncrisp font that aligns well to the pixel grid but will lose a\ngreater amount of font shape.\n", "loc": ["fonts", "fontconfig", "hinting", "style"], "readOnly": false, "type": "one of \"none\", \"slight\", \"medium\", \"full\""}, "fonts.fontconfig.includeUserConf": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Include the user configuration from\n{file}`~/.config/fontconfig/fonts.conf` or\n{file}`~/.config/fontconfig/conf.d`.\n", "loc": ["fonts", "fontconfig", "includeUserConf"], "readOnly": false, "type": "boolean"}, "fonts.fontconfig.localConf": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "System-wide customization file contents, has higher priority than\n`defaultFonts` settings.\n", "loc": ["fonts", "fontconfig", "localConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "fonts.fontconfig.subpixel.lcdfilter": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering\nhas no visible effect; users of such displays may want to select\n`none`.\n", "loc": ["fonts", "fontconfig", "subpixel", "lcdfilter"], "readOnly": false, "type": "one of \"none\", \"default\", \"light\", \"legacy\""}, "fonts.fontconfig.subpixel.rgba": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Subpixel order. The overwhelming majority of displays are\n`rgb` in their normal orientation. Select\n`vrgb` for mounting such a display 90 degrees\nclockwise from its normal orientation or `vbgr`\nfor mounting 90 degrees counter-clockwise. Select\n`bgr` in the unlikely event of mounting 180\ndegrees from the normal orientation. Reverse these directions in\nthe improbable event that the display's native subpixel order is\n`bgr`.\n", "loc": ["fonts", "fontconfig", "subpixel", "rgba"], "readOnly": false, "type": "one of \"rgb\", \"bgr\", \"vrgb\", \"vbgr\", \"none\""}, "fonts.fontconfig.useEmbeddedBitmaps": {"declarations": ["nixos/modules/config/fonts/fontconfig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use embedded bitmaps in fonts like Calibri.", "loc": ["fonts", "fontconfig", "useEmbeddedBitmaps"], "readOnly": false, "type": "boolean"}, "fonts.packages": {"declarations": ["nixos/modules/config/fonts/packages.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of primary font packages.", "example": {"_type": "literalExpression", "text": "[ pkgs.dejavu_fonts ]"}, "loc": ["fonts", "packages"], "readOnly": false, "type": "list of absolute path"}, "gtk.iconCache.enable": {"declarations": ["nixos/modules/config/gtk/gtk-icon-cache.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.enable"}, "description": "Whether to build icon theme caches for GTK applications.\n", "loc": ["gtk", "iconCache", "enable"], "readOnly": false, "type": "boolean"}, "hardware.acpilight.enable": {"declarations": ["nixos/modules/hardware/acpilight.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable acpilight.\nThis will allow brightness control via xbacklight from users in the video group\n", "loc": ["hardware", "acpilight", "enable"], "readOnly": false, "type": "boolean"}, "hardware.alsa.cardAliases": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Assign custom names and reorder the sound cards.\n\n::: {.note}\nYou can find the card ids by looking at `/proc/asound/cards`.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  soundchip = { driver = \"snd_intel_hda\"; id = 0; };\n  videocard = { driver = \"snd_intel_hda\"; id = 1; };\n  usb       = { driver = \"snd_usb_audio\"; id = 2; };\n}\n"}, "loc": ["hardware", "alsa", "cardAliases"], "readOnly": false, "type": "attribute set of (submodule)"}, "hardware.alsa.cardAliases.<name>.driver": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "description": "Name of the kernel module that provides the card.\n", "loc": ["hardware", "alsa", "cardAliases", "<name>", "driver"], "readOnly": false, "type": "string"}, "hardware.alsa.cardAliases.<name>.id": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "The ID of the sound card\n", "loc": ["hardware", "alsa", "cardAliases", "<name>", "id"], "readOnly": false, "type": "signed integer"}, "hardware.alsa.config": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The content of the system-wide ALSA configuration (/etc/asound.conf).\n\nDocumentation of the configuration language and examples can be found\nin the unofficial ALSA wiki: <https://alsa.opensrc.org/Asoundrc>\n", "example": {"_type": "literalExpression", "text": "# Send audio to a remote host via SSH\npcm.remote {\n  @args [ HOSTNAME ]\n  @args.HOSTNAME { type string }\n  type file\n  format raw\n  slave.pcm pcm.null\n  file {\n    @func concat\n    strings [\n      \"| ${lib.getExec pkgs.openssh} -C \"\n      $HOSTNAME\n      \" aplay -f %f -c %c -r %r -\"\n    ]\n  }\n}\n"}, "loc": ["hardware", "alsa", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "hardware.alsa.controls": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Virtual volume controls (softvols) to add to a sound card.\nThese can be used to control the volume of specific applications\nor a digital output device (HDMI video card).\n", "example": {"_type": "literalExpression", "text": "{\n  firefox = { device = \"front\"; maxVolume = -25.0; };\n  mpv     = { device = \"front\"; maxVolume = -25.0; };\n  # and run programs with `env ALSA_AUDIO_OUT=<name>`\n}\n"}, "loc": ["hardware", "alsa", "controls"], "readOnly": false, "type": "attribute set of (submodule)"}, "hardware.alsa.controls.<name>.card": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "Name of the PCM card to control (slave).\n", "loc": ["hardware", "alsa", "controls", "<name>", "card"], "readOnly": false, "type": "string"}, "hardware.alsa.controls.<name>.device": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "Name of the PCM device to control (slave).\n", "loc": ["hardware", "alsa", "controls", "<name>", "device"], "readOnly": false, "type": "string"}, "hardware.alsa.controls.<name>.maxVolume": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "0.0"}, "description": "The maximum volume in dB.\n", "loc": ["hardware", "alsa", "controls", "<name>", "maxVolume"], "readOnly": false, "type": "floating point number"}, "hardware.alsa.controls.<name>.name": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the control, as it appears in `alsamixer`.\nIf null it will be the same as the softvol device name.\n", "loc": ["hardware", "alsa", "controls", "<name>", "name"], "readOnly": false, "type": "null or string"}, "hardware.alsa.defaultDevice.capture": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The default capture device (i.e. microphone).\nLeave empty to let ALSA pick the default automatically.\n\n::: {.note}\nThe device can be changed at runtime by setting the ALSA_AUDIO_IN\nenvironment variables (but only before starting a program).\n:::\n", "example": {"_type": "literalExpression", "text": "\"dsnoop:CARD=0,DEV=2\""}, "loc": ["hardware", "alsa", "defaultDevice", "capture"], "readOnly": false, "type": "string"}, "hardware.alsa.defaultDevice.playback": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The default playback device.\nLeave empty to let ALSA pick the default automatically.\n\n::: {.note}\nThe device can be changed at runtime by setting the ALSA_AUDIO_OUT\nenvironment variables (but only before starting a program).\n:::\n", "example": {"_type": "literalExpression", "text": "\"dmix:CARD=1,DEV=0\""}, "loc": ["hardware", "alsa", "defaultDevice", "playback"], "readOnly": false, "type": "string"}, "hardware.alsa.deviceAliases": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Assign custom names to sound cards.\n", "example": {"_type": "literalExpression", "text": "{\n  hdmi1 = \"hw:CARD=videocard,DEV=5\";\n  hdmi2 = \"hw:CARD=videocard,DEV=6\";\n}\n"}, "loc": ["hardware", "alsa", "deviceAliases"], "readOnly": false, "type": "attribute set of string"}, "hardware.alsa.enable": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set up the user space part of the Advanced Linux Sound Architecture (ALSA)\n\n::: {.warning}\nEnable this option only if you want to use ALSA as your main sound system,\nnot if you're using a sound server (e.g. PulseAudio or Pipewire).\n:::\n", "loc": ["hardware", "alsa", "enable"], "readOnly": false, "type": "boolean"}, "hardware.alsa.enableBluetooth": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bluetooth audio support via BlueALSA.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "alsa", "enableBluetooth"], "readOnly": false, "type": "boolean"}, "hardware.alsa.enableOSSEmulation": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OSS emulation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "alsa", "enableOSSEmulation"], "readOnly": false, "type": "boolean"}, "hardware.alsa.enablePersistence": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.alsa.enable"}, "description": "Whether to enable ALSA sound card state saving on shutdown.\nThis is generally not necessary if you're using an external sound server.\n", "loc": ["hardware", "alsa", "enablePersistence"], "readOnly": false, "type": "boolean"}, "hardware.alsa.enableRecorder": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set up a loopback device that continuously records and\nallows to play back audio from the computer.\n\nThe loopback device is named `pcm.recorder`, audio can be saved\nby capturing from this device as with any microphone.\n\n::: {.note}\nBy default the output is duplicated to the recorder assuming stereo\naudio, for a more complex layout you have to override the pcm.splitter\ndevice using `hardware.alsa.config`.\nSee the generated /etc/asound.conf for its definition.\n:::\n", "loc": ["hardware", "alsa", "enableRecorder"], "readOnly": false, "type": "boolean"}, "hardware.alsa.plugins": {"declarations": ["nixos/modules/services/audio/alsa.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of ALSA plugins to be added to the search path.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.bluez-alsa ]"}, "loc": ["hardware", "alsa", "plugins"], "readOnly": false, "type": "list of package"}, "hardware.amdgpu.initrd.enable": {"declarations": ["nixos/modules/services/hardware/amdgpu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable loading `amdgpu` kernelModule in stage 1.\nCan fix lower resolution in boot screen during initramfs phase\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "amdgpu", "initrd", "enable"], "readOnly": false, "type": "boolean"}, "hardware.amdgpu.legacySupport.enable": {"declarations": ["nixos/modules/services/hardware/amdgpu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable using `amdgpu` kernel driver instead of `radeon` for Southern Islands\n(Radeon HD 7000) series and Sea Islands (Radeon HD 8000)\nseries cards. Note: this removes support for analog video outputs,\nwhich is only available in the `radeon` driver\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "amdgpu", "legacySupport", "enable"], "readOnly": false, "type": "boolean"}, "hardware.amdgpu.opencl.enable": {"declarations": ["nixos/modules/services/hardware/amdgpu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenCL support using ROCM runtime library.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "amdgpu", "opencl", "enable"], "readOnly": false, "type": "boolean"}, "hardware.amdgpu.overdrive.enable": {"declarations": ["nixos/modules/services/hardware/amdgpu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable `amdgpu` overdrive mode for overclocking.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "amdgpu", "overdrive", "enable"], "readOnly": false, "type": "boolean"}, "hardware.amdgpu.overdrive.ppfeaturemask": {"declarations": ["nixos/modules/services/hardware/amdgpu.nix"], "default": {"_type": "literalExpression", "text": "\"0xfffd7fff\""}, "description": "Sets the `amdgpu.ppfeaturemask` kernel option. It can be used to enable the overdrive bit.\nDefault is `0xfffd7fff` as it is less likely to cause flicker issues. Setting it to\n`0xffffffff` enables all features, but also can be unstable. See\n[the kernel documentation](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/amd/include/amd_shared.h#n169)\nfor more information.\n", "example": {"_type": "literalExpression", "text": "\"0xffffffff\""}, "loc": ["hardware", "amdgpu", "overdrive", "ppfeaturemask"], "readOnly": false, "type": "string"}, "hardware.apple.touchBar.enable": {"declarations": ["nixos/modules/hardware/apple-touchbar.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for the Touch Bar on some Apple laptops using tiny-dfr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "apple", "touchBar", "enable"], "readOnly": false, "type": "boolean"}, "hardware.apple.touchBar.package": {"declarations": ["nixos/modules/hardware/apple-touchbar.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tiny-dfr"}, "description": "The tiny-dfr package to use.", "loc": ["hardware", "apple", "touchBar", "package"], "readOnly": false, "type": "package"}, "hardware.apple.touchBar.settings": {"declarations": ["nixos/modules/hardware/apple-touchbar.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for tiny-dfr. See [example configuration][1] for available options.\n\n[1]: https://github.com/WhatAmISupposedToPutHere/tiny-dfr/blob/master/share/tiny-dfr/config.toml\n", "example": {"_type": "literalExpression", "text": "{\n  MediaLayerDefault = true;\n  ShowButtonOutlines = false;\n  EnablePixelShift = true;\n}\n"}, "loc": ["hardware", "apple", "touchBar", "settings"], "readOnly": false, "type": "TOML value"}, "hardware.bladeRF.enable": {"declarations": ["nixos/modules/hardware/bladeRF.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables udev rules for BladeRF devices. By default grants access\nto users in the \"bladerf\" group. You may want to install the\nlibbladeRF package.\n", "loc": ["hardware", "bladeRF", "enable"], "readOnly": false, "type": "boolean"}, "hardware.block.defaultScheduler": {"declarations": ["nixos/modules/hardware/iosched.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default block I/O scheduler.\n\nUnless `null`, the value is assigned through a udev rule matching all\nblock devices.\n", "example": {"_type": "literalExpression", "text": "\"kyber\""}, "loc": ["hardware", "block", "defaultScheduler"], "readOnly": false, "type": "null or udev rule value"}, "hardware.block.defaultSchedulerExclude": {"declarations": ["nixos/modules/hardware/iosched.nix"], "default": {"_type": "literalExpression", "text": "\"loop[0-9]*\""}, "description": "Device name pattern to exclude from default scheduler assignment\nthrough {option}`config.hardware.block.defaultScheduler` and\n{option}`config.hardware.block.defaultSchedulerRotational`.\n\nBy default this excludes loop devices which generally do not benefit\nfrom extra I/O scheduling in addition to the scheduling already\nperformed for their backing devices.\n\nThis setting does not affect {option}`config.hardware.block.scheduler`.\n", "loc": ["hardware", "block", "defaultSchedulerExclude"], "readOnly": false, "type": "null or udev rule value"}, "hardware.block.defaultSchedulerRotational": {"declarations": ["nixos/modules/hardware/iosched.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default block I/O scheduler for rotational drives (e.g. hard disks).\n\nUnless `null`, the value is assigned through a udev rule matching all\nrotational block devices.\n\nThis option takes precedence over\n{option}`config.hardware.block.defaultScheduler`.\n", "example": {"_type": "literalExpression", "text": "\"bfq\""}, "loc": ["hardware", "block", "defaultSchedulerRotational"], "readOnly": false, "type": "null or udev rule value"}, "hardware.block.scheduler": {"declarations": ["nixos/modules/hardware/iosched.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Assign block I/O scheduler by device name pattern.\n\nNames are matched using the {manpage}`udev(7)` pattern syntax:\n\n`*`\n:  Matches zero or more characters.\n\n`?`\n:  Matches any single character.\n\n`[]`\n:  Matches any single character specified in the brackets. Ranges are\n   supported via the `-` character.\n\n`|`\n:  Separates alternative patterns.\n\n\nPlease note that overlapping patterns may produce unexpected results.\nMore complex configurations requiring these should instead be specified\ndirectly through custom udev rules, for example via\n[{option}`config.services.udev.extraRules`](#opt-services.udev.extraRules),\nto ensure correct ordering.\n\nAvailable schedulers depend on the kernel configuration but modern\nLinux systems typically support:\n\n`none`\n:  No\u2010operation scheduler with no re\u2010ordering of requests. Suitable\n   for devices with fast random I/O such as NVMe SSDs.\n\n[`mq-deadline`](https://www.kernel.org/doc/html/latest/block/deadline-iosched.html)\n:  Simple latency\u2010oriented general\u2010purpose scheduler.\n\n[`kyber`](https://www.kernel.org/doc/html/latest/block/kyber-iosched.html)\n:  Simple latency\u2010oriented scheduler for fast multi\u2010queue devices\n   like NVMe SSDs.\n\n[`bfq`](https://www.kernel.org/doc/html/latest/block/bfq-iosched.html)\n:  Complex fairness\u2010oriented scheduler. Higher processing overhead,\n   but good interactive response, especially with slower devices.\n\n\nSchedulers assigned through this option take precedence over\n{option}`config.hardware.block.defaultScheduler` and\n{option}`config.hardware.block.defaultSchedulerRotational` but may be\noverridden by other udev rules.\n", "example": {"_type": "literalExpression", "text": "{\n  \"mmcblk[0-9]*\" = \"bfq\";\n  \"nvme[0-9]*\" = \"kyber\";\n}"}, "loc": ["hardware", "block", "scheduler"], "readOnly": false, "type": "attribute set of udev rule value"}, "hardware.bluetooth.disabledPlugins": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Built-in plugins to disable", "loc": ["hardware", "bluetooth", "disabledPlugins"], "readOnly": false, "type": "list of string"}, "hardware.bluetooth.enable": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Bluetooth.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "bluetooth", "enable"], "readOnly": false, "type": "boolean"}, "hardware.bluetooth.hsphfpd.enable": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for hsphfpd[-prototype] implementation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "bluetooth", "hsphfpd", "enable"], "readOnly": false, "type": "boolean"}, "hardware.bluetooth.input": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set configuration for the input service (/etc/bluetooth/input.conf).\nSee <https://github.com/bluez/bluez/blob/master/profiles/input/input.conf> for full list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  General = {\n    ClassicBondedOnly = true;\n    IdleTimeout = 30;\n  };\n}"}, "loc": ["hardware", "bluetooth", "input"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "hardware.bluetooth.network": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set configuration for the network service (/etc/bluetooth/network.conf).\nSee <https://github.com/bluez/bluez/blob/master/profiles/network/network.conf> for full list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  General = {\n    DisableSecurity = true;\n  };\n}"}, "loc": ["hardware", "bluetooth", "network"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "hardware.bluetooth.package": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bluez"}, "description": "The bluez package to use.", "loc": ["hardware", "bluetooth", "package"], "readOnly": false, "type": "package"}, "hardware.bluetooth.powerOnBoot": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to power up the default Bluetooth controller on boot.", "loc": ["hardware", "bluetooth", "powerOnBoot"], "readOnly": false, "type": "boolean"}, "hardware.bluetooth.settings": {"declarations": ["nixos/modules/services/hardware/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf).\nSee <https://github.com/bluez/bluez/blob/master/src/main.conf> for full list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  General = {\n    ControllerMode = \"bredr\";\n  };\n}"}, "loc": ["hardware", "bluetooth", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "hardware.brillo.enable": {"declarations": ["nixos/modules/hardware/brillo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable brillo in userspace.\nThis will allow brightness control from users in the video group\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "brillo", "enable"], "readOnly": false, "type": "boolean"}, "hardware.bumblebee.connectDisplay": {"declarations": ["nixos/modules/hardware/video/bumblebee.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to true if you intend to connect your discrete card to a\nmonitor. This option will set up your Nvidia card for EDID\ndiscovery and to turn on the monitor signal.\n\nOnly nvidia driver is supported so far.\n", "loc": ["hardware", "bumblebee", "connectDisplay"], "readOnly": false, "type": "boolean"}, "hardware.bumblebee.driver": {"declarations": ["nixos/modules/hardware/video/bumblebee.nix"], "default": {"_type": "literalExpression", "text": "\"nvidia\""}, "description": "Set driver used by bumblebeed. Supported are nouveau and nvidia.\n", "loc": ["hardware", "bumblebee", "driver"], "readOnly": false, "type": "one of \"nvidia\", \"nouveau\""}, "hardware.bumblebee.enable": {"declarations": ["nixos/modules/hardware/video/bumblebee.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the bumblebee daemon to manage Optimus hybrid video cards.\nThis should power off secondary GPU until its use is requested\nby running an application with optirun.\n", "loc": ["hardware", "bumblebee", "enable"], "readOnly": false, "type": "boolean"}, "hardware.bumblebee.group": {"declarations": ["nixos/modules/hardware/video/bumblebee.nix"], "default": {"_type": "literalExpression", "text": "\"wheel\""}, "description": "Group for bumblebee socket", "example": {"_type": "literalExpression", "text": "\"video\""}, "loc": ["hardware", "bumblebee", "group"], "readOnly": false, "type": "string"}, "hardware.bumblebee.pmMethod": {"declarations": ["nixos/modules/hardware/video/bumblebee.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Set preferred power management method for unused card.\n", "loc": ["hardware", "bumblebee", "pmMethod"], "readOnly": false, "type": "one of \"auto\", \"bbswitch\", \"switcheroo\", \"none\""}, "hardware.ckb-next.enable": {"declarations": ["nixos/modules/hardware/ckb-next.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Corsair keyboard/mouse driver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "ckb-next", "enable"], "readOnly": false, "type": "boolean"}, "hardware.ckb-next.gid": {"declarations": ["nixos/modules/hardware/ckb-next.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Limit access to the ckb daemon to a particular group.\n", "example": {"_type": "literalExpression", "text": "100"}, "loc": ["hardware", "ckb-next", "gid"], "readOnly": false, "type": "null or signed integer"}, "hardware.ckb-next.package": {"declarations": ["nixos/modules/hardware/ckb-next.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ckb-next"}, "description": "The ckb-next package to use.", "loc": ["hardware", "ckb-next", "package"], "readOnly": false, "type": "package"}, "hardware.coral.pcie.enable": {"declarations": ["nixos/modules/hardware/coral.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Coral PCIe support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "coral", "pcie", "enable"], "readOnly": false, "type": "boolean"}, "hardware.coral.usb.enable": {"declarations": ["nixos/modules/hardware/coral.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Coral USB support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "coral", "usb", "enable"], "readOnly": false, "type": "boolean"}, "hardware.cpu.amd.microcodePackage": {"declarations": ["nixos/modules/hardware/cpu/amd-microcode.nix"], "default": {"_type": "literalExpression", "text": "pkgs.microcode-amd"}, "description": "The microcode-amd package to use.", "loc": ["hardware", "cpu", "amd", "microcodePackage"], "readOnly": false, "type": "package"}, "hardware.cpu.amd.ryzen-smu.enable": {"declarations": ["nixos/modules/hardware/cpu/amd-ryzen-smu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors.\n\nWARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer's warranty\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "cpu", "amd", "ryzen-smu", "enable"], "readOnly": false, "type": "boolean"}, "hardware.cpu.amd.sev.enable": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable access to the AMD SEV device.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "cpu", "amd", "sev", "enable"], "readOnly": false, "type": "boolean"}, "hardware.cpu.amd.sev.group": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "\"sev\""}, "description": "Group to assign to the SEV device.", "loc": ["hardware", "cpu", "amd", "sev", "group"], "readOnly": false, "type": "string"}, "hardware.cpu.amd.sev.mode": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "\"0660\""}, "description": "Mode to set for the SEV device.", "loc": ["hardware", "cpu", "amd", "sev", "mode"], "readOnly": false, "type": "string"}, "hardware.cpu.amd.sev.user": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Owner to assign to the SEV device.", "loc": ["hardware", "cpu", "amd", "sev", "user"], "readOnly": false, "type": "string"}, "hardware.cpu.amd.sevGuest.enable": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable access to the AMD SEV guest device.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "cpu", "amd", "sevGuest", "enable"], "readOnly": false, "type": "boolean"}, "hardware.cpu.amd.sevGuest.group": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "\"sev-guest\""}, "description": "Group to assign to the SEV guest device.", "loc": ["hardware", "cpu", "amd", "sevGuest", "group"], "readOnly": false, "type": "string"}, "hardware.cpu.amd.sevGuest.mode": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "\"0660\""}, "description": "Mode to set for the SEV guest device.", "loc": ["hardware", "cpu", "amd", "sevGuest", "mode"], "readOnly": false, "type": "string"}, "hardware.cpu.amd.sevGuest.user": {"declarations": ["nixos/modules/hardware/cpu/amd-sev.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Owner to assign to the SEV guest device.", "loc": ["hardware", "cpu", "amd", "sevGuest", "user"], "readOnly": false, "type": "string"}, "hardware.cpu.amd.updateMicrocode": {"declarations": ["nixos/modules/hardware/cpu/amd-microcode.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Update the CPU microcode for AMD processors.\n", "loc": ["hardware", "cpu", "amd", "updateMicrocode"], "readOnly": false, "type": "boolean"}, "hardware.cpu.intel.microcodePackage": {"declarations": ["nixos/modules/hardware/cpu/intel-microcode.nix"], "default": {"_type": "literalExpression", "text": "pkgs.microcode-intel"}, "description": "The microcode-intel package to use.", "loc": ["hardware", "cpu", "intel", "microcodePackage"], "readOnly": false, "type": "package"}, "hardware.cpu.intel.sgx.enableDcapCompat": {"declarations": ["nixos/modules/hardware/cpu/intel-sgx.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable backward compatibility for SGX software build for the\nout-of-tree Intel SGX DCAP driver.\n\nCreates symbolic links for the SGX devices `/dev/sgx_enclave`\nand `/dev/sgx_provision` to make them available as\n`/dev/sgx/enclave`  and `/dev/sgx/provision`,\nrespectively.\n", "loc": ["hardware", "cpu", "intel", "sgx", "enableDcapCompat"], "readOnly": false, "type": "boolean"}, "hardware.cpu.intel.sgx.provision.enable": {"declarations": ["nixos/modules/hardware/cpu/intel-sgx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable access to the Intel SGX provisioning device.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "cpu", "intel", "sgx", "provision", "enable"], "readOnly": false, "type": "boolean"}, "hardware.cpu.intel.sgx.provision.group": {"declarations": ["nixos/modules/hardware/cpu/intel-sgx.nix"], "default": {"_type": "literalExpression", "text": "\"sgx_prv\""}, "description": "Group to assign to the SGX provisioning device.", "loc": ["hardware", "cpu", "intel", "sgx", "provision", "group"], "readOnly": false, "type": "string"}, "hardware.cpu.intel.sgx.provision.mode": {"declarations": ["nixos/modules/hardware/cpu/intel-sgx.nix"], "default": {"_type": "literalExpression", "text": "\"0660\""}, "description": "Mode to set for the SGX provisioning device.", "loc": ["hardware", "cpu", "intel", "sgx", "provision", "mode"], "readOnly": false, "type": "string"}, "hardware.cpu.intel.sgx.provision.user": {"declarations": ["nixos/modules/hardware/cpu/intel-sgx.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Owner to assign to the SGX provisioning device.", "loc": ["hardware", "cpu", "intel", "sgx", "provision", "user"], "readOnly": false, "type": "string"}, "hardware.cpu.intel.updateMicrocode": {"declarations": ["nixos/modules/hardware/cpu/intel-microcode.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Update the CPU microcode for Intel processors.\n", "loc": ["hardware", "cpu", "intel", "updateMicrocode"], "readOnly": false, "type": "boolean"}, "hardware.cpu.x86.msr.enable": {"declarations": ["nixos/modules/hardware/cpu/x86-msr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the `msr` (Model-Specific Registers) kernel module and configure `udev` rules for its devices (usually `/dev/cpu/*/msr`).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "cpu", "x86", "msr", "enable"], "readOnly": false, "type": "boolean"}, "hardware.cpu.x86.msr.group": {"declarations": ["nixos/modules/hardware/cpu/x86-msr.nix"], "default": {"_type": "literalExpression", "text": "\"msr\""}, "description": "Group to set for devices of the `msr` kernel subsystem.", "example": {"_type": "literalExpression", "text": "\"nobody\""}, "loc": ["hardware", "cpu", "x86", "msr", "group"], "readOnly": false, "type": "string"}, "hardware.cpu.x86.msr.mode": {"declarations": ["nixos/modules/hardware/cpu/x86-msr.nix"], "default": {"_type": "literalExpression", "text": "\"0640\""}, "description": "Mode to set for devices of the `msr` kernel subsystem.", "example": {"_type": "literalExpression", "text": "\"0660\""}, "loc": ["hardware", "cpu", "x86", "msr", "mode"], "readOnly": false, "type": "string"}, "hardware.cpu.x86.msr.owner": {"declarations": ["nixos/modules/hardware/cpu/x86-msr.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Owner to set for devices of the `msr` kernel subsystem.", "example": {"_type": "literalExpression", "text": "\"nobody\""}, "loc": ["hardware", "cpu", "x86", "msr", "owner"], "readOnly": false, "type": "string"}, "hardware.cpu.x86.msr.settings": {"declarations": ["nixos/modules/hardware/cpu/x86-msr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameters for the `msr` kernel module.", "loc": ["hardware", "cpu", "x86", "msr", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string)"}, "hardware.cpu.x86.msr.settings.allow-writes": {"declarations": ["nixos/modules/hardware/cpu/x86-msr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to allow writes to MSRs (`\"on\"`) or not (`\"off\"`).", "loc": ["hardware", "cpu", "x86", "msr", "settings", "allow-writes"], "readOnly": false, "type": "null or one of \"on\", \"off\""}, "hardware.decklink.enable": {"declarations": ["nixos/modules/hardware/decklink.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hardware support for the Blackmagic Design Decklink audio/video interfaces.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "decklink", "enable"], "readOnly": false, "type": "boolean"}, "hardware.deviceTree.dtbSource": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "${cfg.kernelPackage}/dtbs"}, "description": "Path to dtb directory that overlays and other processing will be applied to. Uses\ndevice trees bundled with the Linux kernel by default.\n", "loc": ["hardware", "deviceTree", "dtbSource"], "readOnly": false, "type": "absolute path"}, "hardware.deviceTree.dtboBuildExtraIncludePaths": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo\n", "example": {"_type": "literalExpression", "text": "[\n  ./my_custom_include_dir_1\n  ./custom_include_dir_2\n]\n"}, "loc": ["hardware", "deviceTree", "dtboBuildExtraIncludePaths"], "readOnly": false, "type": "list of absolute path"}, "hardware.deviceTree.dtboBuildExtraPreprocessorFlags": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional flags to pass to the preprocessor during dtbo compilations\n", "example": {"_type": "literalExpression", "text": "[ \"-DMY_DTB_DEFINE\" ]"}, "loc": ["hardware", "deviceTree", "dtboBuildExtraPreprocessorFlags"], "readOnly": false, "type": "list of string"}, "hardware.deviceTree.enable": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Build device tree files. These are used to describe the\nnon-discoverable hardware of a system.\n", "loc": ["hardware", "deviceTree", "enable"], "readOnly": false, "type": "boolean"}, "hardware.deviceTree.filter": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only include .dtb files matching glob expression.\n", "example": {"_type": "literalExpression", "text": "\"*rpi*.dtb\""}, "loc": ["hardware", "deviceTree", "filter"], "readOnly": false, "type": "null or string"}, "hardware.deviceTree.kernelPackage": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "config.boot.kernelPackages.kernel"}, "description": "Kernel package where device tree include directory is from. Also used as default source of dtb package to apply overlays to\n", "example": {"_type": "literalExpression", "text": "pkgs.linux_latest"}, "loc": ["hardware", "deviceTree", "kernelPackage"], "readOnly": false, "type": "absolute path"}, "hardware.deviceTree.name": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of an explicit dtb to be loaded, relative to the dtb base.\nUseful in extlinux scenarios if the bootloader doesn't pick the\nright .dtb file from FDTDIR.\n", "example": {"_type": "literalExpression", "text": "\"some-dtb.dtb\""}, "loc": ["hardware", "deviceTree", "name"], "readOnly": false, "type": "null or string"}, "hardware.deviceTree.overlays": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of overlays to apply to base device-tree (.dtb) files.\n", "example": {"_type": "literalExpression", "text": "[\n  { name = \"pps\"; dtsFile = ./dts/pps.dts; }\n  { name = \"spi\";\n    dtsText = \"...\";\n  }\n  { name = \"precompiled\"; dtboFile = ./dtbos/example.dtbo; }\n]\n"}, "loc": ["hardware", "deviceTree", "overlays"], "readOnly": false, "type": "list of ((submodule) or absolute path convertible to it)"}, "hardware.deviceTree.overlays.*.dtboFile": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to .dtbo compiled overlay file.\n", "loc": ["hardware", "deviceTree", "overlays", "*", "dtboFile"], "readOnly": false, "type": "null or absolute path"}, "hardware.deviceTree.overlays.*.dtsFile": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to .dts overlay file, overlay is applied to\neach .dtb file matching \"compatible\" of the overlay.\n", "example": {"_type": "literalExpression", "text": "./dts/overlays.dts"}, "loc": ["hardware", "deviceTree", "overlays", "*", "dtsFile"], "readOnly": false, "type": "null or absolute path"}, "hardware.deviceTree.overlays.*.dtsText": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Literal DTS contents, overlay is applied to\neach .dtb file matching \"compatible\" of the overlay.\n", "example": {"_type": "literalExpression", "text": "''\n  /dts-v1/;\n  /plugin/;\n  / {\n          compatible = \"raspberrypi\";\n  };\n  &{/soc} {\n          pps {\n                  compatible = \"pps-gpio\";\n                  status = \"okay\";\n          };\n  };\n''"}, "loc": ["hardware", "deviceTree", "overlays", "*", "dtsText"], "readOnly": false, "type": "null or string"}, "hardware.deviceTree.overlays.*.filter": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only apply to .dtb files matching glob expression.\n", "example": {"_type": "literalExpression", "text": "\"*rpi*.dtb\""}, "loc": ["hardware", "deviceTree", "overlays", "*", "filter"], "readOnly": false, "type": "null or string"}, "hardware.deviceTree.overlays.*.name": {"declarations": ["nixos/modules/hardware/device-tree.nix"], "description": "Name of this overlay\n", "loc": ["hardware", "deviceTree", "overlays", "*", "name"], "readOnly": false, "type": "string"}, "hardware.digitalbitbox.enable": {"declarations": ["nixos/modules/hardware/digitalbitbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables udev rules for Digital Bitbox devices.\n", "loc": ["hardware", "digitalbitbox", "enable"], "readOnly": false, "type": "boolean"}, "hardware.digitalbitbox.package": {"declarations": ["nixos/modules/hardware/digitalbitbox.nix"], "default": {"_type": "literalExpression", "text": "pkgs.digitalbitbox"}, "description": "The digitalbitbox package to use. This can be used to install a package with udev rules that differ from the defaults.\n", "loc": ["hardware", "digitalbitbox", "package"], "readOnly": false, "type": "package"}, "hardware.display.edid.enable": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.display.edid.packages != null"}, "description": "Enables handling of EDID files\n", "loc": ["hardware", "display", "edid", "enable"], "readOnly": false, "type": "boolean"}, "hardware.display.edid.linuxhw": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Exposes EDID files from users-sourced database at <https://github.com/linuxhw/EDID>\n\nAttribute names will be mapped to EDID filenames `<NAME>.bin`.\n\nAttribute values are lists of `awk` regexp patterns that (together) must match\nexactly one line in either of:\n- [AnalogDisplay.md](https://raw.githubusercontent.com/linuxhw/EDID/master/AnalogDisplay.md)\n- [DigitalDisplay.md](https://raw.githubusercontent.com/linuxhw/EDID/master/DigitalDisplay.md)\n\nThere is no universal way of locating your device config, but here are some practical tips:\n1. locate your device:\n  - find your model number (second column)\n  - locate manufacturer (first column) and go through the list manually\n2. narrow down results using other columns until there is only one left:\n  - `Name` column\n  - production date (`Made` column)\n  - resolution `Res`\n  - screen diagonal (`Inch` column)\n  - as a last resort use `ID` from the last column\n", "example": {"_type": "literalExpression", "text": "{\n  PG278Q_2014 = [ \"PG278Q\" \"2014\" ];\n}\n"}, "loc": ["hardware", "display", "edid", "linuxhw"], "readOnly": false, "type": "attribute set of list of string"}, "hardware.display.edid.modelines": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of XFree86 Modelines automatically converted\nand exposed as `edid/<name>.bin` files in initrd.\nSee for more information:\n- <https://en.wikipedia.org/wiki/XFree86_Modeline>\n", "example": {"_type": "literalExpression", "text": "{\n  \"PG278Q_60\" = \"    241.50   2560 2608 2640 2720   1440 1443 1448 1481   -hsync +vsync\";\n  \"PG278Q_120\" = \"   497.75   2560 2608 2640 2720   1440 1443 1448 1525   +hsync -vsync\";\n  \"U2711_60\" = \"     241.50   2560 2600 2632 2720   1440 1443 1448 1481   -hsync +vsync\";\n}\n"}, "loc": ["hardware", "display", "edid", "modelines"], "readOnly": false, "type": "attribute set of string"}, "hardware.display.edid.packages": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages containing EDID binary files at `$out/lib/firmware/edid`.\nSuch files will be available for use in `drm.edid_firmware` kernel\nparameter as `edid/<filename>`.\n\nYou can craft one directly here or use sibling options `linuxhw` and `modelines`.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.runCommand \"edid-custom\" {} ''\n    mkdir -p \"$out/lib/firmware/edid\"\n    base64 -d > \"$out/lib/firmware/edid/custom1.bin\" <<'EOF'\n    <insert your base64 encoded EDID file here `base64 < /sys/class/drm/card0-.../edid`>\n    EOF\n  '')\n]\n"}, "loc": ["hardware", "display", "edid", "packages"], "readOnly": false, "type": "list of package"}, "hardware.display.outputs": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hardware/kernel-level configuration of specific outputs.\n", "example": {"_type": "literalExpression", "text": "{\n  edid.modelines.\"PG278Q_60\" = \"241.50   2560 2608 2640 2720   1440 1443 1448 1481   -hsync +vsync\";\n  outputs.\"DP-1\".edid = \"PG278Q_60.bin\";\n  outputs.\"DP-1\".mode = \"e\";\n}\n"}, "loc": ["hardware", "display", "outputs"], "readOnly": false, "type": "attribute set of (submodule)"}, "hardware.display.outputs.<name>.edid": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An EDID filename to be used for configured display, as in `edid/<filename>`.\nSee for more information:\n- `hardware.display.edid.packages`\n- <https://wiki.archlinux.org/title/Kernel_mode_setting#Forcing_modes_and_EDID>\n", "loc": ["hardware", "display", "outputs", "<name>", "edid"], "readOnly": false, "type": "null or string"}, "hardware.display.outputs.<name>.mode": {"declarations": ["nixos/modules/services/hardware/display.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A `video` kernel parameter (framebuffer mode) configuration for the specific output:\n\n    <xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]\n\nSee for more information:\n- <https://docs.kernel.org/fb/modedb.html>\n- <https://wiki.archlinux.org/title/Kernel_mode_setting#Forcing_modes>\n", "example": {"_type": "literalExpression", "text": "\"e\"\n"}, "loc": ["hardware", "display", "outputs", "<name>", "mode"], "readOnly": false, "type": "null or string"}, "hardware.enableAllFirmware": {"declarations": ["nixos/modules/hardware/all-firmware.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable all firmware, including [unfree packages that must be explictly allowed](https://nixos.org/manual/nixpkgs/unstable/#sec-allow-unfree).\n\nAlternatively, use the {option}`hardware.enableRedistributableFirmware` option.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "enableAllFirmware"], "readOnly": false, "type": "boolean"}, "hardware.enableAllHardware": {"declarations": ["nixos/modules/hardware/all-hardware.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable support for most hardware.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "enableAllHardware"], "readOnly": false, "type": "boolean"}, "hardware.enableRedistributableFirmware": {"declarations": ["nixos/modules/hardware/all-firmware.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.enableAllFirmware"}, "description": "Whether to enable firmware with a license allowing redistribution.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "enableRedistributableFirmware"], "readOnly": false, "type": "boolean"}, "hardware.facetimehd.enable": {"declarations": ["nixos/modules/hardware/video/webcam/facetimehd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the facetimehd kernel module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facetimehd", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facetimehd.withCalibration": {"declarations": ["nixos/modules/hardware/video/webcam/facetimehd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to include sensor calibration files for facetimehd.\nThis makes colors look much better but is experimental, see\n<https://github.com/patjak/facetimehd/wiki/Extracting-the-sensor-calibration-files>\nfor details.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facetimehd", "withCalibration"], "readOnly": false, "type": "boolean"}, "hardware.facter.debug.nix-diff": {"declarations": ["nixos/modules/hardware/facter/debug.nix"], "description": "A shell application which will produce a nix-diff of the system closure with and without facter enabled.\n", "loc": ["hardware", "facter", "debug", "nix-diff"], "readOnly": false, "type": "package"}, "hardware.facter.debug.nvd": {"declarations": ["nixos/modules/hardware/facter/debug.nix"], "description": "A shell application which will produce an nvd diff of the system closure with and without facter enabled.\n", "loc": ["hardware", "facter", "debug", "nvd"], "readOnly": false, "type": "package"}, "hardware.facter.detected.bluetooth.enable": {"declarations": ["nixos/modules/hardware/facter/bluetooth.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable Enable the Facter bluetooth module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "bluetooth", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.boot.disk.kernelModules": {"declarations": ["nixos/modules/hardware/facter/disk.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "List of kernel modules that are needed to access the disk.\n", "loc": ["hardware", "facter", "detected", "boot", "disk", "kernelModules"], "readOnly": false, "type": "list of string"}, "hardware.facter.detected.boot.graphics.kernelModules": {"declarations": ["nixos/modules/hardware/facter/graphics"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "List of kernel modules to load at boot for the graphics card.\n", "loc": ["hardware", "facter", "detected", "boot", "graphics", "kernelModules"], "readOnly": false, "type": "list of string"}, "hardware.facter.detected.boot.initrd.networking.kernelModules": {"declarations": ["nixos/modules/hardware/facter/networking/initrd.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "List of kernel modules to include in the initrd to support networking.\n", "loc": ["hardware", "facter", "detected", "boot", "initrd", "networking", "kernelModules"], "readOnly": false, "type": "list of string"}, "hardware.facter.detected.boot.keyboard.kernelModules": {"declarations": ["nixos/modules/hardware/facter/keyboard.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "List of kernel modules to include in the initrd to support the keyboard.\n", "example": {"_type": "literalExpression", "text": "[\n  \"usbhid\"\n]"}, "loc": ["hardware", "facter", "detected", "boot", "keyboard", "kernelModules"], "readOnly": false, "type": "list of string"}, "hardware.facter.detected.camera.ipu6.enable": {"declarations": ["nixos/modules/hardware/facter/camera/ipu6.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable webcams using ipu6 from Intel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "camera", "ipu6", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.dhcp.enable": {"declarations": ["nixos/modules/hardware/facter/networking"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable Facter dhcp module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "dhcp", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.dhcp.interfaces": {"declarations": ["nixos/modules/hardware/facter/networking"], "default": {"_type": "literalExpression", "text": "automatically detected from facter report"}, "description": "List of network interface names to configure with DHCP. Defaults to auto-detected physical interfaces.", "example": {"_type": "literalExpression", "text": "[\n  \"eth0\"\n  \"wlan0\"\n]"}, "loc": ["hardware", "facter", "detected", "dhcp", "interfaces"], "readOnly": false, "type": "list of string"}, "hardware.facter.detected.fingerprint.enable": {"declarations": ["nixos/modules/hardware/facter/fingerprint"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable Fingerprint devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "fingerprint", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.graphics.amd.enable": {"declarations": ["nixos/modules/hardware/facter/graphics/amd.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable Enable the AMD Graphics module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "graphics", "amd", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.graphics.enable": {"declarations": ["nixos/modules/hardware/facter/graphics"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable Enable the Graphics module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "graphics", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.networking.intel._2200BG.enable": {"declarations": ["nixos/modules/hardware/facter/networking/intel.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable the Facter Intel 2200BG module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "networking", "intel", "_2200BG", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.networking.intel._3945ABG.enable": {"declarations": ["nixos/modules/hardware/facter/networking/intel.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable the Facter Intel 3945ABG module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "networking", "intel", "_3945ABG", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.uefi.supported": {"declarations": ["nixos/modules/hardware/facter/boot.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable the facter uefi module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "uefi", "supported"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.virtualisation.hyperv.enable": {"declarations": ["nixos/modules/hardware/facter/virtualisation.nix"], "default": {"_type": "literalExpression", "text": "\"environment dependent\""}, "description": "Whether to enable Enable the Facter Virtualisation Hyper-V module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "virtualisation", "hyperv", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.virtualisation.none.enable": {"declarations": ["nixos/modules/hardware/facter/virtualisation.nix"], "default": {"_type": "literalExpression", "text": "\"environment dependent\""}, "description": "Whether to enable Enable the Facter Virtualisation None module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "virtualisation", "none", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.virtualisation.oracle.enable": {"declarations": ["nixos/modules/hardware/facter/virtualisation.nix"], "default": {"_type": "literalExpression", "text": "\"environment dependent\""}, "description": "Whether to enable Enable the Facter Virtualisation Oracle module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "virtualisation", "oracle", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.virtualisation.parallels.enable": {"declarations": ["nixos/modules/hardware/facter/virtualisation.nix"], "default": {"_type": "literalExpression", "text": "\"environment dependent\""}, "description": "Whether to enable Enable the Facter Virtualisation Parallels module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "virtualisation", "parallels", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.virtualisation.qemu.enable": {"declarations": ["nixos/modules/hardware/facter/virtualisation.nix"], "default": {"_type": "literalExpression", "text": "\"environment dependent\""}, "description": "Whether to enable Enable the Facter Virtualisation Qemu module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "virtualisation", "qemu", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.detected.virtualisation.virtio_scsi.enable": {"declarations": ["nixos/modules/hardware/facter/virtualisation.nix"], "default": {"_type": "literalExpression", "text": "\"hardware dependent\""}, "description": "Whether to enable Enable the Facter Virtualisation Virtio SCSI module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "facter", "detected", "virtualisation", "virtio_scsi", "enable"], "readOnly": false, "type": "boolean"}, "hardware.facter.report": {"declarations": ["nixos/modules/hardware/facter"], "default": {"_type": "literalExpression", "text": "\"A JSON import from config.hardware.facter.reportPath (if not null), {} otherwise.\""}, "description": "Hardware report data generated by nixos-facter.\n\nSee <https://nix-community.github.io/nixos-facter/> for more information.\n", "loc": ["hardware", "facter", "report"], "readOnly": false, "type": "attribute set of anything"}, "hardware.facter.reportPath": {"declarations": ["nixos/modules/hardware/facter"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a hardware report generated by nixos-facter.\n\nTo generate a report, run the following as root:\n```\nnix-shell -p nixos-facter --run nixos-facter > facter.json\n```\n\nSee <https://nix-community.github.io/nixos-facter/> for more information.\n", "loc": ["hardware", "facter", "reportPath"], "readOnly": false, "type": "null or absolute path"}, "hardware.fancontrol.config": {"declarations": ["nixos/modules/services/hardware/fancontrol.nix"], "description": "Required fancontrol configuration file content. See {manpage}`pwmconfig(8)` from the lm_sensors package.", "example": {"_type": "literalExpression", "text": "''\n  # Configuration file generated by pwmconfig\n  INTERVAL=10\n  DEVPATH=hwmon3=devices/virtual/thermal/thermal_zone2 hwmon4=devices/platform/f71882fg.656\n  DEVNAME=hwmon3=soc_dts1 hwmon4=f71869a\n  FCTEMPS=hwmon4/device/pwm1=hwmon3/temp1_input\n  FCFANS=hwmon4/device/pwm1=hwmon4/device/fan1_input\n  MINTEMP=hwmon4/device/pwm1=35\n  MAXTEMP=hwmon4/device/pwm1=65\n  MINSTART=hwmon4/device/pwm1=150\n  MINSTOP=hwmon4/device/pwm1=0\n''"}, "loc": ["hardware", "fancontrol", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "hardware.fancontrol.enable": {"declarations": ["nixos/modules/services/hardware/fancontrol.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable software fan control (requires fancontrol.config).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "fancontrol", "enable"], "readOnly": false, "type": "boolean"}, "hardware.firmware": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages containing firmware files.  Such files\nwill be loaded automatically if the kernel asks for them\n(i.e., when it has detected specific hardware that requires\nfirmware to function).  If multiple packages contain firmware\nfiles with the same name, the first package in the list takes\nprecedence.  Note that you must rebuild your system if you add\nfiles to any of these directories.\n", "loc": ["hardware", "firmware"], "readOnly": false, "type": "list of package"}, "hardware.firmwareCompression": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Whether to compress firmware files.\nDefaults depend on the kernel version.\nFor kernels older than 5.3, firmware files are not compressed.\nFor kernels 5.3 and newer, firmware files are compressed with xz.\nFor kernels 5.19 and newer, firmware files are compressed with zstd.\n", "loc": ["hardware", "firmwareCompression"], "readOnly": false, "type": "one of \"xz\", \"zstd\", \"none\""}, "hardware.flipperzero.enable": {"declarations": ["nixos/modules/hardware/flipperzero.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules and software for Flipper Zero devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "flipperzero", "enable"], "readOnly": false, "type": "boolean"}, "hardware.flirc.enable": {"declarations": ["nixos/modules/hardware/flirc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable software to configure a Flirc USB device.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "flirc", "enable"], "readOnly": false, "type": "boolean"}, "hardware.fw-fanctrl.config": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional config entries for the fw-fanctrl service (documentation: <https://github.com/TamtamHero/fw-fanctrl/blob/main/doc/configuration.md>)\n", "loc": ["hardware", "fw-fanctrl", "config"], "readOnly": false, "type": "open submodule of attribute set of (JSON value)"}, "hardware.fw-fanctrl.config.defaultStrategy": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "\"lazy\""}, "description": "Default strategy to use", "loc": ["hardware", "fw-fanctrl", "config", "defaultStrategy"], "readOnly": false, "type": "string"}, "hardware.fw-fanctrl.config.strategies": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional strategies which can be used by fw-fanctrl\n", "loc": ["hardware", "fw-fanctrl", "config", "strategies"], "readOnly": false, "type": "attribute set of (submodule)"}, "hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "How often the fan speed should be updated in seconds", "loc": ["hardware", "fw-fanctrl", "config", "strategies", "<name>", "fanSpeedUpdateFrequency"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "hardware.fw-fanctrl.config.strategies.<name>.movingAverageInterval": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "Interval (seconds) of the last temperatures to use to calculate the average temperature", "loc": ["hardware", "fw-fanctrl", "config", "strategies", "<name>", "movingAverageInterval"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "hardware.fw-fanctrl.config.strategies.<name>.speedCurve": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "How should the speed curve look like", "loc": ["hardware", "fw-fanctrl", "config", "strategies", "<name>", "speedCurve"], "readOnly": false, "type": "list of (submodule)"}, "hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.speed": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Percent how fast the fan should run at", "loc": ["hardware", "fw-fanctrl", "config", "strategies", "<name>", "speedCurve", "*", "speed"], "readOnly": false, "type": "integer between 0 and 100 (both inclusive)"}, "hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.temp": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Temperature in \u00b0C at which the fan speed should be changed", "loc": ["hardware", "fw-fanctrl", "config", "strategies", "<name>", "speedCurve", "*", "temp"], "readOnly": false, "type": "signed integer"}, "hardware.fw-fanctrl.config.strategyOnDischarging": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Default strategy on discharging", "loc": ["hardware", "fw-fanctrl", "config", "strategyOnDischarging"], "readOnly": false, "type": "string"}, "hardware.fw-fanctrl.disableBatteryTempCheck": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable checking battery temperature sensor\n", "loc": ["hardware", "fw-fanctrl", "disableBatteryTempCheck"], "readOnly": false, "type": "boolean"}, "hardware.fw-fanctrl.ectoolPackage": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fw-ectool"}, "description": "The fw-ectool package to use.", "loc": ["hardware", "fw-fanctrl", "ectoolPackage"], "readOnly": false, "type": "package"}, "hardware.fw-fanctrl.enable": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the fw-fanctrl systemd service and install the needed packages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "fw-fanctrl", "enable"], "readOnly": false, "type": "boolean"}, "hardware.fw-fanctrl.package": {"declarations": ["nixos/modules/hardware/fw-fanctrl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fw-fanctrl"}, "description": "The fw-fanctrl package to use.", "loc": ["hardware", "fw-fanctrl", "package"], "readOnly": false, "type": "package"}, "hardware.glasgow.enable": {"declarations": ["nixos/modules/hardware/glasgow.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables Glasgow udev rules and ensures 'plugdev' group exists.\nThis is a prerequisite to using Glasgow without being root.\n", "loc": ["hardware", "glasgow", "enable"], "readOnly": false, "type": "boolean"}, "hardware.gpgSmartcards.enable": {"declarations": ["nixos/modules/hardware/gpgsmartcards.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for gnupg smart cards.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "gpgSmartcards", "enable"], "readOnly": false, "type": "boolean"}, "hardware.graphics.enable": {"declarations": ["nixos/modules/hardware/graphics.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hardware accelerated graphics drivers.\n\nThis is required to allow most graphical applications and\nenvironments to use hardware rendering, video encode/decode\nacceleration, etc.\n\nThis option should be enabled by default by the corresponding modules,\nso you do not usually have to set it yourself.\n", "loc": ["hardware", "graphics", "enable"], "readOnly": false, "type": "boolean"}, "hardware.graphics.enable32Bit": {"declarations": ["nixos/modules/hardware/graphics.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "On 64-bit systems, whether to also install 32-bit drivers for\n32-bit applications (such as Wine).\n", "loc": ["hardware", "graphics", "enable32Bit"], "readOnly": false, "type": "boolean"}, "hardware.graphics.extraPackages": {"declarations": ["nixos/modules/hardware/graphics.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to the default graphics driver lookup path.\nThis can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.\n\n::: {.note}\nintel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.\n:::\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]"}, "loc": ["hardware", "graphics", "extraPackages"], "readOnly": false, "type": "list of package"}, "hardware.graphics.extraPackages32": {"declarations": ["nixos/modules/hardware/graphics.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to 32-bit graphics driver lookup path on 64-bit systems.\nUsed when {option}`enable32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.\n\n::: {.note}\nintel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.\n:::\n", "example": {"_type": "literalExpression", "text": "with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]"}, "loc": ["hardware", "graphics", "extraPackages32"], "readOnly": false, "type": "list of package"}, "hardware.graphics.package": {"declarations": ["nixos/modules/hardware/graphics.nix"], "description": "The package that provides the default driver set.\n", "loc": ["hardware", "graphics", "package"], "readOnly": false, "type": "package"}, "hardware.graphics.package32": {"declarations": ["nixos/modules/hardware/graphics.nix"], "description": "The package that provides the 32-bit driver set. Used when {option}`enable32Bit` is enabled.\n", "loc": ["hardware", "graphics", "package32"], "readOnly": false, "type": "package"}, "hardware.hackrf.enable": {"declarations": ["nixos/modules/hardware/hackrf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables hackrf udev rules and ensures 'plugdev' group exists.\nThis is a prerequisite to using HackRF devices without being root, since HackRF USB descriptors will be owned by plugdev through udev.\nEnsure your user is a member of the 'plugdev' group after enabling.\n", "loc": ["hardware", "hackrf", "enable"], "readOnly": false, "type": "boolean"}, "hardware.hid-fanatecff.enable": {"declarations": ["nixos/modules/hardware/hid-fanatecff.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hid-fanatecff, a Linux kernel driver that aims to add support for Fanatec devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "hid-fanatecff", "enable"], "readOnly": false, "type": "boolean"}, "hardware.i2c.enable": {"declarations": ["nixos/modules/hardware/i2c.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable i2c devices support. By default access is granted to users in the \"i2c\"\ngroup (will be created if non-existent) and any user with a seat, meaning\nlogged on the computer locally\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "i2c", "enable"], "readOnly": false, "type": "boolean"}, "hardware.i2c.group": {"declarations": ["nixos/modules/hardware/i2c.nix"], "default": {"_type": "literalExpression", "text": "\"i2c\""}, "description": "Grant access to i2c devices (/dev/i2c-*) to users in this group.\n", "loc": ["hardware", "i2c", "group"], "readOnly": false, "type": "string"}, "hardware.infiniband.enable": {"declarations": ["nixos/modules/hardware/infiniband.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Infiniband support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "infiniband", "enable"], "readOnly": false, "type": "boolean"}, "hardware.infiniband.guids": {"declarations": ["nixos/modules/hardware/infiniband.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of infiniband port guids on the system. This is discoverable using `ibstat -p`\n", "example": {"_type": "literalExpression", "text": "[\n  \"0xe8ebd30000eee2e1\"\n]"}, "loc": ["hardware", "infiniband", "guids"], "readOnly": false, "type": "list of string"}, "hardware.inputmodule.enable": {"declarations": ["nixos/modules/hardware/inputmodule.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Support for Framework input modules.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "inputmodule", "enable"], "readOnly": false, "type": "boolean"}, "hardware.intel-gpu-tools.enable": {"declarations": ["nixos/modules/hardware/video/intel-gpu-tools.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a setcap wrapper for intel-gpu-tools.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "intel-gpu-tools", "enable"], "readOnly": false, "type": "boolean"}, "hardware.ipu6.enable": {"declarations": ["nixos/modules/hardware/video/webcam/ipu6.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Intel IPU6/MIPI cameras.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "ipu6", "enable"], "readOnly": false, "type": "boolean"}, "hardware.ipu6.platform": {"declarations": ["nixos/modules/hardware/video/webcam/ipu6.nix"], "description": "Choose the version for your hardware platform.\n\nUse `ipu6` for Tiger Lake, `ipu6ep` for Alder Lake or Raptor Lake,\nand `ipu6epmtl` for Meteor Lake.\n", "loc": ["hardware", "ipu6", "platform"], "readOnly": false, "type": "one of \"ipu6\", \"ipu6ep\", \"ipu6epmtl\""}, "hardware.keyboard.qmk.enable": {"declarations": ["nixos/modules/hardware/keyboard/qmk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable non-root access to the firmware of QMK keyboards.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "keyboard", "qmk", "enable"], "readOnly": false, "type": "boolean"}, "hardware.keyboard.qmk.keychronSupport": {"declarations": ["nixos/modules/hardware/keyboard/qmk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for keychron QMK based keyboards.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "keyboard", "qmk", "keychronSupport"], "readOnly": false, "type": "boolean"}, "hardware.keyboard.teck.enable": {"declarations": ["nixos/modules/hardware/keyboard/teck.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable non-root access to the firmware of TECK keyboards.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "keyboard", "teck", "enable"], "readOnly": false, "type": "boolean"}, "hardware.keyboard.uhk.enable": {"declarations": ["nixos/modules/hardware/keyboard/uhk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable non-root access to the firmware of UHK keyboards.\nYou need it when you want to flash a new firmware on the keyboard.\nAccess to the keyboard is granted to users in the \"input\" group.\nYou may want to install the uhk-agent package\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "keyboard", "uhk", "enable"], "readOnly": false, "type": "boolean"}, "hardware.keyboard.zsa.enable": {"declarations": ["nixos/modules/hardware/keyboard/zsa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I.\nYou need it when you want to flash a new configuration on the keyboard\nor use their live training in the browser.\nYou may want to install the wally-cli package\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "keyboard", "zsa", "enable"], "readOnly": false, "type": "boolean"}, "hardware.kryoflux.enable": {"declarations": ["nixos/modules/hardware/kryoflux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables kryoflux udev rules, ensures 'floppy' group exists. This is a\nprerequisite to using devices supported by kryoflux without being root,\nsince kryoflux device descriptors will be owned by floppy through udev.\n", "loc": ["hardware", "kryoflux", "enable"], "readOnly": false, "type": "boolean"}, "hardware.kryoflux.package": {"declarations": ["nixos/modules/hardware/kryoflux.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kryoflux"}, "description": "The kryoflux package to use.", "loc": ["hardware", "kryoflux", "package"], "readOnly": false, "type": "package"}, "hardware.ksm.enable": {"declarations": ["nixos/modules/hardware/ksm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Linux kernel Same-Page Merging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "ksm", "enable"], "readOnly": false, "type": "boolean"}, "hardware.ksm.sleep": {"declarations": ["nixos/modules/hardware/ksm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How many milliseconds ksmd should sleep between scans.\nSetting it to `null` uses the kernel's default time.\n", "loc": ["hardware", "ksm", "sleep"], "readOnly": false, "type": "null or signed integer"}, "hardware.ledger.enable": {"declarations": ["nixos/modules/hardware/ledger.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for Ledger devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "ledger", "enable"], "readOnly": false, "type": "boolean"}, "hardware.libftdi.enable": {"declarations": ["nixos/modules/hardware/libftdi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for devices supported by libftdi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "libftdi", "enable"], "readOnly": false, "type": "boolean"}, "hardware.libftdi.package": {"declarations": ["nixos/modules/hardware/libftdi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libftdi1"}, "description": "The libftdi1 package to use.", "loc": ["hardware", "libftdi", "package"], "readOnly": false, "type": "package"}, "hardware.libjaylink.enable": {"declarations": ["nixos/modules/hardware/libjaylink.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for devices supported by libjaylink.\nAdd users to the `jlink` group in order to grant\nthem access\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "libjaylink", "enable"], "readOnly": false, "type": "boolean"}, "hardware.libjaylink.package": {"declarations": ["nixos/modules/hardware/libjaylink.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libjaylink"}, "description": "The libjaylink package to use.", "loc": ["hardware", "libjaylink", "package"], "readOnly": false, "type": "package"}, "hardware.logitech.lcd.devices": {"declarations": ["nixos/modules/hardware/logitech.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0a07\"\n  \"c222\"\n  \"c225\"\n  \"c227\"\n  \"c251\"\n]"}, "description": "List of USB device ids supported by g15daemon.\n\nYou most likely do not need to change this.\n", "loc": ["hardware", "logitech", "lcd", "devices"], "readOnly": false, "type": "list of string"}, "hardware.logitech.lcd.enable": {"declarations": ["nixos/modules/hardware/logitech.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Logitech LCD Devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "logitech", "lcd", "enable"], "readOnly": false, "type": "boolean"}, "hardware.logitech.lcd.startWhenNeeded": {"declarations": ["nixos/modules/hardware/logitech.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Only run the service when an actual supported device is plugged.\n", "loc": ["hardware", "logitech", "lcd", "startWhenNeeded"], "readOnly": false, "type": "boolean"}, "hardware.logitech.wireless.enable": {"declarations": ["nixos/modules/hardware/logitech.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Logitech Wireless Devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "logitech", "wireless", "enable"], "readOnly": false, "type": "boolean"}, "hardware.logitech.wireless.enableGraphical": {"declarations": ["nixos/modules/hardware/logitech.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable graphical support applications.", "loc": ["hardware", "logitech", "wireless", "enableGraphical"], "readOnly": false, "type": "boolean"}, "hardware.mcelog.enable": {"declarations": ["nixos/modules/hardware/mcelog.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Machine Check Exception logger.\n", "loc": ["hardware", "mcelog", "enable"], "readOnly": false, "type": "boolean"}, "hardware.mwProCapture.enable": {"declarations": ["nixos/modules/hardware/video/capture/mwprocapture.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Magewell Pro Capture family kernel module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "mwProCapture", "enable"], "readOnly": false, "type": "boolean"}, "hardware.new-lg4ff.enable": {"declarations": ["nixos/modules/hardware/new-lg4ff.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables improved Linux module drivers for Logitech driving wheels.\nThis will replace the existing in-kernel hid-logitech modules.\nWorks most notably on the Logitech G25, G27, G29 and Driving Force (GT).\n", "loc": ["hardware", "new-lg4ff", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nfc-nci.enable": {"declarations": ["nixos/modules/hardware/nfc-nci.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PN5xx kernel module with udev rules, libnfc-nci userland, and optional ifdnfc-nci PC/SC driver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nfc-nci", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nfc-nci.enableIFD": {"declarations": ["nixos/modules/hardware/nfc-nci.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Register ifdnfc-nci as a serial reader with pcscd.\n", "loc": ["hardware", "nfc-nci", "enableIFD"], "readOnly": false, "type": "boolean"}, "hardware.nfc-nci.settings": {"declarations": ["nixos/modules/hardware/nfc-nci.nix"], "default": {"_type": "literalExpression", "text": "{\n  init = {\n    NXPLOG_EXTNS_LOGLEVEL = \"0x01\";\n    NXPLOG_FWDNLD_LOGLEVEL = \"0x00\";\n    NXPLOG_GLOBAL_LOGLEVEL = \"0x01\";\n    NXPLOG_NCIHAL_LOGLEVEL = \"0x01\";\n    NXPLOG_NCIR_LOGLEVEL = \"0x01\";\n    NXPLOG_NCIX_LOGLEVEL = \"0x01\";\n    NXPLOG_TML_LOGLEVEL = \"0x01\";\n    NXP_ACT_PROP_EXTN = \"{2F, 02, 00}\";\n    NXP_CORE_STANDBY = \"{2F, 00, 01, 01}\";\n    NXP_I2C_FRAGMENTATION_ENABLED = \"0x01\";\n    NXP_NFC_DEV_NODE = \"\\\"/dev/pn544\\\"\";\n    NXP_NFC_PROFILE_EXTN = ''\n      {20, 02, 05, 01,\n        A0, 44, 01, 00\n      }\n    '';\n  };\n  nci = {\n    APPL_TRACE_LEVEL = \"0x01\";\n    HOST_LISTEN_TECH_MASK = \"0x07\";\n    P2P_LISTEN_TECH_MASK = \"0xC5\";\n    POLLING_TECH_MASK = \"0xEF\";\n    PROTOCOL_TRACE_LEVEL = \"0x01\";\n  };\n  pn54x = {\n    MIFARE_READER_ENABLE = \"0x01\";\n    NXP_CORE_CONF = ''\n      {20, 02, 2B, 0D,\n        28, 01, 00,\n        21, 01, 00,\n        30, 01, 08,\n        31, 01, 03,\n        33, 04, 04, 03, 02, 01,\n        54, 01, 06,\n        50, 01, 02,\n        5B, 01, 00,\n        60, 01, 0E,\n        80, 01, 01,\n        81, 01, 01,\n        82, 01, 0E,\n        18, 01, 01\n      }\n    '';\n    NXP_CORE_CONF_EXTN = ''\n      {20, 02, 30, 04,\n        A0, 5E, 01, 01,\n        A0, 40, 01, 00,\n        A0, 43, 01, 00,\n        A0, 0F, 20,\n        00, 03, 1D, 01, 03, 00, 02, 00,\n        01, 00, 01, 00, 00, 00, 00, 00,\n        00, 00, 00, 00, 00, 00, 00, 00,\n        00, 00, 00, 00, 00, 00, 00, 00\n      }\n    '';\n    NXP_EXT_TVDD_CFG = \"0x01\";\n    NXP_EXT_TVDD_CFG_1 = ''\n      {20, 02, 07, 01,\n        A0, 0E, 03, 16, 09, 00\n      }\n    '';\n    NXP_NFC_MAX_EE_SUPPORTED = \"0x00\";\n    NXP_NFC_PROPRIETARY_CFG = \"{05:FF:FF:06:81:80:70:FF:FF}\";\n    NXP_SYS_CLK_FREQ_SEL = \"0x00\";\n    NXP_SYS_CLK_SRC_SEL = \"0x01\";\n    NXP_SYS_CLOCK_TO_CFG = \"0x01\";\n  };\n}"}, "description": "Configuration to be written to the libncf-nci configuration files.\nTo understand the configuration format, refer to <https://github.com/NXPNFCLinux/linux_libnfc-nci/tree/master/conf>.\n", "loc": ["hardware", "nfc-nci", "settings"], "readOnly": false, "type": "attribute set"}, "hardware.nitrokey.enable": {"declarations": ["nixos/modules/hardware/nitrokey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables udev rules for Nitrokey devices.\n", "loc": ["hardware", "nitrokey", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia-container-toolkit.csv-files": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The path to the list of CSV files to use when generating the CDI specification in CSV mode.\n", "loc": ["hardware", "nvidia-container-toolkit", "csv-files"], "readOnly": false, "type": "list of absolute path"}, "hardware.nvidia-container-toolkit.device-name-strategy": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "\"index\""}, "description": "Specify the strategy for generating device names,\npassed to `nvidia-ctk cdi generate`. This will affect how\nyou reference the device using `nvidia.com/gpu=` in\nthe container runtime.\n", "loc": ["hardware", "nvidia-container-toolkit", "device-name-strategy"], "readOnly": false, "type": "one of \"index\", \"uuid\", \"type-index\""}, "hardware.nvidia-container-toolkit.disable-hooks": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "[\n  \"create-symlinks\"\n]"}, "description": "List of hooks to disable when generating the CDI specification.\nEach hook name will be passed as `--disable-hook <hook-name>` to nvidia-ctk.\nSet to an empty list to disable no hooks.\n", "loc": ["hardware", "nvidia-container-toolkit", "disable-hooks"], "readOnly": false, "type": "list of non-empty string"}, "hardware.nvidia-container-toolkit.discovery-mode": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "The mode to use when discovering the available entities.\n", "loc": ["hardware", "nvidia-container-toolkit", "discovery-mode"], "readOnly": false, "type": "one of \"auto\", \"csv\", \"nvml\", \"wsl\""}, "hardware.nvidia-container-toolkit.enable": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable dynamic CDI configuration for Nvidia devices by running\nnvidia-container-toolkit on boot.\n", "loc": ["hardware", "nvidia-container-toolkit", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia-container-toolkit.enable-hooks": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hooks to enable when generating the CDI specification.\nEach hook name will be passed as `--enable-hook <hook-name>` to nvidia-ctk.\nSet to an empty list to enable no hooks.\n", "loc": ["hardware", "nvidia-container-toolkit", "enable-hooks"], "readOnly": false, "type": "list of non-empty string"}, "hardware.nvidia-container-toolkit.extraArgs": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to be passed to nvidia-ctk.\n", "loc": ["hardware", "nvidia-container-toolkit", "extraArgs"], "readOnly": false, "type": "list of string"}, "hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and\n/usr/local/nvidia/lib64.\n", "loc": ["hardware", "nvidia-container-toolkit", "mount-nvidia-docker-1-directories"], "readOnly": false, "type": "boolean"}, "hardware.nvidia-container-toolkit.mount-nvidia-executables": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Mount executables nvidia-smi, nvidia-cuda-mps-control, nvidia-cuda-mps-server,\nnvidia-debugdump, nvidia-powerd and nvidia-ctk on containers.\n", "loc": ["hardware", "nvidia-container-toolkit", "mount-nvidia-executables"], "readOnly": false, "type": "boolean"}, "hardware.nvidia-container-toolkit.mounts": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mounts to be added to every container under the Nvidia CDI profile.", "loc": ["hardware", "nvidia-container-toolkit", "mounts"], "readOnly": false, "type": "list of (submodule)"}, "hardware.nvidia-container-toolkit.mounts.*.containerPath": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "description": "Container path.", "loc": ["hardware", "nvidia-container-toolkit", "mounts", "*", "containerPath"], "readOnly": false, "type": "string"}, "hardware.nvidia-container-toolkit.mounts.*.hostPath": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "description": "Host path.", "loc": ["hardware", "nvidia-container-toolkit", "mounts", "*", "hostPath"], "readOnly": false, "type": "string"}, "hardware.nvidia-container-toolkit.mounts.*.mountOptions": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "[\n  \"ro\"\n  \"nosuid\"\n  \"nodev\"\n  \"bind\"\n]"}, "description": "Mount options.", "loc": ["hardware", "nvidia-container-toolkit", "mounts", "*", "mountOptions"], "readOnly": false, "type": "list of string"}, "hardware.nvidia-container-toolkit.package": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "pkgs.nvidia-container-toolkit"}, "description": "The nvidia-container-toolkit package to use.", "loc": ["hardware", "nvidia-container-toolkit", "package"], "readOnly": false, "type": "package"}, "hardware.nvidia-container-toolkit.suppressNvidiaDriverAssertion": {"declarations": ["nixos/modules/services/hardware/nvidia-container-toolkit"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Suppress the assertion for installing Nvidia driver.\nUseful in WSL where drivers are mounted from Windows, not provided by NixOS.\n", "loc": ["hardware", "nvidia-container-toolkit", "suppressNvidiaDriverAssertion"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.datacenter.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Data Center drivers for NVIDIA cards on a NVLink topology\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "datacenter", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.datacenter.settings": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "{\n  LOG_LEVEL=4;\n  LOG_FILE_NAME=\"/var/log/fabricmanager.log\";\n  LOG_APPEND_TO_LOG=1;\n  LOG_FILE_MAX_SIZE=1024;\n  LOG_USE_SYSLOG=0;\n  DAEMONIZE=1;\n  BIND_INTERFACE_IP=\"127.0.0.1\";\n  STARTING_TCP_PORT=16000;\n  FABRIC_MODE=0;\n  FABRIC_MODE_RESTART=0;\n  STATE_FILE_NAME=\"/var/tmp/fabricmanager.state\";\n  FM_CMD_BIND_INTERFACE=\"127.0.0.1\";\n  FM_CMD_PORT_NUMBER=6666;\n  FM_STAY_RESIDENT_ON_FAILURES=0;\n  ACCESS_LINK_FAILURE_MODE=0;\n  TRUNK_LINK_FAILURE_MODE=0;\n  NVSWITCH_FAILURE_MODE=0;\n  ABORT_CUDA_JOBS_ON_FM_EXIT=1;\n}\n"}, "description": "Additional configuration options for fabricmanager.\n", "loc": ["hardware", "nvidia", "datacenter", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string))"}, "hardware.nvidia.dynamicBoost.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dynamic Boost balances power between the CPU and the GPU for improved\nperformance on supported laptops using the nvidia-powerd daemon. For more\ninformation, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "dynamicBoost", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.enabled": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalMD", "text": "`true` if NVIDIA support is enabled"}, "description": "True if NVIDIA support is enabled", "loc": ["hardware", "nvidia", "enabled"], "readOnly": true, "type": "boolean"}, "hardware.nvidia.forceFullCompositionPipeline": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable forcefully the full composition pipeline.\nThis sometimes fixes screen tearing issues.\nThis has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL.\nIt also drastically increases the time the driver needs to clock down after load\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "forceFullCompositionPipeline"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.gsp.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.nvidia.open == true || lib.versionAtLeast config.hardware.nvidia.package.version \"555\"\n"}, "description": "Whether to enable the GPU System Processor (GSP) on the video card\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "gsp", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.modesetting.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "lib.versionAtLeast cfg.package.version \"535\""}, "description": "Whether to enable kernel modesetting when using the NVIDIA proprietary driver.\n\nEnabling this fixes screen tearing when using Optimus via PRIME (see\n{option}`hardware.nvidia.prime.sync.enable`. This is not enabled\nby default because it is not officially supported by NVIDIA and would not\nwork with SLI.\n\nEnabling this and using version 545 or newer of the proprietary NVIDIA\ndriver causes it to provide its own framebuffer device, which can cause\nWayland compositors to work when they otherwise wouldn't.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "modesetting", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.nvidiaPersistenced": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nvidia-persistenced a update for NVIDIA GPU headless mode, i.e.\nIt ensures all GPUs stay awake even during headless mode\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "nvidiaPersistenced"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.nvidiaSettings": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable nvidia-settings, NVIDIA's GUI configuration tool\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "nvidiaSettings"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.open": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "if lib.versionOlder config.hardware.nvidia.package.version \"560\" then false else null\n"}, "description": "Whether to enable the open source NVIDIA kernel module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "open"], "readOnly": false, "type": "null or boolean"}, "hardware.nvidia.package": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "config.boot.kernelPackages.nvidiaPackages.\"\\$\\{if cfg.datacenter.enable then \"dc\" else \"stable\"}\"\n"}, "description": "The NVIDIA driver package to use.\n", "example": {"_type": "literalExpression", "text": "\"config.boot.kernelPackages.nvidiaPackages.legacy_470\""}, "loc": ["hardware", "nvidia", "package"], "readOnly": false, "type": "unspecified value"}, "hardware.nvidia.powerManagement.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable experimental power management through systemd. For more information, see\nthe NVIDIA docs, on Chapter 21. Configuring Power Management Support\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "powerManagement", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.powerManagement.finegrained": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable experimental power management of PRIME offload. For more information, see\nthe NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "powerManagement", "finegrained"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.prime.allowExternalGpu": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "prime", "allowExternalGpu"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.prime.amdgpuBusId": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Bus ID of the AMD APU. You can find it using lspci; for example if lspci\nshows the AMD APU at \"0001:02:03.4\", set this option to \"PCI:2@1:3:4\".\n\nlspci might omit the PCI domain (0001 in above example) if it is zero.\nIn which case, use \"@0\" instead.\n\nPlease be aware that this option takes decimal address while lspci reports\nhexadecimal address. So for device at domain \"10000\", use \"@65536\".\n", "example": {"_type": "literalExpression", "text": "\"PCI:4@0:0:0\""}, "loc": ["hardware", "nvidia", "prime", "amdgpuBusId"], "readOnly": false, "type": "string matching the pattern ([[:print:]]+:[0-9]{1,3}(@[0-9]{1,10})?:[0-9]{1,2}:[0-9])?"}, "hardware.nvidia.prime.intelBusId": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Bus ID of the Intel GPU. You can find it using lspci; for example if lspci\nshows the Intel GPU at \"0001:02:03.4\", set this option to \"PCI:2@1:3:4\".\n\nlspci might omit the PCI domain (0001 in above example) if it is zero.\nIn which case, use \"@0\" instead.\n\nPlease be aware that this option takes decimal address while lspci reports\nhexadecimal address. So for device at domain \"10000\", use \"@65536\".\n", "example": {"_type": "literalExpression", "text": "\"PCI:0@0:2:0\""}, "loc": ["hardware", "nvidia", "prime", "intelBusId"], "readOnly": false, "type": "string matching the pattern ([[:print:]]+:[0-9]{1,3}(@[0-9]{1,10})?:[0-9]{1,2}:[0-9])?"}, "hardware.nvidia.prime.nvidiaBusId": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci\nshows the NVIDIA GPU at \"0001:02:03.4\", set this option to \"PCI:2@1:3:4\".\n\nlspci might omit the PCI domain (0001 in above example) if it is zero.\nIn which case, use \"@0\" instead.\n\nPlease be aware that this option takes decimal address while lspci reports\nhexadecimal address. So for device at domain \"10000\", use \"@65536\".\n", "example": {"_type": "literalExpression", "text": "\"PCI:1@0:0:0\""}, "loc": ["hardware", "nvidia", "prime", "nvidiaBusId"], "readOnly": false, "type": "string matching the pattern ([[:print:]]+:[0-9]{1,3}(@[0-9]{1,10})?:[0-9]{1,2}:[0-9])?"}, "hardware.nvidia.prime.offload.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable render offload support using the NVIDIA proprietary driver via PRIME.\n\nIf this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to\nbe specified ({option}`hardware.nvidia.prime.nvidiaBusId` and\n{option}`hardware.nvidia.prime.intelBusId` or\n{option}`hardware.nvidia.prime.amdgpuBusId`)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "prime", "offload", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.prime.offload.enableOffloadCmd": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable adding a `nvidia-offload` convenience script to {option}`environment.systemPackages`\nfor offloading programs to an nvidia device. To work, you must also enable\n{option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`.\n\nExample usage: `nvidia-offload sauerbraten_client`\n\nThis script can be renamed with {option}`hardware.nvidia.prime.offload.enableOffloadCmd`.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "prime", "offload", "enableOffloadCmd"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.prime.offload.offloadCmdMainProgram": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "\"nvidia-offload\""}, "description": "Specifies the CLI name of the {option}`hardware.nvidia.prime.offload.enableOffloadCmd`\nconvenience script for offloading programs to an nvidia device.\n", "example": {"_type": "literalExpression", "text": "\"prime-run\""}, "loc": ["hardware", "nvidia", "prime", "offload", "offloadCmdMainProgram"], "readOnly": false, "type": "string"}, "hardware.nvidia.prime.reverseSync.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse\nPRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while\nenabling output to displays attached only to the NVIDIA GPU without a\nmultiplexer.\n\nWarning: This feature is relatively new, depending on your system this might\nwork poorly. AMD support, especially so.\nSee: <https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828>\n\nNote that this option only has any effect if the \"nvidia\" driver is specified\nin {option}`services.xserver.videoDrivers`, and it should preferably\nbe the only driver there.\n\nIf this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to\nbe specified ({option}`hardware.nvidia.prime.nvidiaBusId` and\n{option}`hardware.nvidia.prime.intelBusId` or\n{option}`hardware.nvidia.prime.amdgpuBusId`).\n\nIf you enable this, you may want to also enable kernel modesetting for the\nNVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order\nto prevent tearing.\n\nNote that this configuration will only be successful when a display manager\nfor which the {option}`services.xserver.displayManager.setupCommands`\noption is supported is used\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "prime", "reverseSync", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.prime.reverseSync.setupCommands.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable configure the display manager to be able to use the outputs\nattached to the NVIDIA GPU.\nDisable in order to configure the NVIDIA GPU outputs manually using xrandr.\nNote that this configuration will only be successful when a display manager\nfor which the {option}`services.xserver.displayManager.setupCommands`\noption is supported is used\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "prime", "reverseSync", "setupCommands", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.prime.sync.enable": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.\nIf enabled, the NVIDIA GPU will be always on and used for all rendering,\nwhile enabling output to displays attached only to the integrated Intel/AMD\nGPU without a multiplexer.\n\nNote that this option only has any effect if the \"nvidia\" driver is specified\nin {option}`services.xserver.videoDrivers`, and it should preferably\nbe the only driver there.\n\nIf this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to\nbe specified ({option}`hardware.nvidia.prime.nvidiaBusId` and\n{option}`hardware.nvidia.prime.intelBusId` or\n{option}`hardware.nvidia.prime.amdgpuBusId`).\n\nIf you enable this, you may want to also enable kernel modesetting for the\nNVIDIA driver ({option}`hardware.nvidia.modesetting.enable`) in order\nto prevent tearing.\n\nNote that this configuration will only be successful when a display manager\nfor which the {option}`services.xserver.displayManager.setupCommands`\noption is supported is used\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "prime", "sync", "enable"], "readOnly": false, "type": "boolean"}, "hardware.nvidia.videoAcceleration": {"declarations": ["nixos/modules/hardware/video/nvidia.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Whether video acceleration (VA-API) should be enabled.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "nvidia", "videoAcceleration"], "readOnly": false, "type": "boolean"}, "hardware.nvidiaOptimus.disable": {"declarations": ["nixos/modules/services/hardware/nvidia-optimus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Completely disable the NVIDIA graphics card and use the\nintegrated graphics processor instead.\n", "loc": ["hardware", "nvidiaOptimus", "disable"], "readOnly": false, "type": "boolean"}, "hardware.onlykey.enable": {"declarations": ["nixos/modules/hardware/onlykey/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable OnlyKey device (https://crp.to/p/) support.\n", "loc": ["hardware", "onlykey", "enable"], "readOnly": false, "type": "boolean"}, "hardware.openrazer.batteryNotifier": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for device battery notifications.\n", "loc": ["hardware", "openrazer", "batteryNotifier"], "readOnly": false, "type": "submodule"}, "hardware.openrazer.batteryNotifier.enable": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Mouse battery notifier.\n", "loc": ["hardware", "openrazer", "batteryNotifier", "enable"], "readOnly": false, "type": "boolean"}, "hardware.openrazer.batteryNotifier.frequency": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "How often battery notifications should be shown (in seconds).\nA value of 0 disables notifications.\n", "loc": ["hardware", "openrazer", "batteryNotifier", "frequency"], "readOnly": false, "type": "signed integer"}, "hardware.openrazer.batteryNotifier.percentage": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "33"}, "description": "At what battery percentage the device should reach before\nsending notifications.\n", "loc": ["hardware", "openrazer", "batteryNotifier", "percentage"], "readOnly": false, "type": "signed integer"}, "hardware.openrazer.devicesOffOnScreensaver": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Turn off the devices when the systems screensaver kicks in.\n", "loc": ["hardware", "openrazer", "devicesOffOnScreensaver"], "readOnly": false, "type": "boolean"}, "hardware.openrazer.enable": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenRazer drivers and userspace daemon\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "openrazer", "enable"], "readOnly": false, "type": "boolean"}, "hardware.openrazer.keyStatistics": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collects number of keypresses per hour per key used to\ngenerate a heatmap.\n", "loc": ["hardware", "openrazer", "keyStatistics"], "readOnly": false, "type": "boolean"}, "hardware.openrazer.syncEffectsEnabled": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set the sync effects flag to true so any assignment of\neffects will work across devices.\n", "loc": ["hardware", "openrazer", "syncEffectsEnabled"], "readOnly": false, "type": "boolean"}, "hardware.openrazer.users": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Usernames to be added to the \"openrazer\" group, so that they\ncan start and interact with the OpenRazer userspace daemon.\n", "loc": ["hardware", "openrazer", "users"], "readOnly": false, "type": "list of string"}, "hardware.openrazer.verboseLogging": {"declarations": ["nixos/modules/hardware/openrazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable verbose logging. Logs debug messages.\n", "loc": ["hardware", "openrazer", "verboseLogging"], "readOnly": false, "type": "boolean"}, "hardware.opentabletdriver.blacklistedKernelModules": {"declarations": ["nixos/modules/hardware/opentabletdriver.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"hid-uclogic\"\n  \"wacom\"\n]"}, "description": "Blacklist of kernel modules known to conflict with OpenTabletDriver.\n", "loc": ["hardware", "opentabletdriver", "blacklistedKernelModules"], "readOnly": false, "type": "list of string"}, "hardware.opentabletdriver.daemon.enable": {"declarations": ["nixos/modules/hardware/opentabletdriver.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to start OpenTabletDriver daemon as a systemd user service.\n", "loc": ["hardware", "opentabletdriver", "daemon", "enable"], "readOnly": false, "type": "boolean"}, "hardware.opentabletdriver.enable": {"declarations": ["nixos/modules/hardware/opentabletdriver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable OpenTabletDriver udev rules, user service and blacklist kernel\nmodules known to conflict with OpenTabletDriver.\n", "loc": ["hardware", "opentabletdriver", "enable"], "readOnly": false, "type": "boolean"}, "hardware.opentabletdriver.package": {"declarations": ["nixos/modules/hardware/opentabletdriver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opentabletdriver"}, "description": "The opentabletdriver package to use.", "loc": ["hardware", "opentabletdriver", "package"], "readOnly": false, "type": "package"}, "hardware.parallels.enable": {"declarations": ["nixos/modules/virtualisation/parallels-guest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This enables Parallels Tools for Linux guests.\n", "loc": ["hardware", "parallels", "enable"], "readOnly": false, "type": "boolean"}, "hardware.parallels.package": {"declarations": ["nixos/modules/virtualisation/parallels-guest.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prl-tools"}, "description": "The prl-tools package to use.", "loc": ["hardware", "parallels", "package"], "readOnly": false, "type": "package"}, "hardware.pcmcia.config": {"declarations": ["nixos/modules/hardware/pcmcia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the configuration file which maps the memory, IRQs\nand ports used by the PCMCIA hardware.\n", "loc": ["hardware", "pcmcia", "config"], "readOnly": false, "type": "null or absolute path"}, "hardware.pcmcia.enable": {"declarations": ["nixos/modules/hardware/pcmcia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option to support PCMCIA card.\n", "loc": ["hardware", "pcmcia", "enable"], "readOnly": false, "type": "boolean"}, "hardware.pcmcia.firmware": {"declarations": ["nixos/modules/hardware/pcmcia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of firmware used to handle specific PCMCIA card.\n", "loc": ["hardware", "pcmcia", "firmware"], "readOnly": false, "type": "list of absolute path"}, "hardware.printers.ensureDefaultPrinter": {"declarations": ["nixos/modules/hardware/printers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Ensures the named printer is the default CUPS printer / printer queue.\n", "loc": ["hardware", "printers", "ensureDefaultPrinter"], "readOnly": false, "type": "null or printable string without spaces, # and /"}, "hardware.printers.ensurePrinters": {"declarations": ["nixos/modules/hardware/printers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Will regularly ensure that the given CUPS printers are configured as declared here.\nIf a printer's options are manually changed afterwards, they will be overwritten eventually.\nThis option will never delete any printer, even if removed from this list.\nYou can check existing printers with {command}`lpstat -s`\nand remove printers with {command}`lpadmin -x <printer-name>`.\nPrinters not listed here can still be manually configured.\n", "loc": ["hardware", "printers", "ensurePrinters"], "readOnly": false, "type": "list of (submodule)"}, "hardware.printers.ensurePrinters.*.description": {"declarations": ["nixos/modules/hardware/printers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional human-readable description.\n", "example": {"_type": "literalExpression", "text": "\"Brother HL-5140\""}, "loc": ["hardware", "printers", "ensurePrinters", "*", "description"], "readOnly": false, "type": "null or string"}, "hardware.printers.ensurePrinters.*.deviceUri": {"declarations": ["nixos/modules/hardware/printers.nix"], "description": "How to reach the printer.\n{command}`lpinfo -v` shows a list of supported device URIs and schemes.\n", "example": {"_type": "literalExpression", "text": "\"ipp://printserver.local/printers/BrotherHL_Workroom\"\n\"usb://HP/DESKJET%20940C?serial=CN16E6C364BH\"\n"}, "loc": ["hardware", "printers", "ensurePrinters", "*", "deviceUri"], "readOnly": false, "type": "string"}, "hardware.printers.ensurePrinters.*.location": {"declarations": ["nixos/modules/hardware/printers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional human-readable location.\n", "example": {"_type": "literalExpression", "text": "\"Workroom\""}, "loc": ["hardware", "printers", "ensurePrinters", "*", "location"], "readOnly": false, "type": "null or string"}, "hardware.printers.ensurePrinters.*.model": {"declarations": ["nixos/modules/hardware/printers.nix"], "description": "Location of the ppd driver file for the printer.\n{command}`lpinfo -m` shows a list of supported models.\n", "example": {"_type": "literalExpression", "text": "\"gutenprint.${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert\"\n"}, "loc": ["hardware", "printers", "ensurePrinters", "*", "model"], "readOnly": false, "type": "string"}, "hardware.printers.ensurePrinters.*.name": {"declarations": ["nixos/modules/hardware/printers.nix"], "description": "Name of the printer / printer queue.\nMay contain any printable characters except \"/\", \"#\", and space.\n", "example": {"_type": "literalExpression", "text": "\"BrotherHL_Workroom\""}, "loc": ["hardware", "printers", "ensurePrinters", "*", "name"], "readOnly": false, "type": "printable string without spaces, # and /"}, "hardware.printers.ensurePrinters.*.ppdOptions": {"declarations": ["nixos/modules/hardware/printers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Sets PPD options for the printer.\n{command}`lpoptions [-p printername] -l` shows supported PPD options for the given printer.\n", "example": {"_type": "literalExpression", "text": "{\n  Duplex = \"DuplexNoTumble\";\n  PageSize = \"A4\";\n}"}, "loc": ["hardware", "printers", "ensurePrinters", "*", "ppdOptions"], "readOnly": false, "type": "attribute set of string"}, "hardware.raid.HPSmartArray.enable": {"declarations": ["nixos/modules/hardware/raid/hpsa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HP Smart Array kernel modules and CLI utility.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "raid", "HPSmartArray", "enable"], "readOnly": false, "type": "boolean"}, "hardware.rasdaemon.config": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "rasdaemon configuration, currently only used for CE PFA\nfor details, read rasdaemon.outPath/etc/sysconfig/rasdaemon's comments\n", "example": {"_type": "literalExpression", "text": "''\n  # defaults from included config\n  PAGE_CE_REFRESH_CYCLE=\"24h\"\n  PAGE_CE_THRESHOLD=\"50\"\n  PAGE_CE_ACTION=\"soft\"\n''"}, "loc": ["hardware", "rasdaemon", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "hardware.rasdaemon.enable": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RAS logging daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "rasdaemon", "enable"], "readOnly": false, "type": "boolean"}, "hardware.rasdaemon.extraModules": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "extra kernel modules to load", "example": {"_type": "literalExpression", "text": "[\n  \"i7core_edac\"\n]"}, "loc": ["hardware", "rasdaemon", "extraModules"], "readOnly": false, "type": "list of string"}, "hardware.rasdaemon.labels": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels", "example": {"_type": "literalExpression", "text": "''\n  # vendor and model may be shown by 'ras-mc-ctl --mainboard'\n  vendor: ASRock\n    product: To Be Filled By O.E.M.\n    model: B450M Pro4\n      # these labels are names for the motherboard slots\n      # the numbers may be shown by `ras-mc-ctl --error-count`\n      # they are mc:csrow:channel\n      DDR4_A1: 0.2.0;  DDR4_B1: 0.2.1;\n      DDR4_A2: 0.3.0;  DDR4_B2: 0.3.1;\n''"}, "loc": ["hardware", "rasdaemon", "labels"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "hardware.rasdaemon.mainboard": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Custom mainboard description, see {manpage}`ras-mc-ctl(8)` for more details.", "example": {"_type": "literalExpression", "text": "''\n  vendor = ASRock\n  model = B450M Pro4\n  \n  # it should default to such values from\n  # /sys/class/dmi/id/board_[vendor|name]\n  # alternatively one can supply a script\n  # that returns the same format as above\n  \n  script = <path to script>\n''"}, "loc": ["hardware", "rasdaemon", "mainboard"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "hardware.rasdaemon.package": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rasdaemon"}, "description": "The rasdaemon package to use.", "loc": ["hardware", "rasdaemon", "package"], "readOnly": false, "type": "package"}, "hardware.rasdaemon.record": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "record events via sqlite3, required for ras-mc-ctl", "loc": ["hardware", "rasdaemon", "record"], "readOnly": false, "type": "boolean"}, "hardware.rasdaemon.testing": {"declarations": ["nixos/modules/services/hardware/rasdaemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable error injection infrastructure.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "rasdaemon", "testing"], "readOnly": false, "type": "boolean"}, "hardware.rtl-sdr.enable": {"declarations": ["nixos/modules/hardware/rtl-sdr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules.\nThis is a prerequisite to using devices supported by rtl-sdr without being root, since rtl-sdr USB descriptors will be owned by plugdev through udev.\n", "loc": ["hardware", "rtl-sdr", "enable"], "readOnly": false, "type": "boolean"}, "hardware.rtl-sdr.package": {"declarations": ["nixos/modules/hardware/rtl-sdr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rtl-sdr"}, "description": "The rtl-sdr package to use.", "loc": ["hardware", "rtl-sdr", "package"], "readOnly": false, "type": "package"}, "hardware.saleae-logic.enable": {"declarations": ["nixos/modules/hardware/saleae-logic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules for Saleae Logic devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "saleae-logic", "enable"], "readOnly": false, "type": "boolean"}, "hardware.saleae-logic.package": {"declarations": ["nixos/modules/hardware/saleae-logic.nix"], "default": {"_type": "literalExpression", "text": "pkgs.saleae-logic-2"}, "description": "Saleae Logic package to use.\n", "loc": ["hardware", "saleae-logic", "package"], "readOnly": false, "type": "package"}, "hardware.sane.backends-package": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sane-backends"}, "description": "The sane-backends package to use.", "loc": ["hardware", "sane", "backends-package"], "readOnly": false, "type": "package"}, "hardware.sane.brscan4.enable": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, will automatically register the \"brscan4\" sane\nbackend and bring configuration files to their expected location.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "sane", "brscan4", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sane.brscan4.netDevices": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The list of network devices that will be registered against the brscan4\nsane backend.\n", "example": {"_type": "literalExpression", "text": "{\n  office1 = {\n    ip = \"192.168.1.2\";\n    model = \"MFC-7860DW\";\n  };\n  office2 = {\n    model = \"MFC-7860DW\";\n    nodename = \"BRW0080927AFBCE\";\n  };\n}"}, "loc": ["hardware", "sane", "brscan4", "netDevices"], "readOnly": false, "type": "attribute set of (submodule)"}, "hardware.sane.brscan4.netDevices.<name>.ip": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ip address of the device. If undefined, you will have to\nprovide a nodename.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.2\""}, "loc": ["hardware", "sane", "brscan4", "netDevices", "<name>", "ip"], "readOnly": false, "type": "null or string"}, "hardware.sane.brscan4.netDevices.<name>.model": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"], "description": "The model of the network device.\n", "example": {"_type": "literalExpression", "text": "\"MFC-7860DW\""}, "loc": ["hardware", "sane", "brscan4", "netDevices", "<name>", "model"], "readOnly": false, "type": "string"}, "hardware.sane.brscan4.netDevices.<name>.name": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"], "description": "The friendly name you give to the network device. If undefined,\nthe name of attribute will be used.\n", "example": {"_type": "literalExpression", "text": "\"office1\""}, "loc": ["hardware", "sane", "brscan4", "netDevices", "<name>", "name"], "readOnly": false, "type": "string"}, "hardware.sane.brscan4.netDevices.<name>.nodename": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The node name of the device. If undefined, you will have to\nprovide an ip.\n", "example": {"_type": "literalExpression", "text": "\"BRW0080927AFBCE\""}, "loc": ["hardware", "sane", "brscan4", "netDevices", "<name>", "nodename"], "readOnly": false, "type": "null or string"}, "hardware.sane.brscan5.enable": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan5.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Brother brscan5 sane backend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "sane", "brscan5", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sane.brscan5.netDevices": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan5.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The list of network devices that will be registered against the brscan5\nsane backend.\n", "example": {"_type": "literalExpression", "text": "{\n  office1 = {\n    ip = \"192.168.1.2\";\n    model = \"MFC-7860DW\";\n  };\n  office2 = {\n    model = \"MFC-7860DW\";\n    nodename = \"BRW0080927AFBCE\";\n  };\n}"}, "loc": ["hardware", "sane", "brscan5", "netDevices"], "readOnly": false, "type": "attribute set of (submodule)"}, "hardware.sane.brscan5.netDevices.<name>.ip": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan5.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ip address of the device. If undefined, you will have to\nprovide a nodename.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.2\""}, "loc": ["hardware", "sane", "brscan5", "netDevices", "<name>", "ip"], "readOnly": false, "type": "null or string"}, "hardware.sane.brscan5.netDevices.<name>.model": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan5.nix"], "description": "The model of the network device.\n", "example": {"_type": "literalExpression", "text": "\"ADS-1200\""}, "loc": ["hardware", "sane", "brscan5", "netDevices", "<name>", "model"], "readOnly": false, "type": "string"}, "hardware.sane.brscan5.netDevices.<name>.name": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan5.nix"], "description": "The friendly name you give to the network device. If undefined,\nthe name of attribute will be used.\n", "example": {"_type": "literalExpression", "text": "\"office1\""}, "loc": ["hardware", "sane", "brscan5", "netDevices", "<name>", "name"], "readOnly": false, "type": "string"}, "hardware.sane.brscan5.netDevices.<name>.nodename": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/brscan5.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The node name of the device. If undefined, you will have to\nprovide an ip.\n", "example": {"_type": "literalExpression", "text": "\"BRW0080927AFBCE\""}, "loc": ["hardware", "sane", "brscan5", "netDevices", "<name>", "nodename"], "readOnly": false, "type": "null or string"}, "hardware.sane.disabledDefaultBackends": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Names of backends which are enabled by default but should be disabled.\nSee `$SANE_CONFIG_DIR/dll.conf` for the list of possible names.\n", "example": {"_type": "literalExpression", "text": "[\n  \"v4l\"\n]"}, "loc": ["hardware", "sane", "disabledDefaultBackends"], "readOnly": false, "type": "list of string"}, "hardware.sane.drivers.scanSnap.enable": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable drivers for the Fujitsu ScanSnap scanners.\n\nThe driver files are unfree and extracted from the Windows driver image.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "sane", "drivers", "scanSnap", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sane.drivers.scanSnap.package": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sane-drivers.epjitsu"}, "description": "The epjitsu package to use. Useful if you want to extract the driver files yourself.\n\nThe process is described in the {file}`/etc/sane.d/epjitsu.conf` file in\nthe `sane-backends` package.\n", "loc": ["hardware", "sane", "drivers", "scanSnap", "package"], "readOnly": false, "type": "package"}, "hardware.sane.dsseries.enable": {"declarations": ["nixos/modules/services/hardware/sane_extra_backends/dsseries.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, will automatically register the \"dsseries\" SANE backend.\n\nThis supports the Brother DSmobile scanner series, including the\nDS-620, DS-720D, DS-820W, and DS-920DW scanners.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "sane", "dsseries", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sane.enable": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for SANE scanners.\n\n::: {.note}\nUsers in the \"scanner\" group will gain access to the scanner, or the \"lp\" group if it's also a printer.\n:::\n", "loc": ["hardware", "sane", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sane.extraBackends": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages providing extra SANE backends to enable.\n\n::: {.note}\nThe example contains the package for HP scanners, and the package for\nApple AirScan and Microsoft WSD support (supports many\nvendors/devices).\n:::\n", "example": {"_type": "literalExpression", "text": "[ pkgs.hplipWithPlugin pkgs.sane-airscan ]"}, "loc": ["hardware", "sane", "extraBackends"], "readOnly": false, "type": "list of absolute path"}, "hardware.sane.netConf": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Network hosts that should be probed for remote scanners.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.16\""}, "loc": ["hardware", "sane", "netConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "hardware.sane.openFirewall": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports needed for discovery of scanners on the local network, e.g.\nneeded for Canon scanners (BJNP protocol).\n", "loc": ["hardware", "sane", "openFirewall"], "readOnly": false, "type": "boolean"}, "hardware.sane.snapshot": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use a development snapshot of SANE scanner drivers.", "loc": ["hardware", "sane", "snapshot"], "readOnly": false, "type": "boolean"}, "hardware.sata.timeout.deciSeconds": {"declarations": ["nixos/modules/hardware/sata.nix"], "description": "Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations.\n\nValues are as follows:\n   0 = disable SCT ERT\n  70 = default in consumer drives (7 seconds)\n\nMaximum is disk dependant but probably 60 seconds.\n", "example": {"_type": "literalExpression", "text": "70"}, "loc": ["hardware", "sata", "timeout", "deciSeconds"], "readOnly": false, "type": "signed integer"}, "hardware.sata.timeout.drives": {"declarations": ["nixos/modules/hardware/sata.nix"], "description": "List of drives for which to configure the timeout.", "loc": ["hardware", "sata", "timeout", "drives"], "readOnly": false, "type": "list of (submodule)"}, "hardware.sata.timeout.drives.*.idBy": {"declarations": ["nixos/modules/hardware/sata.nix"], "default": {"_type": "literalExpression", "text": "\"path\""}, "description": "The method to identify the drive.", "loc": ["hardware", "sata", "timeout", "drives", "*", "idBy"], "readOnly": false, "type": "one of \"path\", \"wwn\""}, "hardware.sata.timeout.drives.*.name": {"declarations": ["nixos/modules/hardware/sata.nix"], "description": "Drive name without the full path.", "loc": ["hardware", "sata", "timeout", "drives", "*", "name"], "readOnly": false, "type": "string"}, "hardware.sata.timeout.enable": {"declarations": ["nixos/modules/hardware/sata.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SATA drive timeouts.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "sata", "timeout", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sensor.hddtemp.dbEntries": {"declarations": ["nixos/modules/hardware/sensor/hddtemp.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional DB entries", "loc": ["hardware", "sensor", "hddtemp", "dbEntries"], "readOnly": false, "type": "list of string"}, "hardware.sensor.hddtemp.drives": {"declarations": ["nixos/modules/hardware/sensor/hddtemp.nix"], "description": "List of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn't like names with colons.", "loc": ["hardware", "sensor", "hddtemp", "drives"], "readOnly": false, "type": "list of string"}, "hardware.sensor.hddtemp.enable": {"declarations": ["nixos/modules/hardware/sensor/hddtemp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option to support HDD/SSD temperature sensors.\n", "loc": ["hardware", "sensor", "hddtemp", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sensor.hddtemp.extraArgs": {"declarations": ["nixos/modules/hardware/sensor/hddtemp.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments passed to the daemon.", "loc": ["hardware", "sensor", "hddtemp", "extraArgs"], "readOnly": false, "type": "list of string"}, "hardware.sensor.hddtemp.unit": {"declarations": ["nixos/modules/hardware/sensor/hddtemp.nix"], "default": {"_type": "literalExpression", "text": "\"C\""}, "description": "Celsius or Fahrenheit", "loc": ["hardware", "sensor", "hddtemp", "unit"], "readOnly": false, "type": "one of \"C\", \"F\""}, "hardware.sensor.iio.enable": {"declarations": ["nixos/modules/hardware/sensor/iio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option to support IIO sensors with iio-sensor-proxy.\n\nIIO sensors are used for orientation and ambient light\nsensors on some mobile devices.\n", "loc": ["hardware", "sensor", "iio", "enable"], "readOnly": false, "type": "boolean"}, "hardware.sensor.iio.package": {"declarations": ["nixos/modules/hardware/sensor/iio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iio-sensor-proxy"}, "description": "The iio-sensor-proxy package to use.", "loc": ["hardware", "sensor", "iio", "package"], "readOnly": false, "type": "package"}, "hardware.sheep_net.enable": {"declarations": ["nixos/modules/hardware/sheep-net.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds\nsheep-net to boot.kernelModules and boot.extraModulePackages\n", "loc": ["hardware", "sheep_net", "enable"], "readOnly": false, "type": "boolean"}, "hardware.spacenavd.enable": {"declarations": ["nixos/modules/services/hardware/spacenavd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable spacenavd to support 3DConnexion devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "spacenavd", "enable"], "readOnly": false, "type": "boolean"}, "hardware.steam-hardware.enable": {"declarations": ["nixos/modules/hardware/steam-hardware.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive", "loc": ["hardware", "steam-hardware", "enable"], "readOnly": false, "type": "boolean"}, "hardware.system76.enableAll": {"declarations": ["nixos/modules/hardware/system-76.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable all recommended configuration for system76 systems.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "system76", "enableAll"], "readOnly": false, "type": "boolean"}, "hardware.system76.firmware-daemon.enable": {"declarations": ["nixos/modules/hardware/system-76.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.system76.enableAll"}, "description": "Whether to enable the system76 firmware daemon", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "system76", "firmware-daemon", "enable"], "readOnly": false, "type": "boolean"}, "hardware.system76.kernel-modules.enable": {"declarations": ["nixos/modules/hardware/system-76.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.system76.enableAll"}, "description": "Whether to make the system76 out-of-tree kernel modules available", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "system76", "kernel-modules", "enable"], "readOnly": false, "type": "boolean"}, "hardware.system76.power-daemon.enable": {"declarations": ["nixos/modules/hardware/system-76.nix"], "default": {"_type": "literalExpression", "text": "config.hardware.system76.enableAll"}, "description": "Whether to enable the system76 power daemon", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "system76", "power-daemon", "enable"], "readOnly": false, "type": "boolean"}, "hardware.tenstorrent.enable": {"declarations": ["nixos/modules/hardware/tenstorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tenstorrent driver & utilities.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "tenstorrent", "enable"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.device": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "\"TPPS/2 IBM TrackPoint\""}, "description": "The device name of the trackpoint. You can check with xinput.\nSome newer devices (example x1c6) use \"TPPS/2 Elan TrackPoint\".\n", "loc": ["hardware", "trackpoint", "device"], "readOnly": false, "type": "string"}, "hardware.trackpoint.draghys": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "255"}, "description": "The drag hysteresis controls how hard it is to drag with z-axis pressed.\n", "example": {"_type": "literalExpression", "text": "200"}, "loc": ["hardware", "trackpoint", "draghys"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.drift_time": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "This parameter controls the period of time to test for a 'hands off' condition (i.e. when no force is applied) before a drift (noise) calibration occurs.\n\nIBM Trackpoints have a feature to compensate for drift by recalibrating themselves periodically. By default, if for 0.5 seconds there is no change in position, it's used as the new zero. This duration is too low. Often, the calibration happens when the trackpoint is in fact being used.\n", "example": {"_type": "literalExpression", "text": "100"}, "loc": ["hardware", "trackpoint", "drift_time"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.emulateWheel": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable scrolling while holding the middle mouse button.\n", "loc": ["hardware", "trackpoint", "emulateWheel"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.enable": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable sensitivity and speed configuration for trackpoints.\n", "loc": ["hardware", "trackpoint", "enable"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.ext_dev": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disable or enable external pointing device.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["hardware", "trackpoint", "ext_dev"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.fakeButtons": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Switch to \"bare\" PS/2 mouse support in case Trackpoint buttons are not recognized\nproperly. This can happen for example on models like the L430, T450, T450s, on\nwhich the Trackpoint buttons are actually a part of the Synaptics touchpad.\n", "loc": ["hardware", "trackpoint", "fakeButtons"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.inertia": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "Negative inertia factor. High values cause the cursor to snap backward when the trackpoint is released.\n", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["hardware", "trackpoint", "inertia"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.jenks": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "135"}, "description": "Minimum curvature in degrees required to generate a double click without a release.\n", "example": {"_type": "literalExpression", "text": "100"}, "loc": ["hardware", "trackpoint", "jenks"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.mindrag": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Minimum amount of force needed to trigger dragging.\n", "example": {"_type": "literalExpression", "text": "30"}, "loc": ["hardware", "trackpoint", "mindrag"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.press_to_select": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Setting this to true will enable the Press to Select functions like tapping the control stick to simulate a left click, and setting false will disable it.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "trackpoint", "press_to_select"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.reach": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Backup range for z-axis press.\n", "example": {"_type": "literalExpression", "text": "20"}, "loc": ["hardware", "trackpoint", "reach"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.sensitivity": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "128"}, "description": "Trackpoint sensitivity.\n", "example": {"_type": "literalExpression", "text": "255"}, "loc": ["hardware", "trackpoint", "sensitivity"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.skipback": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When the skipback bit is set, backup cursor movement during releases from drags will be suppressed. The default value for this bit is 0.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "trackpoint", "skipback"], "readOnly": false, "type": "boolean"}, "hardware.trackpoint.speed": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "97"}, "description": "Speed of the trackpoint cursor.\n", "example": {"_type": "literalExpression", "text": "255"}, "loc": ["hardware", "trackpoint", "speed"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.thresh": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Minimum value for z-axis force required to trigger a press or release, relative to the running average.\n", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["hardware", "trackpoint", "thresh"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.upthresh": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "255"}, "description": "The offset from the running average required to generate a select (click) on z-axis on release.\n", "example": {"_type": "literalExpression", "text": "250"}, "loc": ["hardware", "trackpoint", "upthresh"], "readOnly": false, "type": "signed integer"}, "hardware.trackpoint.ztime": {"declarations": ["nixos/modules/tasks/trackpoint.nix"], "default": {"_type": "literalExpression", "text": "38"}, "description": "This attribute determines how sharp a press has to be in order to be recognized.\n", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["hardware", "trackpoint", "ztime"], "readOnly": false, "type": "signed integer"}, "hardware.tuxedo-drivers.enable": {"declarations": ["nixos/modules/hardware/tuxedo-drivers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable The tuxedo-drivers driver enables access to the following on TUXEDO notebooks:\n- Driver for Fn-keys\n- SysFS control of brightness/color/mode for most TUXEDO keyboards\n- Hardware I/O driver for TUXEDO Control Center\n\nFor more inforation it is best to check at the source code description: <https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers>\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "tuxedo-drivers", "enable"], "readOnly": false, "type": "boolean"}, "hardware.tuxedo-drivers.settings.charging-priority": {"declarations": ["nixos/modules/hardware/tuxedo-drivers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "These options manage the trade-off between battery charging and CPU performance when the USB-C power supply cannot provide sufficient power for both simultaneously:\n- `charge_battery` prioritizes battery charging (driver default)\n- `performance` prioritizes maximum CPU performance\n", "loc": ["hardware", "tuxedo-drivers", "settings", "charging-priority"], "readOnly": false, "type": "null or one of \"charge_battery\", \"performance\""}, "hardware.tuxedo-drivers.settings.charging-profile": {"declarations": ["nixos/modules/hardware/tuxedo-drivers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum charge level to help reduce battery wear:\n- `high_capacity` charges to 100% (driver default)\n- `balanced` charges to 90%\n- `stationary` charges to 80% (maximum lifespan)\n\n**Note:** Regardless of the configured charging profile, the operating system will always report the battery as being charged to 100%.\n", "loc": ["hardware", "tuxedo-drivers", "settings", "charging-profile"], "readOnly": false, "type": "null or one of \"high_capacity\", \"balanced\", \"stationary\""}, "hardware.tuxedo-drivers.settings.fn-lock": {"declarations": ["nixos/modules/hardware/tuxedo-drivers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables or disables the laptop keyboard's Function (Fn) lock at boot.\n\nWhen set to `true`, the Fn lock is enabled, allowing the function keys (F1\u2013F12) to control brightness, volume etc.\n", "loc": ["hardware", "tuxedo-drivers", "settings", "fn-lock"], "readOnly": false, "type": "null or boolean"}, "hardware.tuxedo-rs.enable": {"declarations": ["nixos/modules/services/hardware/tuxedo-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Rust utilities for interacting with hardware from TUXEDO Computers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "tuxedo-rs", "enable"], "readOnly": false, "type": "boolean"}, "hardware.tuxedo-rs.tailor-gui.enable": {"declarations": ["nixos/modules/services/hardware/tuxedo-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tailor-gui, an alternative to TUXEDO Control Center, written in Rust.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "tuxedo-rs", "tailor-gui", "enable"], "readOnly": false, "type": "boolean"}, "hardware.ubertooth.enable": {"declarations": ["nixos/modules/hardware/ubertooth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ubertooth software and its udev rules.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "ubertooth", "enable"], "readOnly": false, "type": "boolean"}, "hardware.ubertooth.group": {"declarations": ["nixos/modules/hardware/ubertooth.nix"], "default": {"_type": "literalExpression", "text": "\"ubertooth\""}, "description": "Group for Ubertooth's udev rules.", "example": {"_type": "literalExpression", "text": "\"wheel\""}, "loc": ["hardware", "ubertooth", "group"], "readOnly": false, "type": "string"}, "hardware.uinput.enable": {"declarations": ["nixos/modules/hardware/uinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uinput support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "uinput", "enable"], "readOnly": false, "type": "boolean"}, "hardware.uni-sync.devices": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of controllers with their configurations.", "example": {"_type": "literalExpression", "text": "[\n  {\n    device_id = \"VID:1111/PID:11111/SN:1111111111\";\n    sync_rgb = true;\n    channels = [\n      {\n        mode = \"PWM\";\n      }\n      {\n        mode = \"Manual\";\n        speed = 100;\n      }\n      {\n        mode = \"Manual\";\n        speed = 54;\n      }\n      {\n        mode = \"Manual\";\n        speed = 0;\n      }\n    ];\n  }\n  {\n    device_id = \"VID:1010/PID:10101/SN:1010101010\";\n    sync_rgb = false;\n    channels = [\n      {\n        mode = \"Manual\";\n        speed = 0;\n      }\n    ];\n  }\n]\n"}, "loc": ["hardware", "uni-sync", "devices"], "readOnly": false, "type": "list of (submodule)"}, "hardware.uni-sync.devices.*.channels": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of channels connected to the controller.", "example": {"_type": "literalExpression", "text": "[\n  {\n    mode = \"PWM\";\n  }\n  {\n    mode = \"Manual\";\n    speed = 100;\n  }\n  {\n    mode = \"Manual\";\n    speed = 54;\n  }\n  {\n    mode = \"Manual\";\n    speed = 0;\n  }\n]\n"}, "loc": ["hardware", "uni-sync", "devices", "*", "channels"], "readOnly": false, "type": "list of (submodule)"}, "hardware.uni-sync.devices.*.channels.*.mode": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "\"Manual\""}, "description": "\"PWM\" to enable PWM sync. \"Manual\" to set speed.", "example": {"_type": "literalExpression", "text": "\"PWM\""}, "loc": ["hardware", "uni-sync", "devices", "*", "channels", "*", "mode"], "readOnly": false, "type": "one of \"Manual\", \"PWM\""}, "hardware.uni-sync.devices.*.channels.*.speed": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "\"50\""}, "description": "Fan speed as percentage (clamped between 0 and 100).", "example": {"_type": "literalExpression", "text": "\"100\""}, "loc": ["hardware", "uni-sync", "devices", "*", "channels", "*", "speed"], "readOnly": false, "type": "signed integer"}, "hardware.uni-sync.devices.*.device_id": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "description": "Unique device ID displayed at each startup.", "example": {"_type": "literalExpression", "text": "\"VID:1111/PID:11111/SN:1111111111\""}, "loc": ["hardware", "uni-sync", "devices", "*", "device_id"], "readOnly": false, "type": "string"}, "hardware.uni-sync.devices.*.sync_rgb": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable ARGB header sync.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "uni-sync", "devices", "*", "sync_rgb"], "readOnly": false, "type": "boolean"}, "hardware.uni-sync.enable": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules and software for Lian Li Uni Controllers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "uni-sync", "enable"], "readOnly": false, "type": "boolean"}, "hardware.uni-sync.package": {"declarations": ["nixos/modules/hardware/uni-sync.nix"], "default": {"_type": "literalExpression", "text": "pkgs.uni-sync"}, "description": "The uni-sync package to use.", "loc": ["hardware", "uni-sync", "package"], "readOnly": false, "type": "package"}, "hardware.usb-modeswitch.enable": {"declarations": ["nixos/modules/hardware/usb-modeswitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option to support certain USB WLAN and WWAN adapters.\n\nThese network adapters initial present themselves as Flash Drives containing their drivers.\nThis option enables automatic switching to the networking mode.\n", "loc": ["hardware", "usb-modeswitch", "enable"], "readOnly": false, "type": "boolean"}, "hardware.usbStorage.manageShutdown": {"declarations": ["nixos/modules/hardware/usb-storage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option to gracefully spin-down external storage during shutdown.\nIf you suspect improper head parking after poweroff, install `smartmontools` and check\nfor the `Power-Off_Retract_Count` field for an increment.\n", "loc": ["hardware", "usbStorage", "manageShutdown"], "readOnly": false, "type": "boolean"}, "hardware.wirelessRegulatoryDatabase": {"declarations": ["nixos/modules/hardware/all-firmware.nix"], "default": {"_type": "literalMD", "text": "Enabled if proprietary firmware is allowed via {option}`enableRedistributableFirmware` or {option}`enableAllFirmware`."}, "description": "Whether to enable loading the wireless regulatory database at boot.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "wirelessRegulatoryDatabase"], "readOnly": false, "type": "boolean"}, "hardware.wooting.enable": {"declarations": ["nixos/modules/hardware/wooting.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Wooting keyboards.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "wooting", "enable"], "readOnly": false, "type": "boolean"}, "hardware.xone.enable": {"declarations": ["nixos/modules/hardware/xone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the xone driver for Xbox One and Xbox Series X|S accessories.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "xone", "enable"], "readOnly": false, "type": "boolean"}, "hardware.xpad-noone.enable": {"declarations": ["nixos/modules/hardware/xpad-noone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Xpad driver from the Linux kernel with support for Xbox One controllers removed.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "xpad-noone", "enable"], "readOnly": false, "type": "boolean"}, "hardware.xpadneo.enable": {"declarations": ["nixos/modules/hardware/xpadneo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the xpadneo driver for Xbox One wireless controllers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["hardware", "xpadneo", "enable"], "readOnly": false, "type": "boolean"}, "hardware.xpadneo.quirks": {"declarations": ["nixos/modules/hardware/xpadneo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Controller-specific quirk flags, keyed by MAC address.\nFlags are combined as a bitmask to address compatibility issues\nwith specific controllers.\n\nThe value is a sum of individual flag values. For example, to apply\nflags 1, 2, and 4, use `7` (1 + 2 + 4). To apply flags 2, 4, and 32,\nuse `38` (2 + 4 + 32).\n\nSee <https://github.com/atar-axis/xpadneo/blob/master/docs/CONFIGURATION.md>\nfor available quirk flags and their values.\n", "example": {"_type": "literalExpression", "text": "{\n  \"11:22:33:44:55:66\" = 7; # Applies flags 1 + 2 + 4\n}\n"}, "loc": ["hardware", "xpadneo", "quirks"], "readOnly": false, "type": "attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "hardware.xpadneo.rumbleAttenuation": {"declarations": ["nixos/modules/hardware/xpadneo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Force feedback attenuation settings. Higher values reduce rumble strength.\n\nSee <https://github.com/atar-axis/xpadneo/blob/master/docs/CONFIGURATION.md>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  overall = 50;   # 50% overall rumble\n  triggers = 50;  # 25% trigger rumble (50% of 50%)\n}\n"}, "loc": ["hardware", "xpadneo", "rumbleAttenuation"], "readOnly": false, "type": "submodule"}, "hardware.xpadneo.rumbleAttenuation.overall": {"declarations": ["nixos/modules/hardware/xpadneo.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Overall force feedback attenuation as a percentage.\n`0` means full rumble, `100` means no rumble.\nApplies to both main and trigger rumble.\n", "loc": ["hardware", "xpadneo", "rumbleAttenuation", "overall"], "readOnly": false, "type": "integer between 0 and 100 (both inclusive)"}, "hardware.xpadneo.rumbleAttenuation.triggers": {"declarations": ["nixos/modules/hardware/xpadneo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra attenuation for trigger rumble as a percentage, applied\non top of {option}`overall`. For example, `overall = 50` and\n`triggers = 50` results in 50% main rumble and 25% trigger rumble.\nSet to `100` to disable trigger rumble while keeping main rumble.\n`null` means no extra trigger attenuation.\n", "loc": ["hardware", "xpadneo", "rumbleAttenuation", "triggers"], "readOnly": false, "type": "null or integer between 0 and 100 (both inclusive)"}, "hardware.xpadneo.settings": {"declarations": ["nixos/modules/hardware/xpadneo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Kernel module parameters for hid_xpadneo. These are passed directly\nto the module via modprobe.\n\nSee <https://github.com/atar-axis/xpadneo/blob/master/docs/CONFIGURATION.md>\nfor available parameters and their values.\n", "example": {"_type": "literalExpression", "text": "{\n  disable_deadzones = 1;\n  trigger_rumble_mode = 2;\n  disable_shift_mode = 1;\n}\n"}, "loc": ["hardware", "xpadneo", "settings"], "readOnly": false, "type": "attribute set of (signed integer or string)"}, "i18n.defaultCharset": {"declarations": ["nixos/modules/config/i18n.nix"], "default": {"_type": "literalExpression", "text": "\"UTF-8\""}, "description": "The default locale character set.\n", "example": {"_type": "literalExpression", "text": "\"ISO-8859-8\""}, "loc": ["i18n", "defaultCharset"], "readOnly": false, "type": "string"}, "i18n.defaultLocale": {"declarations": ["nixos/modules/config/i18n.nix"], "default": {"_type": "literalExpression", "text": "\"en_US.UTF-8\""}, "description": "The default locale. It determines the language for program messages,\nthe format for dates and times, sort order, and so on. Setting the\ndefault character set is done via {option}`i18n.defaultCharset`.\n", "example": {"_type": "literalExpression", "text": "\"nl_NL.UTF-8\""}, "loc": ["i18n", "defaultLocale"], "readOnly": false, "type": "string"}, "i18n.extraLocaleSettings": {"declarations": ["nixos/modules/config/i18n.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of additional system-wide locale settings other than `LANG`\nwhich can be configured with {option}`i18n.defaultLocale`. Note that\nthe `/UTF-8` suffix used in {option}`i18n.extraLocales` indicates a\ncharacter set, and it must not be added manually here. To use a\nnon-`UTF-8` character set such as ISO-XXXX-8, the\n{option}`i18n.localeCharsets` can be used.\n\nNote that if the [`LANGUAGE`\nkey](https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html)\nis used in this option, it is ignored when computing the locales\nrequired to be installed, because the possible values of this key are\nmore diverse and flexible then the others.\n", "example": {"_type": "literalExpression", "text": "{\n  LC_MESSAGES = \"en_US.UTF-8\";\n  LC_TIME = \"de_DE.UTF-8\";\n}"}, "loc": ["i18n", "extraLocaleSettings"], "readOnly": false, "type": "attribute set of string"}, "i18n.extraLocales": {"declarations": ["nixos/modules/config/i18n.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional locales that the system should support, besides the ones\nconfigured with {option}`i18n.defaultLocale` and\n{option}`i18n.extraLocaleSettings`.\nSet this to `\"all\"` to install all available locales.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nl_NL.UTF-8/UTF-8\"\n]"}, "loc": ["i18n", "extraLocales"], "readOnly": false, "type": "(list of string) or value \"all\" (singular enum)"}, "i18n.glibcLocales": {"declarations": ["nixos/modules/config/i18n.nix"], "default": {"_type": "literalExpression", "text": "pkgs.glibcLocales.override {\n  allLocales = lib.elem \"all\" config.i18n.supportedLocales;\n  locales = config.i18n.supportedLocales;\n}\n"}, "description": "Customized pkg.glibcLocales package.\n\nChanging this option can disable handling of i18n.defaultLocale\nand supportedLocale.\n", "example": {"_type": "literalExpression", "text": "pkgs.glibcLocales"}, "loc": ["i18n", "glibcLocales"], "readOnly": false, "type": "absolute path"}, "i18n.inputMethod.enable": {"declarations": ["nixos/modules/i18n/input-method/default.nix"], "default": {"_type": "literalMD", "text": "`true` if the deprecated option `enabled` is set, false otherwise"}, "description": "Whether to enable an additional input method type.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["i18n", "inputMethod", "enable"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.enableGtk2": {"declarations": ["nixos/modules/i18n/input-method/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gtk2 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["i18n", "inputMethod", "enableGtk2"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.enableGtk3": {"declarations": ["nixos/modules/i18n/input-method/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Gtk3 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["i18n", "inputMethod", "enableGtk3"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.enabled": {"declarations": ["nixos/modules/i18n/input-method/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Deprecated - use `type` and `enable = true` instead", "example": {"_type": "literalExpression", "text": "\"fcitx5\""}, "loc": ["i18n", "inputMethod", "enabled"], "readOnly": false, "type": "null or one of \"ibus\", \"fcitx5\", \"nabi\", \"uim\", \"hime\", \"kime\""}, "i18n.inputMethod.fcitx5.addons": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enabled Fcitx5 addons.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ fcitx5-rime ]"}, "loc": ["i18n", "inputMethod", "fcitx5", "addons"], "readOnly": false, "type": "list of package"}, "i18n.inputMethod.fcitx5.ignoreUserConfig": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Ignore the user configures. **Warning**: When this is enabled, the\nuser config files are totally ignored and the user dict can't be saved\nand loaded.\n", "loc": ["i18n", "inputMethod", "fcitx5", "ignoreUserConfig"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.fcitx5.quickPhrase": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Quick phrases.", "example": {"_type": "literalExpression", "text": "{\n  smile = \"\uff08\u30fb\u2200\u30fb\uff09\";\n  angry = \"(\uffe3\u30fc\uffe3)\";\n}\n"}, "loc": ["i18n", "inputMethod", "fcitx5", "quickPhrase"], "readOnly": false, "type": "attribute set of string"}, "i18n.inputMethod.fcitx5.quickPhraseFiles": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Quick phrase files.", "example": {"_type": "literalExpression", "text": "{\n  words = ./words.mb;\n  numbers = ./numbers.mb;\n}\n"}, "loc": ["i18n", "inputMethod", "fcitx5", "quickPhraseFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "i18n.inputMethod.fcitx5.settings.addons": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The addon configures in `conf` folder in ini format with global sections.\nEach item is written to the corresponding file.\n", "example": {"_type": "literalExpression", "text": "{ pinyin.globalSection.EmojiEnabled = \"True\"; }"}, "loc": ["i18n", "inputMethod", "fcitx5", "settings", "addons"], "readOnly": false, "type": "attribute set of anything"}, "i18n.inputMethod.fcitx5.settings.globalOptions": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The global options in `config` file in ini format.\n", "loc": ["i18n", "inputMethod", "fcitx5", "settings", "globalOptions"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "i18n.inputMethod.fcitx5.settings.inputMethod": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The input method configure in `profile` file in ini format.\n", "loc": ["i18n", "inputMethod", "fcitx5", "settings", "inputMethod"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "i18n.inputMethod.fcitx5.waylandFrontend": {"declarations": ["nixos/modules/i18n/input-method/fcitx5.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use the Wayland input method frontend.\nSee [Using Fcitx 5 on Wayland](https://fcitx-im.org/wiki/Using_Fcitx_5_on_Wayland).\n", "loc": ["i18n", "inputMethod", "fcitx5", "waylandFrontend"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.type": {"declarations": ["nixos/modules/i18n/input-method/default.nix"], "default": {"_type": "literalMD", "text": "The value of the deprecated option `enabled`, defaulting to null"}, "description": "Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.\n\nInput methods are specially used to input Chinese, Japanese and Korean characters.\n\nCurrently the following input methods are available in NixOS:\n\n- ibus: The intelligent input bus, extra input engines can be added using `i18n.inputMethod.ibus.engines`.\n- fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using `i18n.inputMethod.fcitx5.addons`.\n- nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.\n- uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.\n- hime: An extremely easy-to-use input method framework.\n- kime: Koream IME.\n", "example": {"_type": "literalExpression", "text": "\"fcitx5\""}, "loc": ["i18n", "inputMethod", "type"], "readOnly": false, "type": "null or one of \"ibus\", \"fcitx5\", \"nabi\", \"uim\", \"hime\", \"kime\""}, "i18n.inputMethod.uim.toolbar": {"declarations": ["nixos/modules/i18n/input-method/uim.nix"], "default": {"_type": "literalExpression", "text": "\"gtk\""}, "description": "selected UIM toolbar.\n", "example": {"_type": "literalExpression", "text": "\"gtk-systray\""}, "loc": ["i18n", "inputMethod", "uim", "toolbar"], "readOnly": false, "type": "one of \"gtk\", \"gtk3\", \"gtk-systray\", \"gtk3-systray\", \"qt5\""}, "i18n.localeCharsets": {"declarations": ["nixos/modules/config/i18n.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Per each {option}`i18n.extraLocaleSettings`, choose the character set\nto use for it. Essentially defaults to UTF-8 for all of them.\n\nNote that for a locale category that uses the `C` locale, setting a\ncharacter set to it via this setting is ignored.\n", "example": {"_type": "literalExpression", "text": "{\n  LC_MESSAGES = \"ISO-8859-15\";\n  LC_TIME = \"ISO-8859-1\";\n}"}, "loc": ["i18n", "localeCharsets"], "readOnly": false, "type": "attribute set of string"}, "image.baseName": {"declarations": ["nixos/modules/image/file-options.nix"], "default": {"_type": "literalExpression", "text": "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"}, "description": "Basename of the image filename without any extension (e.g. `image_1`).\n", "loc": ["image", "baseName"], "readOnly": false, "type": "string"}, "image.extension": {"declarations": ["nixos/modules/image/file-options.nix"], "description": "Extension of the image filename (e.g. `raw`).\n", "loc": ["image", "extension"], "readOnly": false, "type": "string"}, "image.fileName": {"declarations": ["nixos/modules/image/file-options.nix"], "default": {"_type": "literalExpression", "text": "${config.image.baseName}.${config.image.extension}"}, "description": "Filename of the image including all extensions (e.g `image_1.raw` or\n`image_1.raw.zst`).\n", "loc": ["image", "fileName"], "readOnly": false, "type": "string"}, "image.filePath": {"declarations": ["nixos/modules/image/file-options.nix"], "default": {"_type": "literalExpression", "text": "config.image.fileName"}, "description": "Path of the image, relative to `$out` in `system.build.image`.\nWhile it defaults to `config.image.fileName`, it can be different for builders where\nthe image is in sub directory, such as `iso`, `sd-card` or `kexec` images.\n", "loc": ["image", "filePath"], "readOnly": false, "type": "string"}, "image.modules": {"declarations": ["nixos/modules/image/images.nix"], "description": "image-specific NixOS Modules used for `system.build.images`.\n", "loc": ["image", "modules"], "readOnly": false, "type": "attribute set of module"}, "image.repart.compression.algorithm": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "\"zstd\""}, "description": "Compression algorithm", "loc": ["image", "repart", "compression", "algorithm"], "readOnly": false, "type": "one of \"zstd\", \"xz\", \"zstd-seekable\""}, "image.repart.compression.enable": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Image compression.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["image", "repart", "compression", "enable"], "readOnly": false, "type": "boolean"}, "image.repart.compression.level": {"declarations": ["nixos/modules/image/repart.nix"], "description": "Compression level. The available range depends on the used algorithm.\n", "loc": ["image", "repart", "compression", "level"], "readOnly": false, "type": "signed integer"}, "image.repart.imageSize": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Size of the produced image in bytes with optional K, M, G, T suffix,\n        or 'auto' to determine the minimal size automatically", "example": {"_type": "literalExpression", "text": "\"512G\""}, "loc": ["image", "repart", "imageSize"], "readOnly": false, "type": "string matching the pattern ^([0-9]+[KMGTP]?|auto)$"}, "image.repart.mkfsOptions": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify extra options for created file systems. The specified options\nare converted to individual environment variables of the format\n`SYSTEMD_REPART_MKFS_OPTIONS_<FSTYPE>`.\n\nSee [upstream systemd documentation](https://github.com/systemd/systemd/blob/v255/docs/ENVIRONMENT.md?plain=1#L575-L577)\nfor information about the usage of these environment variables.\n\nThe example would produce the following environment variable:\n```\nSYSTEMD_REPART_MKFS_OPTIONS_VFAT=\"-S 512 -c\"\n```\n", "example": {"_type": "literalExpression", "text": "{\n  vfat = [ \"-S 512\" \"-c\" ];\n}\n"}, "loc": ["image", "repart", "mkfsOptions"], "readOnly": false, "type": "attribute set of list of string"}, "image.repart.name": {"declarations": ["nixos/modules/image/repart.nix"], "description": "  Name of the image.\n\nIf this option is unset but config.system.image.id is set,\nconfig.system.image.id is used as the default value.\n", "loc": ["image", "repart", "name"], "readOnly": false, "type": "string"}, "image.repart.package": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "pkgs.buildPackages.systemd"}, "description": "The systemd-repart package to use.", "example": {"_type": "literalExpression", "text": "pkgs.buildPackages.systemdMinimal.override { withCryptsetup = true; }"}, "loc": ["image", "repart", "package"], "readOnly": false, "type": "package"}, "image.repart.partitions": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify partitions as a set of the names of the partitions with their\nconfiguration as the key.\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-esp\" = {\n    contents = {\n      \"/EFI/BOOT/BOOTX64.EFI\".source =\n        \"${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi\";\n    };\n    repartConfig = {\n      Type = \"esp\";\n      Format = \"vfat\";\n    };\n  };\n  \"20-root\" = {\n    storePaths = [ config.system.build.toplevel ];\n    repartConfig = {\n      Type = \"root\";\n      Format = \"ext4\";\n      Minimize = \"guess\";\n    };\n  };\n};\n"}, "loc": ["image", "repart", "partitions"], "readOnly": false, "type": "attribute set of (submodule)"}, "image.repart.partitions.<name>.contents": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The contents to end up in the filesystem image.", "example": {"_type": "literalExpression", "text": "{\n  \"/EFI/BOOT/BOOTX64.EFI\".source =\n    \"${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi\";\n\n  \"/loader/entries/nixos.conf\".source = systemdBootEntry;\n}\n"}, "loc": ["image", "repart", "partitions", "<name>", "contents"], "readOnly": false, "type": "attribute set of (submodule)"}, "image.repart.partitions.<name>.contents.<name>.source": {"declarations": ["nixos/modules/image/repart.nix"], "description": "Path of the source file.", "loc": ["image", "repart", "partitions", "<name>", "contents", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "image.repart.partitions.<name>.nixStorePrefix": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/store\""}, "description": "The prefix to use for store paths. Defaults to `/nix/store`. This is\nuseful when you want to build a partition that only contains store\npaths and is mounted under `/nix/store` or if you want to create the\nstore paths below a parent path (e.g., `/@nix/nix/store`).\n", "loc": ["image", "repart", "partitions", "<name>", "nixStorePrefix"], "readOnly": false, "type": "absolute path"}, "image.repart.partitions.<name>.repartConfig": {"declarations": ["nixos/modules/image/repart.nix"], "description": "Specify the repart options for a partiton as a structural setting.\nSee {manpage}`repart.d(5)`\nfor all available options.\n", "example": {"_type": "literalExpression", "text": "{\n  SizeMaxBytes = \"2G\";\n  SizeMinBytes = \"512M\";\n  Type = \"home\";\n}"}, "loc": ["image", "repart", "partitions", "<name>", "repartConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean or list of string)"}, "image.repart.partitions.<name>.storePaths": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The store paths to include in the partition.", "loc": ["image", "repart", "partitions", "<name>", "storePaths"], "readOnly": false, "type": "list of absolute path"}, "image.repart.sectorSize": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "512"}, "description": "The sector size of the disk image produced by systemd-repart. This\nvalue must be a power of 2 between 512 and 4096.\n", "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["image", "repart", "sectorSize"], "readOnly": false, "type": "null or signed integer"}, "image.repart.seed": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "\"0867da16-f251-457d-a9e8-c31f9a3c220b\""}, "description": "A UUID to use as a seed. You can set this to `random` to explicitly\nrandomize the partition UUIDs.\nSee {manpage}`systemd-repart(8)` for more information.\n", "loc": ["image", "repart", "seed"], "readOnly": false, "type": "null or string"}, "image.repart.split": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables generation of split artifacts from partitions. If enabled, for\neach partition with SplitName= set, a separate output file containing\njust the contents of that partition is generated.\n", "loc": ["image", "repart", "split"], "readOnly": false, "type": "boolean"}, "image.repart.verityStore.enable": {"declarations": ["nixos/modules/image/repart-verity-store.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable building images with a dm-verity protected nix store.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["image", "repart", "verityStore", "enable"], "readOnly": false, "type": "boolean"}, "image.repart.verityStore.partitionIds.esp": {"declarations": ["nixos/modules/image/repart-verity-store.nix"], "default": {"_type": "literalExpression", "text": "\"00-esp\""}, "description": "Specify the attribute name of the ESP.\n", "loc": ["image", "repart", "verityStore", "partitionIds", "esp"], "readOnly": false, "type": "string"}, "image.repart.verityStore.partitionIds.store": {"declarations": ["nixos/modules/image/repart-verity-store.nix"], "default": {"_type": "literalExpression", "text": "\"20-store\""}, "description": "Specify the attribute name of the store partition.\n", "loc": ["image", "repart", "verityStore", "partitionIds", "store"], "readOnly": false, "type": "string"}, "image.repart.verityStore.partitionIds.store-verity": {"declarations": ["nixos/modules/image/repart-verity-store.nix"], "default": {"_type": "literalExpression", "text": "\"10-store-verity\""}, "description": "Specify the attribute name of the store's dm-verity hash partition.\n", "loc": ["image", "repart", "verityStore", "partitionIds", "store-verity"], "readOnly": false, "type": "string"}, "image.repart.verityStore.ukiPath": {"declarations": ["nixos/modules/image/repart-verity-store.nix"], "default": {"_type": "literalExpression", "text": "\"/EFI/Linux/\\${config.system.boot.loader.ukiFile}\""}, "description": "Specify the location on the ESP where the UKI is placed.\n", "loc": ["image", "repart", "verityStore", "ukiPath"], "readOnly": false, "type": "string"}, "image.repart.version": {"declarations": ["nixos/modules/image/repart.nix"], "default": {"_type": "literalExpression", "text": "config.system.image.version"}, "description": "Version of the image", "loc": ["image", "repart", "version"], "readOnly": false, "type": "null or string"}, "lib": {"declarations": ["nixos/modules/misc/lib.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows modules to define helper functions, constants, etc.\n", "loc": ["lib"], "readOnly": false, "type": "attribute set of (attribute set)"}, "location.latitude": {"declarations": ["nixos/modules/config/locale.nix"], "description": "Your current latitude, between\n`-90.0` and `90.0`. Must be provided\nalong with longitude.\n", "loc": ["location", "latitude"], "readOnly": false, "type": "floating point number"}, "location.longitude": {"declarations": ["nixos/modules/config/locale.nix"], "description": "Your current longitude, between\nbetween `-180.0` and `180.0`. Must be\nprovided along with latitude.\n", "loc": ["location", "longitude"], "readOnly": false, "type": "floating point number"}, "location.provider": {"declarations": ["nixos/modules/config/locale.nix"], "default": {"_type": "literalExpression", "text": "\"manual\""}, "description": "The location provider to use for determining your location. If set to\n`manual` you must also provide latitude/longitude.\n", "loc": ["location", "provider"], "readOnly": false, "type": "one of \"manual\", \"geoclue2\""}, "meta.maintainers": {"declarations": ["modules/generic/meta-maintainers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of maintainers of each module.\nThis option should be defined at most once per module.\n\nThe option value is not a list of maintainers, but an attribute set that maps module file names to lists of maintainers.\n", "example": {"_type": "literalExpression", "text": "[ lib.maintainers.alice lib.maintainers.bob ]"}, "loc": ["meta", "maintainers"], "readOnly": false, "type": "list of (maintainer)"}, "networking.bonds": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define bond devices that aggregate multiple,\nunderlying networking interfaces together. The value of this option is\nan attribute set. Each attribute specifies a bond, with the attribute\nname specifying the name of the bond's network interface\n", "example": {"_type": "literalExpression", "text": "{\n  bond0 = {\n    interfaces = [ \"eth0\" \"wlan0\" ];\n    driverOptions = {\n  miimon = \"100\";\n  mode = \"active-backup\";\n}\n;\n  };\n  anotherBond.interfaces = [ \"enp4s0f0\" \"enp4s0f1\" \"enp5s0f0\" \"enp5s0f1\" ];\n}\n"}, "loc": ["networking", "bonds"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.bonds.<name>.driverOptions": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the bonding driver.\nDocumentation can be found in\n<https://www.kernel.org/doc/Documentation/networking/bonding.txt>\n", "example": {"_type": "literalExpression", "text": "{\n  miimon = \"100\";\n  mode = \"active-backup\";\n}\n"}, "loc": ["networking", "bonds", "<name>", "driverOptions"], "readOnly": false, "type": "attribute set of string"}, "networking.bonds.<name>.interfaces": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The interfaces to bond together", "example": {"_type": "literalExpression", "text": "[\n  \"enp4s0f0\"\n  \"enp4s0f1\"\n  \"wlan0\"\n]"}, "loc": ["networking", "bonds", "<name>", "interfaces"], "readOnly": false, "type": "list of string"}, "networking.bonds.<name>.lacp_rate": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DEPRECATED, use `driverOptions`.\nOption specifying the rate in which we'll ask our link partner\nto transmit LACPDU packets in 802.3ad mode.\n", "example": {"_type": "literalExpression", "text": "\"fast\""}, "loc": ["networking", "bonds", "<name>", "lacp_rate"], "readOnly": false, "type": "null or string"}, "networking.bonds.<name>.miimon": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DEPRECATED, use `driverOptions`.\nMiimon is the number of millisecond in between each round of polling\nby the device driver for failed links. By default polling is not\nenabled and the driver is trusted to properly detect and handle\nfailure scenarios.\n", "example": {"_type": "literalExpression", "text": "100"}, "loc": ["networking", "bonds", "<name>", "miimon"], "readOnly": false, "type": "null or signed integer"}, "networking.bonds.<name>.mode": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DEPRECATED, use `driverOptions`.\nThe mode which the bond will be running. The default mode for\nthe bonding driver is balance-rr, optimizing for throughput.\nMore information about valid modes can be found at\nhttps://www.kernel.org/doc/Documentation/networking/bonding.txt\n", "example": {"_type": "literalExpression", "text": "\"active-backup\""}, "loc": ["networking", "bonds", "<name>", "mode"], "readOnly": false, "type": "null or string"}, "networking.bonds.<name>.xmit_hash_policy": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DEPRECATED, use `driverOptions`.\nSelects the transmit hash policy to use for slave selection in\nbalance-xor, 802.3ad, and tlb modes.\n", "example": {"_type": "literalExpression", "text": "\"layer2+3\""}, "loc": ["networking", "bonds", "<name>", "xmit_hash_policy"], "readOnly": false, "type": "null or string"}, "networking.bridges": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define Ethernet bridge devices\nthat connect physical networks together.  The value of this\noption is an attribute set.  Each attribute specifies a\nbridge, with the attribute name specifying the name of the\nbridge's network interface.\n", "example": {"_type": "literalExpression", "text": "{\n  br0 = {\n    interfaces = [\n      \"eth0\"\n      \"eth1\"\n    ];\n  };\n  br1 = {\n    interfaces = [\n      \"eth2\"\n      \"wlan0\"\n    ];\n  };\n}"}, "loc": ["networking", "bridges"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.bridges.<name>.interfaces": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The physical network interfaces connected by the bridge.", "example": {"_type": "literalExpression", "text": "[\n  \"eth0\"\n  \"eth1\"\n]"}, "loc": ["networking", "bridges", "<name>", "interfaces"], "readOnly": false, "type": "list of string"}, "networking.bridges.<name>.rstp": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the bridge interface should enable rstp.", "loc": ["networking", "bridges", "<name>", "rstp"], "readOnly": false, "type": "boolean"}, "networking.defaultGateway": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default gateway. It can be left empty if it is auto-detected through DHCP.\nIt can be specified as a string or an option set along with a network interface.\n", "example": {"_type": "literalExpression", "text": "{\n  address = \"131.211.84.1\";\n  interface = \"enp3s0\";\n  source = \"131.211.84.2\";\n}"}, "loc": ["networking", "defaultGateway"], "readOnly": false, "type": "null or ((submodule) or string convertible to it)"}, "networking.defaultGateway.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The default gateway address.", "loc": ["networking", "defaultGateway", "address"], "readOnly": false, "type": "string"}, "networking.defaultGateway.interface": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default gateway interface.", "example": {"_type": "literalExpression", "text": "\"enp0s3\""}, "loc": ["networking", "defaultGateway", "interface"], "readOnly": false, "type": "null or string"}, "networking.defaultGateway.metric": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default gateway metric/preference.", "example": {"_type": "literalExpression", "text": "42"}, "loc": ["networking", "defaultGateway", "metric"], "readOnly": false, "type": "null or signed integer"}, "networking.defaultGateway.source": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default source address.", "loc": ["networking", "defaultGateway", "source"], "readOnly": false, "type": "null or string"}, "networking.defaultGateway6": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP.\nIt can be specified as a string or an option set along with a network interface.\n", "example": {"_type": "literalExpression", "text": "{\n  address = \"2001:4d0:1e04:895::1\";\n  interface = \"enp3s0\";\n  source = \"2001:4d0:1e04:895::2\";\n}"}, "loc": ["networking", "defaultGateway6"], "readOnly": false, "type": "null or ((submodule) or string convertible to it)"}, "networking.defaultGateway6.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The default gateway address.", "loc": ["networking", "defaultGateway6", "address"], "readOnly": false, "type": "string"}, "networking.defaultGateway6.interface": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default gateway interface.", "example": {"_type": "literalExpression", "text": "\"enp0s3\""}, "loc": ["networking", "defaultGateway6", "interface"], "readOnly": false, "type": "null or string"}, "networking.defaultGateway6.metric": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default gateway metric/preference.", "example": {"_type": "literalExpression", "text": "42"}, "loc": ["networking", "defaultGateway6", "metric"], "readOnly": false, "type": "null or signed integer"}, "networking.defaultGateway6.source": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default source address.", "loc": ["networking", "defaultGateway6", "source"], "readOnly": false, "type": "null or string"}, "networking.defaultGatewayWindowSize": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The window size of the default gateway. It limits maximal data bursts that TCP peers\nare allowed to send to us.\n", "example": {"_type": "literalExpression", "text": "524288"}, "loc": ["networking", "defaultGatewayWindowSize"], "readOnly": false, "type": "null or signed integer"}, "networking.dhcpcd.IPv6rs": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Force enable or disable solicitation and receipt of IPv6 Router Advertisements.\nThis is required, for example, when using a static unique local IPv6 address (ULA)\nand global IPv6 address auto-configuration with SLAAC.\n", "loc": ["networking", "dhcpcd", "IPv6rs"], "readOnly": false, "type": "null or boolean"}, "networking.dhcpcd.allowInterfaces": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable the DHCP client for any interface whose name matches\nany of the shell glob patterns in this list. Any interface not\nexplicitly matched by this pattern will be denied. This pattern only\napplies when non-null.\n", "loc": ["networking", "dhcpcd", "allowInterfaces"], "readOnly": false, "type": "null or (list of string)"}, "networking.dhcpcd.allowSetuid": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to relax the security sandbox to allow running setuid\nbinaries (e.g. `sudo`) in the dhcpcd hooks.\n", "loc": ["networking", "dhcpcd", "allowSetuid"], "readOnly": false, "type": "boolean"}, "networking.dhcpcd.denyInterfaces": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Disable the DHCP client for any interface whose name matches\nany of the shell glob patterns in this list. The purpose of\nthis option is to blacklist virtual interfaces such as those\ncreated by Xen, libvirt, LXC, etc.\n", "loc": ["networking", "dhcpcd", "denyInterfaces"], "readOnly": false, "type": "list of string"}, "networking.dhcpcd.enable": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable dhcpcd for device configuration. This is mainly to\nexplicitly disable dhcpcd (for example when using networkd).\n", "loc": ["networking", "dhcpcd", "enable"], "readOnly": false, "type": "boolean"}, "networking.dhcpcd.extraConfig": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Literal string to append to the config file generated for dhcpcd.\n", "loc": ["networking", "dhcpcd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.dhcpcd.persistent": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to leave interfaces configured on dhcpcd daemon\nshutdown. Set to true if you have your root or store mounted\nover the network or this machine accepts SSH connections\nthrough DHCP interfaces and clients should be notified when\nit shuts down.\n", "loc": ["networking", "dhcpcd", "persistent"], "readOnly": false, "type": "boolean"}, "networking.dhcpcd.runHook": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell code that will be run after all other hooks. See\n`man dhcpcd-run-hooks` for details on what is possible.\n\n::: {.note}\nTo use sudo or similar tools in your script you may have to set:\n\n    networking.dhcpcd.allowSetuid = true;\n\nIn addition, as most of the filesystem is inaccessible to dhcpcd\nby default, you may want to define some exceptions, e.g.\n\n    systemd.services.dhcpcd.serviceConfig.ReadOnlyPaths = [\n      \"/run/user/1000/bus\"  # to send desktop notifications\n    ];\n:::\n", "example": {"_type": "literalExpression", "text": "\"if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi\""}, "loc": ["networking", "dhcpcd", "runHook"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.dhcpcd.setHostname": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set the machine hostname based on the information\nreceived from the DHCP server.\n\n::: {.note}\nThe hostname will be changed only if the current one is\nthe empty string, `localhost` or `nixos`.\n\nPolkit ([](#opt-security.polkit.enable)) is also required.\n:::\n", "loc": ["networking", "dhcpcd", "setHostname"], "readOnly": false, "type": "boolean"}, "networking.dhcpcd.wait": {"declarations": ["nixos/modules/services/networking/dhcpcd.nix"], "default": {"_type": "literalExpression", "text": "\"any\""}, "description": "This option specifies when the dhcpcd service will fork to background.\nIf set to \"background\", dhcpcd will fork to background immediately.\nIf set to \"ipv4\" or \"ipv6\", dhcpcd will wait for the corresponding IP\naddress to be assigned. If set to \"any\", dhcpcd will wait for any type\n(IPv4 or IPv6) to be assigned. If set to \"both\", dhcpcd will wait for\nboth an IPv4 and an IPv6 address before forking.\nThe option \"if-carrier-up\" is equivalent to \"any\" if either ethernet\nis plugged or WiFi is powered, and to \"background\" otherwise.\n", "loc": ["networking", "dhcpcd", "wait"], "readOnly": false, "type": "one of \"background\", \"any\", \"ipv4\", \"ipv6\", \"both\", \"if-carrier-up\""}, "networking.domain": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The system domain name. Used to populate the {option}`fqdn` value.\n\n::: {.warning}\nThe domain name is not configured for DNS resolution purposes, see {option}`search` instead.\n:::\n", "example": {"_type": "literalExpression", "text": "\"home.arpa\""}, "loc": ["networking", "domain"], "readOnly": false, "type": "null or string"}, "networking.enableB43Firmware": {"declarations": ["nixos/modules/hardware/network/b43.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turn on this option if you want firmware for the NICs supported by the b43 module.\n", "loc": ["networking", "enableB43Firmware"], "readOnly": false, "type": "boolean"}, "networking.enableIPv6": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable support for IPv6.\n", "loc": ["networking", "enableIPv6"], "readOnly": false, "type": "boolean"}, "networking.enableIntel2200BGFirmware": {"declarations": ["nixos/modules/hardware/network/intel-2200bg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turn on this option if you want firmware for the Intel\nPRO/Wireless 2200BG to be loaded automatically.  This is\nrequired if you want to use this device.\n", "loc": ["networking", "enableIntel2200BGFirmware"], "readOnly": false, "type": "boolean"}, "networking.extraHosts": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional verbatim entries to be appended to {file}`/etc/hosts`.\nFor adding hosts from derivation results, use {option}`networking.hostFiles` instead.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.1 lanlocalhost\""}, "loc": ["networking", "extraHosts"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.firewall.allowPing": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to respond to incoming ICMPv4 echo requests\n(\"pings\").  ICMPv6 pings are always allowed because the\nlarger address space of IPv6 makes network scanning much\nless effective.\n", "loc": ["networking", "firewall", "allowPing"], "readOnly": false, "type": "boolean"}, "networking.firewall.allowedTCPPortRanges": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A range of TCP ports on which incoming connections are\naccepted.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    from = 8999;\n    to = 9003;\n  }\n]"}, "loc": ["networking", "firewall", "allowedTCPPortRanges"], "readOnly": false, "type": "list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.allowedTCPPorts": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of TCP ports on which incoming connections are\naccepted.\n", "example": {"_type": "literalExpression", "text": "[\n  22\n  80\n]"}, "loc": ["networking", "firewall", "allowedTCPPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.allowedUDPPortRanges": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Range of open UDP ports.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    from = 60000;\n    to = 61000;\n  }\n]"}, "loc": ["networking", "firewall", "allowedUDPPortRanges"], "readOnly": false, "type": "list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.allowedUDPPorts": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of open UDP ports.\n", "example": {"_type": "literalExpression", "text": "[\n  53\n]"}, "loc": ["networking", "firewall", "allowedUDPPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.autoLoadConntrackHelpers": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to auto-load connection-tracking helpers.\nSee the description at networking.firewall.connectionTrackingModules\n\n(needs kernel 3.5+)\n", "loc": ["networking", "firewall", "autoLoadConntrackHelpers"], "readOnly": false, "type": "boolean"}, "networking.firewall.backend": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "if config.services.firewalld.enable then\n  \"firewalld\"\nelse if config.networking.nftables.enable then\n  \"nftables\"\nelse\n  \"iptables\"\n"}, "description": "Underlying implementation for the firewall service.\n", "loc": ["networking", "firewall", "backend"], "readOnly": false, "type": "one of \"iptables\", \"nftables\", \"firewalld\""}, "networking.firewall.checkReversePath": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalMD", "text": "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"}, "description": "Performs a reverse path filter test on a packet.  If a reply\nto the packet would not be sent via the same interface that\nthe packet arrived on, it is refused.\n\nIf using asymmetric routing or other complicated routing, set\nthis option to loose mode or disable it and setup your own\ncounter-measures.\n\nThis option can be either true (or \"strict\"), \"loose\" (only\ndrop the packet if the source address is not reachable via any\ninterface) or false.\n", "example": {"_type": "literalExpression", "text": "\"loose\""}, "loc": ["networking", "firewall", "checkReversePath"], "readOnly": false, "type": "boolean or one of \"strict\", \"loose\""}, "networking.firewall.connectionTrackingModules": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of connection-tracking helpers that are auto-loaded.\nThe complete list of possible values is given in the example.\n\nAs helpers can pose as a security risk, it is advised to\nset this to an empty list and disable the setting\nnetworking.firewall.autoLoadConntrackHelpers unless you\nknow what you are doing. Connection tracking is disabled\nby default.\n\nLoading of helpers is recommended to be done through the\nCT target.  More info:\n<https://home.regit.org/netfilter-en/secure-use-of-helpers/>\n", "example": {"_type": "literalExpression", "text": "[\n  \"ftp\"\n  \"irc\"\n  \"sane\"\n  \"sip\"\n  \"tftp\"\n  \"amanda\"\n  \"h323\"\n  \"netbios_sn\"\n  \"pptp\"\n  \"snmp\"\n]"}, "loc": ["networking", "firewall", "connectionTrackingModules"], "readOnly": false, "type": "list of string"}, "networking.firewall.enable": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the firewall.  This is a simple stateful\nfirewall that blocks connection attempts to unauthorised TCP\nor UDP ports on this machine.\n", "loc": ["networking", "firewall", "enable"], "readOnly": false, "type": "boolean"}, "networking.firewall.extraCommands": {"declarations": ["nixos/modules/services/networking/firewall-iptables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell commands executed as part of the firewall\ninitialisation script.  These are executed just before the\nfinal \"reject\" firewall rule is added, so they can be used\nto allow packets that would otherwise be refused.\n\nThis option only works with the iptables based firewall.\n", "example": {"_type": "literalExpression", "text": "\"iptables -A INPUT -p icmp -j ACCEPT\""}, "loc": ["networking", "firewall", "extraCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.firewall.extraForwardRules": {"declarations": ["nixos/modules/services/networking/firewall-nftables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional nftables rules to be appended to the forward-allow\nchain.\n\nThis option only works with the nftables based firewall.\n", "example": {"_type": "literalExpression", "text": "\"iifname wg0 accept\""}, "loc": ["networking", "firewall", "extraForwardRules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.firewall.extraInputRules": {"declarations": ["nixos/modules/services/networking/firewall-nftables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional nftables rules to be appended to the input-allow\nchain.\n\nThis option only works with the nftables based firewall.\n", "example": {"_type": "literalExpression", "text": "\"ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept\""}, "loc": ["networking", "firewall", "extraInputRules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.firewall.extraPackages": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to be included in the environment of the system\nas well as the path of networking.firewall.extraCommands.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.ipset ]"}, "loc": ["networking", "firewall", "extraPackages"], "readOnly": false, "type": "list of package"}, "networking.firewall.extraReversePathFilterRules": {"declarations": ["nixos/modules/services/networking/firewall-nftables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional nftables rules to be appended to the rpfilter-allow\nchain.\n\nThis option only works with the nftables based firewall.\n", "example": {"_type": "literalExpression", "text": "\"fib daddr . mark . iif type local accept\""}, "loc": ["networking", "firewall", "extraReversePathFilterRules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.firewall.extraStopCommands": {"declarations": ["nixos/modules/services/networking/firewall-iptables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell commands executed as part of the firewall\nshutdown script.  These are executed just after the removal\nof the NixOS input rule, or if the service enters a failed\nstate.\n\nThis option only works with the iptables based firewall.\n", "example": {"_type": "literalExpression", "text": "\"iptables -P INPUT ACCEPT\""}, "loc": ["networking", "firewall", "extraStopCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.firewall.filterForward": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable filtering in IP forwarding.\n\nThis option only works with the nftables based firewall.\n", "loc": ["networking", "firewall", "filterForward"], "readOnly": false, "type": "boolean"}, "networking.firewall.interfaces": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Interface-specific open ports.\n", "loc": ["networking", "firewall", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.firewall.interfaces.<name>.allowedTCPPortRanges": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A range of TCP ports on which incoming connections are\naccepted.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    from = 8999;\n    to = 9003;\n  }\n]"}, "loc": ["networking", "firewall", "interfaces", "<name>", "allowedTCPPortRanges"], "readOnly": false, "type": "list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.interfaces.<name>.allowedTCPPorts": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of TCP ports on which incoming connections are\naccepted.\n", "example": {"_type": "literalExpression", "text": "[\n  22\n  80\n]"}, "loc": ["networking", "firewall", "interfaces", "<name>", "allowedTCPPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.interfaces.<name>.allowedUDPPortRanges": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Range of open UDP ports.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    from = 60000;\n    to = 61000;\n  }\n]"}, "loc": ["networking", "firewall", "interfaces", "<name>", "allowedUDPPortRanges"], "readOnly": false, "type": "list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.interfaces.<name>.allowedUDPPorts": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of open UDP ports.\n", "example": {"_type": "literalExpression", "text": "[\n  53\n]"}, "loc": ["networking", "firewall", "interfaces", "<name>", "allowedUDPPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.firewall.logRefusedConnections": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to log rejected or dropped incoming connections.\nNote: The logs are found in the kernel logs, i.e. dmesg\nor journalctl -k.\n", "loc": ["networking", "firewall", "logRefusedConnections"], "readOnly": false, "type": "boolean"}, "networking.firewall.logRefusedPackets": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to log all rejected or dropped incoming packets.\nThis tends to give a lot of log messages, so it's mostly\nuseful for debugging.\nNote: The logs are found in the kernel logs, i.e. dmesg\nor journalctl -k.\n", "loc": ["networking", "firewall", "logRefusedPackets"], "readOnly": false, "type": "boolean"}, "networking.firewall.logRefusedUnicastsOnly": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If {option}`networking.firewall.logRefusedPackets`\nand this option are enabled, then only log packets\nspecifically directed at this machine, i.e., not broadcasts\nor multicasts.\n", "loc": ["networking", "firewall", "logRefusedUnicastsOnly"], "readOnly": false, "type": "boolean"}, "networking.firewall.logReversePathDrops": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Logs dropped packets failing the reverse path filter test if\nthe option networking.firewall.checkReversePath is enabled.\n", "loc": ["networking", "firewall", "logReversePathDrops"], "readOnly": false, "type": "boolean"}, "networking.firewall.package": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.nftables.enable then \"pkgs.nftables\" else \"pkgs.iptables\""}, "description": "The package to use for running the firewall service.\n", "example": {"_type": "literalExpression", "text": "pkgs.iptables-legacy"}, "loc": ["networking", "firewall", "package"], "readOnly": false, "type": "package"}, "networking.firewall.pingLimit": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If pings are allowed, this allows setting rate limits on them.\n\nFor the iptables based firewall, it should be set like\n\"--limit 1/minute --limit-burst 5\".\n\nFor the nftables based firewall, it should be set like\n\"2/second\" or \"1/minute burst 5 packets\".\n", "example": {"_type": "literalExpression", "text": "\"--limit 1/minute --limit-burst 5\""}, "loc": ["networking", "firewall", "pingLimit"], "readOnly": false, "type": "null or strings concatenated with \" \""}, "networking.firewall.rejectPackets": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, refused packets are rejected rather than dropped\n(ignored).  This means that an ICMP \"port unreachable\" error\nmessage is sent back to the client (or a TCP RST packet in\ncase of an existing connection).  Rejecting packets makes\nport scanning somewhat easier.\n", "loc": ["networking", "firewall", "rejectPackets"], "readOnly": false, "type": "boolean"}, "networking.firewall.trustedInterfaces": {"declarations": ["nixos/modules/services/networking/firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Traffic coming in from these interfaces will be accepted\nunconditionally.  Traffic from the loopback (lo) interface\nwill always be accepted.\n", "example": {"_type": "literalExpression", "text": "[\n  \"enp0s2\"\n]"}, "loc": ["networking", "firewall", "trustedInterfaces"], "readOnly": false, "type": "list of string"}, "networking.fooOverUDP": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to configure Foo Over UDP and Generic UDP Encapsulation\nendpoints. See {manpage}`ip-fou(8)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  backup = {\n    port = 9002;\n  };\n  primary = {\n    local = {\n      address = \"192.0.2.1\";\n      dev = \"eth0\";\n    };\n    port = 9001;\n  };\n}"}, "loc": ["networking", "fooOverUDP"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.fooOverUDP.<name>.local": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Local address (and optionally device) to bind to using the given port.\n", "example": {"_type": "literalExpression", "text": "{\n  address = \"203.0.113.22\";\n}"}, "loc": ["networking", "fooOverUDP", "<name>", "local"], "readOnly": false, "type": "null or (submodule)"}, "networking.fooOverUDP.<name>.local.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Local address to bind to. The address must be available when the FOU\nendpoint is created, using the scripted network setup this can be achieved\neither by setting `dev` or adding dependency information to\n`systemd.services.<name>-fou-encap`; it isn't supported\nwhen using networkd.\n", "loc": ["networking", "fooOverUDP", "<name>", "local", "address"], "readOnly": false, "type": "string"}, "networking.fooOverUDP.<name>.local.dev": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Network device to bind to.\n", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["networking", "fooOverUDP", "<name>", "local", "dev"], "readOnly": false, "type": "null or string"}, "networking.fooOverUDP.<name>.port": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Local port of the encapsulation UDP socket.\n", "loc": ["networking", "fooOverUDP", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.fooOverUDP.<name>.protocol": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Protocol number of the encapsulated packets. Specifying `null`\n(the default) creates a GUE endpoint, specifying a protocol number will create\na FOU endpoint.\n", "loc": ["networking", "fooOverUDP", "<name>", "protocol"], "readOnly": false, "type": "null or integer between 1 and 255 (both inclusive)"}, "networking.fqdn": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"${networking.hostName}.${networking.domain}\""}, "description": "The fully qualified domain name (FQDN) of this host. By default, it is\nthe result of combining `networking.hostName` and `networking.domain.`\n\nUsing this option will result in an evaluation error if the hostname is empty or\nno domain is specified.\n\nModules that accept a mere `networking.hostName` but prefer a fully qualified\ndomain name may use `networking.fqdnOrHostName` instead.\n", "loc": ["networking", "fqdn"], "readOnly": false, "type": "string"}, "networking.fqdnOrHostName": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.domain != null || config.networking.fqdn is set then config.networking.fqdn else config.networking.hostName\n"}, "description": "Either the fully qualified domain name (FQDN), or just the host name if\nit does not exist.\n\nThis is a convenience option for modules to read instead of `fqdn` when\na mere `hostName` is also an acceptable value; this option does not\nthrow an error when `domain` or `fqdn` is unset.\n", "loc": ["networking", "fqdnOrHostName"], "readOnly": true, "type": "string"}, "networking.getaddrinfo.enable": {"declarations": ["nixos/modules/config/getaddrinfo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stdenv.hostPlatform.libc == \"glibc\"\n"}, "description": "Enables custom address sorting configuration for {manpage}`getaddrinfo(3)` according to RFC 3484.\n\nThis option generates a {file}`/etc/gai.conf` file to override the default address sorting tables,\nas described in {manpage}`gai.conf(5)`.\n\nThis setting is only applicable when using the GNU C Library (glibc).\nIt has no effect with other libc implementations.\n", "loc": ["networking", "getaddrinfo", "enable"], "readOnly": false, "type": "boolean"}, "networking.getaddrinfo.label": {"declarations": ["nixos/modules/config/getaddrinfo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds entries to the label table, as described in section 2.1 of RFC 3484.\n\nIf any label entries are provided, the glibc\u2019s default label table is ignored.\n", "example": {"_type": "literalExpression", "text": "{\n  \"2001:0::/32\" = 7;\n  \"2002::/16\" = 2;\n  \"::/0\" = 1;\n  \"::/96\" = 3;\n  \"::ffff:0:0/96\" = 4;\n  \"fc00::/7\" = 6;\n  \"fec0::/10\" = 5;\n}"}, "loc": ["networking", "getaddrinfo", "label"], "readOnly": false, "type": "null or (attribute set of signed integer)"}, "networking.getaddrinfo.precedence": {"declarations": ["nixos/modules/config/getaddrinfo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Similar to {option}`networking.getaddrinfo.label`, but this option\ndefines entries for the precedence table instead.\n\nSee sections 2.1 and 10.3 of RFC 3484 for details.\n\nProviding any value will disable the glibc's default precedence table.\n", "example": {"_type": "literalExpression", "text": "{\n  \"2002::/16\" = 30;\n  \"::/0\" = 40;\n  \"::/96\" = 20;\n  \"::1/128\" = 50;\n  \"::ffff:0:0/96\" = 10;\n}"}, "loc": ["networking", "getaddrinfo", "precedence"], "readOnly": false, "type": "null or (attribute set of signed integer)"}, "networking.getaddrinfo.reload": {"declarations": ["nixos/modules/config/getaddrinfo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Determines whether a process should detect changes to the configuration file since it was last read.\n\nIf enabled, the file is re-read automatically. This may cause issues in multithreaded applications\nand is generally discouraged.\n", "loc": ["networking", "getaddrinfo", "reload"], "readOnly": false, "type": "boolean"}, "networking.getaddrinfo.scopev4": {"declarations": ["nixos/modules/config/getaddrinfo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds custom rules to the IPv4 scope table.\n\nBy default, the scope IDs described in section 3.2 of RFC 6724 are used.\n\nModifying these values is rarely necessary.\n", "example": {"_type": "literalExpression", "text": "{\n  \"::ffff:0.0.0.0/96\" = 14;\n  \"::ffff:127.0.0.0/104\" = 2;\n  \"::ffff:169.254.0.0/112\" = 2;\n}"}, "loc": ["networking", "getaddrinfo", "scopev4"], "readOnly": false, "type": "null or (attribute set of signed integer)"}, "networking.greTunnels": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define Generic Routing Encapsulation (GRE) tunnels.\n", "example": {"_type": "literalExpression", "text": "{\n  greBridge = {\n    remote = \"10.0.0.1\";\n    local = \"10.0.0.22\";\n    dev = \"enp4s0f0\";\n    type = \"tap\";\n    ttl = 255;\n  };\n  gre6Tunnel = {\n    remote = \"fd7a:5634::1\";\n    local = \"fd7a:5634::2\";\n    dev = \"enp4s0f0\";\n    type = \"tun6\";\n    ttl = 255;\n  };\n}\n"}, "loc": ["networking", "greTunnels"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.greTunnels.<name>.dev": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The underlying network device on which the tunnel resides.\n", "example": {"_type": "literalExpression", "text": "\"enp4s0f0\""}, "loc": ["networking", "greTunnels", "<name>", "dev"], "readOnly": false, "type": "null or string"}, "networking.greTunnels.<name>.local": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The address of the local endpoint which the remote\nside should send packets to.\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.22\""}, "loc": ["networking", "greTunnels", "<name>", "local"], "readOnly": false, "type": "null or string"}, "networking.greTunnels.<name>.remote": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The address of the remote endpoint to forward traffic over.\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.1\""}, "loc": ["networking", "greTunnels", "<name>", "remote"], "readOnly": false, "type": "null or string"}, "networking.greTunnels.<name>.ttl": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time-to-live/hoplimit of the connection to the remote tunnel endpoint.\n", "example": {"_type": "literalExpression", "text": "255"}, "loc": ["networking", "greTunnels", "<name>", "ttl"], "readOnly": false, "type": "null or signed integer"}, "networking.greTunnels.<name>.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"tap\""}, "description": "Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.\n", "example": {"_type": "literalExpression", "text": "\"tap\""}, "loc": ["networking", "greTunnels", "<name>", "type"], "readOnly": false, "type": "one of \"tun\", \"tap\", \"tun6\", \"tap6\""}, "networking.hostFiles": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalMD", "text": "Hosts from {option}`networking.hosts` and {option}`networking.extraHosts`"}, "description": "Files that should be concatenated together to form {file}`/etc/hosts`.\n", "example": {"_type": "literalExpression", "text": "[ \"${pkgs.my-blocklist-package}/share/my-blocklist/hosts\" ]"}, "loc": ["networking", "hostFiles"], "readOnly": false, "type": "list of absolute path"}, "networking.hostId": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The 32-bit host ID of the machine, formatted as 8 hexadecimal characters.\n\nYou should try to make this ID unique among your machines. You can\ngenerate a random 32-bit ID using the following commands:\n\n`head -c 8 /etc/machine-id`\n\n(this derives it from the machine-id that systemd generates) or\n\n`head -c4 /dev/urandom | od -A none -t x4`\n\nThe primary use case is to ensure when using ZFS that a pool isn't imported\naccidentally on a wrong machine.\n", "example": {"_type": "literalExpression", "text": "\"4e98920d\""}, "loc": ["networking", "hostId"], "readOnly": false, "type": "null or string"}, "networking.hostName": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "config.system.nixos.distroId"}, "description": "The name of the machine. Leave it empty if you want to obtain it from a\nDHCP server (if using DHCP). The hostname must be a valid DNS label (see\nRFC 1035 section 2.3.1: \"Preferred name syntax\", RFC 1123 section 2.1:\n\"Host Names and Numbers\") and as such must not contain the domain part.\nThis means that the hostname must start with a letter or digit,\nend with a letter or digit, and have as interior characters only\nletters, digits, and hyphen. The maximum length is 63 characters.\nAdditionally it is recommended to only use lower-case characters.\nIf (e.g. for legacy reasons) a FQDN is required as the Linux kernel\nnetwork node hostname (uname --nodename) the option\nboot.kernel.sysctl.\"kernel.hostname\" can be used as a workaround (but\nthe 64 character limit still applies).\n\nWARNING: Do not use underscores (_) or you may run into unexpected issues.\n", "loc": ["networking", "hostName"], "readOnly": false, "type": "string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"}, "networking.hosts": {"declarations": ["nixos/modules/config/networking.nix"], "description": "Locally defined maps of hostnames to IP addresses.\n", "example": {"_type": "literalExpression", "text": "{\n  \"127.0.0.1\" = [ \"foo.bar.baz\" ];\n  \"192.168.0.2\" = [ \"fileserver.local\" \"nameserver.local\" ];\n};\n"}, "loc": ["networking", "hosts"], "readOnly": false, "type": "attribute set of list of string"}, "networking.ifstate.enable": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable networking using IfState.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "ifstate", "enable"], "readOnly": false, "type": "boolean"}, "networking.ifstate.package": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ifstate"}, "description": "The ifstate package to use.", "loc": ["networking", "ifstate", "package"], "readOnly": false, "type": "package"}, "networking.ifstate.settings": {"declarations": ["nixos/modules/services/networking/ifstate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Content of IfState's configuration file. See <https://ifstate.net/2.2/schema/> for details.", "loc": ["networking", "ifstate", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "networking.interfaces": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration for each network interface.\n\nPlease note that {option}`systemd.network.netdevs` has more features\nand is better maintained. When building new things, it is advised to\nuse that instead.\n", "example": {"_type": "literalExpression", "text": "{\n  eth0 = {\n    ipv4 = {\n      addresses = [\n        {\n          address = \"131.211.84.78\";\n          prefixLength = 25;\n        }\n      ];\n    };\n  };\n}"}, "loc": ["networking", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.interfaces.<name>.ipv4.addresses": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IPv4 addresses that will be statically assigned to the interface.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    address = \"10.0.0.1\";\n    prefixLength = 16;\n  }\n  {\n    address = \"192.168.1.1\";\n    prefixLength = 24;\n  }\n]"}, "loc": ["networking", "interfaces", "<name>", "ipv4", "addresses"], "readOnly": false, "type": "list of (submodule)"}, "networking.interfaces.<name>.ipv4.addresses.*.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "IPv4 address of the interface. Leave empty to configure the\ninterface using DHCP.\n", "loc": ["networking", "interfaces", "<name>", "ipv4", "addresses", "*", "address"], "readOnly": false, "type": "string"}, "networking.interfaces.<name>.ipv4.addresses.*.prefixLength": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Subnet mask of the interface, specified as the number of\nbits in the prefix (`24`).\n", "loc": ["networking", "interfaces", "<name>", "ipv4", "addresses", "*", "prefixLength"], "readOnly": false, "type": "integer between 0 and 32 (both inclusive)"}, "networking.interfaces.<name>.ipv4.routes": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra IPv4 static routes that will be assigned to the interface.\n\n::: {.warning}\nIf the route type is the default `unicast`, then the scope\nis set differently depending on the value of {option}`networking.useNetworkd`:\nthe script-based backend sets it to `link`, while networkd sets\nit to `global`.\n:::\n\nIf you want consistency between the two implementations,\nset the scope of the route manually with\n`networking.interfaces.eth0.ipv4.routes = [{ options.scope = \"global\"; }]`\nfor example.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    address = \"10.0.0.0\";\n    prefixLength = 16;\n  }\n  {\n    address = \"192.168.2.0\";\n    prefixLength = 24;\n    via = \"192.168.1.1\";\n  }\n]"}, "loc": ["networking", "interfaces", "<name>", "ipv4", "routes"], "readOnly": false, "type": "list of (submodule)"}, "networking.interfaces.<name>.ipv4.routes.*.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "IPv4 address of the network.", "loc": ["networking", "interfaces", "<name>", "ipv4", "routes", "*", "address"], "readOnly": false, "type": "string"}, "networking.interfaces.<name>.ipv4.routes.*.options": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Other route options. See the symbol `OPTIONS`\nin the {manpage}`ip-route(8)` manual page for the details.\nYou may also specify `metric`,\n`src`, `protocol`,\n`scope`, `from`\nand `table`, which are technically\nnot route options, in the sense used in the manual.\n", "example": {"_type": "literalExpression", "text": "{\n  mtu = \"1492\";\n  window = \"524288\";\n}"}, "loc": ["networking", "interfaces", "<name>", "ipv4", "routes", "*", "options"], "readOnly": false, "type": "attribute set of string"}, "networking.interfaces.<name>.ipv4.routes.*.prefixLength": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Subnet mask of the network, specified as the number of\nbits in the prefix (`24`).\n", "loc": ["networking", "interfaces", "<name>", "ipv4", "routes", "*", "prefixLength"], "readOnly": false, "type": "integer between 0 and 32 (both inclusive)"}, "networking.interfaces.<name>.ipv4.routes.*.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Type of the route.  See the `Route types` section\nin the {manpage}`ip-route(8)` manual page for the details.\n\nNote that `prohibit`, `blackhole`,\n`unreachable`, and `throw` cannot\nbe configured per device, so they are not available here. Similarly,\n`nat` hasn't been supported since kernel 2.6.\n", "loc": ["networking", "interfaces", "<name>", "ipv4", "routes", "*", "type"], "readOnly": false, "type": "null or one of \"unicast\", \"local\", \"broadcast\", \"multicast\""}, "networking.interfaces.<name>.ipv4.routes.*.via": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4 address of the next hop.", "loc": ["networking", "interfaces", "<name>", "ipv4", "routes", "*", "via"], "readOnly": false, "type": "null or string"}, "networking.interfaces.<name>.ipv6.addresses": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IPv6 addresses that will be statically assigned to the interface.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    address = \"fdfd:b3f0:482::1\";\n    prefixLength = 48;\n  }\n  {\n    address = \"2001:1470:fffd:2098::e006\";\n    prefixLength = 64;\n  }\n]"}, "loc": ["networking", "interfaces", "<name>", "ipv6", "addresses"], "readOnly": false, "type": "list of (submodule)"}, "networking.interfaces.<name>.ipv6.addresses.*.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "IPv6 address of the interface. Leave empty to configure the\ninterface using DHCP.\n", "loc": ["networking", "interfaces", "<name>", "ipv6", "addresses", "*", "address"], "readOnly": false, "type": "string"}, "networking.interfaces.<name>.ipv6.addresses.*.prefixLength": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Subnet mask of the interface, specified as the number of\nbits in the prefix (`64`).\n", "loc": ["networking", "interfaces", "<name>", "ipv6", "addresses", "*", "prefixLength"], "readOnly": false, "type": "integer between 0 and 128 (both inclusive)"}, "networking.interfaces.<name>.ipv6.routes": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra IPv6 static routes that will be assigned to the interface.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    address = \"fdfd:b3f0::\";\n    prefixLength = 48;\n  }\n  {\n    address = \"2001:1470:fffd:2098::\";\n    prefixLength = 64;\n    via = \"fdfd:b3f0::1\";\n  }\n]"}, "loc": ["networking", "interfaces", "<name>", "ipv6", "routes"], "readOnly": false, "type": "list of (submodule)"}, "networking.interfaces.<name>.ipv6.routes.*.address": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "IPv6 address of the network.", "loc": ["networking", "interfaces", "<name>", "ipv6", "routes", "*", "address"], "readOnly": false, "type": "string"}, "networking.interfaces.<name>.ipv6.routes.*.options": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Other route options. See the symbol `OPTIONS`\nin the {manpage}`ip-route(8)` manual page for the details.\nYou may also specify `metric`,\n`src`, `protocol`,\n`scope`, `from`\nand `table`, which are technically\nnot route options, in the sense used in the manual.\n", "example": {"_type": "literalExpression", "text": "{\n  mtu = \"1492\";\n  window = \"524288\";\n}"}, "loc": ["networking", "interfaces", "<name>", "ipv6", "routes", "*", "options"], "readOnly": false, "type": "attribute set of string"}, "networking.interfaces.<name>.ipv6.routes.*.prefixLength": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Subnet mask of the network, specified as the number of\nbits in the prefix (`64`).\n", "loc": ["networking", "interfaces", "<name>", "ipv6", "routes", "*", "prefixLength"], "readOnly": false, "type": "integer between 0 and 128 (both inclusive)"}, "networking.interfaces.<name>.ipv6.routes.*.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Type of the route.  See the `Route types` section\nin the {manpage}`ip-route(8)` manual page for the details.\n\nNote that `prohibit`, `blackhole`,\n`unreachable`, and `throw` cannot\nbe configured per device, so they are not available here. Similarly,\n`nat` hasn't been supported since kernel 2.6.\n", "loc": ["networking", "interfaces", "<name>", "ipv6", "routes", "*", "type"], "readOnly": false, "type": "null or one of \"unicast\", \"local\", \"broadcast\", \"multicast\""}, "networking.interfaces.<name>.ipv6.routes.*.via": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv6 address of the next hop.", "loc": ["networking", "interfaces", "<name>", "ipv6", "routes", "*", "via"], "readOnly": false, "type": "null or string"}, "networking.interfaces.<name>.macAddress": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MAC address of the interface. Leave empty to use the default.\n", "example": {"_type": "literalExpression", "text": "\"00:11:22:33:44:55\""}, "loc": ["networking", "interfaces", "<name>", "macAddress"], "readOnly": false, "type": "null or string"}, "networking.interfaces.<name>.mtu": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MTU size for packets leaving the interface. Leave empty to use the default.\n", "example": {"_type": "literalExpression", "text": "9000"}, "loc": ["networking", "interfaces", "<name>", "mtu"], "readOnly": false, "type": "null or signed integer"}, "networking.interfaces.<name>.name": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Name of the interface.", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["networking", "interfaces", "<name>", "name"], "readOnly": false, "type": "string"}, "networking.interfaces.<name>.proxyARP": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turn on proxy_arp for this device.\nThis is mainly useful for creating pseudo-bridges between a real\ninterface and a virtual network such as VPN or a virtual machine for\ninterfaces that don't support real bridging (most wlan interfaces).\nAs ARP proxying acts slightly above the link-layer, below-ip traffic\nisn't bridged, so things like DHCP won't work. The advantage above\nusing NAT lies in the fact that no IP addresses are shared, so all\nhosts are reachable/routeable.\n\nWARNING: turns on ip-routing, so if you have multiple interfaces, you\nshould think of the consequence and setup firewall rules to limit this.\n", "loc": ["networking", "interfaces", "<name>", "proxyARP"], "readOnly": false, "type": "boolean"}, "networking.interfaces.<name>.tempAddress": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "config.networking.tempAddresses"}, "description": "When IPv6 is enabled with SLAAC, this option controls the use of\ntemporary address (aka privacy extensions) on this\ninterface. This is used to reduce tracking.\n\nSee also the global option\n[](#opt-networking.tempAddresses), which\napplies to all interfaces where this is not set.\n\nPossible values are:\n- `\"default\"` to generate IPv6 temporary addresses and use these as source addresses in routing;\n- `\"disabled\"` to completely disable IPv6 temporary addresses;\n- `\"enabled\"` to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;\n", "loc": ["networking", "interfaces", "<name>", "tempAddress"], "readOnly": false, "type": "one of \"default\", \"disabled\", \"enabled\""}, "networking.interfaces.<name>.useDHCP": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether this interface should be configured with DHCP. Overrides the\ndefault set by {option}`networking.useDHCP`. If `null` (the default),\nDHCP is enabled if the interface has no IPv4 addresses configured\nwith {option}`networking.interfaces.<name>.ipv4.addresses`, and\ndisabled otherwise.\n", "loc": ["networking", "interfaces", "<name>", "useDHCP"], "readOnly": false, "type": "null or boolean"}, "networking.interfaces.<name>.virtual": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this interface is virtual and should be created by tunctl.\nThis is mainly useful for creating bridges between a host and a virtual\nnetwork such as VPN or a virtual machine.\n", "loc": ["networking", "interfaces", "<name>", "virtual"], "readOnly": false, "type": "boolean"}, "networking.interfaces.<name>.virtualOwner": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "In case of a virtual device, the user who owns it.\n`null` will not set owner, allowing access to any user.\n", "loc": ["networking", "interfaces", "<name>", "virtualOwner"], "readOnly": false, "type": "null or string"}, "networking.interfaces.<name>.virtualType": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "if hasPrefix \"tun\" name then \"tun\" else \"tap\""}, "description": "The type of interface to create.\nThe default is TUN for an interface name starting\nwith \"tun\", otherwise TAP.\n", "loc": ["networking", "interfaces", "<name>", "virtualType"], "readOnly": false, "type": "one of \"tun\", \"tap\""}, "networking.interfaces.<name>.wakeOnLan.enable": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wol on this interface.", "loc": ["networking", "interfaces", "<name>", "wakeOnLan", "enable"], "readOnly": false, "type": "boolean"}, "networking.interfaces.<name>.wakeOnLan.policy": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"magic\"\n]"}, "description": "The [Wake-on-LAN policy](https://www.freedesktop.org/software/systemd/man/systemd.link.html#WakeOnLan=)\nto set for the device.\n\nThe options are\n- `phy`: Wake on PHY activity\n- `unicast`: Wake on unicast messages\n- `multicast`: Wake on multicast messages\n- `broadcast`: Wake on broadcast messages\n- `arp`: Wake on ARP\n- `magic`: Wake on receipt of a magic packet\n", "loc": ["networking", "interfaces", "<name>", "wakeOnLan", "policy"], "readOnly": false, "type": "list of (one of \"phy\", \"unicast\", \"multicast\", \"broadcast\", \"arp\", \"magic\", \"secureon\")"}, "networking.ipips": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define interfaces encapsulating IP\npackets within IP packets; which should be automatically created.\n\nFor example, this allows you to create 4in6 (RFC 2473)\nor IP within IP (RFC 2003) tunnels.\n", "example": {"_type": "literalExpression", "text": "{\n  wan4in6 = {\n    remote = \"2001:db8::1\";\n    local = \"2001:db8::3\";\n    dev = \"wan6\";\n    encapsulation.type = \"4in6\";\n    encapsulation.limit = 0;\n  };\n}\n"}, "loc": ["networking", "ipips"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.ipips.<name>.dev": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The underlying network device on which the tunnel resides.\n", "example": {"_type": "literalExpression", "text": "\"wan6\""}, "loc": ["networking", "ipips", "<name>", "dev"], "readOnly": false, "type": "null or string"}, "networking.ipips.<name>.encapsulation.limit": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "For an IPv6-based tunnel, the maximum number of nested\nencapsulation to allow. 0 means no nesting, \"none\" unlimited.\n", "example": {"_type": "literalExpression", "text": "\"none\""}, "loc": ["networking", "ipips", "<name>", "encapsulation", "limit"], "readOnly": false, "type": "value \"none\" (singular enum) or (unsigned integer, meaning >=0)"}, "networking.ipips.<name>.encapsulation.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"ipip\""}, "description": "Select the encapsulation type:\n\n- `ipip` to create an IPv4 within IPv4 tunnel (RFC 2003).\n\n- `4in6` to create a 4in6 tunnel (RFC 2473);\n\n- `ip6ip6` to create an IPv6 within IPv6 tunnel (RFC 2473);\n\n::: {.note}\nFor encapsulating IPv6 within IPv4 packets, see\nthe ad-hoc {option}`networking.sits` option.\n:::\n", "loc": ["networking", "ipips", "<name>", "encapsulation", "type"], "readOnly": false, "type": "one of \"ipip\", \"4in6\", \"ip6ip6\""}, "networking.ipips.<name>.local": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The address of the local endpoint which the remote\nside should send packets to.\n", "example": {"_type": "literalExpression", "text": "\"2001:db8::3\""}, "loc": ["networking", "ipips", "<name>", "local"], "readOnly": false, "type": "string"}, "networking.ipips.<name>.remote": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The address of the remote endpoint to forward traffic over.\n", "example": {"_type": "literalExpression", "text": "\"2001:db8::1\""}, "loc": ["networking", "ipips", "<name>", "remote"], "readOnly": false, "type": "string"}, "networking.ipips.<name>.ttl": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time-to-live of the connection to the remote tunnel endpoint.\n", "example": {"_type": "literalExpression", "text": "255"}, "loc": ["networking", "ipips", "<name>", "ttl"], "readOnly": false, "type": "null or signed integer"}, "networking.iproute2.enable": {"declarations": ["nixos/modules/config/iproute2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable copying IP route configuration files.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "iproute2", "enable"], "readOnly": false, "type": "boolean"}, "networking.iproute2.rttablesExtraConfig": {"declarations": ["nixos/modules/config/iproute2.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim lines to add to /etc/iproute2/rt_tables\n", "loc": ["networking", "iproute2", "rttablesExtraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.jool.enable": {"declarations": ["nixos/modules/services/networking/jool.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jool, an Open Source implementation of IPv4/IPv6\ntranslation on Linux.\n\nJool can perform stateless IP/ICMP translation (SIIT) or stateful\nNAT64, analogous to the IPv4 NAPT. Refer to the upstream\n[documentation](https://nicmx.github.io/Jool/en/intro-xlat.html) for\nthe supported modes of translation and how to configure them.\n\nEnabling this option will install the Jool kernel module and the\ncommand line tools for controlling it.\n", "loc": ["networking", "jool", "enable"], "readOnly": false, "relatedPackages": "- [`pkgs.linuxPackages.jool`](\n    https://search.nixos.org/packages?show=linuxPackages.jool&sort=relevance&query=linuxPackages.jool\n  )\n- [`pkgs.jool-cli`](\n    https://search.nixos.org/packages?show=jool-cli&sort=relevance&query=jool-cli\n  )\n", "type": "boolean"}, "networking.jool.nat64": {"declarations": ["nixos/modules/services/networking/jool.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definitions of NAT64 instances of Jool.\nSee the\n[documentation](https://nicmx.github.io/Jool/en/config-atomic.html) for\nthe available options. Also check out the\n[tutorial](https://nicmx.github.io/Jool/en/run-nat64.html) for an\nintroduction to NAT64 and how to troubleshoot the setup.\n\nThe attribute name defines the name of the instance, with the main one\nbeing `default`: this can be accessed from the command line without\nspecifying the name with `-i`.\n\n::: {.note}\nInstances created imperatively from the command line will not interfere\nwith the NixOS instances, provided the respective `pool4` addresses and\nport ranges are not overlapping.\n:::\n\n::: {.warning}\nChanges to an instance performed via `jool -i <name>` are applied\ncorrectly but will be lost after restarting the respective\n`jool-nat64-<name>.service`.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  default = {\n    # custom NAT64 prefix\n    global.pool6 = \"2001:db8:64::/96\";\n\n    # Port forwarding\n    bib = [\n      { # SSH 192.0.2.16 \u2192 2001:db8:a::1\n        \"protocol\"     = \"TCP\";\n        \"ipv4 address\" = \"192.0.2.16#22\";\n        \"ipv6 address\" = \"2001:db8:a::1#22\";\n      }\n      { # DNS (TCP) 192.0.2.16 \u2192 2001:db8:a::2\n        \"protocol\"     = \"TCP\";\n        \"ipv4 address\" = \"192.0.2.16#53\";\n        \"ipv6 address\" = \"2001:db8:a::2#53\";\n      }\n      { # DNS (UDP) 192.0.2.16 \u2192 2001:db8:a::2\n        \"protocol\" = \"UDP\";\n        \"ipv4 address\" = \"192.0.2.16#53\";\n        \"ipv6 address\" = \"2001:db8:a::2#53\";\n      }\n    ];\n\n    pool4 = [\n      # Port ranges for dynamic translation\n      { protocol =  \"TCP\";  prefix = \"192.0.2.16/32\"; \"port range\" = \"40001-65535\"; }\n      { protocol =  \"UDP\";  prefix = \"192.0.2.16/32\"; \"port range\" = \"40001-65535\"; }\n      { protocol = \"ICMP\";  prefix = \"192.0.2.16/32\"; \"port range\" = \"40001-65535\"; }\n\n      # Ports for static BIB entries\n      { protocol =  \"TCP\";  prefix = \"192.0.2.16/32\"; \"port range\" = \"22\"; }\n      { protocol =  \"UDP\";  prefix = \"192.0.2.16/32\"; \"port range\" = \"53\"; }\n    ];\n  };\n}\n"}, "loc": ["networking", "jool", "nat64"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "networking.jool.nat64.<name>.framework": {"declarations": ["nixos/modules/services/networking/jool.nix"], "default": {"_type": "literalExpression", "text": "\"netfilter\""}, "description": "The framework to use for attaching Jool's translation to the exist\nkernel packet processing rules. See the\n[documentation](https://nicmx.github.io/Jool/en/intro-jool.html#design)\nfor the differences between the two options.\n", "loc": ["networking", "jool", "nat64", "<name>", "framework"], "readOnly": false, "type": "one of \"netfilter\", \"iptables\""}, "networking.jool.nat64.<name>.global.pool6": {"declarations": ["nixos/modules/services/networking/jool.nix"], "default": {"_type": "literalExpression", "text": "\"64:ff9b::/96\""}, "description": "The prefix used for embedding IPv4 into IPv6 addresses.\nDefaults to the well-known NAT64 prefix, defined by\n[RFC 6052](https://datatracker.ietf.org/doc/html/rfc6052).\n", "loc": ["networking", "jool", "nat64", "<name>", "global", "pool6"], "readOnly": false, "type": "Network prefix in CIDR notation"}, "networking.jool.siit": {"declarations": ["nixos/modules/services/networking/jool.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definitions of SIIT instances of Jool.\nSee the\n[documentation](https://nicmx.github.io/Jool/en/config-atomic.html) for\nthe available options. Also check out the\n[tutorial](https://nicmx.github.io/Jool/en/run-vanilla.html) for an\nintroduction to SIIT and how to troubleshoot the setup.\n\nThe attribute name defines the name of the instance, with the main one\nbeing `default`: this can be accessed from the command line without\nspecifying the name with `-i`.\n\n::: {.note}\nInstances created imperatively from the command line will not interfere\nwith the NixOS instances, provided the respective EAMT addresses and\nport ranges are not overlapping.\n:::\n\n::: {.warning}\nChanges to an instance performed via `jool -i <name>` are applied\ncorrectly but will be lost after restarting the respective\n`jool-siit-<name>.service`.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  default = {\n    # Maps any IPv4 address x.y.z.t to 2001:db8::x.y.z.t and v.v.\n    global.pool6 = \"2001:db8::/96\";\n\n    # Explicit address mappings\n    eamt = [\n      # 2001:db8:1:: \u2190\u2192 192.0.2.0\n      { \"ipv6 prefix\" = \"2001:db8:1::/128\"; \"ipv4 prefix\" = \"192.0.2.0\"; }\n      # 2001:db8:1::x \u2190\u2192 198.51.100.x\n      { \"ipv6 prefix\" = \"2001:db8:2::/120\"; \"ipv4 prefix\" = \"198.51.100.0/24\"; }\n    ];\n  };\n}\n"}, "loc": ["networking", "jool", "siit"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "networking.jool.siit.<name>.framework": {"declarations": ["nixos/modules/services/networking/jool.nix"], "default": {"_type": "literalExpression", "text": "\"netfilter\""}, "description": "The framework to use for attaching Jool's translation to the exist\nkernel packet processing rules. See the\n[documentation](https://nicmx.github.io/Jool/en/intro-jool.html#design)\nfor the differences between the two options.\n", "loc": ["networking", "jool", "siit", "<name>", "framework"], "readOnly": false, "type": "one of \"netfilter\", \"iptables\""}, "networking.localCommands": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be executed at the end of the\n`network-setup` systemd service.  Note that if\nyou are using DHCP to obtain the network configuration,\ninterfaces may not be fully configured yet.\n", "example": {"_type": "literalExpression", "text": "\"text=anything; echo You can put $text here.\""}, "loc": ["networking", "localCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.macvlans": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define macvlan interfaces which should\nbe automatically created.\n", "example": {"_type": "literalExpression", "text": "{\n  wan = {\n    interface = \"enp2s0\";\n    mode = \"vepa\";\n  };\n}\n"}, "loc": ["networking", "macvlans"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.macvlans.<name>.interface": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The interface the macvlan will transmit packets through.", "example": {"_type": "literalExpression", "text": "\"enp4s0\""}, "loc": ["networking", "macvlans", "<name>", "interface"], "readOnly": false, "type": "string"}, "networking.macvlans.<name>.mode": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The mode of the macvlan device.", "example": {"_type": "literalExpression", "text": "\"vepa\""}, "loc": ["networking", "macvlans", "<name>", "mode"], "readOnly": false, "type": "null or string"}, "networking.modemmanager.enable": {"declarations": ["nixos/modules/services/networking/modemmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use ModemManager to manage modem devices.\nThis is usually used by some higher layer manager such as NetworkManager\nbut can be used standalone especially if using a modem for non-IP\nconnectivity (e.g. GPS).\n", "loc": ["networking", "modemmanager", "enable"], "readOnly": false, "type": "boolean"}, "networking.modemmanager.fccUnlockScripts": {"declarations": ["nixos/modules/services/networking/modemmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of FCC unlock scripts to enable on the system, behaving as described in\nhttps://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.\n", "example": {"_type": "literalExpression", "text": "[{ id = \"03f0:4e1d\"; path = \"${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d\"; }]"}, "loc": ["networking", "modemmanager", "fccUnlockScripts"], "readOnly": false, "type": "list of (submodule)"}, "networking.modemmanager.fccUnlockScripts.*.id": {"declarations": ["nixos/modules/services/networking/modemmanager.nix"], "description": "vid:pid of either the PCI or USB vendor and product ID", "loc": ["networking", "modemmanager", "fccUnlockScripts", "*", "id"], "readOnly": false, "type": "string"}, "networking.modemmanager.fccUnlockScripts.*.path": {"declarations": ["nixos/modules/services/networking/modemmanager.nix"], "description": "Path to the unlock script", "loc": ["networking", "modemmanager", "fccUnlockScripts", "*", "path"], "readOnly": false, "type": "absolute path"}, "networking.modemmanager.package": {"declarations": ["nixos/modules/services/networking/modemmanager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.modemmanager"}, "description": "The modemmanager package to use.", "loc": ["networking", "modemmanager", "package"], "readOnly": false, "type": "package"}, "networking.nameservers": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of nameservers.  It can be left empty if it is auto-detected through DHCP.\n", "example": {"_type": "literalExpression", "text": "[\n  \"130.161.158.4\"\n  \"130.161.33.17\"\n]"}, "loc": ["networking", "nameservers"], "readOnly": false, "type": "list of string"}, "networking.nat.dmzHost": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The local IP address to which all traffic that does not match any\nforwarding rule is forwarded.\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.1\""}, "loc": ["networking", "nat", "dmzHost"], "readOnly": false, "type": "null or string"}, "networking.nat.enable": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Network Address Translation (NAT). A\nproperly configured firewall or a trusted L2 on all network\ninterfaces is required to prevent unauthorized access to\nthe internal network.\n", "loc": ["networking", "nat", "enable"], "readOnly": false, "type": "boolean"}, "networking.nat.enableIPv6": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IPv6 NAT.\n", "loc": ["networking", "nat", "enableIPv6"], "readOnly": false, "type": "boolean"}, "networking.nat.externalIP": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public IP address to which packets from the local\nnetwork are to be rewritten.  If this is left empty, the\nIP address associated with the external interface will be\nused.  Only connections made to this IP address will be\nforwarded to the internal network when using forwardPorts.\n", "example": {"_type": "literalExpression", "text": "\"203.0.113.123\""}, "loc": ["networking", "nat", "externalIP"], "readOnly": false, "type": "null or string"}, "networking.nat.externalIPv6": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public IPv6 address to which packets from the local\nnetwork are to be rewritten.  If this is left empty, the\nIP address associated with the external interface will be\nused.  Only connections made to this IP address will be\nforwarded to the internal network when using forwardPorts.\n", "example": {"_type": "literalExpression", "text": "\"2001:dc0:2001:11::175\""}, "loc": ["networking", "nat", "externalIPv6"], "readOnly": false, "type": "null or string"}, "networking.nat.externalInterface": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the external network interface.\n", "example": {"_type": "literalExpression", "text": "\"eth1\""}, "loc": ["networking", "nat", "externalInterface"], "readOnly": false, "type": "null or string"}, "networking.nat.extraCommands": {"declarations": ["nixos/modules/services/networking/nat-iptables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell commands executed as part of the nat\ninitialisation script.\n\nThis option is incompatible with the nftables based nat module.\n", "example": {"_type": "literalExpression", "text": "\"iptables -A INPUT -p icmp -j ACCEPT\""}, "loc": ["networking", "nat", "extraCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.nat.extraStopCommands": {"declarations": ["nixos/modules/services/networking/nat-iptables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell commands executed as part of the nat\nteardown script.\n\nThis option is incompatible with the nftables based nat module.\n", "example": {"_type": "literalExpression", "text": "\"iptables -D INPUT -p icmp -j ACCEPT || true\""}, "loc": ["networking", "nat", "extraStopCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.nat.forwardPorts": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of forwarded ports from the external interface to\ninternal destinations by using DNAT. Destination can be\nIPv6 if IPv6 NAT is enabled.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    destination = \"10.0.0.1:80\";\n    proto = \"tcp\";\n    sourcePort = 8080;\n  }\n  {\n    destination = \"[fc00::2]:80\";\n    proto = \"tcp\";\n    sourcePort = 8080;\n  }\n]"}, "loc": ["networking", "nat", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "networking.nat.forwardPorts.*.destination": {"declarations": ["nixos/modules/services/networking/nat.nix"], "description": "Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end", "example": {"_type": "literalExpression", "text": "\"10.0.0.1:80\""}, "loc": ["networking", "nat", "forwardPorts", "*", "destination"], "readOnly": false, "type": "string"}, "networking.nat.forwardPorts.*.loopbackIPs": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort` from the host itself and from other hosts behind NAT", "example": {"_type": "literalExpression", "text": "[ \"55.1.2.3\" ]"}, "loc": ["networking", "nat", "forwardPorts", "*", "loopbackIPs"], "readOnly": false, "type": "list of string"}, "networking.nat.forwardPorts.*.proto": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "Protocol of forwarded connection", "example": {"_type": "literalExpression", "text": "\"udp\""}, "loc": ["networking", "nat", "forwardPorts", "*", "proto"], "readOnly": false, "type": "string"}, "networking.nat.forwardPorts.*.sourcePort": {"declarations": ["nixos/modules/services/networking/nat.nix"], "description": "Source port of the external interface; to specify a port range, use a string with a colon (e.g. \"60000:61000\")", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["networking", "nat", "forwardPorts", "*", "sourcePort"], "readOnly": false, "type": "signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+"}, "networking.nat.internalIPs": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The IP address ranges for which to perform NAT.  Packets\ncoming from these addresses (on any interface) and destined\nfor the external interface will be rewritten.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.1.0/24\"\n]"}, "loc": ["networking", "nat", "internalIPs"], "readOnly": false, "type": "list of string"}, "networking.nat.internalIPv6s": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The IPv6 address ranges for which to perform NAT.  Packets\ncoming from these addresses (on any interface) and destined\nfor the external interface will be rewritten.\n", "example": {"_type": "literalExpression", "text": "[\n  \"fc00::/64\"\n]"}, "loc": ["networking", "nat", "internalIPv6s"], "readOnly": false, "type": "list of string"}, "networking.nat.internalInterfaces": {"declarations": ["nixos/modules/services/networking/nat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The interfaces for which to perform NAT. Packets coming from\nthese interface and destined for the external interface will\nbe rewritten.\n", "example": {"_type": "literalExpression", "text": "[\n  \"eth0\"\n]"}, "loc": ["networking", "nat", "internalInterfaces"], "readOnly": false, "type": "list of string"}, "networking.networkmanager.appendNameservers": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of name servers that should be appended\nto the ones configured in NetworkManager or received by DHCP.\n", "loc": ["networking", "networkmanager", "appendNameservers"], "readOnly": false, "type": "list of string"}, "networking.networkmanager.connectionConfig": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for the [connection] section of NetworkManager.conf.\nRefer to\n[\n  https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11\n](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html)\nor\n{manpage}`NetworkManager.conf(5)`\nfor more information.\n", "loc": ["networking", "networkmanager", "connectionConfig"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or string)"}, "networking.networkmanager.dhcp": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"internal\""}, "description": "Which program (or internal library) should be used for DHCP.\n", "loc": ["networking", "networkmanager", "dhcp"], "readOnly": false, "type": "one of \"dhcpcd\", \"internal\""}, "networking.networkmanager.dispatcherScripts": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of scripts which will be executed in response to network events.\n", "example": {"_type": "literalExpression", "text": "[ {\n  source = pkgs.writeText \"upHook\" ''\n    if [ \"$2\" != \"up\" ]; then\n      logger \"exit: event $2 != up\"\n      exit\n    fi\n\n    # coreutils and iproute are in PATH too\n    logger \"Device $DEVICE_IFACE coming up\"\n  '';\n  type = \"basic\";\n} ]\n"}, "loc": ["networking", "networkmanager", "dispatcherScripts"], "readOnly": false, "type": "list of (submodule)"}, "networking.networkmanager.dispatcherScripts.*.source": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "description": "Path to the hook script.\n", "loc": ["networking", "networkmanager", "dispatcherScripts", "*", "source"], "readOnly": false, "type": "absolute path"}, "networking.networkmanager.dispatcherScripts.*.type": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"basic\""}, "description": "Dispatcher hook type. Look up the hooks described at\n[https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html)\nand choose the type depending on the output folder.\nYou should then filter the event type (e.g., \"up\"/\"down\") from within your script.\n", "loc": ["networking", "networkmanager", "dispatcherScripts", "*", "type"], "readOnly": false, "type": "one of \"basic\", \"pre-down\", \"pre-up\""}, "networking.networkmanager.dns": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "Set the DNS ({file}`resolv.conf`) processing mode.\n\nA description of these modes can be found in the main section of\n[\n  https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html\n](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html)\nor in\n{manpage}`NetworkManager.conf(5)`.\n", "loc": ["networking", "networkmanager", "dns"], "readOnly": false, "type": "one of \"default\", \"dnsmasq\", \"systemd-resolved\", \"none\""}, "networking.networkmanager.enable": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use NetworkManager to obtain an IP address and other\nconfiguration for all network interfaces that are not manually\nconfigured. If enabled, a group `networkmanager`\nwill be created. Add all users that should have permission\nto change network settings to this group.\n", "loc": ["networking", "networkmanager", "enable"], "readOnly": false, "type": "boolean"}, "networking.networkmanager.ensureProfiles.environmentFiles": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load as environment file. Environment variables from this file\nwill be substituted into the static configuration file using [envsubst](https://github.com/a8m/envsubst).\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/network-manager.env\"\n]"}, "loc": ["networking", "networkmanager", "ensureProfiles", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "networking.networkmanager.ensureProfiles.profiles": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declaratively define NetworkManager profiles. You can find information about the generated file format [here](https://networkmanager.dev/docs/api/latest/nm-settings-keyfile.html) and [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking).\nYou current profiles which are most likely stored in `/etc/NetworkManager/system-connections` and there is [a tool](https://github.com/janik-haag/nm2nix) to convert them to the needed nix code.\nIf you add a new ad-hoc connection via a GUI or nmtui or anything similar it should just work together with the declarative ones.\nAnd if you edit a declarative profile NetworkManager will move it to the persistent storage and treat it like a ad-hoc one,\nbut there will be two profiles as soon as the systemd unit from this option runs again which can be confusing since NetworkManager tools will start displaying two profiles with the same name and probably a bit different settings depending on what you edited.\nA profile won't be deleted even if it's removed from the config until the system reboots because that's when NetworkManager clears it's temp directory.\nIf `networking.resolvconf.enable` is true, attributes affecting the name resolution (such as `ignore-auto-dns`) may not end up changing `/etc/resolv.conf` as expected when other name services (for example `networking.dhcpcd`) are enabled. Run `resolvconf -l` in the terminal to see what each service produces.\n", "example": {"_type": "literalExpression", "text": "{\n  home-wifi = {\n    connection = {\n      id = \"home-wifi\";\n      permissions = \"\";\n      type = \"wifi\";\n    };\n    ipv4 = {\n      dns-search = \"\";\n      method = \"auto\";\n    };\n    ipv6 = {\n      addr-gen-mode = \"stable-privacy\";\n      dns-search = \"\";\n      method = \"auto\";\n    };\n    wifi = {\n      mac-address-blacklist = \"\";\n      mode = \"infrastructure\";\n      ssid = \"Home Wi-Fi\";\n    };\n    wifi-security = {\n      auth-alg = \"open\";\n      key-mgmt = \"wpa-psk\";\n      psk = \"$HOME_WIFI_PASSWORD\";\n    };\n  };\n}"}, "loc": ["networking", "networkmanager", "ensureProfiles", "profiles"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)))"}, "networking.networkmanager.ensureProfiles.profiles.<name>.connection.id": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "description": "This is the name that will be displayed by NetworkManager and GUIs.", "loc": ["networking", "networkmanager", "ensureProfiles", "profiles", "<name>", "connection", "id"], "readOnly": false, "type": "string"}, "networking.networkmanager.ensureProfiles.profiles.<name>.connection.type": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "description": "The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.", "example": {"_type": "literalExpression", "text": "\"vpn\""}, "loc": ["networking", "networkmanager", "ensureProfiles", "profiles", "<name>", "connection", "type"], "readOnly": false, "type": "string"}, "networking.networkmanager.ensureProfiles.secrets.entries": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of secrets to provide to NetworkManager by reading their values from configured files.\n\nNote that NetworkManager should be configured to read secrets from a secret agent.\nThis can be done for example through the `networking.networkmanager.ensureProfiles.profiles` options.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/root/wireguard_key\";\n    key = \"private-key\";\n    matchId = \"My WireGuard VPN\";\n    matchSetting = \"wireguard\";\n    matchType = \"wireguard\";\n  }\n]"}, "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries"], "readOnly": false, "type": "list of (submodule)"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.file": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "description": "file from which the secret value is read", "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "file"], "readOnly": false, "type": "string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.key": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "description": "key in the setting section for which this entry provides a value", "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "key"], "readOnly": false, "type": "string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.matchId": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "connection id used by NetworkManager. Often displayed as name in GUIs.\n\nNetworkManager describes this as a human readable unique identifier for the connection, like \"Work Wi-Fi\" or \"T-Mobile 3G\".\n", "example": {"_type": "literalExpression", "text": "\"wifi1\""}, "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "matchId"], "readOnly": false, "type": "null or string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "interface name of the NetworkManager connection", "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "matchIface"], "readOnly": false, "type": "null or string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "name of the setting section for which secrets are requested", "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "matchSetting"], "readOnly": false, "type": "null or string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.matchType": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "NetworkManager connection type\n\nThe NetworkManager configuration settings reference roughly corresponds to connection types.\nMore might be available on your system depending on the installed plugins.\n\n<https://networkmanager.dev/docs/api/latest/ch01.html>\n", "example": {"_type": "literalExpression", "text": "\"wireguard\""}, "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "matchType"], "readOnly": false, "type": "null or string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.matchUuid": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "UUID of the connection profile\n\nUUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.\n", "example": {"_type": "literalExpression", "text": "\"669ea4c9-4cb3-4901-ab52-f9606590976e\""}, "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "matchUuid"], "readOnly": false, "type": "null or string"}, "networking.networkmanager.ensureProfiles.secrets.entries.*.trim": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "whether leading and trailing whitespace should be stripped from the files content before being passed to NetworkManager", "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "entries", "*", "trim"], "readOnly": false, "type": "null or boolean"}, "networking.networkmanager.ensureProfiles.secrets.package": {"declarations": ["nixos/modules/services/networking/nm-file-secret-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nm-file-secret-agent"}, "description": "The nm-file-secret-agent package to use.", "loc": ["networking", "networkmanager", "ensureProfiles", "secrets", "package"], "readOnly": false, "type": "package"}, "networking.networkmanager.ethernet.macAddress": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"preserve\""}, "description": "Set the MAC address of the interface.\n\n- `\"XX:XX:XX:XX:XX:XX\"`: MAC address of the interface\n- `\"permanent\"`: Use the permanent MAC address of the device\n- `\"preserve\"`: Don\u2019t change the MAC address of the device upon activation\n- `\"random\"`: Generate a randomized value upon each connect\n- `\"stable\"`: Generate a stable, hashed MAC address\n", "example": {"_type": "literalExpression", "text": "\"00:11:22:33:44:55\""}, "loc": ["networking", "networkmanager", "ethernet", "macAddress"], "readOnly": false, "type": "string or one of \"permanent\", \"preserve\", \"random\", \"stable\""}, "networking.networkmanager.insertNameservers": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of name servers that should be inserted before\nthe ones configured in NetworkManager or received by DHCP.\n", "loc": ["networking", "networkmanager", "insertNameservers"], "readOnly": false, "type": "list of string"}, "networking.networkmanager.logLevel": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"WARN\""}, "description": "Set the default logging verbosity level.\n", "loc": ["networking", "networkmanager", "logLevel"], "readOnly": false, "type": "one of \"OFF\", \"ERR\", \"WARN\", \"INFO\", \"DEBUG\", \"TRACE\""}, "networking.networkmanager.package": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.networkmanager"}, "description": "The networkmanager package to use.", "loc": ["networking", "networkmanager", "package"], "readOnly": false, "type": "package"}, "networking.networkmanager.plugins": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of plugin packages to install.\n\nSee <https://search.nixos.org/packages?query=networkmanager-> for available plugin packages.\nand <https://networkmanager.dev/docs/vpn/> for an overview over builtin and external plugins\nand their support status.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [\n  networkmanager-fortisslvpn\n  networkmanager-iodine\n  networkmanager-l2tp\n  networkmanager-openconnect\n  networkmanager-openvpn\n  networkmanager-sstp\n  networkmanager-strongswan\n  networkmanager-vpnc\n]\n"}, "loc": ["networking", "networkmanager", "plugins"], "readOnly": false, "type": "list of NetworkManager plugin package"}, "networking.networkmanager.settings": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this.\nRefer to\n[\n  https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html\n](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html)\nor\n{manpage}`NetworkManager.conf(5)`\nfor more information.\n", "loc": ["networking", "networkmanager", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "networking.networkmanager.unmanaged": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of interfaces that will not be managed by NetworkManager.\nInterface name can be specified here, but if you need more fidelity,\nrefer to\n[\n  https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec\n](https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec)\nor the \"Device List Format\" Appendix of\n{manpage}`NetworkManager.conf(5)`.\n", "loc": ["networking", "networkmanager", "unmanaged"], "readOnly": false, "type": "list of string"}, "networking.networkmanager.wifi.backend": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"wpa_supplicant\""}, "description": "Specify the Wi-Fi backend used for the device.\nCurrently supported are {option}`wpa_supplicant` or {option}`iwd` (experimental).\n", "loc": ["networking", "networkmanager", "wifi", "backend"], "readOnly": false, "type": "one of \"wpa_supplicant\", \"iwd\""}, "networking.networkmanager.wifi.macAddress": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "\"preserve\""}, "description": "Set the MAC address of the interface.\n\n- `\"XX:XX:XX:XX:XX:XX\"`: MAC address of the interface\n- `\"permanent\"`: Use the permanent MAC address of the device\n- `\"preserve\"`: Don\u2019t change the MAC address of the device upon activation\n- `\"random\"`: Generate a randomized value upon each connect\n- `\"stable\"`: Generate a stable, hashed MAC address\n- `\"stable-ssid\"`: Generate a stable MAC addressed based on Wi-Fi network\n", "example": {"_type": "literalExpression", "text": "\"00:11:22:33:44:55\""}, "loc": ["networking", "networkmanager", "wifi", "macAddress"], "readOnly": false, "type": "string or one of \"permanent\", \"preserve\", \"random\", \"stable\", \"stable-ssid\""}, "networking.networkmanager.wifi.powersave": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to enable Wi-Fi power saving.\n", "loc": ["networking", "networkmanager", "wifi", "powersave"], "readOnly": false, "type": "null or boolean"}, "networking.networkmanager.wifi.scanRandMacAddress": {"declarations": ["nixos/modules/services/networking/networkmanager.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable MAC address randomization of a Wi-Fi device\nduring scanning.\n", "loc": ["networking", "networkmanager", "wifi", "scanRandMacAddress"], "readOnly": false, "type": "boolean"}, "networking.nftables.checkRuleset": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Run `nft check` on the ruleset to spot syntax errors during build.\nBecause this is executed in a sandbox, the check might fail if it requires\naccess to any environmental factors or paths outside the Nix store.\nTo circumvent this, the ruleset file can be edited using the preCheckRuleset\noption to work in the sandbox environment.\n", "loc": ["networking", "nftables", "checkRuleset"], "readOnly": false, "type": "boolean"}, "networking.nftables.checkRulesetRedirects": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"/etc/hosts\" = config.environment.etc.hosts.source;\n  \"/etc/protocols\" = config.environment.etc.protocols.source;\n  \"/etc/services\" = config.environment.etc.services.source;\n}\n"}, "description": "Set of paths that should be intercepted and rewritten while checking the ruleset\nusing `pkgs.buildPackages.libredirect`.\n", "loc": ["networking", "nftables", "checkRulesetRedirects"], "readOnly": false, "type": "attribute set of absolute path"}, "networking.nftables.enable": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nftables and use nftables based firewall if enabled.\nnftables is a Linux-based packet filtering framework intended to\nreplace frameworks like iptables.\n\nNote that if you have Docker enabled you will not be able to use\nnftables without intervention. Docker uses iptables internally to\nsetup NAT for containers. This module disables the ip_tables kernel\nmodule, however Docker automatically loads the module. Please see\n<https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273>\nfor more information.\n\nThere are other programs that use iptables internally too, such as\nlibvirt. For information on how the two firewalls interact, see\n<https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F>.\n\nSome network configurations may prevent VMs from having network access, see\n<https://wiki.nixos.org/wiki/Networking#Virtualization>.\n", "loc": ["networking", "nftables", "enable"], "readOnly": false, "type": "boolean"}, "networking.nftables.extraDeletions": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra deletion commands to be run on every firewall start, reload\nand after stopping the firewall.\n", "example": {"_type": "literalExpression", "text": "''\n  # this makes deleting a non-existing table a no-op instead of an error\n  table inet some-table;\n  \n  delete table inet some-table;\n''"}, "loc": ["networking", "nftables", "extraDeletions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.nftables.flattenRulesetFile": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use `builtins.readFile` rather than `include` to handle {option}`networking.nftables.rulesetFile`. It is useful when you want to apply {option}`networking.nftables.preCheckRuleset` to {option}`networking.nftables.rulesetFile`.\n\n::: {.note}\nIt is expected that {option}`networking.nftables.rulesetFile` can be accessed from the build sandbox.\n:::\n", "loc": ["networking", "nftables", "flattenRulesetFile"], "readOnly": false, "type": "boolean"}, "networking.nftables.flushRuleset": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable flushing the entire ruleset on each reload.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "nftables", "flushRuleset"], "readOnly": false, "type": "boolean"}, "networking.nftables.preCheckRuleset": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This script gets run before the ruleset is checked. It can be used to\ncreate additional files needed for the ruleset check to work, or modify\nthe ruleset for cases the build environment cannot cover.\n", "example": {"_type": "literalExpression", "text": "sed 's/skgid meadow/skgid nogroup/g' -i ruleset.conf\n"}, "loc": ["networking", "nftables", "preCheckRuleset"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.nftables.ruleset": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The ruleset to be used with nftables.  Should be in a format that\ncan be loaded using \"/bin/nft -f\".  The ruleset is updated atomically.\nNote that if the tables should be cleaned first, either:\n- networking.nftables.flushRuleset = true; needs to be set (flushes all tables)\n- networking.nftables.extraDeletions needs to be set\n- or networking.nftables.tables can be used, which will clean up the table automatically\n", "example": {"_type": "literalExpression", "text": "''\n  # Check out https://wiki.nftables.org/ for better documentation.\n  # Table for both IPv4 and IPv6.\n  table inet filter {\n    # Block all incoming connections traffic except SSH and \"ping\".\n    chain input {\n      type filter hook input priority 0;\n  \n      # accept any localhost traffic\n      iifname lo accept\n  \n      # accept traffic originated from us\n      ct state {established, related} accept\n  \n      # ICMP\n      # routers may also want: mld-listener-query, nd-router-solicit\n      ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept\n      ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept\n  \n      # allow \"ping\"\n      ip6 nexthdr icmpv6 icmpv6 type echo-request accept\n      ip protocol icmp icmp type echo-request accept\n  \n      # accept SSH connections (required for a server)\n      tcp dport 22 accept\n  \n      # count and drop any other traffic\n      counter drop\n    }\n  \n    # Allow all outgoing connections.\n    chain output {\n      type filter hook output priority 0;\n      accept\n    }\n  \n    chain forward {\n      type filter hook forward priority 0;\n      accept\n    }\n  }\n''"}, "loc": ["networking", "nftables", "ruleset"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.nftables.rulesetFile": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ruleset file to be used with nftables.  Should be in a format that\ncan be loaded using \"nft -f\".  The ruleset is updated atomically.\n", "loc": ["networking", "nftables", "rulesetFile"], "readOnly": false, "type": "null or absolute path"}, "networking.nftables.tables": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Tables to be added to ruleset.\nTables will be added together with delete statements to clean up the table before every update.\n", "example": {"_type": "literalExpression", "text": "{\n  filter = {\n    content = ''\n      # Check out https://wiki.nftables.org/ for better documentation.\n      # Table for both IPv4 and IPv6.\n      # Block all incoming connections traffic except SSH and \"ping\".\n      chain input {\n        type filter hook input priority 0;\n      \n        # accept any localhost traffic\n        iifname lo accept\n      \n        # accept traffic originated from us\n        ct state {established, related} accept\n      \n        # ICMP\n        # routers may also want: mld-listener-query, nd-router-solicit\n        ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept\n        ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept\n      \n        # allow \"ping\"\n        ip6 nexthdr icmpv6 icmpv6 type echo-request accept\n        ip protocol icmp icmp type echo-request accept\n      \n        # accept SSH connections (required for a server)\n        tcp dport 22 accept\n      \n        # count and drop any other traffic\n        counter drop\n      }\n      \n      # Allow all outgoing connections.\n      chain output {\n        type filter hook output priority 0;\n        accept\n      }\n      \n      chain forward {\n        type filter hook forward priority 0;\n        accept\n      }\n    '';\n    family = \"inet\";\n  };\n}"}, "loc": ["networking", "nftables", "tables"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.nftables.tables.<name>.content": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "description": "The table content.", "loc": ["networking", "nftables", "tables", "<name>", "content"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.nftables.tables.<name>.enable": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable this table.", "loc": ["networking", "nftables", "tables", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "networking.nftables.tables.<name>.family": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "description": "Table family.", "loc": ["networking", "nftables", "tables", "<name>", "family"], "readOnly": false, "type": "one of \"ip\", \"ip6\", \"inet\", \"arp\", \"bridge\", \"netdev\""}, "networking.nftables.tables.<name>.name": {"declarations": ["nixos/modules/services/networking/nftables.nix"], "description": "Table name.", "loc": ["networking", "nftables", "tables", "<name>", "name"], "readOnly": false, "type": "string"}, "networking.openconnect.interfaces": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "OpenConnect interfaces.", "example": {"_type": "literalExpression", "text": "{\n  openconnect0 = {\n    gateway = \"gateway.example.com\";\n    passwordFile = \"/var/lib/secrets/openconnect-passwd\";\n    protocol = \"anyconnect\";\n    user = \"example-user\";\n  };\n}"}, "loc": ["networking", "openconnect", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.openconnect.interfaces.<name>.autoStart": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this VPN connection should be started automatically.", "loc": ["networking", "openconnect", "interfaces", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "networking.openconnect.interfaces.<name>.certificate": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate to authenticate with.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/openconnect_certificate.pem\""}, "loc": ["networking", "openconnect", "interfaces", "<name>", "certificate"], "readOnly": false, "type": "null or absolute path or PKCS#11 URI"}, "networking.openconnect.interfaces.<name>.extraOptions": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra config to be appended to the interface config. It should\ncontain long-format options as would be accepted on the command\nline by `openconnect`\n(see <https://www.infradead.org/openconnect/manual.html>).\nNon-key-value options like `deflate` can be used by\ndeclaring them as booleans, i. e. `deflate = true;`.\n", "example": {"_type": "literalExpression", "text": "{\n  compression = \"stateless\";\n  no-dtls = true;\n  no-http-keepalive = true;\n}"}, "loc": ["networking", "openconnect", "interfaces", "<name>", "extraOptions"], "readOnly": false, "type": "attribute set of (string or boolean)"}, "networking.openconnect.interfaces.<name>.gateway": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "description": "Gateway server to connect to.", "example": {"_type": "literalExpression", "text": "\"gateway.example.com\""}, "loc": ["networking", "openconnect", "interfaces", "<name>", "gateway"], "readOnly": false, "type": "string"}, "networking.openconnect.interfaces.<name>.passwordFile": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password to authenticate with. This\nis passed to `openconnect` via the\n`--passwd-on-stdin` option.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/openconnect-passwd\""}, "loc": ["networking", "openconnect", "interfaces", "<name>", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "networking.openconnect.interfaces.<name>.privateKey": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key to authenticate with.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/openconnect_private_key.pem\""}, "loc": ["networking", "openconnect", "interfaces", "<name>", "privateKey"], "readOnly": false, "type": "null or absolute path or PKCS#11 URI"}, "networking.openconnect.interfaces.<name>.protocol": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "description": "Protocol to use.", "example": {"_type": "literalExpression", "text": "\"anyconnect\""}, "loc": ["networking", "openconnect", "interfaces", "<name>", "protocol"], "readOnly": false, "type": "one of \"anyconnect\", \"array\", \"nc\", \"pulse\", \"gp\", \"f5\", \"fortinet\""}, "networking.openconnect.interfaces.<name>.user": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username to authenticate with.", "example": {"_type": "literalExpression", "text": "\"example-user\""}, "loc": ["networking", "openconnect", "interfaces", "<name>", "user"], "readOnly": false, "type": "null or string"}, "networking.openconnect.package": {"declarations": ["nixos/modules/services/networking/openconnect.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openconnect"}, "description": "The openconnect package to use.", "loc": ["networking", "openconnect", "package"], "readOnly": false, "type": "package"}, "networking.proxy.allProxy": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "config.networking.proxy.default"}, "description": "This option specifies the all_proxy environment variable.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:3128\""}, "loc": ["networking", "proxy", "allProxy"], "readOnly": false, "type": "null or string"}, "networking.proxy.default": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:3128\""}, "loc": ["networking", "proxy", "default"], "readOnly": false, "type": "null or string"}, "networking.proxy.ftpProxy": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "config.networking.proxy.default"}, "description": "This option specifies the ftp_proxy environment variable.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:3128\""}, "loc": ["networking", "proxy", "ftpProxy"], "readOnly": false, "type": "null or string"}, "networking.proxy.httpProxy": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "config.networking.proxy.default"}, "description": "This option specifies the http_proxy environment variable.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:3128\""}, "loc": ["networking", "proxy", "httpProxy"], "readOnly": false, "type": "null or string"}, "networking.proxy.httpsProxy": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "config.networking.proxy.default"}, "description": "This option specifies the https_proxy environment variable.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:3128\""}, "loc": ["networking", "proxy", "httpsProxy"], "readOnly": false, "type": "null or string"}, "networking.proxy.noProxy": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option specifies the no_proxy environment variable.\nIf a default proxy is used and noProxy is null,\nthen noProxy will be set to 127.0.0.1,localhost.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1,localhost,.localdomain\""}, "loc": ["networking", "proxy", "noProxy"], "readOnly": false, "type": "null or string"}, "networking.proxy.rsyncProxy": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "config.networking.proxy.default"}, "description": "This option specifies the rsync_proxy environment variable.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:3128\""}, "loc": ["networking", "proxy", "rsyncProxy"], "readOnly": false, "type": "null or string"}, "networking.resolvconf.dnsExtensionMechanism": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the `edns0` option in {file}`resolv.conf`. With\nthat option set, `glibc` supports use of the extension mechanisms for\nDNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,\nwhich does not work without it.\n", "loc": ["networking", "resolvconf", "dnsExtensionMechanism"], "readOnly": false, "type": "boolean"}, "networking.resolvconf.dnsSingleRequest": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA)\naddress queries at the same time, from the same port. Sometimes upstream\nrouters will systemically drop the ipv4 queries. The symptom of this problem is\nthat 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The\nworkaround for this is to specify the option 'single-request' in\n/etc/resolv.conf. This option enables that.\n", "loc": ["networking", "resolvconf", "dnsSingleRequest"], "readOnly": false, "type": "boolean"}, "networking.resolvconf.enable": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "!(config.environment.etc ? \"resolv.conf\")"}, "description": "Whether DNS configuration is managed by resolvconf.\n", "loc": ["networking", "resolvconf", "enable"], "readOnly": false, "type": "boolean"}, "networking.resolvconf.extraConfig": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to append to {file}`resolvconf.conf`.\n", "example": {"_type": "literalExpression", "text": "\"libc=NO\""}, "loc": ["networking", "resolvconf", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.resolvconf.extraOptions": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Set the options in {file}`/etc/resolv.conf`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ndots:1\"\n  \"rotate\"\n]"}, "loc": ["networking", "resolvconf", "extraOptions"], "readOnly": false, "type": "list of string"}, "networking.resolvconf.package": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openresolv"}, "description": "The package that provides the system-wide resolvconf command. Defaults to `openresolv`\nif this module is enabled. Otherwise, can be used by other modules (for example {option}`services.resolved`) to\nprovide a compatibility layer.\n\nThis option generally shouldn't be set by the user.\n", "loc": ["networking", "resolvconf", "package"], "readOnly": false, "type": "package"}, "networking.resolvconf.useLocalResolver": {"declarations": ["nixos/modules/config/resolvconf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use local DNS server for resolving.\n", "loc": ["networking", "resolvconf", "useLocalResolver"], "readOnly": false, "type": "boolean"}, "networking.rxe.enable": {"declarations": ["nixos/modules/services/networking/rxe.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RDMA over converged ethernet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "rxe", "enable"], "readOnly": false, "type": "boolean"}, "networking.rxe.interfaces": {"declarations": ["nixos/modules/services/networking/rxe.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enable RDMA on the listed interfaces. The corresponding virtual\nRDMA interfaces will be named rxe_\\<interface\\>.\nUDP port 4791 must be open on the respective ethernet interfaces.\n", "example": {"_type": "literalExpression", "text": "[\n  \"eth0\"\n]"}, "loc": ["networking", "rxe", "interfaces"], "readOnly": false, "type": "list of string"}, "networking.search": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of domain search paths that are considered for resolving\nhostnames with fewer dots than configured in the `ndots` option,\nwhich defaults to 1 if unset.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example.com\"\n  \"home.arpa\"\n]"}, "loc": ["networking", "search"], "readOnly": false, "type": "list of string"}, "networking.sits": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define interfaces encapsulating IPv6\npackets within IPv4 packets; which should be automatically created.\n", "example": {"_type": "literalExpression", "text": "{\n  hurricane = {\n    remote = \"10.0.0.1\";\n    local = \"10.0.0.22\";\n    ttl = 255;\n  };\n  msipv6 = {\n    remote = \"192.168.0.1\";\n    dev = \"enp3s0\";\n    ttl = 127;\n  };\n}\n"}, "loc": ["networking", "sits"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.sits.<name>.dev": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The underlying network device on which the tunnel resides.\n", "example": {"_type": "literalExpression", "text": "\"enp4s0f0\""}, "loc": ["networking", "sits", "<name>", "dev"], "readOnly": false, "type": "null or string"}, "networking.sits.<name>.encapsulation": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configures the type of encapsulation.\n", "example": {"_type": "literalExpression", "text": "{\n  port = 9001;\n  type = \"fou\";\n}"}, "loc": ["networking", "sits", "<name>", "encapsulation"], "readOnly": false, "type": "null or (submodule)"}, "networking.sits.<name>.encapsulation.port": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Destination port when using UDP encapsulation.\n", "example": {"_type": "literalExpression", "text": "9001"}, "loc": ["networking", "sits", "<name>", "encapsulation", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.sits.<name>.encapsulation.sourcePort": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Source port when using UDP encapsulation.\nWill be chosen automatically by the kernel if unset.\n", "example": {"_type": "literalExpression", "text": "9002"}, "loc": ["networking", "sits", "<name>", "encapsulation", "sourcePort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "networking.sits.<name>.encapsulation.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"6in4\""}, "description": "Select the encapsulation type:\n\n- `6in4`: the IPv6 packets are encapsulated using the\n  6in4 protocol (formerly known as SIT, RFC 4213);\n\n- `gue`: the IPv6 packets are encapsulated in UDP packets\n   using the Generic UDP Encapsulation (GUE) scheme;\n\n- `foo`: the IPv6 packets are encapsulated in UDP packets\n   using the Foo over UDP (FOU) scheme.\n", "loc": ["networking", "sits", "<name>", "encapsulation", "type"], "readOnly": false, "type": "one of \"6in4\", \"fou\", \"gue\""}, "networking.sits.<name>.local": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The address of the local endpoint which the remote\nside should send packets to.\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.22\""}, "loc": ["networking", "sits", "<name>", "local"], "readOnly": false, "type": "null or string"}, "networking.sits.<name>.remote": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The address of the remote endpoint to forward traffic over.\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.1\""}, "loc": ["networking", "sits", "<name>", "remote"], "readOnly": false, "type": "null or string"}, "networking.sits.<name>.ttl": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time-to-live of the connection to the remote tunnel endpoint.\n", "example": {"_type": "literalExpression", "text": "255"}, "loc": ["networking", "sits", "<name>", "ttl"], "readOnly": false, "type": "null or signed integer"}, "networking.stevenblack.block": {"declarations": ["nixos/modules/config/stevenblack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional blocklist extensions.", "loc": ["networking", "stevenblack", "block"], "readOnly": false, "type": "list of (one of \"fakenews\", \"gambling\", \"porn\", \"social\")"}, "networking.stevenblack.enable": {"declarations": ["nixos/modules/config/stevenblack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the stevenblack hosts file blocklist.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "stevenblack", "enable"], "readOnly": false, "type": "boolean"}, "networking.stevenblack.package": {"declarations": ["nixos/modules/config/stevenblack.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stevenblack-blocklist"}, "description": "The stevenblack-blocklist package to use.", "loc": ["networking", "stevenblack", "package"], "readOnly": false, "type": "package"}, "networking.stevenblack.whitelist": {"declarations": ["nixos/modules/config/stevenblack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Domains to exclude from blocking.", "example": {"_type": "literalExpression", "text": "[\n  \"s.click.aliexpress.com\"\n]"}, "loc": ["networking", "stevenblack", "whitelist"], "readOnly": false, "type": "list of string matching the pattern ^[a-zA-Z0-9_-]+([.][a-zA-Z0-9_-]+)+$"}, "networking.supplicant": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Interfaces for which to start {command}`wpa_supplicant`.\nThe supplicant is used to scan for and associate with wireless networks,\nor to authenticate with 802.1x capable network switches.\n\nThe value of this option is an attribute set. Each attribute configures a\n{command}`wpa_supplicant` service, where the attribute name specifies\nthe name of the interface that {command}`wpa_supplicant` operates on.\nThe attribute name can be a space separated list of interfaces.\nThe attribute names `WLAN`, `LAN` and `DBUS`\nhave a special meaning. `WLAN` and `LAN` are\nconfigurations for universal {command}`wpa_supplicant` service that is\nstarted for each WLAN interface or for each LAN interface, respectively.\n`DBUS` defines a device-unrelated {command}`wpa_supplicant`\nservice that can be accessed through `D-Bus`.\n", "example": {"_type": "literalExpression", "text": "{ \"wlan0 wlan1\" = {\n    configFile.path = \"/etc/wpa_supplicant.conf\";\n    userControlled.group = \"network\";\n    extraConf = ''\n      ap_scan=1\n      p2p_disabled=1\n    '';\n    extraCmdArgs = \"-u -W\";\n    bridge = \"br0\";\n  };\n}\n"}, "loc": ["networking", "supplicant"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.supplicant.<name>.bridge": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name of the bridge interface that wpa_supplicant should listen at.", "loc": ["networking", "supplicant", "<name>", "bridge"], "readOnly": false, "type": "string"}, "networking.supplicant.<name>.configFile.path": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "External {file}`wpa_supplicant.conf` configuration file.\nThe configuration options defined declaratively within `networking.supplicant` have\nprecedence over options defined in `configFile`.\n", "example": {"_type": "literalExpression", "text": "/etc/wpa_supplicant.conf"}, "loc": ["networking", "supplicant", "<name>", "configFile", "path"], "readOnly": false, "type": "null or absolute path"}, "networking.supplicant.<name>.configFile.writable": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the configuration file at `configFile.path` should be written to by\n`wpa_supplicant`.\n", "loc": ["networking", "supplicant", "<name>", "configFile", "writable"], "readOnly": false, "type": "boolean"}, "networking.supplicant.<name>.driver": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"nl80211,wext\""}, "description": "Force a specific wpa_supplicant driver.", "loc": ["networking", "supplicant", "<name>", "driver"], "readOnly": false, "type": "null or string"}, "networking.supplicant.<name>.extraCmdArgs": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command line arguments to add when executing `wpa_supplicant`.", "example": {"_type": "literalExpression", "text": "\"-e/run/wpa_supplicant/entropy.bin\""}, "loc": ["networking", "supplicant", "<name>", "extraCmdArgs"], "readOnly": false, "type": "string"}, "networking.supplicant.<name>.extraConf": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration options for {file}`wpa_supplicant.conf`.\nOptions defined here have precedence over options in `configFile`.\nNOTE: Do not write sensitive data into `extraConf` as it will\nbe world-readable in the `nix-store`. For sensitive information\nuse the `configFile` instead.\n", "example": {"_type": "literalExpression", "text": "''\n  ap_scan=1\n  device_name=My-NixOS-Device\n  device_type=1-0050F204-1\n  driver_param=use_p2p_group_interface=1\n  disable_scan_offload=1\n  p2p_listen_reg_class=81\n  p2p_listen_channel=1\n  p2p_oper_reg_class=81\n  p2p_oper_channel=1\n  manufacturer=NixOS\n  model_name=NixOS_Unstable\n  model_number=2015\n''"}, "loc": ["networking", "supplicant", "<name>", "extraConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.supplicant.<name>.userControlled.enable": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli.\nThis is useful for laptop users that switch networks a lot and don't want\nto depend on a large package such as NetworkManager just to pick nearby\naccess points.\n", "loc": ["networking", "supplicant", "<name>", "userControlled", "enable"], "readOnly": false, "type": "boolean"}, "networking.supplicant.<name>.userControlled.group": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"wheel\""}, "description": "Members of this group can control wpa_supplicant.", "example": {"_type": "literalExpression", "text": "\"network\""}, "loc": ["networking", "supplicant", "<name>", "userControlled", "group"], "readOnly": false, "type": "string"}, "networking.supplicant.<name>.userControlled.socketDir": {"declarations": ["nixos/modules/services/networking/supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"/run/wpa_supplicant\""}, "description": "Directory of sockets for controlling wpa_supplicant.", "loc": ["networking", "supplicant", "<name>", "userControlled", "socketDir"], "readOnly": false, "type": "string"}, "networking.tcpcrypt.enable": {"declarations": ["nixos/modules/services/networking/tcpcrypt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opportunistic TCP encryption. If the other end\nspeaks Tcpcrypt, then your traffic will be encrypted; otherwise\nit will be sent in clear text. Thus, Tcpcrypt alone provides no\nguarantees -- it is best effort. If, however, a Tcpcrypt\nconnection is successful and any attackers that exist are\npassive, then Tcpcrypt guarantees privacy.\n", "loc": ["networking", "tcpcrypt", "enable"], "readOnly": false, "type": "boolean"}, "networking.tempAddresses": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "if ${config.networking.enableIPv6} then \"default\" else \"disabled\"\n"}, "description": "Whether to enable IPv6 Privacy Extensions for interfaces not\nconfigured explicitly in\n[](#opt-networking.interfaces._name_.tempAddress).\n\nThis sets the ipv6.conf.*.use_tempaddr sysctl for all\ninterfaces. Possible values are:\n\n- `\"default\"` to generate IPv6 temporary addresses and use these as source addresses in routing;\n- `\"disabled\"` to completely disable IPv6 temporary addresses;\n- `\"enabled\"` to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;\n", "loc": ["networking", "tempAddresses"], "readOnly": false, "type": "one of \"default\", \"disabled\", \"enabled\""}, "networking.timeServers": {"declarations": ["nixos/modules/config/networking.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.nixos.pool.ntp.org\"\n  \"1.nixos.pool.ntp.org\"\n  \"2.nixos.pool.ntp.org\"\n  \"3.nixos.pool.ntp.org\"\n]"}, "description": "The set of NTP servers from which to synchronise.\n", "loc": ["networking", "timeServers"], "readOnly": false, "type": "list of string"}, "networking.ucarp.addr": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "Virtual shared IP address.", "loc": ["networking", "ucarp", "addr"], "readOnly": false, "type": "string"}, "networking.ucarp.advBase": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Advertisement frequency in seconds.", "loc": ["networking", "ucarp", "advBase"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "networking.ucarp.advSkew": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Advertisement skew in seconds.", "loc": ["networking", "ucarp", "advSkew"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "networking.ucarp.deadratio": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Ratio to consider a host as dead.", "loc": ["networking", "ucarp", "deadratio"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "networking.ucarp.downscript": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "Command to run after become backup, the interface name, virtual address\nand optional extra parameters are passed as arguments.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeScript \"downscript\" ''\n  #!/bin/sh\n  ${pkgs.iproute2}/bin/ip addr del \"$2\"/24 dev \"$1\"\n'';\n"}, "loc": ["networking", "ucarp", "downscript"], "readOnly": false, "type": "absolute path"}, "networking.ucarp.enable": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ucarp, userspace implementation of CARP.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "ucarp", "enable"], "readOnly": false, "type": "boolean"}, "networking.ucarp.extraParam": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra parameter to pass to the up/down scripts.", "loc": ["networking", "ucarp", "extraParam"], "readOnly": false, "type": "null or string"}, "networking.ucarp.ignoreIfState": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Ignore interface state, e.g., down or no carrier.", "loc": ["networking", "ucarp", "ignoreIfState"], "readOnly": false, "type": "boolean"}, "networking.ucarp.interface": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "Network interface to bind to.", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["networking", "ucarp", "interface"], "readOnly": false, "type": "string"}, "networking.ucarp.neutral": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not run downscript at start if the host is the backup.", "loc": ["networking", "ucarp", "neutral"], "readOnly": false, "type": "boolean"}, "networking.ucarp.noMcast": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use broadcast instead of multicast advertisements.", "loc": ["networking", "ucarp", "noMcast"], "readOnly": false, "type": "boolean"}, "networking.ucarp.package": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ucarp"}, "description": "The ucarp package to use. Please note that the default package, pkgs.ucarp, has not received any\nupstream updates for a long time and can be considered as unmaintained.\n", "loc": ["networking", "ucarp", "package"], "readOnly": false, "type": "package"}, "networking.ucarp.passwordFile": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "File containing shared password between CARP hosts.", "example": {"_type": "literalExpression", "text": "\"/run/keys/ucarp-password\""}, "loc": ["networking", "ucarp", "passwordFile"], "readOnly": false, "type": "string"}, "networking.ucarp.preempt": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable preemptive failover.\nThus, this host becomes the CARP master as soon as possible.\n", "loc": ["networking", "ucarp", "preempt"], "readOnly": false, "type": "boolean"}, "networking.ucarp.shutdown": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Call downscript at exit.", "loc": ["networking", "ucarp", "shutdown"], "readOnly": false, "type": "boolean"}, "networking.ucarp.srcIp": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "Source (real) IP address of this host.", "loc": ["networking", "ucarp", "srcIp"], "readOnly": false, "type": "string"}, "networking.ucarp.upscript": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "Command to run after become master, the interface name, virtual address\nand optional extra parameters are passed as arguments.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeScript \"upscript\" ''\n  #!/bin/sh\n  ${pkgs.iproute2}/bin/ip addr add \"$2\"/24 dev \"$1\"\n'';\n"}, "loc": ["networking", "ucarp", "upscript"], "readOnly": false, "type": "absolute path"}, "networking.ucarp.vhId": {"declarations": ["nixos/modules/services/networking/ucarp.nix"], "description": "Virtual IP identifier shared between CARP hosts.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["networking", "ucarp", "vhId"], "readOnly": false, "type": "integer between 1 and 255 (both inclusive)"}, "networking.useDHCP": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use DHCP to obtain an IP address and other\nconfiguration for all network interfaces that do not have any manually\nconfigured IPv4 addresses.\n", "loc": ["networking", "useDHCP"], "readOnly": false, "type": "boolean"}, "networking.useHostResolvConf": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "In containers, whether to use the\n{file}`resolv.conf` supplied by the host.\n", "loc": ["networking", "useHostResolvConf"], "readOnly": false, "type": "boolean"}, "networking.useNetworkd": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether we should use networkd as the network configuration backend or\nthe legacy script based system. Note that this option is experimental,\nenable at your own risk.\n", "loc": ["networking", "useNetworkd"], "readOnly": false, "type": "boolean"}, "networking.usePredictableInterfaceNames": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to assign [predictable names to network interfaces](https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/).\nIf enabled, interfaces\nare assigned names that contain topology information\n(e.g. `wlp3s0`) and thus should be stable\nacross reboots.  If disabled, names depend on the order in\nwhich interfaces are discovered by the kernel, which may\nchange randomly across reboots; for instance, you may find\n`eth0` and `eth1` flipping\nunpredictably.\n", "loc": ["networking", "usePredictableInterfaceNames"], "readOnly": false, "type": "boolean"}, "networking.vlans": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define vlan devices that tag packets\non top of a physical interface. The value of this option is an\nattribute set. Each attribute specifies a vlan, with the name\nspecifying the name of the vlan interface.\n", "example": {"_type": "literalExpression", "text": "{\n  vlan0 = {\n    id = 3;\n    interface = \"enp3s0\";\n  };\n  vlan1 = {\n    id = 1;\n    interface = \"wlan0\";\n  };\n}\n"}, "loc": ["networking", "vlans"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.vlans.<name>.id": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The vlan identifier", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["networking", "vlans", "<name>", "id"], "readOnly": false, "type": "signed integer"}, "networking.vlans.<name>.interface": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The interface the vlan will transmit packets through.", "example": {"_type": "literalExpression", "text": "\"enp4s0\""}, "loc": ["networking", "vlans", "<name>", "interface"], "readOnly": false, "type": "string"}, "networking.vswitches": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define Open vSwitches that connect\nphysical networks together. The value of this option is an\nattribute set. Each attribute specifies a vswitch, with the\nattribute name specifying the name of the vswitch's network\ninterface.\n", "example": {"_type": "literalExpression", "text": "{\n  vs0 = {\n    interfaces = {\n      eth0 = { };\n      lo1 = {\n        type = \"internal\";\n      };\n    };\n  };\n  vs1 = {\n    interfaces = [\n      {\n        name = \"eth2\";\n      }\n      {\n        name = \"lo2\";\n        type = \"internal\";\n      }\n    ];\n  };\n}"}, "loc": ["networking", "vswitches"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.vswitches.<name>.controllers": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify the controller targets. For the allowed options see `man 8 ovs-vsctl`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ptcp:6653:[::1]\"\n]"}, "loc": ["networking", "vswitches", "<name>", "controllers"], "readOnly": false, "type": "list of string"}, "networking.vswitches.<name>.extraOvsctlCmds": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands to manipulate the Open vSwitch database. Every line executed with `ovs-vsctl`.\nAll commands are bundled together with the operations for adding the interfaces\ninto one atomic operation.\n", "example": {"_type": "literalExpression", "text": "''\n  set-fail-mode <switch_name> secure\n  set Bridge <switch_name> stp_enable=true\n''"}, "loc": ["networking", "vswitches", "<name>", "extraOvsctlCmds"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.vswitches.<name>.interfaces": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The physical network interfaces connected by the vSwitch.", "loc": ["networking", "vswitches", "<name>", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.vswitches.<name>.interfaces.<name>.name": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "Name of the interface", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["networking", "vswitches", "<name>", "interfaces", "<name>", "name"], "readOnly": false, "type": "string"}, "networking.vswitches.<name>.interfaces.<name>.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Openvswitch type to assign to interface", "example": {"_type": "literalExpression", "text": "\"internal\""}, "loc": ["networking", "vswitches", "<name>", "interfaces", "<name>", "type"], "readOnly": false, "type": "null or string"}, "networking.vswitches.<name>.interfaces.<name>.vlan": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Vlan tag to apply to interface", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["networking", "vswitches", "<name>", "interfaces", "<name>", "vlan"], "readOnly": false, "type": "null or signed integer"}, "networking.vswitches.<name>.openFlowRules": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "OpenFlow rules to insert into the Open vSwitch. All `openFlowRules` are\nloaded with `ovs-ofctl` within one atomic operation.\n", "example": {"_type": "literalExpression", "text": "''\n  actions=normal\n''"}, "loc": ["networking", "vswitches", "<name>", "openFlowRules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.vswitches.<name>.openFlowVersion": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"OpenFlow13\""}, "description": "Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with `openFlowRules`).\n", "loc": ["networking", "vswitches", "<name>", "openFlowVersion"], "readOnly": false, "type": "string"}, "networking.vswitches.<name>.supportedOpenFlowVersions": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"OpenFlow13\"\n]"}, "description": "Supported versions to enable on this switch.\n", "example": {"_type": "literalExpression", "text": "[\n  \"OpenFlow10\"\n  \"OpenFlow13\"\n  \"OpenFlow14\"\n]"}, "loc": ["networking", "vswitches", "<name>", "supportedOpenFlowVersions"], "readOnly": false, "type": "list of string"}, "networking.wg-quick.interfaces": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Wireguard interfaces.", "example": {"_type": "literalExpression", "text": "{\n  wg0 = {\n    address = [\n      \"192.168.20.4/24\"\n    ];\n    peers = [\n      {\n        allowedIPs = [\n          \"192.168.20.1/32\"\n        ];\n        endpoint = \"demo.wireguard.io:12913\";\n        publicKey = \"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=\";\n      }\n    ];\n    privateKey = \"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=\";\n  };\n}"}, "loc": ["networking", "wg-quick", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.wg-quick.interfaces.<name>.address": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The IP addresses of the interface.", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.2.1/24\"\n]"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "address"], "readOnly": false, "type": "list of string"}, "networking.wg-quick.interfaces.<name>.autostart": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to bring up this interface automatically during boot.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "autostart"], "readOnly": false, "type": "boolean"}, "networking.wg-quick.interfaces.<name>.configFile": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "wg-quick .conf file, describing the interface.\nUsing this option can be a useful means of configuring WireGuard if\none has an existing .conf file.\nThis overrides any other configuration interface configuration options.\nSee wg-quick manpage for more details.\n", "example": {"_type": "literalExpression", "text": "\"/secret/wg0.conf\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "configFile"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.dns": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The IP addresses of DNS servers to configure.", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.2.2\"\n]"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "dns"], "readOnly": false, "type": "list of string"}, "networking.wg-quick.interfaces.<name>.extraOptions": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options to append to the interface section. Can be used to define AmneziaWG-specific options.\n", "example": {"_type": "literalExpression", "text": "{\n  H4 = 12345;\n  Jc = 5;\n  Jmax = 42;\n  Jmin = 10;\n  S1 = 60;\n  S2 = 90;\n}"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "extraOptions"], "readOnly": false, "type": "attribute set of (string or signed integer)"}, "networking.wg-quick.interfaces.<name>.generatePrivateKeyFile": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically generate a private key with\n{command}`wg genkey`, at the privateKeyFile location.\n", "loc": ["networking", "wg-quick", "interfaces", "<name>", "generatePrivateKeyFile"], "readOnly": false, "type": "boolean"}, "networking.wg-quick.interfaces.<name>.listenPort": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "16-bit port for listening. Optional; if not specified,\nautomatically generated based on interface name.\n", "example": {"_type": "literalExpression", "text": "51820"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "listenPort"], "readOnly": false, "type": "null or signed integer"}, "networking.wg-quick.interfaces.<name>.mtu": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If not specified, the MTU is automatically determined\nfrom the endpoint addresses or the system default route, which is usually\na sane choice. However, to manually specify an MTU to override this\nautomatic discovery, this value may be specified explicitly.\n", "example": {"_type": "literalExpression", "text": "1248"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "mtu"], "readOnly": false, "type": "null or signed integer"}, "networking.wg-quick.interfaces.<name>.peers": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Peers linked to the interface.", "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers"], "readOnly": false, "type": "list of (submodule)"}, "networking.wg-quick.interfaces.<name>.peers.*.allowedIPs": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "description": "List of IP (v4 or v6) addresses with CIDR masks from\nwhich this peer is allowed to send incoming traffic and to which\noutgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may\nbe specified for matching all IPv4 addresses, and ::/0 may be specified\nfor matching all IPv6 addresses.", "example": {"_type": "literalExpression", "text": "[\n  \"10.192.122.3/32\"\n  \"10.192.124.1/24\"\n]"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers", "*", "allowedIPs"], "readOnly": false, "type": "list of string"}, "networking.wg-quick.interfaces.<name>.peers.*.endpoint": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint IP or hostname of the peer, followed by a colon,\nand then a port number of the peer.", "example": {"_type": "literalExpression", "text": "\"demo.wireguard.io:12913\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers", "*", "endpoint"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This is optional and is by default off, because most\nusers will not need it. It represents, in seconds, between 1 and 65535\ninclusive, how often to send an authenticated empty packet to the peer,\nfor the purpose of keeping a stateful firewall or NAT mapping valid\npersistently. For example, if the interface very rarely sends traffic,\nbut it might at anytime receive traffic from a peer, and it is behind\nNAT, the interface might benefit from having a persistent keepalive\ninterval of 25 seconds; however, most users will not need this.", "example": {"_type": "literalExpression", "text": "25"}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers", "*", "persistentKeepalive"], "readOnly": false, "type": "null or signed integer"}, "networking.wg-quick.interfaces.<name>.peers.*.presharedKey": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base64 preshared key generated by {command}`wg genpsk`.\nOptional, and may be omitted. This option adds an additional layer of\nsymmetric-key cryptography to be mixed into the already existing\npublic-key cryptography, for post-quantum resistance.\n\nWarning: Consider using presharedKeyFile instead if you do not\nwant to store the key in the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "\"rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers", "*", "presharedKey"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File pointing to preshared key as generated by {command}`wg genpsk`.\nOptional, and may be omitted. This option adds an additional layer of\nsymmetric-key cryptography to be mixed into the already existing\npublic-key cryptography, for post-quantum resistance.\n", "example": {"_type": "literalExpression", "text": "\"/private/wireguard_psk\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers", "*", "presharedKeyFile"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.peers.*.publicKey": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "description": "The base64 public key to the peer.", "example": {"_type": "literalExpression", "text": "\"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "peers", "*", "publicKey"], "readOnly": false, "type": "string"}, "networking.wg-quick.interfaces.<name>.postDown": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command called after the interface is taken down.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.iproute2}/bin/ip netns del foo\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "postDown"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wg-quick.interfaces.<name>.postUp": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands called after the interface setup.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.iproute2}/bin/ip netns add foo\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "postUp"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wg-quick.interfaces.<name>.preDown": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command called before the interface is taken down.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.iproute2}/bin/ip netns del foo\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "preDown"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wg-quick.interfaces.<name>.preUp": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands called at the start of the interface setup.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.iproute2}/bin/ip netns add foo\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "preUp"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wg-quick.interfaces.<name>.privateKey": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base64 private key generated by {command}`wg genkey`.\n\nWarning: Consider using privateKeyFile instead if you do not\nwant to store the key in the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "\"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "privateKey"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.privateKeyFile": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key file as generated by {command}`wg genkey`.\n", "example": {"_type": "literalExpression", "text": "\"/private/wireguard_key\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "privateKeyFile"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.table": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The kernel routing table to add this interface's\nassociated routes to. Setting this is useful for e.g. policy routing\n(\"ip rule\") or virtual routing and forwarding (\"ip vrf\"). Both\nnumeric table IDs and table names (/etc/rt_tables) can be used.\nDefaults to \"main\".\n", "example": {"_type": "literalExpression", "text": "\"main\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "table"], "readOnly": false, "type": "null or string"}, "networking.wg-quick.interfaces.<name>.type": {"declarations": ["nixos/modules/services/networking/wg-quick.nix"], "default": {"_type": "literalExpression", "text": "\"wireguard\""}, "description": "The type of the interface. Currently only \"wireguard\" and \"amneziawg\" are supported.\n", "example": {"_type": "literalExpression", "text": "\"amneziawg\""}, "loc": ["networking", "wg-quick", "interfaces", "<name>", "type"], "readOnly": false, "type": "one of \"wireguard\", \"amneziawg\""}, "networking.wireguard.enable": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "config.networking.wireguard.interfaces != { }"}, "description": "Whether to enable WireGuard.\n\n::: {.note}\nBy default, this module is powered by a script-based backend. You can\nenable the networkd backend with {option}`networking.wireguard.useNetworkd`.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "wireguard", "enable"], "readOnly": false, "type": "boolean"}, "networking.wireguard.interfaces": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "WireGuard interfaces.\n", "example": {"_type": "literalExpression", "text": "{\n  wg0 = {\n    ips = [\n      \"192.168.20.4/24\"\n    ];\n    peers = [\n      {\n        allowedIPs = [\n          \"192.168.20.1/32\"\n        ];\n        endpoint = \"demo.wireguard.io:12913\";\n        publicKey = \"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=\";\n      }\n    ];\n    privateKey = \"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=\";\n  };\n}"}, "loc": ["networking", "wireguard", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.wireguard.interfaces.<name>.allowedIPsAsRoutes": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Determines whether to add allowed IPs as routes or not.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "allowedIPsAsRoutes"], "readOnly": false, "type": "boolean"}, "networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Periodically refresh the endpoint hostname or address for all peers.\nAllows WireGuard to notice DNS and IPv4/IPv6 connectivity changes.\nThis option can be set or overridden for individual peers.\n\nSetting this to `0` disables periodic refresh.\n", "example": {"_type": "literalExpression", "text": "300"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "dynamicEndpointRefreshSeconds"], "readOnly": false, "type": "signed integer"}, "networking.wireguard.interfaces.<name>.extraOptions": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options to append to the interface section. Can be used to define AmneziaWG-specific options.\n", "example": {"_type": "literalExpression", "text": "{\n  H4 = 12345;\n  Jc = 5;\n  Jmax = 42;\n  Jmin = 10;\n  S1 = 60;\n  S2 = 90;\n}"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "extraOptions"], "readOnly": false, "type": "attribute set of (string or signed integer)"}, "networking.wireguard.interfaces.<name>.fwMark": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mark all wireguard packets originating from\nthis interface with the given firewall mark. The firewall mark can be\nused in firewalls or policy routing to filter the wireguard packets.\nThis can be useful for setup where all traffic goes through the\nwireguard tunnel, because the wireguard packets need to be routed\ndifferently.\n", "example": {"_type": "literalExpression", "text": "\"0x6e6978\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "fwMark"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.generatePrivateKeyFile": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically generate a private key with\n{command}`wg genkey`, at the privateKeyFile location.\n", "loc": ["networking", "wireguard", "interfaces", "<name>", "generatePrivateKeyFile"], "readOnly": false, "type": "boolean"}, "networking.wireguard.interfaces.<name>.interfaceNamespace": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The pre-existing network namespace the WireGuard\ninterface is moved to. The special value `init` means\nthe init namespace. When `null`, the interface is not\nmoved.\nSee [documentation](https://www.wireguard.com/netns/).\n", "example": {"_type": "literalExpression", "text": "\"init\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "interfaceNamespace"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.ips": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The IP addresses of the interface.", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.2.1/24\"\n]"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "ips"], "readOnly": false, "type": "list of string"}, "networking.wireguard.interfaces.<name>.listenPort": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "16-bit port for listening. Optional; if not specified,\nautomatically generated based on interface name.\n", "example": {"_type": "literalExpression", "text": "51820"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "listenPort"], "readOnly": false, "type": "null or signed integer"}, "networking.wireguard.interfaces.<name>.metric": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the metric of routes related to this Wireguard interface.\n", "example": {"_type": "literalExpression", "text": "700"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "metric"], "readOnly": false, "type": "null or signed integer"}, "networking.wireguard.interfaces.<name>.mtu": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the maximum transmission unit in bytes for the wireguard\ninterface. Beware that the wireguard packets have a header that may\nadd up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) =\n1420. However, if the MTU of the upstream network is lower, the MTU\nof the wireguard network has to be adjusted as well.\n", "example": {"_type": "literalExpression", "text": "1280"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "mtu"], "readOnly": false, "type": "null or signed integer"}, "networking.wireguard.interfaces.<name>.peers": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Peers linked to the interface.", "loc": ["networking", "wireguard", "interfaces", "<name>", "peers"], "readOnly": false, "type": "list of (submodule)"}, "networking.wireguard.interfaces.<name>.peers.*.allowedIPs": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "description": "List of IP (v4 or v6) addresses with CIDR masks from\nwhich this peer is allowed to send incoming traffic and to which\noutgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may\nbe specified for matching all IPv4 addresses, and ::/0 may be specified\nfor matching all IPv6 addresses.", "example": {"_type": "literalExpression", "text": "[\n  \"10.192.122.3/32\"\n  \"10.192.124.1/24\"\n]"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "allowedIPs"], "readOnly": false, "type": "list of string"}, "networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When the dynamic endpoint refresh that is configured via\ndynamicEndpointRefreshSeconds exits (likely due to a failure),\nrestart that service after this many seconds.\n\nIf set to `null` the value of\n{option}`networking.wireguard.dynamicEndpointRefreshSeconds`\nwill be used as the default.\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "dynamicEndpointRefreshRestartSeconds"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "config.networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds"}, "description": "Periodically re-execute the `wg` utility every\nthis many seconds in order to let WireGuard notice DNS / hostname\nchanges.\n\nSetting this to `0` disables periodic reexecution.\n\n::: {.note}\nThis peer-level setting is not available when {option}`networking.wireguard.useNetworkd`\nis enabled. The interface-level setting may be used instead.\n:::\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "dynamicEndpointRefreshSeconds"], "readOnly": false, "type": "null or signed integer"}, "networking.wireguard.interfaces.<name>.peers.*.endpoint": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint IP or hostname of the peer, followed by a colon,\nand then a port number of the peer.\n\nWarning for endpoints with changing IPs:\nThe WireGuard kernel side cannot perform DNS resolution.\nThus DNS resolution is done once by the `wg` userspace\nutility, when setting up WireGuard. Consequently, if the IP address\nbehind the name changes, WireGuard will not notice.\nThis is especially common for dynamic-DNS setups, but also applies to\nany other DNS-based setup.\nIf you do not use IP endpoints, you likely want to set\n{option}`networking.wireguard.dynamicEndpointRefreshSeconds`\nto refresh the IPs periodically.\n", "example": {"_type": "literalExpression", "text": "\"demo.wireguard.io:12913\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "endpoint"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.peers.*.name": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "publicKey"}, "description": "Name used to derive peer unit name.", "example": {"_type": "literalExpression", "text": "\"bernd\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "name"], "readOnly": false, "type": "string"}, "networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This is optional and is by default off, because most\nusers will not need it. It represents, in seconds, between 1 and 65535\ninclusive, how often to send an authenticated empty packet to the peer,\nfor the purpose of keeping a stateful firewall or NAT mapping valid\npersistently. For example, if the interface very rarely sends traffic,\nbut it might at anytime receive traffic from a peer, and it is behind\nNAT, the interface might benefit from having a persistent keepalive\ninterval of 25 seconds; however, most users will not need this.", "example": {"_type": "literalExpression", "text": "25"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "persistentKeepalive"], "readOnly": false, "type": "null or signed integer"}, "networking.wireguard.interfaces.<name>.peers.*.presharedKey": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base64 preshared key generated by {command}`wg genpsk`.\nOptional, and may be omitted. This option adds an additional layer of\nsymmetric-key cryptography to be mixed into the already existing\npublic-key cryptography, for post-quantum resistance.\n\nWarning: Consider using presharedKeyFile instead if you do not\nwant to store the key in the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "\"rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "presharedKey"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File pointing to preshared key as generated by {command}`wg genpsk`.\nOptional, and may be omitted. This option adds an additional layer of\nsymmetric-key cryptography to be mixed into the already existing\npublic-key cryptography, for post-quantum resistance.\n", "example": {"_type": "literalExpression", "text": "\"/private/wireguard_psk\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "presharedKeyFile"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.peers.*.publicKey": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "description": "The base64 public key of the peer.", "example": {"_type": "literalExpression", "text": "\"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "peers", "*", "publicKey"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "networking.wireguard.interfaces.<name>.postSetup": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands called at the end of the interface setup.", "example": {"_type": "literalExpression", "text": "''printf \"nameserver 10.200.100.1\" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0''\n"}, "loc": ["networking", "wireguard", "interfaces", "<name>", "postSetup"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wireguard.interfaces.<name>.postShutdown": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands called after shutting down the interface.", "example": {"_type": "literalExpression", "text": "\"${pkgs.openresolv}/bin/resolvconf -d wg0\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "postShutdown"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wireguard.interfaces.<name>.preSetup": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands called at the start of the interface setup.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.iproute2}/bin/ip netns add foo\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "preSetup"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wireguard.interfaces.<name>.preShutdown": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands called before shutting down the interface.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.iproute2}/bin/ip netns del foo\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "preShutdown"], "readOnly": false, "type": "strings concatenated with \"\\n\" or (list of string) convertible to it"}, "networking.wireguard.interfaces.<name>.privateKey": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base64 private key generated by {command}`wg genkey`.\n\nWarning: Consider using privateKeyFile instead if you do not\nwant to store the key in the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "\"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "privateKey"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.privateKeyFile": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key file as generated by {command}`wg genkey`.\n", "example": {"_type": "literalExpression", "text": "\"/private/wireguard_key\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "privateKeyFile"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.socketNamespace": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The pre-existing network namespace in which the\nWireGuard interface is created, and which retains the socket even if the\ninterface is moved via {option}`interfaceNamespace`. When\n`null`, the interface is created in the init namespace.\nSee [documentation](https://www.wireguard.com/netns/).\n", "example": {"_type": "literalExpression", "text": "\"container\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "socketNamespace"], "readOnly": false, "type": "null or string"}, "networking.wireguard.interfaces.<name>.table": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "\"main\""}, "description": "The kernel routing table to add this interface's\nassociated routes to. Setting this is useful for e.g. policy routing\n(\"ip rule\") or virtual routing and forwarding (\"ip vrf\"). Both\nnumeric table IDs and table names (/etc/rt_tables) can be used.\nDefaults to \"main\".\n", "loc": ["networking", "wireguard", "interfaces", "<name>", "table"], "readOnly": false, "type": "string"}, "networking.wireguard.interfaces.<name>.type": {"declarations": ["nixos/modules/services/networking/wireguard.nix"], "default": {"_type": "literalExpression", "text": "\"wireguard\""}, "description": "The type of the interface. Currently only \"wireguard\" and \"amneziawg\" are supported.\n", "example": {"_type": "literalExpression", "text": "\"amneziawg\""}, "loc": ["networking", "wireguard", "interfaces", "<name>", "type"], "readOnly": false, "type": "one of \"wireguard\", \"amneziawg\""}, "networking.wireguard.useNetworkd": {"declarations": ["nixos/modules/services/networking/wireguard-networkd.nix"], "default": {"_type": "literalExpression", "text": "config.networking.useNetworkd"}, "description": "Whether to use networkd as the network configuration backend for\nWireguard instead of the legacy script-based system.\n\n::: {.warning}\nSome options have slightly different behavior with the networkd and\nscript-based backends. Check the documentation for each Wireguard\noption you use before enabling this option.\n:::\n", "loc": ["networking", "wireguard", "useNetworkd"], "readOnly": false, "type": "boolean"}, "networking.wireless.allowAuxiliaryImperativeNetworks": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow configuring networks \"imperatively\" (e.g. via\n`wpa_supplicant_gui`) and declaratively via\n[](#opt-networking.wireless.networks).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "wireless", "allowAuxiliaryImperativeNetworks"], "readOnly": false, "type": "boolean"}, "networking.wireless.athUserRegulatoryDomain": {"declarations": ["nixos/modules/hardware/network/ath-user-regd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, sets the ATH_USER_REGD kernel config switch to true to\ndisable the enforcement of EEPROM regulatory restrictions for ath\ndrivers. Requires at least Linux 5.8.\n", "loc": ["networking", "wireless", "athUserRegulatoryDomain"], "readOnly": false, "type": "boolean"}, "networking.wireless.autoDetectInterfaces": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable automatic detection of wireless interfaces.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "wireless", "autoDetectInterfaces"], "readOnly": false, "type": "boolean"}, "networking.wireless.dbusControlled": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "length config.networking.wireless.interfaces < 2"}, "description": "Whether to enable the DBus control interface.\nThis is only needed when using NetworkManager or connman.\n", "loc": ["networking", "wireless", "dbusControlled"], "readOnly": false, "type": "boolean"}, "networking.wireless.driver": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"nl80211,wext\""}, "description": "Force a specific wpa_supplicant driver.", "loc": ["networking", "wireless", "driver"], "readOnly": false, "type": "string"}, "networking.wireless.enable": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wpa_supplicant.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "wireless", "enable"], "readOnly": false, "type": "boolean"}, "networking.wireless.enableHardening": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to apply security hardening measures to wpa_supplicant.\nThese include limiting access to the filesystem, devices and network\ncapabilities.\n\n::: {.note}\nDisabling this will increase the potential attack surface if the\nwpa_supplicant daemon becomes compromised, but it may be necessary\nfor more complex enterprise networks (for example requiring\naccess to mutable files, smart cards or TPM devices).\n:::\n", "loc": ["networking", "wireless", "enableHardening"], "readOnly": false, "type": "unspecified value"}, "networking.wireless.extraConfig": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines appended to the configuration file.\nSee\n{manpage}`wpa_supplicant.conf(5)`\nfor available options.\n", "example": {"_type": "literalExpression", "text": "''\n  p2p_disabled=1\n''"}, "loc": ["networking", "wireless", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "networking.wireless.extraConfigFiles": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra wpa_supplicant configuration files to load.\n", "loc": ["networking", "wireless", "extraConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "networking.wireless.fallbackToWPA2": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to fall back to WPA2 authentication protocols if WPA3 failed.\nThis allows old wireless cards (that lack recent features required by\nWPA3) to connect to mixed WPA2/WPA3 access points.\n\nTo avoid possible downgrade attacks, disable this options.\n", "loc": ["networking", "wireless", "fallbackToWPA2"], "readOnly": false, "type": "boolean"}, "networking.wireless.interfaces": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The interfaces {command}`wpa_supplicant` will use. If empty and\n[](#opt-networking.wireless.autoDetectInterfaces) is true it will\nautomatically use all wireless interfaces.\n\n::: {.note}\nA separate wpa_supplicant instance will be started for each interface.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  \"wlan0\"\n  \"wlan1\"\n]"}, "loc": ["networking", "wireless", "interfaces"], "readOnly": false, "type": "list of string"}, "networking.wireless.iwd.enable": {"declarations": ["nixos/modules/services/networking/iwd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iwd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["networking", "wireless", "iwd", "enable"], "readOnly": false, "type": "boolean"}, "networking.wireless.iwd.package": {"declarations": ["nixos/modules/services/networking/iwd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iwd"}, "description": "The iwd package to use.", "loc": ["networking", "wireless", "iwd", "package"], "readOnly": false, "type": "package"}, "networking.wireless.iwd.settings": {"declarations": ["nixos/modules/services/networking/iwd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options passed to iwd.\nSee {manpage}`iwd.config(5)` for supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  Network = {\n    EnableIPv6 = true;\n    RoutePriorityOffset = 300;\n  };\n  Settings = {\n    AutoConnect = true;\n  };\n}"}, "loc": ["networking", "wireless", "iwd", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "networking.wireless.networks": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The network definitions to automatically connect to when\n {command}`wpa_supplicant` is running. If this\n parameter is left empty wpa_supplicant will use\n/etc/wpa_supplicant.conf as the configuration file.\n", "example": {"_type": "literalExpression", "text": "{ echelon = {                   # SSID with no spaces or special characters\n    psk = \"abcdefgh\";           # (password will be written to /nix/store!)\n  };\n\n  echelon = {                   # safe version of the above: read PSK from the\n    pskRaw = \"ext:psk_echelon\"; # variable psk_echelon, defined in secretsFile,\n  };                            # this won't leak into /nix/store\n\n  \"echelon's AP\" = {            # SSID with spaces and/or special characters\n     psk = \"ijklmnop\";          # (password will be written to /nix/store!)\n  };\n\n  \"free.wifi\" = {};             # Public wireless network\n}\n"}, "loc": ["networking", "wireless", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.wireless.networks.<name>.auth": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use this option to configure advanced authentication methods\nlike EAP. See {manpage}`wpa_supplicant.conf(5)` for example\nconfigurations.\n\n::: {.warning}\nBe aware that this will be written to the Nix store\nin plaintext! Use an external reference like\n`ext:secretname` for secrets.\n:::\n\n::: {.note}\nMutually exclusive with {var}`psk` and {var}`pskRaw`.\n:::\n", "example": {"_type": "literalExpression", "text": "''\n  eap=PEAP\n  identity=\"user@example.com\"\n  password=ext:example_password\n''"}, "loc": ["networking", "wireless", "networks", "<name>", "auth"], "readOnly": false, "type": "null or string"}, "networking.wireless.networks.<name>.authProtocols": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"WPA-PSK\"\n  \"WPA-EAP\"\n  \"SAE\"\n  \"FT-PSK\"\n  \"FT-EAP\"\n  \"FT-SAE\"\n]"}, "description": "The list of authentication protocols accepted by this network.\nThis corresponds to the `key_mgmt` option in wpa_supplicant.\n", "loc": ["networking", "wireless", "networks", "<name>", "authProtocols"], "readOnly": false, "type": "list of (one of \"WPA-PSK\", \"WPA-EAP\", \"IEEE8021X\", \"NONE\", \"WPA-NONE\", \"FT-PSK\", \"FT-EAP\", \"FT-EAP-SHA384\", \"WPA-PSK-SHA256\", \"WPA-EAP-SHA256\", \"SAE\", \"FT-SAE\", \"WPA-EAP-SUITE-B\", \"WPA-EAP-SUITE-B-192\", \"OSEN\", \"FILS-SHA256\", \"FILS-SHA384\", \"FT-FILS-SHA256\", \"FT-FILS-SHA384\", \"OWE\", \"DPP\")"}, "networking.wireless.networks.<name>.bssid": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, this network block is used only when associating with\nthe AP using the configured BSSID.\n", "example": {"_type": "literalExpression", "text": "\"02:00:00:00:00:01\""}, "loc": ["networking", "wireless", "networks", "<name>", "bssid"], "readOnly": false, "type": "null or string"}, "networking.wireless.networks.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration lines appended to the network block.\nSee {manpage}`wpa_supplicant.conf(5)` for available options.\n", "example": {"_type": "literalExpression", "text": "''\n  bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66\n''"}, "loc": ["networking", "wireless", "networks", "<name>", "extraConfig"], "readOnly": false, "type": "string"}, "networking.wireless.networks.<name>.hidden": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set this to `true` if the SSID of the network is hidden.\n", "example": {"_type": "literalExpression", "text": "{ echelon = {\n    hidden = true;\n    psk = \"abcdefgh\";\n  };\n}\n"}, "loc": ["networking", "wireless", "networks", "<name>", "hidden"], "readOnly": false, "type": "boolean"}, "networking.wireless.networks.<name>.priority": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default, all networks will get same priority group (0). If\nsome of the networks are more desirable, this field can be used\nto change the order in which wpa_supplicant goes through the\nnetworks when selecting a BSS. The priority groups will be\niterated in decreasing priority (i.e., the larger the priority\nvalue, the sooner the network is matched against the scan\nresults). Within each priority group, networks will be selected\nbased on security policy, signal strength, etc.\n", "loc": ["networking", "wireless", "networks", "<name>", "priority"], "readOnly": false, "type": "null or signed integer"}, "networking.wireless.networks.<name>.psk": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The network's pre-shared key in plaintext defaulting\nto being a network without any authentication.\n\n::: {.warning}\nBe aware that this will be written to the Nix store\nin plaintext! Use {var}`pskRaw` with an external\nreference to keep it safe.\n:::\n\n::: {.note}\nMutually exclusive with {var}`pskRaw`.\n:::\n", "loc": ["networking", "wireless", "networks", "<name>", "psk"], "readOnly": false, "type": "null or string matching the pattern [[:print:]]{8,63}"}, "networking.wireless.networks.<name>.pskRaw": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Either the raw pre-shared key in hexadecimal format\nor the name of the secret (as defined inside\n[](#opt-networking.wireless.secretsFile) and prefixed\nwith `ext:`) containing the network pre-shared key.\n\n::: {.warning}\nBe aware that this will be written to the Nix store\nin plaintext! Always use an external reference.\n:::\n\n::: {.note}\nThe external secret can be either the plaintext\npassphrase or the raw pre-shared key.\n:::\n\n::: {.note}\nMutually exclusive with {var}`psk` and {var}`auth`.\n:::\n", "example": {"_type": "literalExpression", "text": "\"ext:name_of_the_secret_here\""}, "loc": ["networking", "wireless", "networks", "<name>", "pskRaw"], "readOnly": false, "type": "null or string matching the pattern ([[:xdigit:]]{64})|(ext:[^=]+)"}, "networking.wireless.networks.<name>.ssid": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "You could use this field to override the network's ssid.\nThis can be useful to, for example, specify two networks\nthat share the same SSID but not the same password.\nSpecifying the BSSID of the network can make two entries of\nthe same SSID show up as different ones in wpa_cli.\n", "loc": ["networking", "wireless", "networks", "<name>", "ssid"], "readOnly": false, "type": "string"}, "networking.wireless.scanOnLowSignal": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically scan for (better) networks when the signal of\nthe current one is low. This will make roaming between access points\nfaster, but will consume more power.\n", "loc": ["networking", "wireless", "scanOnLowSignal"], "readOnly": false, "type": "boolean"}, "networking.wireless.secretsFile": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File consisting of lines of the form `varname=value`\nto define variables for the wireless configuration.\n\nSecrets (PSKs, passwords, etc.) can be provided without adding them to\nthe world-readable Nix store by defining them in the secrets file and\nreferring to them in option [](#opt-networking.wireless.networks)\nwith the syntax `ext:secretname`. Example:\n\n```\n# content of /run/secrets/wireless.conf\npsk_home=mypassword\npsk_other=6a381cea59c7a2d6b30736ba0e6f397f7564a044bcdb7a327a1d16a1ed91b327\npass_work=myworkpassword\n\n# wireless-related configuration\nnetworking.wireless.secretsFile = \"/run/secrets/wireless.conf\";\nnetworking.wireless.networks = {\n  home.pskRaw = \"ext:psk_home\";\n  other.pskRaw = \"ext:psk_other\";\n  work.auth = ''\n    eap=PEAP\n    identity=\"my-user@example.com\"\n    password=ext:pass_work\n  '';\n};\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/wireless.conf\""}, "loc": ["networking", "wireless", "secretsFile"], "readOnly": false, "type": "null or absolute path"}, "networking.wireless.userControlled": {"declarations": ["nixos/modules/services/networking/wpa_supplicant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow users of the `wpa_supplicant` group to control wpa_supplicant\nthrough wpa_gui or wpa_cli.\nThis is useful for laptop users that switch networks a lot and don't want\nto depend on a large package such as NetworkManager just to pick nearby\naccess points.\n\n::: {.note}\nWhen networks are configured declaratively, you cannot persist any settings\nvia wpa_gui or wpa_cli, unless {option}`allowAuxiliaryImperativeNetworks`\nis used.\n:::\n", "loc": ["networking", "wireless", "userControlled"], "readOnly": false, "type": "boolean or (attribute set) convertible to it"}, "networking.wlanInterfaces": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Creating multiple WLAN interfaces on top of one physical WLAN device (NIC).\n\nThe name of the WLAN interface corresponds to the name of the attribute.\nA NIC is referenced by the persistent device name of the WLAN interface that\n`udev` assigns to a NIC by default.\nIf a NIC supports multiple WLAN interfaces, then the one NIC can be used as\n`device` for multiple WLAN interfaces.\nIf a NIC is used for creating WLAN interfaces, then the default WLAN interface\nwith a persistent device name form `udev` is not created.\nA WLAN interface with the persistent name assigned from `udev`\nwould have to be created explicitly.\n", "example": {"_type": "literalExpression", "text": "{\n  wlan-station0 = {\n      device = \"wlp6s0\";\n  };\n  wlan-adhoc0 = {\n      type = \"ibss\";\n      device = \"wlp6s0\";\n      mac = \"02:00:00:00:00:01\";\n  };\n  wlan-p2p0 = {\n      device = \"wlp6s0\";\n      mac = \"02:00:00:00:00:02\";\n  };\n  wlan-ap0 = {\n      device = \"wlp6s0\";\n      mac = \"02:00:00:00:00:03\";\n  };\n}\n"}, "loc": ["networking", "wlanInterfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "networking.wlanInterfaces.<name>.device": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "description": "The name of the underlying hardware WLAN device as assigned by `udev`.", "example": {"_type": "literalExpression", "text": "\"wlp6s0\""}, "loc": ["networking", "wlanInterfaces", "<name>", "device"], "readOnly": false, "type": "string"}, "networking.wlanInterfaces.<name>.flags": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Flags for interface of type `monitor`.\n", "example": {"_type": "literalExpression", "text": "\"control\""}, "loc": ["networking", "wlanInterfaces", "<name>", "flags"], "readOnly": false, "type": "null or one of \"none\", \"fcsfail\", \"control\", \"otherbss\", \"cook\", \"active\""}, "networking.wlanInterfaces.<name>.fourAddr": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to enable `4-address mode` with type `managed`.", "loc": ["networking", "wlanInterfaces", "<name>", "fourAddr"], "readOnly": false, "type": "null or boolean"}, "networking.wlanInterfaces.<name>.mac": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MAC address to use for the device. If `null`, then the MAC of the\nunderlying hardware WLAN device is used.\n\nINFO: Locally administered MAC addresses are of the form:\n- x2:xx:xx:xx:xx:xx\n- x6:xx:xx:xx:xx:xx\n- xA:xx:xx:xx:xx:xx\n- xE:xx:xx:xx:xx:xx\n", "example": {"_type": "literalExpression", "text": "\"02:00:00:00:00:01\""}, "loc": ["networking", "wlanInterfaces", "<name>", "mac"], "readOnly": false, "type": "null or string"}, "networking.wlanInterfaces.<name>.meshID": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MeshID of interface with type `mesh`.", "loc": ["networking", "wlanInterfaces", "<name>", "meshID"], "readOnly": false, "type": "null or string"}, "networking.wlanInterfaces.<name>.type": {"declarations": ["nixos/modules/tasks/network-interfaces.nix"], "default": {"_type": "literalExpression", "text": "\"managed\""}, "description": "The type of the WLAN interface.\nThe type has to be supported by the underlying hardware of the device.\n", "example": {"_type": "literalExpression", "text": "\"ibss\""}, "loc": ["networking", "wlanInterfaces", "<name>", "type"], "readOnly": false, "type": "one of \"managed\", \"ibss\", \"monitor\", \"mesh\", \"wds\""}, "nix.buildMachines": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option lists the machines to be used if distributed builds are\nenabled (see {option}`nix.distributedBuilds`).\nNix will perform derivations on those machines via SSH by copying the\ninputs to the Nix store on the remote machine, starting the build,\nthen copying the output back to the local Nix store.\n", "loc": ["nix", "buildMachines"], "readOnly": false, "type": "list of (submodule)"}, "nix.buildMachines.*.hostName": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "description": "The hostname of the build machine.\n", "example": {"_type": "literalExpression", "text": "\"nixbuilder.example.org\""}, "loc": ["nix", "buildMachines", "*", "hostName"], "readOnly": false, "type": "string"}, "nix.buildMachines.*.mandatoryFeatures": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of features mandatory for this builder. The builder will\nbe ignored for derivations that don't require all features in\nthis list. All mandatory features are automatically included in\n{var}`supportedFeatures`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"big-parallel\"\n]"}, "loc": ["nix", "buildMachines", "*", "mandatoryFeatures"], "readOnly": false, "type": "list of string"}, "nix.buildMachines.*.maxJobs": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The number of concurrent jobs the build machine supports. The\nbuild machine will enforce its own limits, but this allows hydra\nto schedule better since there is no work-stealing between build\nmachines.\n", "loc": ["nix", "buildMachines", "*", "maxJobs"], "readOnly": false, "type": "signed integer"}, "nix.buildMachines.*.protocol": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "\"ssh\""}, "description": "The protocol used for communicating with the build machine.\nUse `ssh-ng` if your remote builder and your\nlocal Nix version support that improved protocol.\n\nUse `null` when trying to change the special localhost builder\nwithout a protocol which is for example used by hydra.\n", "example": {"_type": "literalExpression", "text": "\"ssh-ng\""}, "loc": ["nix", "buildMachines", "*", "protocol"], "readOnly": false, "type": "one of <null>, \"ssh\", \"ssh-ng\""}, "nix.buildMachines.*.publicHostKey": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The (base64-encoded) public host key of this builder. The field\nis calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`.\nIf null, SSH will use its regular known-hosts file when connecting.\n", "loc": ["nix", "buildMachines", "*", "publicHostKey"], "readOnly": false, "type": "null or string"}, "nix.buildMachines.*.speedFactor": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The relative speed of this builder. This is an arbitrary integer\nthat indicates the speed of this builder, relative to other\nbuilders. Higher is faster.\n", "loc": ["nix", "buildMachines", "*", "speedFactor"], "readOnly": false, "type": "signed integer"}, "nix.buildMachines.*.sshKey": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the SSH private key with which to authenticate on\nthe build machine. The private key must not have a passphrase.\nIf null, the building user (root on NixOS machines) must have an\nappropriate ssh configuration to log in non-interactively.\n\nNote that for security reasons, this path must point to a file\nin the local filesystem, *not* to the nix store.\n", "example": {"_type": "literalExpression", "text": "\"/root/.ssh/id_buildhost_builduser\""}, "loc": ["nix", "buildMachines", "*", "sshKey"], "readOnly": false, "type": "null or string"}, "nix.buildMachines.*.sshUser": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The username to log in as on the remote host. This user must be\nable to log in and run nix commands non-interactively. It must\nalso be privileged to build derivations, so must be included in\n{option}`nix.settings.trusted-users`.\n", "example": {"_type": "literalExpression", "text": "\"builder\""}, "loc": ["nix", "buildMachines", "*", "sshUser"], "readOnly": false, "type": "null or string"}, "nix.buildMachines.*.supportedFeatures": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of features supported by this builder. The builder will\nbe ignored for derivations that require features not in this\nlist.\n", "example": {"_type": "literalExpression", "text": "[\n  \"kvm\"\n  \"big-parallel\"\n]"}, "loc": ["nix", "buildMachines", "*", "supportedFeatures"], "readOnly": false, "type": "list of string"}, "nix.buildMachines.*.system": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The system type the build machine can execute derivations on.\nEither this attribute or {var}`systems` must be\npresent, where {var}`system` takes precedence if\nboth are set.\n", "example": {"_type": "literalExpression", "text": "\"x86_64-linux\""}, "loc": ["nix", "buildMachines", "*", "system"], "readOnly": false, "type": "null or string"}, "nix.buildMachines.*.systems": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The system types the build machine can execute derivations on.\nEither this attribute or {var}`system` must be\npresent, where {var}`system` takes precedence if\nboth are set.\n", "example": {"_type": "literalExpression", "text": "[\n  \"x86_64-linux\"\n  \"aarch64-linux\"\n]"}, "loc": ["nix", "buildMachines", "*", "systems"], "readOnly": false, "type": "list of string"}, "nix.channel.enable": {"declarations": ["nixos/modules/config/nix-channel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the `nix-channel` command and state files are made available on the machine.\n\nThe following files are initialized when enabled:\n  - `/nix/var/nix/profiles/per-user/root/channels`\n  - `/root/.nix-channels`\n  - `$HOME/.nix-defexpr/channels` (on login)\n\nDisabling this option will not remove the state files from the system.\n", "loc": ["nix", "channel", "enable"], "readOnly": false, "type": "boolean"}, "nix.checkAllErrors": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings.\n", "loc": ["nix", "checkAllErrors"], "readOnly": false, "type": "boolean"}, "nix.checkConfig": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, checks that Nix can parse the generated nix.conf.\n", "loc": ["nix", "checkConfig"], "readOnly": false, "type": "boolean"}, "nix.daemonCPUSchedPolicy": {"declarations": ["nixos/modules/services/system/nix-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"other\""}, "description": "Nix daemon process CPU scheduling policy. This policy propagates to\nbuild processes. `other` is the default scheduling\npolicy for regular tasks. The `batch` policy is\nsimilar to `other`, but optimised for\nnon-interactive tasks. `idle` is for extremely\nlow-priority tasks that should only be run when no other task\nrequires CPU time.\n\nPlease note that while using the `idle` policy may\ngreatly improve responsiveness of a system performing expensive\nbuilds, it may also slow down and potentially starve crucial\nconfiguration updates during load.\n\n`idle` may therefore be a sensible policy for\nsystems that experience only intermittent phases of high CPU load,\nsuch as desktop or portable computers used interactively. Other\nsystems should use the `other` or\n`batch` policy instead.\n\nFor more fine-grained resource control, please refer to\n{manpage}`systemd.resource-control(5)` and adjust\n{option}`systemd.services.nix-daemon` directly.\n", "example": {"_type": "literalExpression", "text": "\"batch\""}, "loc": ["nix", "daemonCPUSchedPolicy"], "readOnly": false, "type": "one of \"other\", \"batch\", \"idle\""}, "nix.daemonIOSchedClass": {"declarations": ["nixos/modules/services/system/nix-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"best-effort\""}, "description": "Nix daemon process I/O scheduling class. This class propagates to\nbuild processes. `best-effort` is the default\nclass for regular tasks. The `idle` class is for\nextremely low-priority tasks that should only perform I/O when no\nother task does.\n\nPlease note that while using the `idle` scheduling\nclass can improve responsiveness of a system performing expensive\nbuilds, it might also slow down or starve crucial configuration\nupdates during load.\n\n`idle` may therefore be a sensible class for\nsystems that experience only intermittent phases of high I/O load,\nsuch as desktop or portable computers used interactively. Other\nsystems should use the `best-effort` class.\n", "example": {"_type": "literalExpression", "text": "\"idle\""}, "loc": ["nix", "daemonIOSchedClass"], "readOnly": false, "type": "one of \"best-effort\", \"idle\""}, "nix.daemonIOSchedPriority": {"declarations": ["nixos/modules/services/system/nix-daemon.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Nix daemon process I/O scheduling priority. This priority propagates\nto build processes. The supported priorities depend on the\nscheduling policy: With idle, priorities are not used in scheduling\ndecisions. best-effort supports values in the range 0 (high) to 7\n(low).\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["nix", "daemonIOSchedPriority"], "readOnly": false, "type": "signed integer"}, "nix.distributedBuilds": {"declarations": ["nixos/modules/config/nix-remote-build.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to distribute builds to the machines listed in\n{option}`nix.buildMachines`.\n", "loc": ["nix", "distributedBuilds"], "readOnly": false, "type": "boolean"}, "nix.enable": {"declarations": ["nixos/modules/services/system/nix-daemon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Nix.\nDisabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself.\n", "loc": ["nix", "enable"], "readOnly": false, "type": "boolean"}, "nix.extraOptions": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional text appended to {file}`nix.conf`.", "example": {"_type": "literalExpression", "text": "''\n  keep-outputs = true\n  keep-derivations = true\n''"}, "loc": ["nix", "extraOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "nix.firewall.allowLoopback": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow traffic on the loopback interface. Traffic is still subject to protocol/port rules", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["nix", "firewall", "allowLoopback"], "readOnly": false, "type": "unspecified value"}, "nix.firewall.allowNonTCPUDP": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow traffic that is neither TCP nor UDP", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["nix", "firewall", "allowNonTCPUDP"], "readOnly": false, "type": "boolean"}, "nix.firewall.allowPrivateNetworks": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to allow traffic to local networks. Traffic is still subject to protocol/port rules. Note that this option may break DNS resolution when the DNS resolver is in a local network", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["nix", "firewall", "allowPrivateNetworks"], "readOnly": false, "type": "unspecified value"}, "nix.firewall.allowedTCPPorts": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "TCP ports to which traffic is allowed. Specifying no ports will allow all TCP traffic", "example": {"_type": "literalExpression", "text": "[\n  \"http\"\n  443\n  \"30000-31000\"\n]"}, "loc": ["nix", "firewall", "allowedTCPPorts"], "readOnly": false, "type": "list of ((optionally newline-terminated) single-line string or 16 bit unsigned integer; between 0 and 65535 (both inclusive))"}, "nix.firewall.allowedUDPPorts": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "UDP ports to which traffic is allowed. Specifying no ports will allow all UDP traffic", "example": {"_type": "literalExpression", "text": "[\n  53\n]"}, "loc": ["nix", "firewall", "allowedUDPPorts"], "readOnly": false, "type": "list of ((optionally newline-terminated) single-line string or 16 bit unsigned integer; between 0 and 65535 (both inclusive))"}, "nix.firewall.enable": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable firewalling for outgoing traffic of the nix daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["nix", "firewall", "enable"], "readOnly": false, "type": "boolean"}, "nix.firewall.extraNftablesRules": {"declarations": ["nixos/modules/services/system/nix-daemon-firewall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra nftables rules to prepend to the generated ones", "example": {"_type": "literalExpression", "text": "[\n  \"ip daddr 1.1.1.1 udp dport accept\"\n]"}, "loc": ["nix", "firewall", "extraNftablesRules"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "nix.gc.automatic": {"declarations": ["nixos/modules/services/misc/nix-gc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically run the garbage collector at a specific time.", "loc": ["nix", "gc", "automatic"], "readOnly": false, "type": "boolean"}, "nix.gc.dates": {"declarations": ["nixos/modules/services/misc/nix-gc.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"03:15\"\n]"}, "description": "How often or when garbage collection is performed. For most desktop and server systems\na sufficient garbage collection is once a week.\n\nThis value must be a calendar event in the format specified by\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"weekly\""}, "loc": ["nix", "gc", "dates"], "readOnly": false, "type": "(optionally newline-terminated) single-line string or list of string"}, "nix.gc.options": {"declarations": ["nixos/modules/services/misc/nix-gc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options given to [`nix-collect-garbage`](https://nixos.org/manual/nix/stable/command-ref/nix-collect-garbage) when the garbage collector is run automatically.\n", "example": {"_type": "literalExpression", "text": "\"--max-freed $((64 * 1024**3))\""}, "loc": ["nix", "gc", "options"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "nix.gc.persistent": {"declarations": ["nixos/modules/services/misc/nix-gc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Takes a boolean argument. If true, the time when the service\nunit was last triggered is stored on disk. When the timer is\nactivated, the service unit is triggered immediately if it\nwould have been triggered at least once during the time when\nthe timer was inactive. Such triggering is nonetheless\nsubject to the delay imposed by RandomizedDelaySec=. This is\nuseful to catch up on missed runs of the service when the\nsystem was powered down.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["nix", "gc", "persistent"], "readOnly": false, "type": "boolean"}, "nix.gc.randomizedDelaySec": {"declarations": ["nixos/modules/services/misc/nix-gc.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Add a randomized delay before each garbage collection.\nThe delay will be chosen between zero and this value.\nThis value must be a time span in the format specified by\n{manpage}`systemd.time(7)`\n", "example": {"_type": "literalExpression", "text": "\"45min\""}, "loc": ["nix", "gc", "randomizedDelaySec"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "nix.nixPath": {"declarations": ["nixos/modules/config/nix-channel.nix"], "default": {"_type": "literalExpression", "text": "''\n  if nix.channel.enable\n  then [\n    \"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos\"\n    \"nixos-config=/etc/nixos/configuration.nix\"\n    \"/nix/var/nix/profiles/per-user/root/channels\"\n  ]\n  else [];\n''"}, "description": "The default Nix expression search path, used by the Nix\nevaluator to look up paths enclosed in angle brackets\n(e.g. `<nixpkgs>`).\n", "loc": ["nix", "nixPath"], "readOnly": false, "type": "list of string"}, "nix.nrBuildUsers": {"declarations": ["nixos/modules/services/system/nix-daemon.nix"], "description": "Number of `nixbld` user accounts created to\nperform secure concurrent builds.  If you receive an error\nmessage saying that \u201call build users are currently in use\u201d,\nyou should increase this value.\n", "loc": ["nix", "nrBuildUsers"], "readOnly": false, "type": "signed integer"}, "nix.optimise.automatic": {"declarations": ["nixos/modules/services/misc/nix-optimise.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically run the nix store optimiser at a specific time.", "loc": ["nix", "optimise", "automatic"], "readOnly": false, "type": "boolean"}, "nix.optimise.dates": {"declarations": ["nixos/modules/services/misc/nix-optimise.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"03:45\"\n]"}, "description": "Specification (in the format described by\n{manpage}`systemd.time(7)`) of the time at\nwhich the optimiser will run.\n", "loc": ["nix", "optimise", "dates"], "readOnly": false, "type": "(optionally newline-terminated) single-line string or list of string"}, "nix.optimise.persistent": {"declarations": ["nixos/modules/services/misc/nix-optimise.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Takes a boolean argument. If true, the time when the service\nunit was last triggered is stored on disk. When the timer is\nactivated, the service unit is triggered immediately if it\nwould have been triggered at least once during the time when\nthe timer was inactive. Such triggering is nonetheless\nsubject to the delay imposed by RandomizedDelaySec=. This is\nuseful to catch up on missed runs of the service when the\nsystem was powered down.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["nix", "optimise", "persistent"], "readOnly": false, "type": "boolean"}, "nix.optimise.randomizedDelaySec": {"declarations": ["nixos/modules/services/misc/nix-optimise.nix"], "default": {"_type": "literalExpression", "text": "\"1800\""}, "description": "Add a randomized delay before the optimizer will run.\nThe delay will be chosen between zero and this value.\nThis value must be a time span in the format specified by\n{manpage}`systemd.time(7)`\n", "example": {"_type": "literalExpression", "text": "\"45min\""}, "loc": ["nix", "optimise", "randomizedDelaySec"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "nix.package": {"declarations": ["nixos/modules/services/system/nix-daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nix"}, "description": "This option specifies the Nix package instance to use throughout the system.\n", "loc": ["nix", "package"], "readOnly": false, "type": "package"}, "nix.registry": {"declarations": ["nixos/modules/config/nix-flakes.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A system-wide flake registry.\n\nSee {manpage}`nix3-registry(1)` for more information.\n", "loc": ["nix", "registry"], "readOnly": false, "type": "attribute set of (submodule)"}, "nix.registry.<name>.exact": {"declarations": ["nixos/modules/config/nix-flakes.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the {option}`from` reference needs to match exactly. If set,\na {option}`from` reference like `nixpkgs` does not\nmatch with a reference like `nixpkgs/nixos-20.03`.\n", "loc": ["nix", "registry", "<name>", "exact"], "readOnly": false, "type": "boolean"}, "nix.registry.<name>.flake": {"declarations": ["nixos/modules/config/nix-flakes.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The flake input {option}`from` is rewritten to.\n", "example": {"_type": "literalExpression", "text": "nixpkgs"}, "loc": ["nix", "registry", "<name>", "flake"], "readOnly": false, "type": "null or (attribute set)"}, "nix.registry.<name>.from": {"declarations": ["nixos/modules/config/nix-flakes.nix"], "description": "The flake reference to be rewritten.\n\nThe format of flake references is described in {manpage}`nix3-flake(1)`.\n\n", "example": {"_type": "literalExpression", "text": "{\n  id = \"nixpkgs\";\n  type = \"indirect\";\n}"}, "loc": ["nix", "registry", "<name>", "from"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean or absolute path or package)"}, "nix.registry.<name>.to": {"declarations": ["nixos/modules/config/nix-flakes.nix"], "description": "The flake reference {option}`from` is rewritten to.\n\nThe format of flake references is described in {manpage}`nix3-flake(1)`.\n\n", "example": {"_type": "literalExpression", "text": "{\n  owner = \"my-org\";\n  repo = \"my-nixpkgs\";\n  type = \"github\";\n}"}, "loc": ["nix", "registry", "<name>", "to"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean or absolute path or package)"}, "nix.settings": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Nix, see\n<https://nixos.org/manual/nix/stable/command-ref/conf-file.html> or\n{manpage}`nix.conf(5)` for available options.\nThe value declared here will be translated directly to the key-value pairs Nix expects.\n\nYou can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings`\nto view the current value. By default it is empty.\n\nNix configurations defined under {option}`nix.*` will be translated and applied to this\noption. In addition, configuration specified in {option}`nix.extraOptions` will be appended\nverbatim to the resulting config file.\n", "example": {"_type": "literalExpression", "text": "{\n  use-sandbox = true;\n  show-trace = true;\n\n  sandbox-paths = [ \"/bin/sh=${pkgs.busybox-sandbox-shell.out}/bin/busybox\" ];\n}\n"}, "loc": ["nix", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Nix config atom (null, bool, int, float, str, path or package) or list of (Nix config atom (null, bool, int, float, str, path or package)))"}, "nix.settings.allowed-users": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "A list of names of users (separated by whitespace) that are\nallowed to connect to the Nix daemon. As with\n{option}`nix.settings.trusted-users`, you can specify groups by\nprefixing them with `@`. Also, you can\nallow all users by specifying `*`. The\ndefault is `*`. Note that trusted users are\nalways allowed to connect.\n", "example": {"_type": "literalExpression", "text": "[\n  \"@wheel\"\n  \"@builders\"\n  \"alice\"\n  \"bob\"\n]"}, "loc": ["nix", "settings", "allowed-users"], "readOnly": false, "type": "list of string"}, "nix.settings.auto-optimise-store": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to true, Nix automatically detects files in the store that have\nidentical contents, and replaces them with hard links to a single copy.\nThis saves disk space. If set to false (the default), you can still run\nnix-store --optimise to get rid of duplicate files.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["nix", "settings", "auto-optimise-store"], "readOnly": false, "type": "boolean"}, "nix.settings.cores": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "This option defines the maximum number of concurrent tasks during\none build. It affects, e.g., -j option for make.\nThe special value 0 means that the builder should use all\navailable CPU cores in the system. Some builds may become\nnon-deterministic with this option; use with care! Packages will\nonly be affected if enableParallelBuilding is set for them.\n", "example": {"_type": "literalExpression", "text": "64"}, "loc": ["nix", "settings", "cores"], "readOnly": false, "type": "signed integer"}, "nix.settings.extra-sandbox-paths": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories from the host filesystem to be included\nin the sandbox.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev\"\n  \"/proc\"\n]"}, "loc": ["nix", "settings", "extra-sandbox-paths"], "readOnly": false, "type": "list of string"}, "nix.settings.max-jobs": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "This option defines the maximum number of jobs that Nix will try to\nbuild in parallel. The default is auto, which means it will use all\navailable logical cores. It is recommend to set it to the total\nnumber of logical cores in your system (e.g., 16 for two CPUs with 4\ncores each and hyper-threading).\n", "example": {"_type": "literalExpression", "text": "64"}, "loc": ["nix", "settings", "max-jobs"], "readOnly": false, "type": "signed integer or value \"auto\" (singular enum)"}, "nix.settings.require-sigs": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled (the default), Nix will only download binaries from binary caches if\nthey are cryptographically signed with any of the keys listed in\n{option}`nix.settings.trusted-public-keys`. If disabled, signatures are neither\nrequired nor checked, so it's strongly recommended that you use only\ntrustworthy caches and https to prevent man-in-the-middle attacks.\n", "loc": ["nix", "settings", "require-sigs"], "readOnly": false, "type": "boolean"}, "nix.settings.sandbox": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set, Nix will perform builds in a sandboxed environment that it\nwill set up automatically for each build. This prevents impurities\nin builds by disallowing access to dependencies outside of the Nix\nstore by using network and mount namespaces in a chroot environment.\n\nThis is enabled by default even though it has a possible performance\nimpact due to the initial setup time of a sandbox for each build. It\ndoesn't affect derivation hashes, so changing this option will not\ntrigger a rebuild of packages.\n\nWhen set to \"relaxed\", this option permits derivations that set\n`__noChroot = true;` to run outside of the sandboxed environment.\nExercise caution when using this mode of operation! It is intended to\nbe a quick hack when building with packages that are not easily setup\nto be built reproducibly.\n", "loc": ["nix", "settings", "sandbox"], "readOnly": false, "type": "boolean or value \"relaxed\" (singular enum)"}, "nix.settings.substituters": {"declarations": ["nixos/modules/config/nix.nix"], "description": "List of binary cache URLs used to obtain pre-built binaries\nof Nix packages.\n\nBy default https://cache.nixos.org/ is added.\n", "loc": ["nix", "settings", "substituters"], "readOnly": false, "type": "list of string"}, "nix.settings.system-features": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "[ \"nixos-test\" \"benchmark\" \"big-parallel\" \"kvm\" \"gccarch-<arch>\" ]"}, "description": "The set of features supported by the machine. Derivations\ncan express dependencies on system features through the\n`requiredSystemFeatures` attribute.\n", "loc": ["nix", "settings", "system-features"], "readOnly": false, "type": "list of string"}, "nix.settings.trusted-public-keys": {"declarations": ["nixos/modules/config/nix.nix"], "description": "List of public keys used to sign binary caches. If\n{option}`nix.settings.trusted-public-keys` is enabled,\nthen Nix will use a binary from a binary cache if and only\nif it is signed by *any* of the keys\nlisted here. By default, only the key for\n`cache.nixos.org` is included.\n", "example": {"_type": "literalExpression", "text": "[\n  \"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=\"\n]"}, "loc": ["nix", "settings", "trusted-public-keys"], "readOnly": false, "type": "list of string"}, "nix.settings.trusted-substituters": {"declarations": ["nixos/modules/config/nix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of binary cache URLs that non-root users can use (in\naddition to those specified using\n{option}`nix.settings.substituters`) by passing\n`--option binary-caches` to Nix commands.\n", "example": {"_type": "literalExpression", "text": "[\n  \"https://hydra.nixos.org/\"\n]"}, "loc": ["nix", "settings", "trusted-substituters"], "readOnly": false, "type": "list of string"}, "nix.settings.trusted-users": {"declarations": ["nixos/modules/config/nix.nix"], "description": "A list of names of users that have additional rights when\nconnecting to the Nix daemon, such as the ability to specify\nadditional binary caches, or to import unsigned NARs. You\ncan also specify groups by prefixing them with\n`@`; for instance,\n`@wheel` means all users in the wheel\ngroup.\n", "example": {"_type": "literalExpression", "text": "[\n  \"root\"\n  \"alice\"\n  \"@wheel\"\n]"}, "loc": ["nix", "settings", "trusted-users"], "readOnly": false, "type": "list of string"}, "nix.sshServe.enable": {"declarations": ["nixos/modules/services/misc/nix-ssh-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving the Nix store as a remote store via SSH.", "loc": ["nix", "sshServe", "enable"], "readOnly": false, "type": "boolean"}, "nix.sshServe.keys": {"declarations": ["nixos/modules/services/misc/nix-ssh-serve.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of SSH public keys allowed to access the binary cache via SSH.", "example": {"_type": "literalExpression", "text": "[\n  \"ssh-dss AAAAB3NzaC1k... alice@example.org\"\n]"}, "loc": ["nix", "sshServe", "keys"], "readOnly": false, "type": "list of string"}, "nix.sshServe.protocol": {"declarations": ["nixos/modules/services/misc/nix-ssh-serve.nix"], "default": {"_type": "literalExpression", "text": "\"ssh\""}, "description": "The specific Nix-over-SSH protocol to use.", "loc": ["nix", "sshServe", "protocol"], "readOnly": false, "type": "one of \"ssh\", \"ssh-ng\""}, "nix.sshServe.trusted": {"declarations": ["nixos/modules/services/misc/nix-ssh-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add nix-ssh to the nix.settings.trusted-users", "loc": ["nix", "sshServe", "trusted"], "readOnly": false, "type": "boolean"}, "nix.sshServe.write": {"declarations": ["nixos/modules/services/misc/nix-ssh-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable writing to the Nix store as a remote store via SSH. Note: by default, the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}`nix.sshServe.trusted` option in most use cases, such as allowing remote building of derivations to anonymous people based on ssh key", "loc": ["nix", "sshServe", "write"], "readOnly": false, "type": "boolean"}, "nixops.enableDeprecatedAutoLuks": {"declarations": ["nixos/modules/misc/nixops-autoluks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the deprecated NixOps AutoLuks module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["nixops", "enableDeprecatedAutoLuks"], "readOnly": false, "type": "boolean"}, "nixpkgs.flake.setFlakeRegistry": {"declarations": ["nixos/modules/misc/nixpkgs-flake.nix"], "default": {"_type": "literalExpression", "text": "\"config.nixpkgs.flake.source != null\""}, "description": "Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the\nstore path of the sources of nixpkgs used to build the NixOS system.\n\nThis is on by default for NixOS configurations built with flakes.\n\nThis option makes {command}`nix run nixpkgs#hello` reuse dependencies from the system, avoid\nrefetching nixpkgs, and have a consistent result every time.\n\nNote that this option makes the NixOS closure depend on the nixpkgs sources, which may add\nundesired closure size if the system will not have any nix commands run on it.\n", "loc": ["nixpkgs", "flake", "setFlakeRegistry"], "readOnly": false, "type": "boolean"}, "nixpkgs.flake.setNixPath": {"declarations": ["nixos/modules/misc/nixpkgs-flake.nix"], "default": {"_type": "literalExpression", "text": "\"config.nixpkgs.flake.source != null\""}, "description": "Whether to set {env}`NIX_PATH` to include `nixpkgs=flake:nixpkgs` such that `<nixpkgs>`\nlookups receive the version of nixpkgs that the system was built with, in concert with\n{option}`nixpkgs.flake.setFlakeRegistry`.\n\nThis is on by default for NixOS configurations built with flakes.\n\nThis makes {command}`nix-build '<nixpkgs>' -A hello` work out of the box on flake systems.\n\nNote that this option makes the NixOS closure depend on the nixpkgs sources, which may add\nundesired closure size if the system will not have any nix commands run on it.\n", "loc": ["nixpkgs", "flake", "setNixPath"], "readOnly": false, "type": "boolean"}, "nixpkgs.flake.source": {"declarations": ["nixos/modules/misc/nixpkgs-flake.nix"], "default": {"_type": "literalExpression", "text": "\"if (using nixpkgsFlake.lib.nixosSystem) then self.outPath else null\""}, "description": "The path to the nixpkgs sources used to build the system. This is automatically set up to be\nthe store path of the nixpkgs flake used to build the system if using\n`nixpkgs.lib.nixosSystem`, and is otherwise null by default.\n\nThis can also be optionally set if the NixOS system is not built with a flake but still uses\npinned sources: set this to the store path for the nixpkgs sources used to build the system,\nas may be obtained by `fetchTarball`, for example.\n\nNote: the name of the store path must be \"source\" due to\n<https://github.com/NixOS/nix/issues/7075>.\n", "example": {"_type": "literalExpression", "text": "\"fetchTarball { name = \\\"source\\\"; sha256 = \\\"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\\\"; url = \\\"https://github.com/nixos/nixpkgs/archive/somecommit.tar.gz\\\"; }\""}, "loc": ["nixpkgs", "flake", "source"], "readOnly": false, "type": "null or string or absolute path"}, "openstack.zfs.datasets": {"declarations": ["nixos/modules/virtualisation/openstack-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Datasets to create under the `tank` and `boot` zpools.\n\n**NOTE:** This option is used only at image creation time, and\ndoes not attempt to declaratively create or manage datasets\non an existing system.\n", "loc": ["openstack", "zfs", "datasets"], "readOnly": false, "type": "attribute set of (submodule)"}, "openstack.zfs.datasets.<name>.mount": {"declarations": ["nixos/modules/virtualisation/openstack-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Where to mount this dataset.", "loc": ["openstack", "zfs", "datasets", "<name>", "mount"], "readOnly": false, "type": "null or string"}, "openstack.zfs.datasets.<name>.properties": {"declarations": ["nixos/modules/virtualisation/openstack-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Properties to set on this dataset.", "loc": ["openstack", "zfs", "datasets", "<name>", "properties"], "readOnly": false, "type": "attribute set of string"}, "power.ups.enable": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Power Devices, such as Uninterruptible Power\nSupplies, Power Distribution Units and Solar Controllers\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["power", "ups", "enable"], "readOnly": false, "type": "boolean"}, "power.ups.maxStartDelay": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "45"}, "description": "This can be set as a global variable above your first UPS\ndefinition and it can also be set in a UPS section.  This value\ncontrols how long upsdrvctl will wait for the driver to finish\nstarting.  This keeps your system from getting stuck due to a\nbroken driver or UPS.\n", "loc": ["power", "ups", "maxStartDelay"], "readOnly": false, "type": "signed integer"}, "power.ups.mode": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"standalone\""}, "description": "The MODE determines which part of the NUT is to be started, and\nwhich configuration files must be modified.\n\nThe values of MODE can be:\n\n- none: NUT is not configured, or use the Integrated Power\n  Management, or use some external system to startup NUT\n  components. So nothing is to be started.\n\n- standalone: This mode address a local only configuration, with 1\n  UPS protecting the local system. This implies to start the 3 NUT\n  layers (driver, upsd and upsmon) and the matching configuration\n  files. This mode can also address UPS redundancy.\n\n- netserver: same as for the standalone configuration, but also\n  need some more ACLs and possibly a specific LISTEN directive in\n  upsd.conf.  Since this MODE is opened to the network, a special\n  care should be applied to security concerns.\n\n- netclient: this mode only requires upsmon.\n", "loc": ["power", "ups", "mode"], "readOnly": false, "type": "one of \"none\", \"standalone\", \"netserver\", \"netclient\""}, "power.ups.openFirewall": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for `upsd`.\n", "loc": ["power", "ups", "openFirewall"], "readOnly": false, "type": "boolean"}, "power.ups.package": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nut"}, "description": "The nut package to use.", "loc": ["power", "ups", "package"], "readOnly": false, "type": "package"}, "power.ups.schedulerRules": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "description": "File which contains the rules to handle UPS events.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/upssched.conf\""}, "loc": ["power", "ups", "schedulerRules"], "readOnly": false, "type": "string"}, "power.ups.ups": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This is where you configure all the UPSes that this system will be\nmonitoring directly.  These are usually attached to serial ports,\nbut USB devices are also supported.\n", "loc": ["power", "ups", "ups"], "readOnly": false, "type": "attribute set of (submodule)"}, "power.ups.ups.<name>.description": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of the UPS.\n", "loc": ["power", "ups", "ups", "<name>", "description"], "readOnly": false, "type": "string"}, "power.ups.ups.<name>.directives": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of configuration directives for this UPS.\n", "loc": ["power", "ups", "ups", "<name>", "directives"], "readOnly": false, "type": "list of string"}, "power.ups.ups.<name>.driver": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "description": "Specify the program to run to talk to this UPS.  apcsmart,\nbestups, and sec are some examples.\n", "loc": ["power", "ups", "ups", "<name>", "driver"], "readOnly": false, "type": "string"}, "power.ups.ups.<name>.maxStartDelay": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This can be set as a global variable above your first UPS\ndefinition and it can also be set in a UPS section.  This value\ncontrols how long upsdrvctl will wait for the driver to finish\nstarting.  This keeps your system from getting stuck due to a\nbroken driver or UPS.\n", "loc": ["power", "ups", "ups", "<name>", "maxStartDelay"], "readOnly": false, "type": "null or signed integer"}, "power.ups.ups.<name>.port": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "description": "The serial port to which your UPS is connected.  /dev/ttyS0 is\nusually the first port on Linux boxes, for example.\n", "loc": ["power", "ups", "ups", "<name>", "port"], "readOnly": false, "type": "string"}, "power.ups.ups.<name>.shutdownOrder": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "When you have multiple UPSes on your system, you usually need to\nturn them off in a certain order.  upsdrvctl shuts down all the\n0s, then the 1s, 2s, and so on.  To exclude a UPS from the\nshutdown sequence, set this to -1.\n", "loc": ["power", "ups", "ups", "<name>", "shutdownOrder"], "readOnly": false, "type": "signed integer"}, "power.ups.ups.<name>.summary": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Lines which would be added inside ups.conf for handling this UPS.\n", "loc": ["power", "ups", "ups", "<name>", "summary"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "power.ups.upsd": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the `upsd.conf` configuration file.\n", "loc": ["power", "ups", "upsd"], "readOnly": false, "type": "submodule"}, "power.ups.upsd.enable": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalMD", "text": "`true` if `mode` is one of `standalone`, `netserver`"}, "description": "Whether to enable `upsd`.", "loc": ["power", "ups", "upsd", "enable"], "readOnly": false, "type": "boolean"}, "power.ups.upsd.extraConfig": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines to add to `upsd.conf`.\n", "loc": ["power", "ups", "upsd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "power.ups.upsd.listen": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Address of the interface for `upsd` to listen on.\nSee `man upsd` for details`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    address = \"192.168.50.1\";\n  }\n  {\n    address = \"::1\";\n    port = 5923;\n  }\n]"}, "loc": ["power", "ups", "upsd", "listen"], "readOnly": false, "type": "list of (submodule)"}, "power.ups.upsd.listen.*.address": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "description": "Address of the interface for `upsd` to listen on.\nSee `man upsd.conf` for details.\n", "loc": ["power", "ups", "upsd", "listen", "*", "address"], "readOnly": false, "type": "string"}, "power.ups.upsd.listen.*.port": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "3493"}, "description": "TCP port for `upsd` to listen on.\nSee `man upsd.conf` for details.\n", "loc": ["power", "ups", "upsd", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "power.ups.upsmon": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the `upsmon.conf` configuration file.\n", "loc": ["power", "ups", "upsmon"], "readOnly": false, "type": "submodule"}, "power.ups.upsmon.enable": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalMD", "text": "`true` if `mode` is one of `standalone`, `netserver`, `netclient`"}, "description": "Whether to enable `upsmon`.", "loc": ["power", "ups", "upsmon", "enable"], "readOnly": false, "type": "boolean"}, "power.ups.upsmon.group": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"nutmon\""}, "description": "Group for the default `nutmon` user. If the default user is created\nand this is not specified, a default group will be created.\n", "loc": ["power", "ups", "upsmon", "group"], "readOnly": false, "type": "string"}, "power.ups.upsmon.monitor": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of UPS to monitor. See `man upsmon.conf` for details.\n", "loc": ["power", "ups", "upsmon", "monitor"], "readOnly": false, "type": "attribute set of (submodule)"}, "power.ups.upsmon.monitor.<name>.passwordFile": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalMD", "text": "power.ups.users.${user}.passwordFile"}, "description": "The full path to a file containing the password from\n`upsd.users` for accessing this UPS. The password file\nis read on service start.\nSee `upsmon.conf` for details.\n", "loc": ["power", "ups", "upsmon", "monitor", "<name>", "passwordFile"], "readOnly": false, "type": "string"}, "power.ups.upsmon.monitor.<name>.powerValue": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of power supplies that the UPS feeds on this system.\nSee `upsmon.conf` for details.\n", "loc": ["power", "ups", "upsmon", "monitor", "<name>", "powerValue"], "readOnly": false, "type": "signed integer"}, "power.ups.upsmon.monitor.<name>.system": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Identifier of the UPS to monitor, in this form: `<upsname>[@<hostname>[:<port>]]`\nSee `upsmon.conf` for details.\n", "loc": ["power", "ups", "upsmon", "monitor", "<name>", "system"], "readOnly": false, "type": "string"}, "power.ups.upsmon.monitor.<name>.type": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"master\""}, "description": "The relationship with `upsd`.\nSee `upsmon.conf` for details.\n", "loc": ["power", "ups", "upsmon", "monitor", "<name>", "type"], "readOnly": false, "type": "string"}, "power.ups.upsmon.monitor.<name>.user": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "description": "Username from `upsd.users` for accessing this UPS.\nSee `upsmon.conf` for details.\n", "loc": ["power", "ups", "upsmon", "monitor", "<name>", "user"], "readOnly": false, "type": "string"}, "power.ups.upsmon.settings": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalMD", "text": "{\n  MINSUPPLIES = 1;\n  MONITOR = <generated from config.power.ups.upsmon.monitor>\n  NOTIFYCMD = \"${cfg.package}/bin/upssched\";\n  POWERDOWNFLAG = \"/run/killpower\";\n  SHUTDOWNCMD = \"${pkgs.systemd}/bin/shutdown now\";\n}\n"}, "description": "Additional settings to add to `upsmon.conf`.", "example": {"_type": "literalMD", "text": "{\n  MINSUPPLIES = 2;\n  NOTIFYFLAG = [\n    [ \"ONLINE\" \"SYSLOG+EXEC\" ]\n    [ \"ONBATT\" \"SYSLOG+EXEC\" ]\n  ];\n}\n"}, "loc": ["power", "ups", "upsmon", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string) or list of non-empty (list of (atom (null, bool, int, float or string))))"}, "power.ups.upsmon.user": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "\"nutmon\""}, "description": "User to run `upsmon` as. `upsmon.conf` will have its owner set to this\nuser. If not specified, a default user will be created.\n", "loc": ["power", "ups", "upsmon", "user"], "readOnly": false, "type": "string"}, "power.ups.users": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Users that can access upsd. See `man upsd.users`.\n", "loc": ["power", "ups", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "power.ups.users.<name>.actions": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow the user to do certain things with upsd.\nSee `man upsd.users` for details.\n", "loc": ["power", "ups", "users", "<name>", "actions"], "readOnly": false, "type": "list of string"}, "power.ups.users.<name>.instcmds": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Let the user initiate specific instant commands. Use \"ALL\" to grant all commands automatically. For the full list of what your UPS supports, use \"upscmd -l\".\nSee `man upsd.users` for details.\n", "loc": ["power", "ups", "users", "<name>", "instcmds"], "readOnly": false, "type": "list of string"}, "power.ups.users.<name>.passwordFile": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "description": "The full path to a file that contains the user's (clear text)\npassword. The password file is read on service start.\n", "loc": ["power", "ups", "users", "<name>", "passwordFile"], "readOnly": false, "type": "string"}, "power.ups.users.<name>.upsmon": {"declarations": ["nixos/modules/services/monitoring/ups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Add the necessary actions for a upsmon process to work.\nSee `man upsd.users` for details.\n", "loc": ["power", "ups", "users", "<name>", "upsmon"], "readOnly": false, "type": "null or one of \"primary\", \"secondary\""}, "powerManagement.cpuFreqGovernor": {"declarations": ["nixos/modules/tasks/cpu-freq.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure the governor used to regulate the frequency of the\navailable CPUs. By default, the kernel configures the\nperformance governor, although this may be overwritten in your\nhardware-configuration.nix file.\n\nOften used values: \"ondemand\", \"powersave\", \"performance\"\n", "example": {"_type": "literalExpression", "text": "\"ondemand\""}, "loc": ["powerManagement", "cpuFreqGovernor"], "readOnly": false, "type": "null or string"}, "powerManagement.cpufreq.max": {"declarations": ["nixos/modules/tasks/cpu-freq.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum frequency the CPU will use.  Defaults to the maximum possible.\n", "example": {"_type": "literalExpression", "text": "2200000"}, "loc": ["powerManagement", "cpufreq", "max"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "powerManagement.cpufreq.min": {"declarations": ["nixos/modules/tasks/cpu-freq.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The minimum frequency the CPU will use.\n", "example": {"_type": "literalExpression", "text": "800000"}, "loc": ["powerManagement", "cpufreq", "min"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "powerManagement.enable": {"declarations": ["nixos/modules/config/power-management.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable power management.  This includes support\nfor suspend-to-RAM and powersave features on laptops.\n", "loc": ["powerManagement", "enable"], "readOnly": false, "type": "boolean"}, "powerManagement.powerDownCommands": {"declarations": ["nixos/modules/config/power-management.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands executed when the machine powers down.  That is,\nthey're executed both when the system shuts down and when\nit goes to suspend or hibernation.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda\"\n"}, "loc": ["powerManagement", "powerDownCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "powerManagement.powerUpCommands": {"declarations": ["nixos/modules/config/power-management.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands executed when the machine powers up.  That is,\nthey're executed both when the system first boots and when\nit resumes from suspend or hibernation.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda\"\n"}, "loc": ["powerManagement", "powerUpCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "powerManagement.powertop.enable": {"declarations": ["nixos/modules/tasks/powertop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable powertop auto tuning on startup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["powerManagement", "powertop", "enable"], "readOnly": false, "type": "boolean"}, "powerManagement.powertop.postStart": {"declarations": ["nixos/modules/tasks/powertop.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed after `powertop` is started.\n\nThis can be used to workaround problematic configurations. For example,\nyou can retrigger an `udev` rule to disable power saving on unsupported\nUSB devices:\n```\nservices.udev.extraRules = '''\n  # disable USB auto suspend for Logitech, Inc. G PRO Gaming Mouse\n  ACTION==\"bind\", SUBSYSTEM==\"usb\", ATTR{idVendor}==\"046d\", ATTR{idProduct}==\"c08c\", TEST==\"power/control\", ATTR{power/control}=\"on\"\n''';\n```\n", "example": {"_type": "literalExpression", "text": "''\n  ''${lib.getExe' config.systemd.package \"udevadm\"} trigger -c bind -s usb -a idVendor=046d -a idProduct=c08c\n''"}, "loc": ["powerManagement", "powertop", "postStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "powerManagement.powertop.preStart": {"declarations": ["nixos/modules/tasks/powertop.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed before `powertop` is started.\n", "loc": ["powerManagement", "powertop", "preStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "powerManagement.resumeCommands": {"declarations": ["nixos/modules/config/power-management.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands executed after the system resumes from suspend-to-RAM.", "loc": ["powerManagement", "resumeCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "powerManagement.scsiLinkPolicy": {"declarations": ["nixos/modules/tasks/scsi-link-power-management.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SCSI link power management policy. The kernel default is\n\"max_performance\".\n\n\"med_power_with_dipm\" is supported by kernel versions\n4.15 and newer.\n", "loc": ["powerManagement", "scsiLinkPolicy"], "readOnly": false, "type": "null or one of \"min_power\", \"max_performance\", \"medium_power\", \"med_power_with_dipm\""}, "programs._1password-gui.enable": {"declarations": ["nixos/modules/programs/_1password-gui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the 1Password GUI application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "_1password-gui", "enable"], "readOnly": false, "type": "boolean"}, "programs._1password-gui.package": {"declarations": ["nixos/modules/programs/_1password-gui.nix"], "default": {"_type": "literalExpression", "text": "pkgs._1password-gui"}, "description": "The 1Password GUI package to use.", "loc": ["programs", "_1password-gui", "package"], "readOnly": false, "type": "package"}, "programs._1password-gui.polkitPolicyOwners": {"declarations": ["nixos/modules/programs/_1password-gui.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.\n", "example": {"_type": "literalExpression", "text": "[\"user1\" \"user2\" \"user3\"]"}, "loc": ["programs", "_1password-gui", "polkitPolicyOwners"], "readOnly": false, "type": "list of string"}, "programs._1password.enable": {"declarations": ["nixos/modules/programs/_1password.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the 1Password CLI tool.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "_1password", "enable"], "readOnly": false, "type": "boolean"}, "programs._1password.package": {"declarations": ["nixos/modules/programs/_1password.nix"], "default": {"_type": "literalExpression", "text": "pkgs._1password-cli"}, "description": "The 1Password CLI package to use.", "loc": ["programs", "_1password", "package"], "readOnly": false, "type": "package"}, "programs.alvr.enable": {"declarations": ["nixos/modules/programs/alvr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ALVR, the VR desktop streamer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "alvr", "enable"], "readOnly": false, "type": "boolean"}, "programs.alvr.openFirewall": {"declarations": ["nixos/modules/programs/alvr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the default ports in the firewall for the ALVR server.\n", "loc": ["programs", "alvr", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.alvr.package": {"declarations": ["nixos/modules/programs/alvr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.alvr"}, "description": "The alvr package to use.", "loc": ["programs", "alvr", "package"], "readOnly": false, "type": "package"}, "programs.amnezia-vpn.enable": {"declarations": ["nixos/modules/programs/amnezia-vpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable The AmneziaVPN client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "amnezia-vpn", "enable"], "readOnly": false, "type": "boolean"}, "programs.amnezia-vpn.package": {"declarations": ["nixos/modules/programs/amnezia-vpn.nix"], "default": {"_type": "literalExpression", "text": "pkgs.amnezia-vpn"}, "description": "The amnezia-vpn package to use.", "loc": ["programs", "amnezia-vpn", "package"], "readOnly": false, "type": "package"}, "programs.appgate-sdp.enable": {"declarations": ["nixos/modules/programs/appgate-sdp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the AppGate SDP VPN client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "appgate-sdp", "enable"], "readOnly": false, "type": "boolean"}, "programs.appimage.binfmt": {"declarations": ["nixos/modules/programs/appimage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable binfmt registration to run appimages via appimage-run seamlessly.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "appimage", "binfmt"], "readOnly": false, "type": "boolean"}, "programs.appimage.enable": {"declarations": ["nixos/modules/programs/appimage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable appimage-run wrapper script for executing appimages on NixOS.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "appimage", "enable"], "readOnly": false, "type": "boolean"}, "programs.appimage.package": {"declarations": ["nixos/modules/programs/appimage.nix"], "default": {"_type": "literalExpression", "text": "pkgs.appimage-run"}, "description": "The appimage-run package to use.", "example": {"_type": "literalExpression", "text": "pkgs.appimage-run.override {\n  extraPkgs = pkgs: [ pkgs.ffmpeg pkgs.imagemagick ];\n}\n"}, "loc": ["programs", "appimage", "package"], "readOnly": false, "type": "package"}, "programs.arp-scan.enable": {"declarations": ["nixos/modules/programs/arp-scan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure a setcap wrapper for arp-scan.\n", "loc": ["programs", "arp-scan", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.atopRotateTimer.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the atop-rotate timer, which restarts the atop service\ndaily to make sure the data files are rotate.\n", "loc": ["programs", "atop", "atopRotateTimer", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.atopService.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the atop service responsible for storing statistics for\nlong-term analysis.\n", "loc": ["programs", "atop", "atopService", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.atopacctService.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the atopacct service which manages process accounting.\nThis allows Atop to gather data about processes that disappeared in between\ntwo refresh intervals.\n", "loc": ["programs", "atop", "atopacctService", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.atopgpu.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install and enable the atopgpud daemon to get information about\nNVIDIA gpus.\n", "loc": ["programs", "atop", "atopgpu", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Atop, a tool for monitoring system resources.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "atop", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.netatop.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install and enable the netatop kernel module.\nNote: this sets the kernel taint flag \"O\" for loading out-of-tree modules.\n", "loc": ["programs", "atop", "netatop", "enable"], "readOnly": false, "type": "boolean"}, "programs.atop.netatop.package": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "config.boot.kernelPackages.netatop"}, "description": "Which package to use for netatop.\n", "loc": ["programs", "atop", "netatop", "package"], "readOnly": false, "type": "package"}, "programs.atop.package": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "pkgs.atop"}, "description": "The atop package to use.", "loc": ["programs", "atop", "package"], "readOnly": false, "type": "package"}, "programs.atop.settings": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameters to be written to {file}`/etc/atoprc`.\n", "example": {"_type": "literalExpression", "text": "{\n  flags = \"a1f\";\n  interval = 5;\n}"}, "loc": ["programs", "atop", "settings"], "readOnly": false, "type": "attribute set"}, "programs.atop.setuidWrapper.enable": {"declarations": ["nixos/modules/programs/atop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install a setuid wrapper for Atop. This is required to use some of\nthe features as non-root user (e.g.: ipc information, netatop, atopgpu).\nAtop tries to drop the root privileges shortly after starting.\n", "loc": ["programs", "atop", "setuidWrapper", "enable"], "readOnly": false, "type": "boolean"}, "programs.ausweisapp.enable": {"declarations": ["nixos/modules/programs/ausweisapp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable AusweisApp.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ausweisapp", "enable"], "readOnly": false, "type": "boolean"}, "programs.ausweisapp.openFirewall": {"declarations": ["nixos/modules/programs/ausweisapp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp.\n", "loc": ["programs", "ausweisapp", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.autoenv.enable": {"declarations": ["nixos/modules/programs/autoenv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable autoenv.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "autoenv", "enable"], "readOnly": false, "type": "boolean"}, "programs.autoenv.package": {"declarations": ["nixos/modules/programs/autoenv.nix"], "default": {"_type": "literalExpression", "text": "pkgs.autoenv"}, "description": "The autoenv package to use.", "loc": ["programs", "autoenv", "package"], "readOnly": false, "type": "package"}, "programs.autojump.enable": {"declarations": ["nixos/modules/programs/autojump.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable autojump.\n", "loc": ["programs", "autojump", "enable"], "readOnly": false, "type": "boolean"}, "programs.bandwhich.enable": {"declarations": ["nixos/modules/programs/bandwhich.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add bandwhich to the global environment and configure a\nsetcap wrapper for it.\n", "loc": ["programs", "bandwhich", "enable"], "readOnly": false, "type": "boolean"}, "programs.bash-my-aws.enable": {"declarations": ["nixos/modules/programs/bash-my-aws.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bash-my-aws.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bash-my-aws", "enable"], "readOnly": false, "type": "boolean"}, "programs.bash.blesh.enable": {"declarations": ["nixos/modules/programs/bash/blesh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable blesh, a full-featured line editor written in pure Bash.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bash", "blesh", "enable"], "readOnly": false, "type": "boolean"}, "programs.bash.completion.enable": {"declarations": ["nixos/modules/programs/bash/bash-completion.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Bash completion for all interactive bash shells.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bash", "completion", "enable"], "readOnly": false, "type": "boolean"}, "programs.bash.completion.package": {"declarations": ["nixos/modules/programs/bash/bash-completion.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bash-completion"}, "description": "The bash-completion package to use.", "loc": ["programs", "bash", "completion", "package"], "readOnly": false, "type": "package"}, "programs.bash.enable": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whenever to configure Bash as an interactive shell.\nNote that this tries to make Bash the default\n{option}`users.defaultUserShell`,\nwhich in turn means that you might need to explicitly\nset this variable if you have another shell configured\nwith NixOS.\n", "loc": ["programs", "bash", "enable"], "readOnly": false, "type": "boolean"}, "programs.bash.enableLsColors": {"declarations": ["nixos/modules/programs/bash/ls-colors.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable extra colors in directory listings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bash", "enableLsColors"], "readOnly": false, "type": "boolean"}, "programs.bash.interactiveShellInit": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during interactive bash shell initialisation.\n", "loc": ["programs", "bash", "interactiveShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.bash.loginShellInit": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during login bash shell initialisation.\n", "loc": ["programs", "bash", "loginShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.bash.logout": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "''\n  printf '\\e]0;\\a'\n''"}, "description": "Shell script code called during login bash shell logout.\n", "loc": ["programs", "bash", "logout"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.bash.lsColorsFile": {"declarations": ["nixos/modules/programs/bash/ls-colors.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alternative colorscheme for ls colors", "example": {"_type": "literalExpression", "text": "${pkgs.dircolors-solarized}/ansi-dark"}, "loc": ["programs", "bash", "lsColorsFile"], "readOnly": false, "type": "null or absolute path"}, "programs.bash.promptInit": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "''\n  # Provide a nice prompt if the terminal supports it.\n  if [ \"$TERM\" != \"dumb\" ] || [ -n \"$INSIDE_EMACS\" ]; then\n    PROMPT_COLOR=\"1;31m\"\n    ((UID)) && PROMPT_COLOR=\"1;32m\"\n    if [ -n \"$INSIDE_EMACS\" ]; then\n      # Emacs term mode doesn't support xterm title escape sequence (\\e]0;)\n      PS1=\"\\n\\[\\033[$PROMPT_COLOR\\][\\u@\\h:\\w]\\\\$\\[\\033[0m\\] \"\n    else\n      PS1=\"\\n\\[\\033[$PROMPT_COLOR\\][\\[\\e]0;\\u@\\h: \\w\\a\\]\\u@\\h:\\w]\\\\$\\[\\033[0m\\] \"\n    fi\n    if test \"$TERM\" = \"xterm\"; then\n      PS1=\"\\[\\033]2;\\h:\\u:\\w\\007\\]$PS1\"\n    fi\n  fi\n''"}, "description": "Shell script code used to initialise the bash prompt.\n", "loc": ["programs", "bash", "promptInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.bash.shellAliases": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of aliases for bash shell, which overrides {option}`environment.shellAliases`.\nSee {option}`environment.shellAliases` for an option format description.\n", "loc": ["programs", "bash", "shellAliases"], "readOnly": false, "type": "attribute set of (null or string or absolute path)"}, "programs.bash.shellInit": {"declarations": ["nixos/modules/programs/bash/bash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during bash shell initialisation.\n", "loc": ["programs", "bash", "shellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.bash.undistractMe.enable": {"declarations": ["nixos/modules/programs/bash/undistract-me.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable notifications when long-running terminal commands complete.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bash", "undistractMe", "enable"], "readOnly": false, "type": "boolean"}, "programs.bash.undistractMe.playSound": {"declarations": ["nixos/modules/programs/bash/undistract-me.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable notification sounds when long-running terminal commands complete.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bash", "undistractMe", "playSound"], "readOnly": false, "type": "boolean"}, "programs.bash.undistractMe.timeout": {"declarations": ["nixos/modules/programs/bash/undistract-me.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Number of seconds it would take for a command to be considered long-running.\n", "loc": ["programs", "bash", "undistractMe", "timeout"], "readOnly": false, "type": "signed integer"}, "programs.bash.vteIntegration": {"declarations": ["nixos/modules/config/vte.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bash integration for VTE terminals.\nThis allows it to preserve the current directory of the shell\nacross terminals.\n", "loc": ["programs", "bash", "vteIntegration"], "readOnly": false, "type": "boolean"}, "programs.bat.enable": {"declarations": ["nixos/modules/programs/bat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable `bat`, a {manpage}`cat(1)` clone with wings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bat", "enable"], "readOnly": false, "type": "boolean"}, "programs.bat.extraPackages": {"declarations": ["nixos/modules/programs/bat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra `bat` scripts to be added to the system configuration.\n", "example": {"_type": "literalExpression", "text": "with pkgs.bat-extras; [\n  batdiff\n  batman\n  prettybat\n];\n"}, "loc": ["programs", "bat", "extraPackages"], "readOnly": false, "type": "list of package"}, "programs.bat.package": {"declarations": ["nixos/modules/programs/bat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bat"}, "description": "The bat package to use.", "loc": ["programs", "bat", "package"], "readOnly": false, "type": "package"}, "programs.bat.settings": {"declarations": ["nixos/modules/programs/bat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameters to be written to the system-wide `bat` configuration file.\n", "example": {"_type": "literalExpression", "text": "{\n  italic-text = \"always\";\n  map-syntax = [\n    \"*.ino:C++\"\n    \".ignore:Git Ignore\"\n  ];\n  pager = \"less --RAW-CONTROL-CHARS --quit-if-one-screen --mouse\";\n  paging = \"never\";\n  theme = \"TwoDark\";\n}"}, "loc": ["programs", "bat", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "programs.bazecor.enable": {"declarations": ["nixos/modules/programs/bazecor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bazecor, the graphical configurator for Dygma Products.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bazecor", "enable"], "readOnly": false, "type": "boolean"}, "programs.bazecor.package": {"declarations": ["nixos/modules/programs/bazecor.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bazecor"}, "description": "The bazecor package to use.", "loc": ["programs", "bazecor", "package"], "readOnly": false, "type": "package"}, "programs.bcc.enable": {"declarations": ["nixos/modules/programs/bcc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bcc, tools for BPF-based Linux IO analysis, networking, monitoring, and more.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "bcc", "enable"], "readOnly": false, "type": "boolean"}, "programs.benchexec.enable": {"declarations": ["nixos/modules/programs/benchexec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BenchExec.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "benchexec", "enable"], "readOnly": false, "type": "boolean"}, "programs.benchexec.package": {"declarations": ["nixos/modules/programs/benchexec.nix"], "default": {"_type": "literalExpression", "text": "pkgs.benchexec"}, "description": "The benchexec package to use.", "loc": ["programs", "benchexec", "package"], "readOnly": false, "type": "package"}, "programs.benchexec.users": {"declarations": ["nixos/modules/programs/benchexec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Users that intend to use BenchExec.\nProvide usernames of users that are configured via {option}`users.users` as string,\nand UIDs of \"mutable users\" as integers.\nControl group delegation will be configured via systemd.\nFor more information, see <https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#setting-up-cgroups>.\n", "example": {"_type": "literalExpression", "text": "[\n  \"alice\" # username of a user configured via users.users\n  1007    # UID of a mutable user\n]\n"}, "loc": ["programs", "benchexec", "users"], "readOnly": false, "type": "list of (string or signed integer)"}, "programs.browserpass.enable": {"declarations": ["nixos/modules/programs/browserpass.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Browserpass native messaging host.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "browserpass", "enable"], "readOnly": false, "type": "boolean"}, "programs.calls.enable": {"declarations": ["nixos/modules/programs/calls.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME calls: a phone dialer and call handler\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "calls", "enable"], "readOnly": false, "type": "boolean"}, "programs.captive-browser.bindInterface": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Binds `captive-browser` to the network interface declared in\n`cfg.interface`. This can be used to avoid collisions\nwith private subnets.\n", "loc": ["programs", "captive-browser", "bindInterface"], "readOnly": false, "type": "boolean"}, "programs.captive-browser.browser": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "default": {"_type": "literalExpression", "text": "env XDG_CONFIG_HOME=\"$PREV_CONFIG_HOME\" ${pkgs.chromium}/bin/chromium --user-data-dir=${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server=\"socks5://$PROXY\" --host-resolver-rules=\"MAP * ~NOTFOUND , EXCLUDE localhost\" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/"}, "description": "The shell (/bin/sh) command executed once the proxy starts.\nWhen browser exits, the proxy exits. An extra env var PROXY is available.\n\nHere, we use a separate Chrome instance in Incognito mode, so that\nit can run (and be waited for) alongside the default one, and that\nit maintains no state across runs. To configure this browser open a\nnormal window in it, settings will be preserved.\n\n@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website.\n        upstream uses http://example.com but I have seen captive portals whose DNS server resolves \"example.com\" to 127.0.0.1\n", "loc": ["programs", "captive-browser", "browser"], "readOnly": false, "type": "string"}, "programs.captive-browser.dhcp-dns": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "description": "The shell (/bin/sh) command executed to obtain the DHCP\nDNS server address. The first match of an IPv4 regex is used.\nIPv4 only, because let's be real, it's a captive portal.\n", "loc": ["programs", "captive-browser", "dhcp-dns"], "readOnly": false, "type": "string"}, "programs.captive-browser.enable": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "captive-browser", "enable"], "readOnly": false, "type": "boolean"}, "programs.captive-browser.interface": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "description": "your public network interface (wlp3s0, wlan0, eth0, ...)", "loc": ["programs", "captive-browser", "interface"], "readOnly": false, "type": "string"}, "programs.captive-browser.package": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "default": {"_type": "literalExpression", "text": "pkgs.captive-browser"}, "description": "The captive-browser package to use.", "loc": ["programs", "captive-browser", "package"], "readOnly": false, "type": "package"}, "programs.captive-browser.socks5-addr": {"declarations": ["nixos/modules/programs/captive-browser.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:1666\""}, "description": "the listen address for the SOCKS5 proxy server", "loc": ["programs", "captive-browser", "socks5-addr"], "readOnly": false, "type": "string"}, "programs.ccache.cacheDir": {"declarations": ["nixos/modules/programs/ccache.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/ccache\""}, "description": "CCache directory", "loc": ["programs", "ccache", "cacheDir"], "readOnly": false, "type": "absolute path"}, "programs.ccache.enable": {"declarations": ["nixos/modules/programs/ccache.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CCache, a compiler cache for fast recompilation of C/C++ code.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ccache", "enable"], "readOnly": false, "type": "boolean"}, "programs.ccache.group": {"declarations": ["nixos/modules/programs/ccache.nix"], "default": {"_type": "literalExpression", "text": "\"nixbld\""}, "description": "Group owner of CCache directory", "loc": ["programs", "ccache", "group"], "readOnly": false, "type": "string"}, "programs.ccache.owner": {"declarations": ["nixos/modules/programs/ccache.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Owner of CCache directory", "loc": ["programs", "ccache", "owner"], "readOnly": false, "type": "string"}, "programs.ccache.packageNames": {"declarations": ["nixos/modules/programs/ccache.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Nix top-level packages to be compiled using CCache", "example": {"_type": "literalExpression", "text": "[\n  \"wxGTK32\"\n  \"ffmpeg\"\n  \"libav_all\"\n]"}, "loc": ["programs", "ccache", "packageNames"], "readOnly": false, "type": "list of string"}, "programs.ccache.trace": {"declarations": ["nixos/modules/programs/ccache.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Trace ccache usage to see which derivations use ccache", "loc": ["programs", "ccache", "trace"], "readOnly": false, "type": "boolean"}, "programs.cdemu.enable": {"declarations": ["nixos/modules/programs/cdemu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "{command}`cdemu` for members of\n{option}`programs.cdemu.group`.\n", "loc": ["programs", "cdemu", "enable"], "readOnly": false, "type": "boolean"}, "programs.cdemu.group": {"declarations": ["nixos/modules/programs/cdemu.nix"], "default": {"_type": "literalExpression", "text": "\"cdrom\""}, "description": "Group that users must be in to use {command}`cdemu`.\n", "loc": ["programs", "cdemu", "group"], "readOnly": false, "type": "string"}, "programs.cdemu.gui": {"declarations": ["nixos/modules/programs/cdemu.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install the {command}`cdemu` GUI (gCDEmu).\n", "loc": ["programs", "cdemu", "gui"], "readOnly": false, "type": "boolean"}, "programs.cdemu.image-analyzer": {"declarations": ["nixos/modules/programs/cdemu.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install the image analyzer.\n", "loc": ["programs", "cdemu", "image-analyzer"], "readOnly": false, "type": "boolean"}, "programs.cfs-zen-tweaks.enable": {"declarations": ["nixos/modules/programs/cfs-zen-tweaks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CFS Zen Tweaks.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "cfs-zen-tweaks", "enable"], "readOnly": false, "type": "boolean"}, "programs.chromium.defaultSearchProviderEnabled": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable the default search provider.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "chromium", "defaultSearchProviderEnabled"], "readOnly": false, "type": "null or boolean"}, "programs.chromium.defaultSearchProviderSearchURL": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Chromium default search provider url.", "example": {"_type": "literalExpression", "text": "\"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}\""}, "loc": ["programs", "chromium", "defaultSearchProviderSearchURL"], "readOnly": false, "type": "null or string"}, "programs.chromium.defaultSearchProviderSuggestURL": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Chromium default search provider url for suggestions.", "example": {"_type": "literalExpression", "text": "\"https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}\""}, "loc": ["programs", "chromium", "defaultSearchProviderSuggestURL"], "readOnly": false, "type": "null or string"}, "programs.chromium.enable": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable policies for chromium based browsers like Chromium, Google Chrome or Brave.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "chromium", "enable"], "readOnly": false, "type": "boolean"}, "programs.chromium.enablePlasmaBrowserIntegration": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Native Messaging Host for Plasma Browser Integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "chromium", "enablePlasmaBrowserIntegration"], "readOnly": false, "type": "boolean"}, "programs.chromium.extensions": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of chromium extensions to install.\nFor list of plugins ids see id in url of extensions on\n[chrome web store](https://chrome.google.com/webstore/category/extensions)\npage. To install a chromium extension not included in the chrome web\nstore, append to the extension id a semicolon \";\" followed by a URL\npointing to an Update Manifest XML file. See\n[ExtensionInstallForcelist](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist)\nfor additional details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"chlffgpmiacpedhhbkiomidkjlcfhogd\" # pushbullet\n  \"mbniclmhobmnbdlbpiphghaielnnpgdp\" # lightshot\n  \"gcbommkclmclpchllfjekcdonpmejbdp\" # https everywhere\n  \"cjpalhdlnbpafiamejdnhcphjbkeiagm\" # ublock origin\n]\n"}, "loc": ["programs", "chromium", "extensions"], "readOnly": false, "type": "null or (list of string)"}, "programs.chromium.extraOpts": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra chromium policy options. A list of available policies\ncan be found in the Chrome Enterprise documentation:\n<https://cloud.google.com/docs/chrome-enterprise/policies/>\nMake sure the selected policy is supported on Linux and your browser version.\n", "example": {"_type": "literalExpression", "text": "{\n  \"BrowserSignin\" = 0;\n  \"SyncDisabled\" = true;\n  \"PasswordManagerEnabled\" = false;\n  \"SpellcheckEnabled\" = true;\n  \"SpellcheckLanguage\" = [\n    \"de\"\n    \"en-US\"\n  ];\n}\n"}, "loc": ["programs", "chromium", "extraOpts"], "readOnly": false, "type": "attribute set"}, "programs.chromium.homepageLocation": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Chromium default homepage", "example": {"_type": "literalExpression", "text": "\"https://nixos.org\""}, "loc": ["programs", "chromium", "homepageLocation"], "readOnly": false, "type": "null or string"}, "programs.chromium.initialPrefs": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Initial preferences are used to configure the browser for the first run.\nUnlike {option}`programs.chromium.extraOpts`, initialPrefs can be changed by users in the browser settings.\nMore information can be found in the Chromium documentation:\n<https://www.chromium.org/administrators/configuring-other-preferences/>\n", "example": {"_type": "literalExpression", "text": "{\n  \"first_run_tabs\" = [\n    \"https://nixos.org/\"\n  ];\n}\n"}, "loc": ["programs", "chromium", "initialPrefs"], "readOnly": false, "type": "attribute set"}, "programs.chromium.plasmaBrowserIntegrationPackage": {"declarations": ["nixos/modules/programs/chromium.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.plasma-browser-integration"}, "description": "The plasma-browser-integration package to use.", "loc": ["programs", "chromium", "plasmaBrowserIntegrationPackage"], "readOnly": false, "type": "package"}, "programs.chrysalis.enable": {"declarations": ["nixos/modules/programs/chrysalis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Chrysalis.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "chrysalis", "enable"], "readOnly": false, "type": "boolean"}, "programs.chrysalis.package": {"declarations": ["nixos/modules/programs/chrysalis.nix"], "default": {"_type": "literalExpression", "text": "pkgs.chrysalis"}, "description": "The Chrysalis package to use.", "loc": ["programs", "chrysalis", "package"], "readOnly": false, "type": "package"}, "programs.clash-verge.autoStart": {"declarations": ["nixos/modules/programs/clash-verge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Clash Verge auto launch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "clash-verge", "autoStart"], "readOnly": false, "type": "boolean"}, "programs.clash-verge.enable": {"declarations": ["nixos/modules/programs/clash-verge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Clash Verge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "clash-verge", "enable"], "readOnly": false, "type": "boolean"}, "programs.clash-verge.package": {"declarations": ["nixos/modules/programs/clash-verge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clash-verge-rev"}, "description": "The clash-verge package to use. Available options are\nclash-verge-rev and clash-nyanpasu, both are forks of\nthe original clash-verge project.\n", "loc": ["programs", "clash-verge", "package"], "readOnly": false, "type": "package"}, "programs.clash-verge.serviceMode": {"declarations": ["nixos/modules/programs/clash-verge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Service Mode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "clash-verge", "serviceMode"], "readOnly": false, "type": "boolean"}, "programs.clash-verge.tunMode": {"declarations": ["nixos/modules/programs/clash-verge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Setcap for TUN Mode. DNS settings won't work on this way.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "clash-verge", "tunMode"], "readOnly": false, "type": "boolean"}, "programs.cnping.enable": {"declarations": ["nixos/modules/programs/cnping.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a setcap wrapper for cnping.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "cnping", "enable"], "readOnly": false, "type": "boolean"}, "programs.command-not-found.dbPath": {"declarations": ["nixos/modules/programs/command-not-found/command-not-found.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite\""}, "description": "Absolute path to programs.sqlite.\n\nBy default this file will be provided by your channel\n(nixexprs.tar.xz).\n", "loc": ["programs", "command-not-found", "dbPath"], "readOnly": false, "type": "absolute path"}, "programs.command-not-found.enable": {"declarations": ["nixos/modules/programs/command-not-found/command-not-found.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether interactive shells should show which Nix package (if\nany) provides a missing command.\n\nRequires nix-channels to be set and downloaded (sudo nix-channel --update.)\n\nSee also nix-index and nix-index-database as an alternative for flakes-based systems.\n\nAdditionally, having the env var NIX_AUTO_RUN set will automatically run the matching package, and with NIX_AUTO_RUN_INTERACTIVE it will confirm the package before running.\n", "loc": ["programs", "command-not-found", "enable"], "readOnly": false, "type": "boolean"}, "programs.coolercontrol.enable": {"declarations": ["nixos/modules/programs/coolercontrol.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CoolerControl GUI & its background services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "coolercontrol", "enable"], "readOnly": false, "type": "boolean"}, "programs.corectrl.enable": {"declarations": ["nixos/modules/hardware/corectrl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors.\nAdd your user to the corectrl group to run corectrl without needing to enter your password\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "corectrl", "enable"], "readOnly": false, "type": "boolean"}, "programs.corectrl.package": {"declarations": ["nixos/modules/hardware/corectrl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.corectrl"}, "description": "The corectrl package to use. Useful for overriding the configuration options used for the package.", "loc": ["programs", "corectrl", "package"], "readOnly": false, "type": "package"}, "programs.corefreq.enable": {"declarations": ["nixos/modules/programs/corefreq.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether to enable the corefreq daemon and kernel module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "corefreq", "enable"], "readOnly": false, "type": "boolean"}, "programs.corefreq.package": {"declarations": ["nixos/modules/programs/corefreq.nix"], "default": {"_type": "literalExpression", "text": "config.boot.kernelPackages.corefreq"}, "description": "The corefreq package to use.\n", "loc": ["programs", "corefreq", "package"], "readOnly": false, "type": "package"}, "programs.cpu-energy-meter.enable": {"declarations": ["nixos/modules/programs/cpu-energy-meter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CPU Energy Meter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "cpu-energy-meter", "enable"], "readOnly": false, "type": "boolean"}, "programs.cpu-energy-meter.package": {"declarations": ["nixos/modules/programs/cpu-energy-meter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cpu-energy-meter"}, "description": "The cpu-energy-meter package to use.", "loc": ["programs", "cpu-energy-meter", "package"], "readOnly": false, "type": "package"}, "programs.criu.enable": {"declarations": ["nixos/modules/programs/criu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Install {command}`criu` along with necessary kernel options.\n", "loc": ["programs", "criu", "enable"], "readOnly": false, "type": "boolean"}, "programs.dconf.enable": {"declarations": ["nixos/modules/programs/dconf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dconf.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "dconf", "enable"], "readOnly": false, "type": "boolean"}, "programs.dconf.packages": {"declarations": ["nixos/modules/programs/dconf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of packages which provide dconf profiles and databases in {file}`/etc/dconf`.", "loc": ["programs", "dconf", "packages"], "readOnly": false, "type": "list of package"}, "programs.dconf.profiles": {"declarations": ["nixos/modules/programs/dconf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset of dconf profiles. By default the `user` profile is used which\nends up in `/etc/dconf/profile/user`.\n", "example": {"_type": "literalExpression", "text": "{\n  # A \"user\" profile with a database\n  user.databases = [\n    {\n      settings = { };\n    }\n  ];\n  # A \"bar\" profile from a package\n  bar = pkgs.bar-dconf-profile;\n  # A \"foo\" profile from a path\n  foo = ${./foo}\n};\n"}, "loc": ["programs", "dconf", "profiles"], "readOnly": false, "type": "attribute set of (absolute path or package or (submodule))"}, "programs.digitalbitbox.enable": {"declarations": ["nixos/modules/programs/digitalbitbox/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Installs the Digital Bitbox application and enables the complementary hardware module.\n", "loc": ["programs", "digitalbitbox", "enable"], "readOnly": false, "type": "boolean"}, "programs.digitalbitbox.package": {"declarations": ["nixos/modules/programs/digitalbitbox/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.digitalbitbox"}, "description": "The digitalbitbox package to use. This can be used to install a package with udev rules that differ from the defaults.\n", "loc": ["programs", "digitalbitbox", "package"], "readOnly": false, "type": "package"}, "programs.direnv.angrr.autoUse": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically use angrr before loading .envrc.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "angrr", "autoUse"], "readOnly": false, "type": "boolean"}, "programs.direnv.angrr.enable": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable angrr direnv integration.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "angrr", "enable"], "readOnly": false, "type": "boolean"}, "programs.direnv.direnvrcExtra": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to append to the sourced direnvrc\n", "example": {"_type": "literalExpression", "text": "''\n  export FOO=\"foo\"\n  echo \"loaded direnv!\"\n''"}, "loc": ["programs", "direnv", "direnvrcExtra"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.direnv.enable": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable direnv integration. Takes care of both installation and\nsetting up the sourcing of the shell. Additionally enables nix-direnv\nintegration. Note that you need to logout and login for this change to apply\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "direnv", "enable"], "readOnly": false, "type": "boolean"}, "programs.direnv.enableBashIntegration": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Bash integration\n.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "enableBashIntegration"], "readOnly": false, "type": "boolean"}, "programs.direnv.enableFishIntegration": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Fish integration\n.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "enableFishIntegration"], "readOnly": false, "type": "boolean"}, "programs.direnv.enableXonshIntegration": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Xonsh integration\n.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "enableXonshIntegration"], "readOnly": false, "type": "boolean"}, "programs.direnv.enableZshIntegration": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Zsh integration\n.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "enableZshIntegration"], "readOnly": false, "type": "boolean"}, "programs.direnv.loadInNixShell": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable loading direnv in `nix-shell` `nix shell` or `nix develop`\n.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "loadInNixShell"], "readOnly": false, "type": "boolean"}, "programs.direnv.nix-direnv.enable": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable a faster, persistent implementation of use_nix and use_flake, to replace the builtin one\n.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "direnv", "nix-direnv", "enable"], "readOnly": false, "type": "boolean"}, "programs.direnv.nix-direnv.package": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "\"pkgs.nix-direnv\""}, "description": "The nix-direnv package to use\n", "loc": ["programs", "direnv", "nix-direnv", "package"], "readOnly": false, "type": "package"}, "programs.direnv.package": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "pkgs.direnv"}, "description": "The direnv package to use.", "loc": ["programs", "direnv", "package"], "readOnly": false, "type": "package"}, "programs.direnv.settings": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Direnv configuration. Refer to {manpage}`direnv.toml(1)`.\n", "example": {"_type": "literalExpression", "text": "{\n  global = {\n    log_format = \"-\";\n    log_filter = \"^$\";\n  };\n}\n"}, "loc": ["programs", "direnv", "settings"], "readOnly": false, "type": "TOML value"}, "programs.direnv.silent": {"declarations": ["nixos/modules/programs/direnv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the hiding of direnv logging\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "direnv", "silent"], "readOnly": false, "type": "boolean"}, "programs.dmrconfig.enable": {"declarations": ["nixos/modules/programs/dmrconfig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure system to enable use of dmrconfig. This\nenables the required udev rules and installs the program.\n", "loc": ["programs", "dmrconfig", "enable"], "readOnly": false, "relatedPackages": "- [`pkgs.dmrconfig`](\n    https://search.nixos.org/packages?show=dmrconfig&sort=relevance&query=dmrconfig\n  )\n", "type": "boolean"}, "programs.dmrconfig.package": {"declarations": ["nixos/modules/programs/dmrconfig.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dmrconfig"}, "description": "The dmrconfig package to use.", "loc": ["programs", "dmrconfig", "package"], "readOnly": false, "type": "package"}, "programs.dms-shell.enable": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DankMaterialShell, a complete desktop shell for Wayland compositors.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "dms-shell", "enable"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.enableAudioWavelength": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install dependencies required for audio wavelength visualization.\nThis enables audio spectrum and waveform visualizer widgets.\n\nRequires: cava\n", "loc": ["programs", "dms-shell", "enableAudioWavelength"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.enableCalendarEvents": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install dependencies required for calendar events support.\nThis enables calendar widgets that display events and reminders via khal.\n\nRequires: khal\n", "loc": ["programs", "dms-shell", "enableCalendarEvents"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.enableClipboardPaste": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install dependencies required for pasting directly from the clipboard history support.\nThis enables pressing Shift+Return for pasting entries from the clipboard history.\n\nRequires: wtype\n", "loc": ["programs", "dms-shell", "enableClipboardPaste"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.enableDynamicTheming": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install dependencies required for dynamic theming support.\nThis enables automatic theme generation based on wallpapers and other sources.\n\nRequires: matugen\n", "loc": ["programs", "dms-shell", "enableDynamicTheming"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.enableSystemMonitoring": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install dependencies required for system monitoring widgets.\nThis includes process list viewers and system resource monitors.\n\nRequires: dgop\n", "loc": ["programs", "dms-shell", "enableSystemMonitoring"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.enableVPN": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install dependencies required for VPN widgets.\nThis enables VPN status monitoring and management through NetworkManager.\n\nRequires: glib, networkmanager\n", "loc": ["programs", "dms-shell", "enableVPN"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.package": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dms-shell"}, "description": "The dms-shell package to use.", "loc": ["programs", "dms-shell", "package"], "readOnly": false, "type": "package"}, "programs.dms-shell.plugins": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "DMS Plugins to install and enable", "example": {"_type": "literalExpression", "text": "{\n  DockerManager = {\n    src = pkgs.fetchFromGitHub {\n      owner = \"LuckShiba\";\n      repo = \"DmsDockerManager\";\n      rev = \"v1.2.0\";\n      sha256 = \"sha256-VoJCaygWnKpv0s0pqTOmzZnPM922qPDMHk4EPcgVnaU=\";\n    };\n  };\n  AnotherPlugin = {\n    enable = true;\n    src = pkgs.another-plugin;\n  };\n}\n"}, "loc": ["programs", "dms-shell", "plugins"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.dms-shell.plugins.<name>.enable": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this plugin", "loc": ["programs", "dms-shell", "plugins", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.plugins.<name>.src": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "description": "Source of the plugin package or path", "loc": ["programs", "dms-shell", "plugins", "<name>", "src"], "readOnly": false, "type": "package or absolute path"}, "programs.dms-shell.quickshell.package": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "pkgs.quickshell"}, "description": "The quickshell package to use.", "loc": ["programs", "dms-shell", "quickshell", "package"], "readOnly": false, "type": "package"}, "programs.dms-shell.systemd.enable": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable DankMaterialShell systemd startup service.\n", "loc": ["programs", "dms-shell", "systemd", "enable"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.systemd.restartIfChanged": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to restart the dms.service when the DankMaterialShell package or\nconfiguration changes. This ensures the latest version is always running\nafter a system rebuild.\n", "loc": ["programs", "dms-shell", "systemd", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "programs.dms-shell.systemd.target": {"declarations": ["nixos/modules/programs/wayland/dms-shell.nix"], "default": {"_type": "literalExpression", "text": "\"graphical-session.target\""}, "description": "The systemd target that will automatically start the DankMaterialShell service.\n\nCommon targets include:\n- `graphical-session.target` for most desktop environments\n- `wayland-session.target` for Wayland-specific sessions\n", "loc": ["programs", "dms-shell", "systemd", "target"], "readOnly": false, "type": "string"}, "programs.droidcam.enable": {"declarations": ["nixos/modules/programs/droidcam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DroidCam client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "droidcam", "enable"], "readOnly": false, "type": "boolean"}, "programs.dsearch.enable": {"declarations": ["nixos/modules/programs/dsearch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dsearch, a fast filesystem search service with fuzzy matching.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "dsearch", "enable"], "readOnly": false, "type": "boolean"}, "programs.dsearch.package": {"declarations": ["nixos/modules/programs/dsearch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dsearch"}, "description": "The dsearch package to use.", "loc": ["programs", "dsearch", "package"], "readOnly": false, "type": "package"}, "programs.dsearch.systemd.enable": {"declarations": ["nixos/modules/programs/dsearch.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable systemd user service for dsearch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "dsearch", "systemd", "enable"], "readOnly": false, "type": "boolean"}, "programs.dsearch.systemd.target": {"declarations": ["nixos/modules/programs/dsearch.nix"], "default": {"_type": "literalExpression", "text": "\"default.target\""}, "description": "The systemd target that will automatically start the dsearch service.\n\nBy default, dsearch starts with the user session (`default.target`).\nYou can change this to `graphical-session.target` if you only want\nit to run in graphical sessions.\n", "loc": ["programs", "dsearch", "systemd", "target"], "readOnly": false, "type": "string"}, "programs.dublin-traceroute.enable": {"declarations": ["nixos/modules/programs/dublin-traceroute.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dublin-traceroute (including setcap wrapper).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "dublin-traceroute", "enable"], "readOnly": false, "type": "boolean"}, "programs.dublin-traceroute.package": {"declarations": ["nixos/modules/programs/dublin-traceroute.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dublin-traceroute"}, "description": "The dublin-traceroute package to use.", "loc": ["programs", "dublin-traceroute", "package"], "readOnly": false, "type": "package"}, "programs.dwl.enable": {"declarations": ["nixos/modules/programs/wayland/dwl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dwl is a compact, hackable compositor for Wayland based on wlroots.\nYou can manually launch Dwl by executing \"exec dwl\" on a TTY.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "dwl", "enable"], "readOnly": false, "type": "boolean"}, "programs.dwl.extraSessionCommands": {"declarations": ["nixos/modules/programs/wayland/dwl.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just before dwl is started.\n", "loc": ["programs", "dwl", "extraSessionCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.dwl.package": {"declarations": ["nixos/modules/programs/wayland/dwl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dwl"}, "description": "The dwl package to use.", "example": {"_type": "literalExpression", "text": "# Lets apply bar patch from:\n# https://codeberg.org/dwl/dwl-patches/src/branch/main/patches/bar\n(pkgs.dwl.override {\n  configH = ./dwl-config.h;\n}).overrideAttrs (oldAttrs: {\n  buildInputs =\n    oldAttrs.buildInputs or []\n    ++ [\n      pkgs.libdrm\n      pkgs.fcft\n    ];\n  patches = oldAttrs.patches or [] ++ [\n    ./bar-0.7.patch\n  ];\n});\n"}, "loc": ["programs", "dwl", "package"], "readOnly": false, "type": "package"}, "programs.ente-auth.enable": {"declarations": ["nixos/modules/programs/ente-auth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ente Auth.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ente-auth", "enable"], "readOnly": false, "type": "boolean"}, "programs.ente-auth.package": {"declarations": ["nixos/modules/programs/ente-auth.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ente-auth"}, "description": "The ente-auth package to use.", "loc": ["programs", "ente-auth", "package"], "readOnly": false, "type": "package"}, "programs.envision.enable": {"declarations": ["nixos/modules/programs/envision.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable envision.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "envision", "enable"], "readOnly": false, "type": "boolean"}, "programs.envision.openFirewall": {"declarations": ["nixos/modules/programs/envision.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the default ports in the firewall for the WiVRn server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "envision", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.envision.package": {"declarations": ["nixos/modules/programs/envision.nix"], "default": {"_type": "literalExpression", "text": "pkgs.envision"}, "description": "The envision package to use.", "loc": ["programs", "envision", "package"], "readOnly": false, "type": "package"}, "programs.evince.enable": {"declarations": ["nixos/modules/programs/evince.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Evince, the GNOME document viewer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "evince", "enable"], "readOnly": false, "type": "boolean"}, "programs.evince.package": {"declarations": ["nixos/modules/programs/evince.nix"], "default": {"_type": "literalExpression", "text": "pkgs.evince"}, "description": "The evince package to use.", "loc": ["programs", "evince", "package"], "readOnly": false, "type": "package"}, "programs.evolution.enable": {"declarations": ["nixos/modules/services/desktops/gnome/evolution-data-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "evolution", "enable"], "readOnly": false, "type": "boolean"}, "programs.evolution.plugins": {"declarations": ["nixos/modules/services/desktops/gnome/evolution-data-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugins for Evolution.", "example": {"_type": "literalExpression", "text": "[ pkgs.evolution-ews ]"}, "loc": ["programs", "evolution", "plugins"], "readOnly": false, "type": "list of package"}, "programs.extra-container.enable": {"declarations": ["nixos/modules/programs/extra-container.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable extra-container, a tool for running declarative NixOS containers\nwithout host system rebuilds\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "extra-container", "enable"], "readOnly": false, "type": "boolean"}, "programs.fcast-receiver.enable": {"declarations": ["nixos/modules/programs/fcast-receiver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FCast Receiver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "fcast-receiver", "enable"], "readOnly": false, "type": "boolean"}, "programs.fcast-receiver.openFirewall": {"declarations": ["nixos/modules/programs/fcast-receiver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports needed for the functionality of the program.\n", "loc": ["programs", "fcast-receiver", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.fcast-receiver.package": {"declarations": ["nixos/modules/programs/fcast-receiver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fcast-receiver"}, "description": "The fcast-receiver package to use.", "loc": ["programs", "fcast-receiver", "package"], "readOnly": false, "type": "package"}, "programs.feedbackd.enable": {"declarations": ["nixos/modules/programs/feedbackd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the feedbackd D-BUS service and udev rules.\n\nYour user needs to be in the `feedbackd` group to trigger effects\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "feedbackd", "enable"], "readOnly": false, "type": "boolean"}, "programs.feedbackd.package": {"declarations": ["nixos/modules/programs/feedbackd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.feedbackd"}, "description": "The feedbackd package to use.", "loc": ["programs", "feedbackd", "package"], "readOnly": false, "type": "package"}, "programs.feedbackd.theme-package": {"declarations": ["nixos/modules/programs/feedbackd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.feedbackd-device-themes"}, "description": "The feedbackd-device-themes package to use.", "loc": ["programs", "feedbackd", "theme-package"], "readOnly": false, "type": "null or package"}, "programs.firefox.autoConfig": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "AutoConfig files can be used to set and lock preferences that are not covered\nby the policies.json for Mac and Linux. This method can be used to automatically\nchange user preferences or prevent the end user from modifiying specific\npreferences by locking them. More info can be found in <https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig>.\n", "loc": ["programs", "firefox", "autoConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.firefox.autoConfigFiles": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "AutoConfig files can be used to set and lock preferences that are not covered\nby the policies.json for Mac and Linux. This method can be used to automatically\nchange user preferences or prevent the end user from modifiying specific\npreferences by locking them. More info can be found in <https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig>.\n\nFiles are concated and autoConfig is appended.\n", "loc": ["programs", "firefox", "autoConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "programs.firefox.enable": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Firefox web browser.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "firefox", "enable"], "readOnly": false, "type": "boolean"}, "programs.firefox.languagePacks": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The language packs to install.\n", "loc": ["programs", "firefox", "languagePacks"], "readOnly": false, "type": "list of (one of \"ach\", \"af\", \"an\", \"ar\", \"ast\", \"az\", \"be\", \"bg\", \"bn\", \"br\", \"bs\", \"ca-valencia\", \"ca\", \"cak\", \"cs\", \"cy\", \"da\", \"de\", \"dsb\", \"el\", \"en-CA\", \"en-GB\", \"en-US\", \"eo\", \"es-AR\", \"es-CL\", \"es-ES\", \"es-MX\", \"et\", \"eu\", \"fa\", \"ff\", \"fi\", \"fr\", \"fur\", \"fy-NL\", \"ga-IE\", \"gd\", \"gl\", \"gn\", \"gu-IN\", \"he\", \"hi-IN\", \"hr\", \"hsb\", \"hu\", \"hy-AM\", \"ia\", \"id\", \"is\", \"it\", \"ja\", \"ka\", \"kab\", \"kk\", \"km\", \"kn\", \"ko\", \"lij\", \"lt\", \"lv\", \"mk\", \"mr\", \"ms\", \"my\", \"nb-NO\", \"ne-NP\", \"nl\", \"nn-NO\", \"oc\", \"pa-IN\", \"pl\", \"pt-BR\", \"pt-PT\", \"rm\", \"ro\", \"ru\", \"sat\", \"sc\", \"sco\", \"si\", \"sk\", \"skr\", \"sl\", \"son\", \"sq\", \"sr\", \"sv-SE\", \"szl\", \"ta\", \"te\", \"tg\", \"th\", \"tl\", \"tr\", \"trs\", \"uk\", \"ur\", \"uz\", \"vi\", \"xh\", \"zh-CN\", \"zh-TW\")"}, "programs.firefox.nativeMessagingHosts.packages": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages containing native messaging hosts that should be made available to Firefox extensions.\n", "loc": ["programs", "firefox", "nativeMessagingHosts", "packages"], "readOnly": false, "type": "list of package"}, "programs.firefox.package": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firefox"}, "description": "Firefox package to use.", "loc": ["programs", "firefox", "package"], "readOnly": false, "relatedPackages": "- [`pkgs.firefox`](\n    https://search.nixos.org/packages?show=firefox&sort=relevance&query=firefox\n  )\n- [`pkgs.firefox-bin`](\n    https://search.nixos.org/packages?show=firefox-bin&sort=relevance&query=firefox-bin\n  )\n- [`pkgs.firefox-esr`](\n    https://search.nixos.org/packages?show=firefox-esr&sort=relevance&query=firefox-esr\n  )\n", "type": "package"}, "programs.firefox.policies": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Group policies to install.\n\nSee [Mozilla's documentation](https://mozilla.github.io/policy-templates/)\nfor a list of available options.\n\nThis can be used to install extensions declaratively! Check out the\ndocumentation of the `ExtensionSettings` policy for details.\n\nWhen this option is in use, Firefox will inform you that \"your browser\nis managed by your organisation\". That message appears because NixOS\ninstalls what you have declared here such that it cannot be overridden\nthrough the user interface. It does not mean that someone else has been\ngiven control of your browser, unless of course they also control your\nNixOS configuration.\n\n", "loc": ["programs", "firefox", "policies"], "readOnly": false, "type": "JSON value"}, "programs.firefox.preferences": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Preferences to set from `about:config`.\n\nSome of these might be able to be configured more ergonomically\nusing policies.\n\nSee [here](https://mozilla.github.io/policy-templates/#preferences) for allowed preferences.\n\nWhen this option is in use, Firefox will inform you that \"your browser\nis managed by your organisation\". That message appears because NixOS\ninstalls what you have declared here such that it cannot be overridden\nthrough the user interface. It does not mean that someone else has been\ngiven control of your browser, unless of course they also control your\nNixOS configuration.\n\n", "example": {"_type": "literalExpression", "text": "{\n  \"browser.tabs.tabmanager.enabled\" = false;\n}\n"}, "loc": ["programs", "firefox", "preferences"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "programs.firefox.preferencesStatus": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "\"locked\""}, "description": "The status of `firefox.preferences`.\n\n`status` can assume the following values:\n- `\"default\"`: Preferences appear as default.\n- `\"locked\"`: Preferences appear as default and can't be changed.\n- `\"user\"`: Preferences appear as changed.\n- `\"clear\"`: Value has no effect. Resets to factory defaults on each startup.\n", "loc": ["programs", "firefox", "preferencesStatus"], "readOnly": false, "type": "one of \"default\", \"locked\", \"user\", \"clear\""}, "programs.firefox.wrapperConfig": {"declarations": ["nixos/modules/programs/firefox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Arguments to pass to Firefox wrapper", "loc": ["programs", "firefox", "wrapperConfig"], "readOnly": false, "type": "attribute set"}, "programs.firejail.enable": {"declarations": ["nixos/modules/programs/firejail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable firejail, a sandboxing tool for Linux.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "firejail", "enable"], "readOnly": false, "type": "boolean"}, "programs.firejail.wrappedBinaries": {"declarations": ["nixos/modules/programs/firejail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Wrap the binaries in firejail and place them in the global path.\n", "example": {"_type": "literalExpression", "text": "{\n  firefox = {\n    executable = \"${lib.getBin pkgs.firefox}/bin/firefox\";\n    profile = \"${pkgs.firejail}/etc/firejail/firefox.profile\";\n  };\n  mpv = {\n    executable = \"${lib.getBin pkgs.mpv}/bin/mpv\";\n    profile = \"${pkgs.firejail}/etc/firejail/mpv.profile\";\n  };\n}\n"}, "loc": ["programs", "firejail", "wrappedBinaries"], "readOnly": false, "type": "attribute set of (absolute path or (submodule))"}, "programs.fish.enable": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure fish as an interactive shell.\n", "loc": ["programs", "fish", "enable"], "readOnly": false, "type": "boolean"}, "programs.fish.extraCompletionPackages": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to generate completions from, if {option}`programs.fish.generateCompletions` is enabled.\n", "example": {"_type": "literalExpression", "text": "config.users.users.alice.packages"}, "loc": ["programs", "fish", "extraCompletionPackages"], "readOnly": false, "type": "list of package"}, "programs.fish.generateCompletions": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable generating completion files from man pages.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "fish", "generateCompletions"], "readOnly": false, "type": "boolean"}, "programs.fish.interactiveShellInit": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during interactive fish shell initialisation.\n", "loc": ["programs", "fish", "interactiveShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.fish.loginShellInit": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during fish login shell initialisation.\n", "loc": ["programs", "fish", "loginShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.fish.package": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fish"}, "description": "The fish package to use.", "loc": ["programs", "fish", "package"], "readOnly": false, "type": "package"}, "programs.fish.promptInit": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code used to initialise fish prompt.\n", "loc": ["programs", "fish", "promptInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.fish.shellAbbrs": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of fish abbreviations.\n", "example": {"_type": "literalExpression", "text": "{\n  gco = \"git checkout\";\n  npu = \"nix-prefetch-url\";\n}"}, "loc": ["programs", "fish", "shellAbbrs"], "readOnly": false, "type": "attribute set of string"}, "programs.fish.shellAliases": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of aliases for fish shell, which overrides {option}`environment.shellAliases`.\nSee {option}`environment.shellAliases` for an option format description.\n", "loc": ["programs", "fish", "shellAliases"], "readOnly": false, "type": "attribute set of (null or string or absolute path)"}, "programs.fish.shellInit": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during fish shell initialisation.\n", "loc": ["programs", "fish", "shellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.fish.useBabelfish": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, the configured environment will be translated to native fish using [babelfish](https://github.com/bouk/babelfish).\nOtherwise, [foreign-env](https://github.com/oh-my-fish/plugin-foreign-env) will be used.\n", "loc": ["programs", "fish", "useBabelfish"], "readOnly": false, "type": "boolean"}, "programs.fish.vendor.completions.enable": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether fish should use completion files provided by other packages.\n", "loc": ["programs", "fish", "vendor", "completions", "enable"], "readOnly": false, "type": "boolean"}, "programs.fish.vendor.config.enable": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether fish should source configuration snippets provided by other packages.\n", "loc": ["programs", "fish", "vendor", "config", "enable"], "readOnly": false, "type": "boolean"}, "programs.fish.vendor.functions.enable": {"declarations": ["nixos/modules/programs/fish.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether fish should autoload fish functions provided by other packages.\n", "loc": ["programs", "fish", "vendor", "functions", "enable"], "readOnly": false, "type": "boolean"}, "programs.flashprog.enable": {"declarations": ["nixos/modules/programs/flashprog.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable configuring flashprog udev rules and\ninstalling flashprog as system package\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "flashprog", "enable"], "readOnly": false, "type": "boolean"}, "programs.flashprog.package": {"declarations": ["nixos/modules/programs/flashprog.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flashprog"}, "description": "The flashprog package to use.", "loc": ["programs", "flashprog", "package"], "readOnly": false, "type": "package"}, "programs.flashrom.enable": {"declarations": ["nixos/modules/programs/flashrom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Installs flashrom and configures udev rules for programmers\nused by flashrom. Grants access to users in the \"flashrom\"\ngroup.\n", "loc": ["programs", "flashrom", "enable"], "readOnly": false, "type": "boolean"}, "programs.flashrom.package": {"declarations": ["nixos/modules/programs/flashrom.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flashrom"}, "description": "The flashrom package to use.", "loc": ["programs", "flashrom", "package"], "readOnly": false, "type": "package"}, "programs.flexoptix-app.enable": {"declarations": ["nixos/modules/programs/flexoptix-app.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FLEXOPTIX app + udev rules.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "flexoptix-app", "enable"], "readOnly": false, "type": "boolean"}, "programs.flexoptix-app.package": {"declarations": ["nixos/modules/programs/flexoptix-app.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flexoptix-app"}, "description": "The flexoptix-app package to use.", "loc": ["programs", "flexoptix-app", "package"], "readOnly": false, "type": "package"}, "programs.foot.enable": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable foot terminal emulator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "foot", "enable"], "readOnly": false, "type": "boolean"}, "programs.foot.enableBashIntegration": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable foot bash integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "foot", "enableBashIntegration"], "readOnly": false, "type": "boolean"}, "programs.foot.enableFishIntegration": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable foot fish integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "foot", "enableFishIntegration"], "readOnly": false, "type": "boolean"}, "programs.foot.enableZshIntegration": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable foot zsh integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "foot", "enableZshIntegration"], "readOnly": false, "type": "boolean"}, "programs.foot.package": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "pkgs.foot"}, "description": "The foot package to use.", "loc": ["programs", "foot", "package"], "readOnly": false, "type": "package"}, "programs.foot.settings": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for foot terminal emulator. Further information can be found in {command}`man 5 foot.ini`.\n\nGlobal configuration has to be written under the [main] section.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    font = \"FreeMono:size=12\";\n  };\n  scrollback = {\n    lines = 100000;\n  };\n}"}, "loc": ["programs", "foot", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "programs.foot.theme": {"declarations": ["nixos/modules/programs/foot"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Theme name. Check <https://codeberg.org/dnkl/foot/src/branch/master/themes> for available themes.\n", "example": {"_type": "literalExpression", "text": "\"aeroroot\""}, "loc": ["programs", "foot", "theme"], "readOnly": false, "type": "null or string"}, "programs.fuse.enable": {"declarations": ["nixos/modules/programs/fuse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable fuse.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "fuse", "enable"], "readOnly": false, "type": "boolean"}, "programs.fuse.mountMax": {"declarations": ["nixos/modules/programs/fuse.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Set the maximum number of FUSE mounts allowed to non-root users.\n", "loc": ["programs", "fuse", "mountMax"], "readOnly": false, "type": "integer between 0 and 32767 (both inclusive)"}, "programs.fuse.userAllowOther": {"declarations": ["nixos/modules/programs/fuse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow non-root users to specify the allow_other or allow_root mount\noptions, see mount.fuse3(8).\n", "loc": ["programs", "fuse", "userAllowOther"], "readOnly": false, "type": "boolean"}, "programs.fzf.fuzzyCompletion": {"declarations": ["nixos/modules/programs/fzf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fuzzy completion with fzf.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "fzf", "fuzzyCompletion"], "readOnly": false, "type": "boolean"}, "programs.fzf.keybindings": {"declarations": ["nixos/modules/programs/fzf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fzf keybindings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "fzf", "keybindings"], "readOnly": false, "type": "boolean"}, "programs.gamemode.enable": {"declarations": ["nixos/modules/programs/gamemode.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GameMode to optimise system performance on demand.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "gamemode", "enable"], "readOnly": false, "type": "boolean"}, "programs.gamemode.enableRenice": {"declarations": ["nixos/modules/programs/gamemode.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable CAP_SYS_NICE on gamemoded to support lowering process niceness.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "gamemode", "enableRenice"], "readOnly": false, "type": "boolean"}, "programs.gamemode.settings": {"declarations": ["nixos/modules/programs/gamemode.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "System-wide configuration for GameMode (/etc/gamemode.ini).\nSee {manpage}`gamemoded(8)` man page for available settings.\n", "example": {"_type": "literalExpression", "text": "{\n  general = {\n    renice = 10;\n  };\n\n  # Warning: GPU optimisations have the potential to damage hardware\n  gpu = {\n    apply_gpu_optimisations = \"accept-responsibility\";\n    gpu_device = 0;\n    amd_performance_level = \"high\";\n  };\n\n  custom = {\n    start = \"${pkgs.libnotify}/bin/notify-send 'GameMode started'\";\n    end = \"${pkgs.libnotify}/bin/notify-send 'GameMode ended'\";\n  };\n}\n"}, "loc": ["programs", "gamemode", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "programs.gamescope.args": {"declarations": ["nixos/modules/programs/gamescope.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Arguments passed to GameScope on startup.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--rt\"\n  \"--prefer-vk-device 8086:9bc4\"\n]"}, "loc": ["programs", "gamescope", "args"], "readOnly": false, "type": "list of string"}, "programs.gamescope.capSysNice": {"declarations": ["nixos/modules/programs/gamescope.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add cap_sys_nice capability to the GameScope\nbinary so that it may renice itself.\n", "loc": ["programs", "gamescope", "capSysNice"], "readOnly": false, "type": "boolean"}, "programs.gamescope.enable": {"declarations": ["nixos/modules/programs/gamescope.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gamescope, the SteamOS session compositing window manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "gamescope", "enable"], "readOnly": false, "type": "boolean"}, "programs.gamescope.env": {"declarations": ["nixos/modules/programs/gamescope.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Default environment variables available to the GameScope process, overridable at runtime.\n", "example": {"_type": "literalExpression", "text": "# for Prime render offload on Nvidia laptops.\n# Also requires `hardware.nvidia.prime.offload.enable`.\n{\n  __NV_PRIME_RENDER_OFFLOAD = \"1\";\n  __VK_LAYER_NV_optimus = \"NVIDIA_only\";\n  __GLX_VENDOR_LIBRARY_NAME = \"nvidia\";\n}\n"}, "loc": ["programs", "gamescope", "env"], "readOnly": false, "type": "attribute set of string"}, "programs.gamescope.package": {"declarations": ["nixos/modules/programs/gamescope.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gamescope"}, "description": "The gamescope package to use.", "loc": ["programs", "gamescope", "package"], "readOnly": false, "type": "package"}, "programs.gdk-pixbuf.modulePackages": {"declarations": ["nixos/modules/programs/gdk-pixbuf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages providing GDK-Pixbuf modules, for cache generation.", "loc": ["programs", "gdk-pixbuf", "modulePackages"], "readOnly": false, "type": "list of package"}, "programs.geary.enable": {"declarations": ["nixos/modules/programs/geary.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Geary, a Mail client for GNOME.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "geary", "enable"], "readOnly": false, "type": "boolean"}, "programs.ghidra.enable": {"declarations": ["nixos/modules/programs/ghidra.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ghidra, a software reverse engineering (SRE) suite of tools.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ghidra", "enable"], "readOnly": false, "type": "boolean"}, "programs.ghidra.gdb": {"declarations": ["nixos/modules/programs/ghidra.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add to gdbinit the python modules required to make Ghidra's debugger work.\n", "loc": ["programs", "ghidra", "gdb"], "readOnly": false, "type": "boolean"}, "programs.ghidra.package": {"declarations": ["nixos/modules/programs/ghidra.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ghidra"}, "description": "The ghidra package to use.", "example": {"_type": "literalExpression", "text": "ghidra-bin"}, "loc": ["programs", "ghidra", "package"], "readOnly": false, "type": "package"}, "programs.git-worktree-switcher.enable": {"declarations": ["nixos/modules/programs/git-worktree-switcher.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable git-worktree-switcher, switch between git worktrees with speed..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "git-worktree-switcher", "enable"], "readOnly": false, "type": "boolean"}, "programs.git-worktree-switcher.package": {"declarations": ["nixos/modules/programs/git-worktree-switcher.nix"], "default": {"_type": "literalExpression", "text": "pkgs.git-worktree-switcher"}, "description": "The git-worktree-switcher package to use.", "loc": ["programs", "git-worktree-switcher", "package"], "readOnly": false, "type": "package"}, "programs.git.config": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configuration to write to /etc/gitconfig. A list can also be\nspecified to keep the configuration in order. For example, setting\n`config` to `[ { foo.x = 42; } { bar.y = 42; }]` will put the `foo`\nsection before the `bar` section unlike the default alphabetical\norder, which can be helpful for sections such as `include` and\n`includeIf`. See the CONFIGURATION FILE section of {manpage}`git-config(1)` for\nmore information.\n", "example": {"_type": "literalExpression", "text": "{\n  init = {\n    defaultBranch = \"main\";\n  };\n  url = {\n    \"https://github.com/\" = {\n      insteadOf = [\n        \"gh:\"\n        \"github:\"\n      ];\n    };\n  };\n}"}, "loc": ["programs", "git", "config"], "readOnly": false, "type": "(attribute set of attribute set of anything) or list of attribute set of attribute set of anything"}, "programs.git.enable": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable git, a distributed version control system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "git", "enable"], "readOnly": false, "type": "boolean"}, "programs.git.lfs.enable": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable git-lfs (Large File Storage).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "git", "lfs", "enable"], "readOnly": false, "type": "boolean"}, "programs.git.lfs.enablePureSSHTransfer": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable pure SSH transfer in server side by adding git-lfs-transfer to environment.systemPackages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "git", "lfs", "enablePureSSHTransfer"], "readOnly": false, "type": "boolean"}, "programs.git.lfs.package": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "pkgs.git-lfs"}, "description": "The git-lfs package to use.", "loc": ["programs", "git", "lfs", "package"], "readOnly": false, "type": "package"}, "programs.git.package": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "pkgs.git"}, "description": "The git package to use.", "example": {"_type": "literalExpression", "text": "gitFull"}, "loc": ["programs", "git", "package"], "readOnly": false, "type": "package"}, "programs.git.prompt.enable": {"declarations": ["nixos/modules/programs/git.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatically sourcing git-prompt.sh. This does not change $PS1; it simply provides relevant utility functions.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "git", "prompt", "enable"], "readOnly": false, "type": "boolean"}, "programs.gnome-disks.enable": {"declarations": ["nixos/modules/programs/gnome-disks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Disks daemon, a program designed to\nbe a UDisks2 graphical front-end.\n", "loc": ["programs", "gnome-disks", "enable"], "readOnly": false, "type": "boolean"}, "programs.gnome-terminal.enable": {"declarations": ["nixos/modules/programs/gnome-terminal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Terminal.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "gnome-terminal", "enable"], "readOnly": false, "type": "boolean"}, "programs.gnupg.agent.enable": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables GnuPG agent with socket-activation for every user session.\n", "loc": ["programs", "gnupg", "agent", "enable"], "readOnly": false, "type": "boolean"}, "programs.gnupg.agent.enableBrowserSocket": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable browser socket for GnuPG agent.\n", "loc": ["programs", "gnupg", "agent", "enableBrowserSocket"], "readOnly": false, "type": "boolean"}, "programs.gnupg.agent.enableExtraSocket": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable extra socket for GnuPG agent.\n", "loc": ["programs", "gnupg", "agent", "enableExtraSocket"], "readOnly": false, "type": "boolean"}, "programs.gnupg.agent.enableSSHSupport": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK\nenvironment variable correctly. This will disable socket-activation\nand thus always start a GnuPG agent per user session.\n", "loc": ["programs", "gnupg", "agent", "enableSSHSupport"], "readOnly": false, "type": "boolean"}, "programs.gnupg.agent.pinentryPackage": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalMD", "text": "matching the configured desktop environment or `pkgs.pinentry-curses`"}, "description": "Which pinentry package to use. The path to the mainProgram as defined in\nthe package's meta attributes will be set in /etc/gnupg/gpg-agent.conf.\nIf not set by the user, it'll pick an appropriate flavor depending on the\nsystem configuration (qt flavor for lxqt and plasma, gtk2 for xfce,\ngnome3 on all other systems with X enabled, curses otherwise).\n", "example": {"_type": "literalMD", "text": "pkgs.pinentry-gnome3"}, "loc": ["programs", "gnupg", "agent", "pinentryPackage"], "readOnly": false, "type": "null or package"}, "programs.gnupg.agent.settings": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for /etc/gnupg/gpg-agent.conf.\nSee {manpage}`gpg-agent(1)` for supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  default-cache-ttl = 600;\n}"}, "loc": ["programs", "gnupg", "agent", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string))"}, "programs.gnupg.dirmngr.enable": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables GnuPG network certificate management daemon with socket-activation for every user session.\n", "loc": ["programs", "gnupg", "dirmngr", "enable"], "readOnly": false, "type": "boolean"}, "programs.gnupg.package": {"declarations": ["nixos/modules/programs/gnupg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnupg"}, "description": "The gnupg package to use.", "loc": ["programs", "gnupg", "package"], "readOnly": false, "type": "package"}, "programs.gpaste.enable": {"declarations": ["nixos/modules/programs/gpaste.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GPaste, a clipboard manager.\n", "loc": ["programs", "gpaste", "enable"], "readOnly": false, "type": "boolean"}, "programs.gphoto2.enable": {"declarations": ["nixos/modules/programs/gphoto2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure system to use gphoto2.\nTo grant digital camera access to a user, the user must\nbe part of the camera group:\n`users.users.alice.extraGroups = [\"camera\"];`\n", "loc": ["programs", "gphoto2", "enable"], "readOnly": false, "type": "boolean"}, "programs.gpu-screen-recorder.enable": {"declarations": ["nixos/modules/programs/gpu-screen-recorder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install gpu-screen-recorder and generate setcap\nwrappers for promptless recording.\n", "loc": ["programs", "gpu-screen-recorder", "enable"], "readOnly": false, "type": "boolean"}, "programs.gpu-screen-recorder.package": {"declarations": ["nixos/modules/programs/gpu-screen-recorder.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gpu-screen-recorder"}, "description": "The gpu-screen-recorder package to use.", "loc": ["programs", "gpu-screen-recorder", "package"], "readOnly": false, "type": "package"}, "programs.gtklock.config": {"declarations": ["nixos/modules/programs/wayland/gtklock.nix"], "description": "Configuration for gtklock.\nSee [`gtklock(1)`](https://github.com/jovanlanik/gtklock/blob/master/man/gtklock.1.scd) man page for details.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    idle-hide = true;\n    idle-timeout = 10;\n  };\n}"}, "loc": ["programs", "gtklock", "config"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "programs.gtklock.enable": {"declarations": ["nixos/modules/programs/wayland/gtklock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gtklock, a GTK-based lockscreen for Wayland.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "gtklock", "enable"], "readOnly": false, "type": "boolean"}, "programs.gtklock.modules": {"declarations": ["nixos/modules/programs/wayland/gtklock.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "gtklock modules to load.", "example": {"_type": "literalExpression", "text": "with pkgs; [\n  gtklock-playerctl-module\n  gtklock-powerbar-module\n  gtklock-userinfo-module\n]"}, "loc": ["programs", "gtklock", "modules"], "readOnly": false, "type": "list of package"}, "programs.gtklock.package": {"declarations": ["nixos/modules/programs/wayland/gtklock.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gtklock"}, "description": "The gtklock package to use.", "loc": ["programs", "gtklock", "package"], "readOnly": false, "type": "package"}, "programs.gtklock.style": {"declarations": ["nixos/modules/programs/wayland/gtklock.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CSS Stylesheet for gtklock.\nSee [gtklock's wiki](https://github.com/jovanlanik/gtklock/wiki#Styling) for details.\n", "loc": ["programs", "gtklock", "style"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "programs.haguichi.enable": {"declarations": ["nixos/modules/programs/haguichi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Haguichi, a Linux GUI frontend to the proprietary LogMeIn Hamachi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "haguichi", "enable"], "readOnly": false, "type": "boolean"}, "programs.hamster.enable": {"declarations": ["nixos/modules/programs/hamster.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hamster, a time tracking program.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "hamster", "enable"], "readOnly": false, "type": "boolean"}, "programs.htop.enable": {"declarations": ["nixos/modules/programs/htop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable htop process monitor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "htop", "enable"], "readOnly": false, "type": "boolean"}, "programs.htop.package": {"declarations": ["nixos/modules/programs/htop.nix"], "default": {"_type": "literalExpression", "text": "pkgs.htop"}, "description": "The htop package to use.", "loc": ["programs", "htop", "package"], "readOnly": false, "type": "package"}, "programs.htop.settings": {"declarations": ["nixos/modules/programs/htop.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra global default configuration for htop\nwhich is read on first startup only.\nHtop subsequently uses ~/.config/htop/htoprc\nas configuration source.\n", "example": {"_type": "literalExpression", "text": "{\n  hide_kernel_threads = true;\n  hide_userland_threads = true;\n}"}, "loc": ["programs", "htop", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean or list of (string or signed integer or boolean))"}, "programs.hyprland.enable": {"declarations": ["nixos/modules/programs/wayland/hyprland.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks.\nYou can manually launch Hyprland by executing {command}`start-hyprland` on a TTY.\nA configuration file will be generated in {file}`~/.config/hypr/hyprland.conf`.\nSee <https://wiki.hyprland.org> for more information.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "hyprland", "enable"], "readOnly": false, "type": "boolean"}, "programs.hyprland.package": {"declarations": ["nixos/modules/programs/wayland/hyprland.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hyprland"}, "description": "The hyprland package to use. If the package is not overridable with `enableXWayland`, then the module option\n{option}`xwayland` will have no effect.\n", "loc": ["programs", "hyprland", "package"], "readOnly": false, "type": "package"}, "programs.hyprland.portalPackage": {"declarations": ["nixos/modules/programs/wayland/hyprland.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xdg-desktop-portal-hyprland"}, "description": "The xdg-desktop-portal-hyprland package to use. If the package is not overridable with `hyprland`, then the Hyprland package\nused by the portal may differ from the one set in the module option {option}`package`.\n", "loc": ["programs", "hyprland", "portalPackage"], "readOnly": false, "type": "package"}, "programs.hyprland.systemd.setPath.enable": {"declarations": ["nixos/modules/programs/wayland/hyprland.nix"], "default": {"_type": "literalExpression", "text": "lib.versionOlder cfg.package.version \"0.41.2\""}, "description": "Set environment path of systemd to include the current system's bin directory.\nThis is needed in Hyprland setups, where opening links in applications do not work.\nEnabled by default for Hyprland versions older than 0.41.2.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "hyprland", "systemd", "setPath", "enable"], "readOnly": false, "type": "boolean"}, "programs.hyprland.withUWSM": {"declarations": ["nixos/modules/programs/wayland/hyprland.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager.\nThis has improved systemd support and is recommended for most users.\nThis automatically starts appropiate targets like `graphical-session.target`,\nand `wayland-session@Hyprland.target`.\n\n::: {.note}\nSome changes may need to be made to Hyprland configs depending on your setup, see\n[Hyprland wiki](https://wiki.hyprland.org/Useful-Utilities/Systemd-start/#uwsm).\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "hyprland", "withUWSM"], "readOnly": false, "type": "boolean"}, "programs.hyprland.xwayland.enable": {"declarations": ["nixos/modules/programs/wayland/hyprland.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XWayland.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "hyprland", "xwayland", "enable"], "readOnly": false, "type": "boolean"}, "programs.hyprlock.enable": {"declarations": ["nixos/modules/programs/wayland/hyprlock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hyprlock, Hyprland's GPU-accelerated screen locking utility.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "hyprlock", "enable"], "readOnly": false, "type": "boolean"}, "programs.hyprlock.package": {"declarations": ["nixos/modules/programs/wayland/hyprlock.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hyprlock"}, "description": "The hyprlock package to use.", "loc": ["programs", "hyprlock", "package"], "readOnly": false, "type": "package"}, "programs.i3lock.enable": {"declarations": ["nixos/modules/programs/i3lock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable i3lock.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "i3lock", "enable"], "readOnly": false, "type": "boolean"}, "programs.i3lock.package": {"declarations": ["nixos/modules/programs/i3lock.nix"], "default": {"_type": "literalExpression", "text": "pkgs.i3lock"}, "description": "The i3lock package to use. ::: {.note}\nThe i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly.\n:::\n", "example": {"_type": "literalExpression", "text": "i3lock-color"}, "loc": ["programs", "i3lock", "package"], "readOnly": false, "type": "package"}, "programs.i3lock.u2fSupport": {"declarations": ["nixos/modules/programs/i3lock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable U2F support in the i3lock program.\nU2F enables authentication using a hardware device, such as a security key.\nWhen U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service,\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "i3lock", "u2fSupport"], "readOnly": false, "type": "boolean"}, "programs.iay.enable": {"declarations": ["nixos/modules/programs/iay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iay, a minimalistic shell prompt.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "iay", "enable"], "readOnly": false, "type": "boolean"}, "programs.iay.minimalPrompt": {"declarations": ["nixos/modules/programs/iay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use minimal one-liner prompt.", "loc": ["programs", "iay", "minimalPrompt"], "readOnly": false, "type": "boolean"}, "programs.iay.package": {"declarations": ["nixos/modules/programs/iay.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iay"}, "description": "The iay package to use.", "loc": ["programs", "iay", "package"], "readOnly": false, "type": "package"}, "programs.idescriptor.enable": {"declarations": ["nixos/modules/programs/idescriptor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iDescriptor, a cross-platform iDevice management tool.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "idescriptor", "enable"], "readOnly": false, "type": "boolean"}, "programs.idescriptor.package": {"declarations": ["nixos/modules/programs/idescriptor.nix"], "default": {"_type": "literalExpression", "text": "pkgs.idescriptor"}, "description": "The idescriptor package to use.", "loc": ["programs", "idescriptor", "package"], "readOnly": false, "type": "package"}, "programs.idescriptor.users": {"declarations": ["nixos/modules/programs/idescriptor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Users to be added to the idevice group.", "loc": ["programs", "idescriptor", "users"], "readOnly": false, "type": "list of string"}, "programs.iftop.enable": {"declarations": ["nixos/modules/programs/iftop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iftop and setcap wrapper for it.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "iftop", "enable"], "readOnly": false, "type": "boolean"}, "programs.iio-hyprland.enable": {"declarations": ["nixos/modules/programs/iio-hyprland.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iio-hyprland and iio-sensor-proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "iio-hyprland", "enable"], "readOnly": false, "type": "boolean"}, "programs.iio-hyprland.package": {"declarations": ["nixos/modules/programs/iio-hyprland.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iio-hyprland"}, "description": "The iio-hyprland package to use.", "loc": ["programs", "iio-hyprland", "package"], "readOnly": false, "type": "package"}, "programs.immersed.enable": {"declarations": ["nixos/modules/programs/immersed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable immersed.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "immersed", "enable"], "readOnly": false, "type": "boolean"}, "programs.immersed.package": {"declarations": ["nixos/modules/programs/immersed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.immersed"}, "description": "The immersed package to use.", "loc": ["programs", "immersed", "package"], "readOnly": false, "type": "package"}, "programs.iotop.enable": {"declarations": ["nixos/modules/programs/iotop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iotop + setcap wrapper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "iotop", "enable"], "readOnly": false, "type": "boolean"}, "programs.iotop.package": {"declarations": ["nixos/modules/programs/iotop.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iotop"}, "description": "The iotop package to use.", "example": {"_type": "literalExpression", "text": "iotop-c"}, "loc": ["programs", "iotop", "package"], "readOnly": false, "type": "package"}, "programs.java.binfmt": {"declarations": ["nixos/modules/programs/java.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable binfmt to execute java jar's and classes.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "java", "binfmt"], "readOnly": false, "type": "boolean"}, "programs.java.enable": {"declarations": ["nixos/modules/programs/java.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Install and setup the Java development kit.\n\n::: {.note}\nThis adds JAVA_HOME to the global environment, by sourcing the\njdk's setup-hook on shell init. It is equivalent to starting a shell\nthrough 'nix-shell -p jdk', or roughly the following system-wide\nconfiguration:\n\n    environment.variables.JAVA_HOME = ${pkgs.jdk.home}/lib/openjdk;\n    environment.systemPackages = [ pkgs.jdk ];\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "java", "enable"], "readOnly": false, "type": "boolean"}, "programs.java.package": {"declarations": ["nixos/modules/programs/java.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk"}, "description": "The jdk package to use.", "example": {"_type": "literalExpression", "text": "jre"}, "loc": ["programs", "java", "package"], "readOnly": false, "type": "package"}, "programs.joycond-cemuhook.enable": {"declarations": ["nixos/modules/programs/joycond-cemuhook.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "joycond-cemuhook", "enable"], "readOnly": false, "type": "boolean"}, "programs.k3b.enable": {"declarations": ["nixos/modules/programs/k3b.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable k3b, the KDE disk burning application.\n\nAdditionally to installing `k3b` enabling this will\nadd `setuid` wrappers in `/run/wrappers/bin`\nfor both `cdrdao` and `cdrecord`. On first\nrun you must manually configure the path of `cdrdae` and\n`cdrecord` to correspond to the appropriate paths under\n`/run/wrappers/bin` in the \"Setup External Programs\" menu.\n", "loc": ["programs", "k3b", "enable"], "readOnly": false, "type": "boolean"}, "programs.k40-whisperer.enable": {"declarations": ["nixos/modules/programs/k40-whisperer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable K40-Whisperer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "k40-whisperer", "enable"], "readOnly": false, "type": "boolean"}, "programs.k40-whisperer.group": {"declarations": ["nixos/modules/programs/k40-whisperer.nix"], "default": {"_type": "literalExpression", "text": "\"k40\""}, "description": "Group assigned to the device when connected.\n", "loc": ["programs", "k40-whisperer", "group"], "readOnly": false, "type": "string"}, "programs.k40-whisperer.package": {"declarations": ["nixos/modules/programs/k40-whisperer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.k40-whisperer"}, "description": "The k40-whisperer package to use.", "loc": ["programs", "k40-whisperer", "package"], "readOnly": false, "type": "package"}, "programs.kbdlight.enable": {"declarations": ["nixos/modules/programs/kbdlight.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kbdlight.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kbdlight", "enable"], "readOnly": false, "type": "boolean"}, "programs.kclock.enable": {"declarations": ["nixos/modules/programs/kclock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable KClock.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kclock", "enable"], "readOnly": false, "type": "boolean"}, "programs.kde-pim.enable": {"declarations": ["nixos/modules/programs/kde-pim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable KDE PIM base packages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kde-pim", "enable"], "readOnly": false, "type": "boolean"}, "programs.kde-pim.kmail": {"declarations": ["nixos/modules/programs/kde-pim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable KMail.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kde-pim", "kmail"], "readOnly": false, "type": "boolean"}, "programs.kde-pim.kontact": {"declarations": ["nixos/modules/programs/kde-pim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kontact.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kde-pim", "kontact"], "readOnly": false, "type": "boolean"}, "programs.kde-pim.merkuro": {"declarations": ["nixos/modules/programs/kde-pim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Merkuro.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kde-pim", "merkuro"], "readOnly": false, "type": "boolean"}, "programs.kdeconnect.enable": {"declarations": ["nixos/modules/programs/kdeconnect.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kdeconnect.\n\nNote that it will open the TCP and UDP port from\n1714 to 1764 as they are needed for it to function properly.\nYou can use the {option}`package` to use\n`gnomeExtensions.gsconnect` as an alternative\nimplementation if you use Gnome\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kdeconnect", "enable"], "readOnly": false, "type": "boolean"}, "programs.kdeconnect.package": {"declarations": ["nixos/modules/programs/kdeconnect.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.kdeconnect-kde"}, "description": "The kdeconnect-kde package to use.", "example": {"_type": "literalExpression", "text": "gnomeExtensions.gsconnect"}, "loc": ["programs", "kdeconnect", "package"], "readOnly": false, "type": "null or package"}, "programs.kubeswitch.commandName": {"declarations": ["nixos/modules/programs/kubeswitch.nix"], "default": {"_type": "literalExpression", "text": "\"kswitch\""}, "description": "The name of the command to use", "loc": ["programs", "kubeswitch", "commandName"], "readOnly": false, "type": "string"}, "programs.kubeswitch.enable": {"declarations": ["nixos/modules/programs/kubeswitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kubeswitch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "kubeswitch", "enable"], "readOnly": false, "type": "boolean"}, "programs.kubeswitch.package": {"declarations": ["nixos/modules/programs/kubeswitch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kubeswitch"}, "description": "The kubeswitch package to use.", "loc": ["programs", "kubeswitch", "package"], "readOnly": false, "type": "package"}, "programs.labwc.enable": {"declarations": ["nixos/modules/programs/wayland/labwc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable labwc.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "labwc", "enable"], "readOnly": false, "type": "boolean"}, "programs.labwc.package": {"declarations": ["nixos/modules/programs/wayland/labwc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.labwc"}, "description": "The labwc package to use.", "loc": ["programs", "labwc", "package"], "readOnly": false, "type": "package"}, "programs.ladybird.enable": {"declarations": ["nixos/modules/programs/ladybird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Ladybird web browser.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ladybird", "enable"], "readOnly": false, "type": "boolean"}, "programs.lazygit.enable": {"declarations": ["nixos/modules/programs/lazygit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lazygit, a simple terminal UI for git commands.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "lazygit", "enable"], "readOnly": false, "type": "boolean"}, "programs.lazygit.package": {"declarations": ["nixos/modules/programs/lazygit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lazygit"}, "description": "The lazygit package to use.", "loc": ["programs", "lazygit", "package"], "readOnly": false, "type": "package"}, "programs.lazygit.settings": {"declarations": ["nixos/modules/programs/lazygit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Lazygit configuration.\n\nSee <https://github.com/jesseduffield/lazygit/blob/master/docs/Config.md> for documentation.\n", "loc": ["programs", "lazygit", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "programs.less.clearDefaultCommands": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Clear all default commands.\nYou should remember to set the quit key.\nOtherwise you will not be able to leave less without killing it.\n", "loc": ["programs", "less", "clearDefaultCommands"], "readOnly": false, "type": "boolean"}, "programs.less.commands": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines new command keys.", "example": {"_type": "literalExpression", "text": "{\n  h = \"noaction 5\\\\e(\";\n  l = \"noaction 5\\\\e)\";\n}"}, "loc": ["programs", "less", "commands"], "readOnly": false, "type": "attribute set of string"}, "programs.less.configFile": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to lesskey configuration file.\n\n{option}`configFile` takes precedence over {option}`commands`,\n{option}`clearDefaultCommands`, {option}`lineEditingKeys`, and\n{option}`envVariables`.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.my-configs}/lesskey\""}, "loc": ["programs", "less", "configFile"], "readOnly": false, "type": "null or absolute path"}, "programs.less.enable": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable less, a file pager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "less", "enable"], "readOnly": false, "type": "boolean"}, "programs.less.envVariables": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "{\n  LESS = \"-R\";\n}"}, "description": "Defines environment variables.", "example": {"_type": "literalExpression", "text": "{\n  LESS = \"--quit-if-one-screen\";\n}"}, "loc": ["programs", "less", "envVariables"], "readOnly": false, "type": "attribute set of string"}, "programs.less.lessclose": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When less closes a file opened in such a way, it will call another program, called the input postprocessor,\nwhich may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN).\n", "loc": ["programs", "less", "lessclose"], "readOnly": false, "type": "null or string"}, "programs.less.lessopen": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed.\n", "example": {"_type": "literalExpression", "text": "\"|${pkgs.lesspipe}/bin/lesspipe.sh %s\""}, "loc": ["programs", "less", "lessopen"], "readOnly": false, "type": "null or string"}, "programs.less.lineEditingKeys": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines new line-editing keys.", "example": {"_type": "literalExpression", "text": "{\n  e = \"abort\";\n}"}, "loc": ["programs", "less", "lineEditingKeys"], "readOnly": false, "type": "attribute set of string"}, "programs.less.package": {"declarations": ["nixos/modules/programs/less.nix"], "default": {"_type": "literalExpression", "text": "pkgs.less"}, "description": "The less package to use.", "loc": ["programs", "less", "package"], "readOnly": false, "type": "package"}, "programs.liboping.enable": {"declarations": ["nixos/modules/programs/liboping.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable liboping.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "liboping", "enable"], "readOnly": false, "type": "boolean"}, "programs.light.brightnessKeys.enable": {"declarations": ["nixos/modules/programs/light.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable brightness control with keyboard keys.\n\nThis is mainly useful for minimalistic (desktop) environments. You\nmay want to leave this disabled if you run a feature-rich desktop\nenvironment such as KDE, GNOME or Xfce as those handle the\nbrightness keys themselves. However, enabling brightness control\nwith this setting makes the control independent of X, so the keys\nwork in non-graphical ttys, so you might want to consider using this\ninstead of the default offered by the desktop environment.\n\nEnabling this will turn on {option}`services.actkbd`.\n", "loc": ["programs", "light", "brightnessKeys", "enable"], "readOnly": false, "type": "boolean"}, "programs.light.brightnessKeys.minBrightness": {"declarations": ["nixos/modules/programs/light.nix"], "default": {"_type": "literalExpression", "text": "0.1"}, "description": "The minimum authorized brightness value, e.g. to avoid the\ndisplay going dark.\n", "loc": ["programs", "light", "brightnessKeys", "minBrightness"], "readOnly": false, "type": "integer or floating point number between 0 and 100 (both inclusive)"}, "programs.light.brightnessKeys.step": {"declarations": ["nixos/modules/programs/light.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "The percentage value by which to increase/decrease brightness.\n", "loc": ["programs", "light", "brightnessKeys", "step"], "readOnly": false, "type": "signed integer"}, "programs.light.enable": {"declarations": ["nixos/modules/programs/light.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install Light backlight control command\nand udev rules granting access to members of the \"video\" group.\n", "loc": ["programs", "light", "enable"], "readOnly": false, "type": "boolean"}, "programs.localsend.enable": {"declarations": ["nixos/modules/programs/localsend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable localsend, an open source cross-platform alternative to AirDrop.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "localsend", "enable"], "readOnly": false, "type": "boolean"}, "programs.localsend.openFirewall": {"declarations": ["nixos/modules/programs/localsend.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable opening the firewall port 53317 for receiving files.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "localsend", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.localsend.package": {"declarations": ["nixos/modules/programs/localsend.nix"], "default": {"_type": "literalExpression", "text": "pkgs.localsend"}, "description": "The localsend package to use.", "loc": ["programs", "localsend", "package"], "readOnly": false, "type": "package"}, "programs.mangowc.enable": {"declarations": ["nixos/modules/programs/wayland/mangowc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MangoWC, a Wayland compositor based on dwl and scenefx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mangowc", "enable"], "readOnly": false, "type": "boolean"}, "programs.mangowc.package": {"declarations": ["nixos/modules/programs/wayland/mangowc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mangowc"}, "description": "The mangowc package to use.", "example": {"_type": "literalExpression", "text": "pkgs.mangowc.override { enableXWayland = false; }"}, "loc": ["programs", "mangowc", "package"], "readOnly": false, "type": "package"}, "programs.mdevctl.enable": {"declarations": ["nixos/modules/programs/mdevctl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mediated Device Management.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mdevctl", "enable"], "readOnly": false, "type": "boolean"}, "programs.mepo.enable": {"declarations": ["nixos/modules/programs/mepo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mepo, a fast, simple and hackable OSM map viewer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mepo", "enable"], "readOnly": false, "type": "boolean"}, "programs.mepo.locationBackends.geoclue": {"declarations": ["nixos/modules/programs/mepo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable location detection via geoclue", "loc": ["programs", "mepo", "locationBackends", "geoclue"], "readOnly": false, "type": "boolean"}, "programs.mepo.locationBackends.gpsd": {"declarations": ["nixos/modules/programs/mepo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable location detection via gpsd.\nThis may require additional configuration of gpsd, see [here](#opt-services.gpsd.enable)\n", "loc": ["programs", "mepo", "locationBackends", "gpsd"], "readOnly": false, "type": "boolean"}, "programs.mininet.enable": {"declarations": ["nixos/modules/programs/mininet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mininet, an emulator for rapid prototyping of Software Defined Networks.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mininet", "enable"], "readOnly": false, "type": "boolean"}, "programs.minipro.enable": {"declarations": ["nixos/modules/programs/minipro.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable minipro and its udev rules.\nUsers of the `plugdev` group can interact with connected MiniPRO chip programmers.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "minipro", "enable"], "readOnly": false, "type": "boolean"}, "programs.minipro.package": {"declarations": ["nixos/modules/programs/minipro.nix"], "default": {"_type": "literalExpression", "text": "pkgs.minipro"}, "description": "The minipro package to use.", "loc": ["programs", "minipro", "package"], "readOnly": false, "type": "package"}, "programs.miriway.config": {"declarations": ["nixos/modules/programs/miriway.nix"], "default": {"_type": "literalExpression", "text": "''\n  x11-window-title=Miriway (Mir-on-X)\n  idle-timeout=600\n  ctrl-alt=t:miriway-terminal # Default \"terminal emulator finder\"\n  \n  shell-component=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY\n  \n  meta=Left:@dock-left\n  meta=Right:@dock-right\n  meta=Space:@toggle-maximized\n  meta=Home:@workspace-begin\n  meta=End:@workspace-end\n  meta=Page_Up:@workspace-up\n  meta=Page_Down:@workspace-down\n  ctrl-alt=BackSpace:@exit\n''"}, "description": "Miriway's config. This will be installed system-wide.\nThe default will install the miriway package's barebones example config.\n", "example": {"_type": "literalExpression", "text": "''\n  idle-timeout=300\n  ctrl-alt=t:weston-terminal\n  add-wayland-extensions=all\n  \n  shell-components=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY\n  \n  shell-component=waybar\n  shell-component=wbg Pictures/wallpaper\n  \n  shell-meta=a:synapse\n  \n  meta=Left:@dock-left\n  meta=Right:@dock-right\n  meta=Space:@toggle-maximized\n  meta=Home:@workspace-begin\n  meta=End:@workspace-end\n  meta=Page_Up:@workspace-up\n  meta=Page_Down:@workspace-down\n  ctrl-alt=BackSpace:@exit\n''"}, "loc": ["programs", "miriway", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.miriway.enable": {"declarations": ["nixos/modules/programs/miriway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Miriway, a Mir based Wayland compositor. You can manually launch Miriway by\nexecuting \"exec miriway\" on a TTY, or launch it from a display manager. Copy\n/etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config\nto modify the system-wide configuration on a per-user basis. See <https://github.com/Miriway/Miriway>,\nand \"miriway --help\" for more information.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "miriway", "enable"], "readOnly": false, "type": "boolean"}, "programs.mosh.enable": {"declarations": ["nixos/modules/programs/mosh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mosh.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mosh", "enable"], "readOnly": false, "type": "boolean"}, "programs.mosh.openFirewall": {"declarations": ["nixos/modules/programs/mosh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically open the necessary ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mosh", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.mosh.package": {"declarations": ["nixos/modules/programs/mosh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mosh"}, "description": "The mosh package to use.", "loc": ["programs", "mosh", "package"], "readOnly": false, "type": "package"}, "programs.mosh.withUtempter": {"declarations": ["nixos/modules/programs/mosh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable libutempter for mosh.\n\nThis is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).\nNote, this will add a guid wrapper for the group utmp!\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mosh", "withUtempter"], "readOnly": false, "type": "boolean"}, "programs.mouse-actions.autorun": {"declarations": ["nixos/modules/programs/mouse-actions.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to start a user service to run mouse-actions on startup.\n", "loc": ["programs", "mouse-actions", "autorun"], "readOnly": false, "type": "boolean"}, "programs.mouse-actions.enable": {"declarations": ["nixos/modules/programs/mouse-actions.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install and set up mouse-actions and it's udev rules.\n\nNote that only users in the \"uinput\" group will be able to use the package\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "mouse-actions", "enable"], "readOnly": false, "type": "boolean"}, "programs.mouse-actions.package": {"declarations": ["nixos/modules/programs/mouse-actions.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mouse-actions"}, "description": "The mouse-actions package to use.", "example": {"_type": "literalExpression", "text": "mouse-actions-gui"}, "loc": ["programs", "mouse-actions", "package"], "readOnly": false, "type": "package"}, "programs.msmtp.accounts": {"declarations": ["nixos/modules/programs/msmtp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Named accounts and their respective configurations.\nThe special name \"default\" allows a default account to be defined.\nSee {manpage}`msmtp(1)` for the available options.\n\nUse `programs.msmtp.extraConfig` instead of this attribute set-based\noption if ordered account inheritance is needed.\n\nIt is advised to use the `passwordeval` setting to read the password\nfrom a secret file to avoid having it written in the world-readable\nnix store. The password file must end with a newline (`\\n`).\n", "example": {"_type": "literalExpression", "text": "{\n  default = {\n    auth = true;\n    host = \"smtp.example\";\n    passwordeval = \"cat /secrets/password.txt\";\n    user = \"someone\";\n  };\n}"}, "loc": ["programs", "msmtp", "accounts"], "readOnly": false, "type": "attribute set of (attribute set)"}, "programs.msmtp.defaults": {"declarations": ["nixos/modules/programs/msmtp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Default values applied to all accounts.\nSee {manpage}`msmtp(1)` for the available options.\n", "example": {"_type": "literalExpression", "text": "{\n  aliases = \"/etc/aliases\";\n  port = 587;\n  tls = true;\n}"}, "loc": ["programs", "msmtp", "defaults"], "readOnly": false, "type": "attribute set"}, "programs.msmtp.enable": {"declarations": ["nixos/modules/programs/msmtp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable msmtp - an SMTP client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "msmtp", "enable"], "readOnly": false, "type": "boolean"}, "programs.msmtp.extraConfig": {"declarations": ["nixos/modules/programs/msmtp.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to add to the msmtp configuration verbatim.\nSee {manpage}`msmtp(1)` for the syntax and available options.\n", "loc": ["programs", "msmtp", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.msmtp.package": {"declarations": ["nixos/modules/programs/msmtp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.msmtp"}, "description": "The msmtp package to use.", "loc": ["programs", "msmtp", "package"], "readOnly": false, "type": "package"}, "programs.msmtp.setSendmail": {"declarations": ["nixos/modules/programs/msmtp.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set the system sendmail to msmtp's.\n", "loc": ["programs", "msmtp", "setSendmail"], "readOnly": false, "type": "boolean"}, "programs.mtr.enable": {"declarations": ["nixos/modules/programs/mtr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add mtr to the global environment and configure a\nsetcap wrapper for it.\n", "loc": ["programs", "mtr", "enable"], "readOnly": false, "type": "boolean"}, "programs.mtr.package": {"declarations": ["nixos/modules/programs/mtr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mtr"}, "description": "The mtr package to use.", "loc": ["programs", "mtr", "package"], "readOnly": false, "type": "package"}, "programs.nano.enable": {"declarations": ["nixos/modules/programs/nano.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable nano, a small user-friendly console text editor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nano", "enable"], "readOnly": false, "type": "boolean"}, "programs.nano.nanorc": {"declarations": ["nixos/modules/programs/nano.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The system-wide nano configuration.\nSee {manpage}`nanorc(5)`.\n", "example": {"_type": "literalExpression", "text": "''\n  set nowrap\n  set tabstospaces\n  set tabsize 2\n''"}, "loc": ["programs", "nano", "nanorc"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.nano.package": {"declarations": ["nixos/modules/programs/nano.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nano"}, "description": "The nano package to use.", "loc": ["programs", "nano", "package"], "readOnly": false, "type": "package"}, "programs.nano.syntaxHighlight": {"declarations": ["nixos/modules/programs/nano.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable syntax highlight for various languages.", "loc": ["programs", "nano", "syntaxHighlight"], "readOnly": false, "type": "boolean"}, "programs.nautilus-open-any-terminal.enable": {"declarations": ["nixos/modules/programs/nautilus-open-any-terminal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nautilus-open-any-terminal.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nautilus-open-any-terminal", "enable"], "readOnly": false, "type": "boolean"}, "programs.nautilus-open-any-terminal.terminal": {"declarations": ["nixos/modules/programs/nautilus-open-any-terminal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The terminal emulator to add to context-entry of nautilus. Supported terminal\nemulators are listed in <https://github.com/Stunkymonkey/nautilus-open-any-terminal#supported-terminal-emulators>.\n", "loc": ["programs", "nautilus-open-any-terminal", "terminal"], "readOnly": false, "type": "null or string"}, "programs.nbd.enable": {"declarations": ["nixos/modules/programs/nbd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Network Block Device (nbd) support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nbd", "enable"], "readOnly": false, "type": "boolean"}, "programs.neovim.configure": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Generate your init file from your list of plugins and custom commands.\nNeovim will then be wrapped to load {command}`nvim -u /nix/store/\u00abhash\u00bb-vimrc`\n", "example": {"_type": "literalExpression", "text": "{\n  customRC = ''\n    \" here your custom VimScript configuration goes!\n  '';\n  customLuaRC = ''\n    -- here your custom Lua configuration goes!\n  '';\n  packages.myVimPackage = with pkgs.vimPlugins; {\n    # loaded on launch\n    start = [ fugitive ];\n    # manually loadable by calling `:packadd $plugin-name`\n    opt = [ ];\n  };\n}\n"}, "loc": ["programs", "neovim", "configure"], "readOnly": false, "type": "attribute set"}, "programs.neovim.defaultEditor": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, installs neovim and configures neovim to be the default editor\nusing the EDITOR environment variable.\n", "loc": ["programs", "neovim", "defaultEditor"], "readOnly": false, "type": "boolean"}, "programs.neovim.enable": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Neovim.\n\nWhen enabled through this option, Neovim is wrapped to use a\nconfiguration managed by this module. The configuration file in the\nuser's home directory at {file}`~/.config/nvim/init.vim` is no longer\nloaded by default.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "neovim", "enable"], "readOnly": false, "type": "boolean"}, "programs.neovim.package": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.neovim-unwrapped"}, "description": "The neovim-unwrapped package to use.", "loc": ["programs", "neovim", "package"], "readOnly": false, "type": "package"}, "programs.neovim.runtime": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of files that have to be linked in {file}`runtime`.\n", "example": {"_type": "literalExpression", "text": "{ \"ftplugin/c.vim\".text = \"setlocal omnifunc=v:lua.vim.lsp.omnifunc\"; }\n"}, "loc": ["programs", "neovim", "runtime"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.neovim.runtime.<name>.enable": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this runtime directory should be generated.  This\noption allows specific runtime files to be disabled.\n", "loc": ["programs", "neovim", "runtime", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "programs.neovim.runtime.<name>.source": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["programs", "neovim", "runtime", "<name>", "source"], "readOnly": false, "type": "null or absolute path"}, "programs.neovim.runtime.<name>.target": {"declarations": ["nixos/modules/programs/neovim.nix"], "description": "Name of symlink.  Defaults to the attribute\nname.\n", "loc": ["programs", "neovim", "runtime", "<name>", "target"], "readOnly": false, "type": "string"}, "programs.neovim.runtime.<name>.text": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["programs", "neovim", "runtime", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "programs.neovim.viAlias": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Symlink {command}`vi` to {command}`nvim` binary.\n", "loc": ["programs", "neovim", "viAlias"], "readOnly": false, "type": "boolean"}, "programs.neovim.vimAlias": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Symlink {command}`vim` to {command}`nvim` binary.\n", "loc": ["programs", "neovim", "vimAlias"], "readOnly": false, "type": "boolean"}, "programs.neovim.withNodeJs": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Node provider.", "loc": ["programs", "neovim", "withNodeJs"], "readOnly": false, "type": "boolean"}, "programs.neovim.withPython3": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Python 3 provider.", "loc": ["programs", "neovim", "withPython3"], "readOnly": false, "type": "boolean"}, "programs.neovim.withRuby": {"declarations": ["nixos/modules/programs/neovim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Ruby provider.", "loc": ["programs", "neovim", "withRuby"], "readOnly": false, "type": "boolean"}, "programs.nethoscope.enable": {"declarations": ["nixos/modules/programs/nethoscope.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add nethoscope to the global environment and configure a\nsetcap wrapper for it.\n", "loc": ["programs", "nethoscope", "enable"], "readOnly": false, "type": "boolean"}, "programs.nexttrace.enable": {"declarations": ["nixos/modules/programs/nexttrace.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nexttrace to the global environment and configure a setcap wrapper for it.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nexttrace", "enable"], "readOnly": false, "type": "boolean"}, "programs.nexttrace.package": {"declarations": ["nixos/modules/programs/nexttrace.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nexttrace"}, "description": "The nexttrace package to use.", "loc": ["programs", "nexttrace", "package"], "readOnly": false, "type": "package"}, "programs.nh.clean.dates": {"declarations": ["nixos/modules/programs/nh.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "How often cleanup is performed. Passed to systemd.time\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "loc": ["programs", "nh", "clean", "dates"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "programs.nh.clean.enable": {"declarations": ["nixos/modules/programs/nh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable periodic garbage collection with nh clean all.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nh", "clean", "enable"], "readOnly": false, "type": "boolean"}, "programs.nh.clean.extraArgs": {"declarations": ["nixos/modules/programs/nh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options given to nh clean when the service is run automatically.\n\nSee `nh clean all --help` for more information.\n", "example": {"_type": "literalExpression", "text": "\"--keep 5 --keep-since 3d\""}, "loc": ["programs", "nh", "clean", "extraArgs"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "programs.nh.enable": {"declarations": ["nixos/modules/programs/nh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nh, yet another Nix CLI helper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nh", "enable"], "readOnly": false, "type": "boolean"}, "programs.nh.flake": {"declarations": ["nixos/modules/programs/nh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The string that will be used for the `NH_FLAKE` environment variable.\n\n`NH_FLAKE` is used by nh as the default flake for performing actions, such as\n`nh os switch`. This behaviour can be overriden per-command with environment\nvariables that will take priority.\n\n- `NH_OS_FLAKE`: will take priority for `nh os` commands.\n- `NH_HOME_FLAKE`: will take priority for `nh home` commands.\n- `NH_DARWIN_FLAKE`: will take priority for `nh darwin` commands.\n\nThe formerly valid `FLAKE` is now deprecated by nh, and will cause hard errors\nin future releases if `NH_FLAKE` is not set.\n", "loc": ["programs", "nh", "flake"], "readOnly": false, "type": "null or string"}, "programs.nh.package": {"declarations": ["nixos/modules/programs/nh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nh"}, "description": "The nh package to use.", "loc": ["programs", "nh", "package"], "readOnly": false, "type": "package"}, "programs.niri.enable": {"declarations": ["nixos/modules/programs/wayland/niri.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Niri, a scrollable-tiling Wayland compositor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "niri", "enable"], "readOnly": false, "type": "boolean"}, "programs.niri.package": {"declarations": ["nixos/modules/programs/wayland/niri.nix"], "default": {"_type": "literalExpression", "text": "pkgs.niri"}, "description": "The niri package to use.", "loc": ["programs", "niri", "package"], "readOnly": false, "type": "package"}, "programs.niri.useNautilus": {"declarations": ["nixos/modules/programs/wayland/niri.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Nautilus as file-chooser for xdg-desktop-portal-gnome.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "niri", "useNautilus"], "readOnly": false, "type": "boolean"}, "programs.nix-index.enable": {"declarations": ["nixos/modules/programs/nix-index.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nix-index, a file database for nixpkgs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-index", "enable"], "readOnly": false, "type": "boolean"}, "programs.nix-index.enableBashIntegration": {"declarations": ["nixos/modules/programs/nix-index.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Bash integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-index", "enableBashIntegration"], "readOnly": false, "type": "boolean"}, "programs.nix-index.enableFishIntegration": {"declarations": ["nixos/modules/programs/nix-index.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Fish integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-index", "enableFishIntegration"], "readOnly": false, "type": "boolean"}, "programs.nix-index.enableZshIntegration": {"declarations": ["nixos/modules/programs/nix-index.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Zsh integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-index", "enableZshIntegration"], "readOnly": false, "type": "boolean"}, "programs.nix-index.package": {"declarations": ["nixos/modules/programs/nix-index.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nix-index"}, "description": "The nix-index package to use.", "loc": ["programs", "nix-index", "package"], "readOnly": false, "type": "package"}, "programs.nix-ld.enable": {"declarations": ["nixos/modules/programs/nix-ld.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nix-ld, Documentation: <https://github.com/nix-community/nix-ld>.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-ld", "enable"], "readOnly": false, "type": "boolean"}, "programs.nix-ld.libraries": {"declarations": ["nixos/modules/programs/nix-ld.nix"], "default": {"_type": "literalExpression", "text": "baseLibraries derived from systemd and nix dependencies."}, "description": "Libraries that automatically become available to all programs. The default set includes common libraries.", "loc": ["programs", "nix-ld", "libraries"], "readOnly": false, "type": "list of package"}, "programs.nix-ld.package": {"declarations": ["nixos/modules/programs/nix-ld.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nix-ld"}, "description": "The nix-ld package to use.", "loc": ["programs", "nix-ld", "package"], "readOnly": false, "type": "package"}, "programs.nix-required-mounts.allowedPatterns": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "default": {"_type": "literalExpression", "text": "{\n  opengl.paths = config.hardware.graphics.extraPackages ++ [\n    config.graphics.opengl.package\n    pkgs.addDriverRunpath.driverLink\n    \"/dev/dri\"\n  ];\n}\n"}, "description": "The hook config, describing which paths to mount for which system features", "example": {"_type": "literalExpression", "text": "{\n  require-ipfs = {\n    onFeatures = [\n      \"ipfs\"\n    ];\n    paths = [\n      \"/ipfs\"\n    ];\n  };\n}"}, "loc": ["programs", "nix-required-mounts", "allowedPatterns"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.nix-required-mounts.allowedPatterns.<name>.onFeatures": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"\u2039name\u203a\"\n]"}, "description": "Which requiredSystemFeatures should trigger relaxation of the sandbox", "loc": ["programs", "nix-required-mounts", "allowedPatterns", "<name>", "onFeatures"], "readOnly": false, "type": "list of string"}, "programs.nix-required-mounts.allowedPatterns.<name>.paths": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "description": "A list of glob patterns, indicating which paths to expose to the sandbox", "loc": ["programs", "nix-required-mounts", "allowedPatterns", "<name>", "paths"], "readOnly": false, "type": "list of (absolute path or (submodule))"}, "programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Instructs the hook to mount the symlink targets as well, when any of\nthe `paths` contain symlinks. This may not work correctly with glob\npatterns.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-required-mounts", "allowedPatterns", "<name>", "unsafeFollowSymlinks"], "readOnly": false, "type": "boolean"}, "programs.nix-required-mounts.enable": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-required-mounts", "enable"], "readOnly": false, "type": "boolean"}, "programs.nix-required-mounts.extraWrapperArgs": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra arguments (such as `--add-flags -v`) to pass to the hook's wrapper", "loc": ["programs", "nix-required-mounts", "extraWrapperArgs"], "readOnly": false, "type": "list of string"}, "programs.nix-required-mounts.presets.nvidia-gpu.enable": {"declarations": ["nixos/modules/programs/nix-required-mounts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Declare the support for derivations that require an Nvidia GPU to be\navailable, e.g. derivations with `requiredSystemFeatures = [ \"cuda\" ]`.\nThis mounts the corresponding userspace drivers and device nodes in the\nsandbox, but only for derivations that request these special features.\n\nYou may extend or override the exposed paths via the\n`programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths` option.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nix-required-mounts", "presets", "nvidia-gpu", "enable"], "readOnly": false, "type": "boolean"}, "programs.nixbit.enable": {"declarations": ["nixos/modules/programs/nixbit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nixbit configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nixbit", "enable"], "readOnly": false, "type": "boolean"}, "programs.nixbit.forceAutostart": {"declarations": ["nixos/modules/programs/nixbit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force creation of autostart desktop entry when application starts", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nixbit", "forceAutostart"], "readOnly": false, "type": "boolean"}, "programs.nixbit.package": {"declarations": ["nixos/modules/programs/nixbit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nixbit"}, "description": "The nixbit package to use.", "loc": ["programs", "nixbit", "package"], "readOnly": false, "type": "package"}, "programs.nixbit.repository": {"declarations": ["nixos/modules/programs/nixbit.nix"], "description": "Git repository URL for Nixbit", "loc": ["programs", "nixbit", "repository"], "readOnly": false, "type": "string"}, "programs.nm-applet.enable": {"declarations": ["nixos/modules/programs/nm-applet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nm-applet, a NetworkManager control applet for GNOME.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nm-applet", "enable"], "readOnly": false, "type": "boolean"}, "programs.nm-applet.indicator": {"declarations": ["nixos/modules/programs/nm-applet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use indicator instead of status icon.\nIt is needed for Appindicator environments, like Enlightenment.\n", "loc": ["programs", "nm-applet", "indicator"], "readOnly": false, "type": "boolean"}, "programs.nncp.enable": {"declarations": ["nixos/modules/programs/nncp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NNCP (Node to Node copy) utilities and configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "nncp", "enable"], "readOnly": false, "type": "boolean"}, "programs.nncp.group": {"declarations": ["nixos/modules/programs/nncp.nix"], "default": {"_type": "literalExpression", "text": "\"uucp\""}, "description": "The group under which NNCP files shall be owned.\nAny member of this group may access the secret keys\nof this NNCP node.\n", "loc": ["programs", "nncp", "group"], "readOnly": false, "type": "string"}, "programs.nncp.package": {"declarations": ["nixos/modules/programs/nncp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nncp"}, "description": "The nncp package to use.", "loc": ["programs", "nncp", "package"], "readOnly": false, "type": "package"}, "programs.nncp.secrets": {"declarations": ["nixos/modules/programs/nncp.nix"], "description": "A list of paths to NNCP configuration files that should not be\nin the Nix store. These files are layered on top of the values at\n[](#opt-programs.nncp.settings).\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/keys/nncp.hjson\"\n]"}, "loc": ["programs", "nncp", "secrets"], "readOnly": false, "type": "list of string"}, "programs.nncp.settings": {"declarations": ["nixos/modules/programs/nncp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "NNCP configuration, see\n<http://www.nncpgo.org/Configuration.html>.\nAt runtime these settings will be overlayed by the contents of\n[](#opt-programs.nncp.secrets) into the file\n`/run/nncp.hjson`. Node keypairs go in\n`secrets`, do not specify them in\n`settings` as they will be leaked into\n`/nix/store`!\n", "loc": ["programs", "nncp", "settings"], "readOnly": false, "type": "JSON value"}, "programs.noisetorch.enable": {"declarations": ["nixos/modules/programs/noisetorch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable noisetorch (+ setcap wrapper), a virtual microphone device with noise suppression.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "noisetorch", "enable"], "readOnly": false, "type": "boolean"}, "programs.noisetorch.package": {"declarations": ["nixos/modules/programs/noisetorch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.noisetorch"}, "description": "The noisetorch package to use.", "loc": ["programs", "noisetorch", "package"], "readOnly": false, "type": "package"}, "programs.npm.enable": {"declarations": ["nixos/modules/programs/npm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable {command}`npm` global config.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "npm", "enable"], "readOnly": false, "type": "boolean"}, "programs.npm.npmrc": {"declarations": ["nixos/modules/programs/npm.nix"], "default": {"_type": "literalExpression", "text": "''\n  prefix = ''${HOME}/.npm\n''"}, "description": "The system-wide npm configuration.\nSee <https://docs.npmjs.com/misc/config>.\n", "example": {"_type": "literalExpression", "text": "''\n  prefix = ''${HOME}/.npm\n  https-proxy=proxy.example.com\n  init-license=MIT\n  init-author-url=https://www.npmjs.com/\n  color=true\n''"}, "loc": ["programs", "npm", "npmrc"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.npm.package": {"declarations": ["nixos/modules/programs/npm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nodePackages.npm"}, "description": "The npm package to use.", "example": {"_type": "literalExpression", "text": "nodePackages_13_x.npm"}, "loc": ["programs", "npm", "package"], "readOnly": false, "type": "package"}, "programs.ns-usbloader.enable": {"declarations": ["nixos/modules/programs/ns-usbloader.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ns-usbloader application with udev rules applied.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ns-usbloader", "enable"], "readOnly": false, "type": "boolean"}, "programs.obs-studio.enable": {"declarations": ["nixos/modules/programs/obs-studio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Free and open source software for video recording and live streaming.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "obs-studio", "enable"], "readOnly": false, "type": "boolean"}, "programs.obs-studio.enableVirtualCamera": {"declarations": ["nixos/modules/programs/obs-studio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Installs and sets up the v4l2loopback kernel module, necessary for OBS\nto start a virtual camera.\n", "loc": ["programs", "obs-studio", "enableVirtualCamera"], "readOnly": false, "type": "boolean"}, "programs.obs-studio.package": {"declarations": ["nixos/modules/programs/obs-studio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.obs-studio"}, "description": "The obs-studio package to use.", "example": {"_type": "literalExpression", "text": "obs-studio"}, "loc": ["programs", "obs-studio", "package"], "readOnly": false, "type": "null or package"}, "programs.obs-studio.plugins": {"declarations": ["nixos/modules/programs/obs-studio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Optional OBS plugins.", "example": {"_type": "literalExpression", "text": "[ pkgs.obs-studio-plugins.wlrobs ]"}, "loc": ["programs", "obs-studio", "plugins"], "readOnly": false, "type": "list of package"}, "programs.oddjobd.enable": {"declarations": ["nixos/modules/programs/oddjobd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oddjob, a D-Bus service which runs odd jobs on behalf of client applications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "oddjobd", "enable"], "readOnly": false, "type": "boolean"}, "programs.oddjobd.package": {"declarations": ["nixos/modules/programs/oddjobd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oddjob"}, "description": "The oddjob package to use.", "loc": ["programs", "oddjobd", "package"], "readOnly": false, "type": "package"}, "programs.opengamepadui.args": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Arguments to be passed to OpenGamepadUI\n", "loc": ["programs", "opengamepadui", "args"], "readOnly": false, "type": "list of string"}, "programs.opengamepadui.enable": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opengamepadui.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "opengamepadui", "enable"], "readOnly": false, "type": "boolean"}, "programs.opengamepadui.extraPackages": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to the OpenGamepadUI environment.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [\n  gamescope\n]\n"}, "loc": ["programs", "opengamepadui", "extraPackages"], "readOnly": false, "type": "list of package"}, "programs.opengamepadui.fontPackages": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "builtins.filter lib.types.package.check config.fonts.packages"}, "description": "Font packages to use in OpenGamepadUI.\n\nDefaults to system fonts, but could be overridden to use other fonts \u2014 useful for users who would like to customize CJK fonts used in opengamepadui. According to the [upstream issue](https://github.com/ValveSoftware/opengamepadui-for-linux/issues/10422#issuecomment-1944396010), opengamepadui only follows the per-user fontconfig configuration.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ source-han-sans ]"}, "loc": ["programs", "opengamepadui", "fontPackages"], "readOnly": false, "type": "list of package"}, "programs.opengamepadui.gamescopeSession": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Run a GameScope driven OpenGamepadUI session from your display-manager", "loc": ["programs", "opengamepadui", "gamescopeSession"], "readOnly": false, "type": "submodule"}, "programs.opengamepadui.gamescopeSession.args": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--prefer-output\"\n  \"*,eDP-1\"\n  \"--xwayland-count\"\n  \"2\"\n  \"--default-touch-mode\"\n  \"4\"\n  \"--hide-cursor-delay\"\n  \"3000\"\n  \"--fade-out-duration\"\n  \"200\"\n  \"--steam\"\n]"}, "description": "Arguments to be passed to GameScope for the session.\n", "loc": ["programs", "opengamepadui", "gamescopeSession", "args"], "readOnly": false, "type": "list of string"}, "programs.opengamepadui.gamescopeSession.enable": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GameScope Session.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "opengamepadui", "gamescopeSession", "enable"], "readOnly": false, "type": "boolean"}, "programs.opengamepadui.gamescopeSession.env": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environmental variables to be passed to GameScope for the session.\n", "loc": ["programs", "opengamepadui", "gamescopeSession", "env"], "readOnly": false, "type": "attribute set of string"}, "programs.opengamepadui.inputplumber.enable": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Run InputPlumber service for input management and gamepad configuration.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "opengamepadui", "inputplumber", "enable"], "readOnly": false, "type": "boolean"}, "programs.opengamepadui.package": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opengamepadui"}, "description": "The OpenGamepadUI package to use.", "loc": ["programs", "opengamepadui", "package"], "readOnly": false, "type": "package"}, "programs.opengamepadui.powerstation.enable": {"declarations": ["nixos/modules/programs/opengamepadui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Run PowerStation service for TDP control and performance settings.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "opengamepadui", "powerstation", "enable"], "readOnly": false, "type": "boolean"}, "programs.openvpn3.enable": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the openvpn3 client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "openvpn3", "enable"], "readOnly": false, "type": "boolean"}, "programs.openvpn3.log-service": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Log service configuration", "loc": ["programs", "openvpn3", "log-service"], "readOnly": false, "type": "submodule"}, "programs.openvpn3.log-service.settings": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file", "loc": ["programs", "openvpn3", "log-service", "settings"], "readOnly": false, "type": "open submodule of attribute set of (JSON value)"}, "programs.openvpn3.log-service.settings.journald": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use systemd-journald", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "openvpn3", "log-service", "settings", "journald"], "readOnly": false, "type": "boolean"}, "programs.openvpn3.log-service.settings.log_dbus_details": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Add D-Bus details in log file/syslog", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "openvpn3", "log-service", "settings", "log_dbus_details"], "readOnly": false, "type": "boolean"}, "programs.openvpn3.log-service.settings.log_level": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "How verbose should the logging be", "example": {"_type": "literalExpression", "text": "6"}, "loc": ["programs", "openvpn3", "log-service", "settings", "log_level"], "readOnly": false, "type": "integer between 0 and 7 (both inclusive)"}, "programs.openvpn3.log-service.settings.timestamp": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add timestamp log file", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "openvpn3", "log-service", "settings", "timestamp"], "readOnly": false, "type": "boolean"}, "programs.openvpn3.netcfg": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Network configuration", "loc": ["programs", "openvpn3", "netcfg"], "readOnly": false, "type": "submodule"}, "programs.openvpn3.netcfg.settings": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file", "loc": ["programs", "openvpn3", "netcfg", "settings"], "readOnly": false, "type": "open submodule of attribute set of (JSON value)"}, "programs.openvpn3.netcfg.settings.systemd_resolved": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "config.services.resolved.enable"}, "description": "Whether to use systemd-resolved integration", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "openvpn3", "netcfg", "settings", "systemd_resolved"], "readOnly": false, "type": "boolean"}, "programs.openvpn3.package": {"declarations": ["nixos/modules/programs/openvpn3.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openvpn3"}, "description": "The openvpn3 package to use.", "loc": ["programs", "openvpn3", "package"], "readOnly": false, "type": "package"}, "programs.partition-manager.enable": {"declarations": ["nixos/modules/programs/partition-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable KDE Partition Manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "partition-manager", "enable"], "readOnly": false, "type": "boolean"}, "programs.partition-manager.package": {"declarations": ["nixos/modules/programs/partition-manager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.partitionmanager"}, "description": "The partitionmanager package to use.", "loc": ["programs", "partition-manager", "package"], "readOnly": false, "type": "package"}, "programs.pay-respects.aiIntegration": {"declarations": ["nixos/modules/programs/pay-respects.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable `pay-respects`' LLM integration. When there is no rule for a given error, `pay-respects` can query an OpenAI-compatible API endpoint for command corrections.\n\n- If this is set to `false`, all LLM-related features are disabled.\n- If this is set to `true`, the default OpenAI endpoint will be used, using upstream's API key. This default API key may be rate-limited.\n- You can also set a custom API endpoint, large language model and locale for command corrections. Simply access the `aiIntegration.url`, `aiIntegration.model` and `aiIntegration.locale` options, as described in the example.\n  - Take a look at the [services.ollama](#opt-services.ollama.enable) NixOS module if you wish to host a local large language model for `pay-respects`.\n\nFor all of these methods, you can set a custom secret API key by using the `_PR_AI_API_KEY` environment variable.\n", "example": {"_type": "literalExpression", "text": "{\n  locale = \"nl-be\";\n  model = \"llama3\";\n  url = \"http://127.0.0.1:11434/v1/chat/completions\";\n}"}, "loc": ["programs", "pay-respects", "aiIntegration"], "readOnly": false, "type": "boolean or (submodule)"}, "programs.pay-respects.alias": {"declarations": ["nixos/modules/programs/pay-respects.nix"], "default": {"_type": "literalExpression", "text": "\"f\""}, "description": "`pay-respects` needs an alias to be configured.\nThe default value is `f`, but you can use anything else as well.\n", "loc": ["programs", "pay-respects", "alias"], "readOnly": false, "type": "string"}, "programs.pay-respects.enable": {"declarations": ["nixos/modules/programs/pay-respects.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pay-respects, an app which corrects your previous console command.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "pay-respects", "enable"], "readOnly": false, "type": "boolean"}, "programs.pay-respects.package": {"declarations": ["nixos/modules/programs/pay-respects.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pay-respects"}, "description": "The pay-respects package to use.", "loc": ["programs", "pay-respects", "package"], "readOnly": false, "type": "package"}, "programs.pay-respects.runtimeRules": {"declarations": ["nixos/modules/programs/pay-respects.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of rules to be added to `/etc/xdg/pay-respects/rules`.\n`pay-respects` will read the contents of these generated rules to recommend command corrections.\nEach rule module should start with the `command` attribute that specifies the command name. See the [upstream documentation](https://codeberg.org/iff/pay-respects/src/branch/main/rules.md) for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    command = \"xl\";\n    match_err = [\n      {\n        pattern = [\n          \"Permission denied\"\n        ];\n        suggest = [\n          ''\n            #[executable(sudo), !cmd_contains(sudo), err_contains(libxl: error:)]\n            sudo {{command}}\n          ''\n        ];\n      }\n    ];\n  }\n];\n"}, "loc": ["programs", "pay-respects", "runtimeRules"], "readOnly": false, "type": "list of (TOML value)"}, "programs.plotinus.enable": {"declarations": ["nixos/modules/programs/plotinus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Plotinus GTK 3 plugin. Plotinus provides a\npopup (triggered by Ctrl-Shift-P) to search the menus of a\ncompatible application.\n", "loc": ["programs", "plotinus", "enable"], "readOnly": false, "type": "boolean"}, "programs.pmount.enable": {"declarations": ["nixos/modules/programs/pmount.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pmount, a tool that allows normal users to mount removable devices\nwithout requiring root privileges\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "pmount", "enable"], "readOnly": false, "type": "boolean"}, "programs.pmount.package": {"declarations": ["nixos/modules/programs/pmount.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pmount"}, "description": "The pmount package to use.", "loc": ["programs", "pmount", "package"], "readOnly": false, "type": "package"}, "programs.pqos-wrapper.enable": {"declarations": ["nixos/modules/programs/pqos-wrapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PQoS Wrapper for BenchExec.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "pqos-wrapper", "enable"], "readOnly": false, "type": "boolean"}, "programs.pqos-wrapper.package": {"declarations": ["nixos/modules/programs/pqos-wrapper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pqos-wrapper"}, "description": "The pqos-wrapper package to use.", "loc": ["programs", "pqos-wrapper", "package"], "readOnly": false, "type": "package"}, "programs.projecteur.enable": {"declarations": ["nixos/modules/programs/projecteur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable projecteur, an application for the Logitech Spotlight device (and similar).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "projecteur", "enable"], "readOnly": false, "type": "boolean"}, "programs.projecteur.package": {"declarations": ["nixos/modules/programs/projecteur.nix"], "default": {"_type": "literalExpression", "text": "pkgs.projecteur"}, "description": "The projecteur package to use.", "loc": ["programs", "projecteur", "package"], "readOnly": false, "type": "package"}, "programs.proxychains.chain.length": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Chain length for random chain.\n", "loc": ["programs", "proxychains", "chain", "length"], "readOnly": false, "type": "null or signed integer"}, "programs.proxychains.chain.type": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "\"strict\""}, "description": "`dynamic` - Each connection will be done via chained proxies\nall proxies chained in the order as they appear in the list\nat least one proxy must be online to play in chain\n(dead proxies are skipped)\notherwise `EINTR` is returned to the app.\n\n`strict` - Each connection will be done via chained proxies\nall proxies chained in the order as they appear in the list\nall proxies must be online to play in chain\notherwise `EINTR` is returned to the app.\n\n`random` - Each connection will be done via random proxy\n(or proxy chain, see {option}`programs.proxychains.chain.length`) from the list.\n", "loc": ["programs", "proxychains", "chain", "type"], "readOnly": false, "type": "one of \"dynamic\", \"strict\", \"random\""}, "programs.proxychains.enable": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable proxychains configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "proxychains", "enable"], "readOnly": false, "type": "boolean"}, "programs.proxychains.localnet": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.0/255.0.0.0\""}, "description": "By default enable localnet for loopback address ranges.", "loc": ["programs", "proxychains", "localnet"], "readOnly": false, "type": "string"}, "programs.proxychains.package": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "pkgs.proxychains"}, "description": "The proxychains package to use.", "example": {"_type": "literalExpression", "text": "proxychains-ng"}, "loc": ["programs", "proxychains", "package"], "readOnly": false, "type": "package"}, "programs.proxychains.proxies": {"declarations": ["nixos/modules/programs/proxychains.nix"], "description": "Proxies to be used by proxychains.\n", "example": {"_type": "literalExpression", "text": "{ myproxy =\n  { type = \"socks4\";\n    host = \"127.0.0.1\";\n    port = 1337;\n  };\n}\n"}, "loc": ["programs", "proxychains", "proxies"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.proxychains.proxies.<name>.enable": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable this proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "proxychains", "proxies", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "programs.proxychains.proxies.<name>.host": {"declarations": ["nixos/modules/programs/proxychains.nix"], "description": "Proxy host or IP address.", "loc": ["programs", "proxychains", "proxies", "<name>", "host"], "readOnly": false, "type": "string"}, "programs.proxychains.proxies.<name>.port": {"declarations": ["nixos/modules/programs/proxychains.nix"], "description": "Proxy port", "loc": ["programs", "proxychains", "proxies", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "programs.proxychains.proxies.<name>.type": {"declarations": ["nixos/modules/programs/proxychains.nix"], "description": "Proxy type.", "loc": ["programs", "proxychains", "proxies", "<name>", "type"], "readOnly": false, "type": "one of \"http\", \"socks4\", \"socks5\""}, "programs.proxychains.proxyDNS": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Proxy DNS requests - no leak for DNS data.", "loc": ["programs", "proxychains", "proxyDNS"], "readOnly": false, "type": "boolean"}, "programs.proxychains.quietMode": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Quiet mode (no output from the library).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "proxychains", "quietMode"], "readOnly": false, "type": "boolean"}, "programs.proxychains.remoteDNSSubnet": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "224"}, "description": "Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.\n", "loc": ["programs", "proxychains", "remoteDNSSubnet"], "readOnly": false, "type": "one of 10, 127, 224"}, "programs.proxychains.tcpConnectTimeOut": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Connection time-out in milliseconds.", "loc": ["programs", "proxychains", "tcpConnectTimeOut"], "readOnly": false, "type": "signed integer"}, "programs.proxychains.tcpReadTimeOut": {"declarations": ["nixos/modules/programs/proxychains.nix"], "default": {"_type": "literalExpression", "text": "15000"}, "description": "Connection read time-out in milliseconds.", "loc": ["programs", "proxychains", "tcpReadTimeOut"], "readOnly": false, "type": "signed integer"}, "programs.pulseview.enable": {"declarations": ["nixos/modules/programs/pulseview.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pulseview, a sigrok GUI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "pulseview", "enable"], "readOnly": false, "type": "boolean"}, "programs.qdmr.enable": {"declarations": ["nixos/modules/programs/qdmr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable QDMR - a GUI application and command line tool for programming DMR radios.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "qdmr", "enable"], "readOnly": false, "type": "boolean"}, "programs.qdmr.package": {"declarations": ["nixos/modules/programs/qdmr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qdmr"}, "description": "The qdmr package to use.", "loc": ["programs", "qdmr", "package"], "readOnly": false, "type": "package"}, "programs.qgroundcontrol.blacklistModemManagerFromTTYUSB": {"declarations": ["nixos/modules/programs/qgroundcontrol.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disallow ModemManager from interfering with serial connections that QGroundControl might use.\n\nNote that if you use a modem that's connected via USB, you might want to disable this option.\n", "loc": ["programs", "qgroundcontrol", "blacklistModemManagerFromTTYUSB"], "readOnly": false, "type": "boolean"}, "programs.qgroundcontrol.enable": {"declarations": ["nixos/modules/programs/qgroundcontrol.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable qgroundcontrol.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "qgroundcontrol", "enable"], "readOnly": false, "type": "boolean"}, "programs.qgroundcontrol.package": {"declarations": ["nixos/modules/programs/qgroundcontrol.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qgroundcontrol"}, "description": "The qgroundcontrol package to use.", "loc": ["programs", "qgroundcontrol", "package"], "readOnly": false, "type": "package"}, "programs.quark-goldleaf.enable": {"declarations": ["nixos/modules/programs/quark-goldleaf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable quark-goldleaf with udev rules applied.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "quark-goldleaf", "enable"], "readOnly": false, "type": "boolean"}, "programs.regreet.cageArgs": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-s\"\n  \"-d\"\n]"}, "description": "Additional arguments to be passed to\n[cage](https://github.com/cage-kiosk/cage).\n", "example": {"_type": "literalExpression", "text": "[ \"-s\" \"-d\" \"-m\" \"last\" ]\n"}, "loc": ["programs", "regreet", "cageArgs"], "readOnly": false, "type": "list of string"}, "programs.regreet.cursorTheme.name": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the cursor theme to use for regreet.\n", "loc": ["programs", "regreet", "cursorTheme", "name"], "readOnly": false, "type": "string"}, "programs.regreet.cursorTheme.package": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adwaita-icon-theme"}, "description": "The package that provides the cursor theme given in the name option.\n", "loc": ["programs", "regreet", "cursorTheme", "package"], "readOnly": false, "type": "package"}, "programs.regreet.enable": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable ReGreet, a clean and customizable greeter for greetd.\n\nTo use ReGreet, {option}`services.greetd` has to be enabled and\n{option}`services.greetd.settings.default_session` should contain the\nappropriate configuration to launch\n{option}`config.programs.regreet.package`. For examples, see the\n[ReGreet Readme](https://github.com/rharish101/ReGreet#set-as-default-session).\n\nA minimal configuration that launches ReGreet in {command}`cage` is\nenabled by this module by default.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "regreet", "enable"], "readOnly": false, "type": "boolean"}, "programs.regreet.extraCss": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra CSS rules to apply on top of the GTK theme. Refer to\n[GTK CSS Properties](https://docs.gtk.org/gtk4/css-properties.html) for\nmodifiable properties.\n", "loc": ["programs", "regreet", "extraCss"], "readOnly": false, "type": "absolute path or strings concatenated with \"\\n\""}, "programs.regreet.font.name": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "\"Cantarell\""}, "description": "Name of the font to use for regreet.\n", "loc": ["programs", "regreet", "font", "name"], "readOnly": false, "type": "string"}, "programs.regreet.font.package": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cantarell-fonts"}, "description": "The package that provides the font given in the name option.\n", "loc": ["programs", "regreet", "font", "package"], "readOnly": false, "type": "package"}, "programs.regreet.font.size": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Size of the font to use for regreet.\n", "loc": ["programs", "regreet", "font", "size"], "readOnly": false, "type": "positive integer, meaning >0"}, "programs.regreet.iconTheme.name": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the icon theme to use for regreet.\n", "loc": ["programs", "regreet", "iconTheme", "name"], "readOnly": false, "type": "string"}, "programs.regreet.iconTheme.package": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adwaita-icon-theme"}, "description": "The package that provides the icon theme given in the name option.\n", "loc": ["programs", "regreet", "iconTheme", "package"], "readOnly": false, "type": "package"}, "programs.regreet.package": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.regreet"}, "description": "The regreet package to use.", "loc": ["programs", "regreet", "package"], "readOnly": false, "type": "package"}, "programs.regreet.settings": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "ReGreet configuration file. Refer\n<https://github.com/rharish101/ReGreet/blob/main/regreet.sample.toml>\nfor options.\n", "loc": ["programs", "regreet", "settings"], "readOnly": false, "type": "TOML value"}, "programs.regreet.theme.name": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the theme to use for regreet.\n", "loc": ["programs", "regreet", "theme", "name"], "readOnly": false, "type": "string"}, "programs.regreet.theme.package": {"declarations": ["nixos/modules/programs/regreet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnome-themes-extra"}, "description": "The package that provides the theme given in the name option.\n", "loc": ["programs", "regreet", "theme", "package"], "readOnly": false, "type": "package"}, "programs.river-classic.enable": {"declarations": ["nixos/modules/programs/wayland/river.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable river-classic, a dynamic tiling Wayland compositor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "river-classic", "enable"], "readOnly": false, "type": "boolean"}, "programs.river-classic.extraPackages": {"declarations": ["nixos/modules/programs/wayland/river.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ swaylock foot dmenu ];\n"}, "description": "Extra packages to be installed system wide. See\n[Common X11 apps used on i3 with Wayland alternatives](https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives)\nfor a list of useful software.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ termite rofi light ]\n"}, "loc": ["programs", "river-classic", "extraPackages"], "readOnly": false, "type": "list of package"}, "programs.river-classic.package": {"declarations": ["nixos/modules/programs/wayland/river.nix"], "default": {"_type": "literalExpression", "text": "pkgs.river-classic"}, "description": "The river-classic package to use. If the package is not overridable with `xwaylandSupport`, then the module option\n{option}`xwayland` will have no effect.\n\nSet to `null` to not add any River package to your path.\nThis should be done if you want to use the Home Manager River module to install River.\n", "loc": ["programs", "river-classic", "package"], "readOnly": false, "type": "null or package"}, "programs.river-classic.xwayland.enable": {"declarations": ["nixos/modules/programs/wayland/river.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XWayland.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "river-classic", "xwayland", "enable"], "readOnly": false, "type": "boolean"}, "programs.rog-control-center.autoStart": {"declarations": ["nixos/modules/programs/rog-control-center.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether rog-control-center should be started automatically.", "loc": ["programs", "rog-control-center", "autoStart"], "readOnly": false, "type": "boolean"}, "programs.rog-control-center.enable": {"declarations": ["nixos/modules/programs/rog-control-center.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the rog-control-center application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "rog-control-center", "enable"], "readOnly": false, "type": "boolean"}, "programs.rush.enable": {"declarations": ["nixos/modules/programs/rush.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Restricted User Shell..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "rush", "enable"], "readOnly": false, "type": "boolean"}, "programs.rush.global": {"declarations": ["nixos/modules/programs/rush.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The `global` statement defines global settings.", "loc": ["programs", "rush", "global"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.rush.package": {"declarations": ["nixos/modules/programs/rush.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rush"}, "description": "The rush package to use.", "loc": ["programs", "rush", "package"], "readOnly": false, "type": "package"}, "programs.rush.rules": {"declarations": ["nixos/modules/programs/rush.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The rule statement configures a GNU Rush rule. This is a block statement, which means that all\nstatements located between it and the next rule statement (or end of file, whichever occurs first)\nmodify the definition of that rule.\n", "loc": ["programs", "rush", "rules"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "programs.rush.shell": {"declarations": ["nixos/modules/programs/rush.nix"], "description": "The resolved shell path that users can inherit to set `rush` as their login shell.\nThis is a convenience option for use in user definitions. Example:\n  `users.users.alice = { inherit (config.programs.rush) shell; ... };`\n", "loc": ["programs", "rush", "shell"], "readOnly": true, "type": "package or absolute path"}, "programs.rush.wrap": {"declarations": ["nixos/modules/programs/rush.nix"], "default": {"_type": "literalExpression", "text": "config.security.enableWrappers"}, "description": "Whether to wrap the `rush` binary with a SUID-enabled wrapper.\nThis is required if {option}`security.enableWrappers` is enabled in your configuration.\n", "loc": ["programs", "rush", "wrap"], "readOnly": false, "type": "boolean"}, "programs.rust-motd.enable": {"declarations": ["nixos/modules/programs/rust-motd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rust-motd, a Message Of The Day (MOTD) generator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "rust-motd", "enable"], "readOnly": false, "type": "boolean"}, "programs.rust-motd.enableMotdInSSHD": {"declarations": ["nixos/modules/programs/rust-motd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to let `openssh` print the\nresult when entering a new `ssh`-session.\nBy default either nothing or a static file defined via\n[](#opt-users.motd) is printed. Because of that,\nthe latter option is incompatible with this module.\n", "loc": ["programs", "rust-motd", "enableMotdInSSHD"], "readOnly": false, "type": "boolean"}, "programs.rust-motd.order": {"declarations": ["nixos/modules/programs/rust-motd.nix"], "default": {"_type": "literalExpression", "text": "attrNames cfg.settings"}, "description": "The order of the sections in [](#opt-programs.rust-motd.settings).\nBy default they are ordered alphabetically.\n\nContext: since attribute sets in Nix are always\nordered alphabetically internally this means that\n\n```nix\n{\n  uptime = { /* ... */ };\n  banner = { /* ... */ };\n}\n```\n\nwill still have `banner` displayed before `uptime`.\n\nTo work around that, this option can be used to define the order of all keys,\ni.e.\n\n```nix\n{\n  order = [\n    \"uptime\"\n    \"banner\"\n  ];\n}\n```\n\nmakes sure that `uptime` is placed before `banner` in the motd.\n", "loc": ["programs", "rust-motd", "order"], "readOnly": false, "type": "list of string"}, "programs.rust-motd.refreshInterval": {"declarations": ["nixos/modules/programs/rust-motd.nix"], "default": {"_type": "literalExpression", "text": "\"*:0/5\""}, "description": "Interval in which the {manpage}`motd(5)` file is refreshed.\nFor possible formats, please refer to {manpage}`systemd.time(7)`.\n", "loc": ["programs", "rust-motd", "refreshInterval"], "readOnly": false, "type": "string"}, "programs.rust-motd.settings": {"declarations": ["nixos/modules/programs/rust-motd.nix"], "description": "Settings on what to generate. Please read the\n[upstream documentation](https://github.com/rust-motd/rust-motd/blob/main/README.md#configuration)\nfor further information.\n", "loc": ["programs", "rust-motd", "settings"], "readOnly": false, "type": "attribute set of (TOML value)"}, "programs.ryzen-monitor-ng.enable": {"declarations": ["nixos/modules/programs/ryzen-monitor-ng.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver.\n\nMonitor power information of Ryzen processors via the PM table of the SMU.\n\nSMU Set and Get for many parameters and CO counts.\n\n<https://github.com/mann1x/ryzen_monitor_ng>\n\nWARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer's warranty\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ryzen-monitor-ng", "enable"], "readOnly": false, "type": "boolean"}, "programs.ryzen-monitor-ng.package": {"declarations": ["nixos/modules/programs/ryzen-monitor-ng.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ryzen-monitor-ng"}, "description": "The ryzen-monitor-ng package to use.", "loc": ["programs", "ryzen-monitor-ng", "package"], "readOnly": false, "type": "package"}, "programs.schroot.enable": {"declarations": ["nixos/modules/programs/schroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable schroot, a lightweight virtualisation tool.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "schroot", "enable"], "readOnly": false, "type": "boolean"}, "programs.schroot.package": {"declarations": ["nixos/modules/programs/schroot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.schroot"}, "description": "The schroot package to use.", "loc": ["programs", "schroot", "package"], "readOnly": false, "type": "package"}, "programs.schroot.profiles": {"declarations": ["nixos/modules/programs/schroot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Custom configuration profiles for schroot.", "loc": ["programs", "schroot", "profiles"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.schroot.profiles.<name>.copyfiles": {"declarations": ["nixos/modules/programs/schroot.nix"], "description": "A list of files to copy into the chroot from the host system.", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/resolv.conf\"\n]"}, "loc": ["programs", "schroot", "profiles", "<name>", "copyfiles"], "readOnly": false, "type": "list of string"}, "programs.schroot.profiles.<name>.fstab": {"declarations": ["nixos/modules/programs/schroot.nix"], "description": "A file in the format described in {manpage}`fstab(5)`, used to mount filesystems inside the chroot.\nThe mount location is relative to the root of the chroot.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"my-schroot-fstab\" ''\n  /proc           /proc           none    rw,bind         0       0\n  /sys            /sys            none    rw,bind         0       0\n  /dev            /dev            none    rw,bind         0       0\n  /dev/pts        /dev/pts        none    rw,bind         0       0\n  /home           /home           none    rw,rbind        0       0\n  /tmp            /tmp            none    rw,bind         0       0\n  /dev/shm        /dev/shm        none    rw,bind         0       0\n  /nix            /nix            none    ro,bind         0       0\n  /run/current-system /run/current-system none rw,bind    0       0\n  /run/wrappers   /run/wrappers   none    rw,bind         0       0\n''\n"}, "loc": ["programs", "schroot", "profiles", "<name>", "fstab"], "readOnly": false, "type": "absolute path"}, "programs.schroot.profiles.<name>.nssdatabases": {"declarations": ["nixos/modules/programs/schroot.nix"], "description": "System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.\n", "example": {"_type": "literalExpression", "text": "[\n  \"passwd\"\n  \"shadow\"\n  \"group\"\n  \"gshadow\"\n  \"services\"\n  \"protocols\"\n  \"networks\"\n  \"hosts\"\n]"}, "loc": ["programs", "schroot", "profiles", "<name>", "nssdatabases"], "readOnly": false, "type": "list of string"}, "programs.schroot.settings": {"declarations": ["nixos/modules/programs/schroot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Schroot configuration settings.\nFor more details, see {manpage}`schroot.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "{\n  noble = {\n    description = \"Ubuntu 24.04 Noble\";\n    directory = \"/srv/chroot/noble\";\n    personality = \"linux\";\n    preserve-environment = false;\n    profile = \"my-profile\";\n    root-users = \"my-user\";\n    shell = \"/bin/bash\";\n    type = \"directory\";\n    users = \"my-user\";\n  };\n}"}, "loc": ["programs", "schroot", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "programs.screen.enable": {"declarations": ["nixos/modules/programs/screen.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable screen, a basic terminal multiplexer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "screen", "enable"], "readOnly": false, "type": "boolean"}, "programs.screen.package": {"declarations": ["nixos/modules/programs/screen.nix"], "default": {"_type": "literalExpression", "text": "pkgs.screen"}, "description": "The screen package to use.", "loc": ["programs", "screen", "package"], "readOnly": false, "type": "package"}, "programs.screen.screenrc": {"declarations": ["nixos/modules/programs/screen.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The contents of {file}`/etc/screenrc` file", "example": {"_type": "literalExpression", "text": "''\n  defscrollback 10000\n  startup_message off\n''"}, "loc": ["programs", "screen", "screenrc"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.seahorse.enable": {"declarations": ["nixos/modules/programs/seahorse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "seahorse", "enable"], "readOnly": false, "type": "boolean"}, "programs.sedutil.enable": {"declarations": ["nixos/modules/programs/sedutil.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sedutil, to manage self encrypting drives that conform to the Trusted Computing Group OPAL 2.0 SSC specification.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sedutil", "enable"], "readOnly": false, "type": "boolean"}, "programs.sharing.enable": {"declarations": ["nixos/modules/programs/sharing.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sharing, a CLI tool for sharing files.\n\nNote that it will opens the 7478 port for TCP in the firewall, which is needed for it to function properly\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sharing", "enable"], "readOnly": false, "type": "boolean"}, "programs.singularity.enable": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install Singularity/Apptainer with system-level overriding such as SUID support.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "singularity", "enable"], "readOnly": false, "type": "boolean"}, "programs.singularity.enableExternalLocalStateDir": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use top-level directories as LOCALSTATEDIR\ninstead of the store path ones.\nThis affects the SESSIONDIR of Apptainer/Singularity.\nIf set to true, the SESSIONDIR will become\n`/var/lib/${projectName}/mnt/session`.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "singularity", "enableExternalLocalStateDir"], "readOnly": false, "type": "boolean"}, "programs.singularity.enableFakeroot": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `--fakeroot` support of Singularity/Apptainer.\n\nThis option is deprecated and has no effect.\n`--fakeroot` support is enabled automatically,\nas `systemBinPaths = [ \"/run/wrappers/bin\" ]` is always specified.\n", "loc": ["programs", "singularity", "enableFakeroot"], "readOnly": false, "type": "boolean"}, "programs.singularity.enableSuid": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "config.services.singularity.package.projectName != \"apptainer\""}, "description": "Whether to enable the SUID support of Singularity/Apptainer.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "singularity", "enableSuid"], "readOnly": false, "type": "boolean"}, "programs.singularity.package": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "pkgs.singularity"}, "description": "The singularity package to use.", "example": {"_type": "literalExpression", "text": "apptainer"}, "loc": ["programs", "singularity", "package"], "readOnly": false, "type": "package"}, "programs.singularity.packageOverriden": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option provides access to the overridden result of `programs.singularity.package`.\n\nFor example, the following configuration makes all the Nixpkgs packages use the overridden `singularity`:\n```Nix\n{ config, lib, pkgs, ... }:\n{\n  nixpkgs.overlays = [\n    (final: prev: {\n      _singularity-orig = prev.singularity;\n      singularity = config.programs.singularity.packageOverriden;\n    })\n  ];\n  programs.singularity.enable = true;\n  programs.singularity.package = pkgs._singularity-orig;\n}\n```\n\nUse `lib.mkForce` to forcefully specify the overridden package.\n", "loc": ["programs", "singularity", "packageOverriden"], "readOnly": false, "type": "null or package"}, "programs.singularity.systemBinPaths": {"declarations": ["nixos/modules/programs/singularity.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "(Extra) system-wide /**/bin paths\nfor Apptainer/Singularity to find command-line utilities in.\n\n`\"/run/wrappers/bin\"` is included by default to make\nutilities with SUID bit set available to Apptainer/Singularity.\nUse `lib.mkForce` to shadow the default values.\n", "loc": ["programs", "singularity", "systemBinPaths"], "readOnly": false, "type": "list of absolute path"}, "programs.skim.enable": {"declarations": ["nixos/modules/programs/skim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable skim fuzzy finder.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "skim", "enable"], "readOnly": false, "type": "boolean"}, "programs.skim.keybindings": {"declarations": ["nixos/modules/programs/skim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable skim keybindings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "skim", "keybindings"], "readOnly": false, "type": "boolean"}, "programs.skim.package": {"declarations": ["nixos/modules/programs/skim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.skim"}, "description": "The skim package to use.", "loc": ["programs", "skim", "package"], "readOnly": false, "type": "package"}, "programs.slock.enable": {"declarations": ["nixos/modules/programs/slock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install slock screen locker with setuid wrapper.\n", "loc": ["programs", "slock", "enable"], "readOnly": false, "type": "boolean"}, "programs.slock.package": {"declarations": ["nixos/modules/programs/slock.nix"], "default": {"_type": "literalExpression", "text": "pkgs.slock"}, "description": "The slock package to use.", "loc": ["programs", "slock", "package"], "readOnly": false, "type": "package"}, "programs.sniffnet.enable": {"declarations": ["nixos/modules/programs/sniffnet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sniffnet, a network traffic monitor application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sniffnet", "enable"], "readOnly": false, "type": "boolean"}, "programs.soundmodem.enable": {"declarations": ["nixos/modules/programs/soundmodem.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add Soundmodem to the global environment and configure a\nwrapper for 'soundmodemconfig' for users in the 'soundmodem' group.\n", "loc": ["programs", "soundmodem", "enable"], "readOnly": false, "type": "boolean"}, "programs.soundmodem.package": {"declarations": ["nixos/modules/programs/soundmodem.nix"], "default": {"_type": "literalExpression", "text": "pkgs.soundmodem"}, "description": "The soundmodem package to use.", "loc": ["programs", "soundmodem", "package"], "readOnly": false, "type": "package"}, "programs.ssh.agentPKCS11Whitelist": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A pattern-list of acceptable paths for PKCS#11 shared libraries\nthat may be used with the -s option to ssh-add.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.opensc}/lib/opensc-pkcs11.so\""}, "loc": ["programs", "ssh", "agentPKCS11Whitelist"], "readOnly": false, "type": "null or string"}, "programs.ssh.agentTimeout": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to keep the private keys in memory. Use null to keep them forever.\n", "example": {"_type": "literalExpression", "text": "\"1h\""}, "loc": ["programs", "ssh", "agentTimeout"], "readOnly": false, "type": "null or string"}, "programs.ssh.askPassword": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass\""}, "description": "Program used by SSH to ask for passwords.", "loc": ["programs", "ssh", "askPassword"], "readOnly": false, "type": "string"}, "programs.ssh.ciphers": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the ciphers allowed and their order of preference.\n", "example": {"_type": "literalExpression", "text": "[\n  \"chacha20-poly1305@openssh.com\"\n  \"aes256-gcm@openssh.com\"\n]"}, "loc": ["programs", "ssh", "ciphers"], "readOnly": false, "type": "null or (list of string)"}, "programs.ssh.enableAskPassword": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.enable"}, "description": "Whether to configure SSH_ASKPASS in the environment.", "loc": ["programs", "ssh", "enableAskPassword"], "readOnly": false, "type": "boolean"}, "programs.ssh.extraConfig": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration text prepended to {file}`ssh_config`. Other generated\noptions will be added after a `Host *` pattern.\nSee {manpage}`ssh_config(5)`\nfor help.\n", "loc": ["programs", "ssh", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.ssh.forwardX11": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to request X11 forwarding on outgoing connections by default.\nIf set to null, the option is not set at all.\nThis is useful for running graphical programs on the remote machine and have them display to your local X11 server.\nHistorically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.\nNote: there are some security risks to forwarding an X11 connection.\nNixOS's X server is built with the SECURITY extension, which prevents some obvious attacks.\nTo enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh.\nThe -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.\n", "loc": ["programs", "ssh", "forwardX11"], "readOnly": false, "type": "null or boolean"}, "programs.ssh.hostKeyAlgorithms": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies the host key algorithms that the client wants to use in order of preference.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ssh-ed25519\"\n  \"ssh-rsa\"\n]"}, "loc": ["programs", "ssh", "hostKeyAlgorithms"], "readOnly": false, "type": "list of string"}, "programs.ssh.kexAlgorithms": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the available KEX (Key Exchange) algorithms.\n", "example": {"_type": "literalExpression", "text": "[\n  \"curve25519-sha256@libssh.org\"\n  \"diffie-hellman-group-exchange-sha256\"\n]"}, "loc": ["programs", "ssh", "kexAlgorithms"], "readOnly": false, "type": "null or (list of string)"}, "programs.ssh.knownHosts": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The set of system-wide known SSH hosts. To make simple setups more\nconvenient the name of an attribute in this set is used as a host name\nfor the entry. This behaviour can be disabled by setting\n`hostNames` explicitly. You can use\n`extraHostNames` to add additional host names without\ndisabling this default.\n", "example": {"_type": "literalExpression", "text": "{\n  myhost = {\n    extraHostNames = [ \"myhost.mydomain.com\" \"10.10.1.4\" ];\n    publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;\n  };\n  \"myhost2.net\".publicKey = \"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK\";\n  \"myhost2.net/dsa\" = {\n    hostNames = [ \"myhost2.net\" ];\n    publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;\n  };\n}\n"}, "loc": ["programs", "ssh", "knownHosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.ssh.knownHosts.<name>.certAuthority": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This public key is an SSH certificate authority, rather than an\nindividual host's key.\n", "loc": ["programs", "ssh", "knownHosts", "<name>", "certAuthority"], "readOnly": false, "type": "boolean"}, "programs.ssh.knownHosts.<name>.extraHostNames": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of additional host names and/or IP numbers used for\naccessing the host's ssh service. This list is ignored if\n`hostNames` is set explicitly.\n", "loc": ["programs", "ssh", "knownHosts", "<name>", "extraHostNames"], "readOnly": false, "type": "list of string"}, "programs.ssh.knownHosts.<name>.hostNames": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ \u2039name\u203a ] ++ config.programs.ssh.knownHosts.<name>.extraHostNames"}, "description": "A list of host names and/or IP numbers used for accessing\nthe host's ssh service. This list includes the name of the\ncontaining `knownHosts` attribute by default\nfor convenience. If you wish to configure multiple host keys\nfor the same host use multiple `knownHosts`\nentries with different attribute names and the same\n`hostNames` list.\n", "loc": ["programs", "ssh", "knownHosts", "<name>", "hostNames"], "readOnly": false, "type": "list of string"}, "programs.ssh.knownHosts.<name>.publicKey": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public key data for the host. You can fetch a public key\nfrom a running SSH server with the {command}`ssh-keyscan`\ncommand. The public key should not include any host names, only\nthe key type and the key itself.\n", "example": {"_type": "literalExpression", "text": "\"ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==\""}, "loc": ["programs", "ssh", "knownHosts", "<name>", "publicKey"], "readOnly": false, "type": "null or string"}, "programs.ssh.knownHosts.<name>.publicKeyFile": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the public key file for the host. The public\nkey file is read at build time and saved in the Nix store.\nYou can fetch a public key file from a running SSH server\nwith the {command}`ssh-keyscan` command. The content\nof the file should follow the same format as described for\nthe `publicKey` option. Only a single key\nis supported. If a host has multiple keys, use\n{option}`programs.ssh.knownHostsFiles` instead.\n", "loc": ["programs", "ssh", "knownHosts", "<name>", "publicKeyFile"], "readOnly": false, "type": "null or absolute path"}, "programs.ssh.knownHostsFiles": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files containing SSH host keys to set as global known hosts.\n`/etc/ssh/ssh_known_hosts` (which is\ngenerated by {option}`programs.ssh.knownHosts`) is\nalways included.\n", "example": {"_type": "literalExpression", "text": "[\n  ./known_hosts\n  (writeText \"github.keys\" ''\n    github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\n    github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\n    github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\n  '')\n]\n"}, "loc": ["programs", "ssh", "knownHostsFiles"], "readOnly": false, "type": "list of absolute path"}, "programs.ssh.macs": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used\nfor data integrity protection.\n", "example": {"_type": "literalExpression", "text": "[\n  \"hmac-sha2-512-etm@openssh.com\"\n  \"hmac-sha1\"\n]"}, "loc": ["programs", "ssh", "macs"], "readOnly": false, "type": "null or (list of string)"}, "programs.ssh.package": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openssh"}, "description": "The openssh package to use.", "loc": ["programs", "ssh", "package"], "readOnly": false, "type": "package"}, "programs.ssh.pubkeyAcceptedKeyTypes": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies the key lib.types that will be used for public key authentication.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ssh-ed25519\"\n  \"ssh-rsa\"\n]"}, "loc": ["programs", "ssh", "pubkeyAcceptedKeyTypes"], "readOnly": false, "type": "list of string"}, "programs.ssh.setXAuthLocation": {"declarations": ["nixos/modules/programs/ssh.nix"], "description": "Whether to set the path to {command}`xauth` for X11-forwarded connections.\nThis causes a dependency on X11 packages.\n", "loc": ["programs", "ssh", "setXAuthLocation"], "readOnly": false, "type": "boolean"}, "programs.ssh.startAgent": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to start the OpenSSH agent when you log in.  The OpenSSH agent\nremembers private keys for you so that you don't have to type in\npassphrases every time you make an SSH connection.  Use\n{command}`ssh-add` to add a key to the agent.\n", "loc": ["programs", "ssh", "startAgent"], "readOnly": false, "type": "boolean"}, "programs.ssh.systemd-ssh-proxy.enable": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable systemd's ssh proxy plugin.\nSee {manpage}`systemd-ssh-proxy(1)`.\n", "loc": ["programs", "ssh", "systemd-ssh-proxy", "enable"], "readOnly": false, "type": "boolean"}, "programs.starship.enable": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Starship shell prompt.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "starship", "enable"], "readOnly": false, "type": "boolean"}, "programs.starship.interactiveOnly": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable starship only when the shell is interactive.\nSome plugins require this to be set to false to function correctly\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "starship", "interactiveOnly"], "readOnly": false, "type": "boolean"}, "programs.starship.package": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "pkgs.starship"}, "description": "The starship package to use.", "loc": ["programs", "starship", "package"], "readOnly": false, "type": "package"}, "programs.starship.presets": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Presets files to be merged with settings in order.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nerd-font-symbols\"\n]"}, "loc": ["programs", "starship", "presets"], "readOnly": false, "type": "list of string"}, "programs.starship.settings": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration included in {file}`starship.toml`.\n\nSee <https://starship.rs/config/#prompt> for documentation.\n", "loc": ["programs", "starship", "settings"], "readOnly": false, "type": "TOML value"}, "programs.starship.transientPrompt.enable": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Starship's [transient prompt](https://starship.rs/advanced-config/#transientprompt-and-transientrightprompt-in-fish)\nfeature in `fish` shells. After a command has been entered, Starship\nreplaces the usual prompt with the terminal output of the commands\ndefined in the `programs.starship.transientPrompt.left`\nand `programs.starship.transientPrompt.right` options.\n\nThis option only works with `fish`, as `bash` requires a\n[custom configuration](https://starship.rs/advanced-config/#transientprompt-and-transientrightprompt-in-bash)\ninvolving [Ble.sh](https://github.com/akinomyoga/ble.sh), which can be\nenabled with `programs.bash.blesh.enable`, but not configured using NixOS\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "starship", "transientPrompt", "enable"], "readOnly": false, "type": "boolean"}, "programs.starship.transientPrompt.left": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fish code composing the body of the `starship_transient_prompt_func` function. The output of\nthis code will become the left side of the transient prompt.\n\nNot setting this option (or setting it to `null`) will prevent\nthe `starship_transient_prompt_func` function from being generated. By default, the left\nprompt is a bold-green '\u276f' character.\n", "example": {"_type": "literalExpression", "text": "\"starship module character\""}, "loc": ["programs", "starship", "transientPrompt", "left"], "readOnly": false, "type": "null or Fish shell code concatenated with \"\\n\""}, "programs.starship.transientPrompt.right": {"declarations": ["nixos/modules/programs/starship.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fish code composing the body of the `starship_transient_rprompt_func` function. The output of\nthis code will become the right side of the transient prompt.\n\nNot setting this option (or setting it to `null`) will prevent\nthe `starship_transient_rprompt_func` function from being generated. By default, the right\nprompt is empty.\n", "example": {"_type": "literalExpression", "text": "\"starship module time\""}, "loc": ["programs", "starship", "transientPrompt", "right"], "readOnly": false, "type": "null or Fish shell code concatenated with \"\\n\""}, "programs.steam.dedicatedServer.openFirewall": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Source Dedicated Server.\n", "loc": ["programs", "steam", "dedicatedServer", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.steam.enable": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable steam.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "steam", "enable"], "readOnly": false, "type": "boolean"}, "programs.steam.extest.enable": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Load the extest library into Steam, to translate X11 input events to\nuinput events (e.g. for using Steam Input on Wayland)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "steam", "extest", "enable"], "readOnly": false, "type": "boolean"}, "programs.steam.extraCompatPackages": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to be used as compatibility tools for Steam on Linux. Packages will be included\nin the `STEAM_EXTRA_COMPAT_TOOLS_PATHS` environmental variable. For more information see\nhttps://github.com/ValveSoftware/steam-for-linux/issues/6310.\n\nThese packages must be Steam compatibility tools that have a `steamcompattool` output.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [\n  proton-ge-bin\n]\n"}, "loc": ["programs", "steam", "extraCompatPackages"], "readOnly": false, "type": "list of package"}, "programs.steam.extraPackages": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to the Steam environment.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [\n  gamescope\n]\n"}, "loc": ["programs", "steam", "extraPackages"], "readOnly": false, "type": "list of package"}, "programs.steam.fontPackages": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "builtins.filter lib.types.package.check config.fonts.packages"}, "description": "Font packages to use in Steam.\n\nDefaults to system fonts, but could be overridden to use other fonts \u2014 useful for users who would like to customize CJK fonts used in Steam. According to the [upstream issue](https://github.com/ValveSoftware/steam-for-linux/issues/10422#issuecomment-1944396010), Steam only follows the per-user fontconfig configuration.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ source-han-sans ]"}, "loc": ["programs", "steam", "fontPackages"], "readOnly": false, "type": "list of package"}, "programs.steam.gamescopeSession": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Run a GameScope driven Steam session from your display-manager", "loc": ["programs", "steam", "gamescopeSession"], "readOnly": false, "type": "submodule"}, "programs.steam.gamescopeSession.args": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Arguments to be passed to GameScope for the session.\n", "loc": ["programs", "steam", "gamescopeSession", "args"], "readOnly": false, "type": "list of string"}, "programs.steam.gamescopeSession.enable": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GameScope Session.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "steam", "gamescopeSession", "enable"], "readOnly": false, "type": "boolean"}, "programs.steam.gamescopeSession.env": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environmental variables to be passed to GameScope for the session.\n", "loc": ["programs", "steam", "gamescopeSession", "env"], "readOnly": false, "type": "attribute set of string"}, "programs.steam.gamescopeSession.steamArgs": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-tenfoot\"\n  \"-pipewire-dmabuf\"\n]"}, "description": "Arguments to be passed to Steam for the session.\n", "loc": ["programs", "steam", "gamescopeSession", "steamArgs"], "readOnly": false, "type": "list of string"}, "programs.steam.localNetworkGameTransfers.openFirewall": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Steam Local Network Game Transfers.\n", "loc": ["programs", "steam", "localNetworkGameTransfers", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.steam.package": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "pkgs.steam"}, "description": "The Steam package to use. Additional libraries are added from the system\nconfiguration to ensure graphics work properly.\n\nUse this option to customise the Steam package rather than adding your\ncustom Steam to {option}`environment.systemPackages` yourself.\n", "example": {"_type": "literalExpression", "text": "pkgs.steam.override {\n  extraEnv = {\n    MANGOHUD = true;\n    OBS_VKCAPTURE = true;\n    RADV_TEX_ANISO = 16;\n  };\n  extraLibraries = p: with p; [\n    atk\n  ];\n}\n"}, "loc": ["programs", "steam", "package"], "readOnly": false, "type": "package"}, "programs.steam.protontricks.enable": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable protontricks, a simple wrapper for running Winetricks commands for Proton-enabled games.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "steam", "protontricks", "enable"], "readOnly": false, "type": "boolean"}, "programs.steam.protontricks.package": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "pkgs.protontricks"}, "description": "The protontricks package to use.", "loc": ["programs", "steam", "protontricks", "package"], "readOnly": false, "type": "package"}, "programs.steam.remotePlay.openFirewall": {"declarations": ["nixos/modules/programs/steam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Steam Remote Play.\n", "loc": ["programs", "steam", "remotePlay", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.streamcontroller.enable": {"declarations": ["nixos/modules/programs/streamcontroller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable StreamController.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "streamcontroller", "enable"], "readOnly": false, "type": "boolean"}, "programs.streamcontroller.package": {"declarations": ["nixos/modules/programs/streamcontroller.nix"], "default": {"_type": "literalExpression", "text": "pkgs.streamcontroller"}, "description": "The StreamController package to use\n", "loc": ["programs", "streamcontroller", "package"], "readOnly": false, "type": "package"}, "programs.streamdeck-ui.autoStart": {"declarations": ["nixos/modules/programs/streamdeck-ui.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether streamdeck-ui should be started automatically.", "loc": ["programs", "streamdeck-ui", "autoStart"], "readOnly": false, "type": "boolean"}, "programs.streamdeck-ui.enable": {"declarations": ["nixos/modules/programs/streamdeck-ui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable streamdeck-ui.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "streamdeck-ui", "enable"], "readOnly": false, "type": "boolean"}, "programs.streamdeck-ui.package": {"declarations": ["nixos/modules/programs/streamdeck-ui.nix"], "default": {"_type": "literalExpression", "text": "pkgs.streamdeck-ui"}, "description": "The streamdeck-ui package to use.", "loc": ["programs", "streamdeck-ui", "package"], "readOnly": false, "type": "package"}, "programs.sway.enable": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sway, the i3-compatible tiling Wayland compositor. You can manually launch\nSway by executing \"exec sway\" on a TTY. Copy /etc/sway/config to\n~/.config/sway/config to modify the default configuration. See\n<https://github.com/swaywm/sway/wiki> and\n\"man 5 sway\" for more information.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sway", "enable"], "readOnly": false, "type": "boolean"}, "programs.sway.extraOptions": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command line arguments passed to launch Sway. Please DO NOT report\nissues if you use an unsupported GPU (proprietary drivers).\n", "example": {"_type": "literalExpression", "text": "[\n  \"--verbose\"\n  \"--debug\"\n  \"--unsupported-gpu\"\n]"}, "loc": ["programs", "sway", "extraOptions"], "readOnly": false, "type": "list of string"}, "programs.sway.extraPackages": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ brightnessctl foot grim pulseaudio swayidle swaylock wmenu ];\n"}, "description": "Extra packages to be installed system wide. See\n<https://github.com/swaywm/sway/wiki/Useful-add-ons-for-sway> and\n<https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives>\nfor a list of useful software.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ i3status i3status-rust termite rofi light ]\n"}, "loc": ["programs", "sway", "extraPackages"], "readOnly": false, "type": "list of package"}, "programs.sway.extraSessionCommands": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just before Sway is started. See\n<https://github.com/swaywm/sway/wiki/Running-programs-natively-under-wayland>\nand <https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md>\nfor some useful environment variables.\n", "example": {"_type": "literalExpression", "text": "''\n  # SDL:\n  export SDL_VIDEODRIVER=wayland\n  # QT (needs qt5.qtwayland in systemPackages):\n  export QT_QPA_PLATFORM=wayland-egl\n  export QT_WAYLAND_DISABLE_WINDOWDECORATION=\"1\"\n  # Fix for some Java AWT applications (e.g. Android Studio),\n  # use this if they aren't displayed properly:\n  export _JAVA_AWT_WM_NONREPARENTING=1\n''"}, "loc": ["programs", "sway", "extraSessionCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.sway.package": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sway"}, "description": "The sway package to use. If the package is not overridable with `extraSessionCommands`, `extraOptions`,\n`withBaseWrapper`, `withGtkWrapper`, `enableXWayland` and `isNixOS`,\nthen the module options {option}`wrapperFeatures`, {option}`extraSessionCommands`,\n{option}`extraOptions` and {option}`xwayland` will have no effect.\n\nSet to `null` to not add any Sway package to your path.\nThis should be done if you want to use the Home Manager Sway module to install Sway.\n", "loc": ["programs", "sway", "package"], "readOnly": false, "type": "null or package"}, "programs.sway.wrapperFeatures.base": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the base wrapper to execute extra session commands and prepend a\ndbus-run-session to the sway command.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sway", "wrapperFeatures", "base"], "readOnly": false, "type": "boolean"}, "programs.sway.wrapperFeatures.gtk": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the wrapGAppsHook wrapper to execute sway with required environment\nvariables for GTK applications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sway", "wrapperFeatures", "gtk"], "readOnly": false, "type": "boolean"}, "programs.sway.xwayland.enable": {"declarations": ["nixos/modules/programs/wayland/sway.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XWayland.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sway", "xwayland", "enable"], "readOnly": false, "type": "boolean"}, "programs.sysdig.enable": {"declarations": ["nixos/modules/programs/sysdig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sysdig, a tracing tool.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "sysdig", "enable"], "readOnly": false, "type": "boolean"}, "programs.system-config-printer.enable": {"declarations": ["nixos/modules/programs/system-config-printer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable system-config-printer, a Graphical user interface for CUPS administration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "system-config-printer", "enable"], "readOnly": false, "type": "boolean"}, "programs.systemtap.enable": {"declarations": ["nixos/modules/programs/systemtap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Install {command}`systemtap` along with necessary kernel options.\n", "loc": ["programs", "systemtap", "enable"], "readOnly": false, "type": "boolean"}, "programs.tcpdump.enable": {"declarations": ["nixos/modules/programs/tcpdump.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure a setcap wrapper for tcpdump.\nTo use it, add your user to the `pcap` group.\n", "loc": ["programs", "tcpdump", "enable"], "readOnly": false, "type": "boolean"}, "programs.television.enable": {"declarations": ["nixos/modules/programs/television.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Blazingly fast general purpose fuzzy finder TUI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "television", "enable"], "readOnly": false, "type": "boolean"}, "programs.television.enableBashIntegration": {"declarations": ["nixos/modules/programs/television.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bash integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "television", "enableBashIntegration"], "readOnly": false, "type": "boolean"}, "programs.television.enableFishIntegration": {"declarations": ["nixos/modules/programs/television.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Fish integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "television", "enableFishIntegration"], "readOnly": false, "type": "boolean"}, "programs.television.enableZshIntegration": {"declarations": ["nixos/modules/programs/television.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zsh integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "television", "enableZshIntegration"], "readOnly": false, "type": "boolean"}, "programs.television.package": {"declarations": ["nixos/modules/programs/television.nix"], "default": {"_type": "literalExpression", "text": "pkgs.television"}, "description": "The television package to use.", "loc": ["programs", "television", "package"], "readOnly": false, "type": "package"}, "programs.throne.enable": {"declarations": ["nixos/modules/programs/throne.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Throne, a GUI proxy configuration manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "throne", "enable"], "readOnly": false, "type": "boolean"}, "programs.throne.package": {"declarations": ["nixos/modules/programs/throne.nix"], "default": {"_type": "literalExpression", "text": "pkgs.throne"}, "description": "The throne package to use.", "loc": ["programs", "throne", "package"], "readOnly": false, "type": "package"}, "programs.throne.tunMode.enable": {"declarations": ["nixos/modules/programs/throne.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TUN mode of Throne.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "throne", "tunMode", "enable"], "readOnly": false, "type": "boolean"}, "programs.throne.tunMode.setuid": {"declarations": ["nixos/modules/programs/throne.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable setting suid bit for throne-core to run as root, which is less\nsecure than default setcap method but closer to upstream assumptions.\nEnable this if you find the default setcap method configured in\nthis module doesn't work for you\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "throne", "tunMode", "setuid"], "readOnly": false, "type": "boolean"}, "programs.thunar.enable": {"declarations": ["nixos/modules/programs/thunar.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Thunar, the Xfce file manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "thunar", "enable"], "readOnly": false, "type": "boolean"}, "programs.thunar.plugins": {"declarations": ["nixos/modules/programs/thunar.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of thunar plugins to install.", "example": {"_type": "literalExpression", "text": "with pkgs; [ thunar-archive-plugin thunar-volman ]"}, "loc": ["programs", "thunar", "plugins"], "readOnly": false, "type": "list of package"}, "programs.thunderbird.enable": {"declarations": ["nixos/modules/programs/thunderbird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Thunderbird mail client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "thunderbird", "enable"], "readOnly": false, "type": "boolean"}, "programs.thunderbird.package": {"declarations": ["nixos/modules/programs/thunderbird.nix"], "default": {"_type": "literalExpression", "text": "pkgs.thunderbird"}, "description": "The thunderbird package to use.", "loc": ["programs", "thunderbird", "package"], "readOnly": false, "type": "package"}, "programs.thunderbird.policies": {"declarations": ["nixos/modules/programs/thunderbird.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Group policies to install.\n\nSee [Thunderbird's documentation](https://github.com/thunderbird/policy-templates)\nfor a list of available options.\n\nThis can be used to install extensions declaratively! Check out the\ndocumentation of the `ExtensionSettings` policy for details.\n\n", "loc": ["programs", "thunderbird", "policies"], "readOnly": false, "type": "JSON value"}, "programs.thunderbird.preferences": {"declarations": ["nixos/modules/programs/thunderbird.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Preferences to set from `about:config`.\n\nSome of these might be able to be configured more ergonomically\nusing policies.\n", "loc": ["programs", "thunderbird", "preferences"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "programs.thunderbird.preferencesStatus": {"declarations": ["nixos/modules/programs/thunderbird.nix"], "default": {"_type": "literalExpression", "text": "\"locked\""}, "description": "The status of `thunderbird.preferences`.\n\n`status` can assume the following values:\n- `\"default\"`: Preferences appear as default.\n- `\"locked\"`: Preferences appear as default and can't be changed.\n- `\"user\"`: Preferences appear as changed.\n- `\"clear\"`: Value has no effect. Resets to factory defaults on each startup.\n", "loc": ["programs", "thunderbird", "preferencesStatus"], "readOnly": false, "type": "one of \"default\", \"locked\", \"user\", \"clear\""}, "programs.tmux.aggressiveResize": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Resize the window to the size of the smallest session for which it is the current window.\n", "loc": ["programs", "tmux", "aggressiveResize"], "readOnly": false, "type": "boolean"}, "programs.tmux.baseIndex": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Base index for windows and panes.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["programs", "tmux", "baseIndex"], "readOnly": false, "type": "signed integer"}, "programs.tmux.clock24": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use 24 hour clock.", "loc": ["programs", "tmux", "clock24"], "readOnly": false, "type": "boolean"}, "programs.tmux.customPaneNavigationAndResize": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.", "loc": ["programs", "tmux", "customPaneNavigationAndResize"], "readOnly": false, "type": "boolean"}, "programs.tmux.enable": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whenever to configure {command}`tmux` system-wide.", "loc": ["programs", "tmux", "enable"], "readOnly": false, "relatedPackages": "- [`pkgs.tmux`](\n    https://search.nixos.org/packages?show=tmux&sort=relevance&query=tmux\n  )\n", "type": "boolean"}, "programs.tmux.escapeTime": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "500"}, "description": "Time in milliseconds for which tmux waits after an escape is input.", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["programs", "tmux", "escapeTime"], "readOnly": false, "type": "signed integer"}, "programs.tmux.extraConfig": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional contents of /etc/tmux.conf, to be run after sourcing plugins.\n", "loc": ["programs", "tmux", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.tmux.extraConfigBeforePlugins": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional contents of /etc/tmux.conf, to be run before sourcing plugins.\n", "loc": ["programs", "tmux", "extraConfigBeforePlugins"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.tmux.historyLimit": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "2000"}, "description": "Maximum number of lines held in window history.", "example": {"_type": "literalExpression", "text": "5000"}, "loc": ["programs", "tmux", "historyLimit"], "readOnly": false, "type": "signed integer"}, "programs.tmux.keyMode": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "\"emacs\""}, "description": "VI or Emacs style shortcuts.", "example": {"_type": "literalExpression", "text": "\"vi\""}, "loc": ["programs", "tmux", "keyMode"], "readOnly": false, "type": "one of \"emacs\", \"vi\""}, "programs.tmux.newSession": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically spawn a session if trying to attach and none are running.", "loc": ["programs", "tmux", "newSession"], "readOnly": false, "type": "boolean"}, "programs.tmux.package": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tmux"}, "description": "The tmux package to use.", "loc": ["programs", "tmux", "package"], "readOnly": false, "type": "package"}, "programs.tmux.plugins": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of plugins to install.", "example": {"_type": "literalExpression", "text": "[ pkgs.tmuxPlugins.nord ]"}, "loc": ["programs", "tmux", "plugins"], "readOnly": false, "type": "list of package"}, "programs.tmux.resizeAmount": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of lines/columns when resizing.", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["programs", "tmux", "resizeAmount"], "readOnly": false, "type": "signed integer"}, "programs.tmux.reverseSplit": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reverse the window split shortcuts.", "loc": ["programs", "tmux", "reverseSplit"], "readOnly": false, "type": "boolean"}, "programs.tmux.secureSocket": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Store tmux socket under /run, which is more secure than /tmp, but as a\ndownside it doesn't survive user logout.\n", "loc": ["programs", "tmux", "secureSocket"], "readOnly": false, "type": "boolean"}, "programs.tmux.shortcut": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "\"b\""}, "description": "Ctrl following by this key is used as the main shortcut.", "example": {"_type": "literalExpression", "text": "\"a\""}, "loc": ["programs", "tmux", "shortcut"], "readOnly": false, "type": "string"}, "programs.tmux.terminal": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "\"screen\""}, "description": "Set the $TERM variable. Use tmux-direct if italics or 24bit true color\nsupport is needed.\n", "example": {"_type": "literalExpression", "text": "\"screen-256color\""}, "loc": ["programs", "tmux", "terminal"], "readOnly": false, "type": "string"}, "programs.tmux.withUtempter": {"declarations": ["nixos/modules/programs/tmux.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable libutempter for tmux.\nThis is required so that tmux can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).\nNote, this will add a guid wrapper for the group utmp!\n", "loc": ["programs", "tmux", "withUtempter"], "readOnly": false, "type": "boolean"}, "programs.traceroute.enable": {"declarations": ["nixos/modules/programs/traceroute.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure a setcap wrapper for traceroute.\n", "loc": ["programs", "traceroute", "enable"], "readOnly": false, "type": "boolean"}, "programs.trippy.enable": {"declarations": ["nixos/modules/programs/trippy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable trippy, a network diagnostic tool.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "trippy", "enable"], "readOnly": false, "type": "boolean"}, "programs.tsmClient.defaultServername": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If multiple server stanzas are declared with\n{option}`programs.tsmClient.servers`,\nthis option may be used to name a default\nserver stanza that IBM TSM uses in the absence of\na user-defined {file}`dsm.opt` file.\nThis option translates to a\n`defaultserver` configuration line.\n", "example": {"_type": "literalExpression", "text": "\"mainTsmServer\""}, "loc": ["programs", "tsmClient", "defaultServername"], "readOnly": false, "type": "null or string matching the pattern [^[:space:]]{1,64}"}, "programs.tsmClient.dsmSysText": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "description": "This configuration key contains the effective text\nof the client system-options file \"dsm.sys\".\nIt should not be changed, but may be\nused to feed the configuration into other\nTSM-depending packages used on the system.\n", "loc": ["programs", "tsmClient", "dsmSysText"], "readOnly": true, "type": "strings concatenated with \"\\n\""}, "programs.tsmClient.enable": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IBM Storage Protect (Tivoli Storage Manager, TSM)\nclient command line applications with a\nclient system-options file \"dsm.sys\"\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "tsmClient", "enable"], "readOnly": false, "type": "boolean"}, "programs.tsmClient.package": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tsm-client"}, "description": "The tsm-client package to use. It will be used with `.override`\nto add paths to the client system-options file.\n", "example": {"_type": "literalExpression", "text": "tsm-client-withGui"}, "loc": ["programs", "tsmClient", "package"], "readOnly": false, "type": "package"}, "programs.tsmClient.servers": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Server definitions (\"stanzas\")\nfor the client system-options file.\nThe name of each entry will be used for\nthe internal `servername` by default.\nEach attribute will be transformed into a line\nwith a key-value pair within the server's stanza.\nIntegers as values will be\ncanonically turned into strings.\nThe boolean value `true` will be turned\ninto a line with just the attribute's name.\nThe value `null` will not generate a line.\nA list as values generates an entry for\neach value, according to the rules above.\n", "example": {"_type": "literalExpression", "text": "{\n  mainTsmServer = {\n    compression = \"yes\";\n    nodename = \"MY-TSM-NODE\";\n    tcpserveraddress = \"tsmserver.company.com\";\n  };\n}"}, "loc": ["programs", "tsmClient", "servers"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (one of true, <null> or signed integer or absolute path or (optionally newline-terminated) single-line string or list of (one of true, <null> or signed integer or absolute path or (optionally newline-terminated) single-line string)))"}, "programs.tsmClient.servers.<name>.genPasswd": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic client password generation.\nThis option does *not* cause a line in\n{file}`dsm.sys` by itself, but generates a\ncorresponding `passwordaccess` directive.\nThe password will be stored in the directory\ngiven by the option {option}`passworddir`.\n*Caution*:\nIf this option is enabled and the server forces\nto renew the password (e.g. on first connection),\na random password will be generated and stored\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "tsmClient", "servers", "<name>", "genPasswd"], "readOnly": false, "type": "boolean"}, "programs.tsmClient.servers.<name>.inclexcl": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text lines with `include.*` and `exclude.*` directives\nto be used when sending files to the IBM TSM server,\nor an absolute path pointing to a file with such lines.\n", "example": {"_type": "literalExpression", "text": "''\n  exclude.dir     /nix/store\n  include.encrypt /home/.../*\n''"}, "loc": ["programs", "tsmClient", "servers", "<name>", "inclexcl"], "readOnly": false, "type": "(null or absolute path) or strings concatenated with \"\\n\" convertible to it"}, "programs.tsmClient.servers.<name>.nodename": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "description": "Target node name on the IBM TSM server.\n", "example": {"_type": "literalExpression", "text": "\"MY-TSM-NODE\""}, "loc": ["programs", "tsmClient", "servers", "<name>", "nodename"], "readOnly": false, "type": "non-empty string"}, "programs.tsmClient.servers.<name>.passworddir": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Directory that holds the TSM\nnode's password information.\n", "example": {"_type": "literalExpression", "text": "\"/home/alice/tsm-password\""}, "loc": ["programs", "tsmClient", "servers", "<name>", "passworddir"], "readOnly": false, "type": "null or absolute path"}, "programs.tsmClient.servers.<name>.servername": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Local name of the IBM TSM server,\nmust not contain space or more than 64 chars.\n", "example": {"_type": "literalExpression", "text": "\"mainTsmServer\""}, "loc": ["programs", "tsmClient", "servers", "<name>", "servername"], "readOnly": false, "type": "string matching the pattern [^[:space:]]{1,64}"}, "programs.tsmClient.servers.<name>.tcpport": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "default": {"_type": "literalExpression", "text": "1500"}, "description": "TCP port of the IBM TSM server.\nTSM does not support ports above 32767.\n", "loc": ["programs", "tsmClient", "servers", "<name>", "tcpport"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "programs.tsmClient.servers.<name>.tcpserveraddress": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "description": "Host/domain name or IP address of the IBM TSM server.\n", "example": {"_type": "literalExpression", "text": "\"tsmserver.company.com\""}, "loc": ["programs", "tsmClient", "servers", "<name>", "tcpserveraddress"], "readOnly": false, "type": "non-empty string"}, "programs.tsmClient.wrappedPackage": {"declarations": ["nixos/modules/programs/tsm-client.nix"], "description": "The tsm-client package to use. This option is to provide the effective derivation,\nwrapped with the path to the\nclient system-options file \"dsm.sys\".\nIt should not be changed, but exists\nfor other modules that want to call TSM executables.\n", "loc": ["programs", "tsmClient", "wrappedPackage"], "readOnly": true, "type": "package"}, "programs.turbovnc.ensureHeadlessSoftwareOpenGL": {"declarations": ["nixos/modules/programs/turbovnc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set up NixOS such that TurboVNC's built-in software OpenGL\nimplementation works.\n\nThis will enable {option}`hardware.graphics.enable` so that OpenGL\nprograms can find Mesa's llvmpipe drivers.\n\nSetting this option to `false` does not mean that software\nOpenGL won't work; it may still work depending on your system\nconfiguration.\n\nThis option is also intended to generate warnings if you are using some\nconfiguration that's incompatible with using headless software OpenGL\nin TurboVNC.\n", "loc": ["programs", "turbovnc", "ensureHeadlessSoftwareOpenGL"], "readOnly": false, "type": "boolean"}, "programs.tuxclocker.enable": {"declarations": ["nixos/modules/services/misc/tuxclocker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TuxClocker, a hardware control and monitoring program\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "tuxclocker", "enable"], "readOnly": false, "type": "boolean"}, "programs.tuxclocker.enabledNVIDIADevices": {"declarations": ["nixos/modules/services/misc/tuxclocker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enable NVIDIA GPU controls for a device by index.\nSets the `Coolbits` Xorg option to enable all TuxClocker controls.\n", "example": {"_type": "literalExpression", "text": "[\n  0\n  1\n]"}, "loc": ["programs", "tuxclocker", "enabledNVIDIADevices"], "readOnly": false, "type": "list of signed integer"}, "programs.tuxclocker.useUnfree": {"declarations": ["nixos/modules/services/misc/tuxclocker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use components requiring unfree dependencies.\nDisabling this allows you to get everything from the binary cache.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "tuxclocker", "useUnfree"], "readOnly": false, "type": "boolean"}, "programs.udevil.enable": {"declarations": ["nixos/modules/programs/udevil.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udevil, to mount filesystems without password.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "udevil", "enable"], "readOnly": false, "type": "boolean"}, "programs.usbtop.enable": {"declarations": ["nixos/modules/programs/usbtop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable usbtop and required kernel module, to show estimated USB bandwidth.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "usbtop", "enable"], "readOnly": false, "type": "boolean"}, "programs.uwsm.enable": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uwsm, which wraps standalone Wayland compositors with a set\nof Systemd units on the fly. This essentially\nbinds the wayland compositor into `graphical-session-pre.target`,\n`graphical-session.target`, `xdg-desktop-autostart.target`.\n\nThis is useful for Wayland compositors like Hyprland, Sway, Wayfire,\netc. that do not start these targets and services on their own.\n\n::: {.note}\nYou must configure `waylandCompositors` suboptions as well\nso that UWSM knows which compositors to manage.\n\nAdditionally, this by default uses `dbus-broker` as the dbus\nimplementation for better compatibility. If you dislike this behavior\nyou can set `services.dbus.implementation = lib.mkForce \"dbus\"`\nin your configuration.\n:::\n\nIf you are having trouble starting a service that depends on\n`graphical-session.target`, while using a WM, enabling this option\nmight help\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "uwsm", "enable"], "readOnly": false, "type": "boolean"}, "programs.uwsm.package": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.uwsm"}, "description": "The uwsm package to use.", "loc": ["programs", "uwsm", "package"], "readOnly": false, "type": "package"}, "programs.uwsm.waylandCompositors": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for UWSM-managed Wayland Compositors. This\ncreates a desktop entry file which will be used by Display\nManagers like GDM, to allow starting the UWSM managed session.\n", "example": {"_type": "literalExpression", "text": "hyprland = {\n  prettyName = \"Hyprland\";\n  comment = \"Hyprland compositor managed by UWSM\";\n  binPath = \"/run/current-system/sw/bin/Hyprland\";\n};\nsway = {\n  prettyName = \"Sway\";\n  comment = \"Sway compositor managed by UWSM\";\n  binPath = \"/run/current-system/sw/bin/sway\";\n};\n"}, "loc": ["programs", "uwsm", "waylandCompositors"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.uwsm.waylandCompositors.<name>.binPath": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "description": "The wayland-compositor binary path that will be called by UWSM.\n\nIt is recommended to use the `/run/current-system/sw/bin/` path\ninstead of `lib.getExe pkgs.<compositor>` to avoid version mismatch\nof the compositor used by UWSM and the one installed in the system.\n", "example": {"_type": "literalExpression", "text": "\"/run/current-system/sw/bin/ExampleCompositor\""}, "loc": ["programs", "uwsm", "waylandCompositors", "<name>", "binPath"], "readOnly": false, "type": "absolute path"}, "programs.uwsm.waylandCompositors.<name>.comment": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "default": {"_type": "literalExpression", "text": "\"An intelligent Wayland compositor managed by UWSM.\""}, "description": "The comment field of the desktop entry file.", "loc": ["programs", "uwsm", "waylandCompositors", "<name>", "comment"], "readOnly": false, "type": "string"}, "programs.uwsm.waylandCompositors.<name>.extraArgs": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments pass to to the compsitor.\n", "loc": ["programs", "uwsm", "waylandCompositors", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "programs.uwsm.waylandCompositors.<name>.prettyName": {"declarations": ["nixos/modules/programs/wayland/uwsm.nix"], "description": "The full name of the desktop entry file.", "example": {"_type": "literalExpression", "text": "\"ExampleWaylandCompositor\""}, "loc": ["programs", "uwsm", "waylandCompositors", "<name>", "prettyName"], "readOnly": false, "type": "string"}, "programs.vim.defaultEditor": {"declarations": ["nixos/modules/programs/vim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vim as the default editor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "vim", "defaultEditor"], "readOnly": false, "type": "boolean"}, "programs.vim.enable": {"declarations": ["nixos/modules/programs/vim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Vi IMproved, an advanced text editor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "vim", "enable"], "readOnly": false, "type": "boolean"}, "programs.vim.package": {"declarations": ["nixos/modules/programs/vim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vim"}, "description": "The vim package to use.", "example": {"_type": "literalExpression", "text": "pkgs.vim-full"}, "loc": ["programs", "vim", "package"], "readOnly": false, "type": "package"}, "programs.virt-manager.enable": {"declarations": ["nixos/modules/programs/virt-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable virt-manager, an UI for managing virtual machines in libvirt.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "virt-manager", "enable"], "readOnly": false, "type": "boolean"}, "programs.virt-manager.package": {"declarations": ["nixos/modules/programs/virt-manager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.virt-manager"}, "description": "The virt-manager package to use.", "loc": ["programs", "virt-manager", "package"], "readOnly": false, "type": "package"}, "programs.vivid.enable": {"declarations": ["nixos/modules/programs/vivid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure LS_COLORS with vivid.", "loc": ["programs", "vivid", "enable"], "readOnly": false, "type": "boolean"}, "programs.vivid.package": {"declarations": ["nixos/modules/programs/vivid.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vivid"}, "description": "The vivid package to use.", "example": {"_type": "literalExpression", "text": "vivid"}, "loc": ["programs", "vivid", "package"], "readOnly": false, "type": "package"}, "programs.vivid.theme": {"declarations": ["nixos/modules/programs/vivid.nix"], "default": {"_type": "literalExpression", "text": "\"gruvbox-dark-soft\""}, "description": "Theme to be used (see `vivid themes`)", "example": {"_type": "literalExpression", "text": "\"solarized-dark\""}, "loc": ["programs", "vivid", "theme"], "readOnly": false, "type": "string"}, "programs.vscode.defaultEditor": {"declarations": ["nixos/modules/programs/vscode.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, configures VSCode to be the default editor\nusing the EDITOR environment variable.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "vscode", "defaultEditor"], "readOnly": false, "type": "boolean"}, "programs.vscode.enable": {"declarations": ["nixos/modules/programs/vscode.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VSCode editor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "vscode", "enable"], "readOnly": false, "type": "boolean"}, "programs.vscode.extensions": {"declarations": ["nixos/modules/programs/vscode.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extensions to install.", "example": {"_type": "literalExpression", "text": "with pkgs.vscode-extensions; [\n  bbenoist.nix\n  golang.go\n  twxs.cmake\n]\n"}, "loc": ["programs", "vscode", "extensions"], "readOnly": false, "type": "list of package"}, "programs.vscode.package": {"declarations": ["nixos/modules/programs/vscode.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vscode"}, "description": "The vscode package to use. The final package will be customized with extensions from {option}`programs.vscode.extensions`", "loc": ["programs", "vscode", "package"], "readOnly": false, "type": "package"}, "programs.wavemon.enable": {"declarations": ["nixos/modules/programs/wavemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add wavemon to the global environment and configure a\nsetcap wrapper for it.\n", "loc": ["programs", "wavemon", "enable"], "readOnly": false, "type": "boolean"}, "programs.waybar.enable": {"declarations": ["nixos/modules/programs/wayland/waybar.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable waybar, a highly customizable Wayland bar for Sway and Wlroots based compositors.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "waybar", "enable"], "readOnly": false, "type": "boolean"}, "programs.waybar.package": {"declarations": ["nixos/modules/programs/wayland/waybar.nix"], "default": {"_type": "literalExpression", "text": "pkgs.waybar"}, "description": "The waybar package to use.", "loc": ["programs", "waybar", "package"], "readOnly": false, "type": "package"}, "programs.waybar.systemd.target": {"declarations": ["nixos/modules/programs/wayland/waybar.nix"], "default": {"_type": "literalExpression", "text": "\"graphical-session.target\""}, "description": "The systemd target that will automatically start the Waybar service.\n", "loc": ["programs", "waybar", "systemd", "target"], "readOnly": false, "type": "string"}, "programs.wayfire.enable": {"declarations": ["nixos/modules/programs/wayland/wayfire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wayfire, a wayland compositor based on wlroots.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "wayfire", "enable"], "readOnly": false, "type": "boolean"}, "programs.wayfire.package": {"declarations": ["nixos/modules/programs/wayland/wayfire.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wayfire"}, "description": "The wayfire package to use.", "loc": ["programs", "wayfire", "package"], "readOnly": false, "type": "package"}, "programs.wayfire.plugins": {"declarations": ["nixos/modules/programs/wayland/wayfire.nix"], "default": {"_type": "literalExpression", "text": "with pkgs.wayfirePlugins; [ wcm wf-shell ]"}, "description": "Additional plugins to use with the wayfire window manager.\n", "example": {"_type": "literalExpression", "text": "with pkgs.wayfirePlugins; [\n  wcm\n  wf-shell\n  wayfire-plugins-extra\n];\n"}, "loc": ["programs", "wayfire", "plugins"], "readOnly": false, "type": "list of package"}, "programs.wayfire.xwayland.enable": {"declarations": ["nixos/modules/programs/wayland/wayfire.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XWayland.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "wayfire", "xwayland", "enable"], "readOnly": false, "type": "boolean"}, "programs.wayland.miracle-wm.enable": {"declarations": ["nixos/modules/programs/wayland/miracle-wm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable miracle-wm, a tiling Mir based Wayland compositor. You can manually launch miracle-wm by\nexecuting \"exec miracle-wm\" on a TTY, or launch it from a display manager.\nConsult the USERGUIDE.md at <https://github.com/mattkae/miracle-wm> for information on\nhow to use & configure it\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "wayland", "miracle-wm", "enable"], "readOnly": false, "type": "boolean"}, "programs.wayvnc.enable": {"declarations": ["nixos/modules/programs/wayland/wayvnc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wayvnc, VNC server for wlroots based Wayland compositors.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "wayvnc", "enable"], "readOnly": false, "type": "boolean"}, "programs.wayvnc.package": {"declarations": ["nixos/modules/programs/wayland/wayvnc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wayvnc"}, "description": "The wayvnc package to use.", "loc": ["programs", "wayvnc", "package"], "readOnly": false, "type": "package"}, "programs.weylus.enable": {"declarations": ["nixos/modules/programs/weylus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable weylus, which turns your smart phone into a graphic tablet/touch screen for your computer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "weylus", "enable"], "readOnly": false, "type": "boolean"}, "programs.weylus.openFirewall": {"declarations": ["nixos/modules/programs/weylus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports needed for the functionality of the program.\n", "loc": ["programs", "weylus", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.weylus.package": {"declarations": ["nixos/modules/programs/weylus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.weylus"}, "description": "The weylus package to use.", "loc": ["programs", "weylus", "package"], "readOnly": false, "type": "package"}, "programs.weylus.users": {"declarations": ["nixos/modules/programs/weylus.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "To enable stylus and multi-touch support, the user you're going to use must be added to this list.\nThese users can synthesize input events system-wide, even when another user is logged in - untrusted users should not be added.\n", "loc": ["programs", "weylus", "users"], "readOnly": false, "type": "list of string"}, "programs.winbox.enable": {"declarations": ["nixos/modules/programs/winbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MikroTik Winbox.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "winbox", "enable"], "readOnly": false, "type": "boolean"}, "programs.winbox.openFirewall": {"declarations": ["nixos/modules/programs/winbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports for the MikroTik Neighbor Discovery protocol. Required for Winbox neighbor discovery.\n", "loc": ["programs", "winbox", "openFirewall"], "readOnly": false, "type": "boolean"}, "programs.winbox.package": {"declarations": ["nixos/modules/programs/winbox.nix"], "default": {"_type": "literalExpression", "text": "pkgs.winbox"}, "description": "The winbox package to use.", "loc": ["programs", "winbox", "package"], "readOnly": false, "type": "package"}, "programs.wireshark.dumpcap.enable": {"declarations": ["nixos/modules/programs/wireshark.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to allow users in the 'wireshark' group to capture network traffic. This\nconfigures a setcap wrapper for 'dumpcap' for users in the 'wireshark' group.\n", "loc": ["programs", "wireshark", "dumpcap", "enable"], "readOnly": false, "type": "boolean"}, "programs.wireshark.enable": {"declarations": ["nixos/modules/programs/wireshark.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add Wireshark to the global environment and create a 'wireshark'\ngroup. To configure what users can capture, set the `dumpcap.enable` and\n`usbmon.enable` options. By default, users in the 'wireshark' group are\nallowed to capture network traffic but not USB traffic.\n", "loc": ["programs", "wireshark", "enable"], "readOnly": false, "type": "boolean"}, "programs.wireshark.package": {"declarations": ["nixos/modules/programs/wireshark.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wireshark-cli"}, "description": "The wireshark-cli package to use.", "example": {"_type": "literalExpression", "text": "wireshark"}, "loc": ["programs", "wireshark", "package"], "readOnly": false, "type": "package"}, "programs.wireshark.usbmon.enable": {"declarations": ["nixos/modules/programs/wireshark.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow users in the 'wireshark' group to capture USB traffic. This adds\nudev rules to give users in the 'wireshark' group read permissions to all devices\nin the usbmon subsystem.\n", "loc": ["programs", "wireshark", "usbmon", "enable"], "readOnly": false, "type": "boolean"}, "programs.wshowkeys.enable": {"declarations": ["nixos/modules/programs/wshowkeys.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wshowkeys (displays keypresses on screen on supported Wayland\ncompositors). It requires root permissions to read input events, but\nthese permissions are dropped after startup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "wshowkeys", "enable"], "readOnly": false, "type": "boolean"}, "programs.wshowkeys.package": {"declarations": ["nixos/modules/programs/wshowkeys.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wshowkeys"}, "description": "The wshowkeys package to use.", "loc": ["programs", "wshowkeys", "package"], "readOnly": false, "type": "package"}, "programs.xastir.enable": {"declarations": ["nixos/modules/programs/xastir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xastir Graphical APRS client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "xastir", "enable"], "readOnly": false, "type": "boolean"}, "programs.xfconf.enable": {"declarations": ["nixos/modules/programs/xfconf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xfconf, the Xfce configuration storage system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "xfconf", "enable"], "readOnly": false, "type": "boolean"}, "programs.xfs_quota.projects": {"declarations": ["nixos/modules/programs/xfs_quota.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.", "example": {"_type": "literalExpression", "text": "{\n  projname = {\n    id = 50;\n    path = \"/xfsprojects/projname\";\n    sizeHardLimit = \"50g\";\n  };\n}"}, "loc": ["programs", "xfs_quota", "projects"], "readOnly": false, "type": "attribute set of (submodule)"}, "programs.xfs_quota.projects.<name>.fileSystem": {"declarations": ["nixos/modules/programs/xfs_quota.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "XFS filesystem hosting the xfs_quota project.", "loc": ["programs", "xfs_quota", "projects", "<name>", "fileSystem"], "readOnly": false, "type": "string"}, "programs.xfs_quota.projects.<name>.id": {"declarations": ["nixos/modules/programs/xfs_quota.nix"], "description": "Project ID.", "loc": ["programs", "xfs_quota", "projects", "<name>", "id"], "readOnly": false, "type": "signed integer"}, "programs.xfs_quota.projects.<name>.path": {"declarations": ["nixos/modules/programs/xfs_quota.nix"], "description": "Project directory.", "loc": ["programs", "xfs_quota", "projects", "<name>", "path"], "readOnly": false, "type": "string"}, "programs.xfs_quota.projects.<name>.sizeHardLimit": {"declarations": ["nixos/modules/programs/xfs_quota.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hard limit of the project size.", "example": {"_type": "literalExpression", "text": "\"50g\""}, "loc": ["programs", "xfs_quota", "projects", "<name>", "sizeHardLimit"], "readOnly": false, "type": "null or string"}, "programs.xfs_quota.projects.<name>.sizeSoftLimit": {"declarations": ["nixos/modules/programs/xfs_quota.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Soft limit of the project size", "example": {"_type": "literalExpression", "text": "\"30g\""}, "loc": ["programs", "xfs_quota", "projects", "<name>", "sizeSoftLimit"], "readOnly": false, "type": "null or string"}, "programs.xonsh.bashCompletion.enable": {"declarations": ["nixos/modules/programs/xonsh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable bash completions for xonsh.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "xonsh", "bashCompletion", "enable"], "readOnly": false, "type": "boolean"}, "programs.xonsh.bashCompletion.package": {"declarations": ["nixos/modules/programs/xonsh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bash-completion"}, "description": "The bash-completion package to use.", "loc": ["programs", "xonsh", "bashCompletion", "package"], "readOnly": false, "type": "package"}, "programs.xonsh.config": {"declarations": ["nixos/modules/programs/xonsh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra text added to the end of `/etc/xonsh/xonshrc`,\nthe system-wide control file for xonsh.\n", "loc": ["programs", "xonsh", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.xonsh.enable": {"declarations": ["nixos/modules/programs/xonsh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure xonsh as an interactive shell.\n", "loc": ["programs", "xonsh", "enable"], "readOnly": false, "type": "boolean"}, "programs.xonsh.extraPackages": {"declarations": ["nixos/modules/programs/xonsh.nix"], "default": {"_type": "literalExpression", "text": "ps: [ ]"}, "description": "Xontribs and extra Python packages to be available in xonsh.\n", "example": {"_type": "literalExpression", "text": "ps: with ps; [ numpy xonsh.xontribs.xontrib-vox ]\n"}, "loc": ["programs", "xonsh", "extraPackages"], "readOnly": false, "type": "(function that evaluates to a(n) list of package) or (list of package) convertible to it"}, "programs.xonsh.package": {"declarations": ["nixos/modules/programs/xonsh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xonsh"}, "description": "The xonsh package to use. The argument `extraPackages` of this package will be overridden by\nthe option `programs.xonsh.extraPackages`.\n", "loc": ["programs", "xonsh", "package"], "readOnly": false, "type": "package"}, "programs.xppen.enable": {"declarations": ["nixos/modules/programs/xppen.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable XPPen PenTablet application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "xppen", "enable"], "readOnly": false, "type": "boolean"}, "programs.xppen.package": {"declarations": ["nixos/modules/programs/xppen.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xppen_4"}, "description": "The xppen_4 package to use. Use xppen_4 for newer and xppen_3 for older tablets.\nTo check which version of the driver you need, go to\nhttps://www.xp-pen.com/download/ then select your tablet\nand look for the major version in the available files for Linux.\n", "example": {"_type": "literalExpression", "text": "pkgs.xppen_3"}, "loc": ["programs", "xppen", "package"], "readOnly": false, "type": "package"}, "programs.xss-lock.enable": {"declarations": ["nixos/modules/programs/xss-lock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xss-lock.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "xss-lock", "enable"], "readOnly": false, "type": "boolean"}, "programs.xss-lock.extraOptions": {"declarations": ["nixos/modules/programs/xss-lock.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments to pass to\n{command}`xss-lock`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--ignore-sleep\"\n]"}, "loc": ["programs", "xss-lock", "extraOptions"], "readOnly": false, "type": "list of string"}, "programs.xss-lock.lockerCommand": {"declarations": ["nixos/modules/programs/xss-lock.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.i3lock}/bin/i3lock\""}, "description": "Locker to be used with xsslock", "example": {"_type": "literalExpression", "text": "\"${pkgs.i3lock-fancy}/bin/i3lock-fancy\""}, "loc": ["programs", "xss-lock", "lockerCommand"], "readOnly": false, "type": "strings concatenated with \" \""}, "programs.xwayland.defaultFontPath": {"declarations": ["nixos/modules/programs/xwayland.nix"], "default": {"_type": "literalExpression", "text": "optionalString config.fonts.fontDir.enable \"/run/current-system/sw/share/X11/fonts\"\n"}, "description": "Default font path. Setting this option causes Xwayland to be rebuilt.\n", "loc": ["programs", "xwayland", "defaultFontPath"], "readOnly": false, "type": "string"}, "programs.xwayland.enable": {"declarations": ["nixos/modules/programs/xwayland.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xwayland (an X server for interfacing X11 apps with the Wayland protocol).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "xwayland", "enable"], "readOnly": false, "type": "boolean"}, "programs.xwayland.package": {"declarations": ["nixos/modules/programs/xwayland.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xwayland.override (oldArgs: {\n  inherit (config.programs.xwayland) defaultFontPath;\n})\n"}, "description": "The Xwayland package to use.", "loc": ["programs", "xwayland", "package"], "readOnly": false, "type": "absolute path"}, "programs.yazi.enable": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable yazi terminal file manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "yazi", "enable"], "readOnly": false, "type": "boolean"}, "programs.yazi.flavors": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Pre-made themes.\n\nSee <https://yazi-rs.github.io/docs/flavors/overview/> for documentation.\n", "example": {"_type": "literalExpression", "text": "{\n  foo = ./foo;\n  inherit (pkgs.yaziPlugins) bar;\n}\n"}, "loc": ["programs", "yazi", "flavors"], "readOnly": false, "type": "attribute set of (absolute path or package)"}, "programs.yazi.initLua": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The init.lua for Yazi itself.\n", "example": {"_type": "literalExpression", "text": "./init.lua"}, "loc": ["programs", "yazi", "initLua"], "readOnly": false, "type": "null or absolute path"}, "programs.yazi.package": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.yazi"}, "description": "The yazi package to use.", "loc": ["programs", "yazi", "package"], "readOnly": false, "type": "package"}, "programs.yazi.plugins": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Lua plugins.\n\nSee <https://yazi-rs.github.io/docs/plugins/overview/> for documentation.\n", "example": {"_type": "literalExpression", "text": "{\n  foo = ./foo;\n  inherit (pkgs.yaziPlugins) bar;\n}\n"}, "loc": ["programs", "yazi", "plugins"], "readOnly": false, "type": "attribute set of (absolute path or package)"}, "programs.yazi.settings": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration included in `$YAZI_CONFIG_HOME`.\n", "loc": ["programs", "yazi", "settings"], "readOnly": false, "type": "submodule"}, "programs.yazi.settings.keymap": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration included in `keymap.toml`.\n\nSee <https://yazi-rs.github.io/docs/configuration/keymap/> for documentation.\n", "loc": ["programs", "yazi", "settings", "keymap"], "readOnly": false, "type": "TOML value"}, "programs.yazi.settings.theme": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration included in `theme.toml`.\n\nSee <https://yazi-rs.github.io/docs/configuration/theme/> for documentation.\n", "loc": ["programs", "yazi", "settings", "theme"], "readOnly": false, "type": "TOML value"}, "programs.yazi.settings.vfs": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration included in `vfs.toml`.\n\nSee <https://yazi-rs.github.io/docs/configuration/vfs/> for documentation.\n", "loc": ["programs", "yazi", "settings", "vfs"], "readOnly": false, "type": "TOML value"}, "programs.yazi.settings.yazi": {"declarations": ["nixos/modules/programs/yazi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration included in `yazi.toml`.\n\nSee <https://yazi-rs.github.io/docs/configuration/yazi/> for documentation.\n", "loc": ["programs", "yazi", "settings", "yazi"], "readOnly": false, "type": "TOML value"}, "programs.ydotool.enable": {"declarations": ["nixos/modules/programs/ydotool.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ydotoold system service and {command}`ydotool` for members of\n{option}`programs.ydotool.group`.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "ydotool", "enable"], "readOnly": false, "type": "boolean"}, "programs.ydotool.group": {"declarations": ["nixos/modules/programs/ydotool.nix"], "default": {"_type": "literalExpression", "text": "\"ydotool\""}, "description": "Group which users must be in to use {command}`ydotool`.\n", "loc": ["programs", "ydotool", "group"], "readOnly": false, "type": "string"}, "programs.yubikey-manager.enable": {"declarations": ["nixos/modules/programs/yubikey-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable yubikey-manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "yubikey-manager", "enable"], "readOnly": false, "type": "boolean"}, "programs.yubikey-manager.package": {"declarations": ["nixos/modules/programs/yubikey-manager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.yubikey-manager"}, "description": "The yubikey-manager package to use.", "loc": ["programs", "yubikey-manager", "package"], "readOnly": false, "type": "package"}, "programs.yubikey-touch-detector.enable": {"declarations": ["nixos/modules/programs/yubikey-touch-detector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable yubikey-touch-detector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "yubikey-touch-detector", "enable"], "readOnly": false, "type": "boolean"}, "programs.yubikey-touch-detector.libnotify": {"declarations": ["nixos/modules/programs/yubikey-touch-detector.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to true, yubikey-touch-detctor will send notifications using libnotify\n", "loc": ["programs", "yubikey-touch-detector", "libnotify"], "readOnly": false, "type": "boolean"}, "programs.yubikey-touch-detector.unixSocket": {"declarations": ["nixos/modules/programs/yubikey-touch-detector.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to true, yubikey-touch-detector will send notifications to a unix socket\n", "loc": ["programs", "yubikey-touch-detector", "unixSocket"], "readOnly": false, "type": "boolean"}, "programs.yubikey-touch-detector.verbose": {"declarations": ["nixos/modules/programs/yubikey-touch-detector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables verbose logging\n", "loc": ["programs", "yubikey-touch-detector", "verbose"], "readOnly": false, "type": "boolean"}, "programs.zmap.enable": {"declarations": ["nixos/modules/programs/zmap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZMap, a network scanner designed for Internet-wide network surveys.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zmap", "enable"], "readOnly": false, "type": "boolean"}, "programs.zoom-us.enable": {"declarations": ["nixos/modules/programs/zoom-us.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zoom.us video conferencing application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zoom-us", "enable"], "readOnly": false, "type": "boolean"}, "programs.zoom-us.package": {"declarations": ["nixos/modules/programs/zoom-us.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zoom-us"}, "description": "The zoom-us package to use.", "loc": ["programs", "zoom-us", "package"], "readOnly": false, "type": "package"}, "programs.zoxide.enable": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zoxide, a smarter cd command that learns your habits.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zoxide", "enable"], "readOnly": false, "type": "boolean"}, "programs.zoxide.enableBashIntegration": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Bash integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zoxide", "enableBashIntegration"], "readOnly": false, "type": "boolean"}, "programs.zoxide.enableFishIntegration": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Fish integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zoxide", "enableFishIntegration"], "readOnly": false, "type": "boolean"}, "programs.zoxide.enableXonshIntegration": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Xonsh integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zoxide", "enableXonshIntegration"], "readOnly": false, "type": "boolean"}, "programs.zoxide.enableZshIntegration": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Zsh integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zoxide", "enableZshIntegration"], "readOnly": false, "type": "boolean"}, "programs.zoxide.flags": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of flags for zoxide init\n", "example": {"_type": "literalExpression", "text": "[\n  \"--no-cmd\"\n  \"--cmd j\"\n]"}, "loc": ["programs", "zoxide", "flags"], "readOnly": false, "type": "list of string"}, "programs.zoxide.package": {"declarations": ["nixos/modules/programs/zoxide.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zoxide"}, "description": "The zoxide package to use.", "loc": ["programs", "zoxide", "package"], "readOnly": false, "type": "package"}, "programs.zsh.autosuggestions.async": {"declarations": ["nixos/modules/programs/zsh/zsh-autosuggestions.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to fetch suggestions asynchronously", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["programs", "zsh", "autosuggestions", "async"], "readOnly": false, "type": "boolean"}, "programs.zsh.autosuggestions.enable": {"declarations": ["nixos/modules/programs/zsh/zsh-autosuggestions.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zsh-autosuggestions.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zsh", "autosuggestions", "enable"], "readOnly": false, "type": "boolean"}, "programs.zsh.autosuggestions.extraConfig": {"declarations": ["nixos/modules/programs/zsh/zsh-autosuggestions.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set with additional configuration values", "example": {"_type": "literalExpression", "text": "{\n  \"ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE\" = \"20\";\n}\n"}, "loc": ["programs", "zsh", "autosuggestions", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "programs.zsh.autosuggestions.highlightStyle": {"declarations": ["nixos/modules/programs/zsh/zsh-autosuggestions.nix"], "default": {"_type": "literalExpression", "text": "\"fg=8\""}, "description": "Highlight style for suggestions ({fore,back}ground color)", "example": {"_type": "literalExpression", "text": "\"fg=cyan\""}, "loc": ["programs", "zsh", "autosuggestions", "highlightStyle"], "readOnly": false, "type": "string"}, "programs.zsh.autosuggestions.strategy": {"declarations": ["nixos/modules/programs/zsh/zsh-autosuggestions.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"history\"\n]"}, "description": "`ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated.\nThe strategies in the array are tried successively until a suggestion is found.\nThere are currently three built-in strategies to choose from:\n\n- `history`: Chooses the most recent match from history.\n- `completion`: Chooses a suggestion based on what tab-completion would suggest. (requires `zpty` module)\n- `match_prev_cmd`: Like `history`, but chooses the most recent match whose preceding history item matches\n    the most recently executed command. Note that this strategy won't work as expected with ZSH options that\n    don't preserve the history order such as `HIST_IGNORE_ALL_DUPS` or `HIST_EXPIRE_DUPS_FIRST`.\n", "loc": ["programs", "zsh", "autosuggestions", "strategy"], "readOnly": false, "type": "list of (one of \"history\", \"completion\", \"match_prev_cmd\")"}, "programs.zsh.enable": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure zsh as an interactive shell. To enable zsh for\na particular user, use the {option}`users.users.<name?>.shell`\noption for that user. To enable zsh system-wide use the\n{option}`users.defaultUserShell` option.\n", "loc": ["programs", "zsh", "enable"], "readOnly": false, "type": "boolean"}, "programs.zsh.enableBashCompletion": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable compatibility with bash's programmable completion system.\n", "loc": ["programs", "zsh", "enableBashCompletion"], "readOnly": false, "type": "boolean"}, "programs.zsh.enableCompletion": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable zsh completion for all interactive zsh shells.\n", "loc": ["programs", "zsh", "enableCompletion"], "readOnly": false, "type": "boolean"}, "programs.zsh.enableGlobalCompInit": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "config.programs.zsh.enableCompletion"}, "description": "Enable execution of compinit call for all interactive zsh shells.\n\nThis option can be disabled if the user wants to extend its\n`fpath` and a custom `compinit`\ncall in the local config is required.\n", "loc": ["programs", "zsh", "enableGlobalCompInit"], "readOnly": false, "type": "boolean"}, "programs.zsh.enableLsColors": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable extra colors in directory listings (used by `ls` and `tree`).\n", "loc": ["programs", "zsh", "enableLsColors"], "readOnly": false, "type": "boolean"}, "programs.zsh.histFile": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME/.zsh_history\""}, "description": "Change history file.\n", "loc": ["programs", "zsh", "histFile"], "readOnly": false, "type": "string"}, "programs.zsh.histSize": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "2000"}, "description": "Change history size.\n", "loc": ["programs", "zsh", "histSize"], "readOnly": false, "type": "signed integer"}, "programs.zsh.interactiveShellInit": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during interactive zsh shell initialisation.\n", "loc": ["programs", "zsh", "interactiveShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.zsh.loginShellInit": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during zsh login shell initialisation.\n", "loc": ["programs", "zsh", "loginShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.zsh.ohMyZsh.cacheDir": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME/.cache/oh-my-zsh\""}, "description": "Cache directory to be used by `oh-my-zsh`.\nWithout this option it would default to the read-only nix store.\n", "loc": ["programs", "zsh", "ohMyZsh", "cacheDir"], "readOnly": false, "type": "string"}, "programs.zsh.ohMyZsh.custom": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a custom oh-my-zsh package to override config of oh-my-zsh.\n(Can't be used along with `customPkgs`).\n", "loc": ["programs", "zsh", "ohMyZsh", "custom"], "readOnly": false, "type": "null or string"}, "programs.zsh.ohMyZsh.customPkgs": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of custom packages that should be loaded into `oh-my-zsh`.\n", "loc": ["programs", "zsh", "ohMyZsh", "customPkgs"], "readOnly": false, "type": "list of package"}, "programs.zsh.ohMyZsh.enable": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable oh-my-zsh.\n", "loc": ["programs", "zsh", "ohMyZsh", "enable"], "readOnly": false, "type": "boolean"}, "programs.zsh.ohMyZsh.package": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oh-my-zsh"}, "description": "The oh-my-zsh package to use.", "loc": ["programs", "zsh", "ohMyZsh", "package"], "readOnly": false, "type": "package"}, "programs.zsh.ohMyZsh.plugins": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of oh-my-zsh plugins\n", "loc": ["programs", "zsh", "ohMyZsh", "plugins"], "readOnly": false, "type": "list of string"}, "programs.zsh.ohMyZsh.preLoaded": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed before the `oh-my-zsh` is loaded.\nFor example, to disable async git prompt write `zstyle ':omz:alpha:lib:git' async-prompt no` (more information <https://github.com/ohmyzsh/ohmyzsh?tab=readme-ov-file#async-git-prompt>)\n", "loc": ["programs", "zsh", "ohMyZsh", "preLoaded"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.zsh.ohMyZsh.theme": {"declarations": ["nixos/modules/programs/zsh/oh-my-zsh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name of the theme to be used by oh-my-zsh.\n", "loc": ["programs", "zsh", "ohMyZsh", "theme"], "readOnly": false, "type": "string"}, "programs.zsh.promptInit": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "''\n  # Note that to manually override this in ~/.zshrc you should run `prompt off`\n  # before setting your PS1 and etc. Otherwise this will likely to interact with\n  # your ~/.zshrc configuration in unexpected ways as the default prompt sets\n  # a lot of different prompt variables.\n  autoload -U promptinit && promptinit && prompt suse && setopt prompt_sp\n''"}, "description": "Shell script code used to initialise the zsh prompt.\n", "loc": ["programs", "zsh", "promptInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.zsh.setOptions": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"HIST_IGNORE_DUPS\"\n  \"SHARE_HISTORY\"\n  \"HIST_FCNTL_LOCK\"\n]"}, "description": "Configure zsh options. See\n{manpage}`zshoptions(1)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"EXTENDED_HISTORY\"\n  \"RM_STAR_WAIT\"\n]"}, "loc": ["programs", "zsh", "setOptions"], "readOnly": false, "type": "list of string"}, "programs.zsh.shellAliases": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of aliases for zsh shell, which overrides {option}`environment.shellAliases`.\nSee {option}`environment.shellAliases` for an option format description.\n", "loc": ["programs", "zsh", "shellAliases"], "readOnly": false, "type": "attribute set of (null or string or absolute path)"}, "programs.zsh.shellInit": {"declarations": ["nixos/modules/programs/zsh/zsh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell script code called during zsh shell initialisation.\n", "loc": ["programs", "zsh", "shellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "programs.zsh.syntaxHighlighting.enable": {"declarations": ["nixos/modules/programs/zsh/zsh-syntax-highlighting.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zsh-syntax-highlighting.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zsh", "syntaxHighlighting", "enable"], "readOnly": false, "type": "boolean"}, "programs.zsh.syntaxHighlighting.highlighters": {"declarations": ["nixos/modules/programs/zsh/zsh-syntax-highlighting.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"main\"\n]"}, "description": "Specifies the highlighters to be used by zsh-syntax-highlighting.\n\nThe following defined options can be found here:\nhttps://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md\n", "loc": ["programs", "zsh", "syntaxHighlighting", "highlighters"], "readOnly": false, "type": "list of (one of \"main\", \"brackets\", \"pattern\", \"cursor\", \"regexp\", \"root\", \"line\")"}, "programs.zsh.syntaxHighlighting.patterns": {"declarations": ["nixos/modules/programs/zsh/zsh-syntax-highlighting.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specifies custom patterns to be highlighted by zsh-syntax-highlighting.\n\nPlease refer to the docs for more information about the usage:\nhttps://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md\n", "example": {"_type": "literalExpression", "text": "{\n  \"rm -rf *\" = \"fg=white,bold,bg=red\";\n}\n"}, "loc": ["programs", "zsh", "syntaxHighlighting", "patterns"], "readOnly": false, "type": "attribute set of string"}, "programs.zsh.syntaxHighlighting.styles": {"declarations": ["nixos/modules/programs/zsh/zsh-syntax-highlighting.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specifies custom styles to be highlighted by zsh-syntax-highlighting.\n\nPlease refer to the docs for more information about the usage:\nhttps://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/main.md\n", "example": {"_type": "literalExpression", "text": "{\n  \"alias\" = \"fg=magenta,bold\";\n}\n"}, "loc": ["programs", "zsh", "syntaxHighlighting", "styles"], "readOnly": false, "type": "attribute set of string"}, "programs.zsh.vteIntegration": {"declarations": ["nixos/modules/config/vte.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zsh integration for VTE terminals.\nThis allows it to preserve the current directory of the shell\nacross terminals.\n", "loc": ["programs", "zsh", "vteIntegration"], "readOnly": false, "type": "boolean"}, "programs.zsh.zsh-autoenv.enable": {"declarations": ["nixos/modules/programs/zsh/zsh-autoenv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zsh-autoenv.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["programs", "zsh", "zsh-autoenv", "enable"], "readOnly": false, "type": "boolean"}, "programs.zsh.zsh-autoenv.package": {"declarations": ["nixos/modules/programs/zsh/zsh-autoenv.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zsh-autoenv"}, "description": "The zsh-autoenv package to use.", "loc": ["programs", "zsh", "zsh-autoenv", "package"], "readOnly": false, "type": "package"}, "qt.enable": {"declarations": ["nixos/modules/config/qt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Qt configuration, including theming.\n\nEnabling this option is necessary for Qt plugins to work in the\ninstalled profiles (e.g.: `nix-env -i` or `environment.systemPackages`).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["qt", "enable"], "readOnly": false, "type": "boolean"}, "qt.platformTheme": {"declarations": ["nixos/modules/config/qt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Selects the platform theme to use for Qt applications.\n\nThe options are\n- `gnome`: Use GNOME theme with [qgnomeplatform](https://github.com/FedoraQt/QGnomePlatform)\n- `gtk2`: Use GTK theme with [qtstyleplugins](https://github.com/qt/qtstyleplugins)\n- `kde`: Use Qt settings from Plasma.\n- `lxqt`: Use LXQt style set using the [lxqt-config-appearance](https://github.com/lxqt/lxqt-config)\n   application.\n- `qt5ct`: Use Qt style set using the [qt5ct](https://sourceforge.net/projects/qt5ct/)\n   and [qt6ct](https://github.com/trialuser02/qt6ct) applications.\n", "example": {"_type": "literalExpression", "text": "\"gnome\""}, "loc": ["qt", "platformTheme"], "readOnly": false, "relatedPackages": "- [`pkgs.qgnomeplatform`](\n    https://search.nixos.org/packages?show=qgnomeplatform&sort=relevance&query=qgnomeplatform\n  )\n- [`pkgs.qgnomeplatform-qt6`](\n    https://search.nixos.org/packages?show=qgnomeplatform-qt6&sort=relevance&query=qgnomeplatform-qt6\n  )\n- [`pkgs.libsForQt5.qt5ct`](\n    https://search.nixos.org/packages?show=libsForQt5.qt5ct&sort=relevance&query=libsForQt5.qt5ct\n  )\n- [`pkgs.libsForQt5.qtstyleplugins`](\n    https://search.nixos.org/packages?show=libsForQt5.qtstyleplugins&sort=relevance&query=libsForQt5.qtstyleplugins\n  )\n- [`pkgs.kdePackages.plasma-integration`](\n    https://search.nixos.org/packages?show=kdePackages.plasma-integration&sort=relevance&query=kdePackages.plasma-integration\n  )\n- [`pkgs.kdePackages.systemsettings`](\n    https://search.nixos.org/packages?show=kdePackages.systemsettings&sort=relevance&query=kdePackages.systemsettings\n  )\n- [`pkgs.lxqt.lxqt-config`](\n    https://search.nixos.org/packages?show=lxqt.lxqt-config&sort=relevance&query=lxqt.lxqt-config\n  )\n- [`pkgs.lxqt.lxqt-qtplugin`](\n    https://search.nixos.org/packages?show=lxqt.lxqt-qtplugin&sort=relevance&query=lxqt.lxqt-qtplugin\n  )\n- [`pkgs.qt6Packages.qt6ct`](\n    https://search.nixos.org/packages?show=qt6Packages.qt6ct&sort=relevance&query=qt6Packages.qt6ct\n  )\n- [`pkgs.qt6Packages.qt6gtk2`](\n    https://search.nixos.org/packages?show=qt6Packages.qt6gtk2&sort=relevance&query=qt6Packages.qt6gtk2\n  )\n", "type": "null or one of \"gnome\", \"gtk2\", \"kde\", \"lxqt\", \"qt5ct\""}, "qt.style": {"declarations": ["nixos/modules/config/qt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Selects the style to use for Qt applications.\n\nThe options are\n- `adwaita`, `adwaita-dark`, `adwaita-highcontrast`, `adawaita-highcontrastinverse`:\n  Use Adwaita Qt style with\n  [adwaita](https://github.com/FedoraQt/adwaita-qt)\n- `breeze`: Use the Breeze style from\n  [breeze](https://github.com/KDE/breeze)\n- `bb10bright`, `bb10dark`, `cleanlooks`, `gtk2`, `motif`, `plastique`:\n  Use styles from\n  [qtstyleplugins](https://github.com/qt/qtstyleplugins)\n- `kvantum`: Use styles from\n  [kvantum](https://github.com/tsujan/Kvantum)\n", "example": {"_type": "literalExpression", "text": "\"adwaita\""}, "loc": ["qt", "style"], "readOnly": false, "relatedPackages": "- [`pkgs.adwaita-qt`](\n    https://search.nixos.org/packages?show=adwaita-qt&sort=relevance&query=adwaita-qt\n  )\n- [`pkgs.adwaita-qt6`](\n    https://search.nixos.org/packages?show=adwaita-qt6&sort=relevance&query=adwaita-qt6\n  )\n- [`pkgs.libsForQt5.qtstyleplugin-kvantum`](\n    https://search.nixos.org/packages?show=libsForQt5.qtstyleplugin-kvantum&sort=relevance&query=libsForQt5.qtstyleplugin-kvantum\n  )\n- [`pkgs.libsForQt5.qtstyleplugins`](\n    https://search.nixos.org/packages?show=libsForQt5.qtstyleplugins&sort=relevance&query=libsForQt5.qtstyleplugins\n  )\n- [`pkgs.qt6Packages.qt6gtk2`](\n    https://search.nixos.org/packages?show=qt6Packages.qt6gtk2&sort=relevance&query=qt6Packages.qt6gtk2\n  )\n- [`pkgs.qt6Packages.qtstyleplugin-kvantum`](\n    https://search.nixos.org/packages?show=qt6Packages.qtstyleplugin-kvantum&sort=relevance&query=qt6Packages.qtstyleplugin-kvantum\n  )\n", "type": "null or one of \"adwaita\", \"adwaita-dark\", \"adwaita-highcontrast\", \"adwaita-highcontrastinverse\", \"bb10bright\", \"bb10dark\", \"breeze\", \"cde\", \"cleanlooks\", \"gtk2\", \"kvantum\", \"motif\", \"plastique\""}, "security.acme.acceptTerms": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Accept the CA's terms of service. The default provider is Let's Encrypt,\nyou can find their ToS at <https://letsencrypt.org/repository/>.\n", "loc": ["security", "acme", "acceptTerms"], "readOnly": false, "type": "boolean"}, "security.acme.certs": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of certificates to get signed and renewed. Creates\n`acme-${cert}.{service,timer}` systemd units for\neach certificate defined here. Other services can add dependencies\nto those units if they rely on the certificates being present,\nor trigger restarts of the service if certificates get renewed.\n", "example": {"_type": "literalExpression", "text": "{\n  \"example.com\" = {\n    webroot = \"/var/lib/acme/acme-challenge/\";\n    email = \"foo@example.com\";\n    extraDomainNames = [ \"www.example.com\" \"foo.example.com\" ];\n  };\n  \"bar.example.com\" = {\n    webroot = \"/var/lib/acme/acme-challenge/\";\n    email = \"bar@example.com\";\n  };\n}\n"}, "loc": ["security", "acme", "certs"], "readOnly": false, "type": "attribute set of (submodule)"}, "security.acme.certs.<name>.credentialFiles": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.credentialFiles"}, "description": "Environment variables suffixed by \"_FILE\" to set for the cert's service\nfor your selected dnsProvider.\nTo find out what values you need to set, consult the documentation at\n<https://go-acme.github.io/lego/dns/> for the corresponding dnsProvider.\nThis allows to securely pass credential files to lego by leveraging systemd\ncredentials.\n", "example": {"_type": "literalExpression", "text": "{\n  \"RFC2136_TSIG_SECRET_FILE\" = \"/run/secrets/tsig-secret-example.org\";\n}\n"}, "loc": ["security", "acme", "certs", "<name>", "credentialFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "security.acme.certs.<name>.csr": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a certificate signing request to apply when fetching the certificate.", "loc": ["security", "acme", "certs", "<name>", "csr"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.csrKey": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the private key to the matching certificate signing request.", "loc": ["security", "acme", "certs", "<name>", "csrKey"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.directory": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/\u2039name\u203a\""}, "description": "Directory where certificate and other state is stored.", "loc": ["security", "acme", "certs", "<name>", "directory"], "readOnly": true, "type": "string"}, "security.acme.certs.<name>.dnsPropagationCheck": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.dnsPropagationCheck"}, "description": "Toggles lego DNS propagation check, which is used alongside DNS-01\nchallenge to ensure the DNS entries required are available.\n", "loc": ["security", "acme", "certs", "<name>", "dnsPropagationCheck"], "readOnly": false, "type": "boolean"}, "security.acme.certs.<name>.dnsProvider": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.dnsProvider"}, "description": "DNS Challenge provider. For a list of supported providers, see the \"code\"\nfield of the DNS providers listed at <https://go-acme.github.io/lego/dns/>.\n", "example": {"_type": "literalExpression", "text": "\"route53\""}, "loc": ["security", "acme", "certs", "<name>", "dnsProvider"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.dnsResolver": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.dnsResolver"}, "description": "Set the resolver to use for performing recursive DNS queries. Supported:\nhost:port. The default is to use the system resolvers, or Google's DNS\nresolvers if the system's cannot be determined.\n", "example": {"_type": "literalExpression", "text": "\"1.1.1.1:53\""}, "loc": ["security", "acme", "certs", "<name>", "dnsResolver"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.domain": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Domain to fetch certificate for (defaults to the entry name).", "loc": ["security", "acme", "certs", "<name>", "domain"], "readOnly": false, "type": "string"}, "security.acme.certs.<name>.email": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.email"}, "description": "Email address for account creation and correspondence from the CA.\nIt is recommended to use the same email for all certs to avoid account\ncreation limits.\n", "loc": ["security", "acme", "certs", "<name>", "email"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.enableDebugLogs": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.enableDebugLogs"}, "description": "Whether to enable debug logging for this certificate.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "acme", "certs", "<name>", "enableDebugLogs"], "readOnly": false, "type": "boolean"}, "security.acme.certs.<name>.environmentFile": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.environmentFile"}, "description": "Path to an EnvironmentFile for the cert's service containing any required and\noptional environment variables for your selected dnsProvider.\nTo find out what values you need to set, consult the documentation at\n<https://go-acme.github.io/lego/dns/> for the corresponding dnsProvider.\n", "example": {"_type": "literalExpression", "text": "\"/var/src/secrets/example.org-route53-api-token\""}, "loc": ["security", "acme", "certs", "<name>", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "security.acme.certs.<name>.extraDomainNames": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra domain names, which are included in the one certificate to be issued.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example.org\"\n  \"mydomain.org\"\n]\n"}, "loc": ["security", "acme", "certs", "<name>", "extraDomainNames"], "readOnly": false, "type": "list of string"}, "security.acme.certs.<name>.extraLegoFlags": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.extraLegoFlags"}, "description": "Additional global flags to pass to all lego commands.\n", "loc": ["security", "acme", "certs", "<name>", "extraLegoFlags"], "readOnly": false, "type": "list of string"}, "security.acme.certs.<name>.extraLegoRenewFlags": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.extraLegoRenewFlags"}, "description": "Additional flags to pass to lego renew.\n", "loc": ["security", "acme", "certs", "<name>", "extraLegoRenewFlags"], "readOnly": false, "type": "list of string"}, "security.acme.certs.<name>.extraLegoRunFlags": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.extraLegoRunFlags"}, "description": "Additional flags to pass to lego run.\n", "loc": ["security", "acme", "certs", "<name>", "extraLegoRunFlags"], "readOnly": false, "type": "list of string"}, "security.acme.certs.<name>.group": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.group"}, "description": "Group running the ACME client.", "loc": ["security", "acme", "certs", "<name>", "group"], "readOnly": false, "type": "string"}, "security.acme.certs.<name>.inheritDefaults": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to inherit values set in `security.acme.defaults` or not.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "acme", "certs", "<name>", "inheritDefaults"], "readOnly": false, "type": "boolean"}, "security.acme.certs.<name>.keyType": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.keyType"}, "description": "Key type to use for private keys.\nFor an up to date list of supported values check the --key-type option\nat <https://go-acme.github.io/lego/usage/cli/options/>.\n", "loc": ["security", "acme", "certs", "<name>", "keyType"], "readOnly": false, "type": "string"}, "security.acme.certs.<name>.listenHTTP": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.listenHTTP"}, "description": "Interface and port to listen on to solve HTTP challenges\nin the form `[INTERFACE]:PORT`.\nIf you use a port other than 80, you must proxy port 80 to this port.\n", "example": {"_type": "literalExpression", "text": "\":1360\""}, "loc": ["security", "acme", "certs", "<name>", "listenHTTP"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.ocspMustStaple": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.ocspMustStaple"}, "description": "Turns on the OCSP Must-Staple TLS extension.\nMake sure you know what you're doing! See:\n\n- <https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/>\n- <https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html>\n", "loc": ["security", "acme", "certs", "<name>", "ocspMustStaple"], "readOnly": false, "type": "boolean"}, "security.acme.certs.<name>.postRun": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.postRun"}, "description": "Commands to run after new certificates go live. Note that\nthese commands run as the root user.\n\nExecuted in the same directory with the new certificate.\n", "example": {"_type": "literalExpression", "text": "\"cp full.pem backup.pem\""}, "loc": ["security", "acme", "certs", "<name>", "postRun"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.acme.certs.<name>.profile": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.profile"}, "description": "The certificate profile to choose if the CA offers multiple profiles.\n", "loc": ["security", "acme", "certs", "<name>", "profile"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.reloadServices": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.reloadServices"}, "description": "The list of systemd services to call `systemctl try-reload-or-restart`\non.\n", "loc": ["security", "acme", "certs", "<name>", "reloadServices"], "readOnly": false, "type": "list of string"}, "security.acme.certs.<name>.renewInterval": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.renewInterval"}, "description": "Systemd calendar expression when to check for renewal. See\n{manpage}`systemd.time(7)`.\n", "loc": ["security", "acme", "certs", "<name>", "renewInterval"], "readOnly": false, "type": "string"}, "security.acme.certs.<name>.s3Bucket": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "S3 bucket name to use for HTTP-01 based challenges. Challenges will be written to the S3 bucket.\n", "example": {"_type": "literalExpression", "text": "\"acme\""}, "loc": ["security", "acme", "certs", "<name>", "s3Bucket"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.server": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.server"}, "description": "ACME Directory Resource URI.\nDefaults to Let's Encrypt's production endpoint.\nFor testing Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)\nshould be used to avoid the rather tight rate limit on the production endpoint.\n", "example": {"_type": "literalExpression", "text": "\"https://acme-staging-v02.api.letsencrypt.org/directory\""}, "loc": ["security", "acme", "certs", "<name>", "server"], "readOnly": false, "type": "null or string"}, "security.acme.certs.<name>.validMinDays": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.validMinDays"}, "description": "Minimum remaining validity before renewal in days.", "loc": ["security", "acme", "certs", "<name>", "validMinDays"], "readOnly": false, "type": "signed integer"}, "security.acme.certs.<name>.webroot": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.webroot"}, "description": "Where the webroot of the HTTP vhost is located.\n{file}`.well-known/acme-challenge/` directory\nwill be created below the webroot if it doesn't exist.\n`http://example.org/.well-known/acme-challenge/` must also\nbe available (notice unencrypted HTTP).\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "loc": ["security", "acme", "certs", "<name>", "webroot"], "readOnly": false, "type": "null or string"}, "security.acme.defaults": {"declarations": ["nixos/modules/security/acme"], "description": "Default values inheritable by all configured certs. You can\nuse this to define options shared by all your certs. These defaults\ncan also be ignored on a per-cert basis using the\n{option}`security.acme.certs.${cert}.inheritDefaults` option.\n", "loc": ["security", "acme", "defaults"], "readOnly": false, "type": "submodule"}, "security.acme.defaults.credentialFiles": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables suffixed by \"_FILE\" to set for the cert's service\nfor your selected dnsProvider.\nTo find out what values you need to set, consult the documentation at\n<https://go-acme.github.io/lego/dns/> for the corresponding dnsProvider.\nThis allows to securely pass credential files to lego by leveraging systemd\ncredentials.\n", "example": {"_type": "literalExpression", "text": "{\n  \"RFC2136_TSIG_SECRET_FILE\" = \"/run/secrets/tsig-secret-example.org\";\n}\n"}, "loc": ["security", "acme", "defaults", "credentialFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "security.acme.defaults.dnsPropagationCheck": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Toggles lego DNS propagation check, which is used alongside DNS-01\nchallenge to ensure the DNS entries required are available.\n", "loc": ["security", "acme", "defaults", "dnsPropagationCheck"], "readOnly": false, "type": "boolean"}, "security.acme.defaults.dnsProvider": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DNS Challenge provider. For a list of supported providers, see the \"code\"\nfield of the DNS providers listed at <https://go-acme.github.io/lego/dns/>.\n", "example": {"_type": "literalExpression", "text": "\"route53\""}, "loc": ["security", "acme", "defaults", "dnsProvider"], "readOnly": false, "type": "null or string"}, "security.acme.defaults.dnsResolver": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the resolver to use for performing recursive DNS queries. Supported:\nhost:port. The default is to use the system resolvers, or Google's DNS\nresolvers if the system's cannot be determined.\n", "example": {"_type": "literalExpression", "text": "\"1.1.1.1:53\""}, "loc": ["security", "acme", "defaults", "dnsResolver"], "readOnly": false, "type": "null or string"}, "security.acme.defaults.email": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Email address for account creation and correspondence from the CA.\nIt is recommended to use the same email for all certs to avoid account\ncreation limits.\n", "loc": ["security", "acme", "defaults", "email"], "readOnly": false, "type": "null or string"}, "security.acme.defaults.enableDebugLogs": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable debug logging for this certificate.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "acme", "defaults", "enableDebugLogs"], "readOnly": false, "type": "boolean"}, "security.acme.defaults.environmentFile": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an EnvironmentFile for the cert's service containing any required and\noptional environment variables for your selected dnsProvider.\nTo find out what values you need to set, consult the documentation at\n<https://go-acme.github.io/lego/dns/> for the corresponding dnsProvider.\n", "example": {"_type": "literalExpression", "text": "\"/var/src/secrets/example.org-route53-api-token\""}, "loc": ["security", "acme", "defaults", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "security.acme.defaults.extraLegoFlags": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional global flags to pass to all lego commands.\n", "loc": ["security", "acme", "defaults", "extraLegoFlags"], "readOnly": false, "type": "list of string"}, "security.acme.defaults.extraLegoRenewFlags": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional flags to pass to lego renew.\n", "loc": ["security", "acme", "defaults", "extraLegoRenewFlags"], "readOnly": false, "type": "list of string"}, "security.acme.defaults.extraLegoRunFlags": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional flags to pass to lego run.\n", "loc": ["security", "acme", "defaults", "extraLegoRunFlags"], "readOnly": false, "type": "list of string"}, "security.acme.defaults.group": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"acme\""}, "description": "Group running the ACME client.", "loc": ["security", "acme", "defaults", "group"], "readOnly": false, "type": "string"}, "security.acme.defaults.keyType": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"ec256\""}, "description": "Key type to use for private keys.\nFor an up to date list of supported values check the --key-type option\nat <https://go-acme.github.io/lego/usage/cli/options/>.\n", "loc": ["security", "acme", "defaults", "keyType"], "readOnly": false, "type": "string"}, "security.acme.defaults.listenHTTP": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interface and port to listen on to solve HTTP challenges\nin the form `[INTERFACE]:PORT`.\nIf you use a port other than 80, you must proxy port 80 to this port.\n", "example": {"_type": "literalExpression", "text": "\":1360\""}, "loc": ["security", "acme", "defaults", "listenHTTP"], "readOnly": false, "type": "null or string"}, "security.acme.defaults.ocspMustStaple": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turns on the OCSP Must-Staple TLS extension.\nMake sure you know what you're doing! See:\n\n- <https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/>\n- <https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html>\n", "loc": ["security", "acme", "defaults", "ocspMustStaple"], "readOnly": false, "type": "boolean"}, "security.acme.defaults.postRun": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands to run after new certificates go live. Note that\nthese commands run as the root user.\n\nExecuted in the same directory with the new certificate.\n", "example": {"_type": "literalExpression", "text": "\"cp full.pem backup.pem\""}, "loc": ["security", "acme", "defaults", "postRun"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.acme.defaults.profile": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The certificate profile to choose if the CA offers multiple profiles.\n", "loc": ["security", "acme", "defaults", "profile"], "readOnly": false, "type": "null or string"}, "security.acme.defaults.reloadServices": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of systemd services to call `systemctl try-reload-or-restart`\non.\n", "loc": ["security", "acme", "defaults", "reloadServices"], "readOnly": false, "type": "list of string"}, "security.acme.defaults.renewInterval": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "Systemd calendar expression when to check for renewal. See\n{manpage}`systemd.time(7)`.\n", "loc": ["security", "acme", "defaults", "renewInterval"], "readOnly": false, "type": "string"}, "security.acme.defaults.server": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "\"https://acme-v02.api.letsencrypt.org/directory\""}, "description": "ACME Directory Resource URI.\nDefaults to Let's Encrypt's production endpoint.\nFor testing Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)\nshould be used to avoid the rather tight rate limit on the production endpoint.\n", "example": {"_type": "literalExpression", "text": "\"https://acme-staging-v02.api.letsencrypt.org/directory\""}, "loc": ["security", "acme", "defaults", "server"], "readOnly": false, "type": "null or string"}, "security.acme.defaults.validMinDays": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Minimum remaining validity before renewal in days.", "loc": ["security", "acme", "defaults", "validMinDays"], "readOnly": false, "type": "signed integer"}, "security.acme.defaults.webroot": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Where the webroot of the HTTP vhost is located.\n{file}`.well-known/acme-challenge/` directory\nwill be created below the webroot if it doesn't exist.\n`http://example.org/.well-known/acme-challenge/` must also\nbe available (notice unencrypted HTTP).\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "loc": ["security", "acme", "defaults", "webroot"], "readOnly": false, "type": "null or string"}, "security.acme.maxConcurrentRenewals": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Maximum number of concurrent certificate generation or renewal jobs. All other\njobs will queue and wait running jobs to finish. Reduces the system load of\ncertificate generation.\n\nSet to `0` to allow unlimited number of concurrent job runs.\"\n", "loc": ["security", "acme", "maxConcurrentRenewals"], "readOnly": false, "type": "signed integer"}, "security.acme.useRoot": {"declarations": ["nixos/modules/security/acme"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use the root user when generating certs. This is not recommended\nfor security + compatibility reasons. If a service requires root owned certificates\nconsider following the guide on \"Using ACME with services demanding root\nowned certificates\" in the NixOS manual, and only using this as a fallback\nor for testing.\n", "loc": ["security", "acme", "useRoot"], "readOnly": false, "type": "boolean"}, "security.agnos.enable": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable agnos.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "agnos", "enable"], "readOnly": false, "type": "boolean"}, "security.agnos.generateKeys.enable": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable automatic generation of account keys.\n\nWhen this is `true`, a key will be generated for each account where\nthe file referred to by the `private_key` path does not exist yet.\n\nCurrently, only RSA keys can be generated.\n", "loc": ["security", "agnos", "generateKeys", "enable"], "readOnly": false, "type": "boolean"}, "security.agnos.generateKeys.keySize": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "Key size in bits to use when generating new keys.\n", "loc": ["security", "agnos", "generateKeys", "keySize"], "readOnly": false, "type": "signed integer"}, "security.agnos.group": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "\"agnos\""}, "description": "Group to run Agnos as. The acquired certificates will be owned by this group.\n", "loc": ["security", "agnos", "group"], "readOnly": false, "type": "string"}, "security.agnos.persistent": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When `true`, use a persistent systemd timer.\n", "loc": ["security", "agnos", "persistent"], "readOnly": false, "type": "boolean"}, "security.agnos.server": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ACME Directory Resource URI. Defaults to Let's Encrypt's production endpoint,\n`https://acme-v02.api.letsencrypt.org/directory`, if unset.\n", "loc": ["security", "agnos", "server"], "readOnly": false, "type": "null or string"}, "security.agnos.serverCa": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The root certificate (in PEM format) of the ACME server's HTTPS interface.\n", "loc": ["security", "agnos", "serverCa"], "readOnly": false, "type": "null or absolute path"}, "security.agnos.settings": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Settings", "loc": ["security", "agnos", "settings"], "readOnly": false, "type": "open submodule of attribute set of (TOML value)"}, "security.agnos.settings.accounts": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "A list of ACME accounts.\nEach account is associated with an email address\nand can be used to obtain an arbitrary amount of certificate\n(subject to provider's rate limits,\nsee e.g. [Let's Encrypt Rate Limits](https://letsencrypt.org/docs/rate-limits/)).\n", "loc": ["security", "agnos", "settings", "accounts"], "readOnly": false, "type": "list of (open submodule of attribute set of (TOML value))"}, "security.agnos.settings.accounts.*.certificates": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Certificates for agnos to issue or renew.\n", "loc": ["security", "agnos", "settings", "accounts", "*", "certificates"], "readOnly": false, "type": "list of (open submodule of attribute set of (TOML value))"}, "security.agnos.settings.accounts.*.certificates.*.domains": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Domains the certificate represents\n", "example": {"_type": "literalExpression", "text": "[\"a.example.com\", \"b.example.com\", \"*b.example.com\"]"}, "loc": ["security", "agnos", "settings", "accounts", "*", "certificates", "*", "domains"], "readOnly": false, "type": "list of string"}, "security.agnos.settings.accounts.*.certificates.*.fullchain_output_file": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Output path for the full chain including the acquired certificate.\nIf a relative path is specified, the file will be created in `/var/lib/agnos`.\n", "loc": ["security", "agnos", "settings", "accounts", "*", "certificates", "*", "fullchain_output_file"], "readOnly": false, "type": "string"}, "security.agnos.settings.accounts.*.certificates.*.key_output_file": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Output path for the certificate private key.\nIf a relative path is specified, the file will be created in `/var/lib/agnos`.\n", "loc": ["security", "agnos", "settings", "accounts", "*", "certificates", "*", "key_output_file"], "readOnly": false, "type": "string"}, "security.agnos.settings.accounts.*.email": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Email associated with this account.\n", "loc": ["security", "agnos", "settings", "accounts", "*", "email"], "readOnly": false, "type": "string"}, "security.agnos.settings.accounts.*.private_key_path": {"declarations": ["nixos/modules/security/agnos.nix"], "description": "Path of the PEM-encoded private key for this account.\nCurrently, only RSA keys are supported.\n\nIf this path does not exist, then the behavior depends on `generateKeys.enable`.\nWhen this option is `true`,\nthe key will be automatically generated and saved to this path.\nWhen it is `false`, agnos will fail.\n\nIf a relative path is specified,\nthe key will be looked up (or generated and saved to) under `/var/lib/agnos`.\n", "loc": ["security", "agnos", "settings", "accounts", "*", "private_key_path"], "readOnly": false, "type": "string"}, "security.agnos.settings.dns_listen_addr": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:53\""}, "description": "Address for agnos to listen on.\nNote that this needs to be reachable by the outside world,\nand 53 is required in most situations\nsince `NS` records do not allow specifying the port.\n", "loc": ["security", "agnos", "settings", "dns_listen_addr"], "readOnly": false, "type": "string"}, "security.agnos.startAt": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "How often or when to run agnos.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"02:00\""}, "loc": ["security", "agnos", "startAt"], "readOnly": false, "type": "string or list of string"}, "security.agnos.temporarilyOpenFirewall": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When `true`, will open the port specified in `settings.dns_listen_addr`\nbefore running the agnos service, and close it when agnos finishes running.\n", "loc": ["security", "agnos", "temporarilyOpenFirewall"], "readOnly": false, "type": "boolean"}, "security.agnos.user": {"declarations": ["nixos/modules/security/agnos.nix"], "default": {"_type": "literalExpression", "text": "\"agnos\""}, "description": "User to run Agnos as. The acquired certificates will be owned by this user.\n", "loc": ["security", "agnos", "user"], "readOnly": false, "type": "string"}, "security.allowSimultaneousMultithreading": {"declarations": ["nixos/modules/security/misc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to allow SMT/hyperthreading.  Disabling SMT means that only\nphysical CPU cores will be usable at runtime, potentially at\nsignificant performance cost.\n\nThe primary motivation for disabling SMT is to mitigate the risk of\nleaking data between threads running on the same CPU core (due to\ne.g., shared caches).  This attack vector is unproven.\n\nDisabling SMT is a supplement to the L1 data cache flushing mitigation\n(see [](#opt-security.virtualisation.flushL1DataCache))\nversus malicious VM guests (SMT could \"bring back\" previously flushed\ndata).\n", "loc": ["security", "allowSimultaneousMultithreading"], "readOnly": false, "type": "boolean"}, "security.allowUserNamespaces": {"declarations": ["nixos/modules/security/misc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to allow creation of user namespaces.\n\nThe motivation for disabling user namespaces is the potential\npresence of code paths where the kernel's permission checking\nlogic fails to account for namespacing, instead permitting a\nnamespaced process to act outside the namespace with the same\nprivileges as it would have inside it.  This is particularly\ndamaging in the common case of running as root within the namespace.\n\nWhen user namespace creation is disallowed, attempting to create a\nuser namespace fails with \"no space left on device\" (ENOSPC).\nroot may re-enable user namespace creation at runtime.\n", "loc": ["security", "allowUserNamespaces"], "readOnly": false, "type": "boolean"}, "security.apparmor.enable": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the AppArmor Mandatory Access Control system.\n\nIf you're enabling this module on a running system,\nnote that a reboot will be required to activate AppArmor in the kernel.\n\nAlso, beware that enabling this module privileges stability over security\nby not trying to kill unconfined but newly confinable running processes by default,\nthough it would be needed because AppArmor can only confine new\nor already confined processes of an executable.\nThis killing would for instance be necessary when upgrading to a NixOS revision\nintroducing for the first time an AppArmor profile for the executable\nof a running process.\n\nEnable [](#opt-security.apparmor.killUnconfinedConfinables)\nif you want this service to do such killing\nby sending a `SIGTERM` to those running processes.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "apparmor", "enable"], "readOnly": false, "type": "boolean"}, "security.apparmor.enableCache": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable caching of AppArmor policies\nin `/var/cache/apparmor/`.\n\nBeware that AppArmor policies almost always contain Nix store paths,\nand thus produce at each change of these paths\na new cached version accumulating in the cache.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "apparmor", "enableCache"], "readOnly": false, "type": "boolean"}, "security.apparmor.includes": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List of paths to be added to AppArmor's searched paths\nwhen resolving `include` directives.\n", "loc": ["security", "apparmor", "includes"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "security.apparmor.killUnconfinedConfinables": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable killing of processes which have an AppArmor profile enabled\n(in [](#opt-security.apparmor.policies))\nbut are not confined (because AppArmor can only confine new processes).\n\nThis is only sending a gracious `SIGTERM` signal to the processes,\nnot a `SIGKILL`.\n\nBeware that due to a current limitation of AppArmor,\nonly profiles with exact paths (and no name) can enable such kills.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "apparmor", "killUnconfinedConfinables"], "readOnly": false, "type": "boolean"}, "security.apparmor.packages": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages to be added to AppArmor's include path", "loc": ["security", "apparmor", "packages"], "readOnly": false, "type": "list of package"}, "security.apparmor.policies": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "AppArmor policies.\n", "loc": ["security", "apparmor", "policies"], "readOnly": false, "type": "attribute set of (submodule)"}, "security.apparmor.policies.<name>.path": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A path of a profile file to include. Incompatible with profile.", "loc": ["security", "apparmor", "policies", "<name>", "path"], "readOnly": false, "type": "null or absolute path"}, "security.apparmor.policies.<name>.profile": {"declarations": ["nixos/modules/security/apparmor.nix"], "description": "The profile file contents. Incompatible with path.", "loc": ["security", "apparmor", "policies", "<name>", "profile"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.apparmor.policies.<name>.state": {"declarations": ["nixos/modules/security/apparmor.nix"], "default": {"_type": "literalExpression", "text": "\"enforce\""}, "description": "How strictly this policy should be enforced", "loc": ["security", "apparmor", "policies", "<name>", "state"], "readOnly": false, "type": "one of \"disable\", \"complain\", \"enforce\""}, "security.audit.backlogLimit": {"declarations": ["nixos/modules/security/audit.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "The maximum number of outstanding audit buffers allowed; exceeding this is\nconsidered a failure and handled in a manner specified by failureMode.\n", "loc": ["security", "audit", "backlogLimit"], "readOnly": false, "type": "signed integer"}, "security.audit.enable": {"declarations": ["nixos/modules/security/audit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Linux audit system. The special `lock` value can be used to\nenable auditing and prevent disabling it until a restart. Be careful about locking\nthis, as it will prevent you from changing your audit configuration until you\nrestart. If possible, test your configuration using build-vm beforehand.\n", "loc": ["security", "audit", "enable"], "readOnly": false, "type": "one of false, true, \"lock\""}, "security.audit.failureMode": {"declarations": ["nixos/modules/security/audit.nix"], "default": {"_type": "literalExpression", "text": "\"printk\""}, "description": "How to handle critical errors in the auditing system", "loc": ["security", "audit", "failureMode"], "readOnly": false, "type": "one of \"silent\", \"printk\", \"panic\""}, "security.audit.package": {"declarations": ["nixos/modules/security/audit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.audit"}, "description": "The audit package to use.", "loc": ["security", "audit", "package"], "readOnly": false, "type": "package"}, "security.audit.rateLimit": {"declarations": ["nixos/modules/security/audit.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The maximum messages per second permitted before triggering a failure as\nspecified by failureMode. Setting it to zero disables the limit.\n", "loc": ["security", "audit", "rateLimit"], "readOnly": false, "type": "signed integer"}, "security.audit.rules": {"declarations": ["nixos/modules/security/audit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The ordered audit rules, with each string appearing as one line of the audit.rules file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-a exit,always -F arch=b64 -S execve\"\n]"}, "loc": ["security", "audit", "rules"], "readOnly": false, "type": "list of string"}, "security.auditd.enable": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Linux Audit daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "auditd", "enable"], "readOnly": false, "type": "boolean"}, "security.auditd.package": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.audit"}, "description": "The auditd package to use.", "loc": ["security", "auditd", "package"], "readOnly": false, "type": "package"}, "security.auditd.plugins": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "{\n  af_unix = {\n    path = lib.getExe' config.security.auditd.package \"audisp-af_unix\";\n    args = [\n      \"0640\"\n      \"/var/run/audispd_events\"\n      \"string\"\n    ];\n    format = \"binary\";\n  };\n  remote = {\n    path = lib.getExe' config.security.auditd.package \"audisp-remote\";\n    settings = { };\n  };\n  filter = {\n    path = lib.getExe' config.security.auditd.package \"audisp-filter\";\n    args = [\n      \"allowlist\"\n      \"/etc/audit/audisp-filter.conf\"\n      (lib.getExe' config.security.auditd.package \"audisp-syslog\")\n      \"LOG_USER\"\n      \"LOG_INFO\"\n      \"interpret\"\n    ];\n    settings = { };\n  };\n  syslog = {\n    path = lib.getExe' config.security.auditd.package \"audisp-syslog\";\n    args = [ \"LOG_INFO\" ];\n  };\n}\n"}, "description": "Plugin definitions to register with auditd", "loc": ["security", "auditd", "plugins"], "readOnly": false, "type": "attribute set of (submodule)"}, "security.auditd.plugins.<name>.active": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether to enable this plugin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "auditd", "plugins", "<name>", "active"], "readOnly": false, "type": "boolean"}, "security.auditd.plugins.<name>.args": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This allows you to pass arguments to the child program.\nGenerally plugins do not take arguments and have their own\nconfig file that instructs them how they should be configured.\n", "loc": ["security", "auditd", "plugins", "<name>", "args"], "readOnly": false, "type": "null or (list of non-empty string)"}, "security.auditd.plugins.<name>.direction": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "\"out\""}, "description": "The option is dictated by the plugin. In or out are the only choices.\nYou cannot make a plugin operate in a way it wasn't  designed just by\nchanging this option. This option is to give a clue to the event dispatcher\nabout which direction events flow.\n\n::: {.note}\nInbound events are not supported yet.\n:::\n", "loc": ["security", "auditd", "plugins", "<name>", "direction"], "readOnly": false, "type": "one of \"in\", \"out\""}, "security.auditd.plugins.<name>.format": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "\"string\""}, "description": "Binary passes the data exactly as the audit event dispatcher gets it from\nthe audit daemon. The string option tells the dispatcher to completely change\nthe event into a string suitable for parsing with the audit parsing library.\n", "loc": ["security", "auditd", "plugins", "<name>", "format"], "readOnly": false, "type": "one of \"binary\", \"string\""}, "security.auditd.plugins.<name>.path": {"declarations": ["nixos/modules/security/auditd.nix"], "description": "This is the absolute path to the plugin executable.", "loc": ["security", "auditd", "plugins", "<name>", "path"], "readOnly": false, "type": "absolute path"}, "security.auditd.plugins.<name>.settings": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Plugin-specific config file to link to /etc/audit/<plugin>.conf", "loc": ["security", "auditd", "plugins", "<name>", "settings"], "readOnly": false, "type": "null or (open submodule of attribute set of (null or boolean or non-empty string or absolute path or signed integer))"}, "security.auditd.plugins.<name>.type": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "\"always\""}, "description": "This tells the dispatcher how the plugin wants to be run. There is only\none valid option, `always`, which means the plugin is external and should\nalways be run. The default is `always` since there are no more builtin plugins.\n", "loc": ["security", "auditd", "plugins", "<name>", "type"], "readOnly": true, "type": "value \"always\" (singular enum)"}, "security.auditd.settings": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "auditd configuration file contents. See {auditd.conf} for supported values.", "loc": ["security", "auditd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or non-empty string or absolute path or signed integer)"}, "security.auditd.settings.admin_space_left": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "50"}, "description": "This is a numeric value in mebibytes (MiB) that tells the audit daemon when to perform a configurable action because the system is running\nlow on disk space. This should be considered the last chance to do something before running out of disk space. The numeric value for\nthis parameter should be lower than the number for {option}`space_left`. You may also append a percent sign (e.g. 1%) to the number to have\nthe audit daemon calculate the number based on the disk partition size.\n", "loc": ["security", "auditd", "settings", "admin_space_left"], "readOnly": false, "type": "signed integer or string matching the pattern [0-9]+%"}, "security.auditd.settings.space_left": {"declarations": ["nixos/modules/security/auditd.nix"], "default": {"_type": "literalExpression", "text": "75"}, "description": "If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by\n{option}`space_left_action`. If the value of {option}`space_left` is specified as a whole number, it is interpreted as an absolute size in mebibytes\n(MiB). If the value is specified as a number between 1 and 99 followed by a percentage sign (e.g., 5%), the audit daemon calculates\nthe absolute size in megabytes based on the size of the filesystem containing {option}`log_file`. (E.g., if the filesystem containing\n{option}`log_file` is 2 gibibytes in size, and {option}`space_left` is set to 25%, then the audit daemon sets {option}`space_left` to approximately 500 mebibytes.\n\n::: {.note}\nThis calculation is performed when the audit daemon starts, so if you resize the filesystem containing {option}`log_file` while the\naudit daemon is running, you should send the audit daemon SIGHUP to re-read the configuration file and recalculate the correct per\u2010\ncentage.\n:::\n", "loc": ["security", "auditd", "settings", "space_left"], "readOnly": false, "type": "signed integer or string matching the pattern [0-9]+%"}, "security.chromiumSuidSandbox.enable": {"declarations": ["nixos/modules/security/chromium-suid-sandbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install the Chromium SUID sandbox which is an executable that\nChromium may use in order to achieve sandboxing.\n\nIf you get the error \"The SUID sandbox helper binary was found, but is not\nconfigured correctly.\", turning this on might help.\n\nAlso, if the URL chrome://sandbox tells you that \"You are not adequately\nsandboxed!\", turning this on might resolve the issue.\n", "loc": ["security", "chromiumSuidSandbox", "enable"], "readOnly": false, "type": "boolean"}, "security.dhparams.defaultBitSize": {"declarations": ["nixos/modules/security/dhparams.nix"], "default": {"_type": "literalExpression", "text": "2048"}, "description": "This allows to override the default bit size for all of the\nDiffie-Hellman parameters set in\n{option}`security.dhparams.params`.\n", "loc": ["security", "dhparams", "defaultBitSize"], "readOnly": false, "type": "integer of at least 16 bits"}, "security.dhparams.enable": {"declarations": ["nixos/modules/security/dhparams.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate new DH params and clean up old DH params.\n", "loc": ["security", "dhparams", "enable"], "readOnly": false, "type": "boolean"}, "security.dhparams.params": {"declarations": ["nixos/modules/security/dhparams.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Diffie-Hellman parameters to generate.\n\nThe value is the size (in bits) of the DH params to generate. The\ngenerated DH params path can be found in\n`config.security.dhparams.params.\u00abname\u00bb.path`.\n\n::: {.note}\nThe name of the DH params is taken as being the name of\nthe service it serves and the params will be generated before the\nsaid service is started.\n:::\n\n::: {.warning}\nIf you are removing all dhparams from this list, you\nhave to leave {option}`security.dhparams.enable` for at\nleast one activation in order to have them be cleaned up. This also\nmeans if you rollback to a version without any dhparams the\nexisting ones won't be cleaned up. Of course this only applies if\n{option}`security.dhparams.stateful` is\n`true`.\n:::\n\n::: {.note}\n**For module implementers:** It's recommended\nto not set a specific bit size here, so that users can easily\noverride this by setting\n{option}`security.dhparams.defaultBitSize`.\n:::\n", "example": {"_type": "literalExpression", "text": "{ nginx.bits = 3072; }"}, "loc": ["security", "dhparams", "params"], "readOnly": false, "type": "attribute set of ((submodule) or signed integer convertible to it)"}, "security.dhparams.params.<name>.bits": {"declarations": ["nixos/modules/security/dhparams.nix"], "default": {"_type": "literalExpression", "text": "config.security.dhparams.defaultBitSize"}, "description": "The bit size for the prime that is used during a Diffie-Hellman\nkey exchange.\n", "loc": ["security", "dhparams", "params", "<name>", "bits"], "readOnly": false, "type": "integer of at least 16 bits"}, "security.dhparams.params.<name>.path": {"declarations": ["nixos/modules/security/dhparams.nix"], "description": "The resulting path of the generated Diffie-Hellman parameters\nfile for other services to reference. This could be either a\nstore path or a file inside the directory specified by\n{option}`security.dhparams.path`.\n", "loc": ["security", "dhparams", "params", "<name>", "path"], "readOnly": true, "type": "absolute path"}, "security.dhparams.path": {"declarations": ["nixos/modules/security/dhparams.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dhparams\""}, "description": "Path to the directory in which Diffie-Hellman parameters will be\nstored. This only is relevant if\n{option}`security.dhparams.stateful` is\n`true`.\n", "loc": ["security", "dhparams", "path"], "readOnly": false, "type": "string"}, "security.dhparams.stateful": {"declarations": ["nixos/modules/security/dhparams.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether generation of Diffie-Hellman parameters should be stateful or\nnot. If this is enabled, PEM-encoded files for Diffie-Hellman\nparameters are placed in the directory specified by\n{option}`security.dhparams.path`. Otherwise the files are\ncreated within the Nix store.\n\n::: {.note}\nIf this is `false` the resulting store\npath will be non-deterministic and will be rebuilt every time the\n`openssl` package changes.\n:::\n", "loc": ["security", "dhparams", "stateful"], "readOnly": false, "type": "boolean"}, "security.doas.enable": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the {command}`doas` command, which allows\nnon-root users to execute commands as root.\n", "loc": ["security", "doas", "enable"], "readOnly": false, "type": "boolean"}, "security.doas.extraConfig": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration text appended to {file}`doas.conf`. Be aware that\nthis option cannot be used to override the behaviour allowing\npasswordless operation for root.\n", "loc": ["security", "doas", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.doas.extraRules": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Define specific rules to be set in the\n{file}`/etc/doas.conf` file. More specific rules should\ncome after more general ones in order to yield the expected behavior.\nYou can use `mkBefore` and/or `mkAfter` to ensure\nthis is the case when configuration options are merged. Be aware that\nthis option cannot be used to override the behaviour allowing\npasswordless operation for root.\n", "example": {"_type": "literalExpression", "text": "[\n  # Allow execution of any command by any user in group doas, requiring\n  # a password and keeping any previously-defined environment variables.\n  { groups = [ \"doas\" ]; noPass = false; keepEnv = true; }\n\n  # Allow execution of \"/home/root/secret.sh\" by user `backup` OR user\n  # `database` OR any member of the group with GID `1006`, without a\n  # password.\n  { users = [ \"backup\" \"database\" ]; groups = [ 1006 ];\n    cmd = \"/home/root/secret.sh\"; noPass = true; }\n\n  # Allow any member of group `bar` to run `/home/baz/cmd1.sh` as user\n  # `foo` with argument `hello-doas`.\n  { groups = [ \"bar\" ]; runAs = \"foo\";\n    cmd = \"/home/baz/cmd1.sh\"; args = [ \"hello-doas\" ]; }\n\n  # Allow any member of group `bar` to run `/home/baz/cmd2.sh` as user\n  # `foo` with no arguments.\n  { groups = [ \"bar\" ]; runAs = \"foo\";\n    cmd = \"/home/baz/cmd2.sh\"; args = [ ]; }\n\n  # Allow user `abusers` to execute \"nano\" and unset the value of\n  # SSH_AUTH_SOCK, override the value of ALPHA to 1, and inherit the\n  # value of BETA from the current environment.\n  { users = [ \"abusers\" ]; cmd = \"nano\";\n    setEnv = [ \"-SSH_AUTH_SOCK\" \"ALPHA=1\" \"BETA\" ]; }\n]\n"}, "loc": ["security", "doas", "extraRules"], "readOnly": false, "type": "list of (submodule)"}, "security.doas.extraRules.*.args": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Arguments that must be provided to the command. When set to\n`[]`, the command must be run without any arguments.\n", "loc": ["security", "doas", "extraRules", "*", "args"], "readOnly": false, "type": "null or (list of string)"}, "security.doas.extraRules.*.cmd": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The command the user is allowed to run. When set to\n`null` (the default), all commands are allowed.\n\nNOTE: It is best practice to specify absolute paths. If a\nrelative path is specified, only a restricted PATH will be\nsearched.\n", "loc": ["security", "doas", "extraRules", "*", "cmd"], "readOnly": false, "type": "null or string"}, "security.doas.extraRules.*.groups": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The groups / GIDs this rule should apply for.", "loc": ["security", "doas", "extraRules", "*", "groups"], "readOnly": false, "type": "list of (string or signed integer)"}, "security.doas.extraRules.*.keepEnv": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If `true`, environment variables other than those\nlisted in\n{manpage}`doas(1)`\nare kept when creating the environment for the new process.\n", "loc": ["security", "doas", "extraRules", "*", "keepEnv"], "readOnly": false, "type": "boolean"}, "security.doas.extraRules.*.noLog": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If `true`, successful executions will not be logged\nto\n{manpage}`syslogd(8)`.\n", "loc": ["security", "doas", "extraRules", "*", "noLog"], "readOnly": false, "type": "boolean"}, "security.doas.extraRules.*.noPass": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If `true`, the user is not required to enter a\npassword.\n", "loc": ["security", "doas", "extraRules", "*", "noPass"], "readOnly": false, "type": "boolean"}, "security.doas.extraRules.*.persist": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If `true`, do not ask for a password again for some\ntime after the user successfully authenticates.\n", "loc": ["security", "doas", "extraRules", "*", "persist"], "readOnly": false, "type": "boolean"}, "security.doas.extraRules.*.runAs": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Which user or group the specified command is allowed to run as.\nWhen set to `null` (the default), all users are\nallowed.\n\nA user can be specified using just the username:\n`\"foo\"`. It is also possible to only allow running as\na specific group with `\":bar\"`.\n", "loc": ["security", "doas", "extraRules", "*", "runAs"], "readOnly": false, "type": "null or string"}, "security.doas.extraRules.*.setEnv": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep or set the specified variables. Variables may also be\nremoved with a leading '-' or set using\n`variable=value`. If the first character of\n`value` is a '$', the value to be set is taken from\nthe existing environment variable of the indicated name. This\noption is processed after the default environment has been\ncreated.\n\nNOTE: All rules have `setenv { SSH_AUTH_SOCK }` by\ndefault. To prevent `SSH_AUTH_SOCK` from being\ninherited, add `\"-SSH_AUTH_SOCK\"` anywhere in this\nlist.\n", "loc": ["security", "doas", "extraRules", "*", "setEnv"], "readOnly": false, "type": "list of string"}, "security.doas.extraRules.*.users": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The usernames / UIDs this rule should apply for.", "loc": ["security", "doas", "extraRules", "*", "users"], "readOnly": false, "type": "list of (string or signed integer)"}, "security.doas.package": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "pkgs.doas"}, "description": "The doas package to use.", "loc": ["security", "doas", "package"], "readOnly": false, "type": "package"}, "security.doas.wheelNeedsPassword": {"declarations": ["nixos/modules/security/doas.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether users of the `wheel` group must provide a password to\nrun commands as super user via {command}`doas`.\n", "loc": ["security", "doas", "wheelNeedsPassword"], "readOnly": false, "type": "boolean"}, "security.duosec.acceptEnvFactor": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Look for factor selection or passcode in the\n`$DUO_PASSCODE` environment variable before\nprompting the user for input.\n\nWhen $DUO_PASSCODE is non-empty, it will override\nautopush. The SSH client will need SendEnv DUO_PASSCODE in\nits configuration, and the SSH server will similarly need\nAcceptEnv DUO_PASSCODE.\n", "loc": ["security", "duosec", "acceptEnvFactor"], "readOnly": false, "type": "boolean"}, "security.duosec.allowTcpForwarding": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default, when SSH forwarding, enabling Duo Security will\ndisable TCP forwarding. By enabling this, you potentially\nundermine some of the SSH based login security. Note this is\nnot needed if you use PAM.\n", "loc": ["security", "duosec", "allowTcpForwarding"], "readOnly": false, "type": "boolean"}, "security.duosec.autopush": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If `true`, Duo Unix will automatically send\na push login request to the user\u2019s phone, falling back on a\nphone call if push is unavailable. If\n`false`, the user will be prompted to\nchoose an authentication method. When configured with\n`autopush = yes`, we recommend setting\n`prompts = 1`.\n", "loc": ["security", "duosec", "autopush"], "readOnly": false, "type": "boolean"}, "security.duosec.failmode": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "\"safe\""}, "description": "On service or configuration errors that prevent Duo\nauthentication, fail \"safe\" (allow access) or \"secure\" (deny\naccess). The default is \"safe\".\n", "loc": ["security", "duosec", "failmode"], "readOnly": false, "type": "one of \"safe\", \"secure\""}, "security.duosec.fallbackLocalIP": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Duo Unix reports the IP address of the authorizing user, for\nthe purposes of authorization and whitelisting. If Duo Unix\ncannot detect the IP address of the client, setting\n`fallbackLocalIP = yes` will cause Duo Unix\nto send the IP address of the server it is running on.\n\nIf you are using IP whitelisting, enabling this option could\ncause unauthorized logins if the local IP is listed in the\nwhitelist.\n", "loc": ["security", "duosec", "fallbackLocalIP"], "readOnly": false, "type": "boolean"}, "security.duosec.groups": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If specified, Duo authentication is required only for users\nwhose primary group or supplementary group list matches one\nof the space-separated pattern lists. Refer to\n<https://duo.com/docs/duounix> for details.\n", "example": {"_type": "literalExpression", "text": "\"users,!wheel,!*admin guests\""}, "loc": ["security", "duosec", "groups"], "readOnly": false, "type": "string"}, "security.duosec.host": {"declarations": ["nixos/modules/security/duosec.nix"], "description": "Duo API hostname.", "loc": ["security", "duosec", "host"], "readOnly": false, "type": "string"}, "security.duosec.integrationKey": {"declarations": ["nixos/modules/security/duosec.nix"], "description": "Integration key.", "loc": ["security", "duosec", "integrationKey"], "readOnly": false, "type": "string"}, "security.duosec.motd": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Print the contents of `/etc/motd` to screen\nafter a successful login.\n", "loc": ["security", "duosec", "motd"], "readOnly": false, "type": "boolean"}, "security.duosec.pam.enable": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, protect logins with Duo Security using PAM support.", "loc": ["security", "duosec", "pam", "enable"], "readOnly": false, "type": "boolean"}, "security.duosec.prompts": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "If a user fails to authenticate with a second factor, Duo\nUnix will prompt the user to authenticate again. This option\nsets the maximum number of prompts that Duo Unix will\ndisplay before denying access. Must be 1, 2, or 3. Default\nis 3.\n\nFor example, when `prompts = 1`, the user\nwill have to successfully authenticate on the first prompt,\nwhereas if `prompts = 2`, if the user\nenters incorrect information at the initial prompt, he/she\nwill be prompted to authenticate again.\n\nWhen configured with `autopush = true`, we\nrecommend setting `prompts = 1`.\n", "loc": ["security", "duosec", "prompts"], "readOnly": false, "type": "one of 1, 2, 3"}, "security.duosec.pushinfo": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Include information such as the command to be executed in\nthe Duo Push message.\n", "loc": ["security", "duosec", "pushinfo"], "readOnly": false, "type": "boolean"}, "security.duosec.secretKeyFile": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing your secret key. The security of your Duo application is tied to the security of your secret key.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/duo-skey\""}, "loc": ["security", "duosec", "secretKeyFile"], "readOnly": false, "type": "null or absolute path"}, "security.duosec.ssh.enable": {"declarations": ["nixos/modules/security/duosec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, protect SSH logins with Duo Security.", "loc": ["security", "duosec", "ssh", "enable"], "readOnly": false, "type": "boolean"}, "security.enableWrappers": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable SUID/SGID wrappers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "enableWrappers"], "readOnly": false, "type": "boolean"}, "security.forcePageTableIsolation": {"declarations": ["nixos/modules/security/misc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to force-enable the Page Table Isolation (PTI) Linux kernel\nfeature even on CPU models that claim to be safe from Meltdown.\n\nThis hardening feature is most beneficial to systems that run untrusted\nworkloads that rely on address space isolation for security.\n", "loc": ["security", "forcePageTableIsolation"], "readOnly": false, "type": "boolean"}, "security.googleOsLogin.enable": {"declarations": ["nixos/modules/security/google_oslogin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Google OS Login.\n\nThe OS Login package enables the following components:\nAuthorizedKeysCommand to query valid SSH keys from the user's OS Login\nprofile during ssh authentication phase.\nNSS Module to provide user and group information\nPAM Module for the sshd service, providing authorization and\nauthentication support, allowing the system to use data stored in\nGoogle Cloud IAM permissions to control both, the ability to log into\nan instance, and to perform operations as root (sudo).\n", "loc": ["security", "googleOsLogin", "enable"], "readOnly": false, "type": "boolean"}, "security.ipa.basedn": {"declarations": ["nixos/modules/security/ipa.nix"], "description": "Base DN to use when performing LDAP operations.", "example": {"_type": "literalExpression", "text": "\"dc=example,dc=com\""}, "loc": ["security", "ipa", "basedn"], "readOnly": false, "type": "string"}, "security.ipa.cacheCredentials": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to cache credentials.", "loc": ["security", "ipa", "cacheCredentials"], "readOnly": false, "type": "boolean"}, "security.ipa.certificate": {"declarations": ["nixos/modules/security/ipa.nix"], "description": "IPA server CA certificate.\n\nUse `nix-prefetch-url http://$server/ipa/config/ca.crt` to\nobtain the file and the hash.\n", "example": {"_type": "literalExpression", "text": "pkgs.fetchurl {\n  url = \"http://ipa.example.com/ipa/config/ca.crt\";\n  hash = lib.fakeHash;\n};\n"}, "loc": ["security", "ipa", "certificate"], "readOnly": false, "type": "package"}, "security.ipa.chromiumSupport": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to whitelist the FreeIPA domain in Chromium.", "loc": ["security", "ipa", "chromiumSupport"], "readOnly": false, "type": "boolean"}, "security.ipa.domain": {"declarations": ["nixos/modules/security/ipa.nix"], "description": "Domain of the IPA server.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["security", "ipa", "domain"], "readOnly": false, "type": "string"}, "security.ipa.dyndns.enable": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable FreeIPA automatic hostname updates.", "loc": ["security", "ipa", "dyndns", "enable"], "readOnly": false, "type": "boolean"}, "security.ipa.dyndns.interface": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "Network interface to perform hostname updates through.", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["security", "ipa", "dyndns", "interface"], "readOnly": false, "type": "string"}, "security.ipa.enable": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FreeIPA domain integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "ipa", "enable"], "readOnly": false, "type": "boolean"}, "security.ipa.ifpAllowedUids": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"root\"\n]"}, "description": "A list of users allowed to access the ifp dbus interface.", "loc": ["security", "ipa", "ifpAllowedUids"], "readOnly": false, "type": "list of string"}, "security.ipa.ipaHostname": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.domain != null then config.networking.fqdn\nelse \"${networking.hostName}.${security.ipa.domain}\"\n"}, "description": "Fully-qualified hostname used to identify this host in the IPA domain.", "example": {"_type": "literalExpression", "text": "\"myworkstation.example.com\""}, "loc": ["security", "ipa", "ipaHostname"], "readOnly": false, "type": "string"}, "security.ipa.offlinePasswords": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to store offline passwords when the server is down.", "loc": ["security", "ipa", "offlinePasswords"], "readOnly": false, "type": "boolean"}, "security.ipa.realm": {"declarations": ["nixos/modules/security/ipa.nix"], "description": "Kerberos realm.", "example": {"_type": "literalExpression", "text": "\"EXAMPLE.COM\""}, "loc": ["security", "ipa", "realm"], "readOnly": false, "type": "string"}, "security.ipa.server": {"declarations": ["nixos/modules/security/ipa.nix"], "description": "IPA Server hostname.", "example": {"_type": "literalExpression", "text": "\"ipa.example.com\""}, "loc": ["security", "ipa", "server"], "readOnly": false, "type": "string"}, "security.ipa.shells": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ bash zsh ];\n"}, "description": "List of shells which binaries should be installed to /bin/<name>.\n\nFreeIPA typicly configures somesthing like /bin/bash into the users shell attribute.\n", "loc": ["security", "ipa", "shells"], "readOnly": false, "type": "list of package"}, "security.ipa.useAsTimeserver": {"declarations": ["nixos/modules/security/ipa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add the IPA server to the timeserver.", "loc": ["security", "ipa", "useAsTimeserver"], "readOnly": false, "type": "boolean"}, "security.isolate.boxRoot": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/isolate/boxes\""}, "description": "All sandboxes are created under this directory.\nTo avoid symlink attacks, this directory and all its ancestors\nmust be writeable only by root.\n", "loc": ["security", "isolate", "boxRoot"], "readOnly": false, "type": "absolute path"}, "security.isolate.cgRoot": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "\"auto:/run/isolate/cgroup\""}, "description": "Control group which subgroups are placed under.\nEither an explicit path to a subdirectory in cgroupfs, or \"auto:file\" to read\nthe path from \"file\", where it is put by `isolate-cg-helper`.\n", "loc": ["security", "isolate", "cgRoot"], "readOnly": false, "type": "string"}, "security.isolate.enable": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sandbox for securely executing untrusted programs\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "isolate", "enable"], "readOnly": false, "type": "boolean"}, "security.isolate.extraConfig": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to append to the configuration file.\n", "loc": ["security", "isolate", "extraConfig"], "readOnly": false, "type": "string"}, "security.isolate.firstGid": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "60000"}, "description": "Start of block of GIDs reserved for sandboxes.\n", "loc": ["security", "isolate", "firstGid"], "readOnly": false, "type": "integer or floating point number between 1000 and 65533 (both inclusive)"}, "security.isolate.firstUid": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "60000"}, "description": "Start of block of UIDs reserved for sandboxes.\n", "loc": ["security", "isolate", "firstUid"], "readOnly": false, "type": "integer or floating point number between 1000 and 65533 (both inclusive)"}, "security.isolate.lockRoot": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "\"/run/isolate/locks\""}, "description": "Directory where lock files are created.\n", "loc": ["security", "isolate", "lockRoot"], "readOnly": false, "type": "absolute path"}, "security.isolate.numBoxes": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Number of UIDs and GIDs to reserve, starting from\n{option}`firstUid` and {option}`firstGid`.\n", "loc": ["security", "isolate", "numBoxes"], "readOnly": false, "type": "integer or floating point number between 1000 and 65533 (both inclusive)"}, "security.isolate.package": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.isolate-unwrapped"}, "description": "The isolate-unwrapped package to use.", "loc": ["security", "isolate", "package"], "readOnly": false, "type": "package"}, "security.isolate.restrictedInit": {"declarations": ["nixos/modules/security/isolate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, only root can create sandboxes.\n", "loc": ["security", "isolate", "restrictedInit"], "readOnly": false, "type": "boolean"}, "security.krb5.enable": {"declarations": ["nixos/modules/security/krb5"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable and configure Kerberos utilities", "loc": ["security", "krb5", "enable"], "readOnly": false, "type": "boolean"}, "security.krb5.package": {"declarations": ["nixos/modules/security/krb5"], "default": {"_type": "literalExpression", "text": "pkgs.krb5"}, "description": "The krb5 package to use.", "example": {"_type": "literalExpression", "text": "heimdal"}, "loc": ["security", "krb5", "package"], "readOnly": false, "type": "package"}, "security.krb5.settings": {"declarations": ["nixos/modules/security/krb5"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structured contents of the {file}`krb5.conf` file. See\n{manpage}`krb5.conf(5)` for details about configuration.\n", "example": {"_type": "literalExpression", "text": "{\n  domain_realm = {\n    \"mit.edu\" = \"ATHENA.MIT.EDU\";\n  };\n  include = [\n    \"/run/secrets/secret-krb5.conf\"\n  ];\n  includedir = [\n    \"/run/secrets/secret-krb5.conf.d\"\n  ];\n  libdefaults = {\n    default_realm = \"ATHENA.MIT.EDU\";\n  };\n  logging = {\n    admin_server = \"SYSLOG:NOTICE\";\n    default = \"SYSLOG:NOTICE\";\n    kdc = \"SYSLOG:NOTICE\";\n  };\n  realms = {\n    \"ATHENA.MIT.EDU\" = {\n      admin_server = \"athena.mit.edu\";\n      kdc = [\n        \"athena01.mit.edu\"\n        \"athena02.mit.edu\"\n      ];\n    };\n  };\n}"}, "loc": ["security", "krb5", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of ((list of attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean)) or attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean) or (list of (signed integer or string or boolean)) or signed integer or string or boolean)"}, "security.krb5.settings.include": {"declarations": ["nixos/modules/security/krb5"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to include in the Kerberos configuration.\n", "loc": ["security", "krb5", "settings", "include"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "security.krb5.settings.includedir": {"declarations": ["nixos/modules/security/krb5"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories containing files to include in the Kerberos configuration.\n", "loc": ["security", "krb5", "settings", "includedir"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "security.krb5.settings.module": {"declarations": ["nixos/modules/security/krb5"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Modules to obtain Kerberos configuration from.\n", "loc": ["security", "krb5", "settings", "module"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "security.lockKernelModules": {"declarations": ["nixos/modules/security/lock-kernel-modules.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable kernel module loading once the system is fully initialised.\nModule loading is disabled until the next reboot. Problems caused\nby delayed module loading can be fixed by adding the module(s) in\nquestion to {option}`boot.kernelModules`.\n", "loc": ["security", "lockKernelModules"], "readOnly": false, "type": "boolean"}, "security.loginDefs.chfnRestrict": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use chfn SUID to allow non-root users to change their account GECOS information.\n", "loc": ["security", "loginDefs", "chfnRestrict"], "readOnly": false, "type": "null or string"}, "security.loginDefs.package": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shadow"}, "description": "The shadow package to use.", "loc": ["security", "loginDefs", "package"], "readOnly": false, "type": "package"}, "security.loginDefs.settings": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config options for the /etc/login.defs file, that defines\nthe site-specific configuration for the shadow password suite.\nSee {manpage}`login.defs(5)` man page for available options.\n", "loc": ["security", "loginDefs", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "security.loginDefs.settings.DEFAULT_HOME": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "\"yes\""}, "description": "Indicate if login is allowed if we can't cd to the home directory.", "loc": ["security", "loginDefs", "settings", "DEFAULT_HOME"], "readOnly": false, "type": "one of \"yes\", \"no\""}, "security.loginDefs.settings.ENCRYPT_METHOD": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "\"YESCRYPT\""}, "description": "This defines the system default encryption algorithm for encrypting passwords.", "loc": ["security", "loginDefs", "settings", "ENCRYPT_METHOD"], "readOnly": false, "type": "one of \"YESCRYPT\", \"SHA512\", \"SHA256\", \"MD5\", \"DES\""}, "security.loginDefs.settings.GID_MAX": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "29999"}, "description": "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.", "loc": ["security", "loginDefs", "settings", "GID_MAX"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.GID_MIN": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.", "loc": ["security", "loginDefs", "settings", "GID_MIN"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.SYS_GID_MAX": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "999"}, "description": "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers", "loc": ["security", "loginDefs", "settings", "SYS_GID_MAX"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.SYS_GID_MIN": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "400"}, "description": "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers", "loc": ["security", "loginDefs", "settings", "SYS_GID_MIN"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.SYS_UID_MAX": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "999"}, "description": "Range of user IDs used for the creation of system users by useradd or newusers.", "loc": ["security", "loginDefs", "settings", "SYS_UID_MAX"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.SYS_UID_MIN": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "400"}, "description": "Range of user IDs used for the creation of system users by useradd or newusers.", "loc": ["security", "loginDefs", "settings", "SYS_UID_MIN"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.TTYGROUP": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "\"tty\""}, "description": "The terminal permissions: the login tty will be owned by the TTYGROUP group,\nand the permissions will be set to TTYPERM", "loc": ["security", "loginDefs", "settings", "TTYGROUP"], "readOnly": false, "type": "string"}, "security.loginDefs.settings.TTYPERM": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "\"0620\""}, "description": "The terminal permissions: the login tty will be owned by the TTYGROUP group,\nand the permissions will be set to TTYPERM", "loc": ["security", "loginDefs", "settings", "TTYPERM"], "readOnly": false, "type": "string"}, "security.loginDefs.settings.UID_MAX": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "29999"}, "description": "Range of user IDs used for the creation of regular users by useradd or newusers.", "loc": ["security", "loginDefs", "settings", "UID_MAX"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.UID_MIN": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Range of user IDs used for the creation of regular users by useradd or newusers.", "loc": ["security", "loginDefs", "settings", "UID_MIN"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "security.loginDefs.settings.UMASK": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "\"077\""}, "description": "The file mode creation mask is initialized to this value.", "loc": ["security", "loginDefs", "settings", "UMASK"], "readOnly": false, "type": "string"}, "security.lsm": {"declarations": ["nixos/modules/security/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of the LSMs to initialize in order.\n", "loc": ["security", "lsm"], "readOnly": false, "type": "list of string"}, "security.pam.dp9ik.authserver": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This controls the hostname for the 9front authentication server\nthat users will be authenticated against.\n", "loc": ["security", "pam", "dp9ik", "authserver"], "readOnly": false, "type": "null or string"}, "security.pam.dp9ik.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"sufficient\""}, "description": "This option sets the pam \"control\" used for this module.\n", "loc": ["security", "pam", "dp9ik", "control"], "readOnly": false, "type": "string"}, "security.pam.dp9ik.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the dp9ik pam module provided by tlsclient.\n\nIf set, users can be authenticated against the 9front\nauthentication server given in {option}`security.pam.dp9ik.authserver`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "dp9ik", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.enableFscrypt": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fscrypt, to automatically unlock directories with the user's login password.\n\nThis also enables a service at security.pam.services.fscrypt which is used by\nfscrypt to verify the user's password when setting up a new protector. If you\nuse something other than pam_unix to verify user passwords, please remember to\nadjust this PAM service\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "enableFscrypt"], "readOnly": false, "type": "boolean"}, "security.pam.enableOTPW": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OTPW (one-time password) PAM module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "enableOTPW"], "readOnly": false, "type": "boolean"}, "security.pam.enableUMask": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the umask PAM module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "enableUMask"], "readOnly": false, "type": "boolean"}, "security.pam.howdy.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.services.howdy.control"}, "description": "This option sets the PAM \"control\" used for this module.\n", "loc": ["security", "pam", "howdy", "control"], "readOnly": false, "type": "string"}, "security.pam.howdy.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.services.howdy.enable"}, "description": "Whether to enable the Howdy PAM module.\n\nIf set, users can be authenticated using Howdy, the Windows\nHello\u2122-style facial authentication service.\n", "loc": ["security", "pam", "howdy", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.krb5.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.krb5.enable"}, "description": "Enables Kerberos PAM modules (`pam-krb5`,\n`pam-ccreds`).\n\nIf set, users can authenticate with their Kerberos password.\nThis requires a valid Kerberos configuration\n(`security.krb5.enable` should be set to `true`).\n\nNote that the Kerberos PAM modules are not necessary when using SSS\nto handle Kerberos authentication.\n", "loc": ["security", "pam", "krb5", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.loginLimits": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Define resource limits that should apply to users or groups.\nEach item in the list should be an attribute set with a\n{var}`domain`, {var}`type`,\n{var}`item`, and {var}`value`\nattribute.  The syntax and semantics of these attributes\nmust be that described in {manpage}`limits.conf(5)`.\n\nNote that these limits do not apply to systemd services,\nwhose limits can be changed via {option}`systemd.settings.Manager`\ninstead.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    domain = \"ftp\";\n    item = \"nproc\";\n    type = \"hard\";\n    value = \"0\";\n  }\n  {\n    domain = \"@student\";\n    item = \"maxlogins\";\n    type = \"-\";\n    value = \"4\";\n  }\n]"}, "loc": ["security", "pam", "loginLimits"], "readOnly": false, "type": "list of (submodule)"}, "security.pam.loginLimits.*.domain": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Username, groupname, or wildcard this limit applies to", "example": {"_type": "literalExpression", "text": "\"@wheel\""}, "loc": ["security", "pam", "loginLimits", "*", "domain"], "readOnly": false, "type": "string"}, "security.pam.loginLimits.*.item": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Item this limit applies to", "loc": ["security", "pam", "loginLimits", "*", "item"], "readOnly": false, "type": "one of \"core\", \"data\", \"fsize\", \"memlock\", \"nofile\", \"rss\", \"stack\", \"cpu\", \"nproc\", \"as\", \"maxlogins\", \"maxsyslogins\", \"priority\", \"locks\", \"sigpending\", \"msgqueue\", \"nice\", \"rtprio\""}, "security.pam.loginLimits.*.type": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "Type of this limit", "loc": ["security", "pam", "loginLimits", "*", "type"], "readOnly": false, "type": "one of \"-\", \"hard\", \"soft\""}, "security.pam.loginLimits.*.value": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Value of this limit", "loc": ["security", "pam", "loginLimits", "*", "value"], "readOnly": false, "type": "string or signed integer"}, "security.pam.makeHomeDir.skelDirectory": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"/var/empty\""}, "description": "Path to skeleton directory whose contents are copied to home\ndirectories newly created by `pam_mkhomedir`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/skel\""}, "loc": ["security", "pam", "makeHomeDir", "skelDirectory"], "readOnly": false, "type": "string"}, "security.pam.makeHomeDir.umask": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"0077\""}, "description": "The user file mode creation mask to use on home directories\nnewly created by `pam_mkhomedir`.\n", "example": {"_type": "literalExpression", "text": "\"0022\""}, "loc": ["security", "pam", "makeHomeDir", "umask"], "readOnly": false, "type": "string"}, "security.pam.mount.additionalSearchPaths": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional programs to include in the search path of pam_mount.\nUseful for example if you want to use some FUSE filesystems like bindfs.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.bindfs ]"}, "loc": ["security", "pam", "mount", "additionalSearchPaths"], "readOnly": false, "type": "list of package"}, "security.pam.mount.createMountPoints": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create mountpoints for volumes if they do not exist.\n", "loc": ["security", "pam", "mount", "createMountPoints"], "readOnly": false, "type": "boolean"}, "security.pam.mount.cryptMountOptions": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Global mount options that apply to every crypt volume.\nYou can define volume-specific options in the volume definitions.\n", "example": {"_type": "literalExpression", "text": "[ \"allow_discard\" ]\n"}, "loc": ["security", "pam", "mount", "cryptMountOptions"], "readOnly": false, "type": "list of string"}, "security.pam.mount.debugLevel": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing,\nand 2 additionally enables tracing in mount.crypt. The default is 0.\nFor more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>.\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["security", "pam", "mount", "debugLevel"], "readOnly": false, "type": "signed integer"}, "security.pam.mount.enable": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PAM mount system to mount filesystems on user login.\n", "loc": ["security", "pam", "mount", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.mount.extraVolumes": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of volume definitions for pam_mount.\nFor more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>.\n", "loc": ["security", "pam", "mount", "extraVolumes"], "readOnly": false, "type": "list of string"}, "security.pam.mount.fuseMountOptions": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Global mount options that apply to every FUSE volume.\nYou can define volume-specific options in the volume definitions.\n", "example": {"_type": "literalExpression", "text": "[ \"nodev\" \"nosuid\" \"force-user=%(USER)\" \"gid=%(USERGID)\" \"perms=0700\" \"chmod-deny\" \"chown-deny\" \"chgrp-deny\" ]\n"}, "loc": ["security", "pam", "mount", "fuseMountOptions"], "readOnly": false, "type": "list of string"}, "security.pam.mount.logoutHup": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Kill remaining processes after logout by sending a SIGHUP.\n", "loc": ["security", "pam", "mount", "logoutHup"], "readOnly": false, "type": "boolean"}, "security.pam.mount.logoutKill": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Kill remaining processes after logout by sending a SIGKILL.\n", "loc": ["security", "pam", "mount", "logoutKill"], "readOnly": false, "type": "boolean"}, "security.pam.mount.logoutTerm": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Kill remaining processes after logout by sending a SIGTERM.\n", "loc": ["security", "pam", "mount", "logoutTerm"], "readOnly": false, "type": "boolean"}, "security.pam.mount.logoutWait": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Amount of microseconds to wait until killing remaining processes after\nfinal logout.\nFor more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>.\n", "loc": ["security", "pam", "mount", "logoutWait"], "readOnly": false, "type": "signed integer"}, "security.pam.mount.removeCreatedMountPoints": {"declarations": ["nixos/modules/security/pam_mount.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Remove mountpoints created by pam_mount after logout. This\nonly affects mountpoints that have been created by pam_mount\nin the same session.\n", "loc": ["security", "pam", "mount", "removeCreatedMountPoints"], "readOnly": false, "type": "boolean"}, "security.pam.oath.digits": {"declarations": ["nixos/modules/security/oath.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "Specify the lib.length of the one-time password in number of\ndigits.\n", "loc": ["security", "pam", "oath", "digits"], "readOnly": false, "type": "one of 6, 7, 8"}, "security.pam.oath.enable": {"declarations": ["nixos/modules/security/oath.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the OATH (one-time password) PAM module.\n", "loc": ["security", "pam", "oath", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.oath.usersFile": {"declarations": ["nixos/modules/security/oath.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/users.oath\""}, "description": "Set the path to file where the user's credentials are\nstored. This file must not be world readable!\n", "loc": ["security", "pam", "oath", "usersFile"], "readOnly": false, "type": "absolute path"}, "security.pam.oath.window": {"declarations": ["nixos/modules/security/oath.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Specify the number of one-time passwords to check in order\nto accommodate for situations where the system and the\nclient are slightly out of sync (iteration for HOTP or time\nsteps for TOTP).\n", "loc": ["security", "pam", "oath", "window"], "readOnly": false, "type": "signed integer"}, "security.pam.p11.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"sufficient\""}, "description": "This option sets pam \"control\".\nIf you want to have multi factor authentication, use \"required\".\nIf you want to use the PKCS#11 device instead of the regular password,\nuse \"sufficient\".\n\nRead\n{manpage}`pam.conf(5)`\nfor better understanding of this option.\n", "loc": ["security", "pam", "p11", "control"], "readOnly": false, "type": "one of \"required\", \"requisite\", \"sufficient\", \"optional\""}, "security.pam.p11.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables P11 PAM (`pam_p11`) module.\n\nIf set, users can log in with SSH keys and PKCS#11 tokens.\n\nMore information can be found [here](https://github.com/OpenSC/pam_p11).\n", "loc": ["security", "pam", "p11", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.package": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pam"}, "description": "The pam package to use.", "loc": ["security", "pam", "package"], "readOnly": false, "type": "package"}, "security.pam.rssh.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable authenticating using a signature performed by the ssh-agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "rssh", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.rssh.settings": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options to pass to the pam_rssh module. Refer to\n<https://github.com/z4yx/pam_rssh/blob/main/README.md#optional-arguments>\nfor supported values.\n\nBoolean values render just the key if true, and nothing if false.\nNull values are ignored.\nAll other values are rendered as key-value pairs.\n\n", "loc": ["security", "pam", "rssh", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or string or signed integer or path in the Nix store)"}, "security.pam.rssh.settings.auth_key_file": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ssh/authorized_keys.d/$ruser\""}, "description": "Path to file with trusted public keys in OpenSSH's `authorized_keys` format. The following\nvariables are expanded to the respective PAM items:\n\n- `service`: `PAM_SERVICE`, the service name,\n- `user`: `PAM_USER`, the username of the entity under whose identity service will be given,\n- `tty`: `PAM_TTY`, the terminal name,\n- `rhost`: `PAM_RHOST`, the requesting hostname, and\n- `ruser`: `PAM_RUSER`, the requesting entity.\n\nThese PAM items are explained in {manpage}`pam_get_item(3)`.\n\nVariables may be specified as `$var`, `${var}` or `${var:defaultValue}`.\n\n::: {.note}\nSpecifying user-writeable files here results in an insecure configuration: a malicious process\ncan then edit such an `authorized_keys` file and bypass the ssh-agent-based authentication.\n\nThis option is ignored if {option}`security.pam.rssh.settings.authorized_keys_command` is set.\n\nIf both this option and {option}`security.pam.rssh.settings.authorized_keys_command` are unset,\nthe keys will be read from `${HOME}/.ssh/authorized_keys`, which should be considered\ninsecure.\n", "loc": ["security", "pam", "rssh", "settings", "auth_key_file"], "readOnly": false, "type": "null or non-empty string"}, "security.pam.services": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines the PAM services.  A service typically\ncorresponds to a program that uses PAM,\ne.g. {command}`login` or {command}`passwd`.\nEach attribute of this set defines a PAM service, with the attribute name\ndefining the name of the service.\n", "loc": ["security", "pam", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "security.pam.services.<name>.allowNullPassword": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow logging into accounts that have no password\nset (i.e., have an empty password field in\n{file}`/etc/passwd` or\n{file}`/etc/group`).  This does not enable\nlogging into disabled accounts (i.e., that have the password\nfield set to `!`).  Note that regardless of\nwhat the pam_unix documentation says, accounts with hashed\nempty passwords are always allowed to log in.\n", "loc": ["security", "pam", "services", "<name>", "allowNullPassword"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.duoSecurity.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, use the Duo Security pam module\n`pam_duo` for authentication.  Requires\nconfiguration of {option}`security.duosec` options.\n", "loc": ["security", "pam", "services", "<name>", "duoSecurity", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this PAM service.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["security", "pam", "services", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.enableAppArmor": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for attaching AppArmor profiles at the\nuser/group level, e.g., as part of a role based access\ncontrol scheme.\n", "loc": ["security", "pam", "services", "<name>", "enableAppArmor"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.enableGnomeKeyring": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, pam_gnome_keyring will attempt to automatically unlock the\nuser's default Gnome keyring upon login. If the user login password does\nnot match their keyring password, Gnome Keyring will prompt separately\nafter login.\n", "loc": ["security", "pam", "services", "<name>", "enableGnomeKeyring"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.enableUMask": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.enableUMask"}, "description": "If enabled, the pam_umask module will be loaded.", "loc": ["security", "pam", "services", "<name>", "enableUMask"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.failDelay.delay": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "3000000"}, "description": "The delay time (in microseconds) on failure.", "example": {"_type": "literalExpression", "text": "1000000"}, "loc": ["security", "pam", "services", "<name>", "failDelay", "delay"], "readOnly": false, "type": "signed integer"}, "security.pam.services.<name>.failDelay.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, this will replace the `FAIL_DELAY` setting from `login.defs`.\nChange the delay on failure per-application.\n", "loc": ["security", "pam", "services", "<name>", "failDelay", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.forwardXAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether X authentication keys should be passed from the\ncalling user to the target user (e.g. for\n{command}`su`)\n", "loc": ["security", "pam", "services", "<name>", "forwardXAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.fprintAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.services.fprintd.enable"}, "description": "If set, fingerprint reader will be used (if exists and\nyour fingerprints are enrolled).\n", "loc": ["security", "pam", "services", "<name>", "fprintAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.gnupg.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, pam_gnupg will attempt to automatically unlock the\nuser's GPG keys with the login password via\n{command}`gpg-agent`. The keygrips of all keys to be\nunlocked should be written to {file}`~/.pam-gnupg`,\nand can be queried with {command}`gpg -K --with-keygrip`.\nPresetting passphrases must be enabled by adding\n`allow-preset-passphrase` in\n{file}`~/.gnupg/gpg-agent.conf`.\n", "loc": ["security", "pam", "services", "<name>", "gnupg", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.gnupg.noAutostart": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Don't start {command}`gpg-agent` if it is not running.\nUseful in conjunction with starting {command}`gpg-agent` as\na systemd user service.\n", "loc": ["security", "pam", "services", "<name>", "gnupg", "noAutostart"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.gnupg.storeOnly": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Don't send the password immediately after login, but store for PAM\n`session`.\n", "loc": ["security", "pam", "services", "<name>", "gnupg", "storeOnly"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.googleAuthenticator.allowNullOTP": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow login for accounts that have no OTP set\n(i.e., accounts with no OTP configured or no existing\n{file}`~/.google_authenticator`).\n", "loc": ["security", "pam", "services", "<name>", "googleAuthenticator", "allowNullOTP"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.googleAuthenticator.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, users with enabled Google Authenticator (created\n{file}`~/.google_authenticator`) will be required\nto provide Google Authenticator token to log in.\n", "loc": ["security", "pam", "services", "<name>", "googleAuthenticator", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.googleAuthenticator.forwardPass": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The authentication provides a single field requiring\nthe user's password followed by the one-time password (OTP).\n", "loc": ["security", "pam", "services", "<name>", "googleAuthenticator", "forwardPass"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.googleOsLoginAccountVerification": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, will use the Google OS Login PAM modules\n(`pam_oslogin_login`,\n`pam_oslogin_admin`) to verify possible OS Login\nusers and set sudoers configuration accordingly.\nThis only makes sense to enable for the `sshd` PAM\nservice.\n", "loc": ["security", "pam", "services", "<name>", "googleOsLoginAccountVerification"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.googleOsLoginAuthentication": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, will use the `pam_oslogin_login`'s user\nauthentication methods to authenticate users using 2FA.\nThis only makes sense to enable for the `sshd` PAM\nservice.\n", "loc": ["security", "pam", "services", "<name>", "googleOsLoginAuthentication"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.howdy.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.howdy.control"}, "description": "This option sets the PAM \"control\" used for this module.\n", "loc": ["security", "pam", "services", "<name>", "howdy", "control"], "readOnly": false, "type": "string"}, "security.pam.services.<name>.howdy.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.howdy.enable"}, "description": "Whether to enable the Howdy PAM module.\n\nIf set, users can be authenticated using Howdy, the Windows\nHello\u2122-style facial authentication service.\n", "loc": ["security", "pam", "services", "<name>", "howdy", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.kwallet.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, pam_wallet will attempt to automatically unlock the\nuser's default KDE wallet upon login. If the user has no wallet named\n\"kdewallet\", or the login password does not match their wallet\npassword, KDE will prompt separately after login.\n", "loc": ["security", "pam", "services", "<name>", "kwallet", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.kwallet.forceRun": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The `force_run` option is used to tell the PAM module for KWallet\nto forcefully run even if no graphical session (such as a GUI\ndisplay manager) is detected. This is useful for when you are\nstarting an X Session or a Wayland Session from a TTY. If you\nintend to log-in from a TTY, it is recommended that you enable\nthis option **and** ensure that `plasma-kwallet-pam.service` is\nstarted by `graphical-session.target`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "services", "<name>", "kwallet", "forceRun"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.kwallet.package": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.kwallet-pam"}, "description": "The kwallet-pam package to use.", "loc": ["security", "pam", "services", "<name>", "kwallet", "package"], "readOnly": false, "type": "package"}, "security.pam.services.<name>.limits": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Attribute set describing resource limits.  Defaults to the\nvalue of {option}`security.pam.loginLimits`.\nThe meaning of the values is explained in {manpage}`limits.conf(5)`.\n", "loc": ["security", "pam", "services", "<name>", "limits"], "readOnly": false, "type": "list of (submodule)"}, "security.pam.services.<name>.limits.*.domain": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Username, groupname, or wildcard this limit applies to", "example": {"_type": "literalExpression", "text": "\"@wheel\""}, "loc": ["security", "pam", "services", "<name>", "limits", "*", "domain"], "readOnly": false, "type": "string"}, "security.pam.services.<name>.limits.*.item": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Item this limit applies to", "loc": ["security", "pam", "services", "<name>", "limits", "*", "item"], "readOnly": false, "type": "one of \"core\", \"data\", \"fsize\", \"memlock\", \"nofile\", \"rss\", \"stack\", \"cpu\", \"nproc\", \"as\", \"maxlogins\", \"maxsyslogins\", \"priority\", \"locks\", \"sigpending\", \"msgqueue\", \"nice\", \"rtprio\""}, "security.pam.services.<name>.limits.*.type": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "Type of this limit", "loc": ["security", "pam", "services", "<name>", "limits", "*", "type"], "readOnly": false, "type": "one of \"-\", \"hard\", \"soft\""}, "security.pam.services.<name>.limits.*.value": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Value of this limit", "loc": ["security", "pam", "services", "<name>", "limits", "*", "value"], "readOnly": false, "type": "string or signed integer"}, "security.pam.services.<name>.logFailures": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to log authentication failures in {file}`/var/log/faillog`.", "loc": ["security", "pam", "services", "<name>", "logFailures"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.makeHomeDir": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to try to create home directories for users\nwith `$HOME`s pointing to nonexistent\nlocations on session login.\n", "loc": ["security", "pam", "services", "<name>", "makeHomeDir"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.mysqlAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.users.mysql.enable"}, "description": "If set, the `pam_mysql` module will be used to\nauthenticate users against a MySQL/MariaDB database.\n", "loc": ["security", "pam", "services", "<name>", "mysqlAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.name": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Name of the PAM service.", "example": {"_type": "literalExpression", "text": "\"sshd\""}, "loc": ["security", "pam", "services", "<name>", "name"], "readOnly": false, "type": "string"}, "security.pam.services.<name>.nodelay": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the delay after typing a wrong password should be disabled.\n", "loc": ["security", "pam", "services", "<name>", "nodelay"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.oathAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.oath.enable"}, "description": "If set, the OATH Toolkit will be used.\n", "loc": ["security", "pam", "services", "<name>", "oathAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.otpwAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.enableOTPW"}, "description": "If set, the OTPW system will be used (if\n{file}`~/.otpw` exists).\n", "loc": ["security", "pam", "services", "<name>", "otpwAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.p11Auth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.p11.enable"}, "description": "If set, keys listed in\n{file}`~/.ssh/authorized_keys` and\n{file}`~/.eid/authorized_certificates`\ncan be used to log in with the associated PKCS#11 tokens.\n", "loc": ["security", "pam", "services", "<name>", "p11Auth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.pamMount": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.mount.enable"}, "description": "Enable PAM mount (pam_mount) system to mount filesystems on user login.\n", "loc": ["security", "pam", "services", "<name>", "pamMount"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.requireWheel": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to permit root access only to members of group wheel.\n", "loc": ["security", "pam", "services", "<name>", "requireWheel"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.rootOK": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, root doesn't need to authenticate (e.g. for the\n{command}`useradd` service).\n", "loc": ["security", "pam", "services", "<name>", "rootOK"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.rssh": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the calling user's SSH agent is used to authenticate\nagainst the configured keys. This module works in a manner\nsimilar to pam_ssh_agent_auth, but supports a wider range\nof SSH key types, including those protected by security\nkeys (FIDO2).\n", "loc": ["security", "pam", "services", "<name>", "rssh"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.setEnvironment": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the service should set the environment variables\nlisted in {option}`environment.sessionVariables`\nusing `pam_env.so`.\n", "loc": ["security", "pam", "services", "<name>", "setEnvironment"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.setLoginUid": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Set the login uid of the process\n({file}`/proc/self/loginuid`) for auditing\npurposes.  The login uid is only set by \u2018entry points\u2019 like\n{command}`login` and {command}`sshd`, not by\ncommands like {command}`sudo`.\n", "loc": ["security", "pam", "services", "<name>", "setLoginUid"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.showMotd": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to show the message of the day.", "loc": ["security", "pam", "services", "<name>", "showMotd"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.sshAgentAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the calling user's SSH agent is used to authenticate\nagainst the keys in the calling user's\n{file}`~/.ssh/authorized_keys`.  This is useful\nfor {command}`sudo` on password-less remote systems.\n", "loc": ["security", "pam", "services", "<name>", "sshAgentAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.sssdStrictAccess": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "enforce sssd access control", "loc": ["security", "pam", "services", "<name>", "sssdStrictAccess"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.startSession": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the service will register a new session with\nsystemd's login manager.  For local sessions, this will give\nthe user access to audio devices, CD-ROM drives.  In the\ndefault PolicyKit configuration, it also allows the user to\nreboot the system.\n", "loc": ["security", "pam", "services", "<name>", "startSession"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.text": {"declarations": ["nixos/modules/security/pam.nix"], "description": "Contents of the PAM service file.", "loc": ["security", "pam", "services", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "security.pam.services.<name>.ttyAudit.disablePattern": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "For each user matching one of comma-separated\nglob patterns, disable TTY auditing\n", "loc": ["security", "pam", "services", "<name>", "ttyAudit", "disablePattern"], "readOnly": false, "type": "null or string"}, "security.pam.services.<name>.ttyAudit.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable or disable TTY auditing for specified users\n", "loc": ["security", "pam", "services", "<name>", "ttyAudit", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.ttyAudit.enablePattern": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "For each user matching one of comma-separated\nglob patterns, enable TTY auditing\n", "loc": ["security", "pam", "services", "<name>", "ttyAudit", "enablePattern"], "readOnly": false, "type": "null or string"}, "security.pam.services.<name>.ttyAudit.openOnly": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set the TTY audit flag when opening the session,\nbut do not restore it when closing the session.\nUsing this option is necessary for some services\nthat don't fork() to run the authenticated session,\nsuch as sudo.\n", "loc": ["security", "pam", "services", "<name>", "ttyAudit", "openOnly"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.u2fAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.u2f.enable"}, "description": "If set, users listed in\n{file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or\n{file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is\nnot set) are able to log in with the associated U2F key. Path can be\nchanged using {option}`security.pam.u2f.authFile` option.\n", "loc": ["security", "pam", "services", "<name>", "u2fAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.unixAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether users can log in with passwords defined in\n{file}`/etc/shadow`.\n", "loc": ["security", "pam", "services", "<name>", "unixAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.updateWtmp": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to update {file}`/var/log/wtmp`.", "loc": ["security", "pam", "services", "<name>", "updateWtmp"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.usshAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, users with an SSH certificate containing an authorized principal\nin their SSH agent are able to log in. Specific options are controlled\nusing the {option}`security.pam.ussh` options.\n\nNote that the  {option}`security.pam.ussh.enable` must also be\nset for this option to take effect.\n", "loc": ["security", "pam", "services", "<name>", "usshAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.yubicoAuth": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.yubico.enable"}, "description": "If set, users listed in\n{file}`~/.yubico/authorized_yubikeys`\nare able to log in with the associated Yubikey tokens.\n", "loc": ["security", "pam", "services", "<name>", "yubicoAuth"], "readOnly": false, "type": "boolean"}, "security.pam.services.<name>.zfs": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "config.security.pam.zfs.enable"}, "description": "Enable unlocking and mounting of encrypted ZFS home dataset at login.\n", "loc": ["security", "pam", "services", "<name>", "zfs"], "readOnly": false, "type": "boolean"}, "security.pam.sshAgentAuth.authorizedKeysFiles": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/etc/ssh/authorized_keys.d/%u\"\n]"}, "description": "A list of paths to files in OpenSSH's `authorized_keys` format, containing\nthe keys that will be trusted by the `pam_ssh_agent_auth` module.\n\nThe following patterns are expanded when interpreting the path:\n- `%f` and `%H` respectively expand to the fully-qualified and short hostname ;\n- `%u` expands to the username ;\n- `~` or `%h` expands to the user's home directory.\n\n::: {.note}\nSpecifying user-writeable files here result in an insecure configuration:  a malicious process\ncan then edit such an authorized_keys file and bypass the ssh-agent-based authentication.\n\nSee [issue #31611](https://github.com/NixOS/nixpkgs/issues/31611)\n:::\n", "loc": ["security", "pam", "sshAgentAuth", "authorizedKeysFiles"], "readOnly": false, "type": "list of string"}, "security.pam.sshAgentAuth.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable authenticating using a signature performed by the ssh-agent.\nThis allows using SSH keys exclusively, instead of passwords, for instance on remote machines\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pam", "sshAgentAuth", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.u2f.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"sufficient\""}, "description": "This option sets pam \"control\".\nIf you want to have multi factor authentication, use \"required\".\nIf you want to use U2F device instead of regular password, use \"sufficient\".\n\nRead\n{manpage}`pam.conf(5)`\nfor better understanding of this option.\n", "loc": ["security", "pam", "u2f", "control"], "readOnly": false, "type": "one of \"required\", \"requisite\", \"sufficient\", \"optional\""}, "security.pam.u2f.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables U2F PAM (`pam-u2f`) module.\n\nIf set, users listed in\n{file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or\n{file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is\nnot set) are able to log in with the associated U2F key. The path can\nbe changed using {option}`security.pam.u2f.authFile` option.\n\nFile format is:\n```\n<username1>:<KeyHandle1>,<UserKey1>,<CoseType1>,<Options1>:<KeyHandle2>,<UserKey2>,<CoseType2>,<Options2>:...\n<username2>:<KeyHandle1>,<UserKey1>,<CoseType1>,<Options1>:<KeyHandle2>,<UserKey2>,<CoseType2>,<Options2>:...\n```\nThis file can be generated using {command}`pamu2fcfg` command.\n\nMore information can be found [here](https://developers.yubico.com/pam-u2f/).\n", "loc": ["security", "pam", "u2f", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.u2f.settings": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options to pass to the PAM module.\n\nBoolean values render just the key if true, and nothing if false.\nNull values are ignored.\nAll other values are rendered as key-value pairs.\n\n", "example": {"_type": "literalExpression", "text": "{\n  authfile = \"/etc/u2f_keys\";\n  authpending_file = \"\";\n  pinverification = 1;\n  userpresence = 0;\n}"}, "loc": ["security", "pam", "u2f", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or string or signed integer or path in the Nix store)"}, "security.pam.u2f.settings.appid": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default `pam-u2f` module sets the application\nID to `pam://$HOSTNAME`.\n\nWhen using {command}`pamu2fcfg`, you can specify your\napplication ID with the `-i` flag.\n\nMore information can be found [here](https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html)\n", "loc": ["security", "pam", "u2f", "settings", "appid"], "readOnly": false, "type": "null or string"}, "security.pam.u2f.settings.authfile": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default `pam-u2f` module reads the keys from\n{file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or\n{file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is\nnot set).\n\nIf you want to change auth file locations or centralize database (for\nexample use {file}`/etc/u2f-mappings`) you can set this\noption.\n\nFile format is:\n`username:first_keyHandle,first_public_key: second_keyHandle,second_public_key`\nThis file can be generated using {command}`pamu2fcfg` command.\n\nMore information can be found [here](https://developers.yubico.com/pam-u2f/).\n", "loc": ["security", "pam", "u2f", "settings", "authfile"], "readOnly": false, "type": "null or absolute path"}, "security.pam.u2f.settings.cue": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default `pam-u2f` module does not inform user\nthat he needs to use the u2f device, it just waits without a prompt.\n\nIf you set this option to `true`,\n`cue` option is added to `pam-u2f`\nmodule and reminder message will be displayed.\n", "loc": ["security", "pam", "u2f", "settings", "cue"], "readOnly": false, "type": "boolean"}, "security.pam.u2f.settings.debug": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Debug output to stderr.\n", "loc": ["security", "pam", "u2f", "settings", "debug"], "readOnly": false, "type": "boolean"}, "security.pam.u2f.settings.interactive": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to prompt a message and wait before testing the presence of a U2F device.\nRecommended if your device doesn\u2019t have a tactile trigger.\n", "loc": ["security", "pam", "u2f", "settings", "interactive"], "readOnly": false, "type": "boolean"}, "security.pam.u2f.settings.origin": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default `pam-u2f` module sets the origin\nto `pam://$HOSTNAME`.\nSetting origin to an host independent value will allow you to\nreuse credentials across machines\n\nWhen using {command}`pamu2fcfg`, you can specify your\napplication ID with the `-o` flag.\n\nMore information can be found [here](https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html)\n", "loc": ["security", "pam", "u2f", "settings", "origin"], "readOnly": false, "type": "null or string"}, "security.pam.ussh.authorizedPrincipals": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Comma-separated list of authorized principals to permit; if the user\npresents a certificate with one of these principals, then they will be\nauthorized.\n\nNote that `pam-ussh` also requires that the certificate\ncontain a principal matching the user's username. The principals from\nthis list are in addition to those principals.\n\nMutually exclusive with `authorizedPrincipalsFile`.\n", "loc": ["security", "pam", "ussh", "authorizedPrincipals"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "security.pam.ussh.authorizedPrincipalsFile": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a list of principals; if the user presents a certificate with\none of these principals, then they will be authorized.\n\nNote that `pam-ussh` also requires that the certificate\ncontain a principal matching the user's username. The principals from\nthis file are in addition to those principals.\n\nMutually exclusive with `authorizedPrincipals`.\n", "loc": ["security", "pam", "ussh", "authorizedPrincipalsFile"], "readOnly": false, "type": "null or absolute path"}, "security.pam.ussh.caFile": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default `pam-ussh` reads the trusted user CA keys\nfrom {file}`/etc/ssh/trusted_user_ca`.\n\nThis should be set the same as your `TrustedUserCAKeys`\noption for sshd.\n", "loc": ["security", "pam", "ussh", "caFile"], "readOnly": false, "type": "null or absolute path"}, "security.pam.ussh.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"sufficient\""}, "description": "This option sets pam \"control\".\nIf you want to have multi factor authentication, use \"required\".\nIf you want to use the SSH certificate instead of the regular password,\nuse \"sufficient\".\n\nRead\n{manpage}`pam.conf(5)`\nfor better understanding of this option.\n", "loc": ["security", "pam", "ussh", "control"], "readOnly": false, "type": "one of \"required\", \"requisite\", \"sufficient\", \"optional\""}, "security.pam.ussh.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables Uber's USSH PAM (`pam-ussh`) module.\n\nThis is similar to `pam-ssh-agent`, except that\nthe presence of a CA-signed SSH key with a valid principal is checked\ninstead.\n\nNote that this module must both be enabled using this option and on a\nper-PAM-service level as well (using `usshAuth`).\n\nMore information can be found [here](https://github.com/uber/pam-ussh).\n", "loc": ["security", "pam", "ussh", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.ussh.group": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, then the authenticating user must be a member of this group\nto use this module.\n", "loc": ["security", "pam", "ussh", "group"], "readOnly": false, "type": "null or string"}, "security.pam.yubico.challengeResponsePath": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If not null, set the path used by yubico pam module where the challenge expected response is stored.\n\nMore information can be found [here](https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html).\n", "loc": ["security", "pam", "yubico", "challengeResponsePath"], "readOnly": false, "type": "null or absolute path"}, "security.pam.yubico.control": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"sufficient\""}, "description": "This option sets pam \"control\".\nIf you want to have multi factor authentication, use \"required\".\nIf you want to use Yubikey instead of regular password, use \"sufficient\".\n\nRead\n{manpage}`pam.conf(5)`\nfor better understanding of this option.\n", "loc": ["security", "pam", "yubico", "control"], "readOnly": false, "type": "one of \"required\", \"requisite\", \"sufficient\", \"optional\""}, "security.pam.yubico.debug": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Debug output to stderr.\n", "loc": ["security", "pam", "yubico", "debug"], "readOnly": false, "type": "boolean"}, "security.pam.yubico.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables Yubico PAM (`yubico-pam`) module.\n\nIf set, users listed in\n{file}`~/.yubico/authorized_yubikeys`\nare able to log in with the associated Yubikey tokens.\n\nThe file must have only one line:\n`username:yubikey_token_id1:yubikey_token_id2`\nMore information can be found [here](https://developers.yubico.com/yubico-pam/).\n", "loc": ["security", "pam", "yubico", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.yubico.id": {"declarations": ["nixos/modules/security/pam.nix"], "description": "client id", "example": {"_type": "literalExpression", "text": "\"42\""}, "loc": ["security", "pam", "yubico", "id"], "readOnly": false, "type": "string"}, "security.pam.yubico.mode": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"client\""}, "description": "Mode of operation.\n\nUse \"client\" for online validation with a YubiKey validation service such as\nthe YubiCloud.\n\nUse \"challenge-response\" for offline validation using YubiKeys with HMAC-SHA-1\nChallenge-Response configurations. See the man-page {manpage}`ykpamcfg(1)` for further\ndetails on how to configure offline Challenge-Response validation.\n\nMore information can be found [here](https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html).\n", "loc": ["security", "pam", "yubico", "mode"], "readOnly": false, "type": "one of \"client\", \"challenge-response\""}, "security.pam.zfs.enable": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable unlocking and mounting of encrypted ZFS home dataset at login.\n", "loc": ["security", "pam", "zfs", "enable"], "readOnly": false, "type": "boolean"}, "security.pam.zfs.homes": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"rpool/home\""}, "description": "Prefix of home datasets. This value will be concatenated with\n`\"/\" + <username>` in order to determine the home dataset to unlock.\n", "example": {"_type": "literalExpression", "text": "\"rpool/home\""}, "loc": ["security", "pam", "zfs", "homes"], "readOnly": false, "type": "string"}, "security.pam.zfs.mountRecursively": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Mount child datasets of home dataset.\n", "loc": ["security", "pam", "zfs", "mountRecursively"], "readOnly": false, "type": "boolean"}, "security.pam.zfs.noUnmount": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not unmount home dataset on logout.\n", "loc": ["security", "pam", "zfs", "noUnmount"], "readOnly": false, "type": "boolean"}, "security.pki.caBundle": {"declarations": ["nixos/modules/security/ca.nix"], "description": "(Read-only) the path to the final bundle of certificate authorities as a single file.\n", "loc": ["security", "pki", "caBundle"], "readOnly": true, "type": "absolute path"}, "security.pki.caCertificateBlacklist": {"declarations": ["nixos/modules/security/ca.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of blacklisted CA certificate names that won't be imported from\nthe Mozilla Trust Store into\n{file}`/etc/ssl/certs/ca-certificates.crt`. Use the\nnames from that file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"WoSign\"\n  \"WoSign China\"\n  \"CA WoSign ECC Root\"\n  \"Certification Authority of WoSign G2\"\n]"}, "loc": ["security", "pki", "caCertificateBlacklist"], "readOnly": false, "type": "list of string"}, "security.pki.certificateFiles": {"declarations": ["nixos/modules/security/ca.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing trusted root certificates in PEM\nformat. These are concatenated to form\n{file}`/etc/ssl/certs/ca-certificates.crt`, which is\nused by many programs that use OpenSSL, such as\n{command}`curl` and {command}`git`.\n", "example": {"_type": "literalExpression", "text": "[ \"${pkgs.dn42-cacert}/etc/ssl/certs/dn42-ca.crt\" ]"}, "loc": ["security", "pki", "certificateFiles"], "readOnly": false, "type": "list of absolute path"}, "security.pki.certificates": {"declarations": ["nixos/modules/security/ca.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of trusted root certificates in PEM format.\n", "example": {"_type": "literalExpression", "text": "[ ''\n    NixOS.org\n    =========\n    -----BEGIN CERTIFICATE-----\n    MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ\n    TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0\n    ...\n    -----END CERTIFICATE-----\n  ''\n]\n"}, "loc": ["security", "pki", "certificates"], "readOnly": false, "type": "list of string"}, "security.pki.useCompatibleBundle": {"declarations": ["nixos/modules/security/ca.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable usage of a compatibility bundle.\n\nSuch a bundle consists exclusively of `BEGIN CERTIFICATE` and no `BEGIN TRUSTED CERTIFICATE`,\nwhich is an OpenSSL specific PEM format.\n\nIt is known to be incompatible with certain software stacks.\n\nNevertheless, enabling this will strip all additional trust rules provided by the\ncertificates themselves. This can have security consequences depending on your usecases\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "pki", "useCompatibleBundle"], "readOnly": false, "type": "boolean"}, "security.please.enable": {"declarations": ["nixos/modules/security/please.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable please, a Sudo clone which allows a users to execute a command or edit a\nfile as another user\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "please", "enable"], "readOnly": false, "type": "boolean"}, "security.please.package": {"declarations": ["nixos/modules/security/please.nix"], "default": {"_type": "literalExpression", "text": "pkgs.please"}, "description": "The please package to use.", "loc": ["security", "please", "package"], "readOnly": false, "type": "package"}, "security.please.settings": {"declarations": ["nixos/modules/security/please.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Please configuration. Refer to\n<https://github.com/edneville/please/blob/master/please.ini.md> for\ndetails.\n", "example": {"_type": "literalExpression", "text": "{\n  jim_edit_etc_hosts_as_root = {\n    editmode = 644;\n    name = \"jim\";\n    require_pass = true;\n    rule = \"/etc/hosts\";\n    target = \"root\";\n    type = \"edit\";\n  };\n  jim_run_any_as_root = {\n    name = \"jim\";\n    require_pass = false;\n    rule = \".*\";\n    target = \"root\";\n    type = \"run\";\n  };\n}"}, "loc": ["security", "please", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "security.please.wheelNeedsPassword": {"declarations": ["nixos/modules/security/please.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether users of the `wheel` group must provide a password to run\ncommands or edit files with {command}`please` and\n{command}`pleaseedit` respectively.\n", "loc": ["security", "please", "wheelNeedsPassword"], "readOnly": false, "type": "boolean"}, "security.polkit.adminIdentities": {"declarations": ["nixos/modules/security/polkit.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"unix-group:wheel\"\n]"}, "description": "Specifies which users are considered \u201cadministrators\u201d, for those\nactions that require the user to authenticate as an\nadministrator (i.e. have an `auth_admin`\nvalue).  By default, this is all users in the `wheel` group.\n", "example": {"_type": "literalExpression", "text": "[\n  \"unix-user:alice\"\n  \"unix-group:admin\"\n]"}, "loc": ["security", "polkit", "adminIdentities"], "readOnly": false, "type": "list of string"}, "security.polkit.debug": {"declarations": ["nixos/modules/security/polkit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logs from polkit. This is required in order to see log messages from rule definitions.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "polkit", "debug"], "readOnly": false, "type": "boolean"}, "security.polkit.enable": {"declarations": ["nixos/modules/security/polkit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable polkit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "polkit", "enable"], "readOnly": false, "type": "boolean"}, "security.polkit.extraConfig": {"declarations": ["nixos/modules/security/polkit.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any polkit rules to be added to config (in JavaScript ;-). See:\n<https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules>\n", "example": {"_type": "literalExpression", "text": "''\n  /* Log authorization checks. */\n  polkit.addRule(function(action, subject) {\n    // Make sure to set { security.polkit.debug = true; } in configuration.nix\n    polkit.log(\"user \" +  subject.user + \" is attempting action \" + action.id + \" from PID \" + subject.pid);\n  });\n  \n  /* Allow any local user to do anything (dangerous!). */\n  polkit.addRule(function(action, subject) {\n    if (subject.local) return \"yes\";\n  });\n''"}, "loc": ["security", "polkit", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.polkit.package": {"declarations": ["nixos/modules/security/polkit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.polkit"}, "description": "The polkit package to use.", "loc": ["security", "polkit", "package"], "readOnly": false, "type": "package"}, "security.protectKernelImage": {"declarations": ["nixos/modules/security/misc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to prevent replacing the running kernel image.\n", "loc": ["security", "protectKernelImage"], "readOnly": false, "type": "boolean"}, "security.rtkit.args": {"declarations": ["nixos/modules/security/rtkit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command-line options for `rtkit-daemon`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--our-realtime-priority=29\"\n  \"--max-realtime-priority=28\"\n]"}, "loc": ["security", "rtkit", "args"], "readOnly": false, "type": "list of string"}, "security.rtkit.enable": {"declarations": ["nixos/modules/security/rtkit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the RealtimeKit system service, which hands\nout realtime scheduling priority to user processes on\ndemand. For example, PulseAudio and PipeWire use this to\nacquire realtime priority.\n", "loc": ["security", "rtkit", "enable"], "readOnly": false, "type": "boolean"}, "security.rtkit.package": {"declarations": ["nixos/modules/security/rtkit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rtkit"}, "description": "The rtkit package to use.", "loc": ["security", "rtkit", "package"], "readOnly": false, "type": "package"}, "security.run0.enableSudoAlias": {"declarations": ["nixos/modules/security/run0.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable make {command}`sudo` an alias to {command}`run0`..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "run0", "enableSudoAlias"], "readOnly": false, "type": "boolean"}, "security.run0.wheelNeedsPassword": {"declarations": ["nixos/modules/security/run0.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether users of the `wheel` group must\nprovide a password to run commands as super user via {command}`run0`.\n", "loc": ["security", "run0", "wheelNeedsPassword"], "readOnly": false, "type": "boolean"}, "security.shadow.enable": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the shadow authentication suite, which provides critical programs such as su, login, passwd.\n\nNote: This is currently experimental. Only disable this if you're\nconfident that you can recover your system if it breaks.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "shadow", "enable"], "readOnly": false, "type": "boolean"}, "security.soteria.enable": {"declarations": ["nixos/modules/security/soteria.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Soteria, a Polkit authentication agent\nfor any desktop environment.\n\n::: {.note}\nYou should only enable this if you are on a Desktop Environment that\ndoes not provide a graphical polkit authentication agent, or you are on\na standalone window manager or Wayland compositor.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "soteria", "enable"], "readOnly": false, "type": "boolean"}, "security.soteria.package": {"declarations": ["nixos/modules/security/soteria.nix"], "default": {"_type": "literalExpression", "text": "pkgs.soteria"}, "description": "The soteria package to use.", "loc": ["security", "soteria", "package"], "readOnly": false, "type": "package"}, "security.sudo-rs.configFile": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "description": "This string contains the contents of the\n{file}`sudoers` file.\n", "loc": ["security", "sudo-rs", "configFile"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.sudo-rs.defaultOptions": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"SETENV\"\n]"}, "description": "Options used for the default rules, granting `root` and the\n`wheel` group permission to run any command as any user.\n", "loc": ["security", "sudo-rs", "defaultOptions"], "readOnly": false, "type": "list of string"}, "security.sudo-rs.enable": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a memory-safe implementation of the {command}`sudo` command,\nwhich allows non-root users to execute commands as root\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "sudo-rs", "enable"], "readOnly": false, "type": "boolean"}, "security.sudo-rs.execWheelOnly": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only allow members of the `wheel` group to execute sudo by\nsetting the executable's permissions accordingly.\nThis prevents users that are not members of `wheel` from\nexploiting vulnerabilities in sudo such as CVE-2021-3156.\n", "loc": ["security", "sudo-rs", "execWheelOnly"], "readOnly": false, "type": "boolean"}, "security.sudo-rs.extraConfig": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration text appended to {file}`sudoers`.\n", "loc": ["security", "sudo-rs", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.sudo-rs.extraRules": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Define specific rules to be in the {file}`sudoers` file.\nMore specific rules should come after more general ones in order to\nyield the expected behavior. You can use `lib.mkBefore`/`lib.mkAfter` to ensure\nthis is the case when configuration options are merged.\n", "example": {"_type": "literalExpression", "text": "[\n  # Allow execution of any command by all users in group sudo,\n  # requiring a password.\n  { groups = [ \"sudo\" ]; commands = [ \"ALL\" ]; }\n\n  # Allow execution of \"/home/root/secret.sh\" by user `backup`, `database`\n  # and the group with GID `1006` without a password.\n  { users = [ \"backup\" \"database\" ]; groups = [ 1006 ];\n    commands = [ { command = \"/home/root/secret.sh\"; options = [ \"SETENV\" \"NOPASSWD\" ]; } ]; }\n\n  # Allow all users of group `bar` to run two executables as user `foo`\n  # with arguments being pre-set.\n  { groups = [ \"bar\" ]; runAs = \"foo\";\n    commands =\n      [ \"/home/baz/cmd1.sh hello-sudo\"\n          { command = ''/home/baz/cmd2.sh \"\"''; options = [ \"SETENV\" ]; } ]; }\n]\n"}, "loc": ["security", "sudo-rs", "extraRules"], "readOnly": false, "type": "list of (submodule)"}, "security.sudo-rs.extraRules.*.commands": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "description": "The commands for which the rule should apply.\n", "loc": ["security", "sudo-rs", "extraRules", "*", "commands"], "readOnly": false, "type": "list of (string or (submodule))"}, "security.sudo-rs.extraRules.*.groups": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The groups / GIDs this rule should apply for.\n", "loc": ["security", "sudo-rs", "extraRules", "*", "groups"], "readOnly": false, "type": "list of (string or signed integer)"}, "security.sudo-rs.extraRules.*.host": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "\"ALL\""}, "description": "For what host this rule should apply.\n", "loc": ["security", "sudo-rs", "extraRules", "*", "host"], "readOnly": false, "type": "string"}, "security.sudo-rs.extraRules.*.runAs": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "\"ALL:ALL\""}, "description": "Under which user/group the specified command is allowed to run.\n\nA user can be specified using just the username: `\"foo\"`.\nIt is also possible to specify a user/group combination using `\"foo:bar\"`\nor to only allow running as a specific group with `\":bar\"`.\n", "loc": ["security", "sudo-rs", "extraRules", "*", "runAs"], "readOnly": false, "type": "string"}, "security.sudo-rs.extraRules.*.users": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The usernames / UIDs this rule should apply for.\n", "loc": ["security", "sudo-rs", "extraRules", "*", "users"], "readOnly": false, "type": "list of (string or signed integer)"}, "security.sudo-rs.package": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sudo-rs"}, "description": "The sudo-rs package to use.", "loc": ["security", "sudo-rs", "package"], "readOnly": false, "type": "package"}, "security.sudo-rs.wheelNeedsPassword": {"declarations": ["nixos/modules/security/sudo-rs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether users of the `wheel` group must\nprovide a password to run commands as super user via {command}`sudo`.\n", "loc": ["security", "sudo-rs", "wheelNeedsPassword"], "readOnly": false, "type": "boolean"}, "security.sudo.configFile": {"declarations": ["nixos/modules/security/sudo.nix"], "description": "This string contains the contents of the\n{file}`sudoers` file.\n", "loc": ["security", "sudo", "configFile"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.sudo.defaultOptions": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"SETENV\"\n]"}, "description": "Options used for the default rules, granting `root` and the\n`wheel` group permission to run any command as any user.\n", "loc": ["security", "sudo", "defaultOptions"], "readOnly": false, "type": "list of string"}, "security.sudo.enable": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the {command}`sudo` command, which\nallows non-root users to execute commands as root.\n", "loc": ["security", "sudo", "enable"], "readOnly": false, "type": "boolean"}, "security.sudo.execWheelOnly": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only allow members of the `wheel` group to execute sudo by\nsetting the executable's permissions accordingly.\nThis prevents users that are not members of `wheel` from\nexploiting vulnerabilities in sudo such as CVE-2021-3156.\n", "loc": ["security", "sudo", "execWheelOnly"], "readOnly": false, "type": "boolean"}, "security.sudo.extraConfig": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration text appended to {file}`sudoers`.\n", "loc": ["security", "sudo", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "security.sudo.extraRules": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Define specific rules to be in the {file}`sudoers` file.\nMore specific rules should come after more general ones in order to\nyield the expected behavior. You can use mkBefore/mkAfter to ensure\nthis is the case when configuration options are merged.\n", "example": {"_type": "literalExpression", "text": "[\n  # Allow execution of any command by all users in group sudo,\n  # requiring a password.\n  { groups = [ \"sudo\" ]; commands = [ \"ALL\" ]; }\n\n  # Allow execution of \"/home/root/secret.sh\" by user `backup`, `database`\n  # and the group with GID `1006` without a password.\n  { users = [ \"backup\" \"database\" ]; groups = [ 1006 ];\n    commands = [ { command = \"/home/root/secret.sh\"; options = [ \"SETENV\" \"NOPASSWD\" ]; } ]; }\n\n  # Allow all users of group `bar` to run two executables as user `foo`\n  # with arguments being pre-set.\n  { groups = [ \"bar\" ]; runAs = \"foo\";\n    commands =\n      [ \"/home/baz/cmd1.sh hello-sudo\"\n          { command = ''/home/baz/cmd2.sh \"\"''; options = [ \"SETENV\" ]; } ]; }\n]\n"}, "loc": ["security", "sudo", "extraRules"], "readOnly": false, "type": "list of (submodule)"}, "security.sudo.extraRules.*.commands": {"declarations": ["nixos/modules/security/sudo.nix"], "description": "The commands for which the rule should apply.\n", "loc": ["security", "sudo", "extraRules", "*", "commands"], "readOnly": false, "type": "list of (string or (submodule))"}, "security.sudo.extraRules.*.groups": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The groups / GIDs this rule should apply for.\n", "loc": ["security", "sudo", "extraRules", "*", "groups"], "readOnly": false, "type": "list of (string or signed integer)"}, "security.sudo.extraRules.*.host": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "\"ALL\""}, "description": "For what host this rule should apply.\n", "loc": ["security", "sudo", "extraRules", "*", "host"], "readOnly": false, "type": "string"}, "security.sudo.extraRules.*.runAs": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "\"ALL:ALL\""}, "description": "Under which user/group the specified command is allowed to run.\n\nA user can be specified using just the username: `\"foo\"`.\nIt is also possible to specify a user/group combination using `\"foo:bar\"`\nor to only allow running as a specific group with `\":bar\"`.\n", "loc": ["security", "sudo", "extraRules", "*", "runAs"], "readOnly": false, "type": "string"}, "security.sudo.extraRules.*.users": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The usernames / UIDs this rule should apply for.\n", "loc": ["security", "sudo", "extraRules", "*", "users"], "readOnly": false, "type": "list of (string or signed integer)"}, "security.sudo.keepTerminfo": {"declarations": ["nixos/modules/config/terminfo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to preserve the `TERMINFO` and `TERMINFO_DIRS`\nenvironment variables, for `root` and the `wheel` group.\n", "loc": ["security", "sudo", "keepTerminfo"], "readOnly": false, "type": "boolean"}, "security.sudo.package": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sudo"}, "description": "The sudo package to use.", "loc": ["security", "sudo", "package"], "readOnly": false, "type": "package"}, "security.sudo.wheelNeedsPassword": {"declarations": ["nixos/modules/security/sudo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether users of the `wheel` group must\nprovide a password to run commands as super user via {command}`sudo`.\n", "loc": ["security", "sudo", "wheelNeedsPassword"], "readOnly": false, "type": "boolean"}, "security.tpm2.abrmd.enable": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Trusted Platform 2 userspace resource manager daemon\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "tpm2", "abrmd", "enable"], "readOnly": false, "type": "boolean"}, "security.tpm2.abrmd.package": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tpm2-abrmd"}, "description": "The tpm2-abrmd package to use.", "loc": ["security", "tpm2", "abrmd", "package"], "readOnly": false, "type": "package"}, "security.tpm2.applyUdevRules": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or\nthe /dev/tpmrm[0-9] by tssGroup respectively\n", "loc": ["security", "tpm2", "applyUdevRules"], "readOnly": false, "type": "boolean"}, "security.tpm2.enable": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Trusted Platform Module 2 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "tpm2", "enable"], "readOnly": false, "type": "boolean"}, "security.tpm2.fapi.ekCertLess": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A switch to disable Endorsement Key (EK) certificate verification.\n\nA value of null indicates that the generated fapi config file does not\ncontain a ek_cert_less key. The effect of not having that key at all is\nthe same as setting its value to false.\n\nA value of false means that the tss2 cli will not work if there is no\nEK Cert installed, or if the installed EK Cert can't be validated.\n\nA value of true means that the tss2 cli will work even if there's no EK\ncert installed.\n", "loc": ["security", "tpm2", "fapi", "ekCertLess"], "readOnly": false, "type": "null or boolean"}, "security.tpm2.fapi.ekFingerprint": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The fingerprint of the endorsement key.\n\nA value of null means that you have chosen not to specify the expected\nfingerprint of the EK. You can still have an endorsement key, it just\nwon't get checked to see if it's fingerprint matches a particular value\nbefore being used.\n", "loc": ["security", "tpm2", "fapi", "ekFingerprint"], "readOnly": false, "type": "null or string"}, "security.tpm2.fapi.firmwareLogFile": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"/sys/kernel/security/tpm0/binary_bios_measurements\""}, "description": "The binary bios measurements.\n", "loc": ["security", "tpm2", "fapi", "firmwareLogFile"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.imaLogFile": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"/sys/kernel/security/ima/binary_runtime_measurements\""}, "description": "The binary IMA measurements (Integrity Measurement Architecture).\n", "loc": ["security", "tpm2", "fapi", "imaLogFile"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.logDir": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/tpm2-tss/eventlog/\""}, "description": "The directory for the event log.\n", "loc": ["security", "tpm2", "fapi", "logDir"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.profileDir": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "${pkgs.tpm2-tss}/etc/fapi-profiles/"}, "description": "Directory that contains all cryptographic profiles known to FAPI.\n", "loc": ["security", "tpm2", "fapi", "profileDir"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.profileName": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"P_ECCP256SHA256\""}, "description": "Name of the default cryptographic profile chosen from the profile_dir directory.\n", "loc": ["security", "tpm2", "fapi", "profileName"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.systemDir": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tpm2-tss/keystore\""}, "description": "The directory where system objects, policies, and imported objects are stored.\n", "loc": ["security", "tpm2", "fapi", "systemDir"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.systemPcrs": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The PCR registers which are used by the system.\n", "loc": ["security", "tpm2", "fapi", "systemPcrs"], "readOnly": false, "type": "list of signed integer"}, "security.tpm2.fapi.tcti": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The TCTI which will be used.\n\nAn empty string indicates no TCTI is specified by the FAPI config.\n\nIf not specified in the FAPI config it can be specified by environment\nvariable (TPM2TOOLS_TCTI, TPM2_PKCS11_TCTI, etc) or a TCTI will be chosen\nby the FAPI library by searching for tabrmd, device, and mssim TCTIs in\nthat order.\n", "example": {"_type": "literalExpression", "text": "\"device:/dev/tpmrm0\""}, "loc": ["security", "tpm2", "fapi", "tcti"], "readOnly": false, "type": "string"}, "security.tpm2.fapi.userDir": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"~/.local/share/tpm2-tss/user/keystore/\""}, "description": "The directory where user objects are stored.\n", "loc": ["security", "tpm2", "fapi", "userDir"], "readOnly": false, "type": "string"}, "security.tpm2.pkcs11.enable": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TPM2 PKCS#11 tool and shared library in system path\n(`/run/current-system/sw/lib/libtpm2_pkcs11.so`)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["security", "tpm2", "pkcs11", "enable"], "readOnly": false, "type": "boolean"}, "security.tpm2.pkcs11.package": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "if config.security.tpm2.abrmd.enable then pkgs.tpm2-pkcs11.abrmd else pkgs.tpm2-pkcs11"}, "description": "tpm2-pkcs11 package to use", "loc": ["security", "tpm2", "pkcs11", "package"], "readOnly": false, "type": "package"}, "security.tpm2.tctiEnvironment.deviceConf": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/tpmrm0\""}, "description": "Configuration part of the device TCTI, e.g. the path to the TPM device.\nApplies if interface is set to \"device\".\nThe format is specified in the\n[\ntpm2-tools repository](https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md#tcti-options).\n", "loc": ["security", "tpm2", "tctiEnvironment", "deviceConf"], "readOnly": false, "type": "string"}, "security.tpm2.tctiEnvironment.enable": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set common TCTI environment variables to the specified value.\nThe variables are\n- `TPM2TOOLS_TCTI`\n- `TPM2_PKCS11_TCTI`\n", "loc": ["security", "tpm2", "tctiEnvironment", "enable"], "readOnly": false, "type": "boolean"}, "security.tpm2.tctiEnvironment.interface": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"device\""}, "description": "The name of the TPM command transmission interface (TCTI) library to\nuse.\n", "loc": ["security", "tpm2", "tctiEnvironment", "interface"], "readOnly": false, "type": "one of \"tabrmd\", \"device\""}, "security.tpm2.tctiEnvironment.tabrmdConf": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"bus_name=com.intel.tss2.Tabrmd\""}, "description": "Configuration part of the tabrmd TCTI, like the D-Bus bus name.\nApplies if interface is set to \"tabrmd\".\nThe format is specified in the\n[\ntpm2-tools repository](https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md#tcti-options).\n", "loc": ["security", "tpm2", "tctiEnvironment", "tabrmdConf"], "readOnly": false, "type": "string"}, "security.tpm2.tssGroup": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"tss\""}, "description": "Group of the tpm kernel resource manager (tpmrm) device-group, set if\napplyUdevRules is set.\n", "loc": ["security", "tpm2", "tssGroup"], "readOnly": false, "type": "null or string"}, "security.tpm2.tssUser": {"declarations": ["nixos/modules/security/tpm2.nix"], "default": {"_type": "literalExpression", "text": "if config.security.tpm2.abrmd.enable then \"tss\" else \"root\""}, "description": "Name of the tpm device-owner and service user, set if applyUdevRules is\nset.\n", "loc": ["security", "tpm2", "tssUser"], "readOnly": false, "type": "null or string"}, "security.unprivilegedUsernsClone": {"declarations": ["nixos/modules/security/misc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When disabled, unprivileged users will not be able to create new namespaces.\nBy default unprivileged user namespaces are disabled.\nThis option only works in a hardened profile.\n", "loc": ["security", "unprivilegedUsernsClone"], "readOnly": false, "type": "boolean"}, "security.virtualisation.flushL1DataCache": {"declarations": ["nixos/modules/security/misc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether the hypervisor should flush the L1 data cache before\nentering guests.\nSee also [](#opt-security.allowSimultaneousMultithreading).\n\n- `null`: uses the kernel default\n- `\"never\"`: disables L1 data cache flushing entirely.\n  May be appropriate if all guests are trusted.\n- `\"cond\"`: flushes L1 data cache only for pre-determined\n  code paths.  May leak information about the host address space\n  layout.\n- `\"always\"`: flushes L1 data cache every time the hypervisor\n  enters the guest.  May incur significant performance cost.\n", "loc": ["security", "virtualisation", "flushL1DataCache"], "readOnly": false, "type": "null or one of \"never\", \"cond\", \"always\""}, "security.wrapperDirSize": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"50%\""}, "description": "Size limit for the /run/wrappers tmpfs. Look at {manpage}`mount(8)`, tmpfs size option,\nfor the accepted syntax. WARNING: don't set to less than 64MB.\n", "example": {"_type": "literalExpression", "text": "\"10G\""}, "loc": ["security", "wrapperDirSize"], "readOnly": false, "type": "string"}, "security.wrappers": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option effectively allows adding setuid/setgid bits, capabilities,\nchanging file ownership and permissions of a program without directly\nmodifying it. This works by creating a wrapper program in a directory\n(not configurable), which is then added to the shell `PATH`.\n", "example": {"_type": "literalExpression", "text": "{\n  # a setuid root program\n  doas =\n    { setuid = true;\n      owner = \"root\";\n      group = \"root\";\n      source = \"${pkgs.doas}/bin/doas\";\n    };\n\n  # a setgid program\n  locate =\n    { setgid = true;\n      owner = \"root\";\n      group = \"mlocate\";\n      source = \"${pkgs.locate}/bin/locate\";\n    };\n\n  # a program with the CAP_NET_RAW capability\n  ping =\n    { owner = \"root\";\n      group = \"root\";\n      capabilities = \"cap_net_raw+ep\";\n      source = \"${pkgs.iputils.out}/bin/ping\";\n    };\n}\n"}, "loc": ["security", "wrappers"], "readOnly": false, "type": "attribute set of (submodule)"}, "security.wrappers.<name>.capabilities": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A comma-separated list of capability clauses to be given to the\nwrapper program. The format for capability clauses is described in the\n\u201cTEXTUAL REPRESENTATION\u201d section of the {manpage}`cap_from_text(3)`\nmanual page. For a list of capabilities supported by the system, check\nthe {manpage}`capabilities(7)` manual page.\n\n::: {.note}\n`cap_setpcap`, which is required for the wrapper\nprogram to be able to raise caps into the Ambient set is NOT raised\nto the Ambient set so that the real program cannot modify its own\ncapabilities!! This may be too restrictive for cases in which the\nreal program needs cap_setpcap but it at least leans on the side\nsecurity paranoid vs. too relaxed.\n:::\n", "loc": ["security", "wrappers", "<name>", "capabilities"], "readOnly": false, "type": "strings concatenated with \",\""}, "security.wrappers.<name>.enable": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the wrapper.", "loc": ["security", "wrappers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "security.wrappers.<name>.group": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "description": "The group of the wrapper program.", "loc": ["security", "wrappers", "<name>", "group"], "readOnly": false, "type": "string"}, "security.wrappers.<name>.owner": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "description": "The owner of the wrapper program.", "loc": ["security", "wrappers", "<name>", "owner"], "readOnly": false, "type": "string"}, "security.wrappers.<name>.permissions": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"u+rx,g+x,o+x\""}, "description": "The permissions of the wrapper program. The format is that of a\nsymbolic or numeric file mode understood by {command}`chmod`.\n", "example": {"_type": "literalExpression", "text": "\"a+rx\""}, "loc": ["security", "wrappers", "<name>", "permissions"], "readOnly": false, "type": "file mode string"}, "security.wrappers.<name>.program": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the wrapper program. Defaults to the attribute name.\n", "loc": ["security", "wrappers", "<name>", "program"], "readOnly": false, "type": "null or string"}, "security.wrappers.<name>.setgid": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add the setgid bit the wrapper program.", "loc": ["security", "wrappers", "<name>", "setgid"], "readOnly": false, "type": "boolean"}, "security.wrappers.<name>.setuid": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add the setuid bit the wrapper program.", "loc": ["security", "wrappers", "<name>", "setuid"], "readOnly": false, "type": "boolean"}, "security.wrappers.<name>.source": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "description": "The absolute path to the program to be wrapped.", "loc": ["security", "wrappers", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "services.SystemdJournal2Gelf.enable": {"declarations": ["nixos/modules/services/logging/SystemdJournal2Gelf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SystemdJournal2Gelf.\n", "loc": ["services", "SystemdJournal2Gelf", "enable"], "readOnly": false, "type": "boolean"}, "services.SystemdJournal2Gelf.extraOptions": {"declarations": ["nixos/modules/services/logging/SystemdJournal2Gelf.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any extra flags to pass to SystemdJournal2Gelf. Note that\nthese are basically `journalctl` flags.\n", "loc": ["services", "SystemdJournal2Gelf", "extraOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.SystemdJournal2Gelf.graylogServer": {"declarations": ["nixos/modules/services/logging/SystemdJournal2Gelf.nix"], "description": "Host and port of your graylog2 input. This should be a GELF\nUDP input.\n", "example": {"_type": "literalExpression", "text": "\"graylog2.example.com:11201\""}, "loc": ["services", "SystemdJournal2Gelf", "graylogServer"], "readOnly": false, "type": "string"}, "services.SystemdJournal2Gelf.package": {"declarations": ["nixos/modules/services/logging/SystemdJournal2Gelf.nix"], "default": {"_type": "literalExpression", "text": "pkgs.systemd-journal2gelf"}, "description": "The systemd-journal2gelf package to use.", "loc": ["services", "SystemdJournal2Gelf", "package"], "readOnly": false, "type": "package"}, "services._3proxy.confFile": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "description": "Ignore all other 3proxy options and load configuration from this file.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/3proxy/3proxy.conf\""}, "loc": ["services", "_3proxy", "confFile"], "readOnly": false, "type": "absolute path"}, "services._3proxy.denyPrivate": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to deny access to private IP ranges including loopback.\n", "loc": ["services", "_3proxy", "denyPrivate"], "readOnly": false, "type": "boolean"}, "services._3proxy.enable": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable 3proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "_3proxy", "enable"], "readOnly": false, "type": "boolean"}, "services._3proxy.extraConfig": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra configuration, appended to the 3proxy configuration file.\nConsult [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available options.\n", "loc": ["services", "_3proxy", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services._3proxy.privateRanges": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0/8\"\n  \"127.0.0.0/8\"\n  \"10.0.0.0/8\"\n  \"100.64.0.0/10\"\n  \"172.16.0.0/12\"\n  \"192.168.0.0/16\"\n  \"::\"\n  \"::1\"\n  \"fc00::/7\"\n]"}, "description": "What IP ranges to deny access when denyPrivate is set tu true.\n", "loc": ["services", "_3proxy", "privateRanges"], "readOnly": false, "type": "list of string"}, "services._3proxy.resolution": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Use this option to configure name resolution and DNS caching.\n", "loc": ["services", "_3proxy", "resolution"], "readOnly": false, "type": "submodule"}, "services._3proxy.resolution.nscache": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "Set name cache size for IPv4.", "loc": ["services", "_3proxy", "resolution", "nscache"], "readOnly": false, "type": "signed integer"}, "services._3proxy.resolution.nscache6": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "Set name cache size for IPv6.", "loc": ["services", "_3proxy", "resolution", "nscache6"], "readOnly": false, "type": "signed integer"}, "services._3proxy.resolution.nserver": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of nameservers to use.\n\nUp to 5 nservers may be specified. If no nserver is configured,\ndefault system name resolution functions are used.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.53\"\n  \"192.168.1.3:5353/tcp\"\n]"}, "loc": ["services", "_3proxy", "resolution", "nserver"], "readOnly": false, "type": "list of string"}, "services._3proxy.resolution.nsrecord": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Adds static nsrecords.", "example": {"_type": "literalExpression", "text": "{\n  \"files.local\" = \"192.168.1.12\";\n  \"site.local\" = \"192.168.1.43\";\n}\n"}, "loc": ["services", "_3proxy", "resolution", "nsrecord"], "readOnly": false, "type": "attribute set of string"}, "services._3proxy.services": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Use this option to define 3proxy services.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    type = \"proxy\";\n    bindAddress = \"192.168.1.24\";\n    bindPort = 3128;\n    auth = [ \"none\" ];\n  }\n  {\n    type = \"proxy\";\n    bindAddress = \"10.10.1.20\";\n    bindPort = 3128;\n    auth = [ \"iponly\" ];\n  }\n  {\n    type = \"socks\";\n    bindAddress = \"172.17.0.1\";\n    bindPort = 1080;\n    auth = [ \"strong\" ];\n  }\n]\n"}, "loc": ["services", "_3proxy", "services"], "readOnly": false, "type": "list of (submodule)"}, "services._3proxy.services.*.acl": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Use this option to limit user access to resources.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    rule = \"allow\";\n    users = [ \"user1\" ];\n  }\n  {\n    rule = \"allow\";\n    sources = [ \"192.168.1.0/24\" ];\n  }\n  {\n    rule = \"deny\";\n  }\n]\n"}, "loc": ["services", "_3proxy", "services", "*", "acl"], "readOnly": false, "type": "list of (submodule)"}, "services._3proxy.services.*.acl.*.rule": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "description": "ACL rule. The following values are valid:\n\n- `\"allow\"`: connections allowed.\n- `\"deny\"`: connections not allowed.\n", "example": {"_type": "literalExpression", "text": "\"allow\""}, "loc": ["services", "_3proxy", "services", "*", "acl", "*", "rule"], "readOnly": false, "type": "one of \"allow\", \"deny\""}, "services._3proxy.services.*.acl.*.sources": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of source IP range, use empty list for any.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"192.168.1.0/24\"\n]"}, "loc": ["services", "_3proxy", "services", "*", "acl", "*", "sources"], "readOnly": false, "type": "list of string"}, "services._3proxy.services.*.acl.*.targetPorts": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of target ports, use empty list for any.\n", "example": {"_type": "literalExpression", "text": "[\n  80\n  443\n]"}, "loc": ["services", "_3proxy", "services", "*", "acl", "*", "targetPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services._3proxy.services.*.acl.*.targets": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of target IP ranges, use empty list for any.\nMay also contain host names instead of addresses.\nIt's possible to use wildmask in the beginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`.\nHostname is only checked if hostname presents in request.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"192.168.1.0/24\"\n]"}, "loc": ["services", "_3proxy", "services", "*", "acl", "*", "targets"], "readOnly": false, "type": "list of string"}, "services._3proxy.services.*.acl.*.users": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of users, use empty list for any.\n", "example": {"_type": "literalExpression", "text": "[\n  \"user1\"\n  \"user2\"\n  \"user3\"\n]"}, "loc": ["services", "_3proxy", "services", "*", "acl", "*", "users"], "readOnly": false, "type": "list of string"}, "services._3proxy.services.*.auth": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "description": "Authentication type. The following values are valid:\n\n- `\"none\"`: disables both authentication and authorization. You can not use ACLs.\n- `\"iponly\"`: specifies no authentication. ACLs authorization is used.\n- `\"strong\"`: authentication by username/password. If user is not registered their access is denied regardless of ACLs.\n\nDouble authentication is possible, e.g.\n\n```\n  {\n    auth = [ \"iponly\" \"strong\" ];\n    acl = [\n      {\n        rule = \"allow\";\n        targets = [ \"192.168.0.0/16\" ];\n      }\n      {\n        rule = \"allow\"\n        users = [ \"user1\" \"user2\" ];\n      }\n    ];\n  }\n```\nIn this example strong username authentication is not required to access 192.168.0.0/16.\n", "example": {"_type": "literalExpression", "text": "[\n  \"iponly\"\n  \"strong\"\n]"}, "loc": ["services", "_3proxy", "services", "*", "auth"], "readOnly": false, "type": "list of (one of \"none\", \"iponly\", \"strong\")"}, "services._3proxy.services.*.bindAddress": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "Address used for service.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "_3proxy", "services", "*", "bindAddress"], "readOnly": false, "type": "string"}, "services._3proxy.services.*.bindPort": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override default port used for service.\n", "example": {"_type": "literalExpression", "text": "3128"}, "loc": ["services", "_3proxy", "services", "*", "bindPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services._3proxy.services.*.extraArguments": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra arguments for service.\nConsult \"Options\" section in [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available arguments.\n", "example": {"_type": "literalExpression", "text": "\"-46\""}, "loc": ["services", "_3proxy", "services", "*", "extraArguments"], "readOnly": false, "type": "null or string"}, "services._3proxy.services.*.extraConfig": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection.\nConsult [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available options.\n", "loc": ["services", "_3proxy", "services", "*", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services._3proxy.services.*.maxConnections": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum number of simulationeous connections to this service.\n", "example": {"_type": "literalExpression", "text": "1000"}, "loc": ["services", "_3proxy", "services", "*", "maxConnections"], "readOnly": false, "type": "signed integer"}, "services._3proxy.services.*.type": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "description": "Service type. The following values are valid:\n\n- `\"proxy\"`: HTTP/HTTPS proxy (default port 3128).\n- `\"socks\"`: SOCKS 4/4.5/5 proxy (default port 1080).\n- `\"pop3p\"`: POP3 proxy (default port 110).\n- `\"ftppr\"`: FTP proxy (default port 21).\n- `\"admin\"`: Web interface (default port 80).\n- `\"dnspr\"`: Caching DNS proxy (default port 53).\n- `\"tcppm\"`: TCP portmapper.\n- `\"udppm\"`: UDP portmapper.\n", "example": {"_type": "literalExpression", "text": "\"proxy\""}, "loc": ["services", "_3proxy", "services", "*", "type"], "readOnly": false, "type": "one of \"proxy\", \"socks\", \"pop3p\", \"ftppr\", \"admin\", \"dnspr\", \"tcppm\", \"udppm\""}, "services._3proxy.usersFile": {"declarations": ["nixos/modules/services/networking/3proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Load users and passwords from this file.\n\nExample users file with plain-text passwords:\n\n```\n  test1:CL:password1\n  test2:CL:password2\n```\n\nExample users file with md5-crypted passwords:\n\n```\n  test1:CR:$1$tFkisVd2$1GA8JXkRmTXdLDytM/i3a1\n  test2:CR:$1$rkpibm5J$Aq1.9VtYAn0JrqZ8M.1ME.\n```\n\nYou can generate md5-crypted passwords via <https://unix4lyfe.org/crypt/>\nNote that htpasswd tool generates incompatible md5-crypted passwords.\nConsult [documentation](https://github.com/z3APA3A/3proxy/wiki/How-To-%28incomplete%29#USERS) for more information.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/3proxy/3proxy.passwd\""}, "loc": ["services", "_3proxy", "usersFile"], "readOnly": false, "type": "null or absolute path"}, "services.a2boot.enable": {"declarations": ["nixos/modules/services/network-filesystems/a2boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the a2boot daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "a2boot", "enable"], "readOnly": false, "type": "boolean"}, "services.accounts-daemon.enable": {"declarations": ["nixos/modules/services/desktops/accountsservice.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable AccountsService, a DBus service for accessing\nthe list of user accounts and information attached to those accounts.\n", "loc": ["services", "accounts-daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.acme-dns.enable": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable acme-dns.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "acme-dns", "enable"], "readOnly": false, "type": "boolean"}, "services.acme-dns.package": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.acme-dns"}, "description": "The acme-dns package to use.", "loc": ["services", "acme-dns", "package"], "readOnly": false, "type": "package"}, "services.acme-dns.settings": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings written directly to the `acme-dns.cfg` file.\nRefer to <https://github.com/joohoi/acme-dns/blob/master/README.md#configuration> for supported values.\n", "loc": ["services", "acme-dns", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.acme-dns.settings.api.disable_registration": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the HTTP registration endpoint.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "acme-dns", "settings", "api", "disable_registration"], "readOnly": false, "type": "boolean"}, "services.acme-dns.settings.api.ip": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "IP to bind the HTTP API on.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "acme-dns", "settings", "api", "ip"], "readOnly": false, "type": "string"}, "services.acme-dns.settings.api.port": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Listen port for the HTTP API.", "loc": ["services", "acme-dns", "settings", "api", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.acme-dns.settings.api.tls": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "TLS backend to use.", "loc": ["services", "acme-dns", "settings", "api", "tls"], "readOnly": false, "type": "one of \"letsencrypt\", \"letsencryptstaging\", \"cert\", \"none\""}, "services.acme-dns.settings.database.connection": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme-dns/acme-dns.db\""}, "description": "Database connection string.", "example": {"_type": "literalExpression", "text": "\"postgres://user:password@localhost/acmedns\""}, "loc": ["services", "acme-dns", "settings", "database", "connection"], "readOnly": false, "type": "string"}, "services.acme-dns.settings.database.engine": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.", "loc": ["services", "acme-dns", "settings", "database", "engine"], "readOnly": false, "type": "one of \"sqlite\", \"postgres\""}, "services.acme-dns.settings.general.domain": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "description": "Domain name to serve the requests off of.", "example": {"_type": "literalExpression", "text": "\"acme-dns.example.com\""}, "loc": ["services", "acme-dns", "settings", "general", "domain"], "readOnly": false, "type": "string"}, "services.acme-dns.settings.general.listen": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:53\""}, "description": "IP+port combination to bind and serve the DNS server on.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:53\""}, "loc": ["services", "acme-dns", "settings", "general", "listen"], "readOnly": false, "type": "string"}, "services.acme-dns.settings.general.nsadmin": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "description": "Zone admin email address for `SOA`.", "example": {"_type": "literalExpression", "text": "\"admin.example.com\""}, "loc": ["services", "acme-dns", "settings", "general", "nsadmin"], "readOnly": false, "type": "string"}, "services.acme-dns.settings.general.nsname": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "description": "Zone name server.", "example": {"_type": "literalExpression", "text": "\"acme-dns.example.com\""}, "loc": ["services", "acme-dns", "settings", "general", "nsname"], "readOnly": false, "type": "string"}, "services.acme-dns.settings.general.protocol": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"both\""}, "description": "Protocols to serve DNS responses on.", "loc": ["services", "acme-dns", "settings", "general", "protocol"], "readOnly": false, "type": "one of \"both\", \"both4\", \"both6\", \"udp\", \"udp4\", \"udp6\", \"tcp\", \"tcp4\", \"tcp6\""}, "services.acme-dns.settings.general.records": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "description": "Predefined DNS records served in addition to the `_acme-challenge` TXT records.", "example": {"_type": "literalExpression", "text": "[\n  # replace with your acme-dns server's public IPv4\n  \"acme-dns.example.com. A 198.51.100.1\"\n  # replace with your acme-dns server's public IPv6\n  \"acme-dns.example.com. AAAA 2001:db8::1\"\n  # acme-dns.example.com should resolve any *.acme-dns.example.com records\n  \"acme-dns.example.com. NS acme-dns.example.com.\"\n]\n"}, "loc": ["services", "acme-dns", "settings", "general", "records"], "readOnly": false, "type": "list of string"}, "services.acme-dns.settings.logconfig.loglevel": {"declarations": ["nixos/modules/services/networking/acme-dns.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Level to log on.", "loc": ["services", "acme-dns", "settings", "logconfig", "loglevel"], "readOnly": false, "type": "one of \"error\", \"warning\", \"info\", \"debug\""}, "services.acpid.acEventCommands": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to execute on an ac_adapter.* event.", "loc": ["services", "acpid", "acEventCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.acpid.enable": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the ACPI daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "acpid", "enable"], "readOnly": false, "type": "boolean"}, "services.acpid.handlers": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Event handlers.\n\n::: {.note}\nHandler can be a single command.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  ac-power = {\n    action = ''\n      vals=($1)  # space separated string to array of multiple values\n      case ''${vals[3]} in\n          00000000)\n              echo unplugged >> /tmp/acpi.log\n              ;;\n          00000001)\n              echo plugged in >> /tmp/acpi.log\n              ;;\n          *)\n              echo unknown >> /tmp/acpi.log\n              ;;\n      esac\n    '';\n    event = \"ac_adapter/*\";\n  };\n}"}, "loc": ["services", "acpid", "handlers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.acpid.handlers.<name>.action": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "description": "Shell commands to execute when the event is triggered.", "loc": ["services", "acpid", "handlers", "<name>", "action"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.acpid.handlers.<name>.event": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "description": "Event type.", "example": {"_type": "literalExpression", "text": "\"button/power.*\" \"button/lid.*\" \"ac_adapter.*\" \"button/mute.*\" \"button/volumedown.*\" \"cd/play.*\" \"cd/next.*\""}, "loc": ["services", "acpid", "handlers", "<name>", "event"], "readOnly": false, "type": "string"}, "services.acpid.lidEventCommands": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to execute on a button/lid.* event.", "loc": ["services", "acpid", "lidEventCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.acpid.logEvents": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log all event activity.", "loc": ["services", "acpid", "logEvents"], "readOnly": false, "type": "boolean"}, "services.acpid.powerEventCommands": {"declarations": ["nixos/modules/services/hardware/acpid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to execute on a button/power.* event.", "loc": ["services", "acpid", "powerEventCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.activemq.baseDir": {"declarations": ["nixos/modules/services/amqp/activemq/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/activemq\""}, "description": "The base directory where ActiveMQ stores its persistent data and logs.\nThis will be overridden if you set \"activemq.base\" and \"activemq.data\"\nin the `javaProperties` option. You can also override\nthis in activemq.xml.\n", "loc": ["services", "activemq", "baseDir"], "readOnly": false, "type": "string"}, "services.activemq.configurationDir": {"declarations": ["nixos/modules/services/amqp/activemq/default.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.activemq}/conf\""}, "description": "The base directory for ActiveMQ's configuration.\nBy default, this directory is searched for a file named activemq.xml,\nwhich should contain the configuration for the broker service.\n", "loc": ["services", "activemq", "configurationDir"], "readOnly": false, "type": "string"}, "services.activemq.configurationURI": {"declarations": ["nixos/modules/services/amqp/activemq/default.nix"], "default": {"_type": "literalExpression", "text": "\"xbean:activemq.xml\""}, "description": "The URI that is passed along to the BrokerFactory to\nset up the configuration of the ActiveMQ broker service.\nYou should not need to change this. For custom configuration,\nset the `configurationDir` instead, and create\nan activemq.xml configuration file in it.\n", "loc": ["services", "activemq", "configurationURI"], "readOnly": false, "type": "string"}, "services.activemq.enable": {"declarations": ["nixos/modules/services/amqp/activemq/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Apache ActiveMQ message broker service.\n", "loc": ["services", "activemq", "enable"], "readOnly": false, "type": "boolean"}, "services.activemq.extraJavaOptions": {"declarations": ["nixos/modules/services/amqp/activemq/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Add extra options here that you want to be sent to the\nJava runtime when the broker service is started.\n", "example": {"_type": "literalExpression", "text": "\"-Xmx2G -Xms2G -XX:MaxPermSize=512M\""}, "loc": ["services", "activemq", "extraJavaOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.activemq.javaProperties": {"declarations": ["nixos/modules/services/amqp/activemq/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specifies Java properties that are sent to the ActiveMQ\nbroker service with the \"-D\" option. You can set properties\nhere to change the behaviour and configuration of the broker.\nAll essential properties that are not set here are automatically\ngiven reasonable defaults.\n", "example": {"_type": "literalExpression", "text": "{\n  \"java.net.preferIPv4Stack\" = \"true\";\n}\n"}, "loc": ["services", "activemq", "javaProperties"], "readOnly": false, "type": "attribute set"}, "services.actkbd.bindings": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Key bindings for {command}`actkbd`.\n\nSee {command}`actkbd` {file}`README` for documentation.\n\nThe example shows a piece of what {option}`sound.mediaKeys.enable` does when enabled.\n", "example": {"_type": "literalExpression", "text": "[ { keys = [ 113 ]; events = [ \"key\" ]; command = \"${pkgs.alsa-utils}/bin/amixer -q set Master toggle\"; }\n]\n"}, "loc": ["services", "actkbd", "bindings"], "readOnly": false, "type": "list of (submodule)"}, "services.actkbd.bindings.*.attributes": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"exec\"\n]"}, "description": "List of attributes.", "loc": ["services", "actkbd", "bindings", "*", "attributes"], "readOnly": false, "type": "list of string"}, "services.actkbd.bindings.*.command": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "What to run.", "loc": ["services", "actkbd", "bindings", "*", "command"], "readOnly": false, "type": "string"}, "services.actkbd.bindings.*.events": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"key\"\n]"}, "description": "List of events to match.", "loc": ["services", "actkbd", "bindings", "*", "events"], "readOnly": false, "type": "list of (one of \"key\", \"rep\", \"rel\")"}, "services.actkbd.bindings.*.keys": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "description": "List of keycodes to match.", "loc": ["services", "actkbd", "bindings", "*", "keys"], "readOnly": false, "type": "list of signed integer"}, "services.actkbd.enable": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the {command}`actkbd` key mapping daemon.\n\nTurning this on will start an {command}`actkbd`\ninstance for every evdev input that has at least one key\n(which is okay even for systems with tiny memory footprint,\nsince actkbd normally uses \\<100 bytes of memory per\ninstance).\n\nThis allows binding keys globally without the need for e.g.\nX11.\n", "loc": ["services", "actkbd", "enable"], "readOnly": false, "type": "boolean"}, "services.actkbd.extraConfig": {"declarations": ["nixos/modules/services/hardware/actkbd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Literal contents to append to the end of actkbd configuration file.\n", "loc": ["services", "actkbd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.actual.enable": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable actual, a privacy focused app for managing your finances.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "actual", "enable"], "readOnly": false, "type": "boolean"}, "services.actual.group": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group account under which Actual runs.\n\nIf null is specified (default), a temporary user will be created by systemd. Otherwise won't be automatically created by the service.\n", "loc": ["services", "actual", "group"], "readOnly": false, "type": "null or string"}, "services.actual.openFirewall": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified port.", "loc": ["services", "actual", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.actual.package": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "pkgs.actual-server"}, "description": "The actual-server package to use.", "loc": ["services", "actual", "package"], "readOnly": false, "type": "package"}, "services.actual.settings": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Server settings, refer to [the documentation](https://actualbudget.org/docs/config/) for available options.\nYou can specify secret values in this configuration by setting `somevalue._secret = \"/path/to/file\"` instead of setting `somevalue` directly.\n", "loc": ["services", "actual", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.actual.settings.dataDir": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/actual\""}, "description": "Directory under which Actual runs and saves its data.\n\nChanging this after you already have a working instance may make Actual fail to start, even if you move all files in the data dir. If migration is needed, refer to [this comment](https://github.com/actualbudget/actual/issues/3957#issuecomment-2567076794) for a fix.\n", "loc": ["services", "actual", "settings", "dataDir"], "readOnly": false, "type": "string"}, "services.actual.settings.hostname": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "The address to listen on", "loc": ["services", "actual", "settings", "hostname"], "readOnly": false, "type": "string"}, "services.actual.settings.port": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port to listen on", "loc": ["services", "actual", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.actual.settings.serverFiles": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "\"\\${cfg.settings.dataDir}/server-files\""}, "description": "The server will put an account.sqlite file in this directory, which will contain the (hashed) server password, a list of all the budget files the server knows about, and the active session token (along with anything else the server may want to store in the future).\n", "loc": ["services", "actual", "settings", "serverFiles"], "readOnly": false, "type": "string"}, "services.actual.settings.userFiles": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "\"\\${cfg.settings.dataDir}/user-files\""}, "description": "The server will put all the budget files in this directory as binary blobs.\n", "loc": ["services", "actual", "settings", "userFiles"], "readOnly": false, "type": "string"}, "services.actual.user": {"declarations": ["nixos/modules/services/web-apps/actual.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User account under which Actual runs.\n\nIf null is specified (default), a temporary user will be created by systemd. Otherwise won't be automatically created by the service.\n", "loc": ["services", "actual", "user"], "readOnly": false, "type": "null or string"}, "services.adguardhome.allowDHCP": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "config.services.adguardhome.settings.dhcp.enabled or false"}, "description": "Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is\nrequired for the integrated DHCP server.\n\nThe default enables this conditionally if the declarative configuration\nenables the integrated DHCP server. Manually setting this option is only\nrequired for non-declarative setups.\n", "loc": ["services", "adguardhome", "allowDHCP"], "readOnly": false, "type": "boolean"}, "services.adguardhome.enable": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable AdGuard Home network-wide ad blocker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "adguardhome", "enable"], "readOnly": false, "type": "boolean"}, "services.adguardhome.extraArgs": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line parameters to be passed to the adguardhome binary.\n", "loc": ["services", "adguardhome", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.adguardhome.host": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Host address to bind HTTP server to.\n", "loc": ["services", "adguardhome", "host"], "readOnly": false, "type": "string"}, "services.adguardhome.mutableSettings": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow changes made on the AdGuard Home web interface to persist between\nservice restarts.\n", "loc": ["services", "adguardhome", "mutableSettings"], "readOnly": false, "type": "boolean"}, "services.adguardhome.openFirewall": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the AdGuard Home web interface. Does not\nopen the port needed to access the DNS resolver.\n", "loc": ["services", "adguardhome", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.adguardhome.package": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adguardhome"}, "description": "The package that runs adguardhome.\n", "loc": ["services", "adguardhome", "package"], "readOnly": false, "type": "package"}, "services.adguardhome.port": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port to serve HTTP pages on.\n", "loc": ["services", "adguardhome", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.adguardhome.settings": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "AdGuard Home configuration. Refer to\n<https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file>\nfor details on supported values.\n\n::: {.note}\nOn start and if {option}`mutableSettings` is `true`,\nthese options are merged into the configuration file on start, taking\nprecedence over configuration changes made on the web interface.\n\nSet this to `null` (default) for a non-declarative configuration without any\nNix-supplied values.\nDeclarative configurations are supplied with a default `schema_version`, and `http.address`.\n:::\n", "loc": ["services", "adguardhome", "settings"], "readOnly": false, "type": "null or (open submodule of (YAML 1.1 value))"}, "services.adguardhome.settings.schema_version": {"declarations": ["nixos/modules/services/networking/adguardhome.nix"], "default": {"_type": "literalExpression", "text": "cfg.package.schema_version"}, "description": "Schema version for the configuration.\nDefaults to the `schema_version` supplied by `cfg.package`.\n", "loc": ["services", "adguardhome", "settings", "schema_version"], "readOnly": false, "type": "signed integer"}, "services.aerospike.enable": {"declarations": ["nixos/modules/services/databases/aerospike.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Aerospike server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "aerospike", "enable"], "readOnly": false, "type": "boolean"}, "services.aerospike.extraConfig": {"declarations": ["nixos/modules/services/databases/aerospike.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration", "example": {"_type": "literalExpression", "text": "''\n  namespace test {\n    replication-factor 2\n    memory-size 4G\n    default-ttl 30d\n    storage-engine memory\n  }\n''"}, "loc": ["services", "aerospike", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.aerospike.networkConfig": {"declarations": ["nixos/modules/services/databases/aerospike.nix"], "default": {"_type": "literalExpression", "text": "''\n  service {\n    address any\n    port 3000\n  }\n  \n  heartbeat {\n    address any\n    mode mesh\n    port 3002\n    interval 150\n    timeout 10\n  }\n  \n  fabric {\n    address any\n    port 3001\n  }\n  \n  info {\n    address any\n    port 3003\n  }\n''"}, "description": "network section of configuration file", "loc": ["services", "aerospike", "networkConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.aerospike.package": {"declarations": ["nixos/modules/services/databases/aerospike.nix"], "default": {"_type": "literalExpression", "text": "pkgs.aerospike"}, "description": "The aerospike package to use.", "loc": ["services", "aerospike", "package"], "readOnly": false, "type": "package"}, "services.aerospike.workDir": {"declarations": ["nixos/modules/services/databases/aerospike.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/aerospike\""}, "description": "Location where Aerospike stores its files", "loc": ["services", "aerospike", "workDir"], "readOnly": false, "type": "string"}, "services.aesmd.enable": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Intel's Architectural Enclave Service Manager (AESM) for Intel SGX.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "aesmd", "enable"], "readOnly": false, "type": "boolean"}, "services.aesmd.environment": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to pass to the AESM service.", "example": {"_type": "literalExpression", "text": "{\n  AZDCAP_COLLATERAL_VERSION = \"v2\";\n  AZDCAP_DEBUG_LOG_LEVEL = \"INFO\";\n}"}, "loc": ["services", "aesmd", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.aesmd.package": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sgx-psw"}, "description": "The sgx-psw package to use.", "loc": ["services", "aesmd", "package"], "readOnly": false, "type": "package"}, "services.aesmd.quoteProviderLibrary": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom quote provider library to use.", "example": {"_type": "literalExpression", "text": "pkgs.sgx-azure-dcap-client"}, "loc": ["services", "aesmd", "quoteProviderLibrary"], "readOnly": false, "type": "null or absolute path"}, "services.aesmd.settings": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "AESM configuration", "loc": ["services", "aesmd", "settings"], "readOnly": false, "type": "submodule"}, "services.aesmd.settings.defaultQuotingType": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Attestation quote type.", "example": {"_type": "literalExpression", "text": "\"ecdsa_256\""}, "loc": ["services", "aesmd", "settings", "defaultQuotingType"], "readOnly": false, "type": "null or one of \"ecdsa_256\", \"epid_linkable\", \"epid_unlinkable\""}, "services.aesmd.settings.proxy": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP network proxy.", "example": {"_type": "literalExpression", "text": "\"http://proxy_url:1234\""}, "loc": ["services", "aesmd", "settings", "proxy"], "readOnly": false, "type": "null or string"}, "services.aesmd.settings.proxyType": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "if (config.services.aesmd.settings.proxy != null) then \"manual\" else null\n"}, "description": "Type of proxy to use. The `default` uses the system's default proxy.\nIf `direct` is given, uses no proxy.\nA value of `manual` uses the proxy from\n{option}`services.aesmd.settings.proxy`.\n", "example": {"_type": "literalExpression", "text": "\"default\""}, "loc": ["services", "aesmd", "settings", "proxyType"], "readOnly": false, "type": "null or one of \"default\", \"direct\", \"manual\""}, "services.aesmd.settings.whitelistUrl": {"declarations": ["nixos/modules/services/security/aesmd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL to retrieve authorized Intel SGX enclave signers.", "example": {"_type": "literalExpression", "text": "\"http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin\""}, "loc": ["services", "aesmd", "settings", "whitelistUrl"], "readOnly": false, "type": "null or string"}, "services.agate.addresses": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:1965\"\n]"}, "description": "Addresses to listen on, IP:PORT, if you haven't disabled forwarding\nonly set IPv4.\n", "loc": ["services", "agate", "addresses"], "readOnly": false, "type": "list of string"}, "services.agate.certificatesDir": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/agate/certificates\""}, "description": "Root of the certificate directory.", "loc": ["services", "agate", "certificatesDir"], "readOnly": false, "type": "absolute path"}, "services.agate.contentDir": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/agate/content\""}, "description": "Root of the content directory.", "loc": ["services", "agate", "contentDir"], "readOnly": false, "type": "absolute path"}, "services.agate.enable": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Agate Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "agate", "enable"], "readOnly": false, "type": "boolean"}, "services.agate.extraArgs": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"\"\n]"}, "description": "Extra arguments to use running agate.", "example": {"_type": "literalExpression", "text": "[\n  \"--log-ip\"\n]"}, "loc": ["services", "agate", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.agate.hostnames": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Domain name of this Gemini server, enables checking hostname and port\nin requests. (multiple occurrences means basic vhosts)\n", "loc": ["services", "agate", "hostnames"], "readOnly": false, "type": "list of string"}, "services.agate.language": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "RFC 4646 Language code for text/gemini documents.", "loc": ["services", "agate", "language"], "readOnly": false, "type": "null or string"}, "services.agate.onlyTls_1_3": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only use TLSv1.3 (default also allows TLSv1.2).", "loc": ["services", "agate", "onlyTls_1_3"], "readOnly": false, "type": "boolean"}, "services.agate.package": {"declarations": ["nixos/modules/services/web-servers/agate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.agate"}, "description": "The agate package to use.", "loc": ["services", "agate", "package"], "readOnly": false, "type": "package"}, "services.agorakit.appKeyFile": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "description": "A file containing the Laravel APP_KEY - a 32 character long,\nbase64 encoded key used for encryption where needed. Can be\ngenerated with <code>head -c 32 /dev/urandom | base64</code>.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/agorakit-appkey\""}, "loc": ["services", "agorakit", "appKeyFile"], "readOnly": false, "type": "absolute path"}, "services.agorakit.appURL": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"http\\${lib.optionalString tlsEnabled \\\"s\\\"}://\\${cfg.hostName}\""}, "description": "The root URL that you want to host agorakit on. All URLs in agorakit will be generated using this value.\nIf you change this in the future you may need to run a command to update stored URLs in the database.\nCommand example: <code>php artisan agorakit:update-url https://old.example.com https://new.example.com</code>\n", "example": {"_type": "literalExpression", "text": "\"https://example.com\""}, "loc": ["services", "agorakit", "appURL"], "readOnly": false, "type": "string"}, "services.agorakit.config": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Agorakit configuration options to set in the\n<filename>.env</filename> file.\n\nRefer to <link xlink:href=\"https://github.com/agorakit/agorakit\"/>\nfor details on supported values.\n\nSettings containing secret data should be set to an attribute\nset containing the attribute <literal>_secret</literal> - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting <filename>.env</filename> file, the\n<literal>OIDC_CLIENT_SECRET</literal> key will be set to the\ncontents of the <filename>/run/keys/oidc_secret</filename>\nfile.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    ALLOWED_IFRAME_HOSTS = \"https://example.com\";\n    AUTH_METHOD = \"oidc\";\n    OIDC_NAME = \"MyLogin\";\n    OIDC_DISPLAY_NAME_CLAIMS = \"name\";\n    OIDC_CLIENT_ID = \"agorakit\";\n    OIDC_CLIENT_SECRET = {_secret = \"/run/keys/oidc_secret\"};\n    OIDC_ISSUER = \"https://keycloak.example.com/auth/realms/My%20Realm\";\n    OIDC_ISSUER_DISCOVER = true;\n  }\n''"}, "loc": ["services", "agorakit", "config"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))"}, "services.agorakit.dataDir": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/agorakit\""}, "description": "agorakit data directory", "loc": ["services", "agorakit", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.agorakit.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "agorakit", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.agorakit.database.host": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "agorakit", "database", "host"], "readOnly": false, "type": "string"}, "services.agorakit.database.name": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"agorakit\""}, "description": "Database name.", "loc": ["services", "agorakit", "database", "name"], "readOnly": false, "type": "string"}, "services.agorakit.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n<option>database.user</option>.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/agorakit-dbpassword\""}, "loc": ["services", "agorakit", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.database.port": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "agorakit", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.agorakit.database.user": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "user"}, "description": "Database username.", "loc": ["services", "agorakit", "database", "user"], "readOnly": false, "type": "string"}, "services.agorakit.enable": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable agorakit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "agorakit", "enable"], "readOnly": false, "type": "boolean"}, "services.agorakit.group": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"agorakit\""}, "description": "Group agorakit runs as.", "loc": ["services", "agorakit", "group"], "readOnly": false, "type": "string"}, "services.agorakit.hostName": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdn"}, "description": "The hostname to serve agorakit on.\n", "example": {"_type": "literalExpression", "text": "\"agorakit.example.com\""}, "loc": ["services", "agorakit", "hostName"], "readOnly": false, "type": "string"}, "services.agorakit.mail.driver": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"smtp\""}, "description": "Mail driver to use.", "loc": ["services", "agorakit", "mail", "driver"], "readOnly": false, "type": "one of \"smtp\", \"sendmail\""}, "services.agorakit.mail.encryption": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP encryption mechanism to use.", "loc": ["services", "agorakit", "mail", "encryption"], "readOnly": false, "type": "null or value \"tls\" (singular enum)"}, "services.agorakit.mail.from": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"mail@agorakit.com\""}, "description": "Mail \"from\" email.", "loc": ["services", "agorakit", "mail", "from"], "readOnly": false, "type": "string"}, "services.agorakit.mail.fromName": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"agorakit\""}, "description": "Mail \"from\" name.", "loc": ["services", "agorakit", "mail", "fromName"], "readOnly": false, "type": "string"}, "services.agorakit.mail.host": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Mail host address.", "loc": ["services", "agorakit", "mail", "host"], "readOnly": false, "type": "string"}, "services.agorakit.mail.passwordFile": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n<option>mail.user</option>.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/agorakit-mailpassword\""}, "loc": ["services", "agorakit", "mail", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.mail.port": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "1025"}, "description": "Mail host port.", "loc": ["services", "agorakit", "mail", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.agorakit.mail.user": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mail username.", "example": {"_type": "literalExpression", "text": "\"agorakit\""}, "loc": ["services", "agorakit", "mail", "user"], "readOnly": false, "type": "null or string"}, "services.agorakit.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"18M\""}, "description": "The maximum size for uploads (e.g. images).", "example": {"_type": "literalExpression", "text": "\"1G\""}, "loc": ["services", "agorakit", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.agorakit.nginx": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "With this option, you can customize the nginx virtualHost settings.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    serverAliases = [\n      \"agorakit.''${config.networking.domain}\"\n    ];\n    # To enable encryption and let let's encrypt take care of certificate\n    forceSSL = true;\n    enableACME = true;\n  }\n''"}, "loc": ["services", "agorakit", "nginx"], "readOnly": false, "type": "submodule"}, "services.agorakit.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "agorakit", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "agorakit", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "agorakit", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "agorakit", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.agorakit.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "agorakit", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.nginx.default": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "agorakit", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "agorakit", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "agorakit", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.agorakit.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "agorakit", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "agorakit", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "agorakit", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "agorakit", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "agorakit", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "agorakit", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "agorakit", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.agorakit.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "description": "Listen address.", "loc": ["services", "agorakit", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.agorakit.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "agorakit", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.agorakit.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "agorakit", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.agorakit.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "agorakit", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "agorakit", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "agorakit", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.agorakit.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "agorakit", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.agorakit.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.agorakit.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "agorakit", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "agorakit", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.agorakit.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "agorakit", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.agorakit.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "agorakit", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.agorakit.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "agorakit", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "agorakit", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.agorakit.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "agorakit", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "agorakit", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "agorakit", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "agorakit", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.agorakit.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "agorakit", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "agorakit", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.agorakit.nginx.root": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "agorakit", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "agorakit", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.agorakit.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "agorakit", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.agorakit.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "agorakit", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.agorakit.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "agorakit", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.agorakit.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "agorakit", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.agorakit.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "agorakit", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.agorakit.phpPackage": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php82"}, "description": "The php82 package to use.", "loc": ["services", "agorakit", "phpPackage"], "readOnly": false, "type": "package"}, "services.agorakit.poolConfig": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the agorakit PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "agorakit", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.agorakit.user": {"declarations": ["nixos/modules/services/web-apps/agorakit.nix"], "default": {"_type": "literalExpression", "text": "\"agorakit\""}, "description": "User agorakit runs as.", "loc": ["services", "agorakit", "user"], "readOnly": false, "type": "string"}, "services.airsonic.contextPath": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "The context path, i.e., the last part of the Airsonic\nURL. Typically '/' or '/airsonic'. Default '/'\n", "loc": ["services", "airsonic", "contextPath"], "readOnly": false, "type": "absolute path"}, "services.airsonic.enable": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "airsonic", "enable"], "readOnly": false, "type": "boolean"}, "services.airsonic.home": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/airsonic\""}, "description": "The directory where Airsonic will create files.\nMake sure it is writable.\n", "loc": ["services", "airsonic", "home"], "readOnly": false, "type": "absolute path"}, "services.airsonic.jre": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jre8"}, "description": "The jre8 package to use. ::: {.note}\nAirsonic only supports Java 8, airsonic-advanced requires at least\nJava 11.\n:::\n", "loc": ["services", "airsonic", "jre"], "readOnly": false, "type": "package"}, "services.airsonic.jvmOptions": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for the JVM running AirSonic.\nUseful for sending jukebox output to non-default alsa\ndevices.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'\"\n  \"-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'\"\n  \"-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'\"\n  \"-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'\"\n]"}, "loc": ["services", "airsonic", "jvmOptions"], "readOnly": false, "type": "list of string"}, "services.airsonic.listenAddress": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host name or IP address on which to bind Airsonic.\nThe default value is appropriate for first launch, when the\ndefault credentials are easy to guess. It is also appropriate\nif you intend to use the virtualhost option in the service\nmodule. In other cases, you may want to change this to a\nspecific IP or 0.0.0.0 to listen on all interfaces.\n", "loc": ["services", "airsonic", "listenAddress"], "readOnly": false, "type": "string"}, "services.airsonic.maxMemory": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "The memory limit (max Java heap size) in megabytes.\nDefault: 100\n", "loc": ["services", "airsonic", "maxMemory"], "readOnly": false, "type": "signed integer"}, "services.airsonic.port": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "4040"}, "description": "The port on which Airsonic will listen for\nincoming HTTP traffic. Set to 0 to disable.\n", "loc": ["services", "airsonic", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.airsonic.transcoders": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "[ \"${pkgs.ffmpeg.bin}/bin/ffmpeg\" ]"}, "description": "List of paths to transcoder executables that should be accessible\nfrom Airsonic. Symlinks will be created to each executable inside\n${config.services.airsonic.home}/transcoders.\n", "loc": ["services", "airsonic", "transcoders"], "readOnly": false, "type": "list of absolute path"}, "services.airsonic.user": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "\"airsonic\""}, "description": "User account under which airsonic runs.", "loc": ["services", "airsonic", "user"], "readOnly": false, "type": "string"}, "services.airsonic.virtualHost": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.\n", "loc": ["services", "airsonic", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.airsonic.war": {"declarations": ["nixos/modules/services/misc/airsonic.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.airsonic}/webapps/airsonic.war\""}, "description": "Airsonic war file to use.", "loc": ["services", "airsonic", "war"], "readOnly": false, "type": "absolute path"}, "services.akkoma.config": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Configuration for Akkoma. The attributes are serialised to Elixir DSL.\n\nRefer to <https://docs.akkoma.dev/stable/configuration/cheatsheet/> for\nconfiguration options.\n\nSettings containing secret data should be set to an attribute set containing the\nattribute `_secret` - a string pointing to a file containing the value the option\nshould be set to.\n", "loc": ["services", "akkoma", "config"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (Elixir value)"}, "services.akkoma.config.\":joken\".\":default_signer\"": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/jwt-signer\";\n}"}, "description": "JWT signing secret.\n\nThe attribute `_secret` should point to a file containing the secret.\n\nThis secret can be generated as follows:\n\n```ShellSession\n$ tr -dc 'A-Za-z0-9-._~' </dev/urandom | head -c 64\n```\n", "loc": ["services", "akkoma", "config", ":joken", ":default_signer"], "readOnly": false, "type": "secret value"}, "services.akkoma.config.\":logger\".\":ex_syslogger\".level": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\":info\""}, "description": "Log level.\n\nRefer to\n<https://hexdocs.pm/logger/Logger.html#module-levels>\nfor options.\n", "example": {"_type": "literalExpression", "text": "\":warning\""}, "loc": ["services", "akkoma", "config", ":logger", ":ex_syslogger", "level"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":pleroma\".\":frontends\"": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "lib.mapAttrs (key: val:\n  (pkgs.formats.elixirConf { }).lib.mkMap { name = val.name; ref = val.ref; })\n  config.services.akkoma.frontends;\n"}, "description": "Frontend configuration.\n\nUsers should rely on the default value and prefer to configure frontends through\n[{option}`config.services.akkoma.frontends`](#opt-services.akkoma.frontends).\n", "loc": ["services", "akkoma", "config", ":pleroma", ":frontends"], "readOnly": false, "type": "Elixir value"}, "services.akkoma.config.\":pleroma\".\":instance\".description": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Instance description.", "loc": ["services", "akkoma", "config", ":pleroma", ":instance", "description"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":pleroma\".\":instance\".email": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Instance administrator email.", "loc": ["services", "akkoma", "config", ":pleroma", ":instance", "email"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":pleroma\".\":instance\".name": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Instance name.", "loc": ["services", "akkoma", "config", ":pleroma", ":instance", "name"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":pleroma\".\":instance\".static_dir": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalMD", "text": "Derivation gathering the following paths into a directory:\n\n- [{option}`services.akkoma.frontends`](#opt-services.akkoma.frontends)\n- [{option}`services.akkoma.extraStatic`](#opt-services.akkoma.extraStatic)\n"}, "description": "Directory of static files.\n\nThis directory can be built using a derivation, or it can be managed as mutable\nstate by setting the option to an absolute path.\n", "loc": ["services", "akkoma", "config", ":pleroma", ":instance", "static_dir"], "readOnly": false, "type": "absolute path"}, "services.akkoma.config.\":pleroma\".\":instance\".upload_dir": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/akkoma/uploads\""}, "description": "Directory where Akkoma will put uploaded files.\n", "loc": ["services", "akkoma", "config", ":pleroma", ":instance", "upload_dir"], "readOnly": false, "type": "absolute path"}, "services.akkoma.config.\":pleroma\".\":media_proxy\".base_url": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "if lib.versionOlder config.system.stateVersion \"24.05\"\nthen \"$\\{httpConf.scheme}://$\\{httpConf.host}:$\\{toString httpConf.port}\"\nelse null;\n"}, "description": "Base path for the media proxy.\nWhilst this can just be set to a subdirectory of the main domain, it is now recommended to use a different subdomain.\n", "loc": ["services", "akkoma", "config", ":pleroma", ":media_proxy", "base_url"], "readOnly": false, "type": "null or non-empty string"}, "services.akkoma.config.\":pleroma\".\":media_proxy\".enabled": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable proxying of remote media through the instance's proxy.\n", "loc": ["services", "akkoma", "config", ":pleroma", ":media_proxy", "enabled"], "readOnly": false, "type": "boolean"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Repo\"": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  adapter = (pkgs.formats.elixirConf { }).lib.mkRaw \"Ecto.Adapters.Postgres\";\n  socket_dir = \"/run/postgresql\";\n  username = config.services.akkoma.user;\n  database = \"akkoma\";\n}\n"}, "description": "Database configuration.\n\nRefer to\n<https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options>\nfor options.\n", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Repo"], "readOnly": false, "type": "Elixir value"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Upload\".base_url": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "if lib.versionOlder config.system.stateVersion \"24.05\"\nthen \"$\\{httpConf.scheme}://$\\{httpConf.host}:$\\{toString httpConf.port}/media/\"\nelse null;\n"}, "description": "Base path which uploads will be stored at.\nWhilst this can just be set to a subdirectory of the main domain, it is now recommended to use a different subdomain.\n", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Upload", "base_url"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".http.ip": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"/run/akkoma/socket\""}, "description": "Listener IP address or Unix socket path.\n\nThe value is automatically converted to Elixir\u2019s internal address\nrepresentation during serialisation.\n", "example": {"_type": "literalExpression", "text": "\"::1\""}, "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "http", "ip"], "readOnly": false, "type": "absolute path or IPv4 or IPv6 address"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".http.port": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "if isAbsolutePath config.services.akkoma.config.:pleroma\".\"Pleroma.Web.Endpoint\".http.ip\n  then 0\n  else 4000;\n"}, "description": "Listener port number.\n\nMust be 0 if using a Unix socket.\n", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".live_view.signing_salt": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/liveview-salt\";\n}"}, "description": "LiveView signing salt.\n\nThe attribute `_secret` should point to a file containing the secret.\n\nThis salt can be generated as follows:\n\n```ShellSession\n$ tr -dc 'A-Za-z0-9-._~' </dev/urandom | head -c 8\n```\n", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "live_view", "signing_salt"], "readOnly": false, "type": "secret value"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".secret_key_base": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/key-base\";\n}"}, "description": "Secret key used as a base to generate further secrets for encrypting and\nsigning data.\n\nThe attribute `_secret` should point to a file containing the secret.\n\nThis key can generated can be generated as follows:\n\n```ShellSession\n$ tr -dc 'A-Za-z-._~' </dev/urandom | head -c 64\n```\n", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "secret_key_base"], "readOnly": false, "type": "secret value"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".signing_salt": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/signing-salt\";\n}"}, "description": "Signing salt.\n\nThe attribute `_secret` should point to a file containing the secret.\n\nThis salt can be generated as follows:\n\n```ShellSession\n$ tr -dc 'A-Za-z0-9-._~' </dev/urandom | head -c 8\n```\n", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "signing_salt"], "readOnly": false, "type": "secret value"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".url.host": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdn"}, "description": "Domain name of the instance.", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "url", "host"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".url.port": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "External port number.", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "url", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.akkoma.config.\":pleroma\".\"Pleroma.Web.Endpoint\".url.scheme": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"https\""}, "description": "URL scheme.", "loc": ["services", "akkoma", "config", ":pleroma", "Pleroma.Web.Endpoint", "url", "scheme"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.config.\":web_push_encryption\"": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Web Push Notifications configuration.\n\nThe necessary key pair can be generated as follows:\n\n```ShellSession\n$ nix-shell -p nodejs --run 'npx web-push generate-vapid-keys'\n```\n", "loc": ["services", "akkoma", "config", ":web_push_encryption"], "readOnly": false, "type": "open submodule of (Elixir value)"}, "services.akkoma.config.\":web_push_encryption\".\":vapid_details\".private_key": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/vapid-private\";\n}"}, "description": "base64-encoded private ECDH key.\n\nThe attribute `_secret` should point to a file containing the secret.\n", "loc": ["services", "akkoma", "config", ":web_push_encryption", ":vapid_details", "private_key"], "readOnly": false, "type": "secret value"}, "services.akkoma.config.\":web_push_encryption\".\":vapid_details\".public_key": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/vapid-public\";\n}"}, "description": "base64-encoded public ECDH key.", "loc": ["services", "akkoma", "config", ":web_push_encryption", ":vapid_details", "public_key"], "readOnly": false, "type": "non-empty string or secret value"}, "services.akkoma.config.\":web_push_encryption\".\":vapid_details\".subject": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"mailto:${config.services.akkoma.config.\":pleroma\".\":instance\".email}\"\n"}, "description": "mailto URI for administrative contact.", "loc": ["services", "akkoma", "config", ":web_push_encryption", ":vapid_details", "subject"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.dist.address": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address for Erlang distribution protocol and Port Mapper Daemon (epmd).\n", "loc": ["services", "akkoma", "dist", "address"], "readOnly": false, "type": "IPv4 or IPv6 address"}, "services.akkoma.dist.cookie": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Erlang release cookie.\n\nIf set to `null`, a temporary random cookie will be generated.\n", "example": {"_type": "literalExpression", "text": "{\n  _secret = \"/var/lib/secrets/akkoma/releaseCookie\";\n}"}, "loc": ["services", "akkoma", "dist", "cookie"], "readOnly": false, "type": "null or secret value"}, "services.akkoma.dist.epmdPort": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "4369"}, "description": "TCP port to bind Erlang Port Mapper Daemon to.", "loc": ["services", "akkoma", "dist", "epmdPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.akkoma.dist.extraFlags": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to Erlang", "example": {"_type": "literalExpression", "text": "[\n  \"+sbwt\"\n  \"none\"\n  \"+sbwtdcpu\"\n  \"none\"\n  \"+sbwtdio\"\n  \"none\"\n]"}, "loc": ["services", "akkoma", "dist", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.akkoma.dist.portMax": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "Upper bound for Erlang distribution protocol TCP port.", "loc": ["services", "akkoma", "dist", "portMax"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.akkoma.dist.portMin": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "49152"}, "description": "Lower bound for Erlang distribution protocol TCP port.", "loc": ["services", "akkoma", "dist", "portMin"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.akkoma.enable": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Akkoma.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "akkoma", "enable"], "readOnly": false, "type": "boolean"}, "services.akkoma.extraPackages": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ exiftool ffmpeg-headless imagemagick ]"}, "description": "List of extra packages to include in the executable search path of the service unit.\nThese are needed by various configurable components such as:\n\n- ExifTool for the `Pleroma.Upload.Filter.Exiftool` upload filter,\n- ImageMagick for still image previews in the media proxy as well as for the\n  `Pleroma.Upload.Filters.Mogrify` upload filter, and\n- ffmpeg for video previews in the media proxy.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ exiftool ffmpeg-full imagemagick ]"}, "loc": ["services", "akkoma", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.akkoma.extraStatic": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Attribute set of extra paths to add to the static files directory.\n\nDo not add frontends here. These should be configured through\n[{option}`services.akkoma.frontends`](#opt-services.akkoma.frontends).\n", "example": {"_type": "literalExpression", "text": "{\n  \"emoji/blobs.gg\" = pkgs.blobs_gg;\n  \"static/terms-of-service.html\" = pkgs.writeText \"terms-of-service.html\" ''\n    \u2026\n  '';\n  \"favicon.png\" = let\n    rev = \"697a8211b0f427a921e7935a35d14bb3e32d0a2c\";\n  in pkgs.stdenvNoCC.mkDerivation {\n    name = \"favicon.png\";\n\n    src = pkgs.fetchurl {\n      url = \"https://raw.githubusercontent.com/TilCreator/NixOwO/${rev}/NixOwO_plain.svg\";\n      hash = \"sha256-tWhHMfJ3Od58N9H5yOKPMfM56hYWSOnr/TGCBi8bo9E=\";\n    };\n\n    nativeBuildInputs = with pkgs; [ librsvg ];\n\n    dontUnpack = true;\n    installPhase = ''\n      rsvg-convert -o $out -w 96 -h 96 $src\n    '';\n  };\n}\n"}, "loc": ["services", "akkoma", "extraStatic"], "readOnly": false, "type": "null or (attribute set of path in the Nix store)"}, "services.akkoma.frontends": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{\n  primary = {\n    package = pkgs.akkoma-fe;\n    name = \"akkoma-fe\";\n    ref = \"stable\";\n  };\n  admin = {\n    package = pkgs.akkoma-admin-fe;\n    name = \"admin-fe\";\n    ref = \"stable\";\n  };\n}\n"}, "description": "Akkoma frontends.", "loc": ["services", "akkoma", "frontends"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.akkoma.frontends.<name>.name": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Akkoma frontend name.", "example": {"_type": "literalExpression", "text": "\"akkoma-fe\""}, "loc": ["services", "akkoma", "frontends", "<name>", "name"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.frontends.<name>.package": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Akkoma frontend package.", "example": {"_type": "literalExpression", "text": "pkgs.akkoma-fe"}, "loc": ["services", "akkoma", "frontends", "<name>", "package"], "readOnly": false, "type": "package"}, "services.akkoma.frontends.<name>.ref": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Akkoma frontend reference.", "example": {"_type": "literalExpression", "text": "\"stable\""}, "loc": ["services", "akkoma", "frontends", "<name>", "ref"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.group": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"akkoma\""}, "description": "Group account under which Akkoma runs.", "loc": ["services", "akkoma", "group"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.initDb.enable": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically initialise the database on startup. This will create a\ndatabase role and database if they do not already exist, and (re)set the role password\nand the ownership of the database.\n\nThis setting can be used safely even if the database already exists and contains data.\n\nThe database settings are configured through\n[{option}`config.services.akkoma.config.\":pleroma\".\"Pleroma.Repo\"`](#opt-services.akkoma.config.__pleroma_._Pleroma.Repo_).\n\nIf disabled, the database has to be set up manually:\n\n```SQL\nCREATE ROLE akkoma LOGIN;\n\nCREATE DATABASE akkoma\n  OWNER akkoma\n  TEMPLATE template0\n  ENCODING 'utf8'\n  LOCALE 'C';\n\n\\connect akkoma\nCREATE EXTENSION IF NOT EXISTS citext;\nCREATE EXTENSION IF NOT EXISTS pg_trgm;\nCREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";\n```\n", "loc": ["services", "akkoma", "initDb", "enable"], "readOnly": false, "type": "boolean"}, "services.akkoma.initDb.password": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password of the database user to initialise the database with.\n\nIf set to `null`, no password will be used.\n\nThe attribute `_secret` should point to a file containing the secret.\n", "loc": ["services", "akkoma", "initDb", "password"], "readOnly": false, "type": "null or secret value"}, "services.akkoma.initDb.username": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "config.services.postgresql.superUser"}, "description": "Name of the database user to initialise the database with.\n\nThis user is required to have the `CREATEROLE` and `CREATEDB` capabilities.\n", "loc": ["services", "akkoma", "initDb", "username"], "readOnly": false, "type": "non-empty string"}, "services.akkoma.initSecrets": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to initialise non\u2010existent secrets with random values.\n\nIf enabled, appropriate secrets for the following options will be created automatically\nif the files referenced in the `_secrets` attribute do not exist during startup.\n\n- {option}`config.\":pleroma\".\"Pleroma.Web.Endpoint\".secret_key_base`\n- {option}`config.\":pleroma\".\"Pleroma.Web.Endpoint\".signing_salt`\n- {option}`config.\":pleroma\".\"Pleroma.Web.Endpoint\".live_view.signing_salt`\n- {option}`config.\":web_push_encryption\".\":vapid_details\".private_key`\n- {option}`config.\":web_push_encryption\".\":vapid_details\".public_key`\n- {option}`config.\":joken\".\":default_signer\"`\n", "loc": ["services", "akkoma", "initSecrets"], "readOnly": false, "type": "boolean"}, "services.akkoma.installWrapper": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install a wrapper around `pleroma_ctl` to simplify administration of the\nAkkoma instance.\n", "loc": ["services", "akkoma", "installWrapper"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra configuration for the nginx virtual host of Akkoma.\n\nIf set to `null`, no virtual host will be added to the nginx configuration.\n", "loc": ["services", "akkoma", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.akkoma.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "akkoma", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "akkoma", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "akkoma", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "akkoma", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.akkoma.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "akkoma", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.akkoma.nginx.default": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "akkoma", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "akkoma", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "akkoma", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.akkoma.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "akkoma", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "akkoma", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "akkoma", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "akkoma", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "akkoma", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "akkoma", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "akkoma", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.akkoma.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Listen address.", "loc": ["services", "akkoma", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.akkoma.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "akkoma", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.akkoma.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "akkoma", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.akkoma.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "akkoma", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "akkoma", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "akkoma", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.akkoma.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "akkoma", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.akkoma.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.akkoma.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.akkoma.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "akkoma", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.akkoma.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "akkoma", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.akkoma.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "akkoma", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.akkoma.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "akkoma", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.akkoma.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "akkoma", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "akkoma", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.akkoma.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.akkoma.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "akkoma", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "akkoma", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "akkoma", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "akkoma", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.akkoma.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "akkoma", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "akkoma", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.akkoma.nginx.root": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "akkoma", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.akkoma.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "akkoma", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.akkoma.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "akkoma", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.akkoma.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "akkoma", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.akkoma.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "akkoma", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.akkoma.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "akkoma", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.akkoma.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "akkoma", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.akkoma.package": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "pkgs.akkoma"}, "description": "The akkoma package to use.", "loc": ["services", "akkoma", "package"], "readOnly": false, "type": "package"}, "services.akkoma.user": {"declarations": ["nixos/modules/services/web-apps/akkoma.nix"], "default": {"_type": "literalExpression", "text": "\"akkoma\""}, "description": "User account under which Akkoma runs.", "loc": ["services", "akkoma", "user"], "readOnly": false, "type": "non-empty string"}, "services.alerta.authenticationRequired": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether users must authenticate when using the web UI or command-line tool", "loc": ["services", "alerta", "authenticationRequired"], "readOnly": false, "type": "boolean"}, "services.alerta.bind": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to bind to. The default is to bind to all addresses", "loc": ["services", "alerta", "bind"], "readOnly": false, "type": "string"}, "services.alerta.corsOrigins": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://localhost\"\n  \"http://localhost:5000\"\n]"}, "description": "List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)", "loc": ["services", "alerta", "corsOrigins"], "readOnly": false, "type": "list of string"}, "services.alerta.databaseName": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "\"monitoring\""}, "description": "Name of the database instance to connect to", "loc": ["services", "alerta", "databaseName"], "readOnly": false, "type": "string"}, "services.alerta.databaseUrl": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb://localhost\""}, "description": "URL of the MongoDB or PostgreSQL database to connect to", "loc": ["services", "alerta", "databaseUrl"], "readOnly": false, "type": "string"}, "services.alerta.enable": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable alerta.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "alerta", "enable"], "readOnly": false, "type": "boolean"}, "services.alerta.extraConfig": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go into alertad.conf verbatim.", "loc": ["services", "alerta", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.alerta.logDir": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/alerta\""}, "description": "Location where the logfiles are stored", "loc": ["services", "alerta", "logDir"], "readOnly": false, "type": "absolute path"}, "services.alerta.port": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port of Alerta", "loc": ["services", "alerta", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.alerta.signupEnabled": {"declarations": ["nixos/modules/services/monitoring/alerta.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to prevent sign-up of new users via the web UI", "loc": ["services", "alerta", "signupEnabled"], "readOnly": false, "type": "boolean"}, "services.alice-lg.enable": {"declarations": ["nixos/modules/services/networking/alice-lg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Alice Looking Glass.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "alice-lg", "enable"], "readOnly": false, "type": "boolean"}, "services.alice-lg.package": {"declarations": ["nixos/modules/services/networking/alice-lg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.alice-lg"}, "description": "The alice-lg package to use.", "loc": ["services", "alice-lg", "package"], "readOnly": false, "type": "package"}, "services.alice-lg.settings": {"declarations": ["nixos/modules/services/networking/alice-lg.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf)\n", "example": {"_type": "literalExpression", "text": "{\n  server = {\n    # configures the built-in webserver and provides global application settings\n    listen_http = \"127.0.0.1:7340\";\n    enable_prefix_lookup = true;\n    asn = 9033;\n    store_backend = postgres;\n    routes_store_refresh_parallelism = 5;\n    neighbors_store_refresh_parallelism = 10000;\n    routes_store_refresh_interval = 5;\n    neighbors_store_refresh_interval = 5;\n  };\n  postgres = {\n    url = \"postgres://postgres:postgres@localhost:5432/alice\";\n    min_connections = 2;\n    max_connections = 128;\n  };\n  pagination = {\n    routes_filtered_page_size = 250;\n    routes_accepted_page_size = 250;\n    routes_not_exported_page_size = 250;\n  };\n}\n"}, "loc": ["services", "alice-lg", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.alloy.configPath": {"declarations": ["nixos/modules/services/monitoring/alloy.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/alloy\""}, "description": "Alloy configuration file/directory path.\n\nWe default to `/etc/alloy` here, and expect the user to configure a\nconfiguration file via `environment.etc.\"alloy/config.alloy\"`.\n\nThis allows config reload, contrary to specifying a store path.\n\nAll `.alloy` files in the same directory (ignoring subdirs) are also\nhonored and are added to `systemd.services.alloy.reloadTriggers` to\nenable config reload during nixos-rebuild switch.\n\nThis can also point to another directory containing `*.alloy` files, or\na single Alloy file in the Nix store (at the cost of reload).\n\nComponent names must be unique across all Alloy configuration files, and\nconfiguration blocks must not be repeated.\n\nAlloy will continue to run if subsequent reloads of the configuration\nfile fail, potentially marking components as unhealthy depending on\nthe nature of the failure. When this happens, Alloy will continue\nfunctioning in the last valid state.\n", "loc": ["services", "alloy", "configPath"], "readOnly": false, "type": "absolute path"}, "services.alloy.enable": {"declarations": ["nixos/modules/services/monitoring/alloy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Grafana Alloy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "alloy", "enable"], "readOnly": false, "type": "boolean"}, "services.alloy.environmentFile": {"declarations": ["nixos/modules/services/monitoring/alloy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "EnvironmentFile as defined in {manpage}`systemd.exec(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/alloy.env\""}, "loc": ["services", "alloy", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.alloy.extraFlags": {"declarations": ["nixos/modules/services/monitoring/alloy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line flags passed to {command}`alloy run`.\n\nSee <https://grafana.com/docs/alloy/latest/reference/cli/run/>\n", "example": {"_type": "literalExpression", "text": "[\n  \"--server.http.listen-addr=127.0.0.1:12346\"\n  \"--disable-reporting\"\n]"}, "loc": ["services", "alloy", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.alloy.package": {"declarations": ["nixos/modules/services/monitoring/alloy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grafana-alloy"}, "description": "The grafana-alloy package to use.", "loc": ["services", "alloy", "package"], "readOnly": false, "type": "package"}, "services.alps.bindIP": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "The IP the service should listen on.\n", "loc": ["services", "alps", "bindIP"], "readOnly": false, "type": "string"}, "services.alps.enable": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable alps.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "alps", "enable"], "readOnly": false, "type": "boolean"}, "services.alps.imaps.host": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "\"[::1]\""}, "description": "The IMAPS server address.\n", "example": {"_type": "literalExpression", "text": "\"mail.example.org\""}, "loc": ["services", "alps", "imaps", "host"], "readOnly": false, "type": "string"}, "services.alps.imaps.port": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "993"}, "description": "The IMAPS server port.\n", "loc": ["services", "alps", "imaps", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.alps.port": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "1323"}, "description": "TCP port the service should listen on.\n", "loc": ["services", "alps", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.alps.smtps.host": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "\"services.alps.imaps.host\""}, "description": "The SMTPS server address.\n", "example": {"_type": "literalExpression", "text": "\"mail.example.org\""}, "loc": ["services", "alps", "smtps", "host"], "readOnly": false, "type": "string"}, "services.alps.smtps.port": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "465"}, "description": "The SMTPS server port.\n", "loc": ["services", "alps", "smtps", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.alps.theme": {"declarations": ["nixos/modules/services/web-apps/alps.nix"], "default": {"_type": "literalExpression", "text": "\"sourcehut\""}, "description": "The frontend's theme to use.\n", "loc": ["services", "alps", "theme"], "readOnly": false, "type": "one of \"alps\", \"sourcehut\""}, "services.amazon-cloudwatch-agent.commonConfiguration": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See {option}`commonConfigurationFile`.\n\n{option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`.\n", "example": {"_type": "literalExpression", "text": "{\n  credentials = {\n    shared_credential_file = \"/path/to/credentials\";\n    shared_credential_profile = \"profile_name\";\n  };\n  proxy = {\n    http_proxy = \"http_url\";\n    https_proxy = \"https_url\";\n    no_proxy = \"domain\";\n  };\n}"}, "loc": ["services", "amazon-cloudwatch-agent", "commonConfiguration"], "readOnly": false, "type": "TOML value"}, "services.amazon-cloudwatch-agent.commonConfigurationFile": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "tomlFormat.generate \"common-config.toml\" cfg.commonConfiguration"}, "description": "Amazon CloudWatch Agent common configuration. See\n<https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html#CloudWatch-Agent-profile-instance-first>\nfor supported values.\n\n{option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`.\n\nNote: Restricted evaluation blocks access to paths outside the Nix store.\nThis means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.\nAs a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.\n`systemctl restart amazon-cloudwatch-agent.service` must be used instead.\n", "example": {"_type": "literalExpression", "text": "\"/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json\""}, "loc": ["services", "amazon-cloudwatch-agent", "commonConfigurationFile"], "readOnly": false, "type": "absolute path"}, "services.amazon-cloudwatch-agent.configuration": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See {option}`configurationFile`.\n\n{option}`configurationFile` takes precedence over {option}`configuration`.\n", "example": {"_type": "literalExpression", "text": "{\n  agent = {\n    logfile = \"/var/log/amazon-cloudwatch-agent/amazon-cloudwatch-agent.log\";\n    metrics_collection_interval = 10;\n  };\n  logs = {\n    force_flush_interval = 15;\n    log_stream_name = \"log_stream_name\";\n    logs_collected = {\n      files = {\n        collect_list = [\n          {\n            file_path = \"/var/log/amazon-cloudwatch-agent/amazon-cloudwatch-agent.log\";\n            log_group_name = \"amazon-cloudwatch-agent.log\";\n            log_stream_name = \"{instance_id}\";\n            timezone = \"UTC\";\n          }\n        ];\n      };\n    };\n  };\n  metrics = {\n    metrics_collected = {\n      cpu = {\n        append_dimensions = {\n          customized_dimension_key_1 = \"customized_dimension_value_1\";\n          customized_dimension_key_2 = \"customized_dimension_value_2\";\n        };\n        measurement = [\n          {\n            name = \"cpu_usage_idle\";\n            rename = \"CPU_USAGE_IDLE\";\n            unit = \"Percent\";\n          }\n          {\n            name = \"cpu_usage_nice\";\n            unit = \"Percent\";\n          }\n          \"cpu_usage_guest\"\n        ];\n        metrics_collection_interval = 10;\n        resource = [\n          \"*\"\n        ];\n        totalcpu = false;\n      };\n    };\n    namespace = \"MyCustomNamespace\";\n  };\n  traces = {\n    traces_collected = {\n      oltp = { };\n      xray = { };\n    };\n  };\n}"}, "loc": ["services", "amazon-cloudwatch-agent", "configuration"], "readOnly": false, "type": "JSON value"}, "services.amazon-cloudwatch-agent.configurationFile": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "jsonFormat.generate \"amazon-cloudwatch-agent.json\" cfg.configuration"}, "description": "Amazon CloudWatch Agent configuration file. See\n<https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html>\nfor supported values.\n\nThe following options aren't supported:\n* `agent.run_as_user`\n  * Use {option}`user` instead.\n\n{option}`configurationFile` takes precedence over {option}`configuration`.\n\nNote: Restricted evaluation blocks access to paths outside the Nix store.\nThis means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.\nAs a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.\n`systemctl restart amazon-cloudwatch-agent.service` must be used instead.\n", "example": {"_type": "literalExpression", "text": "\"/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json\""}, "loc": ["services", "amazon-cloudwatch-agent", "configurationFile"], "readOnly": false, "type": "absolute path"}, "services.amazon-cloudwatch-agent.enable": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Amazon CloudWatch Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "amazon-cloudwatch-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.amazon-cloudwatch-agent.mode": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Amazon CloudWatch Agent mode. Indicates whether the agent is running in EC2 (\"ec2\"), on-premises (\"onPremise\"),\nor if it should guess based on metadata endpoints like IMDS or the ECS task metadata endpoint (\"auto\").\n", "example": {"_type": "literalExpression", "text": "\"onPremise\""}, "loc": ["services", "amazon-cloudwatch-agent", "mode"], "readOnly": false, "type": "string"}, "services.amazon-cloudwatch-agent.package": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.amazon-cloudwatch-agent"}, "description": "The amazon-cloudwatch-agent package to use.", "loc": ["services", "amazon-cloudwatch-agent", "package"], "readOnly": false, "type": "package"}, "services.amazon-cloudwatch-agent.user": {"declarations": ["nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The user that runs the Amazon CloudWatch Agent.\n", "example": {"_type": "literalExpression", "text": "\"amazon-cloudwatch-agent\""}, "loc": ["services", "amazon-cloudwatch-agent", "user"], "readOnly": false, "type": "string"}, "services.amazon-ssm-agent.enable": {"declarations": ["nixos/modules/services/misc/amazon-ssm-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Amazon SSM agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "amazon-ssm-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.amazon-ssm-agent.package": {"declarations": ["nixos/modules/services/misc/amazon-ssm-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.amazon-ssm-agent"}, "description": "The amazon-ssm-agent package to use.", "loc": ["services", "amazon-ssm-agent", "package"], "readOnly": false, "type": "package"}, "services.amule.ExternalConnectPasswordFile": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password for connecting with amule-gui,\nset this only if you didn't set `settings.ExternalConnect.ECPassword`\n", "loc": ["services", "amule", "ExternalConnectPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.amule.WebServerPasswordFile": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password for connecting to the web server,\nset this only if you didn't set `settings.ExternalConnect.ECPassword`\n", "loc": ["services", "amule", "WebServerPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.amule.amuleWebPackage": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "pkgs.amule-web"}, "description": "The amule-web package to use.", "loc": ["services", "amule", "amuleWebPackage"], "readOnly": false, "type": "package"}, "services.amule.dataDir": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/amuled\""}, "description": "Directory holding configuration and by default also incoming and temporary files", "loc": ["services", "amule", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.amule.enable": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable aMule daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "amule", "enable"], "readOnly": false, "type": "boolean"}, "services.amule.extraArgs": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional passed arguments", "loc": ["services", "amule", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.amule.group": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "\"amule\""}, "description": "Group under which amule runs", "loc": ["services", "amule", "group"], "readOnly": false, "type": "string"}, "services.amule.openExternalConnectPort": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable open the external connect port.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "amule", "openExternalConnectPort"], "readOnly": false, "type": "boolean"}, "services.amule.openPeerPorts": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable open the peer port(s) in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "amule", "openPeerPorts"], "readOnly": false, "type": "boolean"}, "services.amule.openWebServerPort": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable open the web server port.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "amule", "openWebServerPort"], "readOnly": false, "type": "boolean"}, "services.amule.package": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "pkgs.amule-daemon"}, "description": "The amule-daemon package to use.", "loc": ["services", "amule", "package"], "readOnly": false, "type": "package"}, "services.amule.settings": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free form attribute set for aMule settings.\nThe final configuration file is generated merging the default settings with these options.\n", "example": {"_type": "literalExpression", "text": "{\n  eMule = {\n    IncomingDir = \"/mnt/hd/amule/Incoming\";\n    TempDir = \"/mnt/hd/amule/Temp\";\n  };\n  WebServer.Enabled = 1;\n}\n"}, "loc": ["services", "amule", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.amule.settings.ExternalConnect.ECPassword": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MD5 hash of the password, obtainaible with `echo \"<password>\" | md5sum | cut -d ' ' -f 1`\n", "loc": ["services", "amule", "settings", "ExternalConnect", "ECPassword"], "readOnly": false, "type": "string"}, "services.amule.settings.ExternalConnect.ECPort": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "4712"}, "description": "TCP port for external connections, like remote control via amule-gui", "loc": ["services", "amule", "settings", "ExternalConnect", "ECPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.amule.settings.WebServer.Enabled": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Set to 1 to enable the web server", "loc": ["services", "amule", "settings", "WebServer", "Enabled"], "readOnly": false, "type": "one of 0, 1"}, "services.amule.settings.WebServer.Password": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MD5 hash of the password, obtainaible with `echo \"<password>\" | md5sum | cut -d ' ' -f 1`\n", "loc": ["services", "amule", "settings", "WebServer", "Password"], "readOnly": false, "type": "string"}, "services.amule.settings.WebServer.Port": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "4711"}, "description": "Web server port", "loc": ["services", "amule", "settings", "WebServer", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.amule.settings.eMule.IncomingDir": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "${config.services.amule.dataDir}/Incoming"}, "description": "Directory where aMule moves completed downloads.\nFiles in this directory are automatically shared.\nEnsure the aMule service has write permissions\n", "loc": ["services", "amule", "settings", "eMule", "IncomingDir"], "readOnly": false, "type": "absolute path"}, "services.amule.settings.eMule.Port": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "4662"}, "description": "TCP port for eD2k connections.\nRequired for connecting to servers and achieving a High ID.\n", "loc": ["services", "amule", "settings", "eMule", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.amule.settings.eMule.TempDir": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "${config.services.amule.dataDir}/Temp"}, "description": "Directory where aMule stores incomplete downloads (.part/.part.met files).\n", "loc": ["services", "amule", "settings", "eMule", "TempDir"], "readOnly": false, "type": "absolute path"}, "services.amule.settings.eMule.UDPPort": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "4672"}, "description": "UDP port for eD2k traffic (searches, source exchange) and all Kad network communication.\nEssential for a High ID on both networks and proper Kad functioning.\n", "loc": ["services", "amule", "settings", "eMule", "UDPPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.amule.user": {"declarations": ["nixos/modules/services/networking/amuled.nix"], "default": {"_type": "literalExpression", "text": "\"amule\""}, "description": "The user the aMule daemon should run as", "loc": ["services", "amule", "user"], "readOnly": false, "type": "string"}, "services.ananicy.enable": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ananicy, an auto nice daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ananicy", "enable"], "readOnly": false, "type": "boolean"}, "services.ananicy.extraCgroups": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Cgroups to write in 'nixCgroups.cgroups'. See:\n<https://gitlab.com/ananicy-cpp/ananicy-cpp/#cgroups>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    CPUQuota = 80;\n    cgroup = \"cpu80\";\n  }\n]"}, "loc": ["services", "ananicy", "extraCgroups"], "readOnly": false, "type": "list of (attribute set)"}, "services.ananicy.extraRules": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rules to write in 'nixRules.rules'. See:\n<https://github.com/Nefelim4ag/Ananicy#configuration>\n<https://gitlab.com/ananicy-cpp/ananicy-cpp/#global-configuration>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"eog\";\n    type = \"Image-Viewer\";\n  }\n  {\n    name = \"fdupes\";\n    type = \"BG_CPUIO\";\n  }\n]"}, "loc": ["services", "ananicy", "extraRules"], "readOnly": false, "type": "list of (attribute set)"}, "services.ananicy.extraTypes": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Types to write in 'nixTypes.types'. See:\n<https://gitlab.com/ananicy-cpp/ananicy-cpp/#types>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    nice = 19;\n    other_parameter = \"value\";\n    type = \"my_type\";\n  }\n  {\n    ioclass = \"idle\";\n    nice = 19;\n    sched = \"batch\";\n    type = \"compiler\";\n  }\n]"}, "loc": ["services", "ananicy", "extraTypes"], "readOnly": false, "type": "list of (attribute set)"}, "services.ananicy.package": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ananicy"}, "description": "The ananicy package to use.", "example": {"_type": "literalExpression", "text": "ananicy-cpp"}, "loc": ["services", "ananicy", "package"], "readOnly": false, "type": "package"}, "services.ananicy.rulesProvider": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ananicy"}, "description": "Which package to copy default rules,types,cgroups from.\n", "example": {"_type": "literalExpression", "text": "ananicy-cpp"}, "loc": ["services", "ananicy", "rulesProvider"], "readOnly": false, "type": "package"}, "services.ananicy.settings": {"declarations": ["nixos/modules/services/misc/ananicy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See <https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf>\n", "example": {"_type": "literalExpression", "text": "{\n  apply_nice = false;\n}"}, "loc": ["services", "ananicy", "settings"], "readOnly": false, "type": "attribute set of (signed integer or boolean or string)"}, "services.angrr.configFile": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "\"TOML file generated from {option}`services.angrr.settings`\""}, "description": "Path to the angrr configuration file in TOML format.\n\nIf not set, the configuration generated from {option}`services.angrr.settings` will be used.\nIf specified, {option}`services.angrr.settings` will be ignored.\n", "loc": ["services", "angrr", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.angrr.enable": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable angrr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "angrr", "enable"], "readOnly": false, "type": "boolean"}, "services.angrr.enableNixGcIntegration": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "description": "Whether to enable nix-gc.service integration.\n", "loc": ["services", "angrr", "enableNixGcIntegration"], "readOnly": false, "type": "boolean"}, "services.angrr.extraArgs": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments pass to angrr.\n", "loc": ["services", "angrr", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.angrr.logLevel": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Set the log level of angrr.\n", "loc": ["services", "angrr", "logLevel"], "readOnly": false, "type": "one of \"off\", \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.angrr.package": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.angrr"}, "description": "The angrr package to use.", "loc": ["services", "angrr", "package"], "readOnly": false, "type": "package"}, "services.angrr.settings": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "description": "Global configuration for angrr in TOML format.\n", "example": {"_type": "literalExpression", "text": "{\n  profile-policies = {\n    system = {\n      keep-booted-system = true;\n      keep-current-system = true;\n      keep-latest-n = 5;\n      keep-since = \"14d\";\n      profile-paths = [\n        \"/nix/var/nix/profiles/system\"\n      ];\n    };\n    user = {\n      enable = false;\n      keep-booted-system = false;\n      keep-current-system = false;\n      keep-latest-n = 1;\n      keep-since = \"1d\";\n      profile-paths = [\n        \"~/.local/state/nix/profiles/profile\"\n        \"/nix/var/nix/profiles/per-user/root/profile\"\n      ];\n    };\n  };\n  temporary-root-policies = {\n    direnv = {\n      path-regex = \"/\\\\.direnv/\";\n      period = \"14d\";\n    };\n    result = {\n      path-regex = \"/result[^/]*$\";\n      period = \"3d\";\n    };\n  };\n}"}, "loc": ["services", "angrr", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.angrr.settings.owned-only": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Only monitors owned symbolic link target of GC roots.\n\n- \"auto\": behaves like true for normal users, false for root.\n- \"true\": only monitor GC roots owned by the current user.\n- \"false\": monitor all GC roots.\n", "loc": ["services", "angrr", "settings", "owned-only"], "readOnly": false, "type": "one of \"auto\", \"true\", \"false\""}, "services.angrr.settings.profile-policies": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Profile GC root policies.\n", "loc": ["services", "angrr", "settings", "profile-policies"], "readOnly": false, "type": "attribute set of (open submodule of (TOML value))"}, "services.angrr.settings.profile-policies.<name>.enable": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this angrr policy.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "angrr", "settings", "profile-policies", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.angrr.settings.profile-policies.<name>.keep-booted-system": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to keep the last booted system generation. Only useful for system profiles.\n", "loc": ["services", "angrr", "settings", "profile-policies", "<name>", "keep-booted-system"], "readOnly": false, "type": "boolean"}, "services.angrr.settings.profile-policies.<name>.keep-current-system": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to keep the current system generation. Only useful for system profiles.\n", "loc": ["services", "angrr", "settings", "profile-policies", "<name>", "keep-current-system"], "readOnly": false, "type": "boolean"}, "services.angrr.settings.profile-policies.<name>.keep-latest-n": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Keep the latest N GC roots in this profile.\n", "loc": ["services", "angrr", "settings", "profile-policies", "<name>", "keep-latest-n"], "readOnly": false, "type": "null or signed integer"}, "services.angrr.settings.profile-policies.<name>.keep-since": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Retention period for the GC roots in this profile.\n", "loc": ["services", "angrr", "settings", "profile-policies", "<name>", "keep-since"], "readOnly": false, "type": "null or string"}, "services.angrr.settings.profile-policies.<name>.profile-paths": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "description": "Paths to the Nix profile.\n\nWhen angrr runs in owned-only mode, and the option begins with `~`,\nit will be expanded to the home directory of the current user.\n\nWhen angrr does not run in owned-only mode, and the option begins with `~`,\nit will be expanded to the home of all users discovered respectively.\n", "loc": ["services", "angrr", "settings", "profile-policies", "<name>", "profile-paths"], "readOnly": false, "type": "list of string"}, "services.angrr.settings.temporary-root-policies": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Policies for temporary GC roots(e.g. result and direnv).\n", "loc": ["services", "angrr", "settings", "temporary-root-policies"], "readOnly": false, "type": "attribute set of (open submodule of (TOML value))"}, "services.angrr.settings.temporary-root-policies.<name>.enable": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this angrr policy.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.angrr.settings.temporary-root-policies.<name>.filter": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "External filter program to further filter GC roots matched by this policy.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "filter"], "readOnly": false, "type": "null or (open submodule of (TOML value))"}, "services.angrr.settings.temporary-root-policies.<name>.filter.arguments": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments pass to the external filter program.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "filter", "arguments"], "readOnly": false, "type": "list of string"}, "services.angrr.settings.temporary-root-policies.<name>.filter.program": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "description": "Path to the external filter program.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "filter", "program"], "readOnly": false, "type": "string"}, "services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of path prefixes to ignore.\n\nIf null is specified, angrr builtin settings will be used.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "ignore-prefixes"], "readOnly": false, "type": "null or (list of string)"}, "services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes-in-home": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path prefixes to ignore under home directory.\n\nIf null is specified, angrr builtin settings will be used.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "ignore-prefixes-in-home"], "readOnly": false, "type": "null or (list of string)"}, "services.angrr.settings.temporary-root-policies.<name>.path-regex": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "description": "Regex pattern to match the GC root path.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "path-regex"], "readOnly": false, "type": "string"}, "services.angrr.settings.temporary-root-policies.<name>.period": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Retention period for the GC roots matched by this policy.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "period"], "readOnly": false, "type": "null or string"}, "services.angrr.settings.temporary-root-policies.<name>.priority": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Priority of this policy.\n\nLower number means higher priority, if multiple policies monitor the\nsame path, the one with higher priority will be applied.\n", "loc": ["services", "angrr", "settings", "temporary-root-policies", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.angrr.settings.touch.project-globs": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"!.git\"\n]"}, "description": "List of glob patterns to include or exclude files when touching GC roots.\n\nOnly applied when `angrr touch` is invoked with the `--project` flag.\nPatterns use an inverted gitignore-style semantics.\nSee <https://docs.rs/ignore/latest/ignore/overrides/struct.OverrideBuilder.html#method.add>.\n", "loc": ["services", "angrr", "settings", "touch", "project-globs"], "readOnly": false, "type": "list of string"}, "services.angrr.timer.dates": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "\"03:00\""}, "description": "How often or when the retention policy is performed.\n", "loc": ["services", "angrr", "timer", "dates"], "readOnly": false, "type": "string"}, "services.angrr.timer.enable": {"declarations": ["nixos/modules/services/misc/angrr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable angrr timer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "angrr", "timer", "enable"], "readOnly": false, "type": "boolean"}, "services.anki-sync-server.address": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "\"::1\""}, "description": "IP address anki-sync-server listens to.\nNote host names are not resolved.\n", "loc": ["services", "anki-sync-server", "address"], "readOnly": false, "type": "string"}, "services.anki-sync-server.baseDirectory": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "\"%S/%N\""}, "description": "Base directory where user(s) synchronized data will be stored.", "loc": ["services", "anki-sync-server", "baseDirectory"], "readOnly": false, "type": "string"}, "services.anki-sync-server.enable": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable anki-sync-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "anki-sync-server", "enable"], "readOnly": false, "type": "boolean"}, "services.anki-sync-server.openFirewall": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified port.", "loc": ["services", "anki-sync-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.anki-sync-server.package": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.anki-sync-server"}, "description": "The anki-sync-server package to use.", "loc": ["services", "anki-sync-server", "package"], "readOnly": false, "type": "package"}, "services.anki-sync-server.port": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "27701"}, "description": "Port number anki-sync-server listens to.", "loc": ["services", "anki-sync-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.anki-sync-server.users": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "description": "List of user-password pairs to provide to the sync server.", "loc": ["services", "anki-sync-server", "users"], "readOnly": false, "type": "list of (submodule)"}, "services.anki-sync-server.users.*.password": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password accepted by anki-sync-server for the associated username.\n**WARNING**: This option is **not secure**. This password will\nbe stored in *plaintext* and will be visible to *all users*.\nSee {option}`services.anki-sync-server.users.passwordFile` for\na more secure option.\n", "loc": ["services", "anki-sync-server", "users", "*", "password"], "readOnly": false, "type": "null or string"}, "services.anki-sync-server.users.*.passwordFile": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password accepted by anki-sync-server for\nthe associated username.  Make sure to make readable only by\nroot.\n", "loc": ["services", "anki-sync-server", "users", "*", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.anki-sync-server.users.*.username": {"declarations": ["nixos/modules/services/misc/anki-sync-server.nix"], "description": "User name accepted by anki-sync-server.", "loc": ["services", "anki-sync-server", "users", "*", "username"], "readOnly": false, "type": "string"}, "services.anubis.defaultOptions": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Default options for all instances of Anubis.", "loc": ["services", "anubis", "defaultOptions"], "readOnly": false, "type": "submodule"}, "services.anubis.defaultOptions.enable": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this instance of Anubis.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "anubis", "defaultOptions", "enable"], "readOnly": false, "type": "boolean"}, "services.anubis.defaultOptions.extraFlags": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra flags to be passed to Anubis.", "example": {"_type": "literalExpression", "text": "[\n  \"-metrics-bind \\\"\\\"\"\n]"}, "loc": ["services", "anubis", "defaultOptions", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.anubis.defaultOptions.group": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "\"anubis\""}, "description": "The group under which Anubis is run.\n\nThis module utilizes systemd's DynamicUser feature. See the corresponding section in\n{manpage}`systemd.exec(5)` for more details.\n", "loc": ["services", "anubis", "defaultOptions", "group"], "readOnly": false, "type": "string"}, "services.anubis.defaultOptions.policy": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Anubis policy configuration.\n\nSee [the documentation](https://anubis.techaro.lol/docs/admin/policies) for details.\n", "loc": ["services", "anubis", "defaultOptions", "policy"], "readOnly": false, "type": "submodule"}, "services.anubis.defaultOptions.policy.extraBots": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional bot rules appended to the policy.\n\nWhen {option}`useDefaultBotRules` is `true`, these rules are added after\nAnubis's default rules. When `false`, only these rules are used.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"my-bot\";\n    user_agent_regex = \"MyBot/.*\";\n    action = \"ALLOW\";\n  }\n]\n"}, "loc": ["services", "anubis", "defaultOptions", "policy", "extraBots"], "readOnly": false, "type": "list of (JSON value)"}, "services.anubis.defaultOptions.policy.settings": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional policy settings merged into the policy file.\n\nCommon settings include `dnsbl`, `store`, `logging`, `thresholds`,\n`impressum`, `openGraph`, and `statusCodes`.\n\nSee [the documentation](https://anubis.techaro.lol/docs/admin/policies) for\navailable options.\n", "example": {"_type": "literalExpression", "text": "{\n  dnsbl = false;\n  store = {\n    backend = \"bbolt\";\n    parameters.path = \"/var/lib/anubis/data.bdb\";\n  };\n}\n"}, "loc": ["services", "anubis", "defaultOptions", "policy", "settings"], "readOnly": false, "type": "JSON value"}, "services.anubis.defaultOptions.policy.useDefaultBotRules": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to include Anubis's default bot detection rules via the\n`(data)/meta/default-config.yaml` import.\n\nSet to `false` to define your own bot rules from scratch using\n{option}`extraBots`.\n", "loc": ["services", "anubis", "defaultOptions", "policy", "useDefaultBotRules"], "readOnly": false, "type": "boolean"}, "services.anubis.defaultOptions.settings": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Freeform configuration via environment variables for Anubis.\n\nSee [the documentation](https://anubis.techaro.lol/docs/admin/installation) for a complete list of\navailable environment variables.\n", "loc": ["services", "anubis", "defaultOptions", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or signed integer or boolean)"}, "services.anubis.defaultOptions.settings.BIND_NETWORK": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "\"unix\""}, "description": "The network family that Anubis should bind to.\n\nAccepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen).\n\nCommon values are `tcp` and `unix`.\n", "example": {"_type": "literalExpression", "text": "\"tcp\""}, "loc": ["services", "anubis", "defaultOptions", "settings", "BIND_NETWORK"], "readOnly": false, "type": "string"}, "services.anubis.defaultOptions.settings.DIFFICULTY": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "The difficulty required for clients to solve the challenge.\n\nCurrently, this means the amount of leading zeros in a successful response.\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "anubis", "defaultOptions", "settings", "DIFFICULTY"], "readOnly": false, "type": "signed integer"}, "services.anubis.defaultOptions.settings.METRICS_BIND_NETWORK": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "\"unix\""}, "description": "The network family that the metrics server should bind to.\n\nAccepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen).\n\nCommon values are `tcp` and `unix`.\n", "example": {"_type": "literalExpression", "text": "\"tcp\""}, "loc": ["services", "anubis", "defaultOptions", "settings", "METRICS_BIND_NETWORK"], "readOnly": false, "type": "string"}, "services.anubis.defaultOptions.settings.OG_PASSTHROUGH": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Open Graph tag passthrough.\n\nThis enables social previews of resources protected by\nAnubis without having to exempt each scraper individually.\n", "loc": ["services", "anubis", "defaultOptions", "settings", "OG_PASSTHROUGH"], "readOnly": false, "type": "boolean"}, "services.anubis.defaultOptions.settings.POLICY_FNAME": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The policy file to use. Leave this as `null` to use the policy generated from\n{option}`services.anubis.instances.<name>.policy`.\n", "loc": ["services", "anubis", "defaultOptions", "settings", "POLICY_FNAME"], "readOnly": false, "type": "null or absolute path"}, "services.anubis.defaultOptions.settings.SERVE_ROBOTS_TXT": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to serve a default robots.txt that denies access to common AI bots by name and all other\nbots by wildcard.\n", "loc": ["services", "anubis", "defaultOptions", "settings", "SERVE_ROBOTS_TXT"], "readOnly": false, "type": "boolean"}, "services.anubis.defaultOptions.settings.WEBMASTER_EMAIL": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, shows a contact email address when rendering error pages.\n\nThis email address will be how users can get in contact with administrators.\n", "example": {"_type": "literalExpression", "text": "\"alice@example.com\""}, "loc": ["services", "anubis", "defaultOptions", "settings", "WEBMASTER_EMAIL"], "readOnly": false, "type": "null or string"}, "services.anubis.defaultOptions.user": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "\"anubis\""}, "description": "The user under which Anubis is run.\n\nThis module utilizes systemd's DynamicUser feature. See the corresponding section in\n{manpage}`systemd.exec(5)` for more details.\n", "loc": ["services", "anubis", "defaultOptions", "user"], "readOnly": false, "type": "string"}, "services.anubis.instances": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set of Anubis instances.\n\nThe attribute name may be an empty string, in which case the `-<name>` suffix is not added to the service name\nand socket paths.\n", "loc": ["services", "anubis", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.anubis.instances.<name>.enable": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this instance of Anubis.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "anubis", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.anubis.instances.<name>.extraFlags": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.extraFlags"}, "description": "A list of extra flags to be passed to Anubis.", "example": {"_type": "literalExpression", "text": "[\n  \"-metrics-bind \\\"\\\"\"\n]"}, "loc": ["services", "anubis", "instances", "<name>", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.anubis.instances.<name>.group": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.group"}, "description": "The group under which Anubis is run.\n\nThis module utilizes systemd's DynamicUser feature. See the corresponding section in\n{manpage}`systemd.exec(5)` for more details.\n", "loc": ["services", "anubis", "instances", "<name>", "group"], "readOnly": false, "type": "string"}, "services.anubis.instances.<name>.policy": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Anubis policy configuration.\n\nSee [the documentation](https://anubis.techaro.lol/docs/admin/policies) for details.\n", "loc": ["services", "anubis", "instances", "<name>", "policy"], "readOnly": false, "type": "submodule"}, "services.anubis.instances.<name>.policy.extraBots": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.policy.extraBots"}, "description": "Additional bot rules appended to the policy.\n\nWhen {option}`useDefaultBotRules` is `true`, these rules are added after\nAnubis's default rules. When `false`, only these rules are used.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"my-bot\";\n    user_agent_regex = \"MyBot/.*\";\n    action = \"ALLOW\";\n  }\n]\n"}, "loc": ["services", "anubis", "instances", "<name>", "policy", "extraBots"], "readOnly": false, "type": "list of (JSON value)"}, "services.anubis.instances.<name>.policy.settings": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.policy.settings"}, "description": "Additional policy settings merged into the policy file.\n\nCommon settings include `dnsbl`, `store`, `logging`, `thresholds`,\n`impressum`, `openGraph`, and `statusCodes`.\n\nSee [the documentation](https://anubis.techaro.lol/docs/admin/policies) for\navailable options.\n", "example": {"_type": "literalExpression", "text": "{\n  dnsbl = false;\n  store = {\n    backend = \"bbolt\";\n    parameters.path = \"/var/lib/anubis/data.bdb\";\n  };\n}\n"}, "loc": ["services", "anubis", "instances", "<name>", "policy", "settings"], "readOnly": false, "type": "JSON value"}, "services.anubis.instances.<name>.policy.useDefaultBotRules": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.policy.useDefaultBotRules"}, "description": "Whether to include Anubis's default bot detection rules via the\n`(data)/meta/default-config.yaml` import.\n\nSet to `false` to define your own bot rules from scratch using\n{option}`extraBots`.\n", "loc": ["services", "anubis", "instances", "<name>", "policy", "useDefaultBotRules"], "readOnly": false, "type": "boolean"}, "services.anubis.instances.<name>.settings": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Freeform configuration via environment variables for Anubis.\n\nSee [the documentation](https://anubis.techaro.lol/docs/admin/installation) for a complete list of\navailable environment variables.\n", "loc": ["services", "anubis", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or signed integer or boolean)"}, "services.anubis.instances.<name>.settings.BIND": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "\"/run/anubis/anubis-\u2039name\u203a/anubis.sock\""}, "description": "The address that Anubis listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for syntax.\nWhen using unix sockets:\n- use the prefix \"/run/anubis/anubis/\" if the instance name is the empty string,\n- \"/run/anubis/anubis-<name>/\" otherwise.\n\nDefaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `BIND_NETWORK` to `\"tcp\"`.\n", "example": {"_type": "literalExpression", "text": "\":8080\""}, "loc": ["services", "anubis", "instances", "<name>", "settings", "BIND"], "readOnly": false, "type": "string"}, "services.anubis.instances.<name>.settings.BIND_NETWORK": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.BIND_NETWORK"}, "description": "The network family that Anubis should bind to.\n\nAccepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen).\n\nCommon values are `tcp` and `unix`.\n", "example": {"_type": "literalExpression", "text": "\"tcp\""}, "loc": ["services", "anubis", "instances", "<name>", "settings", "BIND_NETWORK"], "readOnly": false, "type": "string"}, "services.anubis.instances.<name>.settings.DIFFICULTY": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.DIFFICULTY"}, "description": "The difficulty required for clients to solve the challenge.\n\nCurrently, this means the amount of leading zeros in a successful response.\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "anubis", "instances", "<name>", "settings", "DIFFICULTY"], "readOnly": false, "type": "signed integer"}, "services.anubis.instances.<name>.settings.METRICS_BIND": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "\"/run/anubis/anubis-\u2039name\u203a/anubis-metrics.sock\""}, "description": "The address Anubis' metrics server listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for\nsyntax.\nWhen using unix sockets:\n- use the prefix \"/run/anubis/anubis/\" if the instance name is the empty string,\n- \"/run/anubis/anubis-<name>/\" otherwise.\n\nThe metrics server is enabled by default and may be disabled. However, due to implementation details, this is\nonly possible by setting a command line flag. See {option}`services.anubis.defaultOptions.extraFlags` for an\nexample.\n\nDefaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `METRICS_BIND_NETWORK` to\n`\"tcp\"`.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8081\""}, "loc": ["services", "anubis", "instances", "<name>", "settings", "METRICS_BIND"], "readOnly": false, "type": "string"}, "services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.METRICS_BIND_NETWORK"}, "description": "The network family that the metrics server should bind to.\n\nAccepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen).\n\nCommon values are `tcp` and `unix`.\n", "example": {"_type": "literalExpression", "text": "\"tcp\""}, "loc": ["services", "anubis", "instances", "<name>", "settings", "METRICS_BIND_NETWORK"], "readOnly": false, "type": "string"}, "services.anubis.instances.<name>.settings.OG_PASSTHROUGH": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.OG_PASSTHROUGH"}, "description": "Whether to enable Open Graph tag passthrough.\n\nThis enables social previews of resources protected by\nAnubis without having to exempt each scraper individually.\n", "loc": ["services", "anubis", "instances", "<name>", "settings", "OG_PASSTHROUGH"], "readOnly": false, "type": "boolean"}, "services.anubis.instances.<name>.settings.POLICY_FNAME": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.POLICY_FNAME"}, "description": "The policy file to use. Leave this as `null` to use the policy generated from\n{option}`services.anubis.instances.<name>.policy`.\n", "loc": ["services", "anubis", "instances", "<name>", "settings", "POLICY_FNAME"], "readOnly": false, "type": "null or absolute path"}, "services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.SERVE_ROBOTS_TXT"}, "description": "Whether to serve a default robots.txt that denies access to common AI bots by name and all other\nbots by wildcard.\n", "loc": ["services", "anubis", "instances", "<name>", "settings", "SERVE_ROBOTS_TXT"], "readOnly": false, "type": "boolean"}, "services.anubis.instances.<name>.settings.TARGET": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "description": "The reverse proxy target that Anubis is protecting. This is a required option.\n\nThe usage of Unix domain sockets is supported by the following syntax: `unix:///path/to/socket.sock`.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8000\""}, "loc": ["services", "anubis", "instances", "<name>", "settings", "TARGET"], "readOnly": false, "type": "string"}, "services.anubis.instances.<name>.settings.WEBMASTER_EMAIL": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.settings.WEBMASTER_EMAIL"}, "description": "If set, shows a contact email address when rendering error pages.\n\nThis email address will be how users can get in contact with administrators.\n", "example": {"_type": "literalExpression", "text": "\"alice@example.com\""}, "loc": ["services", "anubis", "instances", "<name>", "settings", "WEBMASTER_EMAIL"], "readOnly": false, "type": "null or string"}, "services.anubis.instances.<name>.user": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "config.services.anubis.defaultOptions.user"}, "description": "The user under which Anubis is run.\n\nThis module utilizes systemd's DynamicUser feature. See the corresponding section in\n{manpage}`systemd.exec(5)` for more details.\n", "loc": ["services", "anubis", "instances", "<name>", "user"], "readOnly": false, "type": "string"}, "services.anubis.package": {"declarations": ["nixos/modules/services/networking/anubis.nix"], "default": {"_type": "literalExpression", "text": "pkgs.anubis"}, "description": "The anubis package to use.", "loc": ["services", "anubis", "package"], "readOnly": false, "type": "package"}, "services.anuko-time-tracker.dataDir": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/anuko-time-tracker\""}, "description": "Default data folder for Anuko Time Tracker.", "example": {"_type": "literalExpression", "text": "\"/mnt/anuko-time-tracker\""}, "loc": ["services", "anuko-time-tracker", "dataDir"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "anuko-time-tracker", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.database.host": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host.", "loc": ["services", "anuko-time-tracker", "database", "host"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.database.name": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"anuko_time_tracker\""}, "description": "Database name.", "loc": ["services", "anuko-time-tracker", "database", "name"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database user password file.", "loc": ["services", "anuko-time-tracker", "database", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.database.user": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"anuko_time_tracker\""}, "description": "Database username.", "loc": ["services", "anuko-time-tracker", "database", "user"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.enable": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Anuko Time Tracker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "anuko-time-tracker", "enable"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.hostname": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdn"}, "description": "The hostname to serve Anuko Time Tracker on.\n", "example": {"_type": "literalExpression", "text": "\"anuko.example.com\""}, "loc": ["services", "anuko-time-tracker", "hostname"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.nginx": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "With this option, you can customize the Nginx virtualHost settings.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"anuko.${config.networking.domain}\"\n  ];\n\n  # To enable encryption and let let's encrypt take care of certificate\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "anuko-time-tracker", "nginx"], "readOnly": false, "type": "submodule"}, "services.anuko-time-tracker.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "anuko-time-tracker", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "anuko-time-tracker", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "anuko-time-tracker", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "anuko-time-tracker", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.anuko-time-tracker.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "anuko-time-tracker", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.nginx.default": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "anuko-time-tracker", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "anuko-time-tracker", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "anuko-time-tracker", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.anuko-time-tracker.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "anuko-time-tracker", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "anuko-time-tracker", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "anuko-time-tracker", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "anuko-time-tracker", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "anuko-time-tracker", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "anuko-time-tracker", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "anuko-time-tracker", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.anuko-time-tracker.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "description": "Listen address.", "loc": ["services", "anuko-time-tracker", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "anuko-time-tracker", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.anuko-time-tracker.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "anuko-time-tracker", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.anuko-time-tracker.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "anuko-time-tracker", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "anuko-time-tracker", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "anuko-time-tracker", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.anuko-time-tracker.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "anuko-time-tracker", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.anuko-time-tracker.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.anuko-time-tracker.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.anuko-time-tracker.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.anuko-time-tracker.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "anuko-time-tracker", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "anuko-time-tracker", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "anuko-time-tracker", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "anuko-time-tracker", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.anuko-time-tracker.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "anuko-time-tracker", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "anuko-time-tracker", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.nginx.root": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "anuko-time-tracker", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "anuko-time-tracker", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.anuko-time-tracker.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "anuko-time-tracker", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "anuko-time-tracker", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.anuko-time-tracker.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "anuko-time-tracker", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.anuko-time-tracker.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "anuko-time-tracker", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "anuko-time-tracker", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.anuko-time-tracker.package": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.anuko-time-tracker"}, "description": "The anuko-time-tracker package to use.", "loc": ["services", "anuko-time-tracker", "package"], "readOnly": false, "type": "package"}, "services.anuko-time-tracker.poolConfig": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for Anuko Time Tracker's PHP-FPM pool.\n", "loc": ["services", "anuko-time-tracker", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.anuko-time-tracker.settings.defaultCurrency": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"$\""}, "description": "Defines a default currency symbol for new groups.\nUse \u20ac, \u00a3, a more specific dollar like US$, CAD, etc.\n", "example": {"_type": "literalExpression", "text": "\"\u20ac\""}, "loc": ["services", "anuko-time-tracker", "settings", "defaultCurrency"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.defaultLanguage": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines Anuko Time Tracker default language. It is used on Time Tracker login page.\nAfter login, a language set for user group is used.\nEmpty string means the language is defined by user browser.\n", "example": {"_type": "literalExpression", "text": "\"nl\""}, "loc": ["services", "anuko-time-tracker", "settings", "defaultLanguage"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.email.mode": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"smtp\""}, "description": "Mail sending mode. Can be 'mail' or 'smtp'.", "loc": ["services", "anuko-time-tracker", "settings", "email", "mode"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.email.sender": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"Anuko Time Tracker <bounces@example.com>\""}, "description": "Default sender for mail.", "loc": ["services", "anuko-time-tracker", "settings", "email", "sender"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.email.smtpAuth": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "MTA requires authentication.", "loc": ["services", "anuko-time-tracker", "settings", "email", "smtpAuth"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.settings.email.smtpDebug": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Debug mail sending.", "loc": ["services", "anuko-time-tracker", "settings", "email", "smtpDebug"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.settings.email.smtpHost": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "MTA hostname.", "loc": ["services", "anuko-time-tracker", "settings", "email", "smtpHost"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.email.smtpPasswordFile": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing the MTA authentication password.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/anuko-time-tracker/secrets/smtp-password\""}, "loc": ["services", "anuko-time-tracker", "settings", "email", "smtpPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.anuko-time-tracker.settings.email.smtpPort": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "MTA port.", "loc": ["services", "anuko-time-tracker", "settings", "email", "smtpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.anuko-time-tracker.settings.email.smtpUser": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MTA authentication username.", "loc": ["services", "anuko-time-tracker", "settings", "email", "smtpUser"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.emailRequired": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Defines whether an email is required for new registrations.", "loc": ["services", "anuko-time-tracker", "settings", "emailRequired"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.settings.exportDecimalDuration": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Defines whether time duration values are decimal in CSV and XML data\nexports (1.25 vs 1:15).\n", "loc": ["services", "anuko-time-tracker", "settings", "exportDecimalDuration"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.settings.forumLink": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"https://www.anuko.com/forum/viewforum.php?f=4\""}, "description": "Forum link from the main menu.", "loc": ["services", "anuko-time-tracker", "settings", "forumLink"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.helpLink": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"https://www.anuko.com/time-tracker/user-guide/index.htm\""}, "description": "Help link from the main menu.", "loc": ["services", "anuko-time-tracker", "settings", "helpLink"], "readOnly": false, "type": "string"}, "services.anuko-time-tracker.settings.multiorgMode": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Defines whether users see the Register option in the menu of Time Tracker that allows them\nto self-register and create new organizations (top groups).\n", "loc": ["services", "anuko-time-tracker", "settings", "multiorgMode"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.settings.reportFooter": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Defines whether to use a footer on reports.", "loc": ["services", "anuko-time-tracker", "settings", "reportFooter"], "readOnly": false, "type": "boolean"}, "services.anuko-time-tracker.settings.weekendStartDay": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "This option defines which days are highlighted with weekend color.\n6 means Saturday. For Saudi Arabia, etc. set it to 4 for Thursday and Friday to be\nweekend days.\n", "loc": ["services", "anuko-time-tracker", "settings", "weekendStartDay"], "readOnly": false, "type": "signed integer"}, "services.anuko-time-tracker.user": {"declarations": ["nixos/modules/services/web-apps/anuko-time-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"anuko_time_tracker\""}, "description": "User under which Anuko Time Tracker runs.", "loc": ["services", "anuko-time-tracker", "user"], "readOnly": false, "type": "string"}, "services.apache-kafka.clusterId": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "KRaft mode ClusterId used for formatting log directories. Can be generated with `kafka-storage.sh random-uuid`\n", "loc": ["services", "apache-kafka", "clusterId"], "readOnly": false, "type": "null or string"}, "services.apache-kafka.configFiles.log4jProperties": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "\"pkgs.writeText \\\"log4j.properties\\\" cfg.log4jProperties\""}, "description": "Kafka log4j property configuration file path", "loc": ["services", "apache-kafka", "configFiles", "log4jProperties"], "readOnly": false, "type": "absolute path"}, "services.apache-kafka.configFiles.serverProperties": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "description": "Kafka server.properties configuration file path.\nDefaults to the rendered `settings`.\n", "loc": ["services", "apache-kafka", "configFiles", "serverProperties"], "readOnly": false, "type": "absolute path"}, "services.apache-kafka.enable": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Kafka event streaming broker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "apache-kafka", "enable"], "readOnly": false, "type": "boolean"}, "services.apache-kafka.formatLogDirs": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to format log dirs in KRaft mode if all log dirs are\nunformatted, ie. they contain no meta.properties.\n", "loc": ["services", "apache-kafka", "formatLogDirs"], "readOnly": false, "type": "boolean"}, "services.apache-kafka.formatLogDirsIgnoreFormatted": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ignore already formatted log dirs when formatting log dirs,\ninstead of failing. Useful when replacing or adding disks.\n", "loc": ["services", "apache-kafka", "formatLogDirsIgnoreFormatted"], "readOnly": false, "type": "boolean"}, "services.apache-kafka.jre": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "pkgs.apacheKafka.passthru.jre"}, "description": "The JRE with which to run Kafka", "loc": ["services", "apache-kafka", "jre"], "readOnly": false, "type": "package"}, "services.apache-kafka.jvmOptions": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for the JVM running Kafka.", "example": {"_type": "literalExpression", "text": "[\n  \"-Djava.net.preferIPv4Stack=true\"\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.local.only=true\"\n]"}, "loc": ["services", "apache-kafka", "jvmOptions"], "readOnly": false, "type": "list of string"}, "services.apache-kafka.log4jProperties": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "''\n  log4j.rootLogger=INFO, stdout\n  \n  log4j.appender.stdout=org.apache.log4j.ConsoleAppender\n  log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\n  log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n\n''"}, "description": "Kafka log4j property configuration.", "loc": ["services", "apache-kafka", "log4jProperties"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.apache-kafka.package": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "pkgs.apacheKafka"}, "description": "The apacheKafka package to use.", "loc": ["services", "apache-kafka", "package"], "readOnly": false, "type": "package"}, "services.apache-kafka.settings": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "description": "[Kafka broker configuration](https://kafka.apache.org/documentation.html#brokerconfigs)\n{file}`server.properties`.\n\nNote that .properties files contain mappings from string to string.\nKeys with dots are NOT represented by nested attrs in these settings,\nbut instead as quoted strings (ie. `settings.\"broker.id\"`, NOT\n`settings.broker.id`).\n", "loc": ["services", "apache-kafka", "settings"], "readOnly": false, "type": "open submodule of lazy attribute set of (null or boolean or signed integer or string or list of (boolean or signed integer or string))"}, "services.apache-kafka.settings.\"broker.id\"": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Broker ID. -1 or null to auto-allocate in zookeeper mode.", "loc": ["services", "apache-kafka", "settings", "broker.id"], "readOnly": false, "type": "null or signed integer"}, "services.apache-kafka.settings.\"log.dirs\"": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "description": "Log file directories.", "loc": ["services", "apache-kafka", "settings", "log.dirs"], "readOnly": false, "type": "list of absolute path"}, "services.apache-kafka.settings.listeners": {"declarations": ["nixos/modules/services/misc/apache-kafka.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"PLAINTEXT://localhost:9092\"\n]"}, "description": "Kafka Listener List.\nSee [listeners](https://kafka.apache.org/documentation/#brokerconfigs_listeners).\n", "loc": ["services", "apache-kafka", "settings", "listeners"], "readOnly": false, "type": "list of string"}, "services.apcupsd.configText": {"declarations": ["nixos/modules/services/monitoring/apcupsd.nix"], "default": {"_type": "literalExpression", "text": "''\n  UPSTYPE usb\n  NISIP 127.0.0.1\n  BATTERYLEVEL 50\n  MINUTES 5\n''"}, "description": "Contents of the runtime configuration file, apcupsd.conf. The default\nsettings makes apcupsd autodetect USB UPSes, limit network access to\nlocalhost and shutdown the system when the battery level is below 50\npercent, or when the UPS has calculated that it has 5 minutes or less\nof remaining power-on time. See man apcupsd.conf for details.\n", "loc": ["services", "apcupsd", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.apcupsd.enable": {"declarations": ["nixos/modules/services/monitoring/apcupsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the APC UPS daemon. apcupsd monitors your UPS and\npermits orderly shutdown of your computer in the event of a power\nfailure. User manual: http://www.apcupsd.com/manual/manual.html.\nNote that apcupsd runs as root (to allow shutdown of computer).\nYou can check the status of your UPS with the \"apcaccess\" command.\n", "loc": ["services", "apcupsd", "enable"], "readOnly": false, "type": "boolean"}, "services.apcupsd.hooks": {"declarations": ["nixos/modules/services/monitoring/apcupsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this option names an apcupsd event and the string\nvalue it contains will be executed in a shell, in response to that\nevent (prior to the default action). See \"man apccontrol\" for the\nlist of events and what they represent.\n\nA hook script can stop apccontrol from doing its default action by\nexiting with value 99. Do not do this unless you know what you're\ndoing.\n", "example": {"_type": "literalExpression", "text": "{\n  doshutdown = \"# shell commands to notify that the computer is shutting down\";\n}"}, "loc": ["services", "apcupsd", "hooks"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.arbtt.enable": {"declarations": ["nixos/modules/services/monitoring/arbtt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Arbtt statistics capture service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "arbtt", "enable"], "readOnly": false, "type": "boolean"}, "services.arbtt.logFile": {"declarations": ["nixos/modules/services/monitoring/arbtt.nix"], "default": {"_type": "literalExpression", "text": "\"%h/.arbtt/capture.log\""}, "description": "The log file for captured samples.\n", "example": {"_type": "literalExpression", "text": "\"/home/username/.arbtt-capture.log\""}, "loc": ["services", "arbtt", "logFile"], "readOnly": false, "type": "string"}, "services.arbtt.package": {"declarations": ["nixos/modules/services/monitoring/arbtt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.haskellPackages.arbtt"}, "description": "The arbtt package to use.", "loc": ["services", "arbtt", "package"], "readOnly": false, "type": "package"}, "services.arbtt.sampleRate": {"declarations": ["nixos/modules/services/monitoring/arbtt.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "The sampling interval in seconds.\n", "example": {"_type": "literalExpression", "text": "120"}, "loc": ["services", "arbtt", "sampleRate"], "readOnly": false, "type": "signed integer"}, "services.aria2.downloadDirPermission": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "\"0770\""}, "description": "The permission for `settings.dir`.\n\nThe default is 0770, which denies access for users not in the `aria2`\ngroup.\n\nYou may want to adjust `serviceUMask` as well, which further restricts\nthe file permission for newly created files (i.e. the downloads).\n", "loc": ["services", "aria2", "downloadDirPermission"], "readOnly": false, "type": "string"}, "services.aria2.enable": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable the headless Aria2 daemon service.\n\nAria2 daemon can be controlled via the RPC interface using one of many\nWebUIs (http://localhost:6800/ by default).\n\nTargets are downloaded to `/var/lib/aria2/Downloads` by default and are\naccessible to users in the `aria2` group.\n", "loc": ["services", "aria2", "enable"], "readOnly": false, "type": "boolean"}, "services.aria2.openPorts": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open listen and RPC ports found in `settings.listen-port` and\n`settings.rpc-listen-port` options in the firewall.\n", "loc": ["services", "aria2", "openPorts"], "readOnly": false, "type": "boolean"}, "services.aria2.rpcSecretFile": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "description": "A file containing the RPC secret authorization token.\nRead <https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth> to know how this option value is used.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/aria2-rpc-token.txt\""}, "loc": ["services", "aria2", "rpcSecretFile"], "readOnly": false, "type": "absolute path"}, "services.aria2.serviceUMask": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "\"0022\""}, "description": "The file mode creation mask for Aria2 service.\n\nThe default is 0022 for compatibility reason, as this is the default\nused by systemd. However, this results in file permission 0644 for new\nfiles, and denies `aria2` group member from modifying the file.\n\nYou may want to set this value to `0002` so you can manage the file\nmore easily.\n", "example": {"_type": "literalExpression", "text": "\"0002\""}, "loc": ["services", "aria2", "serviceUMask"], "readOnly": false, "type": "string"}, "services.aria2.settings": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Generates the {file}`aria2.conf` file. Refer to [the documentation][0] for\nall possible settings.\n\n[0]: <https://aria2.github.io/manual/en/html/aria2c.html#synopsis>\n", "loc": ["services", "aria2", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or floating point number or (optionally newline-terminated) single-line string)"}, "services.aria2.settings.conf-path": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/aria2/aria2.conf\""}, "description": "Configuration file path.", "loc": ["services", "aria2", "settings", "conf-path"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.aria2.settings.dir": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/aria2/Downloads\""}, "description": "Directory to store downloaded files.", "loc": ["services", "aria2", "settings", "dir"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.aria2.settings.enable-rpc": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable JSON-RPC/XML-RPC server.", "loc": ["services", "aria2", "settings", "enable-rpc"], "readOnly": false, "type": "boolean"}, "services.aria2.settings.listen-port": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    from = 6881;\n    to = 6999;\n  }\n]"}, "description": "Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.", "loc": ["services", "aria2", "settings", "listen-port"], "readOnly": false, "type": "list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.aria2.settings.rpc-listen-port": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "6800"}, "description": "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535", "loc": ["services", "aria2", "settings", "rpc-listen-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.aria2.settings.save-session": {"declarations": ["nixos/modules/services/networking/aria2.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/aria2/aria2.session\""}, "description": "Save error/unfinished downloads to FILE on exit.", "loc": ["services", "aria2", "settings", "save-session"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.armagetronad.servers": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Armagetron server definitions.", "loc": ["services", "armagetronad", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.armagetronad.servers.<name>.dns": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DNS address to use for this server. Optional.", "loc": ["services", "armagetronad", "servers", "<name>", "dns"], "readOnly": false, "type": "null or string"}, "services.armagetronad.servers.<name>.enable": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable armagetronad.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "armagetronad", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.armagetronad.servers.<name>.host": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Host to listen on. Used for SERVER_IP.", "loc": ["services", "armagetronad", "servers", "<name>", "host"], "readOnly": false, "type": "string"}, "services.armagetronad.servers.<name>.name": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "description": "The name of this server.", "loc": ["services", "armagetronad", "servers", "<name>", "name"], "readOnly": false, "type": "string"}, "services.armagetronad.servers.<name>.openFirewall": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to true to open the configured UDP port for Armagetron Advanced.", "loc": ["services", "armagetronad", "servers", "<name>", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.armagetronad.servers.<name>.package": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.armagetronad-dedicated"}, "description": "The armagetronad-dedicated package to use. Ensure that you use a derivation which contains the path `bin/armagetronad-dedicated`.\n", "example": {"_type": "literalExpression", "text": "pkgs.armagetronad.\"0.2.9-sty+ct+ap\".dedicated\n"}, "loc": ["services", "armagetronad", "servers", "<name>", "package"], "readOnly": false, "type": "package"}, "services.armagetronad.servers.<name>.port": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "4534"}, "description": "Port to listen on. Used for SERVER_PORT.", "loc": ["services", "armagetronad", "servers", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.armagetronad.servers.<name>.roundSettings": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Armagetron Advanced server per-round configuration. Refer to:\n<https://wiki.armagetronad.org/index.php?title=Console_Commands>\nor `armagetronad-dedicated --doc` for a list.\n\nThis attrset is used to populate `everytime.cfg`; see:\n<https://wiki.armagetronad.org/index.php/Configuration_Files>\n", "example": {"_type": "literalExpression", "text": "{\n  SAY = [\n    \"Hosted on NixOS\"\n    \"https://nixos.org\"\n    \"iD Tech High Rubber rul3z!! Happy New Year 2008!!1\"\n  ];\n}\n"}, "loc": ["services", "armagetronad", "servers", "<name>", "roundSettings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.armagetronad.servers.<name>.settings": {"declarations": ["nixos/modules/services/games/armagetronad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Armagetron Advanced server rules configuration. Refer to:\n<https://wiki.armagetronad.org/index.php?title=Console_Commands>\nor `armagetronad-dedicated --doc` for a list.\n\nThis attrset is used to populate `settings_custom.cfg`; see:\n<https://wiki.armagetronad.org/index.php/Configuration_Files>\n", "example": {"_type": "literalExpression", "text": "{\n  CYCLE_RUBBER = 40;\n}\n"}, "loc": ["services", "armagetronad", "servers", "<name>", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.arsenik.anglemod": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Choose here if you want to add an angle mod: ZXCVB are shifted to the left.\nSee https://colemakmods.github.io/ergonomic-mods/angle.html for more details.\n", "loc": ["services", "arsenik", "anglemod"], "readOnly": false, "type": "boolean"}, "services.arsenik.enable": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable A 33-key layout that works with all keyboards..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "arsenik", "enable"], "readOnly": false, "type": "boolean"}, "services.arsenik.hold_timeout": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "200"}, "description": "The key must be held XX ms to become a layer shift.", "loc": ["services", "arsenik", "hold_timeout"], "readOnly": false, "type": "signed integer"}, "services.arsenik.hrm": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable homerow.", "loc": ["services", "arsenik", "hrm"], "readOnly": false, "type": "boolean"}, "services.arsenik.lafayette": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add AltGr programmation layer like Ergo\u2011L", "loc": ["services", "arsenik", "lafayette"], "readOnly": false, "type": "boolean"}, "services.arsenik.layout": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "\"ergol\""}, "description": "Your keyboard layout. Possible values are:\nergol qwerty-lafayette qwerty azerty qwertz bepo optimot\n", "loc": ["services", "arsenik", "layout"], "readOnly": false, "type": "string"}, "services.arsenik.long_hold_timeout": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Slightly higher value for typing keys, to prevent unexpected hold effect.", "loc": ["services", "arsenik", "long_hold_timeout"], "readOnly": false, "type": "signed integer"}, "services.arsenik.lt": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable layer-taps.", "loc": ["services", "arsenik", "lt"], "readOnly": false, "type": "boolean"}, "services.arsenik.mac": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Original key arrangement on your keyboard: Mac or PC.", "loc": ["services", "arsenik", "mac"], "readOnly": false, "type": "boolean"}, "services.arsenik.num": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add NumRow layer", "loc": ["services", "arsenik", "num"], "readOnly": false, "type": "boolean"}, "services.arsenik.package": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "pkgs.arsenik"}, "description": "The arsenik package to use.", "loc": ["services", "arsenik", "package"], "readOnly": false, "type": "package"}, "services.arsenik.run": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "\"M-p\""}, "description": "The keyboard shortcut of your application launcher.", "loc": ["services", "arsenik", "run"], "readOnly": false, "type": "string"}, "services.arsenik.tap_timeout": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "200"}, "description": "The key must be pressed twice in XX ms to enable repetitions.", "loc": ["services", "arsenik", "tap_timeout"], "readOnly": false, "type": "signed integer"}, "services.arsenik.vim": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Navigation layer: ESDF or HJKL?", "loc": ["services", "arsenik", "vim"], "readOnly": false, "type": "boolean"}, "services.arsenik.wide": {"declarations": ["nixos/modules/services/hardware/arsenik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The right hand is moved one key to the right.", "loc": ["services", "arsenik", "wide"], "readOnly": false, "type": "boolean"}, "services.artalk.allowModify": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "allow Artalk store the settings to config file persistently", "loc": ["services", "artalk", "allowModify"], "readOnly": false, "type": "boolean"}, "services.artalk.configFile": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/artalk/config.yml\""}, "description": "Artalk config file path. If it is not exist, Artalk will generate one.", "loc": ["services", "artalk", "configFile"], "readOnly": false, "type": "string"}, "services.artalk.enable": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable artalk, a comment system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "artalk", "enable"], "readOnly": false, "type": "boolean"}, "services.artalk.group": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "\"artalk\""}, "description": "Artalk group name.", "loc": ["services", "artalk", "group"], "readOnly": false, "type": "string"}, "services.artalk.package": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.artalk"}, "description": "The artalk package to use.", "loc": ["services", "artalk", "package"], "readOnly": false, "type": "package"}, "services.artalk.settings": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The artalk configuration.\n\nIf you set allowModify to true, Artalk will be able to store the settings in the config file persistently. This section's content will update in the config file after the service restarts.\n\nOptions containing secret data should be set to an attribute set\ncontaining the attribute `_secret` - a string pointing to a file\ncontaining the value the option should be set to.\n", "loc": ["services", "artalk", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.artalk.settings.host": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Artalk server listen host\n", "loc": ["services", "artalk", "settings", "host"], "readOnly": false, "type": "string"}, "services.artalk.settings.port": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "23366"}, "description": "Artalk server listen port\n", "loc": ["services", "artalk", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.artalk.user": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "\"artalk\""}, "description": "Artalk user name.", "loc": ["services", "artalk", "user"], "readOnly": false, "type": "string"}, "services.artalk.workdir": {"declarations": ["nixos/modules/services/web-apps/artalk.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/artalk\""}, "description": "Artalk working directory", "loc": ["services", "artalk", "workdir"], "readOnly": false, "type": "string"}, "services.asterisk.confFiles": {"declarations": ["nixos/modules/services/networking/asterisk.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Sets the content of config files (typically ending with\n`.conf`) in the Asterisk configuration directory.\n\nNote that if you want to change {file}`asterisk.conf`, it\nis preferable to use the {option}`services.asterisk.extraConfig`\noption over this option. If `\"asterisk.conf\"` is\nspecified with the {option}`confFiles` option (not recommended),\nyou must be prepared to set your own `astetcdir`\npath.\n\nSee\n<https://www.asterisk.org/community/documentation/>\nfor more examples of what is possible here.\n", "example": {"_type": "literalExpression", "text": "{\n  \"extensions.conf\" = ''\n    [tests]\n    ; Dial 100 for \"hello, world\"\n    exten => 100,1,Answer()\n    same  =>     n,Wait(1)\n    same  =>     n,Playback(hello-world)\n    same  =>     n,Hangup()\n\n    [softphones]\n    include => tests\n\n    [unauthorized]\n  '';\n  \"sip.conf\" = ''\n    [general]\n    allowguest=no              ; Require authentication\n    context=unauthorized       ; Send unauthorized users to /dev/null\n    srvlookup=no               ; Don't do DNS lookup\n    udpbindaddr=0.0.0.0        ; Listen on all interfaces\n    nat=force_rport,comedia    ; Assume device is behind NAT\n\n    [softphone](!)\n    type=friend                ; Match on username first, IP second\n    context=softphones         ; Send to softphones context in\n                               ; extensions.conf file\n    host=dynamic               ; Device will register with asterisk\n    disallow=all               ; Manually specify codecs to allow\n    allow=g722\n    allow=ulaw\n    allow=alaw\n\n    [myphone](softphone)\n    secret=GhoshevFew          ; Change this password!\n  '';\n  \"logger.conf\" = ''\n    [general]\n\n    [logfiles]\n    ; Add debug output to log\n    syslog.local0 => notice,warning,error,debug\n  '';\n}\n"}, "loc": ["services", "asterisk", "confFiles"], "readOnly": false, "type": "attribute set of string"}, "services.asterisk.enable": {"declarations": ["nixos/modules/services/networking/asterisk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Asterisk PBX server.\n", "loc": ["services", "asterisk", "enable"], "readOnly": false, "type": "boolean"}, "services.asterisk.extraArguments": {"declarations": ["nixos/modules/services/networking/asterisk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass to Asterisk.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-vvvddd\"\n  \"-e\"\n  \"1024\"\n]"}, "loc": ["services", "asterisk", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.asterisk.extraConfig": {"declarations": ["nixos/modules/services/networking/asterisk.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options appended to the default\n{file}`asterisk.conf` file.\n", "example": {"_type": "literalExpression", "text": "''\n  [options]\n  verbose=3\n  debug=3\n''"}, "loc": ["services", "asterisk", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.asterisk.package": {"declarations": ["nixos/modules/services/networking/asterisk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.asterisk"}, "description": "The asterisk package to use.", "loc": ["services", "asterisk", "package"], "readOnly": false, "type": "package"}, "services.asterisk.useTheseDefaultConfFiles": {"declarations": ["nixos/modules/services/networking/asterisk.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"ari.conf\"\n  \"acl.conf\"\n  \"agents.conf\"\n  \"amd.conf\"\n  \"calendar.conf\"\n  \"cdr.conf\"\n  \"cdr_syslog.conf\"\n  \"cdr_custom.conf\"\n  \"cel.conf\"\n  \"cel_custom.conf\"\n  \"cli_aliases.conf\"\n  \"confbridge.conf\"\n  \"dundi.conf\"\n  \"features.conf\"\n  \"hep.conf\"\n  \"iax.conf\"\n  \"pjsip.conf\"\n  \"pjsip_wizard.conf\"\n  \"phone.conf\"\n  \"phoneprov.conf\"\n  \"queues.conf\"\n  \"res_config_sqlite3.conf\"\n  \"res_parking.conf\"\n  \"statsd.conf\"\n  \"udptl.conf\"\n  \"unistim.conf\"\n]"}, "description": "Sets these config files to the default content. The default value for\n          this option contains all necesscary files to avoid errors at startup.\n          This does not override settings via {option}`services.asterisk.confFiles`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"sip.conf\"\n  \"dundi.conf\"\n]"}, "loc": ["services", "asterisk", "useTheseDefaultConfFiles"], "readOnly": false, "type": "list of string"}, "services.asusd.animeConfig": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of /etc/asusd/anime.ron.\nSee <https://asus-linux.org/manual/asusctl-manual/#anime-control>.\n", "loc": ["services", "asusd", "animeConfig"], "readOnly": false, "type": "null or (submodule)"}, "services.asusd.animeConfig.source": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["services", "asusd", "animeConfig", "source"], "readOnly": false, "type": "null or absolute path"}, "services.asusd.animeConfig.text": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "asusd", "animeConfig", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.asusd.asusdConfig": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of /etc/asusd/asusd.ron.\nSee <https://asus-linux.org/manual/asusctl-manual/>.\n", "loc": ["services", "asusd", "asusdConfig"], "readOnly": false, "type": "null or (submodule)"}, "services.asusd.asusdConfig.source": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["services", "asusd", "asusdConfig", "source"], "readOnly": false, "type": "null or absolute path"}, "services.asusd.asusdConfig.text": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "asusd", "asusdConfig", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.asusd.auraConfigs": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The content of /etc/asusd/aura_<name>.ron.\nSee <https://asus-linux.org/manual/asusctl-manual/#led-keyboard-control>.\n", "loc": ["services", "asusd", "auraConfigs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.asusd.auraConfigs.<name>.source": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["services", "asusd", "auraConfigs", "<name>", "source"], "readOnly": false, "type": "null or absolute path"}, "services.asusd.auraConfigs.<name>.text": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "asusd", "auraConfigs", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.asusd.enable": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the asusd service for ASUS ROG laptops.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "asusd", "enable"], "readOnly": false, "type": "boolean"}, "services.asusd.enableUserService": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Activate the asusd-user service.\n", "loc": ["services", "asusd", "enableUserService"], "readOnly": false, "type": "boolean"}, "services.asusd.fanCurvesConfig": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of /etc/asusd/fan_curves.ron.\nSee <https://asus-linux.org/manual/asusctl-manual/#fan-curves>.\n", "loc": ["services", "asusd", "fanCurvesConfig"], "readOnly": false, "type": "null or (submodule)"}, "services.asusd.fanCurvesConfig.source": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["services", "asusd", "fanCurvesConfig", "source"], "readOnly": false, "type": "null or absolute path"}, "services.asusd.fanCurvesConfig.text": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "asusd", "fanCurvesConfig", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.asusd.package": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.asusctl"}, "description": "The asusctl package to use.", "loc": ["services", "asusd", "package"], "readOnly": false, "type": "package"}, "services.asusd.profileConfig": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of /etc/asusd/profile.ron.\nSee <https://asus-linux.org/manual/asusctl-manual/#profiles>.\n", "loc": ["services", "asusd", "profileConfig"], "readOnly": false, "type": "null or (submodule)"}, "services.asusd.profileConfig.source": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["services", "asusd", "profileConfig", "source"], "readOnly": false, "type": "null or absolute path"}, "services.asusd.profileConfig.text": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "asusd", "profileConfig", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.asusd.userLedModesConfig": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of /etc/asusd/asusd-user-ledmodes.ron.\nSee <https://asus-linux.org/manual/asusctl-manual/#led-keyboard-control>.\n", "loc": ["services", "asusd", "userLedModesConfig"], "readOnly": false, "type": "null or (submodule)"}, "services.asusd.userLedModesConfig.source": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the source file.", "loc": ["services", "asusd", "userLedModesConfig", "source"], "readOnly": false, "type": "null or absolute path"}, "services.asusd.userLedModesConfig.text": {"declarations": ["nixos/modules/services/hardware/asusd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "asusd", "userLedModesConfig", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.atalkd.configFile": {"declarations": ["nixos/modules/services/networking/atalkd.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/store/xxx-atalkd.conf\""}, "description": "Optional path to a custom {file}`atalkd.conf` file. When set, this overrides the generated\nconfiguration from `services.atalkd.interfaces`.\n", "loc": ["services", "atalkd", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.atalkd.enable": {"declarations": ["nixos/modules/services/networking/atalkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the AppleTalk daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "atalkd", "enable"], "readOnly": false, "type": "boolean"}, "services.atalkd.interfaces": {"declarations": ["nixos/modules/services/networking/atalkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Per-interface configuration for atalkd.", "loc": ["services", "atalkd", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.atalkd.interfaces.<name>.config": {"declarations": ["nixos/modules/services/networking/atalkd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional configuration string for this interface.", "loc": ["services", "atalkd", "interfaces", "<name>", "config"], "readOnly": false, "type": "null or string"}, "services.atd.allowEveryone": {"declarations": ["nixos/modules/services/scheduling/atd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to make {file}`/var/spool/at{jobs,spool}`\nwriteable by everyone (and sticky).  This is normally not\nneeded since the {command}`at` commands are\nsetuid/setgid `atd`.\n", "loc": ["services", "atd", "allowEveryone"], "readOnly": false, "type": "boolean"}, "services.atd.enable": {"declarations": ["nixos/modules/services/scheduling/atd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the {command}`at` daemon, a command scheduler.\n", "loc": ["services", "atd", "enable"], "readOnly": false, "type": "boolean"}, "services.atftpd.enable": {"declarations": ["nixos/modules/services/networking/atftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the atftpd TFTP server. By default, the server\nbinds to address 0.0.0.0.\n", "loc": ["services", "atftpd", "enable"], "readOnly": false, "type": "boolean"}, "services.atftpd.extraOptions": {"declarations": ["nixos/modules/services/networking/atftpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to atftp.\n", "example": {"_type": "literalExpression", "text": "[ \"--bind-address 192.168.9.1\"\n  \"--verbose=7\"\n]\n"}, "loc": ["services", "atftpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.atftpd.root": {"declarations": ["nixos/modules/services/networking/atftpd.nix"], "default": {"_type": "literalExpression", "text": "\"/srv/tftp\""}, "description": "Document root directory for the atftpd.\n", "loc": ["services", "atftpd", "root"], "readOnly": false, "type": "absolute path"}, "services.athens.basicAuthPass": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for basic auth. Warning: this is stored in plain text in the config file.\n", "example": {"_type": "literalExpression", "text": "\"swordfish\""}, "loc": ["services", "athens", "basicAuthPass"], "readOnly": false, "type": "null or string"}, "services.athens.basicAuthUser": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for basic auth.\n", "example": {"_type": "literalExpression", "text": "\"user\""}, "loc": ["services", "athens", "basicAuthUser"], "readOnly": false, "type": "null or string"}, "services.athens.cloudRuntime": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Specifies the Cloud Provider on which the Proxy/registry is running.\n", "example": {"_type": "literalExpression", "text": "\"GCP\""}, "loc": ["services", "athens", "cloudRuntime"], "readOnly": false, "type": "one of \"GCP\", \"none\""}, "services.athens.downloadMode": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"async_redirect\""}, "description": "Defines how Athens behaves when a module@version\nis not found in storage. There are 7 options:\n1. \"sync\": download the module synchronously and\nreturn the results to the client.\n2. \"async\": return 404, but asynchronously store the module\nin the storage backend.\n3. \"redirect\": return a 301 redirect status to the client\nwith the base URL as the DownloadRedirectURL from below.\n4. \"async_redirect\": same as option number 3 but it will\nasynchronously store the module to the backend.\n5. \"none\": return 404 if a module is not found and do nothing.\n6. \"file:<path>\": will point to an HCL file that specifies\nany of the 5 options above based on different import paths.\n7. \"custom:<base64-encoded-hcl>\" is the same as option 6\nbut the file is fully encoded in the option. This is\nuseful for using an environment variable in serverless\ndeployments.\n", "loc": ["services", "athens", "downloadMode"], "readOnly": false, "type": "one of \"sync\", \"async\", \"redirect\", \"async_redirect\", \"none\" or string matching the pattern ^file:.*$|^custom:.*$"}, "services.athens.downloadURL": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"https://proxy.golang.org\""}, "description": "URL used if DownloadMode is set to redirect.", "loc": ["services", "athens", "downloadURL"], "readOnly": false, "type": "string"}, "services.athens.enable": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Go module datastore and proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "athens", "enable"], "readOnly": false, "type": "boolean"}, "services.athens.enablePprof": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable pprof endpoints.", "loc": ["services", "athens", "enablePprof"], "readOnly": false, "type": "boolean"}, "services.athens.extraConfig": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options for the athens config file.\n", "loc": ["services", "athens", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.athens.filterFile": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Filename for the include exclude filter.", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"filterFile\" ''\n  - github.com/azure\n  + github.com/azure/azure-sdk-for-go\n  D golang.org/x/tools\n''\n"}, "loc": ["services", "athens", "filterFile"], "readOnly": false, "type": "null or absolute path"}, "services.athens.forceSSL": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force SSL redirects for incoming requests.\n", "loc": ["services", "athens", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.athens.githubToken": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Creates .netrc file with the given token to be used for GitHub.\nWarning: this is stored in plain text in the config file.\n", "example": {"_type": "literalExpression", "text": "\"ghp_1234567890\""}, "loc": ["services", "athens", "githubToken"], "readOnly": false, "type": "null or string"}, "services.athens.globalEndpoint": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Endpoint for a package registry in case of a proxy cache miss.\n", "example": {"_type": "literalExpression", "text": "\"http://upstream-athens.example.com:3000\""}, "loc": ["services", "athens", "globalEndpoint"], "readOnly": false, "type": "string"}, "services.athens.goBinary": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "pkgs.go"}, "description": "The Go package used by Athens at runtime.\n\nAthens primarily runs two Go commands:\n1. `go mod download -json <module>@<version>`\n2. `go list -m -json <module>@latest`\n", "example": {"_type": "literalExpression", "text": "\"pkgs.go_1_23\""}, "loc": ["services", "athens", "goBinary"], "readOnly": false, "type": "package"}, "services.athens.goBinaryEnvVars": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to pass to the Go binary.", "example": {"_type": "literalExpression", "text": "''\n  { \"GOPROXY\" = \"direct\", \"GODEBUG\" = \"true\" }\n''"}, "loc": ["services", "athens", "goBinaryEnvVars"], "readOnly": false, "type": "attribute set"}, "services.athens.goEnv": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"development\""}, "description": "Specifies the type of environment to run. One of 'development' or 'production'.", "example": {"_type": "literalExpression", "text": "\"production\""}, "loc": ["services", "athens", "goEnv"], "readOnly": false, "type": "one of \"development\", \"production\""}, "services.athens.goGetDir": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Temporary directory that Athens will use to\nfetch modules from VCS prior to persisting\nthem to a storage backend.\n\nIf the value is empty, Athens will use the\ndefault OS temp directory.\n", "example": {"_type": "literalExpression", "text": "\"/tmp/athens\""}, "loc": ["services", "athens", "goGetDir"], "readOnly": false, "type": "null or absolute path"}, "services.athens.goGetWorkers": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Number of workers concurrently downloading modules.", "example": {"_type": "literalExpression", "text": "32"}, "loc": ["services", "athens", "goGetWorkers"], "readOnly": false, "type": "signed integer"}, "services.athens.hgrcPath": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the .hgrc file.\n", "example": {"_type": "literalExpression", "text": "\"/home/user/.hgrc\""}, "loc": ["services", "athens", "hgrcPath"], "readOnly": false, "type": "null or absolute path"}, "services.athens.index.mysql.database": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"athens\""}, "description": "Database name for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "database"], "readOnly": false, "type": "string"}, "services.athens.index.mysql.host": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "host"], "readOnly": false, "type": "string"}, "services.athens.index.mysql.params.parseTime": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"true\""}, "description": "Parse time for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "params", "parseTime"], "readOnly": false, "type": "null or string"}, "services.athens.index.mysql.params.timeout": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Timeout for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "params", "timeout"], "readOnly": false, "type": "null or string"}, "services.athens.index.mysql.password": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for the MySQL database. Warning: this is stored in plain text in the config file.", "loc": ["services", "athens", "index", "mysql", "password"], "readOnly": false, "type": "null or string"}, "services.athens.index.mysql.port": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Port for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.athens.index.mysql.protocol": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "Protocol for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "protocol"], "readOnly": false, "type": "string"}, "services.athens.index.mysql.user": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "User for the MySQL database.", "loc": ["services", "athens", "index", "mysql", "user"], "readOnly": false, "type": "string"}, "services.athens.index.postgres.database": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"athens\""}, "description": "Database name for the Postgres database.", "loc": ["services", "athens", "index", "postgres", "database"], "readOnly": false, "type": "string"}, "services.athens.index.postgres.host": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host for the Postgres database.", "loc": ["services", "athens", "index", "postgres", "host"], "readOnly": false, "type": "string"}, "services.athens.index.postgres.params.connect_timeout": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Connect timeout for the Postgres database.", "loc": ["services", "athens", "index", "postgres", "params", "connect_timeout"], "readOnly": false, "type": "null or string"}, "services.athens.index.postgres.params.sslmode": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"disable\""}, "description": "SSL mode for the Postgres database.", "loc": ["services", "athens", "index", "postgres", "params", "sslmode"], "readOnly": false, "type": "null or string"}, "services.athens.index.postgres.password": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for the Postgres database. Warning: this is stored in plain text in the config file.", "loc": ["services", "athens", "index", "postgres", "password"], "readOnly": false, "type": "null or string"}, "services.athens.index.postgres.port": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Port for the Postgres database.", "loc": ["services", "athens", "index", "postgres", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.athens.index.postgres.user": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"postgres\""}, "description": "User for the Postgres database.", "loc": ["services", "athens", "index", "postgres", "user"], "readOnly": false, "type": "string"}, "services.athens.indexType": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Type of index backend Athens will use.\n", "loc": ["services", "athens", "indexType"], "readOnly": false, "type": "one of \"none\", \"memory\", \"mysql\", \"postgres\""}, "services.athens.logLevel": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"warning\""}, "description": "Log level for Athens.\nSupports all logrus log levels (https://github.com/Sirupsen/logrus#level-logging)\".\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "athens", "logLevel"], "readOnly": false, "type": "null or one of \"panic\", \"fatal\", \"error\", \"warning\", \"info\", \"debug\", \"trace\""}, "services.athens.netrcPath": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the .netrc file.\n", "example": {"_type": "literalExpression", "text": "\"/home/user/.netrc\""}, "loc": ["services", "athens", "netrcPath"], "readOnly": false, "type": "null or absolute path"}, "services.athens.networkMode": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"strict\""}, "description": "Configures how Athens will return the results\nof the /list endpoint as it can be assembled from both its own\nstorage and the upstream VCS.\n\nNote, that for better error messaging, this would also affect how other\nendpoints behave.\n\nModes:\n1. strict: merge VCS versions with storage versions, but fail if either of them fails.\n2. offline: only get storage versions, never reach out to VCS.\n3. fallback: only return storage versions, if VCS fails. Note this means that you may\nsee inconsistent results since fallback mode does a best effort of giving you what's\navailable at the time of requesting versions.\n", "loc": ["services", "athens", "networkMode"], "readOnly": false, "type": "one of \"strict\", \"offline\", \"fallback\""}, "services.athens.noSumPatterns": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of patterns that Athens sum db proxy will return a 403 for.\n", "example": {"_type": "literalExpression", "text": "[\n  \"github.com/mycompany/*\"\n]"}, "loc": ["services", "athens", "noSumPatterns"], "readOnly": false, "type": "list of string"}, "services.athens.package": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "pkgs.athens"}, "description": "Which athens derivation to use", "example": {"_type": "literalExpression", "text": "\"pkgs.athens\""}, "loc": ["services", "athens", "package"], "readOnly": false, "type": "package"}, "services.athens.pathPrefix": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets basepath for all routes.\n", "example": {"_type": "literalExpression", "text": "\"/athens\""}, "loc": ["services", "athens", "pathPrefix"], "readOnly": false, "type": "null or string"}, "services.athens.port": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port number Athens listens on.\n", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "athens", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.athens.pprofPort": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "3301"}, "description": "Port number for pprof endpoints.", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "athens", "pprofPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.athens.protocolWorkers": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Number of workers concurrently serving protocol paths.", "loc": ["services", "athens", "protocolWorkers"], "readOnly": false, "type": "signed integer"}, "services.athens.robotsFile": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Provides /robots.txt for net crawlers.", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"robots.txt\" \"# my custom robots.txt ...\""}, "loc": ["services", "athens", "robotsFile"], "readOnly": false, "type": "null or absolute path"}, "services.athens.shutdownTimeout": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Number of seconds to wait for the server to shutdown gracefully.\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "shutdownTimeout"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.etcd.endpoints": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "URLs that determine all distributed etcd servers.", "example": {"_type": "literalExpression", "text": "[\n  \"localhost:2379\"\n]"}, "loc": ["services", "athens", "singleFlight", "etcd", "endpoints"], "readOnly": false, "type": "list of string"}, "services.athens.singleFlight.redis.endpoint": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL of the redis server.", "example": {"_type": "literalExpression", "text": "\"localhost:6379\""}, "loc": ["services", "athens", "singleFlight", "redis", "endpoint"], "readOnly": false, "type": "string"}, "services.athens.singleFlight.redis.lockConfig.maxRetries": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Maximum number of retries for the lock.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "singleFlight", "redis", "lockConfig", "maxRetries"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.redis.lockConfig.timeout": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "15"}, "description": "Timeout for the lock in seconds.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "singleFlight", "redis", "lockConfig", "timeout"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.redis.lockConfig.ttl": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "900"}, "description": "TTL for the lock in seconds.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "singleFlight", "redis", "lockConfig", "ttl"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.redis.password": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Password for the redis server. Warning: this is stored in plain text in the config file.", "example": {"_type": "literalExpression", "text": "\"swordfish\""}, "loc": ["services", "athens", "singleFlight", "redis", "password"], "readOnly": false, "type": "string"}, "services.athens.singleFlight.redisSentinel.endpoints": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "URLs that determine all distributed redis servers.", "example": {"_type": "literalExpression", "text": "[\n  \"localhost:26379\"\n]"}, "loc": ["services", "athens", "singleFlight", "redisSentinel", "endpoints"], "readOnly": false, "type": "list of string"}, "services.athens.singleFlight.redisSentinel.lockConfig.maxRetries": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Maximum number of retries for the lock.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "singleFlight", "redisSentinel", "lockConfig", "maxRetries"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.redisSentinel.lockConfig.timeout": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "15"}, "description": "Timeout for the lock in seconds.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "singleFlight", "redisSentinel", "lockConfig", "timeout"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.redisSentinel.lockConfig.ttl": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "900"}, "description": "TTL for the lock in seconds.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "athens", "singleFlight", "redisSentinel", "lockConfig", "ttl"], "readOnly": false, "type": "signed integer"}, "services.athens.singleFlight.redisSentinel.masterName": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name of the sentinel master server.", "example": {"_type": "literalExpression", "text": "\"redis-1\""}, "loc": ["services", "athens", "singleFlight", "redisSentinel", "masterName"], "readOnly": false, "type": "string"}, "services.athens.singleFlight.redisSentinel.sentinelPassword": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Password for the sentinel server. Warning: this is stored in plain text in the config file.", "example": {"_type": "literalExpression", "text": "\"swordfish\""}, "loc": ["services", "athens", "singleFlight", "redisSentinel", "sentinelPassword"], "readOnly": false, "type": "string"}, "services.athens.singleFlightType": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"memory\""}, "description": "Determines what mechanism Athens uses to manage concurrency flowing into the Athens backend.\n", "loc": ["services", "athens", "singleFlightType"], "readOnly": false, "type": "one of \"memory\", \"etcd\", \"redis\", \"redis-sentinel\", \"gcp\", \"azureblob\""}, "services.athens.statsExporter": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Stats exporter to use.", "loc": ["services", "athens", "statsExporter"], "readOnly": false, "type": "null or value \"prometheus\" (singular enum)"}, "services.athens.storage.azureblob.accountKey": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Account key for the Azure Blob storage backend. Warning: this is stored in plain text in the config file.", "loc": ["services", "athens", "storage", "azureblob", "accountKey"], "readOnly": false, "type": "null or string"}, "services.athens.storage.azureblob.accountName": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Account name for the Azure Blob storage backend.", "loc": ["services", "athens", "storage", "azureblob", "accountName"], "readOnly": false, "type": "null or string"}, "services.athens.storage.azureblob.containerName": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Container name for the Azure Blob storage backend.", "loc": ["services", "athens", "storage", "azureblob", "containerName"], "readOnly": false, "type": "null or string"}, "services.athens.storage.cdn.endpoint": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "hostname of the CDN server.", "example": {"_type": "literalExpression", "text": "\"cdn.example.com\""}, "loc": ["services", "athens", "storage", "cdn", "endpoint"], "readOnly": false, "type": "null or string"}, "services.athens.storage.disk.rootPath": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/athens\""}, "description": "Athens disk root folder.", "loc": ["services", "athens", "storage", "disk", "rootPath"], "readOnly": false, "type": "null or absolute path"}, "services.athens.storage.external.url": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the backend storage layer.", "example": {"_type": "literalExpression", "text": "\"https://athens.example.com\""}, "loc": ["services", "athens", "storage", "external", "url"], "readOnly": false, "type": "null or string"}, "services.athens.storage.gcp.bucket": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "GCP backend storage bucket.", "example": {"_type": "literalExpression", "text": "\"my-bucket\""}, "loc": ["services", "athens", "storage", "gcp", "bucket"], "readOnly": false, "type": "null or string"}, "services.athens.storage.gcp.jsonKey": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base64 encoded GCP service account key. Warning: this is stored in plain text in the config file.", "loc": ["services", "athens", "storage", "gcp", "jsonKey"], "readOnly": false, "type": "null or string"}, "services.athens.storage.gcp.projectID": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "GCP project ID.", "example": {"_type": "literalExpression", "text": "\"my-project\""}, "loc": ["services", "athens", "storage", "gcp", "projectID"], "readOnly": false, "type": "null or string"}, "services.athens.storage.minio.bucket": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Bucket name for the minio storage backend.", "example": {"_type": "literalExpression", "text": "\"gomods\""}, "loc": ["services", "athens", "storage", "minio", "bucket"], "readOnly": false, "type": "null or string"}, "services.athens.storage.minio.enableSSL": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL for the minio storage backend.", "loc": ["services", "athens", "storage", "minio", "enableSSL"], "readOnly": false, "type": "boolean"}, "services.athens.storage.minio.endpoint": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint of the minio storage backend.", "example": {"_type": "literalExpression", "text": "\"minio.example.com:9001\""}, "loc": ["services", "athens", "storage", "minio", "endpoint"], "readOnly": false, "type": "null or string"}, "services.athens.storage.minio.key": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Access key id for the minio storage backend.", "example": {"_type": "literalExpression", "text": "\"minio\""}, "loc": ["services", "athens", "storage", "minio", "key"], "readOnly": false, "type": "null or string"}, "services.athens.storage.minio.region": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Region for the minio storage backend.", "example": {"_type": "literalExpression", "text": "\"us-east-1\""}, "loc": ["services", "athens", "storage", "minio", "region"], "readOnly": false, "type": "null or string"}, "services.athens.storage.minio.secret": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secret key for the minio storage backend. Warning: this is stored in plain text in the config file.", "example": {"_type": "literalExpression", "text": "\"minio123\""}, "loc": ["services", "athens", "storage", "minio", "secret"], "readOnly": false, "type": "null or string"}, "services.athens.storage.mongo.certPath": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the certificate file for the mongo database.", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/mongo.pem\""}, "loc": ["services", "athens", "storage", "mongo", "certPath"], "readOnly": false, "type": "null or absolute path"}, "services.athens.storage.mongo.defaultDBName": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the mongo database.", "example": {"_type": "literalExpression", "text": "\"athens\""}, "loc": ["services", "athens", "storage", "mongo", "defaultDBName"], "readOnly": false, "type": "null or string"}, "services.athens.storage.mongo.insecure": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow insecure connections to the mongo database.", "loc": ["services", "athens", "storage", "mongo", "insecure"], "readOnly": false, "type": "boolean"}, "services.athens.storage.mongo.url": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the mongo database.", "example": {"_type": "literalExpression", "text": "\"mongodb://localhost:27017\""}, "loc": ["services", "athens", "storage", "mongo", "url"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.awsContainerCredentialsRelativeURI": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Container relative url (used by fargate).", "loc": ["services", "athens", "storage", "s3", "awsContainerCredentialsRelativeURI"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.bucket": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Bucket name for the S3 storage backend.", "example": {"_type": "literalExpression", "text": "\"gomods\""}, "loc": ["services", "athens", "storage", "s3", "bucket"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.credentialsEndpoint": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Credentials endpoint for the S3 storage backend.", "loc": ["services", "athens", "storage", "s3", "credentialsEndpoint"], "readOnly": false, "type": "string"}, "services.athens.storage.s3.endpoint": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint for the S3 storage backend.", "loc": ["services", "athens", "storage", "s3", "endpoint"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.forcePathStyle": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force path style for the S3 storage backend.", "loc": ["services", "athens", "storage", "s3", "forcePathStyle"], "readOnly": false, "type": "boolean"}, "services.athens.storage.s3.key": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Access key id for the S3 storage backend.", "example": {"_type": "literalExpression", "text": "\"minio\""}, "loc": ["services", "athens", "storage", "s3", "key"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.region": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Region of the S3 storage backend.", "example": {"_type": "literalExpression", "text": "\"eu-west-3\""}, "loc": ["services", "athens", "storage", "s3", "region"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.secret": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Secret key for the S3 storage backend. Warning: this is stored in plain text in the config file.", "loc": ["services", "athens", "storage", "s3", "secret"], "readOnly": false, "type": "string"}, "services.athens.storage.s3.token": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Token for the S3 storage backend. Warning: this is stored in plain text in the config file.", "loc": ["services", "athens", "storage", "s3", "token"], "readOnly": false, "type": "null or string"}, "services.athens.storage.s3.useDefaultConfiguration": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use default configuration for the S3 storage backend.", "loc": ["services", "athens", "storage", "s3", "useDefaultConfiguration"], "readOnly": false, "type": "boolean"}, "services.athens.storageType": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "\"disk\""}, "description": "Specifies the type of storage backend to use.", "loc": ["services", "athens", "storageType"], "readOnly": false, "type": "one of \"memory\", \"disk\", \"mongo\", \"gcp\", \"minio\", \"s3\", \"azureblob\", \"external\""}, "services.athens.sumDBs": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"https://sum.golang.org\"\n]"}, "description": "List of fully qualified URLs that Athens will proxy\nthat the go command can use a checksum verifier.\n", "loc": ["services", "athens", "sumDBs"], "readOnly": false, "type": "list of string"}, "services.athens.timeout": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Timeout for external network calls in seconds.", "example": {"_type": "literalExpression", "text": "3"}, "loc": ["services", "athens", "timeout"], "readOnly": false, "type": "signed integer"}, "services.athens.tlsCertFile": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS certificate file.", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/certs/athens.crt\""}, "loc": ["services", "athens", "tlsCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.athens.tlsKeyFile": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS key file.", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/certs/athens.key\""}, "loc": ["services", "athens", "tlsKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.athens.traceExporter": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Trace exporter to use.\n", "loc": ["services", "athens", "traceExporter"], "readOnly": false, "type": "null or one of \"jaeger\", \"datadog\""}, "services.athens.traceExporterURL": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL endpoint that traces will be sent to.\n", "example": {"_type": "literalExpression", "text": "\"http://localhost:14268\""}, "loc": ["services", "athens", "traceExporterURL"], "readOnly": false, "type": "null or string"}, "services.athens.unixSocket": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the unix socket file.\nIf set, Athens will listen on the unix socket instead of TCP socket.\n", "example": {"_type": "literalExpression", "text": "\"/run/athens.sock\""}, "loc": ["services", "athens", "unixSocket"], "readOnly": false, "type": "null or absolute path"}, "services.athens.validatorHook": {"declarations": ["nixos/modules/services/development/athens.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint to validate modules against.\n\nNot used if empty.\n", "example": {"_type": "literalExpression", "text": "\"https://validation.example.com\""}, "loc": ["services", "athens", "validatorHook"], "readOnly": false, "type": "null or string"}, "services.atticd.enable": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the atticd, the Nix Binary Cache server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "atticd", "enable"], "readOnly": false, "type": "boolean"}, "services.atticd.environmentFile": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an EnvironmentFile containing required environment\nvariables:\n\n- ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the\n  RS256 JWT secret. Generate it with `openssl genrsa -traditional 4096 | base64 -w0`.\n", "loc": ["services", "atticd", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.atticd.group": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "\"atticd\""}, "description": "The group under which attic runs.\n", "loc": ["services", "atticd", "group"], "readOnly": false, "type": "string"}, "services.atticd.mode": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "\"monolithic\""}, "description": "Mode in which to run the server.\n\n'monolithic' runs all components, and is suitable for single-node deployments.\n\n'api-server' runs only the API server, and is suitable for clustering.\n\n'garbage-collector' only runs the garbage collector periodically.\n\nA simple NixOS-based Attic deployment will typically have one 'monolithic' and any number of 'api-server' nodes.\n\nThere are several other supported modes that perform one-off operations, but these are the only ones that make sense to run via the NixOS module.\n", "loc": ["services", "atticd", "mode"], "readOnly": false, "type": "one of \"monolithic\", \"api-server\", \"garbage-collector\""}, "services.atticd.package": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.attic-server"}, "description": "The attic-server package to use.", "loc": ["services", "atticd", "package"], "readOnly": false, "type": "package"}, "services.atticd.settings": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structured configurations of atticd.\nSee <https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml>\n", "loc": ["services", "atticd", "settings"], "readOnly": false, "type": "TOML value"}, "services.atticd.user": {"declarations": ["nixos/modules/services/networking/atticd.nix"], "default": {"_type": "literalExpression", "text": "\"atticd\""}, "description": "The user under which attic runs.\n", "loc": ["services", "atticd", "user"], "readOnly": false, "type": "string"}, "services.atuin.database.createLocally": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "atuin", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.atuin.database.uri": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql:///atuin?host=/run/postgresql\""}, "description": "URI to the database.\nCan be set to null in which case ATUIN_DB_URI should be set through an EnvironmentFile\n", "example": {"_type": "literalExpression", "text": "\"postgresql://atuin@localhost:5432/atuin\""}, "loc": ["services", "atuin", "database", "uri"], "readOnly": false, "type": "null or string"}, "services.atuin.enable": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Atuin server for shell history sync.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "atuin", "enable"], "readOnly": false, "type": "boolean"}, "services.atuin.host": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address the atuin server should listen on.", "loc": ["services", "atuin", "host"], "readOnly": false, "type": "string"}, "services.atuin.maxHistoryLength": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "8192"}, "description": "The max length of each history item the atuin server should store.", "loc": ["services", "atuin", "maxHistoryLength"], "readOnly": false, "type": "signed integer"}, "services.atuin.openFirewall": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the atuin server.", "loc": ["services", "atuin", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.atuin.openRegistration": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow new user registrations with the atuin server.", "loc": ["services", "atuin", "openRegistration"], "readOnly": false, "type": "boolean"}, "services.atuin.package": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.atuin"}, "description": "The atuin package to use.", "loc": ["services", "atuin", "package"], "readOnly": false, "type": "package"}, "services.atuin.path": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A path to prepend to all the routes of the server.", "loc": ["services", "atuin", "path"], "readOnly": false, "type": "string"}, "services.atuin.port": {"declarations": ["nixos/modules/services/misc/atuin.nix"], "default": {"_type": "literalExpression", "text": "8888"}, "description": "The port the atuin server should listen on.", "loc": ["services", "atuin", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.audiobookshelf.dataDir": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "\"audiobookshelf\""}, "description": "Path to Audiobookshelf config and metadata inside of /var/lib.", "loc": ["services", "audiobookshelf", "dataDir"], "readOnly": false, "type": "string"}, "services.audiobookshelf.enable": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Audiobookshelf, self-hosted audiobook and podcast server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "audiobookshelf", "enable"], "readOnly": false, "type": "boolean"}, "services.audiobookshelf.group": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "\"audiobookshelf\""}, "description": "Group under which Audiobookshelf runs.", "loc": ["services", "audiobookshelf", "group"], "readOnly": false, "type": "string"}, "services.audiobookshelf.host": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host Audiobookshelf binds to.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "audiobookshelf", "host"], "readOnly": false, "type": "string"}, "services.audiobookshelf.openFirewall": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Audiobookshelf web interface.", "loc": ["services", "audiobookshelf", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.audiobookshelf.package": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "pkgs.audiobookshelf"}, "description": "The audiobookshelf package to use.", "loc": ["services", "audiobookshelf", "package"], "readOnly": false, "type": "package"}, "services.audiobookshelf.port": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "The TCP port Audiobookshelf will listen on.", "loc": ["services", "audiobookshelf", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.audiobookshelf.user": {"declarations": ["nixos/modules/services/web-apps/audiobookshelf.nix"], "default": {"_type": "literalExpression", "text": "\"audiobookshelf\""}, "description": "User account under which Audiobookshelf runs.", "loc": ["services", "audiobookshelf", "user"], "readOnly": false, "type": "string"}, "services.authelia.instances": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Multi-domain protection currently requires multiple instances of Authelia.\nIf you don't require multiple instances of Authelia you can define just the one.\n\n<https://www.authelia.com/roadmap/active/multi-domain-protection/>\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    main = {\n      enable = true;\n      secrets.storageEncryptionKeyFile = \"/etc/authelia/storageEncryptionKeyFile\";\n      secrets.jwtSecretFile = \"/etc/authelia/jwtSecretFile\";\n      settings = {\n        theme = \"light\";\n        default_2fa_method = \"totp\";\n        log.level = \"debug\";\n        server.disable_healthcheck = true;\n      };\n    };\n    preprod = {\n      enable = false;\n      secrets.storageEncryptionKeyFile = \"/mnt/pre-prod/authelia/storageEncryptionKeyFile\";\n      secrets.jwtSecretFile = \"/mnt/pre-prod/jwtSecretFile\";\n      settings = {\n        theme = \"dark\";\n        default_2fa_method = \"webauthn\";\n        server.host = \"0.0.0.0\";\n      };\n    };\n    test.enable = true;\n    test.secrets.manual = true;\n    test.settings.theme = \"grey\";\n    test.settings.server.disable_healthcheck = true;\n    test.settingsFiles = [ \"/mnt/test/authelia\" \"/mnt/test-authelia.conf\" ];\n    };\n  }\n''"}, "loc": ["services", "authelia", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.authelia.instances.<name>.enable": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Authelia instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "authelia", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.authelia.instances.<name>.environmentVariables": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to provide to authelia.\nIf you are providing secrets please consider the options under {option}`services.authelia.<instance>.secrets`\nor make sure you use the `_FILE` suffix.\nIf you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store.\nFor more details: <https://www.authelia.com/configuration/methods/secrets/>\n", "loc": ["services", "authelia", "instances", "<name>", "environmentVariables"], "readOnly": false, "type": "attribute set of string"}, "services.authelia.instances.<name>.group": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"authelia-\u2039name\u203a\""}, "description": "The name of the group for this authelia instance.", "loc": ["services", "authelia", "instances", "<name>", "group"], "readOnly": false, "type": "string"}, "services.authelia.instances.<name>.name": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Name is used as a suffix for the service name, user, and group.\nBy default it takes the value you use for `<instance>` in:\n{option}`services.authelia.<instance>`\n", "loc": ["services", "authelia", "instances", "<name>", "name"], "readOnly": false, "type": "string"}, "services.authelia.instances.<name>.package": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "pkgs.authelia"}, "description": "The authelia package to use.", "loc": ["services", "authelia", "instances", "<name>", "package"], "readOnly": false, "type": "package"}, "services.authelia.instances.<name>.secrets": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "It is recommended you keep your secrets separate from the configuration.\nIt's especially important to keep the raw secrets out of your nix configuration,\nas the values will be preserved in your nix store.\nThis attribute allows you to configure the location of secret files to be loaded at runtime.\n\n<https://www.authelia.com/configuration/methods/secrets/>\n", "loc": ["services", "authelia", "instances", "<name>", "secrets"], "readOnly": false, "type": "submodule"}, "services.authelia.instances.<name>.secrets.jwtSecretFile": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your JWT secret used during identity verificaton.\n", "loc": ["services", "authelia", "instances", "<name>", "secrets", "jwtSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.authelia.instances.<name>.secrets.manual": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configuring authelia's secret files via the secrets attribute set\nis intended to be convenient and help catch cases where values are required\nto run at all.\nIf a user wants to set these values themselves and bypass the validation they can set this value to true.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "authelia", "instances", "<name>", "secrets", "manual"], "readOnly": false, "type": "boolean"}, "services.authelia.instances.<name>.secrets.oidcHmacSecretFile": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your HMAC secret used to sign OIDC JWTs.\n", "loc": ["services", "authelia", "instances", "<name>", "secrets", "oidcHmacSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your private key file used to encrypt OIDC JWTs.\n", "loc": ["services", "authelia", "instances", "<name>", "secrets", "oidcIssuerPrivateKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.authelia.instances.<name>.secrets.sessionSecretFile": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your session secret. Only used when redis is used as session storage.\n", "loc": ["services", "authelia", "instances", "<name>", "secrets", "sessionSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.authelia.instances.<name>.secrets.storageEncryptionKeyFile": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your storage encryption key.\n", "loc": ["services", "authelia", "instances", "<name>", "secrets", "storageEncryptionKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.authelia.instances.<name>.settings": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Your Authelia config.yml as a Nix attribute set.\nThere are several values that are defined and documented in nix such as `default_2fa_method`,\nbut additional items can also be included.\n\n<https://github.com/authelia/authelia/blob/master/config.template.yml>\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    theme = \"light\";\n    default_2fa_method = \"totp\";\n    log.level = \"debug\";\n    server.disable_healthcheck = true;\n  }\n''"}, "loc": ["services", "authelia", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.authelia.instances.<name>.settings.default_2fa_method": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Default 2FA method for new users and fallback for preferred but disabled methods.\n", "example": {"_type": "literalExpression", "text": "\"webauthn\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "default_2fa_method"], "readOnly": false, "type": "one of \"\", \"totp\", \"webauthn\", \"mobile_push\""}, "services.authelia.instances.<name>.settings.log.file_path": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path where the logs will be written. If not set logs are written to stdout.", "example": {"_type": "literalExpression", "text": "\"/var/log/authelia/authelia.log\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "log", "file_path"], "readOnly": false, "type": "null or absolute path"}, "services.authelia.instances.<name>.settings.log.format": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"json\""}, "description": "Format the logs are written as.", "example": {"_type": "literalExpression", "text": "\"text\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "log", "format"], "readOnly": false, "type": "one of \"json\", \"text\""}, "services.authelia.instances.<name>.settings.log.keep_stdout": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to also log to stdout when a `file_path` is defined.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "authelia", "instances", "<name>", "settings", "log", "keep_stdout"], "readOnly": false, "type": "boolean"}, "services.authelia.instances.<name>.settings.log.level": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"debug\""}, "description": "Level of verbosity for logs.", "example": {"_type": "literalExpression", "text": "\"info\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "log", "level"], "readOnly": false, "type": "one of \"trace\", \"debug\", \"info\", \"warn\", \"error\""}, "services.authelia.instances.<name>.settings.server.address": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://:9091/\""}, "description": "The address to listen on.", "example": {"_type": "literalExpression", "text": "\"unix:///var/run/authelia.sock?path=authelia&umask=0117\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "server", "address"], "readOnly": false, "type": "string"}, "services.authelia.instances.<name>.settings.telemetry.metrics.address": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://127.0.0.1:9959\""}, "description": "The address to listen on for metrics. This should be on a different port to the main `server.port` value.", "example": {"_type": "literalExpression", "text": "\"tcp://0.0.0.0:8888\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "telemetry", "metrics", "address"], "readOnly": false, "type": "string"}, "services.authelia.instances.<name>.settings.telemetry.metrics.enabled": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Metrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "authelia", "instances", "<name>", "settings", "telemetry", "metrics", "enabled"], "readOnly": false, "type": "boolean"}, "services.authelia.instances.<name>.settings.theme": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"light\""}, "description": "The theme to display.", "example": {"_type": "literalExpression", "text": "\"dark\""}, "loc": ["services", "authelia", "instances", "<name>", "settings", "theme"], "readOnly": false, "type": "one of \"light\", \"dark\", \"grey\", \"auto\""}, "services.authelia.instances.<name>.settingsFiles": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Here you can provide authelia with configuration files or directories.\nIt is possible to give authelia multiple files and use the nix generated configuration\nfile set via {option}`services.authelia.<instance>.settings`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/authelia/config.yml\"\n  \"/etc/authelia/access-control.yml\"\n  \"/etc/authelia/config/\"\n]"}, "loc": ["services", "authelia", "instances", "<name>", "settingsFiles"], "readOnly": false, "type": "list of absolute path"}, "services.authelia.instances.<name>.user": {"declarations": ["nixos/modules/services/security/authelia.nix"], "default": {"_type": "literalExpression", "text": "\"authelia-\u2039name\u203a\""}, "description": "The name of the user for this authelia instance.", "loc": ["services", "authelia", "instances", "<name>", "user"], "readOnly": false, "type": "string"}, "services.auto-epp.enable": {"declarations": ["nixos/modules/services/hardware/auto-epp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable auto-epp for amd active pstate.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "auto-epp", "enable"], "readOnly": false, "type": "boolean"}, "services.auto-epp.package": {"declarations": ["nixos/modules/services/hardware/auto-epp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.auto-epp"}, "description": "The auto-epp package to use.", "loc": ["services", "auto-epp", "package"], "readOnly": false, "type": "package"}, "services.auto-epp.settings": {"declarations": ["nixos/modules/services/hardware/auto-epp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the auto-epp application.\nSee upstream example: <https://github.com/jothi-prasath/auto-epp/blob/master/sample-auto-epp.conf>\n", "loc": ["services", "auto-epp", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.auto-epp.settings.Settings.epp_state_for_AC": {"declarations": ["nixos/modules/services/hardware/auto-epp.nix"], "default": {"_type": "literalExpression", "text": "\"balance_performance\""}, "description": "energy_performance_preference when on plugged in\n\n::: {.note}\nSee available epp states by running:\n{command}`cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences`\n:::\n", "loc": ["services", "auto-epp", "settings", "Settings", "epp_state_for_AC"], "readOnly": false, "type": "string"}, "services.auto-epp.settings.Settings.epp_state_for_BAT": {"declarations": ["nixos/modules/services/hardware/auto-epp.nix"], "default": {"_type": "literalExpression", "text": "\"power\""}, "description": "`energy_performance_preference` when on battery\n\n::: {.note}\nSee available epp states by running:\n{command}`cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences`\n:::\n", "loc": ["services", "auto-epp", "settings", "Settings", "epp_state_for_BAT"], "readOnly": false, "type": "string"}, "services.autobrr.enable": {"declarations": ["nixos/modules/services/misc/autobrr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Autobrr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "autobrr", "enable"], "readOnly": false, "type": "boolean"}, "services.autobrr.openFirewall": {"declarations": ["nixos/modules/services/misc/autobrr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Autobrr web interface.", "loc": ["services", "autobrr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.autobrr.package": {"declarations": ["nixos/modules/services/misc/autobrr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.autobrr"}, "description": "The autobrr package to use.", "loc": ["services", "autobrr", "package"], "readOnly": false, "type": "package"}, "services.autobrr.secretFile": {"declarations": ["nixos/modules/services/misc/autobrr.nix"], "description": "File containing the session secret for the Autobrr web interface.", "loc": ["services", "autobrr", "secretFile"], "readOnly": false, "type": "absolute path"}, "services.autobrr.settings": {"declarations": ["nixos/modules/services/misc/autobrr.nix"], "default": {"_type": "literalExpression", "text": "{\n  checkForUpdates = true;\n  host = \"127.0.0.1\";\n  port = 7474;\n}"}, "description": "Autobrr configuration options.\n\nRefer to <https://autobrr.com/configuration/autobrr>\nfor a full list.\n", "example": {"_type": "literalExpression", "text": "{\n  logLevel = \"DEBUG\";\n}"}, "loc": ["services", "autobrr", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.autofs.autoMaster": {"declarations": ["nixos/modules/services/misc/autofs.nix"], "description": "Contents of `/etc/auto.master` file. See {manpage}`auto.master(5)` and {manpage}`autofs(5)`.\n", "example": {"_type": "literalExpression", "text": "let\n  mapConf = pkgs.writeText \"auto\" ''\n   kernel    -ro,soft,intr       ftp.kernel.org:/pub/linux\n   boot      -fstype=ext2        :/dev/hda1\n   windoze   -fstype=smbfs       ://windoze/c\n   removable -fstype=ext2        :/dev/hdd\n   cd        -fstype=iso9660,ro  :/dev/hdc\n   floppy    -fstype=auto        :/dev/fd0\n   server    -rw,hard,intr       / -ro myserver.me.org:/ \\\n                                 /usr myserver.me.org:/usr \\\n                                 /home myserver.me.org:/home\n  '';\nin ''\n  /auto file:${mapConf}\n''\n"}, "loc": ["services", "autofs", "autoMaster"], "readOnly": false, "type": "string"}, "services.autofs.debug": {"declarations": ["nixos/modules/services/misc/autofs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Pass -d and -7 to automount and write log to the system journal.\n", "loc": ["services", "autofs", "debug"], "readOnly": false, "type": "boolean"}, "services.autofs.enable": {"declarations": ["nixos/modules/services/misc/autofs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Mount filesystems on demand. Unmount them automatically.\nYou may also be interested in afuse.\n", "loc": ["services", "autofs", "enable"], "readOnly": false, "type": "boolean"}, "services.autofs.timeout": {"declarations": ["nixos/modules/services/misc/autofs.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "Set the global minimum timeout, in seconds, until directories are unmounted", "loc": ["services", "autofs", "timeout"], "readOnly": false, "type": "signed integer"}, "services.automatic-timezoned.enable": {"declarations": ["nixos/modules/services/system/automatic-timezoned.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable `automatic-timezoned`, simple daemon for keeping the system\ntimezone up-to-date based on the current location. It uses geoclue2 to\ndetermine the current location and systemd-timedated to actually set\nthe timezone.\n\nTo avoid silent overriding by the service, if you have explicitly set a\ntimezone, either remove it or ensure that it is set with a lower priority\nthan the default value using `lib.mkDefault` or `lib.mkOverride`. This is\nto make the choice deliberate. An error will be presented otherwise.\n", "loc": ["services", "automatic-timezoned", "enable"], "readOnly": false, "type": "boolean"}, "services.automatic-timezoned.package": {"declarations": ["nixos/modules/services/system/automatic-timezoned.nix"], "default": {"_type": "literalExpression", "text": "pkgs.automatic-timezoned"}, "description": "The automatic-timezoned package to use.", "loc": ["services", "automatic-timezoned", "package"], "readOnly": false, "type": "package"}, "services.automx2.domain": {"declarations": ["nixos/modules/services/mail/automx2.nix"], "description": "E-Mail-Domain for which mail client autoconfig/autoconfigure should be set up.\nThe `autoconfig` and `autodiscover` subdomains are automatically prepended and set up with ACME.\nThe names of those domains are hardcoded in the mail clients and are not configurable.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "automx2", "domain"], "readOnly": false, "type": "string"}, "services.automx2.enable": {"declarations": ["nixos/modules/services/mail/automx2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automx2.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "automx2", "enable"], "readOnly": false, "type": "boolean"}, "services.automx2.package": {"declarations": ["nixos/modules/services/mail/automx2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3Packages.automx2"}, "description": "The automx2 package to use.", "loc": ["services", "automx2", "package"], "readOnly": false, "type": "package"}, "services.automx2.port": {"declarations": ["nixos/modules/services/mail/automx2.nix"], "default": {"_type": "literalExpression", "text": "4243"}, "description": "Port used by automx2.", "loc": ["services", "automx2", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.automx2.settings": {"declarations": ["nixos/modules/services/mail/automx2.nix"], "description": "Bootstrap json to populate database.\nSee [docs](https://rseichter.github.io/automx2/#_sqlite) for details.\n", "loc": ["services", "automx2", "settings"], "readOnly": false, "type": "JSON value"}, "services.automysqlbackup.calendar": {"declarations": ["nixos/modules/services/backup/automysqlbackup.nix"], "default": {"_type": "literalExpression", "text": "\"01:15:00\""}, "description": "Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).\n", "loc": ["services", "automysqlbackup", "calendar"], "readOnly": false, "type": "string"}, "services.automysqlbackup.enable": {"declarations": ["nixos/modules/services/backup/automysqlbackup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable AutoMySQLBackup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "automysqlbackup", "enable"], "readOnly": false, "type": "boolean"}, "services.automysqlbackup.settings": {"declarations": ["nixos/modules/services/backup/automysqlbackup.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "automysqlbackup configuration. Refer to\n{file}`${pkgs.automysqlbackup}/etc/automysqlbackup.conf`\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  db_names = [ \"nextcloud\" \"matomo\" ];\n  table_exclude = [ \"nextcloud.oc_users\" \"nextcloud.oc_whats_new\" ];\n  mailcontent = \"log\";\n  mail_address = \"admin@example.org\";\n}\n"}, "loc": ["services", "automysqlbackup", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean or list of string)"}, "services.autorandr.defaultTarget": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "Fallback if no monitor layout can be detected. See the docs\n(https://github.com/phillipberndt/autorandr/blob/v1.0/README.md#how-to-use)\nfor further reference.\n", "loc": ["services", "autorandr", "defaultTarget"], "readOnly": false, "type": "string"}, "services.autorandr.enable": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable handling of hotplug and sleep events by autorandr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "autorandr", "enable"], "readOnly": false, "type": "boolean"}, "services.autorandr.hooks": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Global hook scripts", "example": {"_type": "literalExpression", "text": "{\n  postswitch = {\n    \"notify-i3\" = \"${pkgs.i3}/bin/i3-msg restart\";\n    \"change-background\" = readFile ./change-background.sh;\n    \"change-dpi\" = ''\n      case \"$AUTORANDR_CURRENT_PROFILE\" in\n        default)\n          DPI=120\n          ;;\n        home)\n          DPI=192\n          ;;\n        work)\n          DPI=144\n          ;;\n        *)\n          echo \"Unknown profle: $AUTORANDR_CURRENT_PROFILE\"\n          exit 1\n      esac\n      echo \"Xft.dpi: $DPI\" | ${pkgs.xrdb}/bin/xrdb -merge\n    '';\n  };\n}\n"}, "loc": ["services", "autorandr", "hooks"], "readOnly": false, "type": "submodule"}, "services.autorandr.hooks.postswitch": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Postswitch hook executed after mode switch.", "loc": ["services", "autorandr", "hooks", "postswitch"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.autorandr.hooks.predetect": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Predetect hook executed before autorandr attempts to run xrandr.\n", "loc": ["services", "autorandr", "hooks", "predetect"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.autorandr.hooks.preswitch": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Preswitch hook executed before mode switch.", "loc": ["services", "autorandr", "hooks", "preswitch"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.autorandr.ignoreLid": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Treat outputs as connected even if their lids are closed", "loc": ["services", "autorandr", "ignoreLid"], "readOnly": false, "type": "boolean"}, "services.autorandr.matchEdid": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Match displays based on edid instead of name", "loc": ["services", "autorandr", "matchEdid"], "readOnly": false, "type": "boolean"}, "services.autorandr.profiles": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Autorandr profiles specification.", "example": {"_type": "literalExpression", "text": "{\n  \"work\" = {\n    fingerprint = {\n      eDP1 = \"<EDID>\";\n      DP1 = \"<EDID>\";\n    };\n    config = {\n      eDP1.enable = false;\n      DP1 = {\n        enable = true;\n        crtc = 0;\n        primary = true;\n        position = \"0x0\";\n        mode = \"3840x2160\";\n        gamma = \"1.0:0.909:0.833\";\n        rate = \"60.00\";\n        rotate = \"left\";\n      };\n    };\n    hooks.postswitch = readFile ./work-postswitch.sh;\n  };\n}\n"}, "loc": ["services", "autorandr", "profiles"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.autorandr.profiles.<name>.config": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Per output profile configuration.", "loc": ["services", "autorandr", "profiles", "<name>", "config"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.autorandr.profiles.<name>.config.<name>.crtc": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Output video display controller.", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "crtc"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.autorandr.profiles.<name>.config.<name>.dpi": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Output DPI configuration.", "example": {"_type": "literalExpression", "text": "96"}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "dpi"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.autorandr.profiles.<name>.config.<name>.enable": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the output.", "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.autorandr.profiles.<name>.config.<name>.gamma": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Output gamma configuration.", "example": {"_type": "literalExpression", "text": "\"1.0:0.909:0.833\""}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "gamma"], "readOnly": false, "type": "string"}, "services.autorandr.profiles.<name>.config.<name>.mode": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Output resolution.", "example": {"_type": "literalExpression", "text": "\"3840x2160\""}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "mode"], "readOnly": false, "type": "string"}, "services.autorandr.profiles.<name>.config.<name>.position": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Output position", "example": {"_type": "literalExpression", "text": "\"5760x0\""}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "position"], "readOnly": false, "type": "string"}, "services.autorandr.profiles.<name>.config.<name>.primary": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether output should be marked as primary", "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "primary"], "readOnly": false, "type": "boolean"}, "services.autorandr.profiles.<name>.config.<name>.rate": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Output framerate.", "example": {"_type": "literalExpression", "text": "\"60.00\""}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "rate"], "readOnly": false, "type": "string"}, "services.autorandr.profiles.<name>.config.<name>.rotate": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Output rotate configuration.", "example": {"_type": "literalExpression", "text": "\"left\""}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "rotate"], "readOnly": false, "type": "null or one of \"normal\", \"left\", \"right\", \"inverted\""}, "services.autorandr.profiles.<name>.config.<name>.scale": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Output scale configuration.\n\nEither configure by pixels or a scaling factor. When using pixel method the\n{manpage}`xrandr(1)`\noption\n`--scale-from`\nwill be used; when using factor method the option\n`--scale`\nwill be used.\n\nThis option is a shortcut version of the transform option and they are mutually\nexclusive.\n", "example": {"_type": "literalExpression", "text": "{\n  x = 1.25;\n  y = 1.25;\n}\n"}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "scale"], "readOnly": false, "type": "null or (submodule)"}, "services.autorandr.profiles.<name>.config.<name>.scale.method": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "\"factor\""}, "description": "Output scaling method.", "example": {"_type": "literalExpression", "text": "\"pixel\""}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "scale", "method"], "readOnly": false, "type": "one of \"factor\", \"pixel\""}, "services.autorandr.profiles.<name>.config.<name>.scale.x": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "description": "Horizontal scaling factor/pixels.", "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "scale", "x"], "readOnly": false, "type": "floating point number or (positive integer, meaning >0)"}, "services.autorandr.profiles.<name>.config.<name>.scale.y": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "description": "Vertical scaling factor/pixels.", "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "scale", "y"], "readOnly": false, "type": "floating point number or (positive integer, meaning >0)"}, "services.autorandr.profiles.<name>.config.<name>.transform": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refer to\n{manpage}`xrandr(1)`\nfor the documentation of the transform matrix.\n", "example": {"_type": "literalExpression", "text": "[\n  [ 0.6 0.0 0.0 ]\n  [ 0.0 0.6 0.0 ]\n  [ 0.0 0.0 1.0 ]\n]\n"}, "loc": ["services", "autorandr", "profiles", "<name>", "config", "<name>", "transform"], "readOnly": false, "type": "null or (3\u00d73 matrix of floating point numbers)"}, "services.autorandr.profiles.<name>.fingerprint": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Output name to EDID mapping.\nUse `autorandr --fingerprint` to get current setup values.\n", "loc": ["services", "autorandr", "profiles", "<name>", "fingerprint"], "readOnly": false, "type": "attribute set of string"}, "services.autorandr.profiles.<name>.hooks": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Profile hook scripts.", "loc": ["services", "autorandr", "profiles", "<name>", "hooks"], "readOnly": false, "type": "submodule"}, "services.autorandr.profiles.<name>.hooks.postswitch": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Postswitch hook executed after mode switch.", "loc": ["services", "autorandr", "profiles", "<name>", "hooks", "postswitch"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.autorandr.profiles.<name>.hooks.predetect": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Predetect hook executed before autorandr attempts to run xrandr.\n", "loc": ["services", "autorandr", "profiles", "<name>", "hooks", "predetect"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.autorandr.profiles.<name>.hooks.preswitch": {"declarations": ["nixos/modules/services/misc/autorandr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Preswitch hook executed before mode switch.", "loc": ["services", "autorandr", "profiles", "<name>", "hooks", "preswitch"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.autossh.sessions": {"declarations": ["nixos/modules/services/networking/autossh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of AutoSSH sessions to start as systemd services. Each service is\nnamed 'autossh-{session.name}'.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    extraArguments = \"-N -D4343 billremote@socks.host.net\";\n    monitoringPort = 20000;\n    name = \"socks-peer\";\n    user = \"bill\";\n  }\n]"}, "loc": ["services", "autossh", "sessions"], "readOnly": false, "type": "list of (submodule)"}, "services.autossh.sessions.*.extraArguments": {"declarations": ["nixos/modules/services/networking/autossh.nix"], "description": "Arguments to be passed to AutoSSH and retransmitted to SSH\nprocess. Some meaningful options include -N (don't run remote\ncommand), -D (open SOCKS proxy on local port), -R (forward\nremote port), -L (forward local port), -v (Enable debug). Check\nssh manual for the complete list.\n", "example": {"_type": "literalExpression", "text": "\"-N -D4343 bill@socks.example.net\""}, "loc": ["services", "autossh", "sessions", "*", "extraArguments"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.autossh.sessions.*.monitoringPort": {"declarations": ["nixos/modules/services/networking/autossh.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Port to be used by AutoSSH for peer monitoring. Note, that\nAutoSSH also uses mport+1. Value of 0 disables the keep-alive\nstyle monitoring\n", "example": {"_type": "literalExpression", "text": "20000"}, "loc": ["services", "autossh", "sessions", "*", "monitoringPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.autossh.sessions.*.name": {"declarations": ["nixos/modules/services/networking/autossh.nix"], "description": "Name of the local AutoSSH session", "example": {"_type": "literalExpression", "text": "\"socks-peer\""}, "loc": ["services", "autossh", "sessions", "*", "name"], "readOnly": false, "type": "string"}, "services.autossh.sessions.*.user": {"declarations": ["nixos/modules/services/networking/autossh.nix"], "description": "Name of the user the AutoSSH session should run as", "example": {"_type": "literalExpression", "text": "\"bill\""}, "loc": ["services", "autossh", "sessions", "*", "user"], "readOnly": false, "type": "string"}, "services.autosuspend.checks": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Checks for activity.  For more information, see:\n - <https://autosuspend.readthedocs.io/en/latest/configuration_file.html#activity-check-configuration>\n - <https://autosuspend.readthedocs.io/en/latest/available_checks.html>\n", "example": {"_type": "literalExpression", "text": "{\n  # Basic activity check configuration.\n  # The check class name is derived from the section header (Ping in this case).\n  # Remember to enable desired checks. They are disabled by default.\n  Ping = {\n    hosts = \"192.168.0.7\";\n  };\n\n  # This check is disabled.\n  Smb.enabled = false;\n\n  # Example for a custom check name.\n  # This will use the Users check with the custom name RemoteUsers.\n  # Custom names are necessary in case a check class is used multiple times.\n  # Custom names can also be used for clarification.\n  RemoteUsers = {\n    class = \"Users\";\n    name = \".*\";\n    terminal = \".*\";\n    host = \"[0-9].*\";\n  };\n\n  # Here the Users activity check is used again with different settings and a different name\n  LocalUsers = {\n    class = \"Users\";\n    name = \".*\";\n    terminal = \".*\";\n    host = \"localhost\";\n  };\n}\n"}, "loc": ["services", "autosuspend", "checks"], "readOnly": false, "type": "attribute set of (open submodule of section of an INI file (attrs of INI atom (null, bool, int, float or string)))"}, "services.autosuspend.checks.<name>.class": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the class implementing the check.  If this option is not specified, the check's\nname must represent a valid internal check class.\n", "loc": ["services", "autosuspend", "checks", "<name>", "class"], "readOnly": false, "type": "null or one of \"ActiveCalendarEvent\", \"ActiveConnection\", \"ExternalCommand\", \"JsonPath\", \"Kodi\", \"KodiIdleTime\", \"LastLogActivity\", \"Load\", \"LogindSessionsIdle\", \"Mpd\", \"NetworkBandwidth\", \"Ping\", \"Processes\", \"Smb\", \"Users\", \"XIdleTime\", \"XPath\""}, "services.autosuspend.checks.<name>.enabled": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this activity check.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "autosuspend", "checks", "<name>", "enabled"], "readOnly": false, "type": "boolean"}, "services.autosuspend.enable": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the autosuspend daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "autosuspend", "enable"], "readOnly": false, "type": "boolean"}, "services.autosuspend.package": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "pkgs.autosuspend"}, "description": "The autosuspend package to use.", "loc": ["services", "autosuspend", "package"], "readOnly": false, "type": "package"}, "services.autosuspend.settings": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for autosuspend, see\n<https://autosuspend.readthedocs.io/en/latest/configuration_file.html#general-configuration>\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  enable = true;\n  interval = 30;\n  idle_time = 120;\n}\n"}, "loc": ["services", "autosuspend", "settings"], "readOnly": false, "type": "open submodule of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.autosuspend.settings.suspend_cmd": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "\"systemctl suspend\""}, "description": "The command to execute in case the host shall be suspended. This line can contain\nadditional command line arguments to the command to execute.\n", "loc": ["services", "autosuspend", "settings", "suspend_cmd"], "readOnly": false, "type": "string"}, "services.autosuspend.settings.wakeup_cmd": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "\"sh -c 'echo 0 > /sys/class/rtc/rtc0/wakealarm && echo {timestamp:.0f} > /sys/class/rtc/rtc0/wakealarm' \""}, "description": "The command to execute for scheduling a wake up of the system. The given string is\nprocessed using Python\u2019s `str.format()` and a format argument called `timestamp`\nencodes the UTC timestamp of the planned wake up time (float). Additionally `iso`\ncan be used to acquire the timestamp in ISO 8601 format.\n", "loc": ["services", "autosuspend", "settings", "wakeup_cmd"], "readOnly": false, "type": "string"}, "services.autosuspend.wakeups": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Checks for wake up.  For more information, see:\n - <https://autosuspend.readthedocs.io/en/latest/configuration_file.html#wake-up-check-configuration>\n - <https://autosuspend.readthedocs.io/en/latest/available_wakeups.html>\n", "example": {"_type": "literalExpression", "text": "{\n  # Wake up checks reuse the same configuration mechanism as activity checks.\n  Calendar = {\n    url = \"http://example.org/test.ics\";\n  };\n}\n"}, "loc": ["services", "autosuspend", "wakeups"], "readOnly": false, "type": "attribute set of (open submodule of section of an INI file (attrs of INI atom (null, bool, int, float or string)))"}, "services.autosuspend.wakeups.<name>.class": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the class implementing the check.  If this option is not specified, the check's\nname must represent a valid internal check class.\n", "loc": ["services", "autosuspend", "wakeups", "<name>", "class"], "readOnly": false, "type": "null or one of \"Calendar\", \"Command\", \"File\", \"Periodic\", \"SystemdTimer\", \"XPath\", \"XPathDelta\""}, "services.autosuspend.wakeups.<name>.enabled": {"declarations": ["nixos/modules/services/misc/autosuspend.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this wake-up check.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "autosuspend", "wakeups", "<name>", "enabled"], "readOnly": false, "type": "boolean"}, "services.autotierfs.enable": {"declarations": ["nixos/modules/services/autotierfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the autotier passthrough tiering filesystem.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "autotierfs", "enable"], "readOnly": false, "type": "boolean"}, "services.autotierfs.package": {"declarations": ["nixos/modules/services/autotierfs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.autotier"}, "description": "The autotier package to use.", "loc": ["services", "autotierfs", "package"], "readOnly": false, "type": "package"}, "services.autotierfs.settings": {"declarations": ["nixos/modules/services/autotierfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The contents of the configuration file for autotier.\nSee the [autotier repo](https://github.com/45Drives/autotier#configuration) for supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/mnt/autotier\" = {\n    Global = {\n      \"Log Level\" = 1;\n      \"Tier Period\" = 1000;\n      \"Copy Buffer Size\" = \"1 MiB\";\n    };\n    \"Tier 1\" = {\n      Path = \"/mnt/tier1\";\n      Quota = \"30GiB\";\n    };\n    \"Tier 2\" = {\n      Path = \"/mnt/tier2\";\n      Quota = \"200GiB\";\n    };\n  };\n}\n"}, "loc": ["services", "autotierfs", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.avahi.allowInterfaces": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of network interfaces that should be used by the {command}`avahi-daemon`.\nOther interfaces will be ignored. If `null`, all local interfaces\nexcept loopback and point-to-point will be used.\n", "loc": ["services", "avahi", "allowInterfaces"], "readOnly": false, "type": "null or (list of string)"}, "services.avahi.allowPointToPoint": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large\nlatencies with such links and opens a potential security hole by allowing mDNS access from Internet\nconnections.\n", "loc": ["services", "avahi", "allowPointToPoint"], "readOnly": false, "type": "boolean"}, "services.avahi.browseDomains": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of non-local DNS domains to be browsed.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0pointer.de\"\n  \"zeroconf.org\"\n]"}, "loc": ["services", "avahi", "browseDomains"], "readOnly": false, "type": "list of string"}, "services.avahi.cacheEntriesMax": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of resource records to be cached per interface. Use 0 to\ndisable caching. Avahi daemon defaults to 4096 if not set.\n", "loc": ["services", "avahi", "cacheEntriesMax"], "readOnly": false, "type": "null or signed integer"}, "services.avahi.debug": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "avahi", "debug"], "readOnly": false, "type": "boolean"}, "services.avahi.denyInterfaces": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of network interfaces that should be ignored by the\n{command}`avahi-daemon`. Other unspecified interfaces will be used,\nunless {option}`allowInterfaces` is set. This option takes precedence\nover {option}`allowInterfaces`.\n", "loc": ["services", "avahi", "denyInterfaces"], "readOnly": false, "type": "null or (list of string)"}, "services.avahi.domainName": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "Domain name for all advertisements.\n", "loc": ["services", "avahi", "domainName"], "readOnly": false, "type": "string"}, "services.avahi.enable": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the Avahi daemon, which allows Avahi clients\nto use Avahi's service discovery facilities and also allows\nthe local machine to advertise its presence and services\n(through the mDNS responder implemented by `avahi-daemon`).\n", "loc": ["services", "avahi", "enable"], "readOnly": false, "type": "boolean"}, "services.avahi.extraConfig": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config to append to avahi-daemon.conf.\n", "loc": ["services", "avahi", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.avahi.extraServiceFiles": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify custom service definitions which are placed in the avahi service directory.\nSee the {manpage}`avahi.service(5)` manpage for detailed information.\n", "example": {"_type": "literalExpression", "text": "{\n  ssh = \"${pkgs.avahi}/etc/avahi/services/ssh.service\";\n  smb = ''\n    <?xml version=\"1.0\" standalone='no'?><!--*-nxml-*-->\n    <!DOCTYPE service-group SYSTEM \"avahi-service.dtd\">\n    <service-group>\n      <name replace-wildcards=\"yes\">%h</name>\n      <service>\n        <type>_smb._tcp</type>\n        <port>445</port>\n      </service>\n    </service-group>\n  '';\n}\n"}, "loc": ["services", "avahi", "extraServiceFiles"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.avahi.hostName": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Host name advertised on the LAN. If not set, avahi will use the value\nof {option}`config.networking.hostName`.\n", "loc": ["services", "avahi", "hostName"], "readOnly": false, "type": "string"}, "services.avahi.ipv4": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use IPv4.", "loc": ["services", "avahi", "ipv4"], "readOnly": false, "type": "boolean"}, "services.avahi.ipv6": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "config.networking.enableIPv6"}, "description": "Whether to use IPv6.", "loc": ["services", "avahi", "ipv6"], "readOnly": false, "type": "boolean"}, "services.avahi.nssmdns4": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4.\nEnabling it allows applications to resolve names in the `.local`\ndomain by transparently querying the Avahi daemon.\n", "loc": ["services", "avahi", "nssmdns4"], "readOnly": false, "type": "boolean"}, "services.avahi.nssmdns6": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6.\nEnabling it allows applications to resolve names in the `.local`\ndomain by transparently querying the Avahi daemon.\n\n::: {.note}\nDue to the fact that most mDNS responders only register local IPv4 addresses,\nmost user want to leave this option disabled to avoid long timeouts when applications first resolve the none existing IPv6 address.\n:::\n", "loc": ["services", "avahi", "nssmdns6"], "readOnly": false, "type": "boolean"}, "services.avahi.openFirewall": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to open the firewall for UDP port 5353.\nDisabling this setting also disables discovering of network devices.\n", "loc": ["services", "avahi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.avahi.package": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.avahi"}, "description": "The avahi package to use.", "loc": ["services", "avahi", "package"], "readOnly": false, "type": "package"}, "services.avahi.publish.addresses": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to register mDNS address records for all local IP addresses.", "loc": ["services", "avahi", "publish", "addresses"], "readOnly": false, "type": "boolean"}, "services.avahi.publish.domain": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to announce the locally used domain name for browsing by other hosts.", "loc": ["services", "avahi", "publish", "domain"], "readOnly": false, "type": "boolean"}, "services.avahi.publish.enable": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow publishing in general.", "loc": ["services", "avahi", "publish", "enable"], "readOnly": false, "type": "boolean"}, "services.avahi.publish.hinfo": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to register a mDNS HINFO record which contains information about the\nlocal operating system and CPU.\n", "loc": ["services", "avahi", "publish", "hinfo"], "readOnly": false, "type": "boolean"}, "services.avahi.publish.userServices": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to publish user services. Will set `addresses=true`.", "loc": ["services", "avahi", "publish", "userServices"], "readOnly": false, "type": "boolean"}, "services.avahi.publish.workstation": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to register a service of type \"_workstation._tcp\" on the local LAN.\n", "loc": ["services", "avahi", "publish", "workstation"], "readOnly": false, "type": "boolean"}, "services.avahi.reflector": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reflect incoming mDNS requests to all allowed network interfaces.", "loc": ["services", "avahi", "reflector"], "readOnly": false, "type": "boolean"}, "services.avahi.wideArea": {"declarations": ["nixos/modules/services/networking/avahi-daemon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable wide-area service discovery.", "loc": ["services", "avahi", "wideArea"], "readOnly": false, "type": "boolean"}, "services.awstats.configs": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of domains to collect stats for.", "example": {"_type": "literalExpression", "text": "{\n  \"mysite\" = {\n    domain = \"example.com\";\n    logFile = \"/var/log/nginx/access.log\";\n  };\n}\n"}, "loc": ["services", "awstats", "configs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.awstats.configs.<name>.domain": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The domain name to collect stats for.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "awstats", "configs", "<name>", "domain"], "readOnly": false, "type": "string"}, "services.awstats.configs.<name>.extraConfig": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to be appended to awstats.${name}.conf.", "example": {"_type": "literalExpression", "text": "{\n  \"ValidHTTPCodes\" = \"404\";\n}\n"}, "loc": ["services", "awstats", "configs", "<name>", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.awstats.configs.<name>.hostAliases": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of aliases the site has.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n]"}, "loc": ["services", "awstats", "configs", "<name>", "hostAliases"], "readOnly": false, "type": "list of string"}, "services.awstats.configs.<name>.logFile": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "description": "The log file to be scanned.\n\nFor mail, set this to\n```\njournalctl $OLD_CURSOR -u postfix.service | ${pkgs.perl}/bin/perl ${pkgs.awstats.out}/share/awstats/tools/maillogconvert.pl standard |\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/log/nginx/access.log\""}, "loc": ["services", "awstats", "configs", "<name>", "logFile"], "readOnly": false, "type": "string"}, "services.awstats.configs.<name>.logFormat": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "\"1\""}, "description": "The log format being used.\n\nFor mail, set this to\n```\n%time2 %email %email_r %host %host_r %method %url %code %bytesd\n```\n", "loc": ["services", "awstats", "configs", "<name>", "logFormat"], "readOnly": false, "type": "string"}, "services.awstats.configs.<name>.type": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "\"web\""}, "description": "The type of log being collected.\n", "example": {"_type": "literalExpression", "text": "\"mail\""}, "loc": ["services", "awstats", "configs", "<name>", "type"], "readOnly": false, "type": "one of \"mail\", \"web\""}, "services.awstats.configs.<name>.webService.enable": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable awstats web service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "awstats", "configs", "<name>", "webService", "enable"], "readOnly": false, "type": "boolean"}, "services.awstats.configs.<name>.webService.hostname": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The hostname the web service appears under.", "loc": ["services", "awstats", "configs", "<name>", "webService", "hostname"], "readOnly": false, "type": "string"}, "services.awstats.configs.<name>.webService.urlPrefix": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "\"/awstats\""}, "description": "The URL prefix under which the awstats pages appear.", "loc": ["services", "awstats", "configs", "<name>", "webService", "urlPrefix"], "readOnly": false, "type": "string"}, "services.awstats.dataDir": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/awstats\""}, "description": "The directory where awstats data will be stored.", "loc": ["services", "awstats", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.awstats.enable": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable awstats, a real-time logfile analyzer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "awstats", "enable"], "readOnly": false, "type": "boolean"}, "services.awstats.updateAt": {"declarations": ["nixos/modules/services/logging/awstats.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specification of the time at which awstats will get updated.\n(in the format described by {manpage}`systemd.time(7)`)\n", "example": {"_type": "literalExpression", "text": "\"hourly\""}, "loc": ["services", "awstats", "updateAt"], "readOnly": false, "type": "null or string"}, "services.ax25.axlisten.config": {"declarations": ["nixos/modules/services/networking/ax25/axlisten.nix"], "default": {"_type": "literalExpression", "text": "\"-art\""}, "description": "Options that will be passed to the axlisten daemon.\n", "loc": ["services", "ax25", "axlisten", "config"], "readOnly": false, "type": "string"}, "services.ax25.axlisten.enable": {"declarations": ["nixos/modules/services/networking/ax25/axlisten.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable AX.25 axlisten daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ax25", "axlisten", "enable"], "readOnly": false, "type": "boolean"}, "services.ax25.axlisten.package": {"declarations": ["nixos/modules/services/networking/ax25/axlisten.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ax25-apps"}, "description": "The ax25-apps package to use.", "loc": ["services", "ax25", "axlisten", "package"], "readOnly": false, "type": "package"}, "services.ax25.axports": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more AX.25 ports.", "loc": ["services", "ax25", "axports"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.ax25.axports.<name>.baud": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "description": "The serial port speed of this interface.\n", "example": {"_type": "literalExpression", "text": "57600"}, "loc": ["services", "ax25", "axports", "<name>", "baud"], "readOnly": false, "type": "signed integer"}, "services.ax25.axports.<name>.callsign": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "description": "The callsign of the physical interface to bind to.\n", "example": {"_type": "literalExpression", "text": "\"WB6WLV-7\""}, "loc": ["services", "ax25", "axports", "<name>", "callsign"], "readOnly": false, "type": "string"}, "services.ax25.axports.<name>.description": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "\"NixOS managed tnc\""}, "description": "Free format description of this interface.\n", "loc": ["services", "ax25", "axports", "<name>", "description"], "readOnly": false, "type": "string"}, "services.ax25.axports.<name>.enable": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enables the axport interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ax25", "axports", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.ax25.axports.<name>.kissParams": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kissattach parameters for this interface.\n", "example": {"_type": "literalExpression", "text": "\"-t 300 -l 10 -s 12 -r 80 -f n\""}, "loc": ["services", "ax25", "axports", "<name>", "kissParams"], "readOnly": false, "type": "null or string"}, "services.ax25.axports.<name>.package": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ax25-tools"}, "description": "The ax25-tools package to use.", "loc": ["services", "ax25", "axports", "<name>", "package"], "readOnly": false, "type": "package"}, "services.ax25.axports.<name>.paclen": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "255"}, "description": "Default maximum packet size for this interface.\n", "loc": ["services", "ax25", "axports", "<name>", "paclen"], "readOnly": false, "type": "signed integer"}, "services.ax25.axports.<name>.tty": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "description": "Location of hardware kiss tnc for this interface.\n", "example": {"_type": "literalExpression", "text": "\"/dev/ttyACM0\""}, "loc": ["services", "ax25", "axports", "<name>", "tty"], "readOnly": false, "type": "string"}, "services.ax25.axports.<name>.window": {"declarations": ["nixos/modules/services/networking/ax25/axports.nix"], "default": {"_type": "literalExpression", "text": "7"}, "description": "Default window size for this interface.\n", "loc": ["services", "ax25", "axports", "<name>", "window"], "readOnly": false, "type": "signed integer"}, "services.ayatana-indicators.enable": {"declarations": ["nixos/modules/services/desktops/ayatana-indicators.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ayatana Indicators, a continuation of Canonical's Application Indicators\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ayatana-indicators", "enable"], "readOnly": false, "type": "boolean"}, "services.ayatana-indicators.packages": {"declarations": ["nixos/modules/services/desktops/ayatana-indicators.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages containing Ayatana Indicator services\nthat should be brought up by a SystemD \"ayatana-indicators\" user target.\n\nPackages specified here must have passthru.ayatana-indicators set correctly.\n\nIf, how, and where these indicators are displayed will depend on your DE.\nWhich target they will be brought up by depends on the packages' passthru.ayatana-indicators.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ ayatana-indicator-messages ]"}, "loc": ["services", "ayatana-indicators", "packages"], "readOnly": false, "type": "list of package"}, "services.babeld.enable": {"declarations": ["nixos/modules/services/networking/babeld.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the babeld network routing daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "babeld", "enable"], "readOnly": false, "type": "boolean"}, "services.babeld.extraConfig": {"declarations": ["nixos/modules/services/networking/babeld.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options that will be copied to babeld.conf.\nSee {manpage}`babeld(8)` for details.\n", "loc": ["services", "babeld", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.babeld.interfaceDefaults": {"declarations": ["nixos/modules/services/networking/babeld.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A set describing default parameters for babeld interfaces.\nSee {manpage}`babeld(8)` for options.\n", "example": {"_type": "literalExpression", "text": "{\n  split-horizon = true;\n  type = \"tunnel\";\n}"}, "loc": ["services", "babeld", "interfaceDefaults"], "readOnly": false, "type": "null or (attribute set of unspecified value)"}, "services.babeld.interfaces": {"declarations": ["nixos/modules/services/networking/babeld.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set describing babeld interfaces.\nSee {manpage}`babeld(8)` for options.\n", "example": {"_type": "literalExpression", "text": "{\n  enp0s2 = {\n    hello-interval = 5;\n    split-horizon = \"auto\";\n    type = \"wired\";\n  };\n}"}, "loc": ["services", "babeld", "interfaces"], "readOnly": false, "type": "attribute set of attribute set of unspecified value"}, "services.bacula-dir.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bacula Director Daemon.\n", "loc": ["services", "bacula-dir", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-dir.extraConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for Bacula Director Daemon.\n", "example": {"_type": "literalExpression", "text": "''\n  TODO\n''"}, "loc": ["services", "bacula-dir", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-dir.extraDirectorConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Director directive.\n", "example": {"_type": "literalExpression", "text": "''\n  Maximum Concurrent Jobs = 20;\n  Heartbeat Interval = 30;\n''"}, "loc": ["services", "bacula-dir", "extraDirectorConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-dir.extraMessagesConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Messages directive.\n", "example": {"_type": "literalExpression", "text": "''\n  console = all\n''"}, "loc": ["services", "bacula-dir", "extraMessagesConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-dir.name": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"${config.networking.hostName}-dir\""}, "description": "The director name used by the system administrator. This directive is\nrequired.\n", "loc": ["services", "bacula-dir", "name"], "readOnly": false, "type": "string"}, "services.bacula-dir.password": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "Specifies the password that must be supplied for a Director.\n", "loc": ["services", "bacula-dir", "password"], "readOnly": false, "type": "string"}, "services.bacula-dir.port": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "9101"}, "description": "Specify the port (a positive integer) on which the Director daemon\nwill listen for Bacula Console connections. This same port number\nmust be specified in the Director resource of the Console\nconfiguration file. The default is 9101, so normally this directive\nneed not be specified. This directive should not be used if you\nspecify DirAddresses (N.B plural) directive.\n", "loc": ["services", "bacula-dir", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bacula-dir.tls": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "TLS Options for the Director.\nImportant notice: The backup won't be encrypted.\n", "loc": ["services", "bacula-dir", "tls"], "readOnly": false, "type": "submodule"}, "services.bacula-dir.tls.allowedCN": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Common name attribute of allowed peer certificates.\nThis directive is valid for a server and in a client context.\nIf this directive is specified, the peer certificate will be verified against this list.\nIn the case this directive is configured on a server side, the allowed\nCN list will not be checked if [services.bacula-dir.tls.verifyPeer](#opt-services.bacula-dir.tls.verifyPeer) is false.\n", "loc": ["services", "bacula-dir", "tls", "allowedCN"], "readOnly": false, "type": "list of string"}, "services.bacula-dir.tls.caCertificateFile": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path specifying a PEM encoded TLS CA certificate(s).\nMultiple certificates are permitted in the file.\nOne of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless\n[services.bacula-dir.tls.verifyPeer](#opt-services.bacula-dir.tls.verifyPeer) is false, and are always required in a client context.\n", "loc": ["services", "bacula-dir", "tls", "caCertificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-dir.tls.certificate": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to the PEM encoded TLS certificate.\nIt will be used as either a client or server certificate,\ndepending on the connection direction.\nThis directive is required in a server context, but it may\nnot be specified in a client context if [services.bacula-dir.tls.verifyPeer](#opt-services.bacula-dir.tls.verifyPeer) is\n`false` in the corresponding server context.\n", "loc": ["services", "bacula-dir", "tls", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-dir.tls.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies if TLS should be enabled.\nIf this set to `false` TLS will be completely disabled, even if [services.bacula-dir.tls.require](#opt-services.bacula-dir.tls.require) is true.\n", "loc": ["services", "bacula-dir", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-dir.tls.key": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The path of a PEM encoded TLS private key.\nIt must correspond to the TLS certificate.\n", "loc": ["services", "bacula-dir", "tls", "key"], "readOnly": false, "type": "absolute path"}, "services.bacula-dir.tls.require": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Require TLS or TLS-PSK encryption.\nThis directive is ignored unless one of [services.bacula-dir.tls.enable](#opt-services.bacula-dir.tls.enable) is true or TLS PSK Enable is set to `yes`.\nIf TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component\nwill connect with other components either with or without TLS or TLS-PSK\n\nIf [services.bacula-dir.tls.enable](#opt-services.bacula-dir.tls.enable) or TLS-PSK is enabled and TLS is required, then the Bacula\ncomponent will refuse any connection request that does not use TLS.\n", "loc": ["services", "bacula-dir", "tls", "require"], "readOnly": false, "type": "null or boolean"}, "services.bacula-dir.tls.verifyPeer": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verify peer certificate.\nInstructs server to request and verify the client's X.509 certificate.\nAny client certificate signed by a known-CA will be accepted.\nAdditionally, the client's X509 certificate Common Name must meet the value of the Address directive.\nIf [services.bacula-dir.tls.allowedCN](#opt-services.bacula-dir.tls.allowedCN) is used,\nthe client's x509 certificate Common Name must also correspond to\none of the CN specified in the [services.bacula-dir.tls.allowedCN](#opt-services.bacula-dir.tls.allowedCN) directive.\nThis directive is valid only for a server and not in client context.\n\nStandard from Bacula is `true`.\n", "loc": ["services", "bacula-dir", "tls", "verifyPeer"], "readOnly": false, "type": "null or boolean"}, "services.bacula-fd.director": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines director resources in Bacula File Daemon.\n", "loc": ["services", "bacula-fd", "director"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bacula-fd.director.<name>.monitor": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "If Monitor is set to `no`, this director will have\nfull access to this Storage daemon. If Monitor is set to\n`yes`, this director will only be able to fetch the\ncurrent status of this Storage daemon.\n\nPlease note that if this director is being used by a Monitor, we\nhighly recommend to set this directive to yes to avoid serious\nsecurity problems.\n", "example": {"_type": "literalExpression", "text": "\"yes\""}, "loc": ["services", "bacula-fd", "director", "<name>", "monitor"], "readOnly": false, "type": "one of \"no\", \"yes\""}, "services.bacula-fd.director.<name>.password": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "Specifies the password that must be supplied for the default Bacula\nConsole to be authorized. The same password must appear in the\nDirector resource of the Console configuration file. For added\nsecurity, the password is never passed across the network but instead\na challenge response hash code created with the password. This\ndirective is required. If you have either /dev/random or bc on your\nmachine, Bacula will generate a random password during the\nconfiguration process, otherwise it will be left blank and you must\nmanually supply it.\n\nThe password is plain text. It is not generated through any special\nprocess but as noted above, it is better to use random text for\nsecurity reasons.\n", "loc": ["services", "bacula-fd", "director", "<name>", "password"], "readOnly": false, "type": "string"}, "services.bacula-fd.director.<name>.tls": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "TLS Options for the Director in this Configuration.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls"], "readOnly": false, "type": "submodule"}, "services.bacula-fd.director.<name>.tls.allowedCN": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Common name attribute of allowed peer certificates.\nThis directive is valid for a server and in a client context.\nIf this directive is specified, the peer certificate will be verified against this list.\nIn the case this directive is configured on a server side, the allowed\nCN list will not be checked if [services.bacula-fd.director.<name>.tls.verifyPeer](#opt-services.bacula-fd.director._name_.tls.verifyPeer) is false.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "allowedCN"], "readOnly": false, "type": "list of string"}, "services.bacula-fd.director.<name>.tls.caCertificateFile": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path specifying a PEM encoded TLS CA certificate(s).\nMultiple certificates are permitted in the file.\nOne of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless\n[services.bacula-fd.director.<name>.tls.verifyPeer](#opt-services.bacula-fd.director._name_.tls.verifyPeer) is false, and are always required in a client context.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "caCertificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-fd.director.<name>.tls.certificate": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to the PEM encoded TLS certificate.\nIt will be used as either a client or server certificate,\ndepending on the connection direction.\nThis directive is required in a server context, but it may\nnot be specified in a client context if [services.bacula-fd.director.<name>.tls.verifyPeer](#opt-services.bacula-fd.director._name_.tls.verifyPeer) is\n`false` in the corresponding server context.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-fd.director.<name>.tls.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies if TLS should be enabled.\nIf this set to `false` TLS will be completely disabled, even if [services.bacula-fd.director.<name>.tls.require](#opt-services.bacula-fd.director._name_.tls.require) is true.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-fd.director.<name>.tls.key": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The path of a PEM encoded TLS private key.\nIt must correspond to the TLS certificate.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "key"], "readOnly": false, "type": "absolute path"}, "services.bacula-fd.director.<name>.tls.require": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Require TLS or TLS-PSK encryption.\nThis directive is ignored unless one of [services.bacula-fd.director.<name>.tls.enable](#opt-services.bacula-fd.director._name_.tls.enable) is true or TLS PSK Enable is set to `yes`.\nIf TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component\nwill connect with other components either with or without TLS or TLS-PSK\n\nIf [services.bacula-fd.director.<name>.tls.enable](#opt-services.bacula-fd.director._name_.tls.enable) or TLS-PSK is enabled and TLS is required, then the Bacula\ncomponent will refuse any connection request that does not use TLS.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "require"], "readOnly": false, "type": "null or boolean"}, "services.bacula-fd.director.<name>.tls.verifyPeer": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verify peer certificate.\nInstructs server to request and verify the client's X.509 certificate.\nAny client certificate signed by a known-CA will be accepted.\nAdditionally, the client's X509 certificate Common Name must meet the value of the Address directive.\nIf [services.bacula-fd.director.<name>.tls.allowedCN](#opt-services.bacula-fd.director._name_.tls.allowedCN) is used,\nthe client's x509 certificate Common Name must also correspond to\none of the CN specified in the [services.bacula-fd.director.<name>.tls.allowedCN](#opt-services.bacula-fd.director._name_.tls.allowedCN) directive.\nThis directive is valid only for a server and not in client context.\n\nStandard from Bacula is `true`.\n", "loc": ["services", "bacula-fd", "director", "<name>", "tls", "verifyPeer"], "readOnly": false, "type": "null or boolean"}, "services.bacula-fd.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Bacula File Daemon.\n", "loc": ["services", "bacula-fd", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-fd.extraClientConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Client directive.\n", "example": {"_type": "literalExpression", "text": "''\n  Maximum Concurrent Jobs = 20;\n  Heartbeat Interval = 30;\n''"}, "loc": ["services", "bacula-fd", "extraClientConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-fd.extraMessagesConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Messages directive.\n", "example": {"_type": "literalExpression", "text": "''\n  console = all\n''"}, "loc": ["services", "bacula-fd", "extraMessagesConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-fd.name": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"${config.networking.hostName}-fd\""}, "description": "The client name that must be used by the Director when connecting.\nGenerally, it is a good idea to use a name related to the machine so\nthat error messages can be easily identified if you have multiple\nClients. This directive is required.\n", "loc": ["services", "bacula-fd", "name"], "readOnly": false, "type": "string"}, "services.bacula-fd.port": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "9102"}, "description": "This specifies the port number on which the Client listens for\nDirector connections. It must agree with the FDPort specified in\nthe Client resource of the Director's configuration file.\n", "loc": ["services", "bacula-fd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bacula-fd.tls": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "TLS Options for the File Daemon.\nImportant notice: The backup won't be encrypted.\n", "loc": ["services", "bacula-fd", "tls"], "readOnly": false, "type": "submodule"}, "services.bacula-fd.tls.allowedCN": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Common name attribute of allowed peer certificates.\nThis directive is valid for a server and in a client context.\nIf this directive is specified, the peer certificate will be verified against this list.\nIn the case this directive is configured on a server side, the allowed\nCN list will not be checked if [services.bacula-fd.tls.verifyPeer](#opt-services.bacula-fd.tls.verifyPeer) is false.\n", "loc": ["services", "bacula-fd", "tls", "allowedCN"], "readOnly": false, "type": "list of string"}, "services.bacula-fd.tls.caCertificateFile": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path specifying a PEM encoded TLS CA certificate(s).\nMultiple certificates are permitted in the file.\nOne of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless\n[services.bacula-fd.tls.verifyPeer](#opt-services.bacula-fd.tls.verifyPeer) is false, and are always required in a client context.\n", "loc": ["services", "bacula-fd", "tls", "caCertificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-fd.tls.certificate": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to the PEM encoded TLS certificate.\nIt will be used as either a client or server certificate,\ndepending on the connection direction.\nThis directive is required in a server context, but it may\nnot be specified in a client context if [services.bacula-fd.tls.verifyPeer](#opt-services.bacula-fd.tls.verifyPeer) is\n`false` in the corresponding server context.\n", "loc": ["services", "bacula-fd", "tls", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-fd.tls.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies if TLS should be enabled.\nIf this set to `false` TLS will be completely disabled, even if [services.bacula-fd.tls.require](#opt-services.bacula-fd.tls.require) is true.\n", "loc": ["services", "bacula-fd", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-fd.tls.key": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The path of a PEM encoded TLS private key.\nIt must correspond to the TLS certificate.\n", "loc": ["services", "bacula-fd", "tls", "key"], "readOnly": false, "type": "absolute path"}, "services.bacula-fd.tls.require": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Require TLS or TLS-PSK encryption.\nThis directive is ignored unless one of [services.bacula-fd.tls.enable](#opt-services.bacula-fd.tls.enable) is true or TLS PSK Enable is set to `yes`.\nIf TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component\nwill connect with other components either with or without TLS or TLS-PSK\n\nIf [services.bacula-fd.tls.enable](#opt-services.bacula-fd.tls.enable) or TLS-PSK is enabled and TLS is required, then the Bacula\ncomponent will refuse any connection request that does not use TLS.\n", "loc": ["services", "bacula-fd", "tls", "require"], "readOnly": false, "type": "null or boolean"}, "services.bacula-fd.tls.verifyPeer": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verify peer certificate.\nInstructs server to request and verify the client's X.509 certificate.\nAny client certificate signed by a known-CA will be accepted.\nAdditionally, the client's X509 certificate Common Name must meet the value of the Address directive.\nIf [services.bacula-fd.tls.allowedCN](#opt-services.bacula-fd.tls.allowedCN) is used,\nthe client's x509 certificate Common Name must also correspond to\none of the CN specified in the [services.bacula-fd.tls.allowedCN](#opt-services.bacula-fd.tls.allowedCN) directive.\nThis directive is valid only for a server and not in client context.\n\nStandard from Bacula is `true`.\n", "loc": ["services", "bacula-fd", "tls", "verifyPeer"], "readOnly": false, "type": "null or boolean"}, "services.bacula-sd.autochanger": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines Autochanger resources in Bacula Storage Daemon.\n", "loc": ["services", "bacula-sd", "autochanger"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bacula-sd.autochanger.<name>.changerCommand": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/bacula/mtx-changer %c %o %S %a %d\""}, "description": "The name-string specifies an external program to be called that will\nautomatically change volumes as required by Bacula. Normally, this\ndirective will be specified only in the AutoChanger resource, which\nis then used for all devices. However, you may also specify the\ndifferent Changer Command in each Device resource. Most frequently,\nyou will specify the Bacula supplied mtx-changer script as follows:\n\n`\"/path/mtx-changer %c %o %S %a %d\"`\n\nand you will install the mtx on your system (found in the depkgs\nrelease). An example of this command is in the default bacula-sd.conf\nfile. For more details on the substitution characters that may be\nspecified to configure your autochanger please see the\nAutochangersAutochangersChapter chapter of this manual. For FreeBSD\nusers, you might want to see one of the several chio scripts in\nexamples/autochangers.\n", "loc": ["services", "bacula-sd", "autochanger", "<name>", "changerCommand"], "readOnly": false, "type": "string"}, "services.bacula-sd.autochanger.<name>.changerDevice": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The specified name-string must be the generic SCSI device name of the\nautochanger that corresponds to the normal read/write Archive Device\nspecified in the Device resource. This generic SCSI device name\nshould be specified if you have an autochanger or if you have a\nstandard tape drive and want to use the Alert Command (see below).\nFor example, on Linux systems, for an Archive Device name of\n`/dev/nst0`, you would specify\n`/dev/sg0` for the Changer Device name.  Depending\non your exact configuration, and the number of autochangers or the\ntype of autochanger, what you specify here can vary. This directive\nis optional. See the Using AutochangersAutochangersChapter chapter of\nthis manual for more details of using this and the following\nautochanger directives.\n", "loc": ["services", "bacula-sd", "autochanger", "<name>", "changerDevice"], "readOnly": false, "type": "string"}, "services.bacula-sd.autochanger.<name>.devices": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "", "loc": ["services", "bacula-sd", "autochanger", "<name>", "devices"], "readOnly": false, "type": "list of string"}, "services.bacula-sd.autochanger.<name>.extraAutochangerConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Autochanger directive.\n", "example": {"_type": "literalExpression", "text": "''\n  \n''"}, "loc": ["services", "bacula-sd", "autochanger", "<name>", "extraAutochangerConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-sd.device": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines Device resources in Bacula Storage Daemon.\n", "loc": ["services", "bacula-sd", "device"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bacula-sd.device.<name>.archiveDevice": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The specified name-string gives the system file name of the storage\ndevice managed by this storage daemon. This will usually be the\ndevice file name of a removable storage device (tape drive), for\nexample `/dev/nst0` or\n`/dev/rmt/0mbn`. For a DVD-writer, it will be for\nexample `/dev/hdc`. It may also be a directory name\nif you are archiving to disk storage. In this case, you must supply\nthe full absolute path to the directory. When specifying a tape\ndevice, it is preferable that the \"non-rewind\" variant of the device\nfile name be given.\n", "loc": ["services", "bacula-sd", "device", "<name>", "archiveDevice"], "readOnly": false, "type": "string"}, "services.bacula-sd.device.<name>.extraDeviceConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Device directive.\n", "example": {"_type": "literalExpression", "text": "''\n  LabelMedia = yes\n  Random Access = no\n  AutomaticMount = no\n  RemovableMedia = no\n  MaximumOpenWait = 60\n  AlwaysOpen = no\n''"}, "loc": ["services", "bacula-sd", "device", "<name>", "extraDeviceConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-sd.device.<name>.mediaType": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The specified name-string names the type of media supported by this\ndevice, for example, `DLT7000`. Media type names are\narbitrary in that you set them to anything you want, but they must be\nknown to the volume database to keep track of which storage daemons\ncan read which volumes. In general, each different storage type\nshould have a unique Media Type associated with it. The same\nname-string must appear in the appropriate Storage resource\ndefinition in the Director's configuration file.\n\nEven though the names you assign are arbitrary (i.e. you choose the\nname you want), you should take care in specifying them because the\nMedia Type is used to determine which storage device Bacula will\nselect during restore. Thus you should probably use the same Media\nType specification for all drives where the Media can be freely\ninterchanged. This is not generally an issue if you have a single\nStorage daemon, but it is with multiple Storage daemons, especially\nif they have incompatible media.\n\nFor example, if you specify a Media Type of `DDS-4`\nthen during the restore, Bacula will be able to choose any Storage\nDaemon that handles `DDS-4`. If you have an\nautochanger, you might want to name the Media Type in a way that is\nunique to the autochanger, unless you wish to possibly use the\nVolumes in other drives. You should also ensure to have unique Media\nType names if the Media is not compatible between drives. This\nspecification is required for all devices.\n\nIn addition, if you are using disk storage, each Device resource will\ngenerally have a different mount point or directory. In order for\nBacula to select the correct Device resource, each one must have a\nunique Media Type.\n", "loc": ["services", "bacula-sd", "device", "<name>", "mediaType"], "readOnly": false, "type": "string"}, "services.bacula-sd.director": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines Director resources in Bacula Storage Daemon.\n", "loc": ["services", "bacula-sd", "director"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bacula-sd.director.<name>.monitor": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "If Monitor is set to `no`, this director will have\nfull access to this Storage daemon. If Monitor is set to\n`yes`, this director will only be able to fetch the\ncurrent status of this Storage daemon.\n\nPlease note that if this director is being used by a Monitor, we\nhighly recommend to set this directive to yes to avoid serious\nsecurity problems.\n", "example": {"_type": "literalExpression", "text": "\"yes\""}, "loc": ["services", "bacula-sd", "director", "<name>", "monitor"], "readOnly": false, "type": "one of \"no\", \"yes\""}, "services.bacula-sd.director.<name>.password": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "Specifies the password that must be supplied for the default Bacula\nConsole to be authorized. The same password must appear in the\nDirector resource of the Console configuration file. For added\nsecurity, the password is never passed across the network but instead\na challenge response hash code created with the password. This\ndirective is required. If you have either /dev/random or bc on your\nmachine, Bacula will generate a random password during the\nconfiguration process, otherwise it will be left blank and you must\nmanually supply it.\n\nThe password is plain text. It is not generated through any special\nprocess but as noted above, it is better to use random text for\nsecurity reasons.\n", "loc": ["services", "bacula-sd", "director", "<name>", "password"], "readOnly": false, "type": "string"}, "services.bacula-sd.director.<name>.tls": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "TLS Options for the Director in this Configuration.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls"], "readOnly": false, "type": "submodule"}, "services.bacula-sd.director.<name>.tls.allowedCN": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Common name attribute of allowed peer certificates.\nThis directive is valid for a server and in a client context.\nIf this directive is specified, the peer certificate will be verified against this list.\nIn the case this directive is configured on a server side, the allowed\nCN list will not be checked if [services.bacula-sd.director.<name>.tls.verifyPeer](#opt-services.bacula-sd.director._name_.tls.verifyPeer) is false.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "allowedCN"], "readOnly": false, "type": "list of string"}, "services.bacula-sd.director.<name>.tls.caCertificateFile": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path specifying a PEM encoded TLS CA certificate(s).\nMultiple certificates are permitted in the file.\nOne of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless\n[services.bacula-sd.director.<name>.tls.verifyPeer](#opt-services.bacula-sd.director._name_.tls.verifyPeer) is false, and are always required in a client context.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "caCertificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-sd.director.<name>.tls.certificate": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to the PEM encoded TLS certificate.\nIt will be used as either a client or server certificate,\ndepending on the connection direction.\nThis directive is required in a server context, but it may\nnot be specified in a client context if [services.bacula-sd.director.<name>.tls.verifyPeer](#opt-services.bacula-sd.director._name_.tls.verifyPeer) is\n`false` in the corresponding server context.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-sd.director.<name>.tls.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies if TLS should be enabled.\nIf this set to `false` TLS will be completely disabled, even if [services.bacula-sd.director.<name>.tls.require](#opt-services.bacula-sd.director._name_.tls.require) is true.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-sd.director.<name>.tls.key": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The path of a PEM encoded TLS private key.\nIt must correspond to the TLS certificate.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "key"], "readOnly": false, "type": "absolute path"}, "services.bacula-sd.director.<name>.tls.require": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Require TLS or TLS-PSK encryption.\nThis directive is ignored unless one of [services.bacula-sd.director.<name>.tls.enable](#opt-services.bacula-sd.director._name_.tls.enable) is true or TLS PSK Enable is set to `yes`.\nIf TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component\nwill connect with other components either with or without TLS or TLS-PSK\n\nIf [services.bacula-sd.director.<name>.tls.enable](#opt-services.bacula-sd.director._name_.tls.enable) or TLS-PSK is enabled and TLS is required, then the Bacula\ncomponent will refuse any connection request that does not use TLS.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "require"], "readOnly": false, "type": "null or boolean"}, "services.bacula-sd.director.<name>.tls.verifyPeer": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verify peer certificate.\nInstructs server to request and verify the client's X.509 certificate.\nAny client certificate signed by a known-CA will be accepted.\nAdditionally, the client's X509 certificate Common Name must meet the value of the Address directive.\nIf [services.bacula-sd.director.<name>.tls.allowedCN](#opt-services.bacula-sd.director._name_.tls.allowedCN) is used,\nthe client's x509 certificate Common Name must also correspond to\none of the CN specified in the [services.bacula-sd.director.<name>.tls.allowedCN](#opt-services.bacula-sd.director._name_.tls.allowedCN) directive.\nThis directive is valid only for a server and not in client context.\n\nStandard from Bacula is `true`.\n", "loc": ["services", "bacula-sd", "director", "<name>", "tls", "verifyPeer"], "readOnly": false, "type": "null or boolean"}, "services.bacula-sd.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bacula Storage Daemon.\n", "loc": ["services", "bacula-sd", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-sd.extraMessagesConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Messages directive.\n", "example": {"_type": "literalExpression", "text": "''\n  console = all\n''"}, "loc": ["services", "bacula-sd", "extraMessagesConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-sd.extraStorageConfig": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be passed in Storage directive.\n", "example": {"_type": "literalExpression", "text": "''\n  Maximum Concurrent Jobs = 20;\n  Heartbeat Interval = 30;\n''"}, "loc": ["services", "bacula-sd", "extraStorageConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bacula-sd.name": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "\"${config.networking.hostName}-sd\""}, "description": "Specifies the Name of the Storage daemon.\n", "loc": ["services", "bacula-sd", "name"], "readOnly": false, "type": "string"}, "services.bacula-sd.port": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "9103"}, "description": "Specifies port number on which the Storage daemon listens for\nDirector connections.\n", "loc": ["services", "bacula-sd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bacula-sd.tls": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "TLS Options for the Storage Daemon.\nImportant notice: The backup won't be encrypted.\n", "loc": ["services", "bacula-sd", "tls"], "readOnly": false, "type": "submodule"}, "services.bacula-sd.tls.allowedCN": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Common name attribute of allowed peer certificates.\nThis directive is valid for a server and in a client context.\nIf this directive is specified, the peer certificate will be verified against this list.\nIn the case this directive is configured on a server side, the allowed\nCN list will not be checked if [services.bacula-sd.tls.verifyPeer](#opt-services.bacula-sd.tls.verifyPeer) is false.\n", "loc": ["services", "bacula-sd", "tls", "allowedCN"], "readOnly": false, "type": "list of string"}, "services.bacula-sd.tls.caCertificateFile": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path specifying a PEM encoded TLS CA certificate(s).\nMultiple certificates are permitted in the file.\nOne of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless\n[services.bacula-sd.tls.verifyPeer](#opt-services.bacula-sd.tls.verifyPeer) is false, and are always required in a client context.\n", "loc": ["services", "bacula-sd", "tls", "caCertificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-sd.tls.certificate": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to the PEM encoded TLS certificate.\nIt will be used as either a client or server certificate,\ndepending on the connection direction.\nThis directive is required in a server context, but it may\nnot be specified in a client context if [services.bacula-sd.tls.verifyPeer](#opt-services.bacula-sd.tls.verifyPeer) is\n`false` in the corresponding server context.\n", "loc": ["services", "bacula-sd", "tls", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.bacula-sd.tls.enable": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies if TLS should be enabled.\nIf this set to `false` TLS will be completely disabled, even if [services.bacula-sd.tls.require](#opt-services.bacula-sd.tls.require) is true.\n", "loc": ["services", "bacula-sd", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.bacula-sd.tls.key": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "description": "The path of a PEM encoded TLS private key.\nIt must correspond to the TLS certificate.\n", "loc": ["services", "bacula-sd", "tls", "key"], "readOnly": false, "type": "absolute path"}, "services.bacula-sd.tls.require": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Require TLS or TLS-PSK encryption.\nThis directive is ignored unless one of [services.bacula-sd.tls.enable](#opt-services.bacula-sd.tls.enable) is true or TLS PSK Enable is set to `yes`.\nIf TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component\nwill connect with other components either with or without TLS or TLS-PSK\n\nIf [services.bacula-sd.tls.enable](#opt-services.bacula-sd.tls.enable) or TLS-PSK is enabled and TLS is required, then the Bacula\ncomponent will refuse any connection request that does not use TLS.\n", "loc": ["services", "bacula-sd", "tls", "require"], "readOnly": false, "type": "null or boolean"}, "services.bacula-sd.tls.verifyPeer": {"declarations": ["nixos/modules/services/backup/bacula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verify peer certificate.\nInstructs server to request and verify the client's X.509 certificate.\nAny client certificate signed by a known-CA will be accepted.\nAdditionally, the client's X509 certificate Common Name must meet the value of the Address directive.\nIf [services.bacula-sd.tls.allowedCN](#opt-services.bacula-sd.tls.allowedCN) is used,\nthe client's x509 certificate Common Name must also correspond to\none of the CN specified in the [services.bacula-sd.tls.allowedCN](#opt-services.bacula-sd.tls.allowedCN) directive.\nThis directive is valid only for a server and not in client context.\n\nStandard from Bacula is `true`.\n", "loc": ["services", "bacula-sd", "tls", "verifyPeer"], "readOnly": false, "type": "null or boolean"}, "services.baikal.enable": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable baikal.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "baikal", "enable"], "readOnly": false, "type": "boolean"}, "services.baikal.group": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "\"baikal\""}, "description": "Group account under which the web-application run.\n", "loc": ["services", "baikal", "group"], "readOnly": false, "type": "string"}, "services.baikal.package": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.baikal"}, "description": "The baikal package to use.", "loc": ["services", "baikal", "package"], "readOnly": false, "type": "package"}, "services.baikal.phpPackage": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php"}, "description": "The php package to use.", "loc": ["services", "baikal", "phpPackage"], "readOnly": false, "type": "package"}, "services.baikal.pool": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "\"baikal\""}, "description": "Name of existing phpfpm pool that is used to run web-application.\nIf not specified a pool will be created automatically with\ndefault values.\n", "loc": ["services", "baikal", "pool"], "readOnly": false, "type": "string"}, "services.baikal.user": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "\"baikal\""}, "description": "User account under which the web-application run.\n", "loc": ["services", "baikal", "user"], "readOnly": false, "type": "string"}, "services.baikal.virtualHost": {"declarations": ["nixos/modules/services/web-apps/baikal.nix"], "default": {"_type": "literalExpression", "text": "\"baikal\""}, "description": "Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.\n", "loc": ["services", "baikal", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.bamf.enable": {"declarations": ["nixos/modules/services/desktops/bamf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bamf.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bamf", "enable"], "readOnly": false, "type": "boolean"}, "services.bazarr.dataDir": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bazarr\""}, "description": "The directory where Bazarr stores its data files.", "loc": ["services", "bazarr", "dataDir"], "readOnly": false, "type": "string"}, "services.bazarr.enable": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bazarr, a subtitle manager for Sonarr and Radarr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bazarr", "enable"], "readOnly": false, "type": "boolean"}, "services.bazarr.group": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "\"bazarr\""}, "description": "Group under which bazarr runs.", "loc": ["services", "bazarr", "group"], "readOnly": false, "type": "string"}, "services.bazarr.listenPort": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "6767"}, "description": "Port on which the bazarr web interface should listen", "loc": ["services", "bazarr", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bazarr.openFirewall": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the bazarr web interface.", "loc": ["services", "bazarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.bazarr.package": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bazarr"}, "description": "The bazarr package to use.", "loc": ["services", "bazarr", "package"], "readOnly": false, "type": "package"}, "services.bazarr.user": {"declarations": ["nixos/modules/services/misc/bazarr.nix"], "default": {"_type": "literalExpression", "text": "\"bazarr\""}, "description": "User account under which bazarr runs.", "loc": ["services", "bazarr", "user"], "readOnly": false, "type": "string"}, "services.bcachefs.autoScrub.enable": {"declarations": ["nixos/modules/tasks/filesystems/bcachefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable regular bcachefs scrub.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bcachefs", "autoScrub", "enable"], "readOnly": false, "type": "boolean"}, "services.bcachefs.autoScrub.fileSystems": {"declarations": ["nixos/modules/tasks/filesystems/bcachefs.nix"], "description": "List of paths to bcachefs filesystems to regularly call {command}`bcachefs scrub` on.\nDefaults to all mount points with bcachefs filesystems.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/\"\n]"}, "loc": ["services", "bcachefs", "autoScrub", "fileSystems"], "readOnly": false, "type": "list of absolute path"}, "services.bcachefs.autoScrub.interval": {"declarations": ["nixos/modules/tasks/filesystems/bcachefs.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Systemd calendar expression for when to scrub bcachefs filesystems.\nThe recommended period is a month but could be less.\nSee\n{manpage}`systemd.time(7)`\nfor more information on the syntax.\n", "example": {"_type": "literalExpression", "text": "\"weekly\""}, "loc": ["services", "bcachefs", "autoScrub", "interval"], "readOnly": false, "type": "string"}, "services.bcg.automaticRemoveKitFromNames": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically remove kits.", "loc": ["services", "bcg", "automaticRemoveKitFromNames"], "readOnly": false, "type": "boolean"}, "services.bcg.automaticRenameGenericNodes": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically rename generic nodes.", "loc": ["services", "bcg", "automaticRenameGenericNodes"], "readOnly": false, "type": "boolean"}, "services.bcg.automaticRenameKitNodes": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically rename kit's nodes.", "loc": ["services", "bcg", "automaticRenameKitNodes"], "readOnly": false, "type": "boolean"}, "services.bcg.automaticRenameNodes": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically rename all nodes.", "loc": ["services", "bcg", "automaticRenameNodes"], "readOnly": false, "type": "boolean"}, "services.bcg.baseTopicPrefix": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Topic prefix added to all MQTT messages.", "loc": ["services", "bcg", "baseTopicPrefix"], "readOnly": false, "type": "string"}, "services.bcg.device": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "description": "Device name to configure gateway to use.", "loc": ["services", "bcg", "device"], "readOnly": false, "type": "string"}, "services.bcg.enable": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BigClown gateway.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bcg", "enable"], "readOnly": false, "type": "boolean"}, "services.bcg.environmentFiles": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load as environment file. Environment variables from this file\nwill be interpolated into the config file using envsubst with this\nsyntax: `$ENVIRONMENT` or `${VARIABLE}`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/keys/bcg.env\"\n]"}, "loc": ["services", "bcg", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.bcg.mqtt.cafile": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate Authority file for MQTT server access.", "loc": ["services", "bcg", "mqtt", "cafile"], "readOnly": false, "type": "null or string"}, "services.bcg.mqtt.certfile": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for MQTT server access.", "loc": ["services", "bcg", "mqtt", "certfile"], "readOnly": false, "type": "null or string"}, "services.bcg.mqtt.host": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host where MQTT server is running.", "loc": ["services", "bcg", "mqtt", "host"], "readOnly": false, "type": "string"}, "services.bcg.mqtt.keyfile": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for MQTT server access.", "loc": ["services", "bcg", "mqtt", "keyfile"], "readOnly": false, "type": "null or string"}, "services.bcg.mqtt.password": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MQTT server access password.", "loc": ["services", "bcg", "mqtt", "password"], "readOnly": false, "type": "null or string"}, "services.bcg.mqtt.port": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "1883"}, "description": "Port of MQTT server.", "loc": ["services", "bcg", "mqtt", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bcg.mqtt.username": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MQTT server access username.", "loc": ["services", "bcg", "mqtt", "username"], "readOnly": false, "type": "null or string"}, "services.bcg.name": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name for the device.\n\nSupported variables:\n* `{ip}` IP address\n* `{id}` The ID of the connected usb-dongle or core-module\n\n`null` can be used for automatic detection from gateway firmware.\n", "loc": ["services", "bcg", "name"], "readOnly": false, "type": "null or string"}, "services.bcg.package": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3Packages.bcg"}, "description": "The bcg package to use.", "loc": ["services", "bcg", "package"], "readOnly": false, "type": "package"}, "services.bcg.qosNodeMessages": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Set the guarantee of MQTT message delivery.", "loc": ["services", "bcg", "qosNodeMessages"], "readOnly": false, "type": "signed integer"}, "services.bcg.rename": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Rename nodes to different name.", "loc": ["services", "bcg", "rename"], "readOnly": false, "type": "attribute set of string"}, "services.bcg.retainNodeMessages": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specify that node messages should be retaied in MQTT broker.", "loc": ["services", "bcg", "retainNodeMessages"], "readOnly": false, "type": "boolean"}, "services.bcg.verbose": {"declarations": ["nixos/modules/services/misc/bcg.nix"], "default": {"_type": "literalExpression", "text": "\"WARNING\""}, "description": "Verbosity level.", "loc": ["services", "bcg", "verbose"], "readOnly": false, "type": "one of \"CRITICAL\", \"ERROR\", \"WARNING\", \"INFO\", \"DEBUG\""}, "services.beanstalkd.enable": {"declarations": ["nixos/modules/services/misc/beanstalkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Beanstalk work queue.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "beanstalkd", "enable"], "readOnly": false, "type": "boolean"}, "services.beanstalkd.listen.address": {"declarations": ["nixos/modules/services/misc/beanstalkd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP address to listen on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "beanstalkd", "listen", "address"], "readOnly": false, "type": "string"}, "services.beanstalkd.listen.port": {"declarations": ["nixos/modules/services/misc/beanstalkd.nix"], "default": {"_type": "literalExpression", "text": "11300"}, "description": "TCP port that will be used to accept client connections.", "loc": ["services", "beanstalkd", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.beanstalkd.openFirewall": {"declarations": ["nixos/modules/services/misc/beanstalkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the server.", "loc": ["services", "beanstalkd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.bee.daemonNiceLevel": {"declarations": ["nixos/modules/services/networking/bee.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Daemon process priority for bee.\n0 is the default Unix process priority, 19 is the lowest.\n", "loc": ["services", "bee", "daemonNiceLevel"], "readOnly": false, "type": "signed integer"}, "services.bee.enable": {"declarations": ["nixos/modules/services/networking/bee.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ethereum Swarm Bee.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bee", "enable"], "readOnly": false, "type": "boolean"}, "services.bee.group": {"declarations": ["nixos/modules/services/networking/bee.nix"], "default": {"_type": "literalExpression", "text": "\"bee\""}, "description": "Group the bee binary should execute under.\n", "loc": ["services", "bee", "group"], "readOnly": false, "type": "string"}, "services.bee.package": {"declarations": ["nixos/modules/services/networking/bee.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bee"}, "description": "The bee package to use.", "example": {"_type": "literalExpression", "text": "bee-unstable"}, "loc": ["services", "bee", "package"], "readOnly": false, "type": "package"}, "services.bee.settings": {"declarations": ["nixos/modules/services/networking/bee.nix"], "description": "Ethereum Swarm Bee configuration. Refer to\n<https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/>\nfor details on supported values.\n", "loc": ["services", "bee", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.bee.user": {"declarations": ["nixos/modules/services/networking/bee.nix"], "default": {"_type": "literalExpression", "text": "\"bee\""}, "description": "User the bee binary should execute under.\n", "loc": ["services", "bee", "user"], "readOnly": false, "type": "string"}, "services.beesd.filesystems": {"declarations": ["nixos/modules/services/misc/bees.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "BTRFS filesystems to run block-level deduplication on.", "example": {"_type": "literalExpression", "text": "{\n  \"-\" = {\n    spec = \"LABEL=root\";\n    hashTableSizeMB = 2048;\n    verbosity = \"crit\";\n    extraOptions = [ \"--loadavg-target\" \"5.0\" ];\n  };\n}\n"}, "loc": ["services", "beesd", "filesystems"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.beesd.filesystems.<name>.extraOptions": {"declarations": ["nixos/modules/services/misc/bees.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line options passed to the daemon. See upstream bees documentation.\n", "example": {"_type": "literalExpression", "text": "[ \"--thread-count\" \"4\" ]\n"}, "loc": ["services", "beesd", "filesystems", "<name>", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.beesd.filesystems.<name>.hashTableSizeMB": {"declarations": ["nixos/modules/services/misc/bees.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Hash table size in MB; must be a multiple of 16.\n\nA larger ratio of index size to storage size means smaller blocks of\nduplicate content are recognized.\n\nIf you have 1TB of data, a 4GB hash table (which is to say, a value of\n4096) will permit 4KB extents (the smallest possible size) to be\nrecognized, whereas a value of 1024 -- creating a 1GB hash table --\nwill recognize only aligned duplicate blocks of 16KB.\n", "loc": ["services", "beesd", "filesystems", "<name>", "hashTableSizeMB"], "readOnly": false, "type": "signed integer"}, "services.beesd.filesystems.<name>.spec": {"declarations": ["nixos/modules/services/misc/bees.nix"], "description": "Description of how to identify the filesystem to be duplicated by this\ninstance of bees. Note that deduplication crosses subvolumes; one must\nnot configure multiple instances for subvolumes of the same filesystem\n(or block devices which are part of the same filesystem), but only for\ncompletely independent btrfs filesystems.\n\nThis must be in a format usable by findmnt; that could be a key=value\npair, or a bare path to a mount point.\nUsing bare paths will allow systemd to start the beesd service only\nafter mounting the associated path.\n", "example": {"_type": "literalExpression", "text": "\"LABEL=MyBulkDataDrive\""}, "loc": ["services", "beesd", "filesystems", "<name>", "spec"], "readOnly": false, "type": "string"}, "services.beesd.filesystems.<name>.verbosity": {"declarations": ["nixos/modules/services/misc/bees.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log verbosity (syslog keyword/level).", "loc": ["services", "beesd", "filesystems", "<name>", "verbosity"], "readOnly": false, "type": "one of \"alert\", \"crit\", \"debug\", \"emerg\", \"err\", \"info\", \"notice\", \"warning\", 1, 2, 7, 0, 3, 6, 5, 4"}, "services.beesd.filesystems.<name>.workDir": {"declarations": ["nixos/modules/services/misc/bees.nix"], "default": {"_type": "literalExpression", "text": "\".beeshome\""}, "description": "Name (relative to the root of the filesystem) of the subvolume where\nthe hash table will be stored.\n", "loc": ["services", "beesd", "filesystems", "<name>", "workDir"], "readOnly": false, "type": "string"}, "services.below.cgroupFilterOut": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A regexp matching the full paths of cgroups whose data shouldn't be collected", "example": {"_type": "literalExpression", "text": "\"user.slice.*\""}, "loc": ["services", "below", "cgroupFilterOut"], "readOnly": false, "type": "null or string"}, "services.below.collect.diskStats": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable dist_stat collection.", "loc": ["services", "below", "collect", "diskStats"], "readOnly": false, "type": "boolean"}, "services.below.collect.exitStats": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable eBPF-based exitstats.", "loc": ["services", "below", "collect", "exitStats"], "readOnly": false, "type": "boolean"}, "services.below.collect.ioStats": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable io.stat collection for cgroups.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "below", "collect", "ioStats"], "readOnly": false, "type": "boolean"}, "services.below.compression.enable": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable data compression.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "below", "compression", "enable"], "readOnly": false, "type": "boolean"}, "services.below.dirs.log": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Where to store below's logs", "loc": ["services", "below", "dirs", "log"], "readOnly": false, "type": "null or absolute path"}, "services.below.dirs.store": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Where to store below's data", "example": {"_type": "literalExpression", "text": "\"/var/lib/below\""}, "loc": ["services", "below", "dirs", "store"], "readOnly": false, "type": "null or absolute path"}, "services.below.enable": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable 'below' resource monitor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "below", "enable"], "readOnly": false, "type": "boolean"}, "services.below.retention.size": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Size limit for below's data, in bytes. Data is deleted oldest-first, in 24h 'shards'.\n\n::: {.note}\nThe size limit may be exceeded by at most the size of the active shard, as:\n- the active shard cannot be deleted;\n- the size limit is only enforced when a new shard is created.\n:::\n", "loc": ["services", "below", "retention", "size"], "readOnly": false, "type": "null or signed integer"}, "services.below.retention.time": {"declarations": ["nixos/modules/services/monitoring/below.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Retention time, in seconds.\n\n::: {.note}\nAs data is stored in 24 hour shards which are discarded as a whole,\nonly data expired by 24h (or more) is guaranteed to be discarded.\n:::\n\n::: {.note}\nIf `retention.size` is set, data may be discarded earlier than the specified time.\n:::\n", "loc": ["services", "below", "retention", "time"], "readOnly": false, "type": "null or signed integer"}, "services.bentopdf.caddy.enable": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a virtualhost to serve bentopdf through caddy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bentopdf", "caddy", "enable"], "readOnly": false, "type": "boolean"}, "services.bentopdf.caddy.virtualHost": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the caddy virtual host of bentopdf.", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [ \"bentopdf.${config.networking.domain}\" ];\n}\n"}, "loc": ["services", "bentopdf", "caddy", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.bentopdf.caddy.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to this virtual host in the\nautomatically generated `Caddyfile`.\n", "loc": ["services", "bentopdf", "caddy", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bentopdf.caddy.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "bentopdf", "caddy", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.bentopdf.caddy.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of host interfaces to bind to for this virtual host.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "loc": ["services", "bentopdf", "caddy", "virtualHost", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.bentopdf.caddy.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "''\n  output file ''${config.services.caddy.logDir}/access-''${hostName}.log\n''"}, "description": "Configuration for HTTP request logging (also known as access logs). See\n<https://caddyserver.com/docs/caddyfile/directives/log#log>\nfor details.\n", "example": {"_type": "literalExpression", "text": "mkForce ''\n  output discard\n'';\n"}, "loc": ["services", "bentopdf", "caddy", "virtualHost", "logFormat"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.bentopdf.caddy.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "bentopdf", "caddy", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.bentopdf.caddy.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is mostly useful if you use DNS challenges but Caddy does not\ncurrently support your provider.\n\n*Note that this option does not create any certificates, nor\ndoes it add subdomains to existing ones \u2013 you will need to create them\nmanually using [](#opt-security.acme.certs).*\n", "loc": ["services", "bentopdf", "caddy", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.bentopdf.domain": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "description": "Domain to use for the virtual host.", "loc": ["services", "bentopdf", "domain"], "readOnly": false, "type": "string"}, "services.bentopdf.enable": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bentopdf Privacy First PDF Toolkit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bentopdf", "enable"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a virtualhost to serve bentopdf through nginx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bentopdf", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the nginx virtual host of bentopdf.", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [ \"bentopdf.${config.networking.domain}\" ];\n}\n"}, "loc": ["services", "bentopdf", "nginx", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.bentopdf.nginx.virtualHost.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.basicAuth": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.bentopdf.nginx.virtualHost.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.bentopdf.nginx.virtualHost.default": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "default"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bentopdf.nginx.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.http3": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "http3"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.http3_hq": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.kTLS": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "kTLS"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.bentopdf.nginx.virtualHost.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "description": "Listen address.", "loc": ["services", "bentopdf", "nginx", "virtualHost", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.bentopdf.nginx.virtualHost.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.bentopdf.nginx.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bentopdf.nginx.virtualHost.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "bentopdf", "nginx", "virtualHost", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "bentopdf", "nginx", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.bentopdf.nginx.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bentopdf.nginx.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.bentopdf.nginx.virtualHost.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.bentopdf.nginx.virtualHost.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.bentopdf.nginx.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bentopdf.nginx.virtualHost.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.bentopdf.nginx.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.bentopdf.nginx.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.bentopdf.nginx.virtualHost.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.bentopdf.nginx.virtualHost.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.quic": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "quic"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.redirectCode": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.bentopdf.nginx.virtualHost.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.reuseport": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "reuseport"], "readOnly": false, "type": "boolean"}, "services.bentopdf.nginx.virtualHost.root": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "root"], "readOnly": false, "type": "null or absolute path"}, "services.bentopdf.nginx.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.bentopdf.nginx.virtualHost.serverName": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "serverName"], "readOnly": false, "type": "null or string"}, "services.bentopdf.nginx.virtualHost.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.bentopdf.nginx.virtualHost.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.bentopdf.nginx.virtualHost.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "bentopdf", "nginx", "virtualHost", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.bentopdf.nginx.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "bentopdf", "nginx", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.bentopdf.package": {"declarations": ["nixos/modules/services/web-apps/bentopdf.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bentopdf"}, "description": "The bentopdf package to use. To use the \"normal mode\" variant of bentopdf, which includes all socials, marketing and explanatory texts, set this option to `pkgs.bentopdf.override { simpleMode = false; }`.\n", "loc": ["services", "bentopdf", "package"], "readOnly": false, "type": "package"}, "services.bepasty.enable": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bepasty, a binary pastebin server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bepasty", "enable"], "readOnly": false, "type": "boolean"}, "services.bepasty.servers": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "configure a number of bepasty servers which will be started with\ngunicorn.\n", "loc": ["services", "bepasty", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bepasty.servers.<name>.bind": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "description": "Bind address to be used for this server.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0:8000\""}, "loc": ["services", "bepasty", "servers", "<name>", "bind"], "readOnly": false, "type": "string"}, "services.bepasty.servers.<name>.dataDir": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bepasty/data\""}, "description": "Path to the directory where the pastes will be saved to\n", "loc": ["services", "bepasty", "servers", "<name>", "dataDir"], "readOnly": false, "type": "string"}, "services.bepasty.servers.<name>.defaultPermissions": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "\"read\""}, "description": "default permissions for all unauthenticated accesses.\n", "example": {"_type": "literalExpression", "text": "\"read,create,delete\""}, "loc": ["services", "bepasty", "servers", "<name>", "defaultPermissions"], "readOnly": false, "type": "string"}, "services.bepasty.servers.<name>.extraConfig": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for bepasty server to be appended on the\nconfiguration.\nsee <https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty>\nfor all options.\n", "example": {"_type": "literalExpression", "text": "''\n  PERMISSIONS = {\n    'myadminsecret': 'admin,list,create,read,delete',\n  }\n  MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000\n''"}, "loc": ["services", "bepasty", "servers", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bepasty.servers.<name>.secretKey": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "server secret for safe session cookies, must be set.\n\nWarning: this secret is stored in the WORLD-READABLE Nix store!\n\nIt's recommended to use {option}`secretKeyFile`\nwhich takes precedence over {option}`secretKey`.\n", "loc": ["services", "bepasty", "servers", "<name>", "secretKey"], "readOnly": false, "type": "string"}, "services.bepasty.servers.<name>.secretKeyFile": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file that contains the server secret for safe session cookies, must be set.\n\n{option}`secretKeyFile` takes precedence over {option}`secretKey`.\n\nWarning: when {option}`secretKey` is non-empty {option}`secretKeyFile`\ndefaults to a file in the WORLD-READABLE Nix store containing that secret.\n", "loc": ["services", "bepasty", "servers", "<name>", "secretKeyFile"], "readOnly": false, "type": "null or string"}, "services.bepasty.servers.<name>.workDir": {"declarations": ["nixos/modules/services/misc/bepasty.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bepasty\""}, "description": "Path to the working directory (used for config and pidfile).\nDefaults to the users home directory.\n", "loc": ["services", "bepasty", "servers", "<name>", "workDir"], "readOnly": false, "type": "string"}, "services.beszel.agent.enable": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable beszel agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "beszel", "agent", "enable"], "readOnly": false, "type": "boolean"}, "services.beszel.agent.environment": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for configuring the beszel-agent service.\nThis field will end up public in /nix/store, for secret values (such as `KEY`) use `environmentFile`.\n\nSee <https://www.beszel.dev/guide/environment-variables#agent> for available options.\n", "loc": ["services", "beszel", "agent", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.beszel.agent.environmentFile": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing environment variables for configuring the beszel-agent service in the format of an EnvironmentFile. See {manpage}`systemd.exec(5)`.\n", "loc": ["services", "beszel", "agent", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.beszel.agent.extraPath": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to beszel path (such as nvidia-smi or rocm-smi).\n", "loc": ["services", "beszel", "agent", "extraPath"], "readOnly": false, "type": "list of package"}, "services.beszel.agent.openFirewall": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall port (default 45876).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "beszel", "agent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.beszel.agent.package": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.beszel"}, "description": "The beszel package to use.", "loc": ["services", "beszel", "agent", "package"], "readOnly": false, "type": "package"}, "services.beszel.agent.smartmon.deviceAllow": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of device paths to allow access to for SMART monitoring.\nThis is only needed if the ambient capabilities are not sufficient.\nDevices will be granted read-only access.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/sda\"\n  \"/dev/sdb\"\n  \"/dev/nvme0\"\n]"}, "loc": ["services", "beszel", "agent", "smartmon", "deviceAllow"], "readOnly": false, "type": "list of string"}, "services.beszel.agent.smartmon.enable": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Include services.beszel.agent.smartmon.package in the Beszel agent path for disk monitoring and add the agent to the disk group.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "beszel", "agent", "smartmon", "enable"], "readOnly": false, "type": "boolean"}, "services.beszel.agent.smartmon.package": {"declarations": ["nixos/modules/services/monitoring/beszel-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.smartmontools"}, "description": "The smartmontools package to use.", "loc": ["services", "beszel", "agent", "smartmon", "package"], "readOnly": false, "type": "package"}, "services.beszel.hub.dataDir": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/beszel-hub\""}, "description": "Data directory of beszel-hub.", "loc": ["services", "beszel", "hub", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.beszel.hub.enable": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable beszel hub.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "beszel", "hub", "enable"], "readOnly": false, "type": "boolean"}, "services.beszel.hub.environment": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to the systemd service.\nSee <https://www.beszel.dev/guide/environment-variables#hub> for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  DISABLE_PASSWORD_AUTH = \"true\";\n}"}, "loc": ["services", "beszel", "hub", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.beszel.hub.environmentFile": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store. See {manpage}`systemd.exec(5)`.\n", "loc": ["services", "beszel", "hub", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.beszel.hub.host": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host or address this beszel hub listens on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "beszel", "hub", "host"], "readOnly": false, "type": "string"}, "services.beszel.hub.package": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "pkgs.beszel"}, "description": "The beszel package to use.", "loc": ["services", "beszel", "hub", "package"], "readOnly": false, "type": "package"}, "services.beszel.hub.port": {"declarations": ["nixos/modules/services/monitoring/beszel-hub.nix"], "default": {"_type": "literalExpression", "text": "8090"}, "description": "Port for this beszel hub to listen on.", "example": {"_type": "literalExpression", "text": "3002"}, "loc": ["services", "beszel", "hub", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.biboumi.credentialsFile": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Path to a configuration file to be merged with the settings.\nBeware not to surround \"=\" with spaces when setting biboumi's options in this file.\nUseful to merge a file which is better kept out of the Nix store\nbecause it contains sensible data like\n[password](#opt-services.biboumi.settings.password).\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/biboumi.cfg\""}, "loc": ["services", "biboumi", "credentialsFile"], "readOnly": false, "type": "absolute path"}, "services.biboumi.enable": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Biboumi XMPP gateway to IRC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "biboumi", "enable"], "readOnly": false, "type": "boolean"}, "services.biboumi.openFirewall": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening of the identd port in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "biboumi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.biboumi.package": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.biboumi"}, "description": "The biboumi package to use.", "loc": ["services", "biboumi", "package"], "readOnly": false, "type": "package"}, "services.biboumi.settings": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [biboumi 9.0](https://doc.biboumi.louiz.org/9.0/admin.html#configuration)\n\nfor documentation.\n", "loc": ["services", "biboumi", "settings"], "readOnly": false, "type": "open submodule of settings option"}, "services.biboumi.settings.admin": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The bare JID of the gateway administrator. This JID will have more\nprivileges than other standard users, for example some administration\nad-hoc commands will only be available to that JID.\n", "example": {"_type": "literalExpression", "text": "[\n  \"admin@example.org\"\n]"}, "loc": ["services", "biboumi", "settings", "admin"], "readOnly": false, "type": "list of string"}, "services.biboumi.settings.ca_file": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "config.security.pki.caBundle"}, "description": "Specifies which file should be used as the list of trusted CA\nwhen negotiating a TLS session.\n", "loc": ["services", "biboumi", "settings", "ca_file"], "readOnly": false, "type": "absolute path"}, "services.biboumi.settings.db_name": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/biboumi/biboumi.sqlite\""}, "description": "The name of the database to use.\n\nSet it to null and use [credentialsFile](#opt-services.biboumi.credentialsFile)\nif you do not want this connection string to go into the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://user:secret@localhost\""}, "loc": ["services", "biboumi", "settings", "db_name"], "readOnly": false, "type": "null or absolute path or string"}, "services.biboumi.settings.hostname": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "description": "The hostname served by the XMPP\u202fgateway.\nThis domain must be configured in the XMPP server\nas an external component.\n", "example": {"_type": "literalExpression", "text": "\"biboumi.example.org\""}, "loc": ["services", "biboumi", "settings", "hostname"], "readOnly": false, "type": "string"}, "services.biboumi.settings.identd_port": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "113"}, "description": "The TCP port on which to listen for identd queries.\n", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["services", "biboumi", "settings", "identd_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.biboumi.settings.log_level": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Indicate what type of log messages to write in the logs.\n0 is debug, 1 is info, 2 is warning, 3 is error.\n", "loc": ["services", "biboumi", "settings", "log_level"], "readOnly": false, "type": "integer between 0 and 3 (both inclusive)"}, "services.biboumi.settings.password": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "description": "The password used to authenticate the XMPP component to your XMPP server.\nThis password must be configured in the XMPP server,\nassociated with the external component on\n[hostname](#opt-services.biboumi.settings.hostname).\n\nSet it to null and use [credentialsFile](#opt-services.biboumi.credentialsFile)\nif you do not want this password to go into the Nix store.\n", "loc": ["services", "biboumi", "settings", "password"], "readOnly": false, "type": "null or string"}, "services.biboumi.settings.persistent_by_default": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether all rooms will be persistent by default:\nthe value of the \u201cpersistent\u201d option in the global configuration of each\nuser will be \u201ctrue\u201d, but the value of each individual room will still\ndefault to false. This means that a user just needs to change the global\n\u201cpersistent\u201d configuration option to false in order to override this.\n", "loc": ["services", "biboumi", "settings", "persistent_by_default"], "readOnly": false, "type": "boolean"}, "services.biboumi.settings.policy_directory": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.biboumi}/etc/biboumi\""}, "description": "A directory that should contain the policy files,\nused to customize Botan\u2019s behaviour\nwhen negotiating the TLS connections with the IRC servers.\n", "loc": ["services", "biboumi", "settings", "policy_directory"], "readOnly": false, "type": "absolute path"}, "services.biboumi.settings.port": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "5347"}, "description": "The TCP port to use to connect to the local XMPP component.\n", "loc": ["services", "biboumi", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.biboumi.settings.realname_customization": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the users will be able to use\nthe ad-hoc commands that lets them configure\ntheir realname and username.\n", "loc": ["services", "biboumi", "settings", "realname_customization"], "readOnly": false, "type": "boolean"}, "services.biboumi.settings.realname_from_jid": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the realname and username of each biboumi\nuser will be extracted from their JID.\nOtherwise they will be set to the nick\nthey used to connect to the IRC server.\n", "loc": ["services", "biboumi", "settings", "realname_from_jid"], "readOnly": false, "type": "boolean"}, "services.biboumi.settings.xmpp_server_ip": {"declarations": ["nixos/modules/services/networking/biboumi.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP address to connect to the XMPP server on.\nThe connection to the XMPP server is unencrypted,\nso the biboumi instance and the server should\nnormally be on the same host.\n", "loc": ["services", "biboumi", "settings", "xmpp_server_ip"], "readOnly": false, "type": "string"}, "services.bind.blockedNetworks": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "What networks are just blocked.\n", "loc": ["services", "bind", "blockedNetworks"], "readOnly": false, "type": "list of string"}, "services.bind.cacheNetworks": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.0/24\"\n  \"::1/128\"\n]"}, "description": "What networks are allowed to use us as a resolver.  Note\nthat this is for recursive queries -- all networks are\nallowed to query zones configured with the `zones` option\nby default (although this may be overridden within each\nzone's configuration, via the `allowQuery` option).\nIt is recommended that you limit cacheNetworks to avoid your\nserver being used for DNS amplification attacks.\n", "loc": ["services", "bind", "cacheNetworks"], "readOnly": false, "type": "list of string"}, "services.bind.configFile": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "confFile"}, "description": "Overridable config file to use for named. By default, that\ngenerated by nixos. If overriden, it will not be checked by\nnamed-checkconf.\n", "loc": ["services", "bind", "configFile"], "readOnly": false, "type": "absolute path"}, "services.bind.directory": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "\"/run/named\""}, "description": "Working directory of BIND.", "loc": ["services", "bind", "directory"], "readOnly": false, "type": "string"}, "services.bind.enable": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BIND domain name server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bind", "enable"], "readOnly": false, "type": "boolean"}, "services.bind.extraArgs": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments to pass to named.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-n\"\n  \"4\"\n]"}, "loc": ["services", "bind", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.bind.extraConfig": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the generated named configuration file.\n", "loc": ["services", "bind", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bind.extraOptions": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the options section of the\ngenerated named configuration file.\n", "loc": ["services", "bind", "extraOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bind.forward": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "\"first\""}, "description": "Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'.\n", "loc": ["services", "bind", "forward"], "readOnly": false, "type": "one of \"first\", \"only\""}, "services.bind.forwarders": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "config.networking.nameservers"}, "description": "List of servers we should forward requests to.\n", "loc": ["services", "bind", "forwarders"], "readOnly": false, "type": "list of string"}, "services.bind.ipv4Only": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only use ipv4, even if the host supports ipv6.\n", "loc": ["services", "bind", "ipv4Only"], "readOnly": false, "type": "boolean"}, "services.bind.listenOn": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"any\"\n]"}, "description": "Interfaces to listen on.\n", "loc": ["services", "bind", "listenOn"], "readOnly": false, "type": "list of string"}, "services.bind.listenOnIpv6": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"any\"\n]"}, "description": "Ipv6 interfaces to listen on.\n", "loc": ["services", "bind", "listenOnIpv6"], "readOnly": false, "type": "list of string"}, "services.bind.listenOnIpv6Port": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "Ipv6 port to listen on.\n", "loc": ["services", "bind", "listenOnIpv6Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bind.listenOnPort": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "Port to listen on.\n", "loc": ["services", "bind", "listenOnPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bind.package": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bind"}, "description": "The bind package to use.", "loc": ["services", "bind", "package"], "readOnly": false, "type": "package"}, "services.bind.zones": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of zones we claim authority over.\n", "example": {"_type": "literalExpression", "text": "{\n  \"example.com\" = {\n    extraConfig = \"\";\n    file = \"/var/dns/example.com\";\n    master = false;\n    masters = [\n      \"192.168.0.1\"\n    ];\n    slaves = [ ];\n  };\n}"}, "loc": ["services", "bind", "zones"], "readOnly": false, "type": "(attribute set of (submodule)) or (list of (attribute set)) convertible to it"}, "services.bind.zones.<name>.allowQuery": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"any\"\n]"}, "description": "List of address ranges allowed to query this zone. Instead of the address(es), this may instead\ncontain the single string \"any\".\n", "loc": ["services", "bind", "zones", "<name>", "allowQuery"], "readOnly": false, "type": "list of string"}, "services.bind.zones.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra zone config to be appended at the end of the zone section.", "loc": ["services", "bind", "zones", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bind.zones.<name>.file": {"declarations": ["nixos/modules/services/networking/bind.nix"], "description": "Zone file resource records contain columns of data, separated by whitespace, that define the record.", "loc": ["services", "bind", "zones", "<name>", "file"], "readOnly": false, "type": "string or absolute path"}, "services.bind.zones.<name>.master": {"declarations": ["nixos/modules/services/networking/bind.nix"], "description": "Master=false means slave server", "loc": ["services", "bind", "zones", "<name>", "master"], "readOnly": false, "type": "boolean"}, "services.bind.zones.<name>.masters": {"declarations": ["nixos/modules/services/networking/bind.nix"], "description": "List of servers for inclusion in stub and secondary zones.", "loc": ["services", "bind", "zones", "<name>", "masters"], "readOnly": false, "type": "list of string"}, "services.bind.zones.<name>.name": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Name of the zone.", "loc": ["services", "bind", "zones", "<name>", "name"], "readOnly": false, "type": "string"}, "services.bind.zones.<name>.slaves": {"declarations": ["nixos/modules/services/networking/bind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Addresses who may request zone transfers.", "loc": ["services", "bind", "zones", "<name>", "slaves"], "readOnly": false, "type": "list of string"}, "services.bird-lg.frontend.bgpMapInfo": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"asn\"\n  \"as-name\"\n  \"ASName\"\n  \"descr\"\n]"}, "description": "Information displayed in bgpmap.", "loc": ["services", "bird-lg", "frontend", "bgpMapInfo"], "readOnly": false, "type": "list of string"}, "services.bird-lg.frontend.dnsInterface": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"asn.cymru.com\""}, "description": "DNS zone to query ASN information.", "loc": ["services", "bird-lg", "frontend", "dnsInterface"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.domain": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "description": "Server name domain suffixes.", "example": {"_type": "literalExpression", "text": "\"dn42.lantian.pub\""}, "loc": ["services", "bird-lg", "frontend", "domain"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.enable": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bird Looking Glass Frontend Webserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bird-lg", "frontend", "enable"], "readOnly": false, "type": "boolean"}, "services.bird-lg.frontend.extraArgs": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend).\n\n:::{.note}\nPassing lines (plain strings) is deprecated in favour of passing lists of strings.\n:::\n", "loc": ["services", "bird-lg", "frontend", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.bird-lg.frontend.listenAddresses": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:5000\""}, "description": "Address to listen on.", "loc": ["services", "bird-lg", "frontend", "listenAddresses"], "readOnly": false, "type": "string or list of string"}, "services.bird-lg.frontend.nameFilter": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Protocol names to hide in summary tables (RE2 syntax),", "example": {"_type": "literalExpression", "text": "\"^ospf\""}, "loc": ["services", "bird-lg", "frontend", "nameFilter"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.navbar.allServers": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"ALL Servers\""}, "description": "Text of 'All server' button in the navigation bar.", "loc": ["services", "bird-lg", "frontend", "navbar", "allServers"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.navbar.allServersURL": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"all\""}, "description": "URL of 'All servers' button.", "loc": ["services", "bird-lg", "frontend", "navbar", "allServersURL"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.navbar.brand": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"Bird-lg Go\""}, "description": "Brand to show in the navigation bar .", "loc": ["services", "bird-lg", "frontend", "navbar", "brand"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.navbar.brandURL": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "URL of the brand to show in the navigation bar.", "loc": ["services", "bird-lg", "frontend", "navbar", "brandURL"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.netSpecificMode": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Apply network-specific changes for some networks.", "example": {"_type": "literalExpression", "text": "\"dn42\""}, "loc": ["services", "bird-lg", "frontend", "netSpecificMode"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.protocolFilter": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Information displayed in bgpmap.", "example": {"_type": "literalExpression", "text": "[\n  \"ospf\"\n]"}, "loc": ["services", "bird-lg", "frontend", "protocolFilter"], "readOnly": false, "type": "list of string"}, "services.bird-lg.frontend.proxyPort": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port bird-lg-proxy is running on.", "loc": ["services", "bird-lg", "frontend", "proxyPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bird-lg.frontend.servers": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "description": "Server name prefixes.", "example": {"_type": "literalExpression", "text": "[\n  \"gigsgigscloud\"\n  \"hostdare\"\n]"}, "loc": ["services", "bird-lg", "frontend", "servers"], "readOnly": false, "type": "list of string"}, "services.bird-lg.frontend.timeout": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "Time before request timed out, in seconds.", "loc": ["services", "bird-lg", "frontend", "timeout"], "readOnly": false, "type": "signed integer"}, "services.bird-lg.frontend.titleBrand": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"Bird-lg Go\""}, "description": "Prefix of page titles in browser tabs.", "loc": ["services", "bird-lg", "frontend", "titleBrand"], "readOnly": false, "type": "string"}, "services.bird-lg.frontend.whois": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"whois.verisign-grs.com\""}, "description": "Whois server for queries.", "loc": ["services", "bird-lg", "frontend", "whois"], "readOnly": false, "type": "string"}, "services.bird-lg.group": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"bird-lg\""}, "description": "Group to run the service.", "loc": ["services", "bird-lg", "group"], "readOnly": false, "type": "string"}, "services.bird-lg.package": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bird-lg"}, "description": "The bird-lg package to use.", "loc": ["services", "bird-lg", "package"], "readOnly": false, "type": "package"}, "services.bird-lg.proxy.allowedIPs": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IPs or networks to allow (default all allowed).", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.25.52\"\n  \"192.168.25.53\"\n  \"192.168.0.0/24\"\n]"}, "loc": ["services", "bird-lg", "proxy", "allowedIPs"], "readOnly": false, "type": "list of string"}, "services.bird-lg.proxy.birdSocket": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"/var/run/bird/bird.ctl\""}, "description": "Bird control socket path.", "loc": ["services", "bird-lg", "proxy", "birdSocket"], "readOnly": false, "type": "string"}, "services.bird-lg.proxy.enable": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bird Looking Glass Proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bird-lg", "proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.bird-lg.proxy.extraArgs": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy).\n", "loc": ["services", "bird-lg", "proxy", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.bird-lg.proxy.listenAddresses": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "description": "Address to listen on.", "loc": ["services", "bird-lg", "proxy", "listenAddresses"], "readOnly": false, "type": "string or list of string"}, "services.bird-lg.proxy.traceroute.binary": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.traceroute}/bin/traceroute\""}, "description": "Traceroute's binary path.", "loc": ["services", "bird-lg", "proxy", "traceroute", "binary"], "readOnly": false, "type": "string"}, "services.bird-lg.proxy.traceroute.flags": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Flags for traceroute process", "loc": ["services", "bird-lg", "proxy", "traceroute", "flags"], "readOnly": false, "type": "list of string"}, "services.bird-lg.proxy.traceroute.rawOutput": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Display traceroute output in raw format.", "loc": ["services", "bird-lg", "proxy", "traceroute", "rawOutput"], "readOnly": false, "type": "boolean"}, "services.bird-lg.user": {"declarations": ["nixos/modules/services/networking/bird-lg.nix"], "default": {"_type": "literalExpression", "text": "\"bird-lg\""}, "description": "User to run the service.", "loc": ["services", "bird-lg", "user"], "readOnly": false, "type": "string"}, "services.bird.autoReload": {"declarations": ["nixos/modules/services/networking/bird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether bird should be automatically reloaded when the configuration changes.\n", "loc": ["services", "bird", "autoReload"], "readOnly": false, "type": "boolean"}, "services.bird.checkConfig": {"declarations": ["nixos/modules/services/networking/bird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the config should be checked at build time.\nWhen the config can't be checked during build time, for example when it includes\nother files, either disable this option or use `preCheckConfig` to create\nthe included files before checking.\n", "loc": ["services", "bird", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.bird.config": {"declarations": ["nixos/modules/services/networking/bird.nix"], "description": "BIRD Internet Routing Daemon configuration file.\n<http://bird.network.cz/>\n", "loc": ["services", "bird", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bird.enable": {"declarations": ["nixos/modules/services/networking/bird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BIRD Internet Routing Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bird", "enable"], "readOnly": false, "type": "boolean"}, "services.bird.package": {"declarations": ["nixos/modules/services/networking/bird.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bird3"}, "description": "The bird3 package to use.", "loc": ["services", "bird", "package"], "readOnly": false, "type": "package"}, "services.bird.preCheckConfig": {"declarations": ["nixos/modules/services/networking/bird.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Commands to execute before the config file check. The file to be checked will be\navailable as {file}`bird.conf` in the current directory.\n\nFiles created with this option will not be available at service runtime, only during\nbuild time checking.\n", "example": {"_type": "literalExpression", "text": "''\n  echo \"cost 100;\" > include.conf\n''"}, "loc": ["services", "bird", "preCheckConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.birdwatcher.enable": {"declarations": ["nixos/modules/services/networking/birdwatcher.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Birdwatcher.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "birdwatcher", "enable"], "readOnly": false, "type": "boolean"}, "services.birdwatcher.flags": {"declarations": ["nixos/modules/services/networking/birdwatcher.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Flags to append to the program call\n", "example": {"_type": "literalExpression", "text": "[\n  \"-worker-pool-size 16\"\n  \"-6\"\n]"}, "loc": ["services", "birdwatcher", "flags"], "readOnly": false, "type": "list of string"}, "services.birdwatcher.package": {"declarations": ["nixos/modules/services/networking/birdwatcher.nix"], "default": {"_type": "literalExpression", "text": "pkgs.birdwatcher"}, "description": "The birdwatcher package to use.", "loc": ["services", "birdwatcher", "package"], "readOnly": false, "type": "package"}, "services.birdwatcher.settings": {"declarations": ["nixos/modules/services/networking/birdwatcher.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf)\n", "example": {"_type": "literalExpression", "text": "[server]\nallow_from = []\nallow_uncached = false\nmodules_enabled = [\"status\",\n                   \"protocols\",\n                   \"protocols_bgp\",\n                   \"protocols_short\",\n                   \"routes_protocol\",\n                   \"routes_peer\",\n                   \"routes_table\",\n                   \"routes_table_filtered\",\n                   \"routes_table_peer\",\n                   \"routes_filtered\",\n                   \"routes_prefixed\",\n                   \"routes_noexport\",\n                   \"routes_pipe_filtered_count\",\n                   \"routes_pipe_filtered\"\n                  ]\n\n[status]\nreconfig_timestamp_source = \"bird\"\nreconfig_timestamp_match = \"# created: (.*)\"\n\nfilter_fields = []\n\n[bird]\nlisten = \"0.0.0.0:29184\"\nconfig = \"/etc/bird/bird.conf\"\nbirdc  = \"${pkgs.bird2}/bin/birdc\"\nttl = 5 # time to live (in minutes) for caching of cli output\n\n[parser]\nfilter_fields = []\n\n[cache]\nuse_redis = false # if not using redis cache, activate housekeeping to save memory!\n\n[housekeeping]\ninterval = 5\nforce_release_memory = true\n"}, "loc": ["services", "birdwatcher", "settings"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bitbox-bridge.enable": {"declarations": ["nixos/modules/services/hardware/bitbox-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bitbox bridge daemon, for use with Bitbox hardware wallets..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bitbox-bridge", "enable"], "readOnly": false, "type": "boolean"}, "services.bitbox-bridge.package": {"declarations": ["nixos/modules/services/hardware/bitbox-bridge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bitbox-bridge"}, "description": "The bitbox-bridge package to use.", "loc": ["services", "bitbox-bridge", "package"], "readOnly": false, "type": "package"}, "services.bitbox-bridge.port": {"declarations": ["nixos/modules/services/hardware/bitbox-bridge.nix"], "default": {"_type": "literalExpression", "text": "8178"}, "description": "Listening port for the bitbox-bridge.\n", "loc": ["services", "bitbox-bridge", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bitbox-bridge.runOnMount": {"declarations": ["nixos/modules/services/hardware/bitbox-bridge.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Run bitbox-bridge.service only when hardware wallet is plugged, also registers the systemd device unit.\nThis option is enabled by default to save power, when false, bitbox-bridge service runs all the time instead.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bitbox-bridge", "runOnMount"], "readOnly": false, "type": "boolean"}, "services.bitcoind": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more bitcoind instances.", "loc": ["services", "bitcoind"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bitcoind.<name>.configFile": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The configuration file path to supply bitcoind.", "example": {"_type": "literalExpression", "text": "\"/var/lib/\u2039name\u203a/bitcoin.conf\""}, "loc": ["services", "bitcoind", "<name>", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.bitcoind.<name>.dataDir": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bitcoind-\u2039name\u203a\""}, "description": "The data directory for bitcoind.", "loc": ["services", "bitcoind", "<name>", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.bitcoind.<name>.dbCache": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default database cache size in MiB.", "example": {"_type": "literalExpression", "text": "4000"}, "loc": ["services", "bitcoind", "<name>", "dbCache"], "readOnly": false, "type": "null or integer between 4 and 16384 (both inclusive)"}, "services.bitcoind.<name>.enable": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bitcoin daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bitcoind", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.bitcoind.<name>.extraCmdlineOptions": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options to pass to bitcoind.\nRun bitcoind --help to list all available options.\n", "loc": ["services", "bitcoind", "<name>", "extraCmdlineOptions"], "readOnly": false, "type": "list of string"}, "services.bitcoind.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configurations to be appended to {file}`bitcoin.conf`.", "example": {"_type": "literalExpression", "text": "''\n  par=16\n  rpcthreads=16\n  logips=1\n''"}, "loc": ["services", "bitcoind", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bitcoind.<name>.group": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoind-\u2039name\u203a\""}, "description": "The group as which to run bitcoind.", "loc": ["services", "bitcoind", "<name>", "group"], "readOnly": false, "type": "string"}, "services.bitcoind.<name>.package": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bitcoind"}, "description": "The bitcoind package to use.", "loc": ["services", "bitcoind", "<name>", "package"], "readOnly": false, "type": "package"}, "services.bitcoind.<name>.pidFile": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bitcoind-\u2039name\u203a/bitcoind.pid\""}, "description": "Location of bitcoind pid file.", "loc": ["services", "bitcoind", "<name>", "pidFile"], "readOnly": false, "type": "absolute path"}, "services.bitcoind.<name>.port": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default port on which to listen for connections.", "loc": ["services", "bitcoind", "<name>", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bitcoind.<name>.prune": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Reduce storage requirements by enabling pruning (deleting) of old\nblocks. This allows the pruneblockchain RPC to be called to delete\nspecific blocks, and enables automatic pruning of old blocks if a\ntarget size in MiB is provided. This mode is incompatible with -txindex\nand -rescan. Warning: Reverting this setting requires re-downloading\nthe entire blockchain. (\"disable\" = disable pruning blocks, \"manual\"\n= allow manual pruning via RPC, >=550 = automatically prune block files\nto stay under the specified target size in MiB).\n", "example": {"_type": "literalExpression", "text": "10000"}, "loc": ["services", "bitcoind", "<name>", "prune"], "readOnly": false, "type": "null or ((unsigned integer, meaning >=0) or (one of \"disable\", \"manual\") convertible to it)"}, "services.bitcoind.<name>.rpc.port": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default port on which to listen for JSON-RPC connections.", "loc": ["services", "bitcoind", "<name>", "rpc", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bitcoind.<name>.rpc.users": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "RPC user information for JSON-RPC connections.", "example": {"_type": "literalExpression", "text": "{\n  alice.passwordHMAC = \"f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae\";\n  bob.passwordHMAC = \"b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99\";\n}\n"}, "loc": ["services", "bitcoind", "<name>", "rpc", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bitcoind.<name>.rpc.users.<name>.name": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "description": "Username for JSON-RPC connections.\n", "example": {"_type": "literalExpression", "text": "\"alice\""}, "loc": ["services", "bitcoind", "<name>", "rpc", "users", "<name>", "name"], "readOnly": false, "type": "string"}, "services.bitcoind.<name>.rpc.users.<name>.passwordHMAC": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "description": "Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the\nformat \\<SALT-HEX\\>$\\<HMAC-HEX\\>.\n\nTool (Python script) for HMAC generation is available here:\n<https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py>\n", "example": {"_type": "literalExpression", "text": "\"f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae\""}, "loc": ["services", "bitcoind", "<name>", "rpc", "users", "<name>", "passwordHMAC"], "readOnly": false, "type": "string matching the pattern [0-9a-f]+\\$[0-9a-f]{64}"}, "services.bitcoind.<name>.testnet": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use the testnet instead of mainnet.", "loc": ["services", "bitcoind", "<name>", "testnet"], "readOnly": false, "type": "boolean"}, "services.bitcoind.<name>.user": {"declarations": ["nixos/modules/services/networking/bitcoind.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoind-\u2039name\u203a\""}, "description": "The user as which to run bitcoind.", "loc": ["services", "bitcoind", "<name>", "user"], "readOnly": false, "type": "string"}, "services.bitlbee.authBackend": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"storage\""}, "description": "How users are authenticated\n  storage -- save passwords internally\n  pam -- Linux PAM authentication\n", "loc": ["services", "bitlbee", "authBackend"], "readOnly": false, "type": "one of \"storage\", \"pam\""}, "services.bitlbee.authMode": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"Open\""}, "description": "The following authentication modes are available:\n  Open -- Accept connections from anyone, use NickServ for user authentication.\n  Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.\n  Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.\n", "loc": ["services", "bitlbee", "authMode"], "readOnly": false, "type": "one of \"Open\", \"Closed\", \"Registered\""}, "services.bitlbee.configDir": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bitlbee\""}, "description": "Specify an alternative directory to store all the per-user configuration\nfiles.\n", "loc": ["services", "bitlbee", "configDir"], "readOnly": false, "type": "absolute path"}, "services.bitlbee.enable": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the BitlBee IRC to other chat network gateway.\nRunning it allows you to access the MSN, Jabber, Yahoo! and ICQ chat\nnetworks via an IRC client.\n", "loc": ["services", "bitlbee", "enable"], "readOnly": false, "type": "boolean"}, "services.bitlbee.extraDefaults": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Will be inserted in the Default section of the config file.\n", "loc": ["services", "bitlbee", "extraDefaults"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bitlbee.extraSettings": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Will be inserted in the Settings section of the config file.\n", "loc": ["services", "bitlbee", "extraSettings"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bitlbee.hostName": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Normally, BitlBee gets a hostname using getsockname(). If you have a nicer\nalias for your BitlBee daemon, you can set it here and BitlBee will identify\nitself with that name instead.\n", "loc": ["services", "bitlbee", "hostName"], "readOnly": false, "type": "string"}, "services.bitlbee.interface": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The interface the BitlBee daemon will be listening to.  If `127.0.0.1`,\nonly clients on the local host can connect to it; if `0.0.0.0`, clients\ncan access it from any network interface.\n", "loc": ["services", "bitlbee", "interface"], "readOnly": false, "type": "string"}, "services.bitlbee.libpurple_plugins": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of libpurple plugins to install.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.purple-discord ]"}, "loc": ["services", "bitlbee", "libpurple_plugins"], "readOnly": false, "type": "list of package"}, "services.bitlbee.plugins": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of bitlbee plugins to install.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.bitlbee-facebook ]"}, "loc": ["services", "bitlbee", "plugins"], "readOnly": false, "type": "list of package"}, "services.bitlbee.portNumber": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "6667"}, "description": "Number of the port BitlBee will be listening to.\n", "loc": ["services", "bitlbee", "portNumber"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bitlbee.protocols": {"declarations": ["nixos/modules/services/networking/bitlbee.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This option allows to remove the support of protocol, even if compiled\nin. If nothing is given, there are no restrictions.\n", "loc": ["services", "bitlbee", "protocols"], "readOnly": false, "type": "string"}, "services.bitmagnet.enable": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bitmagnet service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bitmagnet", "enable"], "readOnly": false, "type": "boolean"}, "services.bitmagnet.group": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\"bitmagnet\""}, "description": "Group of user running bitmagnet", "loc": ["services", "bitmagnet", "group"], "readOnly": false, "type": "string"}, "services.bitmagnet.openFirewall": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open DHT ports in firewall", "loc": ["services", "bitmagnet", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.bitmagnet.package": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bitmagnet"}, "description": "The bitmagnet package to use.", "loc": ["services", "bitmagnet", "package"], "readOnly": false, "type": "package"}, "services.bitmagnet.settings": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Bitmagnet configuration (https://bitmagnet.io/setup/configuration.html).", "loc": ["services", "bitmagnet", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.bitmagnet.settings.dht_server": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "DHT server settings", "loc": ["services", "bitmagnet", "settings", "dht_server"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.bitmagnet.settings.dht_server.port": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "3334"}, "description": "DHT listen port", "loc": ["services", "bitmagnet", "settings", "dht_server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bitmagnet.settings.http_server": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "HTTP server settings", "loc": ["services", "bitmagnet", "settings", "http_server"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.bitmagnet.settings.http_server.port": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\":3333\""}, "description": "HTTP server listen port", "loc": ["services", "bitmagnet", "settings", "http_server", "port"], "readOnly": false, "type": "string"}, "services.bitmagnet.settings.postgres": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PostgreSQL database configuration", "loc": ["services", "bitmagnet", "settings", "postgres"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.bitmagnet.settings.postgres.host": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address, hostname or Unix socket path of the database server", "loc": ["services", "bitmagnet", "settings", "postgres", "host"], "readOnly": false, "type": "string"}, "services.bitmagnet.settings.postgres.name": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\"bitmagnet\""}, "description": "Database name to connect to", "loc": ["services", "bitmagnet", "settings", "postgres", "name"], "readOnly": false, "type": "string"}, "services.bitmagnet.settings.postgres.password": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Password for database user", "loc": ["services", "bitmagnet", "settings", "postgres", "password"], "readOnly": false, "type": "string"}, "services.bitmagnet.settings.postgres.user": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "User to connect as", "loc": ["services", "bitmagnet", "settings", "postgres", "user"], "readOnly": false, "type": "string"}, "services.bitmagnet.useLocalPostgresDB": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use a local postgresql database, create user and database", "loc": ["services", "bitmagnet", "useLocalPostgresDB"], "readOnly": false, "type": "boolean"}, "services.bitmagnet.user": {"declarations": ["nixos/modules/services/torrent/bitmagnet.nix"], "default": {"_type": "literalExpression", "text": "\"bitmagnet\""}, "description": "User running bitmagnet", "loc": ["services", "bitmagnet", "user"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.domain": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "The domain the Bitwarden/Vaultwarden is accessible on.", "example": {"_type": "literalExpression", "text": "\"https://vaultwarden.example.com\""}, "loc": ["services", "bitwarden-directory-connector-cli", "domain"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.enable": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bitwarden Directory Connector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bitwarden-directory-connector-cli", "enable"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.interval": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"*:0,15,30,45\""}, "description": "The interval when to run the connector. This uses systemd's OnCalendar syntax.", "loc": ["services", "bitwarden-directory-connector-cli", "interval"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.ldap": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options to configure the LDAP connection.\nIf you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\\ Directory\\ Connector/data.json`.\n", "loc": ["services", "bitwarden-directory-connector-cli", "ldap"], "readOnly": false, "type": "open submodule of attribute set of (JSON value)"}, "services.bitwarden-directory-connector-cli.ldap.ad": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the LDAP Server is an Active Directory.", "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "ad"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.ldap.hostname": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "The host the LDAP is accessible on.", "example": {"_type": "literalExpression", "text": "\"ldap.example.com\""}, "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "hostname"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.ldap.pagedSearch": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the LDAP server paginates search results.", "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "pagedSearch"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.ldap.port": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "389"}, "description": "Port LDAP is accessible on.", "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bitwarden-directory-connector-cli.ldap.rootPath": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Root path for LDAP.", "example": {"_type": "literalExpression", "text": "\"dc=example,dc=com\""}, "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "rootPath"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.ldap.ssl": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use TLS.", "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "ssl"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.ldap.startTls": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use STARTTLS.", "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "startTls"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.ldap.username": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "The user to authenticate as.", "example": {"_type": "literalExpression", "text": "\"cn=admin,dc=example,dc=com\""}, "loc": ["services", "bitwarden-directory-connector-cli", "ldap", "username"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.package": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bitwarden-directory-connector-cli"}, "description": "The bitwarden-directory-connector-cli package to use.", "loc": ["services", "bitwarden-directory-connector-cli", "package"], "readOnly": false, "type": "package"}, "services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_id": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Path to file that contains Client ID.", "loc": ["services", "bitwarden-directory-connector-cli", "secrets", "bitwarden", "client_path_id"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_secret": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Path to file that contains Client Secret.", "loc": ["services", "bitwarden-directory-connector-cli", "secrets", "bitwarden", "client_path_secret"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.secrets.ldap": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Path to file that contains LDAP password for user in {option}`ldap.username", "loc": ["services", "bitwarden-directory-connector-cli", "secrets", "ldap"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options to configure what gets synced.\nIf you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\\ Directory\\ Connector/data.json`.\n", "loc": ["services", "bitwarden-directory-connector-cli", "sync"], "readOnly": false, "type": "open submodule of attribute set of (JSON value)"}, "services.bitwarden-directory-connector-cli.sync.creationDateAttribute": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Attribute that lists a user's creation date.", "example": {"_type": "literalExpression", "text": "\"whenCreated\""}, "loc": ["services", "bitwarden-directory-connector-cli", "sync", "creationDateAttribute"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.emailPrefixAttribute": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "The attribute that contains the users username.", "example": {"_type": "literalExpression", "text": "\"accountName\""}, "loc": ["services", "bitwarden-directory-connector-cli", "sync", "emailPrefixAttribute"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.emailSuffix": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Suffix for the email, normally @example.com.", "example": {"_type": "literalExpression", "text": "\"@example.com\""}, "loc": ["services", "bitwarden-directory-connector-cli", "sync", "emailSuffix"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.groupFilter": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "LDAP filter for groups.", "example": {"_type": "literalExpression", "text": "\"(cn=sales)\""}, "loc": ["services", "bitwarden-directory-connector-cli", "sync", "groupFilter"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.groupNameAttribute": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"cn\""}, "description": "Attribute for a name of group.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "groupNameAttribute"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.groupObjectClass": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"groupOfNames\""}, "description": "A class that groups will have.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "groupObjectClass"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.groupPath": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"ou=groups\""}, "description": "Group directory, relative to root.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "groupPath"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.groups": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to sync ldap groups into BitWarden.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "groups"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.sync.largeImport": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable if you are syncing more than 2000 users/groups.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "largeImport"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.sync.memberAttribute": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "description": "Attribute that lists members in a LDAP group.", "example": {"_type": "literalExpression", "text": "\"uniqueMember\""}, "loc": ["services", "bitwarden-directory-connector-cli", "sync", "memberAttribute"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.overwriteExisting": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Remove and re-add users/groups, See <https://bitwarden.com/help/user-group-filters/#overwriting-syncs> for more details.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "overwriteExisting"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.sync.removeDisabled": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Remove users from bitwarden groups if no longer in the ldap group.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "removeDisabled"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.sync.useEmailPrefixSuffix": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If a user has no email address, combine a username prefix with a suffix value to form an email.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "useEmailPrefixSuffix"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.sync.userEmailAttribute": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"mail\""}, "description": "Attribute for a users email.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "userEmailAttribute"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.userFilter": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "LDAP filter for users.", "example": {"_type": "literalExpression", "text": "\"(memberOf=cn=sales,ou=groups,dc=example,dc=com)\""}, "loc": ["services", "bitwarden-directory-connector-cli", "sync", "userFilter"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.userObjectClass": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"inetOrgPerson\""}, "description": "Class that users must have.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "userObjectClass"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.userPath": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"ou=users\""}, "description": "User directory, relative to root.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "userPath"], "readOnly": false, "type": "string"}, "services.bitwarden-directory-connector-cli.sync.users": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Sync users.", "loc": ["services", "bitwarden-directory-connector-cli", "sync", "users"], "readOnly": false, "type": "boolean"}, "services.bitwarden-directory-connector-cli.user": {"declarations": ["nixos/modules/services/security/bitwarden-directory-connector-cli.nix"], "default": {"_type": "literalExpression", "text": "\"bwdc\""}, "description": "User to run the program.", "loc": ["services", "bitwarden-directory-connector-cli", "user"], "readOnly": false, "type": "string"}, "services.blackfire-agent.enable": {"declarations": ["nixos/modules/services/development/blackfire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Blackfire profiler agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blackfire-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.blackfire-agent.settings": {"declarations": ["nixos/modules/services/development/blackfire.nix"], "description": "See <https://blackfire.io/docs/up-and-running/configuration/agent>\n", "loc": ["services", "blackfire-agent", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.blackfire-agent.settings.server-id": {"declarations": ["nixos/modules/services/development/blackfire.nix"], "description": "Sets the server id used to authenticate with Blackfire\n\nYou can find your personal server-id at <https://blackfire.io/my/settings/credentials>\n", "loc": ["services", "blackfire-agent", "settings", "server-id"], "readOnly": false, "type": "string"}, "services.blackfire-agent.settings.server-token": {"declarations": ["nixos/modules/services/development/blackfire.nix"], "description": "Sets the server token used to authenticate with Blackfire\n\nYou can find your personal server-token at <https://blackfire.io/my/settings/credentials>\n", "loc": ["services", "blackfire-agent", "settings", "server-token"], "readOnly": false, "type": "string"}, "services.blendfarm.basicSecurityPasswordFile": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the password file the client needs to connect to the server.\n      The password must not contain a forward slash.", "loc": ["services", "blendfarm", "basicSecurityPasswordFile"], "readOnly": false, "type": "null or string"}, "services.blendfarm.blenderPackage": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.blender"}, "description": "The blender package to use.", "loc": ["services", "blendfarm", "blenderPackage"], "readOnly": false, "type": "package"}, "services.blendfarm.enable": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Blendfarm, a render farm management software for Blender.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blendfarm", "enable"], "readOnly": false, "type": "boolean"}, "services.blendfarm.group": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "\"blendfarm\""}, "description": "Group under which blendfarm runs.", "loc": ["services", "blendfarm", "group"], "readOnly": false, "type": "string"}, "services.blendfarm.openFirewall": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable allowing blendfarm network access through the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blendfarm", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.blendfarm.package": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.blendfarm"}, "description": "The blendfarm package to use.", "loc": ["services", "blendfarm", "package"], "readOnly": false, "type": "package"}, "services.blendfarm.serverConfig": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "{\n  BasicSecurityPassword = null;\n  BroadcastPort = 16342;\n  BypassScriptUpdate = false;\n  Port = 15000;\n}"}, "description": "Server configuration", "loc": ["services", "blendfarm", "serverConfig"], "readOnly": false, "type": "open submodule of attribute set of anything"}, "services.blendfarm.serverConfig.BroadcastPort": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "16342"}, "description": "Default port blendfarm server advertises itself on.", "loc": ["services", "blendfarm", "serverConfig", "BroadcastPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.blendfarm.serverConfig.BypassScriptUpdate": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Prevents blendfarm from replacing the .py self-generated scripts.", "loc": ["services", "blendfarm", "serverConfig", "BypassScriptUpdate"], "readOnly": false, "type": "boolean"}, "services.blendfarm.serverConfig.Port": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "15000"}, "description": "Default port blendfarm server listens on.", "loc": ["services", "blendfarm", "serverConfig", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.blendfarm.user": {"declarations": ["nixos/modules/services/misc/blenderfarm.nix"], "default": {"_type": "literalExpression", "text": "\"blendfarm\""}, "description": "User under which blendfarm runs.", "loc": ["services", "blendfarm", "user"], "readOnly": false, "type": "string"}, "services.blockbook-frontend": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more blockbook-frontend instances.", "loc": ["services", "blockbook-frontend"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.blockbook-frontend.<name>.certFile": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To enable SSL, specify path to the name of certificate files without extension.\nExpecting {file}`certFile.crt` and {file}`certFile.key`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/secrets/blockbook-frontend-\u2039name\u203a/certFile\""}, "loc": ["services", "blockbook-frontend", "<name>", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.blockbook-frontend.<name>.coinName": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"Bitcoin\""}, "description": "See <https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61>\nfor current of coins supported in master (Note: may differ from release).\n", "loc": ["services", "blockbook-frontend", "<name>", "coinName"], "readOnly": false, "type": "string"}, "services.blockbook-frontend.<name>.configFile": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Location of the blockbook configuration file.", "example": {"_type": "literalExpression", "text": "\"/var/lib/blockbook-frontend-\u2039name\u203a/config.json\""}, "loc": ["services", "blockbook-frontend", "<name>", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.blockbook-frontend.<name>.cssDir": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"${package}/share/css/\""}, "description": "Location of the dir with {file}`main.css` CSS file.\nBy default, the one shipped with the package is used.\n", "example": {"_type": "literalExpression", "text": "\"${dataDir}/static/css/\""}, "loc": ["services", "blockbook-frontend", "<name>", "cssDir"], "readOnly": false, "type": "absolute path"}, "services.blockbook-frontend.<name>.dataDir": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/blockbook-frontend-\u2039name\u203a\""}, "description": "Location of blockbook-frontend-\u2039name\u203a data directory.", "loc": ["services", "blockbook-frontend", "<name>", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.blockbook-frontend.<name>.debug": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Debug mode, return more verbose errors, reload templates on each request.", "loc": ["services", "blockbook-frontend", "<name>", "debug"], "readOnly": false, "type": "boolean"}, "services.blockbook-frontend.<name>.enable": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable blockbook-frontend application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blockbook-frontend", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.blockbook-frontend.<name>.extraCmdLineOptions": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options to pass to Blockbook.\nRun blockbook --help to list all available options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-workers=1\"\n  \"-dbcache=0\"\n  \"-logtosderr\"\n]"}, "loc": ["services", "blockbook-frontend", "<name>", "extraCmdLineOptions"], "readOnly": false, "type": "list of string"}, "services.blockbook-frontend.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configurations to be appended to {file}`coin.conf`.\nOverrides any already defined configuration options.\nSee <https://github.com/trezor/blockbook/tree/master/configs/coins>\nfor current configuration options supported in master (Note: may differ from release).\n", "example": {"_type": "literalExpression", "text": "{\n         \"alternative_estimate_fee\" = \"whatthefee-disabled\";\n         \"alternative_estimate_fee_params\" = \"{\\\"url\\\": \\\"https://whatthefee.io/data.json\\\", \\\"periodSeconds\\\": 60}\";\n         \"fiat_rates\" = \"coingecko\";\n         \"fiat_rates_params\" = \"{\\\"url\\\": \\\"https://api.coingecko.com/api/v3\\\", \\\"coin\\\": \\\"bitcoin\\\", \\\"periodSeconds\\\": 60}\";\n         \"coin_shortcut\" = \"BTC\";\n         \"coin_label\" = \"Bitcoin\";\n         \"parse\" = true;\n         \"subversion\" = \"\";\n         \"address_format\" = \"\";\n         \"xpub_magic\" = 76067358;\n         \"xpub_magic_segwit_p2sh\" = 77429938;\n         \"xpub_magic_segwit_native\" = 78792518;\n         \"mempool_workers\" = 8;\n         \"mempool_sub_workers\" = 2;\n         \"block_addresses_to_keep\" = 300;\n       }"}, "loc": ["services", "blockbook-frontend", "<name>", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.blockbook-frontend.<name>.group": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"blockbook-frontend-\u2039name\u203a\""}, "description": "The group as which to run blockbook-frontend-\u2039name\u203a.", "loc": ["services", "blockbook-frontend", "<name>", "group"], "readOnly": false, "type": "string"}, "services.blockbook-frontend.<name>.internal": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\":9030\""}, "description": "Internal http server binding `[address]:port`.", "loc": ["services", "blockbook-frontend", "<name>", "internal"], "readOnly": false, "type": "null or string"}, "services.blockbook-frontend.<name>.messageQueueBinding": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://127.0.0.1:38330\""}, "description": "Message Queue Binding `address:port`.", "loc": ["services", "blockbook-frontend", "<name>", "messageQueueBinding"], "readOnly": false, "type": "string"}, "services.blockbook-frontend.<name>.package": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "pkgs.blockbook"}, "description": "The blockbook package to use.", "loc": ["services", "blockbook-frontend", "<name>", "package"], "readOnly": false, "type": "package"}, "services.blockbook-frontend.<name>.public": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\":9130\""}, "description": "Public http server binding `[address]:port`.", "loc": ["services", "blockbook-frontend", "<name>", "public"], "readOnly": false, "type": "null or string"}, "services.blockbook-frontend.<name>.rpc.password": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"rpc\""}, "description": "RPC password for JSON-RPC connections.\nWarning: this is stored in cleartext in the Nix store!!!\nUse `configFile` or `passwordFile` if needed.\n", "loc": ["services", "blockbook-frontend", "<name>", "rpc", "password"], "readOnly": false, "type": "string"}, "services.blockbook-frontend.<name>.rpc.passwordFile": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing password of the RPC user.\nNote: This options is ignored when `configFile` is used.\n", "loc": ["services", "blockbook-frontend", "<name>", "rpc", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.blockbook-frontend.<name>.rpc.port": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "8030"}, "description": "Port for JSON-RPC connections.", "loc": ["services", "blockbook-frontend", "<name>", "rpc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.blockbook-frontend.<name>.rpc.url": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "URL for JSON-RPC connections.", "loc": ["services", "blockbook-frontend", "<name>", "rpc", "url"], "readOnly": false, "type": "string"}, "services.blockbook-frontend.<name>.rpc.user": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"rpc\""}, "description": "Username for JSON-RPC connections.", "loc": ["services", "blockbook-frontend", "<name>", "rpc", "user"], "readOnly": false, "type": "string"}, "services.blockbook-frontend.<name>.sync": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Synchronizes until tip, if together with zeromq, keeps index synchronized.", "loc": ["services", "blockbook-frontend", "<name>", "sync"], "readOnly": false, "type": "boolean"}, "services.blockbook-frontend.<name>.templateDir": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"${package}/share/templates/\""}, "description": "Location of the HTML templates. By default, ones shipped with the package are used.", "example": {"_type": "literalExpression", "text": "\"${dataDir}/templates/static/\""}, "loc": ["services", "blockbook-frontend", "<name>", "templateDir"], "readOnly": false, "type": "absolute path"}, "services.blockbook-frontend.<name>.user": {"declarations": ["nixos/modules/services/networking/blockbook-frontend.nix"], "default": {"_type": "literalExpression", "text": "\"blockbook-frontend-\u2039name\u203a\""}, "description": "The user as which to run blockbook-frontend-\u2039name\u203a.", "loc": ["services", "blockbook-frontend", "<name>", "user"], "readOnly": false, "type": "string"}, "services.blocky.enable": {"declarations": ["nixos/modules/services/networking/blocky.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blocky", "enable"], "readOnly": false, "type": "boolean"}, "services.blocky.enableConfigCheck": {"declarations": ["nixos/modules/services/networking/blocky.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable checking the config during build time.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blocky", "enableConfigCheck"], "readOnly": false, "type": "boolean"}, "services.blocky.package": {"declarations": ["nixos/modules/services/networking/blocky.nix"], "default": {"_type": "literalExpression", "text": "pkgs.blocky"}, "description": "The blocky package to use.", "loc": ["services", "blocky", "package"], "readOnly": false, "type": "package"}, "services.blocky.settings": {"declarations": ["nixos/modules/services/networking/blocky.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Blocky configuration. Refer to\n<https://0xerr0r.github.io/blocky/configuration/>\nfor details on supported values.\n", "loc": ["services", "blocky", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.bloop.extraOptions": {"declarations": ["nixos/modules/services/development/bloop.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies additional command line argument to pass to bloop\njava process.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-J-Xmx2G\"\n  \"-J-XX:MaxInlineLevel=20\"\n  \"-J-XX:+UseParallelGC\"\n]"}, "loc": ["services", "bloop", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.bloop.install": {"declarations": ["nixos/modules/services/development/bloop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install a user service for the Bloop server.\n\nThe service must be manually started for each user with\n\"systemctl --user start bloop\".\n", "loc": ["services", "bloop", "install"], "readOnly": false, "type": "boolean"}, "services.blueman.enable": {"declarations": ["nixos/modules/services/desktops/blueman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable blueman, a bluetooth manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "blueman", "enable"], "readOnly": false, "type": "boolean"}, "services.bluemap.coreSettings": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "description": "Settings for the core.conf file, [see upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/core.conf).", "loc": ["services", "bluemap", "coreSettings"], "readOnly": false, "type": "open submodule of (HOCON value)"}, "services.bluemap.coreSettings.data": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bluemap\""}, "description": "Folder for where bluemap stores its data", "loc": ["services", "bluemap", "coreSettings", "data"], "readOnly": false, "type": "absolute path"}, "services.bluemap.coreSettings.metrics": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sending usage metrics containing the version of bluemap in use.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bluemap", "coreSettings", "metrics"], "readOnly": false, "type": "boolean"}, "services.bluemap.defaultWorld": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "description": "The world used by the default map ruleset.\nIf you configure your own maps you do not need to set this.\n", "example": {"_type": "literalExpression", "text": "${config.services.minecraft.dataDir}/world"}, "loc": ["services", "bluemap", "defaultWorld"], "readOnly": false, "type": "absolute path"}, "services.bluemap.enable": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bluemap.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bluemap", "enable"], "readOnly": false, "type": "boolean"}, "services.bluemap.enableNginx": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable configuring a virtualHost for serving the bluemap webapp", "loc": ["services", "bluemap", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.bluemap.enableRender": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable rendering", "loc": ["services", "bluemap", "enableRender"], "readOnly": false, "type": "boolean"}, "services.bluemap.eula": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By changing this option to true you confirm that you own a copy of minecraft Java Edition,\nand that you agree to minecrafts EULA.\n", "loc": ["services", "bluemap", "eula"], "readOnly": false, "type": "boolean"}, "services.bluemap.host": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "description": "Domain on which nginx will serve the bluemap webapp", "loc": ["services", "bluemap", "host"], "readOnly": false, "type": "string"}, "services.bluemap.maps": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"overworld\" = {\n    world = \"${cfg.defaultWorld}\";\n    ambient-light = 0.1;\n    cave-detection-ocean-floor = -5;\n  };\n\n  \"nether\" = {\n    world = \"${cfg.defaultWorld}/DIM-1\";\n    sorting = 100;\n    sky-color = \"#290000\";\n    void-color = \"#150000\";\n    ambient-light = 0.6;\n    world-sky-light = 0;\n    remove-caves-below-y = -10000;\n    cave-detection-ocean-floor = -5;\n    cave-detection-uses-block-light = true;\n    max-y = 90;\n  };\n\n  \"end\" = {\n    world = \"${cfg.defaultWorld}/DIM1\";\n    sorting = 200;\n    sky-color = \"#080010\";\n    void-color = \"#080010\";\n    ambient-light = 0.6;\n    world-sky-light = 0;\n    remove-caves-below-y = -10000;\n    cave-detection-ocean-floor = -5;\n  };\n};\n"}, "description": "Settings for files in `maps/`.\nIf you define anything here you must define everything yourself.\nSee the default for an example with good options for the different world types.\nFor valid values [consult upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/maps/map.conf).\n", "loc": ["services", "bluemap", "maps"], "readOnly": false, "type": "attribute set of (open submodule of (HOCON value))"}, "services.bluemap.maps.<name>.world": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "description": "Path to world folder containing the dimension to render", "loc": ["services", "bluemap", "maps", "<name>", "world"], "readOnly": false, "type": "absolute path"}, "services.bluemap.onCalendar": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "\"*-*-* 03:10:00\""}, "description": "How often to trigger rendering the map,\nin the format of a systemd timer onCalendar configuration.\nSee {manpage}`systemd.timer(5)`.\n", "loc": ["services", "bluemap", "onCalendar"], "readOnly": false, "type": "string"}, "services.bluemap.packs": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of resourcepacks, datapacks, and mods to extract resources from,\nloaded in alphabetical order.\n", "loc": ["services", "bluemap", "packs"], "readOnly": false, "type": "attribute set of path in the Nix store"}, "services.bluemap.storage": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"file\" = {\n    root = \"${config.services.bluemap.webRoot}/maps\";\n  };\n}\n"}, "description": "Where the rendered map will be stored.\nUnless you are doing something advanced you should probably leave this alone and configure webRoot instead.\n[See upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/tree/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/storages)\n", "loc": ["services", "bluemap", "storage"], "readOnly": false, "type": "attribute set of (open submodule of (HOCON value))"}, "services.bluemap.storage.<name>.storage-type": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "\"FILE\""}, "description": "Type of storage config", "loc": ["services", "bluemap", "storage", "<name>", "storage-type"], "readOnly": false, "type": "one of \"FILE\", \"SQL\""}, "services.bluemap.webRoot": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bluemap/web\""}, "description": "The directory for saving and serving the webapp and the maps", "loc": ["services", "bluemap", "webRoot"], "readOnly": false, "type": "absolute path"}, "services.bluemap.webappSettings": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "{\n  enabled = true;\n  webroot = config.services.bluemap.webRoot;\n}\n"}, "description": "Settings for the webapp.conf file, see [upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/webapp.conf).", "loc": ["services", "bluemap", "webappSettings"], "readOnly": false, "type": "open submodule of (HOCON value)"}, "services.bluemap.webserverSettings": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the webserver.conf file, usually not required.\n[See upstream docs](https://github.com/BlueMap-Minecraft/BlueMap/blob/master/BlueMapCommon/src/main/resources/de/bluecolored/bluemap/config/webserver.conf).\n", "loc": ["services", "bluemap", "webserverSettings"], "readOnly": false, "type": "open submodule of (HOCON value)"}, "services.bluemap.webserverSettings.enabled": {"declarations": ["nixos/modules/services/web-apps/bluemap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable bluemap's built-in webserver.\nDisabled by default in nixos for use of nginx directly.\n", "loc": ["services", "bluemap", "webserverSettings", "enabled"], "readOnly": false, "type": "boolean"}, "services.bluesky-pds.enable": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pds.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bluesky-pds", "enable"], "readOnly": false, "type": "boolean"}, "services.bluesky-pds.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load environment variables from. Loaded variables override\nvalues set in {option}`environment`.\n\nUse it to set values of `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`,\nand `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX` secrets.\n`PDS_JWT_SECRET` and `PDS_ADMIN_PASSWORD` can be generated with\n```\nopenssl rand --hex 16\n```\n`PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX` can be generated with\n```\nopenssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32\n```\n", "loc": ["services", "bluesky-pds", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.bluesky-pds.goat.enable": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "config.services.bluesky-pds.enable"}, "description": "Add goat to PATH", "loc": ["services", "bluesky-pds", "goat", "enable"], "readOnly": false, "type": "boolean"}, "services.bluesky-pds.package": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bluesky-pds"}, "description": "The bluesky-pds package to use.", "loc": ["services", "bluesky-pds", "package"], "readOnly": false, "type": "package"}, "services.bluesky-pds.pdsadmin.enable": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add pdsadmin script to PATH", "loc": ["services", "bluesky-pds", "pdsadmin", "enable"], "readOnly": false, "type": "boolean"}, "services.bluesky-pds.settings": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "description": "Environment variables to set for the service. Secrets should be\nspecified using {option}`environmentFile`.\n\nRefer to <https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts> for available environment variables.\n", "loc": ["services", "bluesky-pds", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive))"}, "services.bluesky-pds.settings.LOG_ENABLED": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"true\""}, "description": "Enable logging", "loc": ["services", "bluesky-pds", "settings", "LOG_ENABLED"], "readOnly": false, "type": "null or string"}, "services.bluesky-pds.settings.PDS_BLOBSTORE_DISK_LOCATION": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pds/blocks\""}, "description": "Store blobs at this location, set to null to use e.g. S3", "loc": ["services", "bluesky-pds", "settings", "PDS_BLOBSTORE_DISK_LOCATION"], "readOnly": false, "type": "null or string"}, "services.bluesky-pds.settings.PDS_BLOB_UPLOAD_LIMIT": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"104857600\""}, "description": "Size limit of uploaded blobs in bytes", "loc": ["services", "bluesky-pds", "settings", "PDS_BLOB_UPLOAD_LIMIT"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_BSKY_APP_VIEW_DID": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"did:web:api.bsky.app\""}, "description": "DID of bsky frontend", "loc": ["services", "bluesky-pds", "settings", "PDS_BSKY_APP_VIEW_DID"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_BSKY_APP_VIEW_URL": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"https://api.bsky.app\""}, "description": "URL of bsky frontend", "loc": ["services", "bluesky-pds", "settings", "PDS_BSKY_APP_VIEW_URL"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_CRAWLERS": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"https://bsky.network\""}, "description": "URL of crawlers", "loc": ["services", "bluesky-pds", "settings", "PDS_CRAWLERS"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_DATA_DIRECTORY": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pds\""}, "description": "Directory to store state", "loc": ["services", "bluesky-pds", "settings", "PDS_DATA_DIRECTORY"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_DID_PLC_URL": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"https://plc.directory\""}, "description": "URL of DID PLC directory", "loc": ["services", "bluesky-pds", "settings", "PDS_DID_PLC_URL"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_HOSTNAME": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "description": "Instance hostname (base domain name)", "example": {"_type": "literalExpression", "text": "\"pds.example.com\""}, "loc": ["services", "bluesky-pds", "settings", "PDS_HOSTNAME"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_INVITE_REQUIRED": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"true\""}, "description": "Require invite code for registration", "loc": ["services", "bluesky-pds", "settings", "PDS_INVITE_REQUIRED"], "readOnly": false, "type": "null or string"}, "services.bluesky-pds.settings.PDS_PORT": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port to listen on", "loc": ["services", "bluesky-pds", "settings", "PDS_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bluesky-pds.settings.PDS_RATE_LIMITS_ENABLED": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"true\""}, "description": "Enable rate limiting", "loc": ["services", "bluesky-pds", "settings", "PDS_RATE_LIMITS_ENABLED"], "readOnly": false, "type": "null or string"}, "services.bluesky-pds.settings.PDS_REPORT_SERVICE_DID": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"did:plc:ar7c4by46qjdydhdevvrndac\""}, "description": "DID of mod service", "loc": ["services", "bluesky-pds", "settings", "PDS_REPORT_SERVICE_DID"], "readOnly": false, "type": "string"}, "services.bluesky-pds.settings.PDS_REPORT_SERVICE_URL": {"declarations": ["nixos/modules/services/web-apps/bluesky-pds.nix"], "default": {"_type": "literalExpression", "text": "\"https://mod.bsky.app\""}, "description": "URL of mod service", "loc": ["services", "bluesky-pds", "settings", "PDS_REPORT_SERVICE_URL"], "readOnly": false, "type": "string"}, "services.boinc.allowRemoteGuiRpc": {"declarations": ["nixos/modules/services/computing/boinc/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to true, any remote host can connect to and control this BOINC\nclient (subject to password authentication). If instead set to false,\nonly the hosts listed in {var}`dataDir`/remote_hosts.cfg will be allowed to\nconnect.\n\nSee also: <https://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access>\n", "loc": ["services", "boinc", "allowRemoteGuiRpc"], "readOnly": false, "type": "boolean"}, "services.boinc.dataDir": {"declarations": ["nixos/modules/services/computing/boinc/client.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/boinc\""}, "description": "The directory in which to store BOINC's configuration and data files.\n", "loc": ["services", "boinc", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.boinc.enable": {"declarations": ["nixos/modules/services/computing/boinc/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the BOINC distributed computing client. If this\noption is set to true, the boinc_client daemon will be run as a\nbackground service. The boinccmd command can be used to control the\ndaemon.\n", "loc": ["services", "boinc", "enable"], "readOnly": false, "type": "boolean"}, "services.boinc.extraEnvPackages": {"declarations": ["nixos/modules/services/computing/boinc/client.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to make available in the environment in which\nBOINC will run. Common choices are:\n\n- {var}`pkgs.virtualbox`:\n  The VirtualBox virtual machine framework. Required by some BOINC\n  projects, such as ATLAS@home.\n- {var}`pkgs.ocl-icd`:\n  OpenCL infrastructure library. Required by BOINC projects that\n  use OpenCL, in addition to a device-specific OpenCL driver.\n- {var}`pkgs.linuxPackages.nvidia_x11`:\n  Provides CUDA libraries. Required by BOINC projects that use\n  CUDA. Note that this requires an NVIDIA graphics device to be\n  present on the system.\n\n  Also provides OpenCL drivers for NVIDIA GPUs;\n  {var}`pkgs.ocl-icd` is also needed in this case.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.virtualbox ]"}, "loc": ["services", "boinc", "extraEnvPackages"], "readOnly": false, "type": "list of package"}, "services.boinc.package": {"declarations": ["nixos/modules/services/computing/boinc/client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.boinc"}, "description": "The boinc package to use.", "example": {"_type": "literalExpression", "text": "boinc-headless"}, "loc": ["services", "boinc", "package"], "readOnly": false, "type": "package"}, "services.bonsaid.configFile": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "description": "Path to a .json file specifying the state transitions.\nYou don't need to set this unless you prefer to provide the json file\nyourself instead of using the `settings` option.\n", "loc": ["services", "bonsaid", "configFile"], "readOnly": false, "type": "absolute path"}, "services.bonsaid.enable": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bonsaid.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bonsaid", "enable"], "readOnly": false, "type": "boolean"}, "services.bonsaid.extraFlags": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to `bonsaid`, such as `[ \"-v\" ]` to enable verbose logging.\n", "loc": ["services", "bonsaid", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.bonsaid.package": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bonsai"}, "description": "The bonsai package to use.", "loc": ["services", "bonsaid", "package"], "readOnly": false, "type": "package"}, "services.bonsaid.settings": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "description": "State transition definitions. See the upstream [README](https://git.sr.ht/~stacyharper/bonsai)\nfor extended documentation and a more complete example.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    event_name = \"power_button_pressed\";\n    transitions = [\n      {\n        delay_duration = 600000000;\n        transitions = [\n          {\n            command = [\n              \"swaymsg\"\n              \"--\"\n              \"output\"\n              \"*\"\n              \"power\"\n              \"off\"\n            ];\n            transitions = [ ];\n            type = \"exec\";\n          }\n        ];\n        type = \"delay\";\n      }\n      {\n        event_name = \"power_button_released\";\n        transitions = [ ];\n        type = \"event\";\n      }\n    ];\n    type = \"event\";\n  }\n]"}, "loc": ["services", "bonsaid", "settings"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.bonsaid.settings.*.command": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Command to run when this transition is taken.\nThis is executed inline by `bonsaid` and blocks handling of any other events until completion.\nTo perform the command asynchronously, specify it like `[ \"setsid\" \"-f\" \"my-command\" ]`.\n\nOnly effects transitions with `type = \"exec\"`.\n", "loc": ["services", "bonsaid", "settings", "*", "command"], "readOnly": false, "type": "null or (list of string)"}, "services.bonsaid.settings.*.delay_duration": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Nanoseconds to wait after the previous state change before performing this transition.\nThis can be placed at the same level as a `type = \"event\"` transition to achieve a\ntimeout mechanism.\n\nOnly effects transitions with `type = \"delay\"`.\n", "loc": ["services", "bonsaid", "settings", "*", "delay_duration"], "readOnly": false, "type": "null or signed integer"}, "services.bonsaid.settings.*.event_name": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the event which should trigger this transition when received by `bonsaid`.\nEvents are sent to `bonsaid` by running `bonsaictl -e <event_name>`.\n\nOnly effects transitions with `type = \"event\"`.\n", "loc": ["services", "bonsaid", "settings", "*", "event_name"], "readOnly": false, "type": "null or string"}, "services.bonsaid.settings.*.transitions": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of transitions out of this state.\nIf left empty, then this state is considered a terminal state and entering it will\ntrigger an immediate transition back to the root state (after processing side effects).\n", "loc": ["services", "bonsaid", "settings", "*", "transitions"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.bonsaid.settings.*.type": {"declarations": ["nixos/modules/services/desktops/bonsaid.nix"], "description": "Type of transition. Determines how bonsaid interprets the other options in this transition.\n", "loc": ["services", "bonsaid", "settings", "*", "type"], "readOnly": false, "type": "one of \"delay\", \"event\", \"exec\""}, "services.bookstack.dataDir": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bookstack\""}, "description": "BookStack data directory", "loc": ["services", "bookstack", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.bookstack.enable": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BookStack: A platform to create documentation/wiki content built with PHP & Laravel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bookstack", "enable"], "readOnly": false, "type": "boolean"}, "services.bookstack.group": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"If `services.bookstack.nginx` has any attributes then `nginx` else bookstack\""}, "description": "Group bookstack runs as", "loc": ["services", "bookstack", "group"], "readOnly": false, "type": "string"}, "services.bookstack.hostname": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "The hostname to serve BookStack on.\n", "example": {"_type": "literalExpression", "text": "\"bookstack.example.com\""}, "loc": ["services", "bookstack", "hostname"], "readOnly": false, "type": "string"}, "services.bookstack.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"18M\""}, "description": "The maximum size for uploads (e.g. images).", "example": {"_type": "literalExpression", "text": "\"1G\""}, "loc": ["services", "bookstack", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.bookstack.nginx": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize the nginx virtualHost settings.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"bookstack.${config.networking.domain}\"\n  ];\n  # To enable encryption and let let's encrypt take care of certificate\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "bookstack", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.bookstack.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "bookstack", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "bookstack", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "bookstack", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "bookstack", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.bookstack.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "bookstack", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.nginx.default": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "bookstack", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "bookstack", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "bookstack", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bookstack.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "bookstack", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "bookstack", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "bookstack", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "bookstack", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "bookstack", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "bookstack", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "bookstack", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.bookstack.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "description": "Listen address.", "loc": ["services", "bookstack", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.bookstack.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "bookstack", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.bookstack.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "bookstack", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bookstack.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "bookstack", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "bookstack", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "bookstack", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.bookstack.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "bookstack", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.bookstack.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.bookstack.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "bookstack", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "bookstack", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bookstack.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "bookstack", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.bookstack.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "bookstack", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.bookstack.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "bookstack", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "bookstack", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.bookstack.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "bookstack", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "bookstack", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "bookstack", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "bookstack", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.bookstack.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "bookstack", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "bookstack", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.bookstack.nginx.root": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "bookstack", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "bookstack", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.bookstack.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "bookstack", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.bookstack.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "bookstack", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.bookstack.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "bookstack", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.bookstack.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "bookstack", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "bookstack", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.bookstack.package": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bookstack"}, "description": "The bookstack package to use.", "loc": ["services", "bookstack", "package"], "readOnly": false, "type": "package"}, "services.bookstack.poolConfig": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    \"pm\" = \"dynamic\";\n    \"pm.max_children\" = 32;\n    \"pm.start_servers\" = 2;\n    \"pm.min_spare_servers\" = 2;\n    \"pm.max_spare_servers\" = 4;\n    \"pm.max_requests\" = 500;\n  }\n''"}, "description": "Options for the Bookstack PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "bookstack", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.bookstack.settings": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for Bookstack configuration. Refer to\n<https://github.com/BookStackApp/BookStack/blob/development/.env.example> for\ndetails on supported values. For passing secrets, append \"_FILE\" to the\nsetting name. For example, you may create a file `/var/secrets/db_pass.txt`\nand set `services.bookstack.settings.DB_PASSWORD_FILE` to `/var/secrets/db_pass.txt`\ninstead of providing a plaintext password using `services.bookstack.settings.DB_PASSWORD`.\n", "example": {"_type": "literalExpression", "text": "{\n  APP_ENV = \"production\";\n  APP_KEY_FILE = \"/var/secrets/bookstack-app-key.txt\";\n  DB_HOST = \"db\";\n  DB_PORT = 3306;\n  DB_DATABASE = \"bookstack\";\n  DB_USERNAME = \"bookstack\";\n  DB_PASSWORD_FILE = \"/var/secrets/bookstack-mysql-password.txt\";\n}\n"}, "loc": ["services", "bookstack", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.bookstack.settings.APP_KEY_FILE": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "description": "The path to your appkey.\nThe file should contain a 32 character random app key.\nThis may be set using `echo \"base64:$(head -c 32 /dev/urandom | base64)\" > /path/to/key-file`.\n", "loc": ["services", "bookstack", "settings", "APP_KEY_FILE"], "readOnly": false, "type": "absolute path"}, "services.bookstack.settings.APP_URL": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"http(s)://\\${config.services.bookstack.hostname}\""}, "description": "The root URL that you want to host BookStack on. All URLs in BookStack\nwill be generated using this value. It is used to validate specific\nrequests and to generate URLs in emails.\n", "example": {"_type": "literalExpression", "text": "\"https://example.com\""}, "loc": ["services", "bookstack", "settings", "APP_URL"], "readOnly": false, "type": "string"}, "services.bookstack.settings.DB_HOST": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The IP or hostname which hosts your database.\n", "loc": ["services", "bookstack", "settings", "DB_HOST"], "readOnly": false, "type": "string"}, "services.bookstack.settings.DB_PASSWORD_FILE": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The file containing your mysql/mariadb database password.\n", "example": {"_type": "literalExpression", "text": "\"/var/secrets/bookstack-mysql-pass.txt\""}, "loc": ["services", "bookstack", "settings", "DB_PASSWORD_FILE"], "readOnly": false, "type": "null or absolute path"}, "services.bookstack.settings.DB_PORT": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "The port your database is listening at.\n", "loc": ["services", "bookstack", "settings", "DB_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bookstack.user": {"declarations": ["nixos/modules/services/web-apps/bookstack.nix"], "default": {"_type": "literalExpression", "text": "\"bookstack\""}, "description": "User bookstack runs as", "loc": ["services", "bookstack", "user"], "readOnly": false, "type": "string"}, "services.borgbackup.jobs": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Deduplicating backups using BorgBackup.\nAdding a job will cause a borg-job-NAME wrapper to be added\nto your system path, so that you can perform maintenance easily.\nSee also the chapter about BorgBackup in the NixOS manual.\n", "example": {"_type": "literalExpression", "text": "  { # for a local backup\n    rootBackup = {\n      paths = \"/\";\n      exclude = [ \"/nix\" ];\n      repo = \"/path/to/local/repo\";\n      encryption = {\n        mode = \"repokey\";\n        passphrase = \"secret\";\n      };\n      compression = \"auto,lzma\";\n      startAt = \"weekly\";\n    };\n  }\n  { # Root backing each day up to a remote backup server. We assume that you have\n    #   * created a password less key: ssh-keygen -N \"\" -t ed25519 -f /path/to/ssh_key\n    #     best practices are: use -t ed25519, /path/to = /run/keys\n    #   * the passphrase is in the file /run/keys/borgbackup_passphrase\n    #   * you have initialized the repository manually\n    paths = [ \"/etc\" \"/home\" ];\n    exclude = [ \"/nix\" \"'**/.cache'\" ];\n    doInit = false;\n    repo =  \"user3@arep.repo.borgbase.com:repo\";\n    encryption = {\n      mode = \"repokey-blake2\";\n      passCommand = \"cat /path/to/passphrase\";\n    };\n    environment = { BORG_RSH = \"ssh -i /path/to/ssh_key\"; };\n    compression = \"auto,lzma\";\n    startAt = \"daily\";\n};\n"}, "loc": ["services", "borgbackup", "jobs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.borgbackup.jobs.<name>.appendFailedSuffix": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Append a `.failed` suffix\nto the archive name, which is only removed if\n{command}`borg create` has a zero exit status.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "appendFailedSuffix"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.archiveBaseName": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"${config.networking.hostName}-<name>\""}, "description": "How to name the created archives. A timestamp, whose format is\ndetermined by {option}`dateFormat`, will be appended. The full\nname can be modified at runtime (`$archiveName`).\nPlaceholders like `{hostname}` must not be used.\nUse `null` for no base name.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "archiveBaseName"], "readOnly": false, "type": "null or string matching the pattern [^/{}]+"}, "services.borgbackup.jobs.<name>.compression": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"lz4\""}, "description": "Compression method to use. Refer to\n{command}`borg help compression`\nfor all available options.\n", "example": {"_type": "literalExpression", "text": "\"auto,lzma\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "compression"], "readOnly": false, "type": "string matching the pattern none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?"}, "services.borgbackup.jobs.<name>.createCommand": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"create\""}, "description": "Borg command to use for archive creation. The default (`create`)\ncreates a regular Borg archive.\n\nUse `import-tar` to instead read a tar archive stream from\n{option}`dumpCommand` output and import its contents into the\nrepository.\n\n`import-tar` can not be used together with {option}`exclude` or\n{option}`patterns`.\n", "example": {"_type": "literalExpression", "text": "\"import-tar\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "createCommand"], "readOnly": false, "type": "one of \"create\", \"import-tar\""}, "services.borgbackup.jobs.<name>.dateFormat": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"+%Y-%m-%dT%H:%M:%S\""}, "description": "Arguments passed to {command}`date`\nto create a timestamp suffix for the archive name.\n", "example": {"_type": "literalExpression", "text": "\"-u +%s\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "dateFormat"], "readOnly": false, "type": "string"}, "services.borgbackup.jobs.<name>.doInit": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Run {command}`borg init` if the\nspecified {option}`repo` does not exist.\nYou should set this to `false`\nif the repository is located on an external drive\nthat might not always be mounted.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "doInit"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.dumpCommand": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Backup the stdout of this program instead of filesystem paths.\nMutually exclusive with {option}`paths`.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/createZFSsend.sh\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "dumpCommand"], "readOnly": false, "type": "null or absolute path"}, "services.borgbackup.jobs.<name>.encryption.mode": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "description": "Encryption mode to use. Setting a mode\nother than `\"none\"` requires\nyou to specify a {option}`passCommand`\nor a {option}`passphrase`.\n", "example": {"_type": "literalExpression", "text": "\"repokey-blake2\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "encryption", "mode"], "readOnly": false, "type": "one of \"repokey\", \"keyfile\", \"repokey-blake2\", \"keyfile-blake2\", \"authenticated\", \"authenticated-blake2\", \"none\""}, "services.borgbackup.jobs.<name>.encryption.passCommand": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A command which prints the passphrase to stdout.\nMutually exclusive with {option}`passphrase`.\n", "example": {"_type": "literalExpression", "text": "\"cat /path/to/passphrase_file\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "encryption", "passCommand"], "readOnly": false, "type": "null or string"}, "services.borgbackup.jobs.<name>.encryption.passphrase": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The passphrase the backups are encrypted with.\nMutually exclusive with {option}`passCommand`.\nIf you do not want the passphrase to be stored in the\nworld-readable Nix store, use {option}`passCommand`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "encryption", "passphrase"], "readOnly": false, "type": "null or string"}, "services.borgbackup.jobs.<name>.environment": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to the backup script.\nYou can for example specify which SSH key to use.\n", "example": {"_type": "literalExpression", "text": "{\n  BORG_RSH = \"ssh -i /path/to/key\";\n}"}, "loc": ["services", "borgbackup", "jobs", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.borgbackup.jobs.<name>.exclude": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Exclude paths matching any of the given patterns. See\n{command}`borg help patterns` for pattern syntax.\n\nCan not be set when {option}`createCommand` is set to\n`import-tar`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/home/*/.cache\"\n  \"/nix\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "exclude"], "readOnly": false, "type": "list of string"}, "services.borgbackup.jobs.<name>.extraArgs": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments for all {command}`borg` calls the\nservice has. Handle with care.\n\nThese extra arguments also get included in the wrapper\nscript for this job.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--remote-path=/path/to/borg\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "extraArgs"], "readOnly": false, "type": "string or (list of string) convertible to it"}, "services.borgbackup.jobs.<name>.extraCompactArgs": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments for {command}`borg compact`.\nCan also be set at runtime using `$extraCompactArgs`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--cleanup-commits\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "extraCompactArgs"], "readOnly": false, "type": "string or (list of string) convertible to it"}, "services.borgbackup.jobs.<name>.extraCreateArgs": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments for {command}`borg create`.\nCan also be set at runtime using `$extraCreateArgs`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--stats\"\n  \"--checkpoint-interval 600\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "extraCreateArgs"], "readOnly": false, "type": "string or (list of string) convertible to it"}, "services.borgbackup.jobs.<name>.extraInitArgs": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments for {command}`borg init`.\nCan also be set at runtime using `$extraInitArgs`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--append-only\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "extraInitArgs"], "readOnly": false, "type": "string or (list of string) convertible to it"}, "services.borgbackup.jobs.<name>.extraPruneArgs": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments for {command}`borg prune`.\nCan also be set at runtime using `$extraPruneArgs`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--save-space\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "extraPruneArgs"], "readOnly": false, "type": "string or (list of string) convertible to it"}, "services.borgbackup.jobs.<name>.failOnWarnings": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Fail the whole backup job if any borg command returns a warning\n(exit code 1), for example because a file changed during backup.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "failOnWarnings"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.group": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The group borg is run as. User or group needs read permission\nfor the specified {option}`paths`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "group"], "readOnly": false, "type": "string"}, "services.borgbackup.jobs.<name>.inhibitsSleep": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Prevents the system from sleeping while backing up.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "borgbackup", "jobs", "<name>", "inhibitsSleep"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.paths": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path(s) to back up.\nMutually exclusive with {option}`dumpCommand`.\n", "example": {"_type": "literalExpression", "text": "\"/home/user\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "paths"], "readOnly": false, "type": "null or ((list of string) or string convertible to it)"}, "services.borgbackup.jobs.<name>.patterns": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Include/exclude paths matching the given patterns. The first\nmatching patterns is used, so if an include pattern (prefix `+`)\nmatches before an exclude pattern (prefix `-`), the file is\nbacked up. See [{command}`borg help patterns`](https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-patterns) for pattern syntax.\n\nCan not be set when {option}`createCommand` is set to\n`import-tar`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"+ /home/susan\"\n  \"- /home/*\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "patterns"], "readOnly": false, "type": "list of string"}, "services.borgbackup.jobs.<name>.persistentTimer": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set the `Persistent` option for the\n{manpage}`systemd.timer(5)`\nwhich triggers the backup immediately if the last trigger\nwas missed (e.g. if the system was powered down).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "borgbackup", "jobs", "<name>", "persistentTimer"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.postCreate": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to run after {command}`borg create`. The name\nof the created archive is stored in `$archiveName`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "postCreate"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.borgbackup.jobs.<name>.postHook": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to run just before exit. They are executed\neven if a previous command exits with a non-zero exit code.\nThe latter is available as `$exitStatus`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "postHook"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.borgbackup.jobs.<name>.postInit": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to run after {command}`borg init`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "postInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.borgbackup.jobs.<name>.postPrune": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to run after {command}`borg prune`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "postPrune"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.borgbackup.jobs.<name>.preHook": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to run before the backup.\nThis can for example be used to mount file systems.\n", "example": {"_type": "literalExpression", "text": "''\n  # To add excluded paths at runtime\n  extraCreateArgs+=(\"--exclude\" \"/some/path\")\n''"}, "loc": ["services", "borgbackup", "jobs", "<name>", "preHook"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.borgbackup.jobs.<name>.privateTmp": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set the `PrivateTmp` option for\nthe systemd-service. Set to false if you need sockets\nor other files from global /tmp.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "privateTmp"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.prune.keep": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Prune a repository by deleting all archives not matching any of the\nspecified retention options. See {command}`borg help prune`\nfor the available options.\n", "example": {"_type": "literalExpression", "text": "{\n  within = \"1d\"; # Keep all archives from the last day\n  daily = 7;\n  weekly = 4;\n  monthly = -1;  # Keep at least one archive for each month\n}\n"}, "loc": ["services", "borgbackup", "jobs", "<name>", "prune", "keep"], "readOnly": false, "type": "attribute set of (signed integer or string matching the pattern [[:digit:]]+[Hdwmy])"}, "services.borgbackup.jobs.<name>.prune.prefix": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "archiveBaseName"}, "description": "Only consider archive names starting with this prefix for pruning.\nBy default, only archives created by this job are considered.\nUse `\"\"` or `null` to consider all archives.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "prune", "prefix"], "readOnly": false, "type": "null or string"}, "services.borgbackup.jobs.<name>.readWritePaths": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "By default, borg cannot write anywhere on the system but\n`$HOME/.config/borg` and `$HOME/.cache/borg`.\nIf, for example, your preHook script needs to dump files\nsomewhere, put those directories here.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/backup/mysqldump\"\n]"}, "loc": ["services", "borgbackup", "jobs", "<name>", "readWritePaths"], "readOnly": false, "type": "list of absolute path"}, "services.borgbackup.jobs.<name>.removableDevice": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the repo (which must be local) is a removable device.", "loc": ["services", "borgbackup", "jobs", "<name>", "removableDevice"], "readOnly": false, "type": "boolean"}, "services.borgbackup.jobs.<name>.repo": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "description": "Remote or local repository to back up to.", "example": {"_type": "literalExpression", "text": "\"user@machine:/path/to/repo\""}, "loc": ["services", "borgbackup", "jobs", "<name>", "repo"], "readOnly": false, "type": "string"}, "services.borgbackup.jobs.<name>.startAt": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "When or how often the backup should run.\nMust be in the format described in\n{manpage}`systemd.time(7)`.\nIf you do not want the backup to start\nautomatically, use `[ ]`.\nIt will generate a systemd service borgbackup-job-NAME.\nYou may trigger it manually via systemctl restart borgbackup-job-NAME.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "startAt"], "readOnly": false, "type": "string or list of string"}, "services.borgbackup.jobs.<name>.user": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The user {command}`borg` is run as.\nUser or group need read permission\nfor the specified {option}`paths`.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "user"], "readOnly": false, "type": "string"}, "services.borgbackup.jobs.<name>.wrapper": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"borg-job-<name>\""}, "description": "Name of the wrapper that is installed into {env}`PATH`.\nSet to `null` or `\"\"` to disable it altogether.\n", "loc": ["services", "borgbackup", "jobs", "<name>", "wrapper"], "readOnly": false, "type": "null or string"}, "services.borgbackup.package": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "pkgs.borgbackup"}, "description": "The borgbackup package to use.", "loc": ["services", "borgbackup", "package"], "readOnly": false, "type": "package"}, "services.borgbackup.repos": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Serve BorgBackup repositories to given public SSH keys,\nrestricting their access to the repository only.\nSee also the chapter about BorgBackup in the NixOS manual.\nAlso, clients do not need to specify the absolute path when accessing the repository,\ni.e. `user@machine:.` is enough. (Note colon and dot.)\n", "loc": ["services", "borgbackup", "repos"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.borgbackup.repos.<name>.allowSubRepos": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow clients to create repositories in subdirectories of the\nspecified {option}`path`. These can be accessed using\n`user@machine:path/to/subrepo`. Note that a\n{option}`quota` applies to repositories independently.\nTherefore, if this is enabled, clients can create multiple\nrepositories and upload an arbitrary amount of data.\n", "loc": ["services", "borgbackup", "repos", "<name>", "allowSubRepos"], "readOnly": false, "type": "boolean"}, "services.borgbackup.repos.<name>.authorizedKeys": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Public SSH keys that are given full write access to this repository.\nYou should use a different SSH key for each repository you write to, because\nthe specified keys are restricted to running {command}`borg serve`\nand can only access this single repository.\n", "loc": ["services", "borgbackup", "repos", "<name>", "authorizedKeys"], "readOnly": false, "type": "list of string"}, "services.borgbackup.repos.<name>.authorizedKeysAppendOnly": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Public SSH keys that can only be used to append new data (archives) to the repository.\nNote that archives can still be marked as deleted and are subsequently removed from disk\nupon accessing the repo with full write access, e.g. when pruning.\n", "loc": ["services", "borgbackup", "repos", "<name>", "authorizedKeysAppendOnly"], "readOnly": false, "type": "list of string"}, "services.borgbackup.repos.<name>.group": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"borg\""}, "description": "The group {command}`borg serve` is run as.\nUser or group needs write permission\nfor the specified {option}`path`.\n", "loc": ["services", "borgbackup", "repos", "<name>", "group"], "readOnly": false, "type": "string"}, "services.borgbackup.repos.<name>.path": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/borgbackup\""}, "description": "Where to store the backups. Note that the directory\nis created automatically, with correct permissions.\n", "loc": ["services", "borgbackup", "repos", "<name>", "path"], "readOnly": false, "type": "absolute path"}, "services.borgbackup.repos.<name>.quota": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Storage quota for the repository. This quota is ensured for all\nsub-repositories if {option}`allowSubRepos` is enabled\nbut not for the overall storage space used.\n", "example": {"_type": "literalExpression", "text": "\"100G\""}, "loc": ["services", "borgbackup", "repos", "<name>", "quota"], "readOnly": false, "type": "null or string matching the pattern [[:digit:].]+[KMGTP]?"}, "services.borgbackup.repos.<name>.user": {"declarations": ["nixos/modules/services/backup/borgbackup.nix"], "default": {"_type": "literalExpression", "text": "\"borg\""}, "description": "The user {command}`borg serve` is run as.\nUser or group needs write permission\nfor the specified {option}`path`.\n", "loc": ["services", "borgbackup", "repos", "<name>", "user"], "readOnly": false, "type": "string"}, "services.borgmatic.configurations": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of borgmatic configurations, see <https://torsion.org/borgmatic/docs/reference/configuration/>\n", "loc": ["services", "borgmatic", "configurations"], "readOnly": false, "type": "attribute set of (open submodule of (YAML 1.1 value))"}, "services.borgmatic.configurations.<name>.repositories": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A required list of local or remote repositories with paths and\noptional labels (which can be used with the --repository flag to\nselect a repository). Tildes are expanded. Multiple repositories are\nbacked up to in sequence. Borg placeholders can be used. See the\noutput of \"borg help placeholders\" for details. See ssh_command for\nSSH options like identity file or port. If systemd service is used,\nthen add local repository paths in the systemd service file to the\nReadWritePaths list.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    label = \"backupserver\";\n    path = \"ssh://user@backupserver/./sourcehostname.borg\";\n  }\n  {\n    label = \"local\";\n    path = \"/mnt/backup\";\n  }\n]"}, "loc": ["services", "borgmatic", "configurations", "<name>", "repositories"], "readOnly": false, "type": "list of (submodule)"}, "services.borgmatic.configurations.<name>.repositories.*.label": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "description": "Label to the repository\n", "loc": ["services", "borgmatic", "configurations", "<name>", "repositories", "*", "label"], "readOnly": false, "type": "string"}, "services.borgmatic.configurations.<name>.repositories.*.path": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "description": "Path to the repository\n", "loc": ["services", "borgmatic", "configurations", "<name>", "repositories", "*", "path"], "readOnly": false, "type": "string"}, "services.borgmatic.configurations.<name>.source_directories": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of source directories and files to backup. Globs and tildes are\nexpanded. Do not backslash spaces in path names.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/home\"\n  \"/etc\"\n  \"/var/log/syslog*\"\n  \"/home/user/path with spaces\"\n]"}, "loc": ["services", "borgmatic", "configurations", "<name>", "source_directories"], "readOnly": false, "type": "list of string"}, "services.borgmatic.enable": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable borgmatic.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "borgmatic", "enable"], "readOnly": false, "type": "boolean"}, "services.borgmatic.enableConfigCheck": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable checking all configurations during build time.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "borgmatic", "enableConfigCheck"], "readOnly": false, "type": "boolean"}, "services.borgmatic.settings": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See <https://torsion.org/borgmatic/docs/reference/configuration/>\n", "loc": ["services", "borgmatic", "settings"], "readOnly": false, "type": "null or (open submodule of (YAML 1.1 value))"}, "services.borgmatic.settings.repositories": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A required list of local or remote repositories with paths and\noptional labels (which can be used with the --repository flag to\nselect a repository). Tildes are expanded. Multiple repositories are\nbacked up to in sequence. Borg placeholders can be used. See the\noutput of \"borg help placeholders\" for details. See ssh_command for\nSSH options like identity file or port. If systemd service is used,\nthen add local repository paths in the systemd service file to the\nReadWritePaths list.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    label = \"backupserver\";\n    path = \"ssh://user@backupserver/./sourcehostname.borg\";\n  }\n  {\n    label = \"local\";\n    path = \"/mnt/backup\";\n  }\n]"}, "loc": ["services", "borgmatic", "settings", "repositories"], "readOnly": false, "type": "list of (submodule)"}, "services.borgmatic.settings.repositories.*.label": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "description": "Label to the repository\n", "loc": ["services", "borgmatic", "settings", "repositories", "*", "label"], "readOnly": false, "type": "string"}, "services.borgmatic.settings.repositories.*.path": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "description": "Path to the repository\n", "loc": ["services", "borgmatic", "settings", "repositories", "*", "path"], "readOnly": false, "type": "string"}, "services.borgmatic.settings.source_directories": {"declarations": ["nixos/modules/services/backup/borgmatic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of source directories and files to backup. Globs and tildes are\nexpanded. Do not backslash spaces in path names.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/home\"\n  \"/etc\"\n  \"/var/log/syslog*\"\n  \"/home/user/path with spaces\"\n]"}, "loc": ["services", "borgmatic", "settings", "source_directories"], "readOnly": false, "type": "list of string"}, "services.bosun.checkFrequency": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"5m\""}, "description": "Bosun's check frequency\n", "loc": ["services", "bosun", "checkFrequency"], "readOnly": false, "type": "string"}, "services.bosun.enable": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bosun.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bosun", "enable"], "readOnly": false, "type": "boolean"}, "services.bosun.extraConfig": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options for Bosun. You should describe your\ndesired templates, alerts, macros, etc through this configuration\noption.\n\nA detailed description of the supported syntax can be found at-spi2-atk\n<https://bosun.org/configuration.html>\n", "loc": ["services", "bosun", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.bosun.group": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"bosun\""}, "description": "Group account under which bosun runs.\n", "loc": ["services", "bosun", "group"], "readOnly": false, "type": "string"}, "services.bosun.influxHost": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host and port of the influxdb database.\n", "example": {"_type": "literalExpression", "text": "\"localhost:8086\""}, "loc": ["services", "bosun", "influxHost"], "readOnly": false, "type": "null or string"}, "services.bosun.ledisDir": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bosun/ledis_data\""}, "description": "Path to bosun's ledis data dir\n", "loc": ["services", "bosun", "ledisDir"], "readOnly": false, "type": "absolute path"}, "services.bosun.listenAddress": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\":8070\""}, "description": "The host address and port that bosun's web interface will listen on.\n", "loc": ["services", "bosun", "listenAddress"], "readOnly": false, "type": "string"}, "services.bosun.opentsdbHost": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:4242\""}, "description": "Host and port of the OpenTSDB database that stores bosun data.\nTo disable opentsdb you can pass null as parameter.\n", "loc": ["services", "bosun", "opentsdbHost"], "readOnly": false, "type": "null or string"}, "services.bosun.package": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bosun"}, "description": "The bosun package to use.", "loc": ["services", "bosun", "package"], "readOnly": false, "type": "package"}, "services.bosun.stateFile": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/bosun/bosun.state\""}, "description": "Path to bosun's state file.\n", "loc": ["services", "bosun", "stateFile"], "readOnly": false, "type": "absolute path"}, "services.bosun.user": {"declarations": ["nixos/modules/services/monitoring/bosun.nix"], "default": {"_type": "literalExpression", "text": "\"bosun\""}, "description": "User account under which bosun runs.\n", "loc": ["services", "bosun", "user"], "readOnly": false, "type": "string"}, "services.botamusique.enable": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable botamusique, a bot to play audio streams on mumble.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "botamusique", "enable"], "readOnly": false, "type": "boolean"}, "services.botamusique.package": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "pkgs.botamusique"}, "description": "The botamusique package to use.", "loc": ["services", "botamusique", "package"], "readOnly": false, "type": "package"}, "services.botamusique.settings": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Your {file}`configuration.ini` as a Nix attribute set. Look up\npossible options in the [configuration.example.ini](https://github.com/azlux/botamusique/blob/master/configuration.example.ini).\n", "loc": ["services", "botamusique", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.botamusique.settings.bot.comment": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "\"Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!\""}, "description": "Comment displayed for the bot.", "loc": ["services", "botamusique", "settings", "bot", "comment"], "readOnly": false, "type": "string"}, "services.botamusique.settings.bot.username": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "\"botamusique\""}, "description": "Name the bot should appear with.", "loc": ["services", "botamusique", "settings", "bot", "username"], "readOnly": false, "type": "string"}, "services.botamusique.settings.server.host": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname of the mumble server to connect to.", "example": {"_type": "literalExpression", "text": "\"mumble.example.com\""}, "loc": ["services", "botamusique", "settings", "server", "host"], "readOnly": false, "type": "string"}, "services.botamusique.settings.server.port": {"declarations": ["nixos/modules/services/audio/botamusique.nix"], "default": {"_type": "literalExpression", "text": "64738"}, "description": "Port of the mumble server to connect to.", "loc": ["services", "botamusique", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.bpftune.enable": {"declarations": ["nixos/modules/services/system/bpftune.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bpftune BPF driven auto-tuning.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "bpftune", "enable"], "readOnly": false, "type": "boolean"}, "services.bpftune.package": {"declarations": ["nixos/modules/services/system/bpftune.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bpftune"}, "description": "The bpftune package to use.", "loc": ["services", "bpftune", "package"], "readOnly": false, "type": "package"}, "services.brltty.enable": {"declarations": ["nixos/modules/services/hardware/brltty.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the BRLTTY daemon.", "loc": ["services", "brltty", "enable"], "readOnly": false, "type": "boolean"}, "services.broadcast-box.enable": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Broadcast Box.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "broadcast-box", "enable"], "readOnly": false, "type": "boolean"}, "services.broadcast-box.openFirewall": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening WebRTC traffic ports in the firewall. Randomly selected ports\nwill not be opened.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "broadcast-box", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.broadcast-box.package": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "pkgs.broadcast-box"}, "description": "The broadcast-box package to use.", "loc": ["services", "broadcast-box", "package"], "readOnly": false, "type": "package"}, "services.broadcast-box.settings": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "{\n  DISABLE_STATUS = true;\n}"}, "description": "Attribute set of environment variables.\n\n<https://github.com/Glimesh/broadcast-box#environment-variables>\n\n:::{.warning}\nThe status API exposes stream keys so {env}`DISABLE_STATUS` is enabled\nby default.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  DISABLE_STATUS = true;\n  INCLUDE_PUBLIC_IP_IN_NAT_1_TO_1_IP = true;\n  UDP_MUX_PORT = 3000;\n}"}, "loc": ["services", "broadcast-box", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or signed integer or string)"}, "services.broadcast-box.web.host": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Host address the HTTP server listens on. By default the server\nlistens on all interfaces.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "broadcast-box", "web", "host"], "readOnly": false, "type": "string"}, "services.broadcast-box.web.openFirewall": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the HTTP server port and, if enabled, the HTTPS redirect server\nport in the firewall.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "broadcast-box", "web", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.broadcast-box.web.port": {"declarations": ["nixos/modules/services/video/broadcast-box.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port the HTTP server listens on.\n", "loc": ["services", "broadcast-box", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.btrbk.extraPackages": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages for btrbk, like compression utilities for `stream_compress`.\n\n**Note**: This option will get deprecated in future releases.\nRequired compression programs will get automatically provided to btrbk\ndepending on configured compression method in\n`services.btrbk.instances.<name>.settings` option.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.xz ]"}, "loc": ["services", "btrbk", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.btrbk.instances": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of btrbk instances. The instance named `btrbk` is the default one.", "loc": ["services", "btrbk", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.btrbk.instances.<name>.onCalendar": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "How often this btrbk instance is started. See {manpage}`systemd.time(7)` for more information about the format.\nSetting it to null disables the timer, thus this instance can only be started manually.\n", "loc": ["services", "btrbk", "instances", "<name>", "onCalendar"], "readOnly": false, "type": "null or string"}, "services.btrbk.instances.<name>.settings": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "configuration options for btrbk. Nested attrsets translate to subsections.", "example": {"_type": "literalExpression", "text": "{\n  snapshot_preserve = \"14d\";\n  snapshot_preserve_min = \"2d\";\n  volume = {\n    \"/mnt/btr_pool\" = {\n      subvolume = {\n        home = {\n          snapshot_create = \"always\";\n        };\n        rootfs = { };\n      };\n      target = \"/mnt/btr_backup/mylaptop\";\n    };\n  };\n}"}, "loc": ["services", "btrbk", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or instances of this type recursively)"}, "services.btrbk.instances.<name>.settings.stream_compress": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Compress the btrfs send stream before transferring it from/to remote locations using a\ncompression command.\n", "loc": ["services", "btrbk", "instances", "<name>", "settings", "stream_compress"], "readOnly": false, "type": "one of \"gzip\", \"pigz\", \"bzip2\", \"pbzip2\", \"bzip3\", \"xz\", \"lzo\", \"lz4\", \"zstd\", \"no\""}, "services.btrbk.instances.<name>.snapshotOnly": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run in snapshot only mode. This skips backup creation and deletion steps.\nUseful when you want to manually backup to an external drive that might not always be connected.\nUse `btrbk -c /path/to/conf resume` to trigger manual backups.\nMore examples [here](https://github.com/digint/btrbk#example-backups-to-usb-disk).\nSee also `snapshot` subcommand in {manpage}`btrbk(1)`.\n", "loc": ["services", "btrbk", "instances", "<name>", "snapshotOnly"], "readOnly": false, "type": "boolean"}, "services.btrbk.ioSchedulingClass": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "\"best-effort\""}, "description": "IO scheduling class for btrbk (see {manpage}`ionice(1)` for a quick description). Applies to local instances, and remote ones connecting by ssh if set to idle.", "loc": ["services", "btrbk", "ioSchedulingClass"], "readOnly": false, "type": "one of \"idle\", \"best-effort\", \"realtime\""}, "services.btrbk.niceness": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Niceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive.", "loc": ["services", "btrbk", "niceness"], "readOnly": false, "type": "integer between -20 and 19 (both inclusive)"}, "services.btrbk.sshAccess": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "SSH keys that should be able to make or push snapshots on this system remotely with btrbk", "loc": ["services", "btrbk", "sshAccess"], "readOnly": false, "type": "list of (submodule)"}, "services.btrbk.sshAccess.*.key": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "description": "SSH public key allowed to login as user `btrbk` to run remote backups.", "loc": ["services", "btrbk", "sshAccess", "*", "key"], "readOnly": false, "type": "string"}, "services.btrbk.sshAccess.*.roles": {"declarations": ["nixos/modules/services/backup/btrbk.nix"], "description": "What actions can be performed with this SSH key. See ssh_filter_btrbk(1) for details", "example": {"_type": "literalExpression", "text": "[\n  \"source\"\n  \"info\"\n  \"send\"\n]"}, "loc": ["services", "btrbk", "sshAccess", "*", "roles"], "readOnly": false, "type": "list of (one of \"info\", \"source\", \"target\", \"delete\", \"snapshot\", \"send\", \"receive\")"}, "services.btrfs.autoScrub.enable": {"declarations": ["nixos/modules/tasks/filesystems/btrfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable regular btrfs scrub.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "btrfs", "autoScrub", "enable"], "readOnly": false, "type": "boolean"}, "services.btrfs.autoScrub.fileSystems": {"declarations": ["nixos/modules/tasks/filesystems/btrfs.nix"], "description": "List of paths to btrfs filesystems to regularly call {command}`btrfs scrub` on.\nDefaults to all mount points with btrfs filesystems.\nNote that if you have filesystems that span multiple devices (e.g. RAID), you should\ntake care to use the same device for any given mount point and let btrfs take care\nof automatically mounting the rest, in order to avoid scrubbing the same data multiple times.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/\"\n]"}, "loc": ["services", "btrfs", "autoScrub", "fileSystems"], "readOnly": false, "type": "list of absolute path"}, "services.btrfs.autoScrub.interval": {"declarations": ["nixos/modules/tasks/filesystems/btrfs.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Systemd calendar expression for when to scrub btrfs filesystems.\nThe recommended period is a month but could be less\n({manpage}`btrfs-scrub(8)`).\nSee\n{manpage}`systemd.time(7)`\nfor more information on the syntax.\n", "example": {"_type": "literalExpression", "text": "\"weekly\""}, "loc": ["services", "btrfs", "autoScrub", "interval"], "readOnly": false, "type": "string"}, "services.btrfs.autoScrub.limit": {"declarations": ["nixos/modules/tasks/filesystems/btrfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The scrub throughput limit applied on all scrubbed filesystems.\nThe value is bytes per second, and accepts the usual KMGT prefixes.\n", "example": {"_type": "literalExpression", "text": "\"100M\""}, "loc": ["services", "btrfs", "autoScrub", "limit"], "readOnly": false, "type": "null or string matching the pattern [0-9]+[KMGT]?"}, "services.buffyboard.configFile": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "ini.generate \"buffyboard.conf\" cfg.settings"}, "description": "Path to an INI format configuration file to provide Buffyboard.\nBy default, this is generated from whatever you've set in `settings`.\nIf specified manually, then `settings` is ignored.\n\nFor an example config file see [here](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/blob/master/buffyboard/buffyboard.conf)\n", "loc": ["services", "buffyboard", "configFile"], "readOnly": false, "type": "absolute path"}, "services.buffyboard.enable": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable buffyboard framebuffer keyboard (on-screen keyboard).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "buffyboard", "enable"], "readOnly": false, "type": "boolean"}, "services.buffyboard.extraFlags": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra CLI arguments to pass to buffyboard.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--geometry=1920x1080@640,0\"\n  \"--dpi=192\"\n  \"--rotate=2\"\n  \"--verbose\"\n]"}, "loc": ["services", "buffyboard", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.buffyboard.package": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.buffybox"}, "description": "The buffybox package to use.", "loc": ["services", "buffyboard", "package"], "readOnly": false, "type": "package"}, "services.buffyboard.settings": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to include in /etc/buffyboard.conf.\nEvery option here is strictly optional:\nBuffyboard will use its own baked-in defaults for those options left unset.\n", "loc": ["services", "buffyboard", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.buffyboard.settings.input.pointer": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable or disable the use of a hardware mouse or other pointing device.\n", "loc": ["services", "buffyboard", "settings", "input", "pointer"], "readOnly": false, "type": "null or boolean"}, "services.buffyboard.settings.input.touchscreen": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable or disable the use of the touchscreen.\n", "loc": ["services", "buffyboard", "settings", "input", "touchscreen"], "readOnly": false, "type": "null or boolean"}, "services.buffyboard.settings.quirks.fbdev_force_refresh": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If true and using the framebuffer backend, this triggers a display refresh after every draw operation.\nThis has a negative performance impact.\n", "loc": ["services", "buffyboard", "settings", "quirks", "fbdev_force_refresh"], "readOnly": false, "type": "null or boolean"}, "services.buffyboard.settings.quirks.ignore_unused_terminals": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If true, buffyboard won't automatically update the layout of a new terminal and\ndraw the keyboard, if the terminal is not opened by any process. In this case\nSIGUSR1 should be sent to buffyboard to update the layout. This quirk was introduced\nto resolve a race between buffyboard and systemd-logind according to the following scenario:\n- A user switches to a new virtual terminal\n- Buffyboard opens the terminal and changes the number of rows\n- systemd-logind sees that the terminal is opened by some other process and don't start getty@.service\n\nThe race is resolved by enabling this option and installing a drop-in file\nfor getty@.service that sends SIGUSR1 to buffyboard.\n", "loc": ["services", "buffyboard", "settings", "quirks", "ignore_unused_terminals"], "readOnly": false, "type": "null or boolean"}, "services.buffyboard.settings.theme.default": {"declarations": ["nixos/modules/services/hardware/buffyboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Selects the default theme on boot. Can be changed at runtime to the alternative theme.\n", "loc": ["services", "buffyboard", "settings", "theme", "default"], "readOnly": false, "type": "string or one of <null>, \"adwaita-dark\", \"breezy-dark\", \"breezy-light\", \"nord-dark\", \"nord-light\", \"pmos-dark\", \"pmos-light\""}, "services.buildbot-master.buildbotDir": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.buildbot-master.home}/master\""}, "description": "Specifies the Buildbot directory.", "loc": ["services", "buildbot-master", "buildbotDir"], "readOnly": false, "type": "absolute path"}, "services.buildbot-master.buildbotUrl": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:8010/\""}, "description": "Specifies the Buildbot URL.", "loc": ["services", "buildbot-master", "buildbotUrl"], "readOnly": false, "type": "string"}, "services.buildbot-master.builders": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)\"\n]"}, "description": "List of Builders.", "loc": ["services", "buildbot-master", "builders"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.changeSource": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of Change Sources.", "example": {"_type": "literalExpression", "text": "[\n  \"changes.GitPoller('https://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)\"\n]"}, "loc": ["services", "buildbot-master", "changeSource"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.configurators": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configurator Steps, see <https://docs.buildbot.net/latest/manual/configuration/configurators.html>", "example": {"_type": "literalExpression", "text": "[\n  \"util.JanitorConfigurator(logHorizon=timedelta(weeks=4), hour=12, dayOfWeek=6)\"\n]"}, "loc": ["services", "buildbot-master", "configurators"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.dbUrl": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:///state.sqlite\""}, "description": "Specifies the database connection string.", "loc": ["services", "buildbot-master", "dbUrl"], "readOnly": false, "type": "string"}, "services.buildbot-master.enable": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Buildbot continuous integration server.", "loc": ["services", "buildbot-master", "enable"], "readOnly": false, "type": "boolean"}, "services.buildbot-master.extraConfig": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"c['buildbotNetUsageData'] = None\""}, "description": "Extra configuration to append to master.cfg", "loc": ["services", "buildbot-master", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.buildbot-master.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra groups that the buildbot user should be a part of.", "loc": ["services", "buildbot-master", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.extraImports": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra python imports to prepend to master.cfg", "example": {"_type": "literalExpression", "text": "\"from buildbot.process.project import Project\""}, "loc": ["services", "buildbot-master", "extraImports"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.buildbot-master.factorySteps": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Factory Steps", "example": {"_type": "literalExpression", "text": "[\n  \"steps.Git(repourl='https://github.com/buildbot/pyflakes.git', mode='incremental')\"\n  \"steps.ShellCommand(command=['trial', 'pyflakes'])\"\n]"}, "loc": ["services", "buildbot-master", "factorySteps"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.group": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"buildbot\""}, "description": "Primary group of buildbot user.", "loc": ["services", "buildbot-master", "group"], "readOnly": false, "type": "string"}, "services.buildbot-master.home": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"/home/buildbot\""}, "description": "Buildbot home directory.", "loc": ["services", "buildbot-master", "home"], "readOnly": false, "type": "absolute path"}, "services.buildbot-master.listenAddress": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Specifies the bind address on which the buildbot HTTP interface listens.", "loc": ["services", "buildbot-master", "listenAddress"], "readOnly": false, "type": "string"}, "services.buildbot-master.masterCfg": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalMD", "text": "generated configuration file"}, "description": "Optionally pass master.cfg path. Other options in this configuration will be ignored.", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/buildbot/master.cfg\""}, "loc": ["services", "buildbot-master", "masterCfg"], "readOnly": false, "type": "absolute path"}, "services.buildbot-master.package": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "pkgs.buildbot-full"}, "description": "The buildbot-full package to use.", "example": {"_type": "literalExpression", "text": "buildbot"}, "loc": ["services", "buildbot-master", "package"], "readOnly": false, "type": "package"}, "services.buildbot-master.packages": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.git ]"}, "description": "Packages to add to PATH for the buildbot process.", "loc": ["services", "buildbot-master", "packages"], "readOnly": false, "type": "list of package"}, "services.buildbot-master.pbPort": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "9989"}, "description": "The buildmaster will listen on a TCP port of your choosing\nfor connections from workers.\nIt can also use this port for connections from remote Change Sources,\nstatus clients, and debug tools.\nThis port should be visible to the outside world, and you\u2019ll need to tell\nyour worker admins about your choice.\nIf put in (single) quotes, this can also be used as a connection string,\nas defined in the [ConnectionStrings guide](https://twistedmatrix.com/documents/current/core/howto/endpoints.html).\n", "example": {"_type": "literalExpression", "text": "\"'tcp:9990:interface=127.0.0.1'\""}, "loc": ["services", "buildbot-master", "pbPort"], "readOnly": false, "type": "string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.buildbot-master.port": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "8010"}, "description": "Specifies port number on which the buildbot HTTP interface listens.", "loc": ["services", "buildbot-master", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.buildbot-master.pythonPackages": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "pythonPackages: with pythonPackages; [ ]"}, "description": "Packages to add the to the PYTHONPATH of the buildbot process.", "example": {"_type": "literalExpression", "text": "pythonPackages: with pythonPackages; [ requests ]"}, "loc": ["services", "buildbot-master", "pythonPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.buildbot-master.reporters": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of reporter objects used to present build status to various users.", "loc": ["services", "buildbot-master", "reporters"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.schedulers": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])\"\n  \"schedulers.ForceScheduler(name='force',builderNames=['runtests'])\"\n]"}, "description": "List of Schedulers.", "loc": ["services", "buildbot-master", "schedulers"], "readOnly": false, "type": "list of string"}, "services.buildbot-master.title": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"Buildbot\""}, "description": "Specifies the Buildbot Title.", "loc": ["services", "buildbot-master", "title"], "readOnly": false, "type": "string"}, "services.buildbot-master.titleUrl": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"Buildbot\""}, "description": "Specifies the Buildbot TitleURL.", "loc": ["services", "buildbot-master", "titleUrl"], "readOnly": false, "type": "string"}, "services.buildbot-master.user": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "\"buildbot\""}, "description": "User the buildbot server should execute under.", "loc": ["services", "buildbot-master", "user"], "readOnly": false, "type": "string"}, "services.buildbot-master.workers": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/master.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"worker.Worker('example-worker', 'pass')\"\n]"}, "description": "List of Workers.", "loc": ["services", "buildbot-master", "workers"], "readOnly": false, "type": "list of string"}, "services.buildbot-worker.adminMessage": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the administrator of this worker", "loc": ["services", "buildbot-worker", "adminMessage"], "readOnly": false, "type": "null or string"}, "services.buildbot-worker.buildbotDir": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.buildbot-worker.home}/worker\""}, "description": "Specifies the Buildbot directory.", "loc": ["services", "buildbot-worker", "buildbotDir"], "readOnly": false, "type": "absolute path"}, "services.buildbot-worker.enable": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Buildbot Worker.", "loc": ["services", "buildbot-worker", "enable"], "readOnly": false, "type": "boolean"}, "services.buildbot-worker.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra groups that the Buildbot Worker user should be a part of.", "loc": ["services", "buildbot-worker", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.buildbot-worker.group": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"bbworker\""}, "description": "Primary group of buildbot Worker user.", "loc": ["services", "buildbot-worker", "group"], "readOnly": false, "type": "string"}, "services.buildbot-worker.home": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"/home/bbworker\""}, "description": "Buildbot home directory.", "loc": ["services", "buildbot-worker", "home"], "readOnly": false, "type": "absolute path"}, "services.buildbot-worker.hostMessage": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Description of this worker", "loc": ["services", "buildbot-worker", "hostMessage"], "readOnly": false, "type": "null or string"}, "services.buildbot-worker.keepalive": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "This is a number that indicates how frequently keepalive messages should be sent\nfrom the worker to the buildmaster, expressed in seconds.\n", "loc": ["services", "buildbot-worker", "keepalive"], "readOnly": false, "type": "signed integer"}, "services.buildbot-worker.masterUrl": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:9989\""}, "description": "Specifies the Buildbot Worker connection string.", "loc": ["services", "buildbot-worker", "masterUrl"], "readOnly": false, "type": "string"}, "services.buildbot-worker.package": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.buildbot-worker"}, "description": "The buildbot-worker package to use.", "loc": ["services", "buildbot-worker", "package"], "readOnly": false, "type": "package"}, "services.buildbot-worker.packages": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.git ]"}, "description": "Packages to add to PATH for the buildbot process.", "loc": ["services", "buildbot-worker", "packages"], "readOnly": false, "type": "list of package"}, "services.buildbot-worker.user": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"bbworker\""}, "description": "User the buildbot Worker should execute under.", "loc": ["services", "buildbot-worker", "user"], "readOnly": false, "type": "string"}, "services.buildbot-worker.workerPass": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"pass\""}, "description": "Specifies the Buildbot Worker password.", "loc": ["services", "buildbot-worker", "workerPass"], "readOnly": false, "type": "string"}, "services.buildbot-worker.workerPassFile": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "description": "File used to store the Buildbot Worker password", "loc": ["services", "buildbot-worker", "workerPassFile"], "readOnly": false, "type": "absolute path"}, "services.buildbot-worker.workerUser": {"declarations": ["nixos/modules/services/continuous-integration/buildbot/worker.nix"], "default": {"_type": "literalExpression", "text": "\"example-worker\""}, "description": "Specifies the Buildbot Worker user.", "loc": ["services", "buildbot-worker", "workerUser"], "readOnly": false, "type": "string"}, "services.buildkite-agents": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of buildkite agents.\nThe attribute key is combined with the hostname and a unique integer to\ncreate the final agent name. This can be overridden by setting the `name`\nattribute.\n", "loc": ["services", "buildkite-agents"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.buildkite-agents.<name>.dataDir": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/buildkite-agent-\u2039name\u203a\""}, "description": "The workdir for the agent", "loc": ["services", "buildkite-agents", "<name>", "dataDir"], "readOnly": false, "type": "string"}, "services.buildkite-agents.<name>.enable": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this buildkite agent", "loc": ["services", "buildkite-agents", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.buildkite-agents.<name>.extraConfig": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the configuration file.\n", "example": {"_type": "literalExpression", "text": "\"debug=true\""}, "loc": ["services", "buildkite-agents", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.buildkite-agents.<name>.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"keys\"\n]"}, "description": "Groups the user for this buildkite agent should belong to", "loc": ["services", "buildkite-agents", "<name>", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.buildkite-agents.<name>.hooks": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "\"Agent\" hooks to install.\nSee <https://buildkite.com/docs/agent/v3/hooks> for possible options.\n", "example": {"_type": "literalExpression", "text": "{\n  environment = ''\n    export SECRET_VAR=`head -1 /run/keys/secret`\n  '';\n}"}, "loc": ["services", "buildkite-agents", "<name>", "hooks"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.buildkite-agents.<name>.hooksPath": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalMD", "text": "generated from {option}`services.buildkite-agents.<name>.hooks`"}, "description": "Path to the directory storing the hooks.\nConsider using {option}`services.buildkite-agents.<name>.hooks.<name>`\ninstead.\n", "loc": ["services", "buildkite-agents", "<name>", "hooksPath"], "readOnly": false, "type": "absolute path"}, "services.buildkite-agents.<name>.name": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "\"%hostname-\u2039name\u203a-%n\""}, "description": "The name of the agent as seen in the buildkite dashboard.\n", "loc": ["services", "buildkite-agents", "<name>", "name"], "readOnly": false, "type": "string"}, "services.buildkite-agents.<name>.package": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "pkgs.buildkite-agent"}, "description": "The buildkite-agent package to use.", "loc": ["services", "buildkite-agents", "<name>", "package"], "readOnly": false, "type": "package"}, "services.buildkite-agents.<name>.privateSshKeyPath": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OpenSSH private key\n\nA run-time path to the key file, which is supposed to be provisioned\noutside of Nix store.\n", "loc": ["services", "buildkite-agents", "<name>", "privateSshKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.buildkite-agents.<name>.runtimePackages": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"}, "description": "Add programs to the buildkite-agent environment", "loc": ["services", "buildkite-agents", "<name>", "runtimePackages"], "readOnly": false, "type": "list of package"}, "services.buildkite-agents.<name>.shell": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.bash}/bin/bash -e -c\""}, "description": "Command that buildkite-agent 3 will execute when it spawns a shell.\n", "loc": ["services", "buildkite-agents", "<name>", "shell"], "readOnly": false, "type": "string"}, "services.buildkite-agents.<name>.tags": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Tags for the agent.\n", "example": {"_type": "literalExpression", "text": "{\n  docker = \"true\";\n  queue = \"default\";\n  ruby2 = \"true\";\n}"}, "loc": ["services", "buildkite-agents", "<name>", "tags"], "readOnly": false, "type": "attribute set of (string or list of string)"}, "services.buildkite-agents.<name>.tokenPath": {"declarations": ["nixos/modules/services/continuous-integration/buildkite-agents.nix"], "description": "The token from your Buildkite \"Agents\" page.\n\nA run-time path to the token file, which is supposed to be provisioned\noutside of Nix store.\n", "loc": ["services", "buildkite-agents", "<name>", "tokenPath"], "readOnly": false, "type": "absolute path"}, "services.byedpi.enable": {"declarations": ["nixos/modules/services/networking/byedpi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the ByeDPI service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "byedpi", "enable"], "readOnly": false, "type": "boolean"}, "services.byedpi.extraArgs": {"declarations": ["nixos/modules/services/networking/byedpi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments.", "example": {"_type": "literalExpression", "text": "[\n  \"--split\"\n  \"1\"\n  \"--disorder\"\n  \"3+s\"\n  \"--mod-http=h,d\"\n  \"--auto=torst\"\n  \"--tlsrec\"\n  \"1+s\"\n]"}, "loc": ["services", "byedpi", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.byedpi.package": {"declarations": ["nixos/modules/services/networking/byedpi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.byedpi"}, "description": "The byedpi package to use.", "loc": ["services", "byedpi", "package"], "readOnly": false, "type": "package"}, "services.c2fmzq-server.bindIP": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The local address to use.", "loc": ["services", "c2fmzq-server", "bindIP"], "readOnly": false, "type": "string"}, "services.c2fmzq-server.enable": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable c2fmzq-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "c2fmzq-server", "enable"], "readOnly": false, "type": "boolean"}, "services.c2fmzq-server.package": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.c2fmzq"}, "description": "The c2fmzq package to use.", "loc": ["services", "c2fmzq-server", "package"], "readOnly": false, "type": "package"}, "services.c2fmzq-server.passphraseFile": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "description": "Path to file containing the database passphrase", "example": {"_type": "literalExpression", "text": "\"/run/secrets/c2fmzq/pwfile\""}, "loc": ["services", "c2fmzq-server", "passphraseFile"], "readOnly": false, "type": "string"}, "services.c2fmzq-server.port": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The local port to use.", "loc": ["services", "c2fmzq-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.c2fmzq-server.settings": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "description": "Configuration for c2FmZQ-server passed as CLI arguments.\nRun {command}`c2FmZQ-server help` for supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  allow-new-accounts = true;\n  auto-approve-new-accounts = true;\n  enable-webapp = true;\n  encrypt-metadata = true;\n  verbose = 3;\n}"}, "loc": ["services", "c2fmzq-server", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or signed integer or string)"}, "services.c2fmzq-server.settings.database": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "default": {"_type": "literalExpression", "text": "\"%S/c2fmzq-server/data\""}, "description": "Path of the database", "loc": ["services", "c2fmzq-server", "settings", "database"], "readOnly": false, "type": "string"}, "services.c2fmzq-server.settings.verbose": {"declarations": ["nixos/modules/services/web-apps/c2fmzq-server.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "The level of logging verbosity: 1:Error 2:Info 3:Debug", "loc": ["services", "c2fmzq-server", "settings", "verbose"], "readOnly": false, "type": "integer between 1 and 3 (both inclusive)"}, "services.cachefilesd.cacheDir": {"declarations": ["nixos/modules/services/network-filesystems/cachefilesd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/fscache\""}, "description": "Directory to contain filesystem cache.", "loc": ["services", "cachefilesd", "cacheDir"], "readOnly": false, "type": "string"}, "services.cachefilesd.enable": {"declarations": ["nixos/modules/services/network-filesystems/cachefilesd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cachefilesd network filesystems caching daemon.", "loc": ["services", "cachefilesd", "enable"], "readOnly": false, "type": "boolean"}, "services.cachefilesd.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/cachefilesd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration file entries. See {manpage}`cachefilesd.conf(5)` for more information.", "example": {"_type": "literalExpression", "text": "\"brun 10%\""}, "loc": ["services", "cachefilesd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.cachix-agent.credentialsFile": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/cachix-agent.token\""}, "description": "Required file that needs to contain CACHIX_AGENT_TOKEN=...\n", "loc": ["services", "cachix-agent", "credentialsFile"], "readOnly": false, "type": "absolute path"}, "services.cachix-agent.enable": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cachix Deploy Agent: <https://docs.cachix.org/deploy/>.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cachix-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.cachix-agent.host": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cachix uri to use.", "loc": ["services", "cachix-agent", "host"], "readOnly": false, "type": "null or string"}, "services.cachix-agent.name": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"config.networking.hostName\""}, "description": "Agent name, usually same as the hostname", "loc": ["services", "cachix-agent", "name"], "readOnly": false, "type": "string"}, "services.cachix-agent.package": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cachix"}, "description": "The cachix package to use.", "loc": ["services", "cachix-agent", "package"], "readOnly": false, "type": "package"}, "services.cachix-agent.profile": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Profile name, defaults to 'system' (NixOS).", "loc": ["services", "cachix-agent", "profile"], "readOnly": false, "type": "null or string"}, "services.cachix-agent.verbose": {"declarations": ["nixos/modules/services/system/cachix-agent/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable verbose output", "loc": ["services", "cachix-agent", "verbose"], "readOnly": false, "type": "boolean"}, "services.cachix-watch-store.cacheName": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "description": "Cachix binary cache name", "loc": ["services", "cachix-watch-store", "cacheName"], "readOnly": false, "type": "string"}, "services.cachix-watch-store.cachixTokenFile": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "description": "Required file that needs to contain the cachix auth token.\n", "loc": ["services", "cachix-watch-store", "cachixTokenFile"], "readOnly": false, "type": "absolute path"}, "services.cachix-watch-store.compressionLevel": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The compression level for ZSTD compression (between 0 and 16)", "loc": ["services", "cachix-watch-store", "compressionLevel"], "readOnly": false, "type": "null or integer between 0 and 16 (both inclusive)"}, "services.cachix-watch-store.enable": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cachix Watch Store: <https://docs.cachix.org>.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cachix-watch-store", "enable"], "readOnly": false, "type": "boolean"}, "services.cachix-watch-store.host": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cachix host to connect to", "loc": ["services", "cachix-watch-store", "host"], "readOnly": false, "type": "null or string"}, "services.cachix-watch-store.jobs": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of threads used for pushing store paths", "loc": ["services", "cachix-watch-store", "jobs"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.cachix-watch-store.package": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cachix"}, "description": "The cachix package to use.", "loc": ["services", "cachix-watch-store", "package"], "readOnly": false, "type": "package"}, "services.cachix-watch-store.signingKeyFile": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional file containing a self-managed signing key to sign uploaded store paths.\n", "loc": ["services", "cachix-watch-store", "signingKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.cachix-watch-store.verbose": {"declarations": ["nixos/modules/services/system/cachix-watch-store.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable verbose output", "loc": ["services", "cachix-watch-store", "verbose"], "readOnly": false, "type": "boolean"}, "services.caddy.acmeCA": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "::: {.note}\nSets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca)\nin the global options block of the resulting Caddyfile.\n:::\n\nThe URL to the ACME CA's directory. It is strongly recommended to set\nthis to `https://acme-staging-v02.api.letsencrypt.org/directory` for\nLet's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)\nwhile testing or in development.\n\nValue `null` should be prefered for production setups,\nas it omits the `acme_ca` option to enable\n[automatic issuer fallback](https://caddyserver.com/docs/automatic-https#issuer-fallback).\n", "example": {"_type": "literalExpression", "text": "\"https://acme-v02.api.letsencrypt.org/directory\""}, "loc": ["services", "caddy", "acmeCA"], "readOnly": false, "type": "null or string"}, "services.caddy.adapter": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "if ((cfg.configFile != configFile) || (baseNameOf cfg.configFile) == \"Caddyfile\") then \"caddyfile\" else null\n"}, "description": "Name of the config adapter to use.\nSee <https://caddyserver.com/docs/config-adapters>\nfor the full list.\n\nIf `null` is specified, the `--adapter` argument is omitted when\nstarting or restarting Caddy. Notably, this allows specification of a\nconfiguration file in Caddy's native JSON format, as long as the\nfilename does not start with `Caddyfile` (in which case the `caddyfile`\nadapter is implicitly enabled). See\n<https://caddyserver.com/docs/command-line#caddy-run> for details.\n\n::: {.note}\nAny value other than `null` or `caddyfile` is only valid when providing\nyour own `configFile`.\n:::\n", "example": {"_type": "literalExpression", "text": "nginx"}, "loc": ["services", "caddy", "adapter"], "readOnly": false, "type": "null or string"}, "services.caddy.configFile": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"A Caddyfile automatically generated by values from services.caddy.*\""}, "description": "Override the configuration file used by Caddy. By default,\nNixOS generates one automatically.\n\nThe configuration file is exposed at {file}`/etc/caddy/caddy_config`.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"Caddyfile\" ''\n  example.com\n\n  root * /var/www/wordpress\n  php_fastcgi unix//run/php/php-version-fpm.sock\n  file_server\n'';\n"}, "loc": ["services", "caddy", "configFile"], "readOnly": false, "type": "absolute path"}, "services.caddy.dataDir": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/caddy\""}, "description": "The data directory for caddy.\n\n::: {.note}\nIf left as the default value this directory will automatically be created\nbefore the Caddy server starts, otherwise you are responsible for ensuring\nthe directory exists with appropriate ownership and permissions.\n\nCaddy v2 replaced `CADDYPATH` with XDG directories.\nSee <https://caddyserver.com/docs/conventions#file-locations>.\n:::\n", "loc": ["services", "caddy", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.caddy.email": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your email address. Mainly used when creating an ACME account with your\nCA, and is highly recommended in case there are problems with your\ncertificates.\n", "loc": ["services", "caddy", "email"], "readOnly": false, "type": "null or string"}, "services.caddy.enable": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Caddy web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "caddy", "enable"], "readOnly": false, "type": "boolean"}, "services.caddy.enableReload": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Reload Caddy instead of restarting it when configuration file changes.\n\nNote that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin)\nto not be turned off.\n\nIf you enable this option, consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period)\nto a non-infinite value in {option}`services.caddy.globalConfig`\nto prevent Caddy waiting for active connections to finish,\nwhich could delay the reload essentially indefinitely.\n", "loc": ["services", "caddy", "enableReload"], "readOnly": false, "type": "boolean"}, "services.caddy.environmentFile": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nYou can use environment variables to pass secrets to the service without adding\nthem to the world-redable nix store.\n\n```\n# in configuration.nix\nservices.caddy.environmentFile = \"/run/secrets/caddy.env\";\nservices.caddy.globalConfig = ''\n  {\n    acme_ca https://acme.zerossl.com/v2/DV90\n    acme_eab {\n      key_id {$EAB_KEY_ID}\n      mac_key {$EAB_MAC_KEY}\n    }\n  }\n'';\n```\n\n```\n# in /run/secrets/caddy.env\nEAB_KEY_ID=secret\nEAB_MAC_KEY=secret\n```\n\nFind more examples\n[here](https://caddyserver.com/docs/caddyfile/concepts#environment-variables)\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/caddy.env\""}, "loc": ["services", "caddy", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.caddy.extraConfig": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to the automatically\ngenerated `Caddyfile`.\n", "example": {"_type": "literalExpression", "text": "''\n  example.com {\n    encode gzip\n    log\n    root /srv/http\n  }\n''"}, "loc": ["services", "caddy", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.caddy.globalConfig": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to the global config section\nof the `Caddyfile`.\n\nRefer to <https://caddyserver.com/docs/caddyfile/options#global-options>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "''\n  debug\n  servers {\n    protocol {\n      experimental_http3\n    }\n  }\n''"}, "loc": ["services", "caddy", "globalConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.caddy.group": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"caddy\""}, "description": "Group under which caddy runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the group exists before the Caddy service starts.\n:::\n", "loc": ["services", "caddy", "group"], "readOnly": false, "type": "string"}, "services.caddy.httpPort": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "The default port to listen on for HTTP traffic.\n", "loc": ["services", "caddy", "httpPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.caddy.httpsPort": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "The default port to listen on for HTTPS traffic.\nWill also be used for HTTP/3.\n", "loc": ["services", "caddy", "httpsPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.caddy.logDir": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/caddy\""}, "description": "Directory for storing Caddy access logs.\n\n::: {.note}\nIf left as the default value this directory will automatically be created\nbefore the Caddy server starts, otherwise the sysadmin is responsible for\nensuring the directory exists with appropriate ownership and permissions.\n:::\n", "loc": ["services", "caddy", "logDir"], "readOnly": false, "type": "absolute path"}, "services.caddy.logFormat": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "''\n  level ERROR\n''"}, "description": "Configuration for the default logger. See\n<https://caddyserver.com/docs/caddyfile/options#log>\nfor details.\n", "example": {"_type": "literalExpression", "text": "mkForce \"level INFO\";\n"}, "loc": ["services", "caddy", "logFormat"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.caddy.openFirewall": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the specified http(s) ports in the firewall.\nAny port set to `null` will not be opened.\n\n::: {.note}\nIf you use other ports for your virtual hosts, you need to open them manually.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "caddy", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.caddy.package": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.caddy"}, "description": "The caddy package to use.", "loc": ["services", "caddy", "package"], "readOnly": false, "type": "package"}, "services.caddy.resume": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use saved config, if any (and prefer over any specified configuration passed with `--config`).\n", "loc": ["services", "caddy", "resume"], "readOnly": false, "type": "boolean"}, "services.caddy.settings": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structured configuration for Caddy to generate a Caddy JSON configuration file.\nSee <https://caddyserver.com/docs/json/> for available options.\n\n::: {.warning}\nUsing a [Caddyfile](https://caddyserver.com/docs/caddyfile) instead of a JSON config is highly recommended by upstream.\nThere are only very few exception to this.\n\nPlease use a Caddyfile via {option}`services.caddy.configFile`, {option}`services.caddy.virtualHosts` or\n{option}`services.caddy.extraConfig` with {option}`services.caddy.globalConfig` instead.\n:::\n\n::: {.note}\nTakes presence over most `services.caddy.*` options, such as {option}`services.caddy.configFile` and {option}`services.caddy.virtualHosts`, if specified.\n:::\n", "loc": ["services", "caddy", "settings"], "readOnly": false, "type": "JSON value"}, "services.caddy.user": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"caddy\""}, "description": "User account under which caddy runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the Caddy service starts.\n:::\n", "loc": ["services", "caddy", "user"], "readOnly": false, "type": "string"}, "services.caddy.virtualHosts": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative specification of virtual hosts served by Caddy.\n", "example": {"_type": "literalExpression", "text": "{\n  \"hydra.example.com\" = {\n    serverAliases = [ \"www.hydra.example.com\" ];\n    extraConfig = ''\n      encode gzip\n      root * /srv/http\n    '';\n  };\n};\n"}, "loc": ["services", "caddy", "virtualHosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.caddy.virtualHosts.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to this virtual host in the\nautomatically generated `Caddyfile`.\n", "loc": ["services", "caddy", "virtualHosts", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.caddy.virtualHosts.<name>.hostName": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "caddy", "virtualHosts", "<name>", "hostName"], "readOnly": false, "type": "string"}, "services.caddy.virtualHosts.<name>.listenAddresses": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of host interfaces to bind to for this virtual host.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "loc": ["services", "caddy", "virtualHosts", "<name>", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.caddy.virtualHosts.<name>.logFormat": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "''\n  output file ''${config.services.caddy.logDir}/access-''${hostName}.log\n''"}, "description": "Configuration for HTTP request logging (also known as access logs). See\n<https://caddyserver.com/docs/caddyfile/directives/log#log>\nfor details.\n", "example": {"_type": "literalExpression", "text": "mkForce ''\n  output discard\n'';\n"}, "loc": ["services", "caddy", "virtualHosts", "<name>", "logFormat"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.caddy.virtualHosts.<name>.serverAliases": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "caddy", "virtualHosts", "<name>", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.caddy.virtualHosts.<name>.useACMEHost": {"declarations": ["nixos/modules/services/web-servers/caddy/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is mostly useful if you use DNS challenges but Caddy does not\ncurrently support your provider.\n\n*Note that this option does not create any certificates, nor\ndoes it add subdomains to existing ones \u2013 you will need to create them\nmanually using [](#opt-security.acme.certs).*\n", "loc": ["services", "caddy", "virtualHosts", "<name>", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.cadvisor.enable": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cadvisor service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cadvisor", "enable"], "readOnly": false, "type": "boolean"}, "services.cadvisor.extraOptions": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional cadvisor options.\n\nSee <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options.\n", "loc": ["services", "cadvisor", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.cadvisor.listenAddress": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Cadvisor listening host", "loc": ["services", "cadvisor", "listenAddress"], "readOnly": false, "type": "string"}, "services.cadvisor.port": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Cadvisor listening port", "loc": ["services", "cadvisor", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cadvisor.storageDriver": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cadvisor storage driver.", "example": {"_type": "literalExpression", "text": "\"influxdb\""}, "loc": ["services", "cadvisor", "storageDriver"], "readOnly": false, "type": "null or string"}, "services.cadvisor.storageDriverDb": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Cadvisord storage driver database name.", "loc": ["services", "cadvisor", "storageDriverDb"], "readOnly": false, "type": "string"}, "services.cadvisor.storageDriverHost": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:8086\""}, "description": "Cadvisor storage driver host.", "loc": ["services", "cadvisor", "storageDriverHost"], "readOnly": false, "type": "string"}, "services.cadvisor.storageDriverPassword": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Cadvisor storage driver password.\n\nWarning: this password is stored in the world-readable Nix store. It's\nrecommended to use the {option}`storageDriverPasswordFile` option\nsince that gives you control over the security of the password.\n{option}`storageDriverPasswordFile` also takes precedence over {option}`storageDriverPassword`.\n", "loc": ["services", "cadvisor", "storageDriverPassword"], "readOnly": false, "type": "string"}, "services.cadvisor.storageDriverPasswordFile": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "description": "File that contains the cadvisor storage driver password.\n\n{option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword`\n\nWarning: when {option}`storageDriverPassword` is non-empty this defaults to a file in the\nworld-readable Nix store that contains the value of {option}`storageDriverPassword`.\n\nIt's recommended to override this with a path not in the Nix store.\nTip: use [nixops key management](https://nixos.org/nixops/manual/#idm140737318306400)\n", "loc": ["services", "cadvisor", "storageDriverPasswordFile"], "readOnly": false, "type": "string"}, "services.cadvisor.storageDriverSecure": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Cadvisor storage driver, enable secure communication.", "loc": ["services", "cadvisor", "storageDriverSecure"], "readOnly": false, "type": "boolean"}, "services.cadvisor.storageDriverUser": {"declarations": ["nixos/modules/services/monitoring/cadvisor.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Cadvisor storage driver username.", "loc": ["services", "cadvisor", "storageDriverUser"], "readOnly": false, "type": "string"}, "services.cage.enable": {"declarations": ["nixos/modules/services/wayland/cage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cage kiosk service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cage", "enable"], "readOnly": false, "type": "boolean"}, "services.cage.environment": {"declarations": ["nixos/modules/services/wayland/cage.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to pass to Cage.", "example": {"_type": "literalExpression", "text": "{\n  WLR_LIBINPUT_NO_DEVICES = \"1\";\n}"}, "loc": ["services", "cage", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.cage.extraArguments": {"declarations": ["nixos/modules/services/wayland/cage.nix"], "default": {"_type": "literalExpression", "text": "[]"}, "description": "Additional command line arguments to pass to Cage.", "example": {"_type": "literalExpression", "text": "[\n  \"-d\"\n]"}, "loc": ["services", "cage", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.cage.package": {"declarations": ["nixos/modules/services/wayland/cage.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cage"}, "description": "The cage package to use.", "loc": ["services", "cage", "package"], "readOnly": false, "type": "package"}, "services.cage.program": {"declarations": ["nixos/modules/services/wayland/cage.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.xterm}/bin/xterm\""}, "description": "Program to run in cage.\n", "loc": ["services", "cage", "program"], "readOnly": false, "type": "absolute path"}, "services.cage.user": {"declarations": ["nixos/modules/services/wayland/cage.nix"], "default": {"_type": "literalExpression", "text": "\"demo\""}, "description": "User to log-in as.\n", "loc": ["services", "cage", "user"], "readOnly": false, "type": "string"}, "services.calibre-server.auth.enable": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Password based authentication to access the server.\nSee the [calibre-server documentation](https://manual.calibre-ebook.com/generated/en/calibre-server.html#cmdoption-calibre-server-enable-auth) for details.\n", "loc": ["services", "calibre-server", "auth", "enable"], "readOnly": false, "type": "boolean"}, "services.calibre-server.auth.mode": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Choose the type of authentication used.\nSet the HTTP authentication mode used by the server.\nSee the [calibre-server documentation](https://manual.calibre-ebook.com/generated/en/calibre-server.html#cmdoption-calibre-server-auth-mode) for details.\n", "loc": ["services", "calibre-server", "auth", "mode"], "readOnly": false, "type": "one of \"auto\", \"basic\", \"digest\""}, "services.calibre-server.auth.userDb": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Choose users database file to use for authentication.\nMake sure users database file is initialized before service startup.\nSee the [calibre-server documentation](https://manual.calibre-ebook.com/server.html#managing-user-accounts-from-the-command-line-only) for details.\n", "loc": ["services", "calibre-server", "auth", "userDb"], "readOnly": false, "type": "null or absolute path"}, "services.calibre-server.enable": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable calibre-server (e-book software).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "calibre-server", "enable"], "readOnly": false, "type": "boolean"}, "services.calibre-server.extraFlags": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to the calibre-server command.\nSee the [calibre-server documentation](https://manual.calibre-ebook.com/generated/en/calibre-server.html) for details.\n", "loc": ["services", "calibre-server", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.calibre-server.group": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "\"calibre-server\""}, "description": "The group under which calibre-server runs.", "loc": ["services", "calibre-server", "group"], "readOnly": false, "type": "string"}, "services.calibre-server.host": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The interface on which to listen for connections.\nSee the [calibre-server documentation](https://manual.calibre-ebook.com/generated/en/calibre-server.html#cmdoption-calibre-server-listen-on) for details.\n", "example": {"_type": "literalExpression", "text": "\"::1\""}, "loc": ["services", "calibre-server", "host"], "readOnly": false, "type": "string"}, "services.calibre-server.libraries": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/var/lib/calibre-server\"\n]"}, "description": "Make sure each library path is initialized before service startup.\nThe directories of the libraries to serve. They must be readable for the user under which the server runs.\nSee the [calibredb documentation](https://manual.calibre-ebook.com/generated/en/calibredb.html#add) for details.\n", "loc": ["services", "calibre-server", "libraries"], "readOnly": false, "type": "list of absolute path"}, "services.calibre-server.openFirewall": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Calibre Server web interface.", "loc": ["services", "calibre-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.calibre-server.package": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.calibre"}, "description": "The calibre package to use.", "loc": ["services", "calibre-server", "package"], "readOnly": false, "type": "package"}, "services.calibre-server.port": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port on which to listen for connections.\nSee the [calibre-server documentation](https://manual.calibre-ebook.com/generated/en/calibre-server.html#cmdoption-calibre-server-port) for details.\n", "loc": ["services", "calibre-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.calibre-server.user": {"declarations": ["nixos/modules/services/misc/calibre-server.nix"], "default": {"_type": "literalExpression", "text": "\"calibre-server\""}, "description": "The user under which calibre-server runs.", "loc": ["services", "calibre-server", "user"], "readOnly": false, "type": "string"}, "services.calibre-web.dataDir": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "\"calibre-web\""}, "description": "Where Calibre-Web stores its data.\nEither an absolute path, or the directory name below {file}`/var/lib`.\n", "loc": ["services", "calibre-web", "dataDir"], "readOnly": false, "type": "string"}, "services.calibre-web.enable": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Calibre-Web.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "calibre-web", "enable"], "readOnly": false, "type": "boolean"}, "services.calibre-web.group": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "\"calibre-web\""}, "description": "Group account under which Calibre-Web runs.", "loc": ["services", "calibre-web", "group"], "readOnly": false, "type": "string"}, "services.calibre-web.listen.ip": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "\"::1\""}, "description": "IP address that Calibre-Web should listen on.\n", "loc": ["services", "calibre-web", "listen", "ip"], "readOnly": false, "type": "string"}, "services.calibre-web.listen.port": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "8083"}, "description": "Listen port for Calibre-Web.\n", "loc": ["services", "calibre-web", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.calibre-web.openFirewall": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the server.\n", "loc": ["services", "calibre-web", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.calibre-web.options.calibreLibrary": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to Calibre library.\n", "loc": ["services", "calibre-web", "options", "calibreLibrary"], "readOnly": false, "type": "null or absolute path"}, "services.calibre-web.options.enableBookConversion": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure path to the Calibre's ebook-convert in the DB.\n", "loc": ["services", "calibre-web", "options", "enableBookConversion"], "readOnly": false, "type": "boolean"}, "services.calibre-web.options.enableBookUploading": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow books to be uploaded via Calibre-Web UI.\n", "loc": ["services", "calibre-web", "options", "enableBookUploading"], "readOnly": false, "type": "boolean"}, "services.calibre-web.options.enableKepubify": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kepub conversion support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "calibre-web", "options", "enableKepubify"], "readOnly": false, "type": "boolean"}, "services.calibre-web.options.reverseProxyAuth.enable": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable authorization using auth proxy.\n", "loc": ["services", "calibre-web", "options", "reverseProxyAuth", "enable"], "readOnly": false, "type": "boolean"}, "services.calibre-web.options.reverseProxyAuth.header": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Auth proxy header name.\n", "loc": ["services", "calibre-web", "options", "reverseProxyAuth", "header"], "readOnly": false, "type": "string"}, "services.calibre-web.package": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "pkgs.calibre-web"}, "description": "The calibre-web package to use.", "loc": ["services", "calibre-web", "package"], "readOnly": false, "type": "package"}, "services.calibre-web.user": {"declarations": ["nixos/modules/services/web-apps/calibre-web.nix"], "default": {"_type": "literalExpression", "text": "\"calibre-web\""}, "description": "User account under which Calibre-Web runs.", "loc": ["services", "calibre-web", "user"], "readOnly": false, "type": "string"}, "services.canaille.enable": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Canaille.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "canaille", "enable"], "readOnly": false, "type": "boolean"}, "services.canaille.jwtPrivateKeyFile": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the JWT private key. Make sure it has appropriate permissions.\n\nYou can generate one using\n```\nopenssl genrsa -out private.pem 4096\nopenssl rsa -in private.pem -pubout -outform PEM -out public.pem\n```\n", "loc": ["services", "canaille", "jwtPrivateKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.canaille.ldapBindPasswordFile": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the LDAP bind password.\n", "loc": ["services", "canaille", "ldapBindPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.canaille.package": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "pkgs.canaille"}, "description": "The canaille package to use.", "loc": ["services", "canaille", "package"], "readOnly": false, "type": "package"}, "services.canaille.secretKeyFile": {"declarations": ["nixos/modules/services/security/canaille.nix"], "description": "File containing the Flask secret key. Its content is going to be\nprovided to Canaille as `SECRET_KEY`. Make sure it has appropriate\npermissions. For example, copy the output of this to the specified\nfile:\n\n```\npython3 -c 'import secrets; print(secrets.token_hex())'\n```\n", "loc": ["services", "canaille", "secretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.canaille.settings": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for Canaille. See [the documentation](https://canaille.readthedocs.io/en/latest/references/configuration.html) for details.", "loc": ["services", "canaille", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.canaille.settings.CANAILLE.ACL": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Access Control Lists.\n\nSee also [the documentation](https://canaille.readthedocs.io/en/latest/references/configuration.html#canaille.core.configuration.ACLSettings).\n", "loc": ["services", "canaille", "settings", "CANAILLE", "ACL"], "readOnly": false, "type": "null or (open submodule of (TOML value))"}, "services.canaille.settings.CANAILLE.SMTP": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP configuration. By default, sending emails is not enabled.\n\nSet to an empty attrs to send emails from localhost without\nauthentication.\n\nSee also [the documentation](https://canaille.readthedocs.io/en/latest/references/configuration.html#canaille.core.configuration.SMTPSettings).\n", "example": {"_type": "literalExpression", "text": "{ }"}, "loc": ["services", "canaille", "settings", "CANAILLE", "SMTP"], "readOnly": false, "type": "null or (open submodule of (TOML value))"}, "services.canaille.settings.CANAILLE.SMTP.PASSWORD": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP Password. Can't be set and has to be provided using\n`services.canaille.smtpPasswordFile`.\n", "loc": ["services", "canaille", "settings", "CANAILLE", "SMTP", "PASSWORD"], "readOnly": true, "type": "null or string"}, "services.canaille.settings.CANAILLE_LDAP": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for the LDAP backend. This storage backend is not\nyet supported by the module, so use at your own risk!\n", "loc": ["services", "canaille", "settings", "CANAILLE_LDAP"], "readOnly": false, "type": "null or (open submodule of (TOML value))"}, "services.canaille.settings.CANAILLE_LDAP.BIND_PW": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The LDAP bind password. Can't be set and has to be provided using\n`services.canaille.ldapBindPasswordFile`.\n", "loc": ["services", "canaille", "settings", "CANAILLE_LDAP", "BIND_PW"], "readOnly": true, "type": "null or string"}, "services.canaille.settings.CANAILLE_OIDC": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OpenID Connect settings. See [the documentation](https://canaille.readthedocs.io/en/latest/references/configuration.html#canaille.oidc.configuration.OIDCSettings).\n", "loc": ["services", "canaille", "settings", "CANAILLE_OIDC"], "readOnly": false, "type": "null or (open submodule of (TOML value))"}, "services.canaille.settings.CANAILLE_OIDC.JWT.PRIVATE_KEY": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "JWT private key. Can't be set and has to be provided using\n`services.canaille.jwtPrivateKeyFile`.\n", "loc": ["services", "canaille", "settings", "CANAILLE_OIDC", "JWT", "PRIVATE_KEY"], "readOnly": true, "type": "null or string"}, "services.canaille.settings.CANAILLE_SQL.DATABASE_URI": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql://localhost/canaille?host=/run/postgresql\""}, "description": "The SQL server URI. Will configure a local PostgreSQL db if\nleft to default. Please note that the NixOS module only really\nsupports PostgreSQL for now. Change at your own risk!\n", "loc": ["services", "canaille", "settings", "CANAILLE_SQL", "DATABASE_URI"], "readOnly": false, "type": "string"}, "services.canaille.settings.PREFERRED_URL_SCHEME": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "\"https\""}, "description": "The url scheme by which canaille will be served.", "loc": ["services", "canaille", "settings", "PREFERRED_URL_SCHEME"], "readOnly": false, "type": "one of \"http\", \"https\""}, "services.canaille.settings.SECRET_KEY": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Flask Secret Key. Can't be set and must be provided through\n`services.canaille.settings.secretKeyFile`.\n", "loc": ["services", "canaille", "settings", "SECRET_KEY"], "readOnly": true, "type": "null or string"}, "services.canaille.settings.SERVER_NAME": {"declarations": ["nixos/modules/services/security/canaille.nix"], "description": "The domain name on which canaille will be served.", "example": {"_type": "literalExpression", "text": "\"auth.example.org\""}, "loc": ["services", "canaille", "settings", "SERVER_NAME"], "readOnly": false, "type": "string"}, "services.canaille.smtpPasswordFile": {"declarations": ["nixos/modules/services/security/canaille.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the SMTP password. Make sure it has appropriate permissions.\n", "loc": ["services", "canaille", "smtpPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.canto-daemon.enable": {"declarations": ["nixos/modules/services/misc/canto-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the canto RSS daemon.", "loc": ["services", "canto-daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.cassandra.allowClients": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables the native transport server (CQL binary protocol).\nThis server uses the same address as the {option}`rpcAddress`,\nbut the port it uses is not `rpc_port` but\n`native_transport_port`. See the official Cassandra\ndocs for more information on these variables and set them using\n{option}`extraConfig`.\n", "loc": ["services", "cassandra", "allowClients"], "readOnly": false, "type": "boolean"}, "services.cassandra.clusterName": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"Test Cluster\""}, "description": "The name of the cluster.\nThis setting prevents nodes in one logical cluster from joining\nanother. All nodes in a cluster must have the same value.\n", "loc": ["services", "cassandra", "clusterName"], "readOnly": false, "type": "string"}, "services.cassandra.enable": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Cassandra \u2013 Scalable and highly available database\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cassandra", "enable"], "readOnly": false, "type": "boolean"}, "services.cassandra.extraConfig": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options to be merged into {file}`cassandra.yaml` as nix attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  commitlog_sync_batch_window_in_ms = 3;\n}"}, "loc": ["services", "cassandra", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.cassandra.extraEnvSh": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra shell lines to be appended onto {file}`cassandra-env.sh`.\n", "example": {"_type": "literalExpression", "text": "\"CLASSPATH=$CLASSPATH:${extraJar}\""}, "loc": ["services", "cassandra", "extraEnvSh"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.cassandra.fullRepairInterval": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"3w\""}, "description": "Set the interval how often full repairs are run, i.e.\n{command}`nodetool repair --full` is executed. See\n<https://cassandra.apache.org/doc/latest/operating/repair.html>\nfor more information.\n\nSet to `null` to disable full repairs.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "cassandra", "fullRepairInterval"], "readOnly": false, "type": "null or string"}, "services.cassandra.fullRepairOptions": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Options passed through to the full repair command.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--partitioner-range\"\n]"}, "loc": ["services", "cassandra", "fullRepairOptions"], "readOnly": false, "type": "list of string"}, "services.cassandra.group": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"cassandra\""}, "description": "Run Apache Cassandra under this group.", "loc": ["services", "cassandra", "group"], "readOnly": false, "type": "string"}, "services.cassandra.heapNewSize": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Must be left blank or set together with {option}`heapNewSize`.\nIf left blank a sensible value for the available amount of RAM and CPU\ncores is calculated.\n\nOverride to set the amount of memory to allocate to the JVM at\nstart-up. For production use you may wish to adjust this for your\nenvironment. `HEAP_NEWSIZE` refers to the size of the young\ngeneration.\n\nThe main trade-off for the young generation is that the larger it\nis, the longer GC pause times will be. The shorter it is, the more\nexpensive GC will be (usually).\n\nThe example `HEAP_NEWSIZE` assumes a modern 8-core+ machine for decent pause\ntimes. If in doubt, and if you do not particularly want to tweak, go with\n100 MB per physical CPU core.\n", "example": {"_type": "literalExpression", "text": "\"800M\""}, "loc": ["services", "cassandra", "heapNewSize"], "readOnly": false, "type": "null or string"}, "services.cassandra.homeDir": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cassandra\""}, "description": "Home directory for Apache Cassandra.\n", "loc": ["services", "cassandra", "homeDir"], "readOnly": false, "type": "absolute path"}, "services.cassandra.incrementalRepairInterval": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"3d\""}, "description": "Set the interval how often incremental repairs are run, i.e.\n{command}`nodetool repair` is executed. See\n<https://cassandra.apache.org/doc/latest/operating/repair.html>\nfor more information.\n\nSet to `null` to disable incremental repairs.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "cassandra", "incrementalRepairInterval"], "readOnly": false, "type": "null or string"}, "services.cassandra.incrementalRepairOptions": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Options passed through to the incremental repair command.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--partitioner-range\"\n]"}, "loc": ["services", "cassandra", "incrementalRepairOptions"], "readOnly": false, "type": "list of string"}, "services.cassandra.jmxPort": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "7199"}, "description": "Specifies the default port over which Cassandra will be available for\nJMX connections.\nFor security reasons, you should not expose this port to the internet.\nFirewall it if needed.\n", "loc": ["services", "cassandra", "jmxPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cassandra.jmxRoles": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Roles that are allowed to access the JMX (e.g. {command}`nodetool`)\nBEWARE: The passwords will be stored world readable in the nix store.\n        It's recommended to use your own protected file using\n        {option}`jmxRolesFile`\n\nDoesn't work in versions older than 3.11 because they don't like that\nit's world readable.\n", "loc": ["services", "cassandra", "jmxRoles"], "readOnly": false, "type": "list of (submodule)"}, "services.cassandra.jmxRoles.*.password": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "description": "Password for JMX", "loc": ["services", "cassandra", "jmxRoles", "*", "password"], "readOnly": false, "type": "string"}, "services.cassandra.jmxRoles.*.username": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "description": "Username for JMX", "loc": ["services", "cassandra", "jmxRoles", "*", "username"], "readOnly": false, "type": "string"}, "services.cassandra.jmxRolesFile": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"generated configuration file\""}, "description": "Specify your own jmx roles file.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/cassandra/jmx.password\""}, "loc": ["services", "cassandra", "jmxRolesFile"], "readOnly": false, "type": "null or absolute path"}, "services.cassandra.jvmOpts": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Populate the `JVM_OPT` environment variable.\n", "loc": ["services", "cassandra", "jvmOpts"], "readOnly": false, "type": "list of string"}, "services.cassandra.listenAddress": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address or interface to bind to and tell other Cassandra nodes\nto connect to. You _must_ change this if you want multiple\nnodes to be able to communicate!\n\nSet {option}`listenAddress` OR {option}`listenInterface`, not both.\n\nLeaving it blank leaves it up to\n`InetAddress.getLocalHost()`. This will always do the \"Right\nThing\" _if_ the node is properly configured (hostname, name\nresolution, etc), and the Right Thing is to use the address\nassociated with the hostname (it might not be).\n\nSetting {option}`listenAddress` to `0.0.0.0` is always wrong.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "cassandra", "listenAddress"], "readOnly": false, "type": "null or string"}, "services.cassandra.listenInterface": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set `listenAddress` OR `listenInterface`, not both. Interfaces\nmust correspond to a single address, IP aliasing is not\nsupported.\n", "example": {"_type": "literalExpression", "text": "\"eth1\""}, "loc": ["services", "cassandra", "listenInterface"], "readOnly": false, "type": "null or string"}, "services.cassandra.logbackConfig": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "''\n  <configuration scan=\"false\">\n    <appender name=\"STDOUT\" class=\"ch.qos.logback.core.ConsoleAppender\">\n      <encoder>\n        <pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern>\n      </encoder>\n    </appender>\n  \n    <root level=\"INFO\">\n      <appender-ref ref=\"STDOUT\" />\n    </root>\n  \n    <logger name=\"com.thinkaurelius.thrift\" level=\"ERROR\"/>\n  </configuration>\n''"}, "description": "XML logback configuration for cassandra\n", "loc": ["services", "cassandra", "logbackConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.cassandra.mallocArenaMax": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set this to control the amount of arenas per-thread in glibc.\n", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "cassandra", "mallocArenaMax"], "readOnly": false, "type": "null or signed integer"}, "services.cassandra.maxHeapSize": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Must be left blank or set together with {option}`heapNewSize`.\nIf left blank a sensible value for the available amount of RAM and CPU\ncores is calculated.\n\nOverride to set the amount of memory to allocate to the JVM at\nstart-up. For production use you may wish to adjust this for your\nenvironment. `MAX_HEAP_SIZE` is the total amount of memory dedicated\nto the Java heap. `HEAP_NEWSIZE` refers to the size of the young\ngeneration.\n\nThe main trade-off for the young generation is that the larger it\nis, the longer GC pause times will be. The shorter it is, the more\nexpensive GC will be (usually).\n", "example": {"_type": "literalExpression", "text": "\"4G\""}, "loc": ["services", "cassandra", "maxHeapSize"], "readOnly": false, "type": "null or string"}, "services.cassandra.package": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cassandra"}, "description": "The cassandra package to use.", "example": {"_type": "literalExpression", "text": "cassandra_4"}, "loc": ["services", "cassandra", "package"], "readOnly": false, "type": "package"}, "services.cassandra.remoteJmx": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Cassandra ships with JMX accessible *only* from localhost.\nTo enable remote JMX connections set to true.\n\nBe sure to also enable authentication and/or TLS.\nSee: <https://wiki.apache.org/cassandra/JmxSecurity>\n", "loc": ["services", "cassandra", "remoteJmx"], "readOnly": false, "type": "boolean"}, "services.cassandra.rpcAddress": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address or interface to bind the native transport server to.\n\nSet {option}`rpcAddress` OR {option}`rpcInterface`, not both.\n\nLeaving {option}`rpcAddress` blank has the same effect as on\n{option}`listenAddress` (i.e. it will be based on the configured hostname\nof the node).\n\nNote that unlike {option}`listenAddress`, you can specify `\"0.0.0.0\"`, but you\nmust also set `extraConfig.broadcast_rpc_address` to a value other\nthan `\"0.0.0.0\"`.\n\nFor security reasons, you should not expose this port to the\ninternet. Firewall it if needed.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "cassandra", "rpcAddress"], "readOnly": false, "type": "null or string"}, "services.cassandra.rpcInterface": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set {option}`rpcAddress` OR {option}`rpcInterface`, not both. Interfaces must\ncorrespond to a single address, IP aliasing is not supported.\n", "example": {"_type": "literalExpression", "text": "\"eth1\""}, "loc": ["services", "cassandra", "rpcInterface"], "readOnly": false, "type": "null or string"}, "services.cassandra.seedAddresses": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "description": "The addresses of hosts designated as contact points in the cluster. A\njoining node contacts one of the nodes in the seeds list to learn the\ntopology of the ring.\nSet to `[ \"127.0.0.1\" ]` for a single node cluster.\n", "loc": ["services", "cassandra", "seedAddresses"], "readOnly": false, "type": "list of string"}, "services.cassandra.user": {"declarations": ["nixos/modules/services/databases/cassandra.nix"], "default": {"_type": "literalExpression", "text": "\"cassandra\""}, "description": "Run Apache Cassandra under this user.", "loc": ["services", "cassandra", "user"], "readOnly": false, "type": "string"}, "services.castopod.configureNginx": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure nginx as a reverse proxy for CastoPod.", "loc": ["services", "castopod", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.castopod.dataDir": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/castopod\""}, "description": "The path where castopod stores all data. This path must be in sync\nwith the castopod package (where it is hardcoded during the build in\naccordance with its own `dataDir` argument).\n", "loc": ["services", "castopod", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.castopod.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.\n", "loc": ["services", "castopod", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.castopod.database.hostname": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database hostname.", "loc": ["services", "castopod", "database", "hostname"], "readOnly": false, "type": "string"}, "services.castopod.database.name": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "\"castopod\""}, "description": "Database name.", "loc": ["services", "castopod", "database", "name"], "readOnly": false, "type": "string"}, "services.castopod.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n[](#opt-services.castopod.database.user).\n\nThis file is loaded using systemd LoadCredentials.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/castopod-dbpassword\""}, "loc": ["services", "castopod", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.castopod.database.user": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "\"castopod\""}, "description": "Database user.", "loc": ["services", "castopod", "database", "user"], "readOnly": false, "type": "string"}, "services.castopod.enable": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Castopod, a hosting platform for podcasters.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "castopod", "enable"], "readOnly": false, "type": "boolean"}, "services.castopod.environmentFile": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to inject e.g. secrets into the configuration.\nSee [](https://code.castopod.org/adaures/castopod/-/blob/main/.env.example)\nfor available environment variables.\n\nThis file is loaded using systemd LoadCredentials.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/castopod-env\""}, "loc": ["services", "castopod", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.castopod.localDomain": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "description": "The domain serving your CastoPod instance.", "example": {"_type": "literalExpression", "text": "\"castopod.example.org\""}, "loc": ["services", "castopod", "localDomain"], "readOnly": false, "type": "string"}, "services.castopod.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "\"512M\""}, "description": "Maximum supported size for a file upload in. Maximum HTTP body\nsize is set to this value for nginx and PHP (because castopod doesn't\nsupport chunked uploads yet:\nhttps://code.castopod.org/adaures/castopod/-/issues/330).\n\nNote, that practical upload size limit is smaller. For example, with\n512 MiB setting - around 500 MiB is possible.\n", "loc": ["services", "castopod", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.castopod.package": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "pkgs.castopod"}, "description": "The castopod package to use.", "loc": ["services", "castopod", "package"], "readOnly": false, "type": "package"}, "services.castopod.poolSettings": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = \"32\";\n  \"pm.max_requests\" = \"500\";\n  \"pm.max_spare_servers\" = \"4\";\n  \"pm.min_spare_servers\" = \"2\";\n  \"pm.start_servers\" = \"2\";\n}"}, "description": "Options for Castopod's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.\n", "loc": ["services", "castopod", "poolSettings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.castopod.settings": {"declarations": ["nixos/modules/services/web-apps/castopod.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables used for Castopod.\nSee [](https://code.castopod.org/adaures/castopod/-/blob/main/.env.example)\nfor available environment variables.\n", "example": {"_type": "literalExpression", "text": "{\n  \"email.SMTPHost\" = \"localhost\";\n  \"email.SMTPUser\" = \"myuser\";\n  \"email.fromEmail\" = \"castopod@example.com\";\n  \"email.protocol\" = \"smtp\";\n}"}, "loc": ["services", "castopod", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.cato-client.enable": {"declarations": ["nixos/modules/services/networking/cato-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cato-client service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cato-client", "enable"], "readOnly": false, "type": "boolean"}, "services.cato-client.package": {"declarations": ["nixos/modules/services/networking/cato-client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cato-client"}, "description": "The cato-client package to use.", "loc": ["services", "cato-client", "package"], "readOnly": false, "type": "package"}, "services.centrifugo.credentials": {"declarations": ["nixos/modules/services/networking/centrifugo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables with absolute paths to credentials files to load\non service startup.\n", "example": {"_type": "literalExpression", "text": "{\n  CENTRIFUGO_UNI_GRPC_TLS_KEY = \"/run/keys/centrifugo-uni-grpc-tls.key\";\n}"}, "loc": ["services", "centrifugo", "credentials"], "readOnly": false, "type": "attribute set of absolute path"}, "services.centrifugo.enable": {"declarations": ["nixos/modules/services/networking/centrifugo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Centrifugo messaging server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "centrifugo", "enable"], "readOnly": false, "type": "boolean"}, "services.centrifugo.environmentFiles": {"declarations": ["nixos/modules/services/networking/centrifugo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load environment variables from. Options set via environment\nvariables take precedence over {option}`settings`.\n\nSee the [Centrifugo documentation] for the environment variable name\nformat.\n\n[Centrifugo documentation]: https://centrifugal.dev/docs/server/configuration#os-environment-variables\n", "loc": ["services", "centrifugo", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.centrifugo.extraGroups": {"declarations": ["nixos/modules/services/networking/centrifugo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional groups for the systemd service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"redis-centrifugo\"\n]"}, "loc": ["services", "centrifugo", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.centrifugo.package": {"declarations": ["nixos/modules/services/networking/centrifugo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.centrifugo"}, "description": "The centrifugo package to use.", "loc": ["services", "centrifugo", "package"], "readOnly": false, "type": "package"}, "services.centrifugo.settings": {"declarations": ["nixos/modules/services/networking/centrifugo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative Centrifugo configuration. See the [Centrifugo\ndocumentation] for a list of options.\n\n[Centrifugo documentation]: https://centrifugal.dev/docs/server/configuration\n", "loc": ["services", "centrifugo", "settings"], "readOnly": false, "type": "JSON value"}, "services.ceph.client.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph client configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.client.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the client section. Configuration for rados gateways\nwould be added here, with their own sections, see example.\n", "example": {"_type": "literalExpression", "text": "{\n  # This would create a section for a radosgw daemon named node0 and related\n  # configuration for it\n  \"client.radosgw.node0\" = { \"some config option\" = \"true\"; };\n};\n"}, "loc": ["services", "ceph", "client", "extraConfig"], "readOnly": false, "type": "attribute set of attribute set of string"}, "services.ceph.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph global configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the global section. Use for setting values that are common for all daemons in the cluster.\n", "example": {"_type": "literalExpression", "text": "{\n  \"ms bind ipv6\" = \"true\";\n}"}, "loc": ["services", "ceph", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.ceph.global.authClientRequired": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "\"cephx\""}, "description": "Enables requiring the cluster to authenticate itself to the client.\n", "loc": ["services", "ceph", "global", "authClientRequired"], "readOnly": false, "type": "one of \"cephx\", \"none\""}, "services.ceph.global.authClusterRequired": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "\"cephx\""}, "description": "Enables requiring daemons to authenticate with eachother in the cluster.\n", "loc": ["services", "ceph", "global", "authClusterRequired"], "readOnly": false, "type": "one of \"cephx\", \"none\""}, "services.ceph.global.authServiceRequired": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "\"cephx\""}, "description": "Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).\n", "loc": ["services", "ceph", "global", "authServiceRequired"], "readOnly": false, "type": "one of \"cephx\", \"none\""}, "services.ceph.global.clusterName": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "\"ceph\""}, "description": "Name of cluster\n", "loc": ["services", "ceph", "global", "clusterName"], "readOnly": false, "type": "string"}, "services.ceph.global.clusterNetwork": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A comma-separated list of subnets that will be used as cluster networks in the cluster.\n", "example": {"_type": "literalExpression", "text": "''\n  10.10.0.0/24, 192.168.0.0/24\n''"}, "loc": ["services", "ceph", "global", "clusterNetwork"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.ceph.global.fsid": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "description": "Filesystem ID, a generated uuid, its must be generated and set before\nattempting to start a cluster\n", "example": {"_type": "literalExpression", "text": "''\n  433a2193-4f8a-47a0-95d2-209d7ca2cca5\n''"}, "loc": ["services", "ceph", "global", "fsid"], "readOnly": false, "type": "string"}, "services.ceph.global.maxOpenFiles": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "131072"}, "description": "Max open files for each OSD daemon.\n", "loc": ["services", "ceph", "global", "maxOpenFiles"], "readOnly": false, "type": "signed integer"}, "services.ceph.global.mgrModulePath": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.ceph.lib}/lib/ceph/mgr\""}, "description": "Path at which to find ceph-mgr modules.\n", "loc": ["services", "ceph", "global", "mgrModulePath"], "readOnly": false, "type": "absolute path"}, "services.ceph.global.monHost": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of hostname shortnames/IP addresses of the initial monitors.\n", "example": {"_type": "literalExpression", "text": "''\n  10.10.0.1, 10.10.0.2, 10.10.0.3\n''"}, "loc": ["services", "ceph", "global", "monHost"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.ceph.global.monInitialMembers": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of hosts that will be used as monitors at startup.\n", "example": {"_type": "literalExpression", "text": "''\n  node0, node1, node2\n''"}, "loc": ["services", "ceph", "global", "monInitialMembers"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.ceph.global.publicNetwork": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A comma-separated list of subnets that will be used as public networks in the cluster.\n", "example": {"_type": "literalExpression", "text": "''\n  10.20.0.0/24, 192.168.1.0/24\n''"}, "loc": ["services", "ceph", "global", "publicNetwork"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.ceph.global.rgwMimeTypesFile": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.mailcap}/etc/mime.types\""}, "description": "Path to mime types used by radosgw.\n", "loc": ["services", "ceph", "global", "rgwMimeTypesFile"], "readOnly": false, "type": "null or absolute path"}, "services.ceph.mds.daemons": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of metadata service daemons that should have a service created. The names correspond\nto the id part in ceph i.e. [ \"name1\" ] would result in mds.name1\n", "example": {"_type": "literalExpression", "text": "[\n  \"name1\"\n  \"name2\"\n]"}, "loc": ["services", "ceph", "mds", "daemons"], "readOnly": false, "type": "list of string"}, "services.ceph.mds.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph MDS daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "mds", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.mds.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the MDS section.\n", "loc": ["services", "ceph", "mds", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.ceph.mds.package": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ceph"}, "description": "The ceph package to use.", "loc": ["services", "ceph", "mds", "package"], "readOnly": false, "type": "package"}, "services.ceph.mgr.daemons": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of names for manager daemons that should have a service created. The names correspond\nto the id part in ceph i.e. [ \"name1\" ] would result in mgr.name1\n", "example": {"_type": "literalExpression", "text": "[\n  \"name1\"\n  \"name2\"\n]"}, "loc": ["services", "ceph", "mgr", "daemons"], "readOnly": false, "type": "list of string"}, "services.ceph.mgr.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph MGR daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "mgr", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.mgr.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the global section for manager daemons.\n", "loc": ["services", "ceph", "mgr", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.ceph.mgr.package": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ceph"}, "description": "The ceph package to use.", "loc": ["services", "ceph", "mgr", "package"], "readOnly": false, "type": "package"}, "services.ceph.mon.daemons": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of monitor daemons that should have a service created. The names correspond\nto the id part in ceph i.e. [ \"name1\" ] would result in mon.name1\n", "example": {"_type": "literalExpression", "text": "[\n  \"name1\"\n  \"name2\"\n]"}, "loc": ["services", "ceph", "mon", "daemons"], "readOnly": false, "type": "list of string"}, "services.ceph.mon.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph MON daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "mon", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.mon.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the monitor section.\n", "loc": ["services", "ceph", "mon", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.ceph.mon.package": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ceph"}, "description": "The ceph package to use.", "loc": ["services", "ceph", "mon", "package"], "readOnly": false, "type": "package"}, "services.ceph.osd.daemons": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of OSD daemons that should have a service created. The names correspond\nto the id part in ceph i.e. [ \"name1\" ] would result in osd.name1\n", "example": {"_type": "literalExpression", "text": "[\n  \"name1\"\n  \"name2\"\n]"}, "loc": ["services", "ceph", "osd", "daemons"], "readOnly": false, "type": "list of string"}, "services.ceph.osd.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph OSD daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "osd", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.osd.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"osd crush chooseleaf type\" = \"1\";\n  \"osd journal size\" = \"10000\";\n  \"osd pool default min size\" = \"2\";\n  \"osd pool default pg num\" = \"200\";\n  \"osd pool default pgp num\" = \"200\";\n  \"osd pool default size\" = \"3\";\n}"}, "description": "Extra configuration to add to the OSD section.\n", "loc": ["services", "ceph", "osd", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.ceph.osd.package": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ceph"}, "description": "The ceph package to use.", "loc": ["services", "ceph", "osd", "package"], "readOnly": false, "type": "package"}, "services.ceph.rgw.daemons": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of rados gateway daemons that should have a service created. The names correspond\nto the id part in ceph i.e. [ \"name1\" ] would result in client.name1, radosgw daemons\naren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply\ndaemons, from ceph, that uses the cluster as a backend.\n", "example": {"_type": "literalExpression", "text": "[\n  \"name1\"\n  \"name2\"\n]"}, "loc": ["services", "ceph", "rgw", "daemons"], "readOnly": false, "type": "list of string"}, "services.ceph.rgw.enable": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ceph RadosGW daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ceph", "rgw", "enable"], "readOnly": false, "type": "boolean"}, "services.ceph.rgw.package": {"declarations": ["nixos/modules/services/network-filesystems/ceph.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ceph"}, "description": "The ceph package to use.", "loc": ["services", "ceph", "rgw", "package"], "readOnly": false, "type": "package"}, "services.certmgr.defaultRemote": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8888\""}, "description": "The default CA host:port to use.", "loc": ["services", "certmgr", "defaultRemote"], "readOnly": false, "type": "string"}, "services.certmgr.enable": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable certmgr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "certmgr", "enable"], "readOnly": false, "type": "boolean"}, "services.certmgr.metricsAddress": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address for the Prometheus HTTP endpoint.", "loc": ["services", "certmgr", "metricsAddress"], "readOnly": false, "type": "string"}, "services.certmgr.metricsPort": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "9488"}, "description": "The port for the Prometheus HTTP endpoint.", "loc": ["services", "certmgr", "metricsPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.certmgr.package": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.certmgr"}, "description": "The certmgr package to use.", "loc": ["services", "certmgr", "package"], "readOnly": false, "type": "package"}, "services.certmgr.renewInterval": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "\"30m\""}, "description": "How often to check certificate expirations and how often to update the cert_next_expires metric.", "loc": ["services", "certmgr", "renewInterval"], "readOnly": false, "type": "string"}, "services.certmgr.specs": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Certificate specs as described by:\n<https://github.com/cloudflare/certmgr#certificate-specs>\nThese will be added to the Nix store, so they will be world readable.\n", "example": {"_type": "literalExpression", "text": "{\n  exampleCert =\n  let\n    domain = \"example.com\";\n    secret = name: \"/var/lib/secrets/${name}.pem\";\n  in {\n    service = \"nginx\";\n    action = \"reload\";\n    authority = {\n      file.path = secret \"ca\";\n    };\n    certificate = {\n      path = secret domain;\n    };\n    private_key = {\n      owner = \"root\";\n      group = \"root\";\n      mode = \"0600\";\n      path = secret \"${domain}-key\";\n    };\n    request = {\n      CN = domain;\n      hosts = [ \"mail.${domain}\" \"www.${domain}\" ];\n      key = {\n        algo = \"rsa\";\n        size = 2048;\n      };\n      names = {\n        O = \"Example Organization\";\n        C = \"USA\";\n      };\n    };\n  };\n  otherCert = \"/var/certmgr/specs/other-cert.json\";\n}\n"}, "loc": ["services", "certmgr", "specs"], "readOnly": false, "type": "attribute set of (absolute path or (submodule))"}, "services.certmgr.svcManager": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "\"systemd\""}, "description": "This specifies the service manager to use for restarting or reloading services.\nSee: <https://github.com/cloudflare/certmgr#certmgryaml>.\nFor how to use the \"command\" service manager in particular,\nsee: <https://github.com/cloudflare/certmgr#command-svcmgr-and-how-to-use-it>.\n", "loc": ["services", "certmgr", "svcManager"], "readOnly": false, "type": "one of \"circus\", \"command\", \"dummy\", \"openrc\", \"systemd\", \"sysv\""}, "services.certmgr.validMin": {"declarations": ["nixos/modules/services/security/certmgr.nix"], "default": {"_type": "literalExpression", "text": "\"72h\""}, "description": "The interval before a certificate expires to start attempting to renew it.", "loc": ["services", "certmgr", "validMin"], "readOnly": false, "type": "string"}, "services.certspotter.emailRecipients": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of email addresses to send certificate updates to.", "loc": ["services", "certspotter", "emailRecipients"], "readOnly": false, "type": "list of string"}, "services.certspotter.enable": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cert Spotter, a Certificate Transparency log monitor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "certspotter", "enable"], "readOnly": false, "type": "boolean"}, "services.certspotter.extraFlags": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to Cert Spotter", "example": {"_type": "literalExpression", "text": "[\n  \"-no_save\"\n]"}, "loc": ["services", "certspotter", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.certspotter.hooks": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Scripts to run upon the detection of a new certificate. See `man 8 certspotter-script` or\n[the GitHub page](https://github.com/SSLMate/certspotter/blob/master/man/certspotter-script.md)\nfor more info.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.writeShellScript \"certspotter-hook\" ''\n    echo \"Event summary: $SUMMARY.\"\n  '')\n]\n"}, "loc": ["services", "certspotter", "hooks"], "readOnly": false, "type": "list of absolute path"}, "services.certspotter.package": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.certspotter"}, "description": "The certspotter package to use.", "loc": ["services", "certspotter", "package"], "readOnly": false, "type": "package"}, "services.certspotter.sendmailPath": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "description": "Path to the `sendmail` binary. By default, the local sendmail wrapper is used\n(see {option}`services.mail.sendmailSetuidWrapper`}).\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.system-sendmail}/bin/sendmail\""}, "loc": ["services", "certspotter", "sendmailPath"], "readOnly": false, "type": "null or absolute path"}, "services.certspotter.startAtEnd": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to skip certificates issued before the first launch of Cert Spotter.\nSetting this to `false` will cause Cert Spotter to download tens of terabytes of data.\n", "loc": ["services", "certspotter", "startAtEnd"], "readOnly": false, "type": "boolean"}, "services.certspotter.watchlist": {"declarations": ["nixos/modules/services/monitoring/certspotter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Domain names to watch. To monitor a domain with all subdomains, prefix its name with `.` (e.g. `.example.org`).", "example": {"_type": "literalExpression", "text": "[\n  \".example.org\"\n  \"another.example.com\"\n]"}, "loc": ["services", "certspotter", "watchlist"], "readOnly": false, "type": "list of string"}, "services.cfdyndns.apiTokenFile": {"declarations": ["nixos/modules/services/misc/cfdyndns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the API Token\nused to authenticate with CloudFlare.\n", "loc": ["services", "cfdyndns", "apiTokenFile"], "readOnly": false, "type": "null or string"}, "services.cfdyndns.apikeyFile": {"declarations": ["nixos/modules/services/misc/cfdyndns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the API Key\nused to authenticate with CloudFlare.\n", "loc": ["services", "cfdyndns", "apikeyFile"], "readOnly": false, "type": "null or string"}, "services.cfdyndns.email": {"declarations": ["nixos/modules/services/misc/cfdyndns.nix"], "description": "The email address to use to authenticate to CloudFlare.\n", "loc": ["services", "cfdyndns", "email"], "readOnly": false, "type": "string"}, "services.cfdyndns.enable": {"declarations": ["nixos/modules/services/misc/cfdyndns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cloudflare Dynamic DNS Client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cfdyndns", "enable"], "readOnly": false, "type": "boolean"}, "services.cfdyndns.records": {"declarations": ["nixos/modules/services/misc/cfdyndns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The records to update in CloudFlare.\n", "example": {"_type": "literalExpression", "text": "[\n  \"host.tld\"\n]"}, "loc": ["services", "cfdyndns", "records"], "readOnly": false, "type": "list of string"}, "services.cfssl.address": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to bind.", "loc": ["services", "cfssl", "address"], "readOnly": false, "type": "string"}, "services.cfssl.ca": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "\"${cfg.dataDir}/ca.pem\""}, "description": "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'.", "loc": ["services", "cfssl", "ca"], "readOnly": false, "type": "string"}, "services.cfssl.caBundle": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root certificate store.", "loc": ["services", "cfssl", "caBundle"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.caKey": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "\"file:${cfg.dataDir}/ca-key.pem\""}, "description": "CA private key -- accepts '[file:]fname' or 'env:varname'.", "loc": ["services", "cfssl", "caKey"], "readOnly": false, "type": "string"}, "services.cfssl.configFile": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file. Do not put this in nix-store as it might contain secrets.", "loc": ["services", "cfssl", "configFile"], "readOnly": false, "type": "null or string"}, "services.cfssl.dataDir": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cfssl\""}, "description": "The work directory for CFSSL.\n\n::: {.note}\nIf left as the default value this directory will automatically be\ncreated before the CFSSL server starts, otherwise you are\nresponsible for ensuring the directory exists with appropriate\nownership and permissions.\n:::\n", "loc": ["services", "cfssl", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.cfssl.dbConfig": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate db configuration file. Path must be writeable.", "loc": ["services", "cfssl", "dbConfig"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.disable": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoints to disable (comma-separated list)", "loc": ["services", "cfssl", "disable"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.cfssl.enable": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the CFSSL CA api-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cfssl", "enable"], "readOnly": false, "type": "boolean"}, "services.cfssl.intBundle": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to intermediate certificate store.", "loc": ["services", "cfssl", "intBundle"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.intDir": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Intermediates directory.", "loc": ["services", "cfssl", "intDir"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.logLevel": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Log level (0 = DEBUG, 5 = FATAL).", "loc": ["services", "cfssl", "logLevel"], "readOnly": false, "type": "integer between 0 and 5 (both inclusive)"}, "services.cfssl.metadata": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Metadata file for root certificate presence.\nThe content of the file is a json dictionary (k,v): each key k is\na SHA-1 digest of a root certificate while value v is a list of key\nstore filenames.\n", "loc": ["services", "cfssl", "metadata"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.mutualTlsCa": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mutual TLS - require clients be signed by this CA.", "loc": ["services", "cfssl", "mutualTlsCa"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.mutualTlsClientCert": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mutual TLS - client certificate to call remote instance requiring client certs.", "loc": ["services", "cfssl", "mutualTlsClientCert"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.mutualTlsClientKey": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store.", "loc": ["services", "cfssl", "mutualTlsClientKey"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.mutualTlsCn": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mutual TLS - regex for whitelist of allowed client CNs.", "loc": ["services", "cfssl", "mutualTlsCn"], "readOnly": false, "type": "null or string"}, "services.cfssl.port": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "8888"}, "description": "Port to bind.", "loc": ["services", "cfssl", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cfssl.remote": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Remote CFSSL server.", "loc": ["services", "cfssl", "remote"], "readOnly": false, "type": "null or string"}, "services.cfssl.responder": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate for OCSP responder.", "loc": ["services", "cfssl", "responder"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.responderKey": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key for OCSP responder certificate. Do not put this in nix-store.", "loc": ["services", "cfssl", "responderKey"], "readOnly": false, "type": "null or string"}, "services.cfssl.tlsCert": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Other endpoint's CA to set up TLS protocol.", "loc": ["services", "cfssl", "tlsCert"], "readOnly": false, "type": "null or absolute path"}, "services.cfssl.tlsKey": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Other endpoint's CA private key. Do not put this in nix-store.", "loc": ["services", "cfssl", "tlsKey"], "readOnly": false, "type": "null or string"}, "services.cfssl.tlsRemoteCa": {"declarations": ["nixos/modules/services/security/cfssl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CAs to trust for remote TLS requests.", "loc": ["services", "cfssl", "tlsRemoteCa"], "readOnly": false, "type": "null or absolute path"}, "services.cgit": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configure cgit instances.", "loc": ["services", "cgit"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.cgit.<name>.enable": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cgit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cgit", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.cgit.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of cgitrc verbatim.", "loc": ["services", "cgit", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.cgit.<name>.gitHttpBackend.checkExportOkFiles": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "description": "Whether git-http-backend should only export repositories that contain a `git-daemon-export-ok` file.\n\nWhen the backend is enabled and the check is disabled all repositories can be cloned\nirrespective of cgit's settings (e.g. the `ignore` repository setting).\n\nWhen enabled you must also configure `strict-export = \"git-daemon-export-ok\"`\nin `settings` to make cgit check for the same files.\n", "loc": ["services", "cgit", "<name>", "gitHttpBackend", "checkExportOkFiles"], "readOnly": false, "type": "boolean"}, "services.cgit.<name>.gitHttpBackend.enable": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to bypass cgit and use git-http-backend for HTTP clones.\nWhile this enables HTTP clones to use the more efficient smart protocol,\nit does not support access control via cgit's settings (e.g. the `ignore` repository setting).\n\nIf you want to disallow access to some repositories with this backend,\nenable `checkExportOkFiles` and set `strict-export = \"git-daemon-export-ok\"` in `settings`.\n", "loc": ["services", "cgit", "<name>", "gitHttpBackend", "enable"], "readOnly": false, "type": "boolean"}, "services.cgit.<name>.group": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"cgit\""}, "description": "Group to run the cgit service as.", "loc": ["services", "cgit", "<name>", "group"], "readOnly": false, "type": "string"}, "services.cgit.<name>.nginx.location": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Location to serve cgit under.", "example": {"_type": "literalExpression", "text": "\"/git/\""}, "loc": ["services", "cgit", "<name>", "nginx", "location"], "readOnly": false, "type": "string"}, "services.cgit.<name>.nginx.virtualHost": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "VirtualHost to serve cgit on, defaults to the attribute name.", "example": {"_type": "literalExpression", "text": "\"git.example.com\""}, "loc": ["services", "cgit", "<name>", "nginx", "virtualHost"], "readOnly": false, "type": "string"}, "services.cgit.<name>.package": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cgit"}, "description": "The cgit package to use.", "loc": ["services", "cgit", "<name>", "package"], "readOnly": false, "type": "package"}, "services.cgit.<name>.repos": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "cgit repository settings, see {manpage}`cgitrc(5)`", "example": {"_type": "literalExpression", "text": "{\n  blah = {\n    desc = \"An example repository\";\n    path = \"/var/lib/git/example\";\n  };\n}"}, "loc": ["services", "cgit", "<name>", "repos"], "readOnly": false, "type": "attribute set of attribute set of (boolean or signed integer or string)"}, "services.cgit.<name>.scanPath": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A path which will be scanned for repositories.", "example": {"_type": "literalExpression", "text": "\"/var/lib/git\""}, "loc": ["services", "cgit", "<name>", "scanPath"], "readOnly": false, "type": "null or absolute path"}, "services.cgit.<name>.settings": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "cgit configuration, see {manpage}`cgitrc(5)`", "example": {"_type": "literalExpression", "text": "{\n  enable-follow-links = true;\n  source-filter = \"${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py\";\n}\n"}, "loc": ["services", "cgit", "<name>", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string or list of (boolean or signed integer or string))"}, "services.cgit.<name>.user": {"declarations": ["nixos/modules/services/networking/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"cgit\""}, "description": "User to run the cgit service as.", "loc": ["services", "cgit", "<name>", "user"], "readOnly": false, "type": "string"}, "services.cgminer.config": {"declarations": ["nixos/modules/services/misc/cgminer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional config", "example": {"_type": "literalExpression", "text": "{\n  auto-fan = true;\n  auto-gpu = true;\n  expiry = 120;\n  failover-only = true;\n  gpu-threads = 2;\n  log = 5;\n  queue = 1;\n  scan-time = 60;\n  temp-histeresys = 3;\n}"}, "loc": ["services", "cgminer", "config"], "readOnly": false, "type": "attribute set of (boolean or signed integer)"}, "services.cgminer.enable": {"declarations": ["nixos/modules/services/misc/cgminer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cgminer", "enable"], "readOnly": false, "type": "boolean"}, "services.cgminer.hardware": {"declarations": ["nixos/modules/services/misc/cgminer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of config options for every GPU", "example": {"_type": "literalExpression", "text": "[\n  {\n    gpu-engine = \"0-985\";\n    gpu-fan = \"0-85\";\n    gpu-memclock = 860;\n    gpu-powertune = 20;\n    intensity = 9;\n    temp-cutoff = 95;\n    temp-overheat = 85;\n    temp-target = 75;\n  }\n  {\n    gpu-engine = \"0-950\";\n    gpu-fan = \"0-85\";\n    gpu-memclock = 825;\n    gpu-powertune = 20;\n    intensity = 9;\n    temp-cutoff = 95;\n    temp-overheat = 85;\n    temp-target = 75;\n  }\n]"}, "loc": ["services", "cgminer", "hardware"], "readOnly": false, "type": "list of attribute set of (string or signed integer)"}, "services.cgminer.package": {"declarations": ["nixos/modules/services/misc/cgminer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cgminer"}, "description": "The cgminer package to use.", "loc": ["services", "cgminer", "package"], "readOnly": false, "type": "package"}, "services.cgminer.pools": {"declarations": ["nixos/modules/services/misc/cgminer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of pools where to mine", "example": {"_type": "literalExpression", "text": "[\n  {\n    password = \"X\";\n    url = \"http://p2pool.org:9332\";\n    username = \"17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk\";\n  }\n]"}, "loc": ["services", "cgminer", "pools"], "readOnly": false, "type": "list of attribute set of string"}, "services.cgminer.user": {"declarations": ["nixos/modules/services/misc/cgminer.nix"], "default": {"_type": "literalExpression", "text": "\"cgminer\""}, "description": "User account under which cgminer runs", "loc": ["services", "cgminer", "user"], "readOnly": false, "type": "string"}, "services.changedetection-io.baseURL": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The base url used in notifications and `{base_url}` token.\n", "example": {"_type": "literalExpression", "text": "\"https://changedetection-io.example\""}, "loc": ["services", "changedetection-io", "baseURL"], "readOnly": false, "type": "null or string"}, "services.changedetection-io.behindProxy": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers.\nIt is recommend to run changedetection-io behind a TLS reverse proxy.\n", "loc": ["services", "changedetection-io", "behindProxy"], "readOnly": false, "type": "boolean"}, "services.changedetection-io.chromePort": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "4444"}, "description": "A free port on which webDriverSupport or playwrightSupport listen on localhost.\n", "loc": ["services", "changedetection-io", "chromePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.changedetection-io.datastorePath": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/changedetection-io\""}, "description": "The directory used to store all data for changedetection-io.\n", "loc": ["services", "changedetection-io", "datastorePath"], "readOnly": false, "type": "string"}, "services.changedetection-io.enable": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable changedetection-io.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "changedetection-io", "enable"], "readOnly": false, "type": "boolean"}, "services.changedetection-io.environmentFile": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Securely pass environment variables to changedetection-io.\n\nThis can be used to set for example a frontend password reproducible via `SALTED_PASS`\nwhich convinetly also deactivates nags about the hosted version.\n`SALTED_PASS` should be 64 characters long while the first 32 are the salt and the second the frontend password.\nIt can easily be retrieved from the settings file when first set via the frontend with the following command:\n``jq -r .settings.application.password /var/lib/changedetection-io/url-watches.json``\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/changedetection-io.env\""}, "loc": ["services", "changedetection-io", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.changedetection-io.group": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "\"changedetection-io\""}, "description": "Group account under which changedetection-io runs.\n", "loc": ["services", "changedetection-io", "group"], "readOnly": false, "type": "string"}, "services.changedetection-io.listenAddress": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address the server will listen on.", "loc": ["services", "changedetection-io", "listenAddress"], "readOnly": false, "type": "string"}, "services.changedetection-io.package": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "pkgs.changedetection-io"}, "description": "The changedetection-io package to use.", "loc": ["services", "changedetection-io", "package"], "readOnly": false, "type": "package"}, "services.changedetection-io.playwrightSupport": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for fetching web pages using playwright and Chromium.\nThis starts a headless Chromium controlled by puppeteer in an oci container.\n\n::: {.note}\nPlaywright can currently leak memory.\nSee <https://github.com/dgtlmoon/changedetection.io/wiki/Playwright-content-fetcher#playwright-memory-leak>\n:::\n", "loc": ["services", "changedetection-io", "playwrightSupport"], "readOnly": false, "type": "boolean"}, "services.changedetection-io.port": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port the server will listen on.", "loc": ["services", "changedetection-io", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.changedetection-io.user": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "\"changedetection-io\""}, "description": "User account under which changedetection-io runs.\n", "loc": ["services", "changedetection-io", "user"], "readOnly": false, "type": "string"}, "services.changedetection-io.webDriverSupport": {"declarations": ["nixos/modules/services/web-apps/changedetection-io.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for fetching web pages using WebDriver and Chromium.\nThis starts a headless chromium controlled by puppeteer in an oci container.\n\n::: {.note}\nPlaywright can currently leak memory.\nSee <https://github.com/dgtlmoon/changedetection.io/wiki/Playwright-content-fetcher#playwright-memory-leak>\n:::\n", "loc": ["services", "changedetection-io", "webDriverSupport"], "readOnly": false, "type": "boolean"}, "services.chhoto-url.enable": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Chhoto URL.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "chhoto-url", "enable"], "readOnly": false, "type": "boolean"}, "services.chhoto-url.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load environment variables from in addition to [](#opt-services.chhoto-url.settings).\nThis is useful to avoid putting secrets into the nix store.\nSee <https://github.com/SinTan1729/chhoto-url/blob/main/compose.yaml> for a list of options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/chhoto-url.env\"\n]"}, "loc": ["services", "chhoto-url", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.chhoto-url.package": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "pkgs.chhoto-url"}, "description": "The chhoto-url package to use.", "loc": ["services", "chhoto-url", "package"], "readOnly": false, "type": "package"}, "services.chhoto-url.settings": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "description": "Configuration of Chhoto URL.\nSee <https://github.com/SinTan1729/chhoto-url/blob/main/compose.yaml> for a list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  port = 4567;\n}"}, "loc": ["services", "chhoto-url", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.chhoto-url.settings.allow_capital_letters": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow capital letters in slugs.", "loc": ["services", "chhoto-url", "settings", "allow_capital_letters"], "readOnly": false, "type": "boolean"}, "services.chhoto-url.settings.cache_control_header": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Cache-Control header to send.", "example": {"_type": "literalExpression", "text": "\"no-cache, private\""}, "loc": ["services", "chhoto-url", "settings", "cache_control_header"], "readOnly": false, "type": "null or string"}, "services.chhoto-url.settings.custom_landing_directory": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of a directory which contains a custom landing page.", "loc": ["services", "chhoto-url", "settings", "custom_landing_directory"], "readOnly": false, "type": "null or absolute path"}, "services.chhoto-url.settings.db_url": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/chhoto-url/urls.sqlite\""}, "description": "The path of the sqlite database.", "loc": ["services", "chhoto-url", "settings", "db_url"], "readOnly": false, "type": "absolute path"}, "services.chhoto-url.settings.disable_frontend": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the frontend.", "loc": ["services", "chhoto-url", "settings", "disable_frontend"], "readOnly": false, "type": "boolean"}, "services.chhoto-url.settings.hash_algorithm": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The hash algorithm to use for passwords and API keys.\nSet to `null` if you want to provide these secrets as plaintext.\n", "loc": ["services", "chhoto-url", "settings", "hash_algorithm"], "readOnly": false, "type": "null or value \"Argon2\" (singular enum)"}, "services.chhoto-url.settings.port": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "description": "The port to listen on.", "example": {"_type": "literalExpression", "text": "4567"}, "loc": ["services", "chhoto-url", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.chhoto-url.settings.public_mode": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable public mode.", "loc": ["services", "chhoto-url", "settings", "public_mode"], "readOnly": false, "type": "boolean"}, "services.chhoto-url.settings.public_mode_expiry_delay": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum expiry delay in seconds to force in public mode.", "example": {"_type": "literalExpression", "text": "3600"}, "loc": ["services", "chhoto-url", "settings", "public_mode_expiry_delay"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.chhoto-url.settings.redirect_method": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "\"PERMANENT\""}, "description": "The redirect method to use.", "loc": ["services", "chhoto-url", "settings", "redirect_method"], "readOnly": false, "type": "one of \"TEMPORARY\", \"PERMANENT\""}, "services.chhoto-url.settings.site_url": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL under which Chhoto URL is externally reachable.", "loc": ["services", "chhoto-url", "settings", "site_url"], "readOnly": false, "type": "null or string"}, "services.chhoto-url.settings.slug_length": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "The length of auto-generated slugs.", "loc": ["services", "chhoto-url", "settings", "slug_length"], "readOnly": false, "type": "signed integer"}, "services.chhoto-url.settings.slug_style": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "\"Pair\""}, "description": "The slug style to use for auto-generated URLs.", "loc": ["services", "chhoto-url", "settings", "slug_style"], "readOnly": false, "type": "one of \"Pair\", \"UID\""}, "services.chhoto-url.settings.try_longer_slugs": {"declarations": ["nixos/modules/services/web-apps/chhoto-url.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to try a longer UID upon collision.", "loc": ["services", "chhoto-url", "settings", "try_longer_slugs"], "readOnly": false, "type": "boolean"}, "services.chisel-server.authfile": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to auth.json file", "loc": ["services", "chisel-server", "authfile"], "readOnly": false, "type": "null or absolute path"}, "services.chisel-server.backend": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP server to proxy normal requests to", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8888\""}, "loc": ["services", "chisel-server", "backend"], "readOnly": false, "type": "null or string"}, "services.chisel-server.enable": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Chisel Tunnel Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "chisel-server", "enable"], "readOnly": false, "type": "boolean"}, "services.chisel-server.host": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address to listen on, falls back to 0.0.0.0", "example": {"_type": "literalExpression", "text": "\"[::1]\""}, "loc": ["services", "chisel-server", "host"], "readOnly": false, "type": "null or string"}, "services.chisel-server.keepalive": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Keepalive interval, falls back to 25s", "example": {"_type": "literalExpression", "text": "\"5s\""}, "loc": ["services", "chisel-server", "keepalive"], "readOnly": false, "type": "null or string"}, "services.chisel-server.port": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port to listen on, falls back to 8080", "loc": ["services", "chisel-server", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.chisel-server.reverse": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow clients reverse port forwarding", "loc": ["services", "chisel-server", "reverse"], "readOnly": false, "type": "boolean"}, "services.chisel-server.socks5": {"declarations": ["nixos/modules/services/networking/chisel-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow clients access to internal SOCKS5 proxy", "loc": ["services", "chisel-server", "socks5"], "readOnly": false, "type": "boolean"}, "services.chromadb.dbpath": {"declarations": ["nixos/modules/services/databases/chromadb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/chromadb\""}, "description": "Location where ChromaDB stores its files", "loc": ["services", "chromadb", "dbpath"], "readOnly": false, "type": "string"}, "services.chromadb.enable": {"declarations": ["nixos/modules/services/databases/chromadb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ChromaDB, an open-source AI application database..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "chromadb", "enable"], "readOnly": false, "type": "boolean"}, "services.chromadb.host": {"declarations": ["nixos/modules/services/databases/chromadb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Defines the IP address by which ChromaDB will be accessible.\n", "loc": ["services", "chromadb", "host"], "readOnly": false, "type": "string"}, "services.chromadb.openFirewall": {"declarations": ["nixos/modules/services/databases/chromadb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the specified TCP port in the firewall.\n", "loc": ["services", "chromadb", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.chromadb.package": {"declarations": ["nixos/modules/services/databases/chromadb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3Packages.chromadb"}, "description": "The chromadb package to use.", "loc": ["services", "chromadb", "package"], "readOnly": false, "type": "package"}, "services.chromadb.port": {"declarations": ["nixos/modules/services/databases/chromadb.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Defined the port number to listen.\n", "loc": ["services", "chromadb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.chrony.autotrimThreshold": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Maximum estimated error threshold for the `rtcautotrim` command.\nWhen reached, the RTC will be trimmed.\nOnly used when [](#opt-services.chrony.enableRTCTrimming) is enabled.\n", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["services", "chrony", "autotrimThreshold"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.chrony.directory": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/chrony\""}, "description": "Directory where chrony state is stored.", "loc": ["services", "chrony", "directory"], "readOnly": false, "type": "string"}, "services.chrony.dispatcherScript": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "config.networking.networkmanager.enable"}, "description": "Whether to install the chrony NetworkManager dispatcher script\nto handle connectivity changes.\n", "loc": ["services", "chrony", "dispatcherScript"], "readOnly": false, "type": "boolean"}, "services.chrony.enable": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to synchronise your machine's time using chrony.\nMake sure you disable NTP if you enable this service.\n", "loc": ["services", "chrony", "enable"], "readOnly": false, "type": "boolean"}, "services.chrony.enableMemoryLocking": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "config.environment.memoryAllocator.provider != \"graphene-hardened\" && config.environment.memoryAllocator.provider != \"graphene-hardened-light\""}, "description": "Whether to add the `-m` flag to lock memory.\n", "loc": ["services", "chrony", "enableMemoryLocking"], "readOnly": false, "type": "boolean"}, "services.chrony.enableNTS": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Network Time Security authentication.\nMake sure it is supported by your selected NTP server(s).\n", "loc": ["services", "chrony", "enableNTS"], "readOnly": false, "type": "boolean"}, "services.chrony.enableRTCTrimming": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable tracking of the RTC offset to the system clock and automatic trimming.\nSee also [](#opt-services.chrony.autotrimThreshold)\n\n::: {.note}\nThis is not compatible with the `rtcsync` directive, which naively syncs the RTC time every 11 minutes.\n\nTracking the RTC drift will allow more precise timekeeping,\nespecially on intermittently running devices, where the RTC is very relevant.\n:::\n", "loc": ["services", "chrony", "enableRTCTrimming"], "readOnly": false, "type": "boolean"}, "services.chrony.extraConfig": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration directives that should be added to\n{file}`chrony.conf`\n", "loc": ["services", "chrony", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.chrony.extraFlags": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the chronyd command.", "example": {"_type": "literalExpression", "text": "[\n  \"-s\"\n]"}, "loc": ["services", "chrony", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.chrony.initstepslew.enabled": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "DEPRECATED. Consider using `services.chrony.makestep` instead.\nAllow chronyd to make a rapid measurement of the system clock error\nat boot time, and to correct the system clock by stepping before\nnormal operation begins.\n", "loc": ["services", "chrony", "initstepslew", "enabled"], "readOnly": false, "type": "boolean"}, "services.chrony.initstepslew.threshold": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "The threshold of system clock error (in seconds) above which the\nclock will be stepped. If the correction required is less than the\nthreshold, a slew is used instead.\n", "loc": ["services", "chrony", "initstepslew", "threshold"], "readOnly": false, "type": "floating point number or signed integer"}, "services.chrony.makestep.enable": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow chronyd to step the system clock if the error is larger than\nthe specified threshold.\n", "loc": ["services", "chrony", "makestep", "enable"], "readOnly": false, "type": "boolean"}, "services.chrony.makestep.limit": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "The maximum number of times the system clock will be stepped.\n", "loc": ["services", "chrony", "makestep", "limit"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.chrony.makestep.threshold": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "0.1"}, "description": "The threshold of system clock error (in seconds) above which the\nclock will be stepped. If the correction required is less than the\nthreshold, a slew is used instead.\n", "loc": ["services", "chrony", "makestep", "threshold"], "readOnly": false, "type": "floating point number or signed integer"}, "services.chrony.package": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "pkgs.chrony"}, "description": "The chrony package to use.", "loc": ["services", "chrony", "package"], "readOnly": false, "type": "package"}, "services.chrony.serverOption": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "\"iburst\""}, "description": "Set option for server directives.\n\nUse \"iburst\" to rapidly poll on startup. Recommended if your machine\nis consistently online.\n\nUse \"offline\" to prevent polling on startup. Recommended if your\nmachine boots offline or is otherwise frequently offline.\n", "loc": ["services", "chrony", "serverOption"], "readOnly": false, "type": "one of \"iburst\", \"offline\""}, "services.chrony.servers": {"declarations": ["nixos/modules/services/networking/ntp/chrony.nix"], "default": {"_type": "literalExpression", "text": "config.networking.timeServers"}, "description": "The set of NTP servers from which to synchronise.\n", "loc": ["services", "chrony", "servers"], "readOnly": false, "type": "list of string"}, "services.cinnamon.apps.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cinnamon default applications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cinnamon", "apps", "enable"], "readOnly": false, "type": "boolean"}, "services.cjdns.ETHInterface.beacon": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Auto-connect to other cjdns nodes on the same network.\nOptions:\n  0: Disabled.\n  1: Accept beacons, this will cause cjdns to accept incoming\n     beacon messages and try connecting to the sender.\n  2: Accept and send beacons, this will cause cjdns to broadcast\n     messages on the local network which contain a randomly\n     generated per-session password, other nodes which have this\n     set to 1 or 2 will hear the beacon messages and connect\n     automatically.\n", "loc": ["services", "cjdns", "ETHInterface", "beacon"], "readOnly": false, "type": "signed integer"}, "services.cjdns.ETHInterface.bind": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Bind to this device for native ethernet operation.\n`all` is a pseudo-name which will try to connect to all devices.\n", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["services", "cjdns", "ETHInterface", "bind"], "readOnly": false, "type": "string"}, "services.cjdns.ETHInterface.connectTo": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Credentials for connecting look similar to UDP credientials\nexcept they begin with the mac address.\n", "example": {"_type": "literalExpression", "text": "{\n  \"01:02:03:04:05:06\" = {\n    hostname = \"homer.hype\";\n    password = \"5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM\";\n    publicKey = \"371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k\";\n  };\n}\n"}, "loc": ["services", "cjdns", "ETHInterface", "connectTo"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.cjdns.ETHInterface.connectTo.<name>.hostname": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Optional hostname to add to /etc/hosts; prevents reverse lookup failures.", "example": {"_type": "literalExpression", "text": "\"foobar.hype\""}, "loc": ["services", "cjdns", "ETHInterface", "connectTo", "<name>", "hostname"], "readOnly": false, "type": "string"}, "services.cjdns.ETHInterface.connectTo.<name>.login": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "(optional) name your peer has for you", "loc": ["services", "cjdns", "ETHInterface", "connectTo", "<name>", "login"], "readOnly": false, "type": "string"}, "services.cjdns.ETHInterface.connectTo.<name>.password": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "description": "Authorized password to the opposite end of the tunnel.", "loc": ["services", "cjdns", "ETHInterface", "connectTo", "<name>", "password"], "readOnly": false, "type": "string"}, "services.cjdns.ETHInterface.connectTo.<name>.peerName": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "(optional) human-readable name for peer", "loc": ["services", "cjdns", "ETHInterface", "connectTo", "<name>", "peerName"], "readOnly": false, "type": "string"}, "services.cjdns.ETHInterface.connectTo.<name>.publicKey": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "description": "Public key at the opposite end of the tunnel.", "loc": ["services", "cjdns", "ETHInterface", "connectTo", "<name>", "publicKey"], "readOnly": false, "type": "string"}, "services.cjdns.UDPInterface.bind": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address and port to bind UDP tunnels to.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.32:43211\""}, "loc": ["services", "cjdns", "UDPInterface", "bind"], "readOnly": false, "type": "string"}, "services.cjdns.UDPInterface.connectTo": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Credentials for making UDP tunnels.\n", "example": {"_type": "literalExpression", "text": "{\n  \"192.168.1.1:27313\" = {\n    hostname = \"homer.hype\";\n    password = \"5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM\";\n    publicKey = \"371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k\";\n  };\n}\n"}, "loc": ["services", "cjdns", "UDPInterface", "connectTo"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.cjdns.UDPInterface.connectTo.<name>.hostname": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Optional hostname to add to /etc/hosts; prevents reverse lookup failures.", "example": {"_type": "literalExpression", "text": "\"foobar.hype\""}, "loc": ["services", "cjdns", "UDPInterface", "connectTo", "<name>", "hostname"], "readOnly": false, "type": "string"}, "services.cjdns.UDPInterface.connectTo.<name>.login": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "(optional) name your peer has for you", "loc": ["services", "cjdns", "UDPInterface", "connectTo", "<name>", "login"], "readOnly": false, "type": "string"}, "services.cjdns.UDPInterface.connectTo.<name>.password": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "description": "Authorized password to the opposite end of the tunnel.", "loc": ["services", "cjdns", "UDPInterface", "connectTo", "<name>", "password"], "readOnly": false, "type": "string"}, "services.cjdns.UDPInterface.connectTo.<name>.peerName": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "(optional) human-readable name for peer", "loc": ["services", "cjdns", "UDPInterface", "connectTo", "<name>", "peerName"], "readOnly": false, "type": "string"}, "services.cjdns.UDPInterface.connectTo.<name>.publicKey": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "description": "Public key at the opposite end of the tunnel.", "loc": ["services", "cjdns", "UDPInterface", "connectTo", "<name>", "publicKey"], "readOnly": false, "type": "string"}, "services.cjdns.addExtraHosts": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add cjdns peers with an associated hostname to\n{file}`/etc/hosts`.  Beware that enabling this\nincurs heavy eval-time costs.\n", "loc": ["services", "cjdns", "addExtraHosts"], "readOnly": false, "type": "boolean"}, "services.cjdns.admin.bind": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:11234\""}, "description": "Bind the administration port to this address and port.\n", "loc": ["services", "cjdns", "admin", "bind"], "readOnly": false, "type": "string"}, "services.cjdns.authorizedPasswords": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any remote cjdns nodes that offer these passwords on\nconnection will be allowed to route through this node.\n", "example": {"_type": "literalExpression", "text": "[\n  \"snyrfgkqsc98qh1y4s5hbu0j57xw5s0\"\n  \"z9md3t4p45mfrjzdjurxn4wuj0d8swv\"\n  \"49275fut6tmzu354pq70sr5b95qq0vj\"\n]"}, "loc": ["services", "cjdns", "authorizedPasswords"], "readOnly": false, "type": "list of string"}, "services.cjdns.confFile": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Ignore all other cjdns options and load configuration from this file.\n", "example": {"_type": "literalExpression", "text": "\"/etc/cjdroute.conf\""}, "loc": ["services", "cjdns", "confFile"], "readOnly": false, "type": "null or absolute path"}, "services.cjdns.enable": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the cjdns network encryption\nand routing engine. A file at /etc/cjdns.keys will\nbe created if it does not exist to contain a random\nsecret key that your IPv6 address will be derived from.\n", "loc": ["services", "cjdns", "enable"], "readOnly": false, "type": "boolean"}, "services.cjdns.extraConfig": {"declarations": ["nixos/modules/services/networking/cjdns.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration, given as attrs, that will be merged recursively\nwith the rest of the JSON generated by this module, at the root node.\n", "example": {"_type": "literalExpression", "text": "{\n  router = {\n    interface = {\n      tunDevice = \"tun10\";\n    };\n  };\n}"}, "loc": ["services", "cjdns", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.clamav.clamonacc.enable": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ClamAV on-access scanner.\n\nThe settings for ClamAV's on-access scanner is configured in `clamd.conf` via `services.clamav.daemon.settings`.\nRefer to <https://docs.clamav.net/manual/OnAccess.html> on how to configure it.\n\nExample to scan `/home/foo/Downloads` (and block access until scanning is completed) would be:\n```\nservices.clamav = {\n  daemon.enable = true;\n  clamonacc.enable = true;\n\n  daemon.settings = {\n    OnAccessPrevention = true;\n    OnAccessIncludePath = \"/home/foo/Downloads\";\n  };\n};\n```\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clamav", "clamonacc", "enable"], "readOnly": false, "type": "boolean"}, "services.clamav.daemon.enable": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ClamAV clamd daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clamav", "daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.clamav.daemon.settings": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "ClamAV configuration. Refer to <https://linux.die.net/man/5/clamd.conf>,\nfor details on supported values.\n", "loc": ["services", "clamav", "daemon", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string or list of string)"}, "services.clamav.fangfrisch.enable": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ClamAV fangfrisch updater.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clamav", "fangfrisch", "enable"], "readOnly": false, "type": "boolean"}, "services.clamav.fangfrisch.interval": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "How often freshclam is invoked. See {manpage}`systemd.time(7)` for more\ninformation about the format.\n", "loc": ["services", "clamav", "fangfrisch", "interval"], "readOnly": false, "type": "string"}, "services.clamav.fangfrisch.settings": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "fangfrisch configuration. Refer to <https://rseichter.github.io/fangfrisch/#_configuration>,\nfor details on supported values.\nNote that by default urlhaus and sanesecurity are enabled.\n", "example": {"_type": "literalExpression", "text": "{\n  securiteinfo = {\n    customer_id = \"your customer_id\";\n    enabled = \"yes\";\n  };\n}"}, "loc": ["services", "clamav", "fangfrisch", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (string or signed integer or boolean)"}, "services.clamav.package": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clamav"}, "description": "The clamav package to use.", "loc": ["services", "clamav", "package"], "readOnly": false, "type": "package"}, "services.clamav.scanner.enable": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ClamAV scanner.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clamav", "scanner", "enable"], "readOnly": false, "type": "boolean"}, "services.clamav.scanner.interval": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "\"*-*-* 04:00:00\""}, "description": "How often clamdscan is invoked. See {manpage}`systemd.time(7)` for more\ninformation about the format.\nBy default this runs using 10 cores at most, be sure to run it at a time of low traffic.\n", "loc": ["services", "clamav", "scanner", "interval"], "readOnly": false, "type": "string"}, "services.clamav.scanner.scanDirectories": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/home\"\n  \"/var/lib\"\n  \"/tmp\"\n  \"/etc\"\n  \"/var/tmp\"\n]"}, "description": "List of directories to scan.\nThe default includes everything I could think of that is valid for nixos. Feel free to contribute a PR to add to the default if you see something missing.\n", "loc": ["services", "clamav", "scanner", "scanDirectories"], "readOnly": false, "type": "list of string"}, "services.clamav.updater.enable": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ClamAV freshclam updater.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clamav", "updater", "enable"], "readOnly": false, "type": "boolean"}, "services.clamav.updater.frequency": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "12"}, "description": "Number of database checks per day.\n", "loc": ["services", "clamav", "updater", "frequency"], "readOnly": false, "type": "signed integer"}, "services.clamav.updater.interval": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "How often freshclam is invoked. See {manpage}`systemd.time(7)` for more\ninformation about the format.\n", "loc": ["services", "clamav", "updater", "interval"], "readOnly": false, "type": "string"}, "services.clamav.updater.settings": {"declarations": ["nixos/modules/services/security/clamav.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "freshclam configuration. Refer to <https://linux.die.net/man/5/freshclam.conf>,\nfor details on supported values.\n", "loc": ["services", "clamav", "updater", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string or list of string)"}, "services.clatd.enable": {"declarations": ["nixos/modules/services/networking/clatd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable clatd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clatd", "enable"], "readOnly": false, "type": "boolean"}, "services.clatd.enableNetworkManagerIntegration": {"declarations": ["nixos/modules/services/networking/clatd.nix"], "default": {"_type": "literalExpression", "text": "\"config.networking.networkmanager.enable\""}, "description": "Whether to enable NetworkManager integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clatd", "enableNetworkManagerIntegration"], "readOnly": false, "type": "boolean"}, "services.clatd.package": {"declarations": ["nixos/modules/services/networking/clatd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clatd"}, "description": "The clatd package to use.", "loc": ["services", "clatd", "package"], "readOnly": false, "type": "package"}, "services.clatd.settings": {"declarations": ["nixos/modules/services/networking/clatd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of clatd. See [clatd Documentation](https://github.com/toreanderson/clatd/blob/master/README.pod#configuration).\n", "example": {"_type": "literalExpression", "text": "{\n  plat-prefix = \"64:ff9b::/96\";\n}\n"}, "loc": ["services", "clatd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "services.clickhouse.enable": {"declarations": ["nixos/modules/services/databases/clickhouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ClickHouse database server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clickhouse", "enable"], "readOnly": false, "type": "boolean"}, "services.clickhouse.extraServerConfig": {"declarations": ["nixos/modules/services/databases/clickhouse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional raw XML configuration for ClickHouse server.", "example": {"_type": "literalExpression", "text": "''\n  <clickhouse>\n    <max_connections>500</max_connections>\n    <keep_alive_timeout>3</keep_alive_timeout>\n  </clickhouse>\n''"}, "loc": ["services", "clickhouse", "extraServerConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.clickhouse.extraUsersConfig": {"declarations": ["nixos/modules/services/databases/clickhouse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional raw XML configuration for ClickHouse server.", "example": {"_type": "literalExpression", "text": "''\n  <clickhouse>\n    <users>\n      <readonly>\n        <profile>readonly</profile>\n      </readonly>\n    </users>\n  </clickhouse>\n''"}, "loc": ["services", "clickhouse", "extraUsersConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.clickhouse.package": {"declarations": ["nixos/modules/services/databases/clickhouse.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clickhouse"}, "description": "The clickhouse package to use.", "example": {"_type": "literalExpression", "text": "pkgs.clickhouse-lts"}, "loc": ["services", "clickhouse", "package"], "readOnly": false, "type": "package"}, "services.clickhouse.serverConfig": {"declarations": ["nixos/modules/services/databases/clickhouse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Your {file}`config.yaml` as a Nix attribute set.\nCheck the [documentation](https://clickhouse.com/docs/operations/configuration-files)\nfor possible options.\n", "example": {"_type": "literalExpression", "text": "{\n  http_port = 8123;\n  tcp_port = 9000;\n\n  remote_servers = {\n    default = {\n      shard = {\n        replica = [\n          { host = \"::\"; port = \"9000\"; }\n          { host = \"::\"; port = \"9001\"; }\n          { host = \"::\"; port = \"9002\"; }\n        ];\n      };\n    };\n  };\n}\n"}, "loc": ["services", "clickhouse", "serverConfig"], "readOnly": false, "type": "YAML 1.1 value"}, "services.clickhouse.usersConfig": {"declarations": ["nixos/modules/services/databases/clickhouse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Your {file}`users.yaml` as a Nix attribute set.\nCheck the [documentation](https://clickhouse.com/docs/operations/configuration-files#user-settings)\nfor possible options.\n", "example": {"_type": "literalExpression", "text": "{\n  profiles = {};\n\n  users = {\n    default = {\n      profile = \"default\";\n      password_sha256_hex = \"36dd292533174299fb0c34665df468bb881756ca9eaf9757d0cfde38f9ededa1\";  # `echo -n verysecret | sha256sum`\n    };\n  };\n}\n"}, "loc": ["services", "clickhouse", "usersConfig"], "readOnly": false, "type": "YAML 1.1 value"}, "services.clight.enable": {"declarations": ["nixos/modules/services/x11/clight.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable clight.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clight", "enable"], "readOnly": false, "type": "boolean"}, "services.clight.settings": {"declarations": ["nixos/modules/services/x11/clight.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration to extend clight.conf. See\n<https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf> for a\nsample configuration file.\n", "example": {"_type": "literalExpression", "text": "{\n  ac_capture_timeouts = [\n    120\n    300\n    60\n  ];\n  captures = 20;\n  gamma_long_transition = true;\n}"}, "loc": ["services", "clight", "settings"], "readOnly": false, "type": "attribute set of (null or signed integer or string or boolean or floating point number or list of (signed integer or string or boolean or floating point number) or attribute set of (signed integer or string or boolean or floating point number or list of (signed integer or string or boolean or floating point number)))"}, "services.clight.temperature.day": {"declarations": ["nixos/modules/services/x11/clight.nix"], "default": {"_type": "literalExpression", "text": "5500"}, "description": "Colour temperature to use during the day, between\n`1000` and `25000` K.\n", "loc": ["services", "clight", "temperature", "day"], "readOnly": false, "type": "signed integer"}, "services.clight.temperature.night": {"declarations": ["nixos/modules/services/x11/clight.nix"], "default": {"_type": "literalExpression", "text": "3700"}, "description": "Colour temperature to use at night, between\n`1000` and `25000` K.\n", "loc": ["services", "clight", "temperature", "night"], "readOnly": false, "type": "signed integer"}, "services.clipcat.enable": {"declarations": ["nixos/modules/services/misc/clipcat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Clipcat clipboard daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clipcat", "enable"], "readOnly": false, "type": "boolean"}, "services.clipcat.package": {"declarations": ["nixos/modules/services/misc/clipcat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clipcat"}, "description": "The clipcat package to use.", "loc": ["services", "clipcat", "package"], "readOnly": false, "type": "package"}, "services.clipmenu.enable": {"declarations": ["nixos/modules/services/misc/clipmenu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable clipmenu, the clipboard management daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "clipmenu", "enable"], "readOnly": false, "type": "boolean"}, "services.clipmenu.package": {"declarations": ["nixos/modules/services/misc/clipmenu.nix"], "default": {"_type": "literalExpression", "text": "pkgs.clipmenu"}, "description": "The clipmenu package to use.", "loc": ["services", "clipmenu", "package"], "readOnly": false, "type": "package"}, "services.cloud-init.btrfs.enable": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "hasFs \"btrfs\""}, "description": "Allow the cloud-init service to operate `btrfs` filesystem.\n", "loc": ["services", "cloud-init", "btrfs", "enable"], "readOnly": false, "type": "boolean"}, "services.cloud-init.config": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "raw cloud-init configuration.\n\nTakes precedence over the `settings` option if set.\n", "loc": ["services", "cloud-init", "config"], "readOnly": false, "type": "string"}, "services.cloud-init.enable": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the cloud-init service. This services reads\nconfiguration metadata in a cloud environment and configures\nthe machine according to this metadata.\n\nThis configuration is not completely compatible with the\nNixOS way of doing configuration, as configuration done by\ncloud-init might be overridden by a subsequent nixos-rebuild\ncall. However, some parts of cloud-init fall outside of\nNixOS's responsibility, like filesystem resizing and ssh\npublic key provisioning, and cloud-init is useful for that\nparts. Thus, be wary that using cloud-init in NixOS might\ncome as some cost.\n", "loc": ["services", "cloud-init", "enable"], "readOnly": false, "type": "boolean"}, "services.cloud-init.ext4.enable": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "hasFs \"ext4\""}, "description": "Allow the cloud-init service to operate `ext4` filesystem.\n", "loc": ["services", "cloud-init", "ext4", "enable"], "readOnly": false, "type": "boolean"}, "services.cloud-init.extraPackages": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional packages to be available within cloud-init jobs.\n", "loc": ["services", "cloud-init", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.cloud-init.network.enable": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow the cloud-init service to configure network interfaces\nthrough systemd-networkd.\n", "loc": ["services", "cloud-init", "network", "enable"], "readOnly": false, "type": "boolean"}, "services.cloud-init.settings": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structured cloud-init configuration.\n", "loc": ["services", "cloud-init", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.cloud-init.xfs.enable": {"declarations": ["nixos/modules/services/system/cloud-init.nix"], "default": {"_type": "literalExpression", "text": "hasFs \"xfs\""}, "description": "Allow the cloud-init service to operate `xfs` filesystem.\n", "loc": ["services", "cloud-init", "xfs", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudflare-ddns.cacheExpiration": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"6h\""}, "description": "Duration for which API responses (like Zone ID, Record IDs) are cached.\nUses Go's duration format (e.g., \"6h\", \"1h30m\").\n", "loc": ["services", "cloudflare-ddns", "cacheExpiration"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.credentialsFile": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "description": "Path to a file containing the Cloudflare API authentication token.\nThe file content should be in the format `CLOUDFLARE_API_TOKEN=YOUR_SECRET_TOKEN`.\nThe service user needs read access to this file.\nEnsure permissions are secure (e.g., `0400` or `0440`) and ownership is appropriate\nUsing `CLOUDFLARE_API_TOKEN` is preferred over the deprecated `CF_API_TOKEN`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/cloudflare-ddns-token\""}, "loc": ["services", "cloudflare-ddns", "credentialsFile"], "readOnly": false, "type": "absolute path"}, "services.cloudflare-ddns.deleteOnStop": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to delete the managed DNS records and clear WAF lists when the service is stopped gracefully.\nWarning: Setting this to true with `updateCron = \"@once\"` will cause immediate deletion.\n", "loc": ["services", "cloudflare-ddns", "deleteOnStop"], "readOnly": false, "type": "boolean"}, "services.cloudflare-ddns.detectionTimeout": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"5s\""}, "description": "Timeout for detecting the public IP address.", "loc": ["services", "cloudflare-ddns", "detectionTimeout"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.domains": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of domain names (FQDNs) to manage. Wildcards like `*.example.com` are supported.\nThese domains will be managed for both IPv4 and IPv6 unless overridden by\n`ip4Domains` or `ip6Domains`, or if the respective providers are disabled.\nThis corresponds to the `DOMAINS` environment variable.\n", "example": {"_type": "literalExpression", "text": "[\n  \"home.example.com\"\n  \"*.dynamic.example.org\"\n]"}, "loc": ["services", "cloudflare-ddns", "domains"], "readOnly": false, "type": "list of string"}, "services.cloudflare-ddns.enable": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cloudflare Dynamic DNS service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cloudflare-ddns", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudflare-ddns.group": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"cloudflare-ddns\""}, "description": "Group under which the service runs.", "loc": ["services", "cloudflare-ddns", "group"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.healthchecks": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL for Healthchecks.io monitoring endpoint (optional).", "example": {"_type": "literalExpression", "text": "\"https://hc-ping.com/your-uuid\""}, "loc": ["services", "cloudflare-ddns", "healthchecks"], "readOnly": false, "type": "null or string"}, "services.cloudflare-ddns.ip4Domains": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Explicit list of domains to manage only for IPv4. If set, overrides `domains` for IPv4.\nCorresponds to the `IP4_DOMAINS` environment variable.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ipv4.example.com\"\n]"}, "loc": ["services", "cloudflare-ddns", "ip4Domains"], "readOnly": false, "type": "null or (list of string)"}, "services.cloudflare-ddns.ip6Domains": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Explicit list of domains to manage only for IPv6. If set, overrides `domains` for IPv6.\nCorresponds to the `IP6_DOMAINS` environment variable.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ipv6.example.com\"\n]"}, "loc": ["services", "cloudflare-ddns", "ip6Domains"], "readOnly": false, "type": "null or (list of string)"}, "services.cloudflare-ddns.package": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cloudflare-ddns"}, "description": "The cloudflare-ddns package to use.", "loc": ["services", "cloudflare-ddns", "package"], "readOnly": false, "type": "package"}, "services.cloudflare-ddns.provider.ipv4": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"cloudflare.trace\""}, "description": "IP detection provider for IPv4. Common values: `cloudflare.trace`, `cloudflare.doh`, `local`, `url:URL`, `none`.\nUse `none` to disable IPv4 updates.\nSee cloudflare-ddns documentation for all options.\n", "loc": ["services", "cloudflare-ddns", "provider", "ipv4"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.provider.ipv6": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"cloudflare.trace\""}, "description": "IP detection provider for IPv6. Common values: `cloudflare.trace`, `cloudflare.doh`, `local`, `url:URL`, `none`.\nUse `none` to disable IPv6 updates.\nSee cloudflare-ddns documentation for all options.\n", "loc": ["services", "cloudflare-ddns", "provider", "ipv6"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.proxied": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"false\""}, "description": "Whether the managed DNS records should be proxied through Cloudflare ('orange cloud').\nAccepts boolean values (`true`, `false`) or a domain expression.\nSee cloudflare-ddns documentation for expression syntax (e.g., \"is(a.com) || sub(b.org)\").\n", "example": {"_type": "literalExpression", "text": "\"true\""}, "loc": ["services", "cloudflare-ddns", "proxied"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.recordComment": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Comment to add to managed DNS records.", "loc": ["services", "cloudflare-ddns", "recordComment"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.shoutrrr": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Shoutrrr notification service URLs (optional).", "example": {"_type": "literalExpression", "text": "[\n  \"discord://token@id\"\n  \"gotify://host/token\"\n]"}, "loc": ["services", "cloudflare-ddns", "shoutrrr"], "readOnly": false, "type": "null or (list of string)"}, "services.cloudflare-ddns.ttl": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Time To Live (TTL) for the DNS records in seconds.\nMust be 1 (for automatic) or between 30 and 86400.\n", "loc": ["services", "cloudflare-ddns", "ttl"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.cloudflare-ddns.updateCron": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"@every 5m\""}, "description": "Cron expression for how often to check and update IPs.\nUse \"@once\" to run only once and then exit.\n", "example": {"_type": "literalExpression", "text": "\"@hourly\""}, "loc": ["services", "cloudflare-ddns", "updateCron"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.updateOnStart": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to perform an update check immediately on service start.", "loc": ["services", "cloudflare-ddns", "updateOnStart"], "readOnly": false, "type": "boolean"}, "services.cloudflare-ddns.updateTimeout": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Timeout for updating records via the Cloudflare API.", "loc": ["services", "cloudflare-ddns", "updateTimeout"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.uptimeKuma": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL for Uptime Kuma push monitor endpoint (optional).", "example": {"_type": "literalExpression", "text": "\"https://status.example.com/api/push/tag?status=up&msg=OK&ping=\""}, "loc": ["services", "cloudflare-ddns", "uptimeKuma"], "readOnly": false, "type": "null or string"}, "services.cloudflare-ddns.user": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"cloudflare-ddns\""}, "description": "User account under which the service runs.", "loc": ["services", "cloudflare-ddns", "user"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.wafListDescription": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description for managed WAF lists (used when creating or verifying lists).", "loc": ["services", "cloudflare-ddns", "wafListDescription"], "readOnly": false, "type": "string"}, "services.cloudflare-ddns.wafLists": {"declarations": ["nixos/modules/services/networking/cloudflare-ddns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of WAF IP Lists to manage, in the format `account-id/list-name`.\n(Experimental feature as of cloudflare-ddns 1.14.0).\n", "example": {"_type": "literalExpression", "text": "[\n  \"YOUR_ACCOUNT_ID/allowed_dynamic_ips\"\n]"}, "loc": ["services", "cloudflare-ddns", "wafLists"], "readOnly": false, "type": "list of string"}, "services.cloudflare-dyndns.apiTokenFile": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "description": "The path to a file containing the CloudFlare API token.\n", "loc": ["services", "cloudflare-dyndns", "apiTokenFile"], "readOnly": false, "type": "absolute path not in the Nix store"}, "services.cloudflare-dyndns.deleteMissing": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to delete the record when no IP address is found.\n", "loc": ["services", "cloudflare-dyndns", "deleteMissing"], "readOnly": false, "type": "boolean"}, "services.cloudflare-dyndns.domains": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of domain names to update records for.\n", "loc": ["services", "cloudflare-dyndns", "domains"], "readOnly": false, "type": "list of string"}, "services.cloudflare-dyndns.enable": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cloudflare Dynamic DNS Client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cloudflare-dyndns", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudflare-dyndns.frequency": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "\"*:0/5\""}, "description": "Run cloudflare-dyndns with the given frequency (see\n{manpage}`systemd.time(7)` for the format).\nIf null, do not run automatically.\n", "loc": ["services", "cloudflare-dyndns", "frequency"], "readOnly": false, "type": "null or string"}, "services.cloudflare-dyndns.ipv4": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable setting IPv4 A records.\n", "loc": ["services", "cloudflare-dyndns", "ipv4"], "readOnly": false, "type": "boolean"}, "services.cloudflare-dyndns.ipv6": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable setting IPv6 AAAA records.\n", "loc": ["services", "cloudflare-dyndns", "ipv6"], "readOnly": false, "type": "boolean"}, "services.cloudflare-dyndns.package": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cloudflare-dyndns"}, "description": "The cloudflare-dyndns package to use.", "loc": ["services", "cloudflare-dyndns", "package"], "readOnly": false, "type": "package"}, "services.cloudflare-dyndns.proxied": {"declarations": ["nixos/modules/services/networking/cloudflare-dyndns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this is a DNS-only record, or also being proxied through CloudFlare.\n", "loc": ["services", "cloudflare-dyndns", "proxied"], "readOnly": false, "type": "boolean"}, "services.cloudflare-warp.enable": {"declarations": ["nixos/modules/services/networking/cloudflare-warp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cloudflare Zero Trust client daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cloudflare-warp", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudflare-warp.openFirewall": {"declarations": ["nixos/modules/services/networking/cloudflare-warp.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable opening UDP ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cloudflare-warp", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.cloudflare-warp.package": {"declarations": ["nixos/modules/services/networking/cloudflare-warp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cloudflare-warp"}, "description": "The cloudflare-warp package to use.", "loc": ["services", "cloudflare-warp", "package"], "readOnly": false, "type": "package"}, "services.cloudflare-warp.rootDir": {"declarations": ["nixos/modules/services/networking/cloudflare-warp.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cloudflare-warp\""}, "description": "Working directory for the warp-svc daemon.\n", "loc": ["services", "cloudflare-warp", "rootDir"], "readOnly": false, "type": "string"}, "services.cloudflare-warp.udpPort": {"declarations": ["nixos/modules/services/networking/cloudflare-warp.nix"], "default": {"_type": "literalExpression", "text": "2408"}, "description": "The UDP port to open in the firewall. Warp uses port 2408 by default, but fallback ports can be used\nif that conflicts with another service. See the [firewall documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall#warp-udp-ports)\nfor the pre-configured available fallback ports.\n", "loc": ["services", "cloudflare-warp", "udpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cloudflared.certificateFile": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Account certificate file, necessary to create, delete and manage tunnels. It can be obtained by running `cloudflared login`.\n\nNote that this is **necessary** for a fully declarative set up, as routes can not otherwise be created outside of the Cloudflare interface.\n\nSee [Cert.pem](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#certpem) for information about the file, and [Tunnel permissions](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/tunnel-permissions/) for a comparison between the account certificate and the tunnel credentials file.\n", "loc": ["services", "cloudflared", "certificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.cloudflared.enable": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cloudflare Tunnel client daemon (formerly Argo Tunnel).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cloudflared", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudflared.package": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cloudflared"}, "description": "The cloudflared package to use.", "loc": ["services", "cloudflared", "package"], "readOnly": false, "type": "package"}, "services.cloudflared.tunnels": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Cloudflare tunnels.\n", "example": {"_type": "literalExpression", "text": "{\n  \"00000000-0000-0000-0000-000000000000\" = {\n    credentialsFile = \"/tmp/test\";\n    default = \"http_status:404\";\n    ingress = {\n      \"*.domain1.com\" = {\n        service = \"http://localhost:80\";\n      };\n    };\n  };\n}"}, "loc": ["services", "cloudflared", "tunnels"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.cloudflared.tunnels.<name>.certificateFile": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Account certificate file, necessary to create, delete and manage tunnels. It can be obtained by running `cloudflared login`.\n\nNote that this is **necessary** for a fully declarative set up, as routes can not otherwise be created outside of the Cloudflare interface.\n\nSee [Cert.pem](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#certpem) for information about the file, and [Tunnel permissions](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/tunnel-permissions/) for a comparison between the account certificate and the tunnel credentials file.\n", "loc": ["services", "cloudflared", "tunnels", "<name>", "certificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.cloudflared.tunnels.<name>.credentialsFile": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "description": "Credential file.\n\nSee [Credentials file](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#credentials-file).\n", "loc": ["services", "cloudflared", "tunnels", "<name>", "credentialsFile"], "readOnly": false, "type": "absolute path"}, "services.cloudflared.tunnels.<name>.default": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "description": "Catch-all service if no ingress matches.\n\nSee `service`.\n", "example": {"_type": "literalExpression", "text": "\"http_status:404\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "default"], "readOnly": false, "type": "string"}, "services.cloudflared.tunnels.<name>.edgeIPVersion": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "\"4\""}, "description": "Specifies the IP address version (IPv4 or IPv6) used to establish a connection between `cloudflared` and the Cloudflare global network.\n\nThe value `auto` relies on the host operating system to determine which IP version to select. The first IP version returned from the DNS resolution of the region lookup will be used as the primary set. In dual IPv6 and IPv4 network setups, `cloudflared` will separate the IP versions into two address sets that will be used to fallback in connectivity failure scenarios.\n\nSee [Tunnel run parameters](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/#edge-ip-version).\n", "example": {"_type": "literalExpression", "text": "\"auto\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "edgeIPVersion"], "readOnly": false, "type": "one of \"auto\", \"4\", \"6\""}, "services.cloudflared.tunnels.<name>.ingress": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Ingress rules.\n\nSee [Ingress rules](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/).\n", "example": {"_type": "literalExpression", "text": "{\n  \"*.anotherone.com\" = \"http://localhost:80\";\n  \"*.domain.com\" = \"http://localhost:80\";\n}"}, "loc": ["services", "cloudflared", "tunnels", "<name>", "ingress"], "readOnly": false, "type": "attribute set of (string or (submodule))"}, "services.cloudflared.tunnels.<name>.originRequest.caPool": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "caPool"], "readOnly": false, "type": "null or string or absolute path"}, "services.cloudflared.tunnels.<name>.originRequest.connectTimeout": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by [tlsTimeout](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#tlstimeout).\n", "example": {"_type": "literalExpression", "text": "\"30s\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "connectTimeout"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disables chunked transfer encoding. Useful if you are running a WSGI server.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "disableChunkedEncoding"], "readOnly": false, "type": "null or boolean"}, "services.cloudflared.tunnels.<name>.originRequest.httpHostHeader": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the HTTP `Host` header on requests sent to the local service.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "httpHostHeader"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.\n", "example": {"_type": "literalExpression", "text": "100"}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "keepAliveConnections"], "readOnly": false, "type": "null or signed integer"}, "services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout after which an idle keepalive connection can be discarded.\n", "example": {"_type": "literalExpression", "text": "\"1m30s\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "keepAliveTimeout"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable the \u201chappy eyeballs\u201d algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "noHappyEyeballs"], "readOnly": false, "type": "null or boolean"}, "services.cloudflared.tunnels.<name>.originRequest.noTLSVerify": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "noTLSVerify"], "readOnly": false, "type": "null or boolean"}, "services.cloudflared.tunnels.<name>.originRequest.originServerName": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname that `cloudflared` should expect from your origin server certificate.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "originServerName"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.originRequest.proxyAddress": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "`cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "proxyAddress"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.originRequest.proxyPort": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "`cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen.\n", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "proxyPort"], "readOnly": false, "type": "null or signed integer"}, "services.cloudflared.tunnels.<name>.originRequest.proxyType": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "`cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are:\n\n- `\"\"` for the regular proxy\n- `\"socks\"` for a SOCKS5 proxy. Refer to the [tutorial on connecting through Cloudflare Access using kubectl](https://developers.cloudflare.com/cloudflare-one/tutorials/kubectl/) for more information.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "proxyType"], "readOnly": false, "type": "null or one of \"\", \"socks\""}, "services.cloudflared.tunnels.<name>.originRequest.tcpKeepAlive": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.\n", "example": {"_type": "literalExpression", "text": "\"30s\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "tcpKeepAlive"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.originRequest.tlsTimeout": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.\n", "example": {"_type": "literalExpression", "text": "\"10s\""}, "loc": ["services", "cloudflared", "tunnels", "<name>", "originRequest", "tlsTimeout"], "readOnly": false, "type": "null or string"}, "services.cloudflared.tunnels.<name>.warp-routing.enabled": {"declarations": ["nixos/modules/services/networking/cloudflared.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable warp routing.\n\nSee [Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/).\n", "loc": ["services", "cloudflared", "tunnels", "<name>", "warp-routing", "enabled"], "readOnly": false, "type": "null or boolean"}, "services.cloudlog.baseUrl": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost\""}, "description": "Cloudlog base URL", "loc": ["services", "cloudlog", "baseUrl"], "readOnly": false, "type": "string"}, "services.cloudlog.dataDir": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cloudlog\""}, "description": "Cloudlog data directory.", "loc": ["services", "cloudlog", "dataDir"], "readOnly": false, "type": "string"}, "services.cloudlog.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "cloudlog", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.cloudlog.database.host": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "MySQL database host", "loc": ["services", "cloudlog", "database", "host"], "readOnly": false, "type": "string"}, "services.cloudlog.database.name": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"cloudlog\""}, "description": "MySQL database name.", "loc": ["services", "cloudlog", "database", "name"], "readOnly": false, "type": "string"}, "services.cloudlog.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MySQL user password file.", "loc": ["services", "cloudlog", "database", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.cloudlog.database.user": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"cloudlog\""}, "description": "MySQL user name.", "loc": ["services", "cloudlog", "database", "user"], "readOnly": false, "type": "string"}, "services.cloudlog.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cloudlog.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cloudlog", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.extraConfig": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional text to be appended to the config.php\nconfiguration file. This is a PHP script. For configuration\nsettings, see <https://github.com/magicbug/Cloudlog/wiki/Cloudlog.php-Configuration-File>.\n", "example": {"_type": "literalExpression", "text": "''\n  $config['show_time'] = TRUE;\n''"}, "loc": ["services", "cloudlog", "extraConfig"], "readOnly": false, "type": "string"}, "services.cloudlog.poolConfig": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for Cloudlog's PHP-FPM pool.\n", "loc": ["services", "cloudlog", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.cloudlog.update-clublog-scp.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically update the Clublog SCP database. If enabled,\na systemd timer will run the update task as specified by the interval\noption.\n", "loc": ["services", "cloudlog", "update-clublog-scp", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.update-clublog-scp.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the time\nat which the Clublog SCP update will occur.\n", "loc": ["services", "cloudlog", "update-clublog-scp", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.update-dok.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically update the DOK resource file. If enabled, a\nsystemd timer will run the update task as specified by the interval option.\n", "loc": ["services", "cloudlog", "update-dok", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.update-dok.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the\ntime at which the DOK update will occur.\n", "loc": ["services", "cloudlog", "update-dok", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.update-lotw-users.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically update the list of LoTW users. If enabled, a\nsystemd timer will run the update task as specified by the interval\noption.\n", "loc": ["services", "cloudlog", "update-lotw-users", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.update-lotw-users.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the\ntime at which the LoTW user update will occur.\n", "loc": ["services", "cloudlog", "update-lotw-users", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.update-sota.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically update the SOTA database. If enabled, a\nsystemd timer will run the update task as specified by the interval option.\n", "loc": ["services", "cloudlog", "update-sota", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.update-sota.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the time\nat which the SOTA update will occur.\n", "loc": ["services", "cloudlog", "update-sota", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.update-wwff.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically update the WWFF database. If enabled, a\nsystemd timer will run the update task as specified by the interval\noption.\n", "loc": ["services", "cloudlog", "update-wwff", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.update-wwff.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the time\nat which the WWFF update will occur.\n", "loc": ["services", "cloudlog", "update-wwff", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.upload-clublog.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically upload logs to Clublog. If enabled, a systemd\ntimer will run the log upload task as specified by the interval option.\n", "loc": ["services", "cloudlog", "upload-clublog", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.upload-clublog.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the time\nat which the Clublog upload will occur.\n", "loc": ["services", "cloudlog", "upload-clublog", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.upload-lotw.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically upload logs to LoTW. If enabled, a systemd\ntimer will run the log upload task as specified by the interval\n option.\n", "loc": ["services", "cloudlog", "upload-lotw", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.upload-lotw.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the\ntime at which the LoTW upload will occur.\n", "loc": ["services", "cloudlog", "upload-lotw", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.upload-qrz.enable": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to periodically upload logs to QRZ. If enabled, a systemd\ntimer will run the update task as specified by the interval option.\n", "loc": ["services", "cloudlog", "upload-qrz", "enable"], "readOnly": false, "type": "boolean"}, "services.cloudlog.upload-qrz.interval": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "Specification (in the format described by {manpage}`systemd.time(7)`) of the\ntime at which the QRZ upload will occur.\n", "loc": ["services", "cloudlog", "upload-qrz", "interval"], "readOnly": false, "type": "string"}, "services.cloudlog.user": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"cloudlog\""}, "description": "User account under which Cloudlog runs.", "loc": ["services", "cloudlog", "user"], "readOnly": false, "type": "string"}, "services.cloudlog.virtualHost": {"declarations": ["nixos/modules/services/web-apps/cloudlog.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Name of the nginx virtualhost to use and setup. If null, do not setup\n any virtualhost.\n", "loc": ["services", "cloudlog", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.cntlm.configText": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim contents of {file}`cntlm.conf`.", "loc": ["services", "cntlm", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.cntlm.domain": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "description": "Proxy account domain/workgroup name.", "loc": ["services", "cntlm", "domain"], "readOnly": false, "type": "string"}, "services.cntlm.enable": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cntlm, which starts a local proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cntlm", "enable"], "readOnly": false, "type": "boolean"}, "services.cntlm.extraConfig": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional config appended to the end of the generated {file}`cntlm.conf`.", "loc": ["services", "cntlm", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.cntlm.netbios_hostname": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The hostname of your machine.\n", "loc": ["services", "cntlm", "netbios_hostname"], "readOnly": false, "type": "string"}, "services.cntlm.noproxy": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of domains where the proxy is skipped.\n", "example": {"_type": "literalExpression", "text": "[\n  \"*.example.com\"\n  \"example.com\"\n]"}, "loc": ["services", "cntlm", "noproxy"], "readOnly": false, "type": "list of string"}, "services.cntlm.password": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/cntlm.password\""}, "description": "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.", "loc": ["services", "cntlm", "password"], "readOnly": false, "type": "string"}, "services.cntlm.port": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "default": {"_type": "literalExpression", "text": "[\n  3128\n]"}, "description": "Specifies on which ports the cntlm daemon listens.", "loc": ["services", "cntlm", "port"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cntlm.proxy": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "description": "A list of NTLM/NTLMv2 authenticating HTTP proxies.\n\nParent proxy, which requires authentication. The same as proxy on the command-line, can be used more than  once  to  specify  unlimited\nnumber  of  proxies.  Should  one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole\nlist of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"proxy.example.com:81\"\n]"}, "loc": ["services", "cntlm", "proxy"], "readOnly": false, "type": "list of string"}, "services.cntlm.username": {"declarations": ["nixos/modules/services/networking/cntlm.nix"], "description": "Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).\n", "loc": ["services", "cntlm", "username"], "readOnly": false, "type": "string"}, "services.cockpit.allowed-origins": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of allowed origins.\n\nMaps to the WebService.Origins setting and allows merging from multiple modules.\n", "loc": ["services", "cockpit", "allowed-origins"], "readOnly": false, "type": "list of string"}, "services.cockpit.enable": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cockpit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cockpit", "enable"], "readOnly": false, "type": "boolean"}, "services.cockpit.openFirewall": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port for cockpit.", "loc": ["services", "cockpit", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.cockpit.package": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cockpit"}, "description": "The Cockpit package to use.", "loc": ["services", "cockpit", "package"], "readOnly": false, "type": "package"}, "services.cockpit.plugins": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of cockpit plugins.\n\nThis add the passthru.cockpitPath of the packages to the systemd cockpit service.\n", "example": {"_type": "literalExpression", "text": "[\n  pkgs.cockpit-zfs\n]\n"}, "loc": ["services", "cockpit", "plugins"], "readOnly": false, "type": "list of package"}, "services.cockpit.port": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "9090"}, "description": "Port where cockpit will listen.", "loc": ["services", "cockpit", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cockpit.settings": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.\n\nSee the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details.\n", "loc": ["services", "cockpit", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.cockpit.showBanner": {"declarations": ["nixos/modules/services/monitoring/cockpit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add the Cockpit banner to the issue and motd files.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "cockpit", "showBanner"], "readOnly": false, "type": "boolean"}, "services.cockroachdb.cache": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "\"25%\""}, "description": "The total size for caches.\n\nThis can be a percentage, expressed with a fraction sign or as a\ndecimal-point number, or any bytes-based unit. For example,\n`\"25%\"`, `\"0.25\"` both represent\n25% of the available system memory. The values\n`\"1000000000\"` and `\"1GB\"` both\nrepresent 1 gigabyte of memory.\n\n", "loc": ["services", "cockroachdb", "cache"], "readOnly": false, "type": "string"}, "services.cockroachdb.certsDir": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the certificate directory.", "loc": ["services", "cockroachdb", "certsDir"], "readOnly": false, "type": "null or absolute path"}, "services.cockroachdb.enable": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CockroachDB Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cockroachdb", "enable"], "readOnly": false, "type": "boolean"}, "services.cockroachdb.extraArgs": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra CLI arguments passed to {command}`cockroach start`.\nFor the full list of supported arguments, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags>\n", "example": {"_type": "literalExpression", "text": "[\n  \"--advertise-addr\"\n  \"[fe80::f6f2:::]\"\n]"}, "loc": ["services", "cockroachdb", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.cockroachdb.group": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "\"cockroachdb\""}, "description": "User account under which CockroachDB runs", "loc": ["services", "cockroachdb", "group"], "readOnly": false, "type": "string"}, "services.cockroachdb.http.address": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address to bind to for http-based Admin UI", "loc": ["services", "cockroachdb", "http", "address"], "readOnly": false, "type": "string"}, "services.cockroachdb.http.port": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port to bind to for http-based Admin UI", "loc": ["services", "cockroachdb", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cockroachdb.insecure": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run in insecure mode.", "loc": ["services", "cockroachdb", "insecure"], "readOnly": false, "type": "boolean"}, "services.cockroachdb.join": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The addresses for connecting the node to a cluster.", "loc": ["services", "cockroachdb", "join"], "readOnly": false, "type": "null or string"}, "services.cockroachdb.listen.address": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address to bind to for intra-cluster communication", "loc": ["services", "cockroachdb", "listen", "address"], "readOnly": false, "type": "string"}, "services.cockroachdb.listen.port": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "26257"}, "description": "Port to bind to for intra-cluster communication", "loc": ["services", "cockroachdb", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cockroachdb.locality": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An ordered, comma-separated list of key-value pairs that describe the\ntopography of the machine. Topography might include country,\ndatacenter or rack designations. Data is automatically replicated to\nmaximize diversities of each tier. The order of tiers is used to\ndetermine the priority of the diversity, so the more inclusive\nlocalities like country should come before less inclusive localities\nlike datacenter.  The tiers and order must be the same on all nodes.\nIncluding more tiers is better than including fewer. For example:\n\n```\n    country=us,region=us-west,datacenter=us-west-1b,rack=12\n    country=ca,region=ca-east,datacenter=ca-east-2,rack=4\n\n    planet=earth,province=manitoba,colo=secondary,power=3\n```\n", "loc": ["services", "cockroachdb", "locality"], "readOnly": false, "type": "null or string"}, "services.cockroachdb.maxSqlMemory": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "\"25%\""}, "description": "The maximum in-memory storage capacity available to store temporary\ndata for SQL queries.\n\nThis can be a percentage, expressed with a fraction sign or as a\ndecimal-point number, or any bytes-based unit. For example,\n`\"25%\"`, `\"0.25\"` both represent\n25% of the available system memory. The values\n`\"1000000000\"` and `\"1GB\"` both\nrepresent 1 gigabyte of memory.\n", "loc": ["services", "cockroachdb", "maxSqlMemory"], "readOnly": false, "type": "string"}, "services.cockroachdb.openPorts": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for cluster communication by default", "loc": ["services", "cockroachdb", "openPorts"], "readOnly": false, "type": "boolean"}, "services.cockroachdb.package": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cockroachdb"}, "description": "The cockroachdb package to use. This would primarily be useful to enable Enterprise Edition features\nin your own custom CockroachDB build (Nixpkgs CockroachDB binaries\nonly contain open source features and open source code).\n", "loc": ["services", "cockroachdb", "package"], "readOnly": false, "type": "package"}, "services.cockroachdb.user": {"declarations": ["nixos/modules/services/databases/cockroachdb.nix"], "default": {"_type": "literalExpression", "text": "\"cockroachdb\""}, "description": "User account under which CockroachDB runs", "loc": ["services", "cockroachdb", "user"], "readOnly": false, "type": "string"}, "services.cocoon.enable": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cocoon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cocoon", "enable"], "readOnly": false, "type": "boolean"}, "services.cocoon.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load environment variables from. Loaded variables override\nvalues set in {option}`environment`.\n\nUse it to set values of `COCOON_ADMIN_PASSWORD` and `COCOON_SESSION_SECRE`.\n\nGenerate `COCOON_ADMIN_PASSWORD` with\n```\nopenssl rand -hex 16\n```\n\nGenerate `COCOON_SESSION_SECRET` with\n```\nopenssl rand -hex 32\n```\n", "loc": ["services", "cocoon", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.cocoon.package": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cocoon"}, "description": "The cocoon package to use.", "loc": ["services", "cocoon", "package"], "readOnly": false, "type": "package"}, "services.cocoon.settings": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "description": "Environment variables to set for the service. Secrets should be\nspecified using {option}`environmentFile`.\n\nRefer to <https://github.com/haileyok/cocoon/blob/main/.env.example>\nand <https://github.com/haileyok/cocoon/blob/main/README.md> for\navailable environment variables.\n", "loc": ["services", "cocoon", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or absolute path)"}, "services.cocoon.settings.COCOON_ADDR": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\":8080\""}, "description": "Address to bind the Cocoon instance to", "example": {"_type": "literalExpression", "text": "\":3000\""}, "loc": ["services", "cocoon", "settings", "COCOON_ADDR"], "readOnly": false, "type": "string"}, "services.cocoon.settings.COCOON_CONTACT_EMAIL": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "description": "Contact email for the Cocoon instance", "example": {"_type": "literalExpression", "text": "\"me@example.com\""}, "loc": ["services", "cocoon", "settings", "COCOON_CONTACT_EMAIL"], "readOnly": false, "type": "string"}, "services.cocoon.settings.COCOON_DATABASE_URL": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database connection URL", "example": {"_type": "literalExpression", "text": "\"postgres://cocoon:password@localhost:5432/cocoon?sslmode=disable\""}, "loc": ["services", "cocoon", "settings", "COCOON_DATABASE_URL"], "readOnly": false, "type": "null or string"}, "services.cocoon.settings.COCOON_DB_NAME": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cocoon/cocoon.db\""}, "description": "Name of the SQLite database file (if using sqlite)", "loc": ["services", "cocoon", "settings", "COCOON_DB_NAME"], "readOnly": false, "type": "string"}, "services.cocoon.settings.COCOON_DB_TYPE": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Type of database to use (sqlite or postgres)", "loc": ["services", "cocoon", "settings", "COCOON_DB_TYPE"], "readOnly": false, "type": "string"}, "services.cocoon.settings.COCOON_DID": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "description": "DID web address for the Cocoon instance", "example": {"_type": "literalExpression", "text": "\"did:web:cocoon.example.com\""}, "loc": ["services", "cocoon", "settings", "COCOON_DID"], "readOnly": false, "type": "null or string"}, "services.cocoon.settings.COCOON_HOSTNAME": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "description": "Hostname for the Cocoon instance", "example": {"_type": "literalExpression", "text": "\"cocoon.example.com\""}, "loc": ["services", "cocoon", "settings", "COCOON_HOSTNAME"], "readOnly": false, "type": "null or string"}, "services.cocoon.settings.COCOON_JWK_PATH": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cocoon/jwk.key\""}, "description": "Path to the JWK key file\n\nGenerate it with:\n```\ncocoon create-private-jwk --out /var/lib/cocoon/jwk.key\n```\n", "loc": ["services", "cocoon", "settings", "COCOON_JWK_PATH"], "readOnly": false, "type": "absolute path or string"}, "services.cocoon.settings.COCOON_RELAYS": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\"https://bsky.network\""}, "description": "Comma-separated list of Nostr relays to connect to", "loc": ["services", "cocoon", "settings", "COCOON_RELAYS"], "readOnly": false, "type": "string"}, "services.cocoon.settings.COCOON_ROTATION_KEY_PATH": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cocoon/rotation.key\""}, "description": "Path to the rotation key file.\n\nGenerate it with:\n```\ncocoon create-rotation-key --out /var/lib/cocoon/rotation.key\n```\n", "loc": ["services", "cocoon", "settings", "COCOON_ROTATION_KEY_PATH"], "readOnly": false, "type": "absolute path or string"}, "services.cocoon.settings.COCOON_SESSION_COOKIE_KEY": {"declarations": ["nixos/modules/services/web-apps/cocoon.nix"], "default": {"_type": "literalExpression", "text": "\"session\""}, "description": "Name of the session cookie", "loc": ["services", "cocoon", "settings", "COCOON_SESSION_COOKIE_KEY"], "readOnly": false, "type": "string"}, "services.code-server.auth": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "\"password\""}, "description": "The type of authentication to use.\n", "loc": ["services", "code-server", "auth"], "readOnly": false, "type": "one of \"none\", \"password\""}, "services.code-server.disableFileDownloads": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable file downloads from Code.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "code-server", "disableFileDownloads"], "readOnly": false, "type": "boolean"}, "services.code-server.disableGettingStartedOverride": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable the coder/coder override in the Help: Getting Started page.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "code-server", "disableGettingStartedOverride"], "readOnly": false, "type": "boolean"}, "services.code-server.disableTelemetry": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable telemetry.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "code-server", "disableTelemetry"], "readOnly": false, "type": "boolean"}, "services.code-server.disableUpdateCheck": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable update check.\nWithout this flag, code-server checks every 6 hours against the latest github release and\nthen notifies you once every week that a new release is available.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "code-server", "disableUpdateCheck"], "readOnly": false, "type": "boolean"}, "services.code-server.disableWorkspaceTrust": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable Workspace Trust feature.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "code-server", "disableWorkspaceTrust"], "readOnly": false, "type": "boolean"}, "services.code-server.enable": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable code-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "code-server", "enable"], "readOnly": false, "type": "boolean"}, "services.code-server.extensionsDir": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the extensions directory.\n", "loc": ["services", "code-server", "extensionsDir"], "readOnly": false, "type": "null or string"}, "services.code-server.extraArguments": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments to pass to code-server.\n", "example": {"_type": "literalExpression", "text": "[ \"--log=info\" ]"}, "loc": ["services", "code-server", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.code-server.extraEnvironment": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to pass to code-server.\n", "example": {"_type": "literalExpression", "text": "{\n  PKG_CONFIG_PATH = \"/run/current-system/sw/lib/pkgconfig\";\n}"}, "loc": ["services", "code-server", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.code-server.extraGroups": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An array of additional groups for the `code-server` user.\n", "example": {"_type": "literalExpression", "text": "[\n  \"docker\"\n]"}, "loc": ["services", "code-server", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.code-server.extraPackages": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to the code-server {env}`PATH`.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.go ]"}, "loc": ["services", "code-server", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.code-server.group": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "\"code-server\""}, "description": "The group to run code-server under.\nBy default, a group named `code-server` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourGroup\""}, "loc": ["services", "code-server", "group"], "readOnly": false, "type": "string"}, "services.code-server.hashedPassword": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Create the password with: {command}`echo -n 'thisismypassword' | nix run nixpkgs#libargon2 -- \"$(head -c 20 /dev/random | base64)\" -e`\n", "loc": ["services", "code-server", "hashedPassword"], "readOnly": false, "type": "string"}, "services.code-server.host": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host name or IP address the server should listen to.\n", "loc": ["services", "code-server", "host"], "readOnly": false, "type": "string"}, "services.code-server.package": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.code-server"}, "description": "The code-server package to use.", "example": {"_type": "literalExpression", "text": "pkgs.vscode-with-extensions.override {\n  vscode = pkgs.code-server;\n  vscodeExtensions = with pkgs.vscode-extensions; [\n    bbenoist.nix\n    dracula-theme.theme-dracula\n  ];\n}\n"}, "loc": ["services", "code-server", "package"], "readOnly": false, "type": "package"}, "services.code-server.port": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "4444"}, "description": "The port the server should listen to.\n", "loc": ["services", "code-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.code-server.proxyDomain": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Domain used for proxying ports.\n", "example": {"_type": "literalExpression", "text": "\"code-server.lan\""}, "loc": ["services", "code-server", "proxyDomain"], "readOnly": false, "type": "null or string"}, "services.code-server.socket": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a socket (bind-addr will be ignored).\n", "example": {"_type": "literalExpression", "text": "\"/run/code-server/socket\""}, "loc": ["services", "code-server", "socket"], "readOnly": false, "type": "null or string"}, "services.code-server.socketMode": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File mode of the socket.\n", "loc": ["services", "code-server", "socketMode"], "readOnly": false, "type": "null or string"}, "services.code-server.user": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "\"code-server\""}, "description": "The user to run code-server as.\nBy default, a user named `code-server` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourUser\""}, "loc": ["services", "code-server", "user"], "readOnly": false, "type": "string"}, "services.code-server.userDataDir": {"declarations": ["nixos/modules/services/web-apps/code-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the user data directory.\n", "loc": ["services", "code-server", "userDataDir"], "readOnly": false, "type": "null or string"}, "services.coder.accessUrl": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Access URL should be a external IP address or domain with DNS records pointing to Coder.\n", "example": {"_type": "literalExpression", "text": "\"https://coder.example.com\""}, "loc": ["services", "coder", "accessUrl"], "readOnly": false, "type": "null or string"}, "services.coder.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.\n", "loc": ["services", "coder", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.coder.database.database": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"coder\""}, "description": "Name of database.\n", "loc": ["services", "coder", "database", "database"], "readOnly": false, "type": "string"}, "services.coder.database.host": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Hostname hosting the database.\n", "loc": ["services", "coder", "database", "host"], "readOnly": false, "type": "string"}, "services.coder.database.password": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for accessing the database.\n", "loc": ["services", "coder", "database", "password"], "readOnly": false, "type": "null or string"}, "services.coder.database.sslmode": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"disable\""}, "description": "Password for accessing the database.\n", "loc": ["services", "coder", "database", "sslmode"], "readOnly": false, "type": "null or string"}, "services.coder.database.username": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"coder\""}, "description": "Username for accessing the database.\n", "loc": ["services", "coder", "database", "username"], "readOnly": false, "type": "string"}, "services.coder.enable": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Coder service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "coder", "enable"], "readOnly": false, "type": "boolean"}, "services.coder.environment.extra": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass run Coder's server with. See Coder documentation.", "example": {"_type": "literalExpression", "text": "{\n  CODER_OAUTH2_GITHUB_ALLOWED_ORGS = \"your-org\";\n  CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS = true;\n}"}, "loc": ["services", "coder", "environment", "extra"], "readOnly": false, "type": "attribute set"}, "services.coder.environment.file": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Systemd environment file to add to Coder.", "loc": ["services", "coder", "environment", "file"], "readOnly": false, "type": "null or absolute path"}, "services.coder.group": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"coder\""}, "description": "Group under which the coder service runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise it needs to be configured manually.\n:::\n", "loc": ["services", "coder", "group"], "readOnly": false, "type": "string"}, "services.coder.homeDir": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/coder\""}, "description": "Home directory for coder user.\n", "loc": ["services", "coder", "homeDir"], "readOnly": false, "type": "string"}, "services.coder.listenAddress": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:3000\""}, "description": "Listen address.\n", "loc": ["services", "coder", "listenAddress"], "readOnly": false, "type": "string"}, "services.coder.package": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "pkgs.coder"}, "description": "The coder package to use.", "loc": ["services", "coder", "package"], "readOnly": false, "type": "package"}, "services.coder.tlsCert": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the TLS certificate.\n", "loc": ["services", "coder", "tlsCert"], "readOnly": false, "type": "null or absolute path"}, "services.coder.tlsKey": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the TLS key.\n", "loc": ["services", "coder", "tlsKey"], "readOnly": false, "type": "null or absolute path"}, "services.coder.user": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "\"coder\""}, "description": "User under which the coder service runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise it needs to be configured manually.\n:::\n", "loc": ["services", "coder", "user"], "readOnly": false, "type": "string"}, "services.coder.wildcardAccessUrl": {"declarations": ["nixos/modules/services/web-apps/coder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If you are providing TLS certificates directly to the Coder server, you must use a single certificate for the root and wildcard domains.\n", "example": {"_type": "literalExpression", "text": "\"*.coder.example.com\""}, "loc": ["services", "coder", "wildcardAccessUrl"], "readOnly": false, "type": "null or string"}, "services.collabora-online.aliasGroups": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Alias groups to use.", "loc": ["services", "collabora-online", "aliasGroups"], "readOnly": false, "type": "list of (submodule)"}, "services.collabora-online.aliasGroups.*.aliases": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of regex pattern of aliasname.", "example": {"_type": "literalExpression", "text": "[\n  \"scheme://aliasname1:port\"\n  \"scheme://aliasname2:port\"\n]"}, "loc": ["services", "collabora-online", "aliasGroups", "*", "aliases"], "readOnly": false, "type": "list of string"}, "services.collabora-online.aliasGroups.*.host": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "description": "Hostname to allow or deny.", "example": {"_type": "literalExpression", "text": "\"scheme://hostname:port\""}, "loc": ["services", "collabora-online", "aliasGroups", "*", "host"], "readOnly": false, "type": "string"}, "services.collabora-online.enable": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable collabora-online.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "collabora-online", "enable"], "readOnly": false, "type": "boolean"}, "services.collabora-online.extraArgs": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the service.", "loc": ["services", "collabora-online", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.collabora-online.package": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "pkgs.collabora-online"}, "description": "The Collabora Online package to use.", "loc": ["services", "collabora-online", "package"], "readOnly": false, "type": "package"}, "services.collabora-online.port": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "9980"}, "description": "Listening port", "loc": ["services", "collabora-online", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.collabora-online.settings": {"declarations": ["nixos/modules/services/web-apps/collabora-online.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Collabora Online WebSocket Daemon, see\n<https://sdk.collaboraonline.com/docs/installation/Configuration.html>, or\n<https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in> for the default\nconfiguration.\n", "loc": ["services", "collabora-online", "settings"], "readOnly": false, "type": "`coolwsd.xml` configuration type, used to override values in the default configuration.\n\nAttribute names correspond to XML tags unless prefixed with `@`. Nested attribute sets\ncorrespond to nested XML tags. Attribute prefixed with `@` correspond to XML attributes. E.g.,\n`{ storage.wopi.\"@allow\" = true; }` in Nix corresponds to\n`<storage><wopi allow=\"true\"/></storage>` in `coolwsd.xml`, or `--o:storage.wopi[@allow]=true`\nin the command line.\n\nArrays correspond to multiple elements with the same tag name. E.g.\n`{ host = [ ''127\\.0\\.0\\.1'' \"::1\" ]; }` in Nix corresponds to\n```xml\n<net><post_allow>\n  <host>127\\.0\\.0\\.1</host>\n  <host>::1</host>\n</post_allow></net>\n```\nin `coolwsd.xml`, or\n`--o:net.post_allow.host[0]='127\\.0\\.0\\.1 --o:net.post_allow.host[1]=::1` in the command line.\n\nNull values could be used to remove an element from the default configuration.\n"}, "services.collectd.autoLoadPlugin": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable plugin autoloading.\n", "loc": ["services", "collectd", "autoLoadPlugin"], "readOnly": false, "type": "boolean"}, "services.collectd.buildMinimalPackage": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Build a minimal collectd package with only the configured `services.collectd.plugins`\n", "loc": ["services", "collectd", "buildMinimalPackage"], "readOnly": false, "type": "boolean"}, "services.collectd.dataDir": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/collectd\""}, "description": "Data directory for collectd agent.\n", "loc": ["services", "collectd", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.collectd.enable": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable collectd agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "collectd", "enable"], "readOnly": false, "type": "boolean"}, "services.collectd.extraConfig": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for collectd. Use mkBefore to add lines before the\ndefault config, and mkAfter to add them below.\n", "loc": ["services", "collectd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.collectd.include": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional paths to load config from.\n", "loc": ["services", "collectd", "include"], "readOnly": false, "type": "list of string"}, "services.collectd.package": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.collectd"}, "description": "The collectd package to use.", "loc": ["services", "collectd", "package"], "readOnly": false, "type": "package"}, "services.collectd.plugins": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of plugin names to plugin config segments\n", "example": {"_type": "literalExpression", "text": "{\n  cpu = \"\";\n  memory = \"\";\n  network = \"Server 192.168.1.1 25826\";\n}"}, "loc": ["services", "collectd", "plugins"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.collectd.user": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "\"collectd\""}, "description": "User under which to run collectd.\n", "loc": ["services", "collectd", "user"], "readOnly": false, "type": "null or string"}, "services.collectd.validateConfig": {"declarations": ["nixos/modules/services/monitoring/collectd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Validate the syntax of collectd configuration file at build time.\nDisable this if you use the Include directive on files unavailable in\nthe build sandbox, or when cross-compiling.\n", "loc": ["services", "collectd", "validateConfig"], "readOnly": false, "type": "boolean"}, "services.colord.enable": {"declarations": ["nixos/modules/services/x11/colord.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable colord, the color management daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "colord", "enable"], "readOnly": false, "type": "boolean"}, "services.commafeed.enable": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CommaFeed.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "commafeed", "enable"], "readOnly": false, "type": "boolean"}, "services.commafeed.environment": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables passed to CommaFeed, refer to\n<https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example>\nfor supported values. The default user is `admin` and the default password is `admin`.\nCorrect configuration for H2 database is already provided.\n", "example": {"_type": "literalExpression", "text": "{\n  CF_SERVER_APPLICATIONCONNECTORS_0_PORT = 9090;\n  CF_SERVER_APPLICATIONCONNECTORS_0_TYPE = \"http\";\n}"}, "loc": ["services", "commafeed", "environment"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "services.commafeed.environmentFile": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/commafeed/commafeed.env\""}, "loc": ["services", "commafeed", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.commafeed.group": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "\"commafeed\""}, "description": "Group under which CommaFeed runs.", "loc": ["services", "commafeed", "group"], "readOnly": false, "type": "string"}, "services.commafeed.package": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.commafeed"}, "description": "The commafeed package to use.", "loc": ["services", "commafeed", "package"], "readOnly": false, "type": "package"}, "services.commafeed.stateDir": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/commafeed\""}, "description": "Directory holding all state for CommaFeed to run.", "loc": ["services", "commafeed", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.commafeed.user": {"declarations": ["nixos/modules/services/web-apps/commafeed.nix"], "default": {"_type": "literalExpression", "text": "\"commafeed\""}, "description": "User under which CommaFeed runs.", "loc": ["services", "commafeed", "user"], "readOnly": false, "type": "string"}, "services.compton": {"declarations": ["nixos/modules/services/x11/picom.nix"], "description": "Alias of {option}`services.picom`.", "loc": ["services", "compton"], "readOnly": false, "type": "submodule"}, "services.confd.backend": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "\"etcd\""}, "description": "Confd config storage backend to use.", "loc": ["services", "confd", "backend"], "readOnly": false, "type": "one of \"etcd\", \"consul\", \"redis\", \"zookeeper\""}, "services.confd.confDir": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/confd\""}, "description": "The path to the confd configs.", "loc": ["services", "confd", "confDir"], "readOnly": false, "type": "absolute path"}, "services.confd.enable": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable confd, a service to manage local application configuration files using templates and data from etcd/consul/redis/zookeeper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "confd", "enable"], "readOnly": false, "type": "boolean"}, "services.confd.interval": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Confd check interval.", "loc": ["services", "confd", "interval"], "readOnly": false, "type": "signed integer"}, "services.confd.logLevel": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Confd log level.", "loc": ["services", "confd", "logLevel"], "readOnly": false, "type": "one of \"info\", \"debug\""}, "services.confd.nodes": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:2379\"\n]"}, "description": "Confd list of nodes to connect to.", "loc": ["services", "confd", "nodes"], "readOnly": false, "type": "list of string"}, "services.confd.package": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.confd"}, "description": "The confd package to use.", "loc": ["services", "confd", "package"], "readOnly": false, "type": "package"}, "services.confd.prefix": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "The string to prefix to keys.", "loc": ["services", "confd", "prefix"], "readOnly": false, "type": "absolute path"}, "services.confd.watch": {"declarations": ["nixos/modules/services/misc/confd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Confd, whether to watch etcd config for changes.", "loc": ["services", "confd", "watch"], "readOnly": false, "type": "boolean"}, "services.conman.config": {"declarations": ["nixos/modules/services/misc/conman.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The configuration object.\n\nEither `configFile` or `config` must be specified.\n\nSee <https://github.com/dun/conman/wiki/Man-5-conman.conf#files>.\n", "example": {"_type": "literalExpression", "text": "''\n  server coredump=off\n  server keepalive=on\n  server loopback=off\n  server timestamp=1h\n  \n  # global config\n  global log=\"/var/log/conman/%N.log\"\n  global seropts=\"9600,8n1\"\n  global ipmiopts=\"U:<user>,P:<password>\"\n''"}, "loc": ["services", "conman", "config"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.conman.configFile": {"declarations": ["nixos/modules/services/misc/conman.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The absolute path to the configuration file.\n\nEither `configFile` or `config` must be specified.\n\nSee <https://github.com/dun/conman/wiki/Man-5-conman.conf#files>.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/conman.conf\""}, "loc": ["services", "conman", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.conman.enable": {"declarations": ["nixos/modules/services/misc/conman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable the conman Console manager.\n\nEither `configFile` or `config` must be specified.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "conman", "enable"], "readOnly": false, "type": "boolean"}, "services.conman.package": {"declarations": ["nixos/modules/services/misc/conman.nix"], "default": {"_type": "literalExpression", "text": "pkgs.conman"}, "description": "The conman package to use.", "loc": ["services", "conman", "package"], "readOnly": false, "type": "package"}, "services.connman.enable": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use ConnMan for managing your network connections.\n", "loc": ["services", "connman", "enable"], "readOnly": false, "type": "boolean"}, "services.connman.enableVPN": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable ConnMan VPN service.\n", "loc": ["services", "connman", "enableVPN"], "readOnly": false, "type": "boolean"}, "services.connman.extraConfig": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines appended to the generated connman configuration file.\n", "loc": ["services", "connman", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.connman.extraFlags": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to connmand\n", "example": {"_type": "literalExpression", "text": "[\n  \"--nodnsproxy\"\n]"}, "loc": ["services", "connman", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.connman.networkInterfaceBlacklist": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"vmnet\"\n  \"vboxnet\"\n  \"virbr\"\n  \"ifb\"\n  \"ve\"\n]"}, "description": "Default blacklisted interfaces, this includes NixOS containers interfaces (ve).\n", "loc": ["services", "connman", "networkInterfaceBlacklist"], "readOnly": false, "type": "list of string"}, "services.connman.package": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "pkgs.connman"}, "description": "The connman package / build flavor", "example": {"_type": "literalExpression", "text": "pkgs.connmanFull"}, "loc": ["services", "connman", "package"], "readOnly": false, "type": "package"}, "services.connman.wifi.backend": {"declarations": ["nixos/modules/services/networking/connman.nix"], "default": {"_type": "literalExpression", "text": "\"wpa_supplicant\""}, "description": "Specify the Wi-Fi backend used.\nCurrently supported are {option}`wpa_supplicant` or {option}`iwd`.\n", "loc": ["services", "connman", "wifi", "backend"], "readOnly": false, "type": "one of \"wpa_supplicant\", \"iwd\""}, "services.consul-template.instances": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of consul-template instances.\nCreates independent `consul-template-${name}.service` systemd units for each instance defined here.\n", "loc": ["services", "consul-template", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.consul-template.instances.<name>.enable": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this consul-template instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "consul-template", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.consul-template.instances.<name>.group": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Group under which this instance runs.\n", "loc": ["services", "consul-template", "instances", "<name>", "group"], "readOnly": false, "type": "string"}, "services.consul-template.instances.<name>.package": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.consul-template"}, "description": "The consul-template package to use.", "loc": ["services", "consul-template", "instances", "<name>", "package"], "readOnly": false, "type": "package"}, "services.consul-template.instances.<name>.settings": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings written directly to the {file}`config.json` file.\nRefer to <https://github.com/hashicorp/consul-template/blob/main/docs/configuration.md#configuration-file> for supported values.\n\n::: {.note}\nResulting format is JSON not HCL.\nRefer to <https://www.hcl2json.com/> if you are unsure how to convert HCL options to JSON.\n:::\n", "loc": ["services", "consul-template", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.consul-template.instances.<name>.settings.pid_file": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "\"/run/consul-template/\u2039name\u203a.pid\""}, "description": "Path to use for the pid file.\n", "loc": ["services", "consul-template", "instances", "<name>", "settings", "pid_file"], "readOnly": false, "type": "string"}, "services.consul-template.instances.<name>.user": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "User under which this instance runs.\n", "loc": ["services", "consul-template", "instances", "<name>", "user"], "readOnly": false, "type": "string"}, "services.consul.alerts.consulAddr": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:8500\""}, "description": "Consul api listening address", "loc": ["services", "consul", "alerts", "consulAddr"], "readOnly": false, "type": "string"}, "services.consul.alerts.enable": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable consul-alerts.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "consul", "alerts", "enable"], "readOnly": false, "type": "boolean"}, "services.consul.alerts.listenAddr": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:9000\""}, "description": "Api listening address.", "loc": ["services", "consul", "alerts", "listenAddr"], "readOnly": false, "type": "string"}, "services.consul.alerts.package": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "pkgs.consul-alerts"}, "description": "The consul-alerts package to use.", "loc": ["services", "consul", "alerts", "package"], "readOnly": false, "type": "package"}, "services.consul.alerts.watchChecks": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable check watcher.", "loc": ["services", "consul", "alerts", "watchChecks"], "readOnly": false, "type": "boolean"}, "services.consul.alerts.watchEvents": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable event watcher.", "loc": ["services", "consul", "alerts", "watchEvents"], "readOnly": false, "type": "boolean"}, "services.consul.dropPrivileges": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the consul agent should be run as a non-root consul user.\n", "loc": ["services", "consul", "dropPrivileges"], "readOnly": false, "type": "boolean"}, "services.consul.enable": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the consul daemon.\n", "loc": ["services", "consul", "enable"], "readOnly": false, "type": "boolean"}, "services.consul.extraConfig": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options which are serialized to json and added\nto the config.json file.\n", "loc": ["services", "consul", "extraConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.consul.extraConfigFiles": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional configuration files to pass to consul\nNOTE: These will not trigger the service to be restarted when altered.\n", "loc": ["services", "consul", "extraConfigFiles"], "readOnly": false, "type": "list of string"}, "services.consul.forceAddrFamily": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "\"any\""}, "description": "Whether to bind ipv4/ipv6 or both kind of addresses.\n", "loc": ["services", "consul", "forceAddrFamily"], "readOnly": false, "type": "one of \"any\", \"ipv4\", \"ipv6\""}, "services.consul.forceIpv4": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Deprecated: Use consul.forceAddrFamily instead.\nWhether we should force the interfaces to only pull ipv4 addresses.\n", "loc": ["services", "consul", "forceIpv4"], "readOnly": false, "type": "null or boolean"}, "services.consul.interface.advertise": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the interface to pull the advertise_addr from.\n", "loc": ["services", "consul", "interface", "advertise"], "readOnly": false, "type": "null or string"}, "services.consul.interface.bind": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the interface to pull the bind_addr from.\n", "loc": ["services", "consul", "interface", "bind"], "readOnly": false, "type": "null or string"}, "services.consul.leaveOnStop": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, causes a leave action to be sent when closing consul.\nThis allows a clean termination of the node, but permanently removes\nit from the cluster. You probably don't want this option unless you\nare running a node which going offline in a permanent / semi-permanent\nfashion.\n", "loc": ["services", "consul", "leaveOnStop"], "readOnly": false, "type": "boolean"}, "services.consul.package": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "pkgs.consul"}, "description": "The consul package to use.", "loc": ["services", "consul", "package"], "readOnly": false, "type": "package"}, "services.consul.webUi": {"declarations": ["nixos/modules/services/networking/consul.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the web interface on the consul http port.\n", "loc": ["services", "consul", "webUi"], "readOnly": false, "type": "boolean"}, "services.convos.enable": {"declarations": ["nixos/modules/services/web-apps/convos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Convos.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "convos", "enable"], "readOnly": false, "type": "boolean"}, "services.convos.listenAddress": {"declarations": ["nixos/modules/services/web-apps/convos.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "Address or host the web interface should listen on", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "convos", "listenAddress"], "readOnly": false, "type": "string"}, "services.convos.listenPort": {"declarations": ["nixos/modules/services/web-apps/convos.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port the web interface should listen on", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "convos", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.convos.reverseProxy": {"declarations": ["nixos/modules/services/web-apps/convos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables reverse proxy support. This will allow Convos to automatically\npick up the `X-Forwarded-For` and\n`X-Request-Base` HTTP headers set in your reverse proxy\nweb server. Note that enabling this option without a reverse proxy in\nfront will be a security issue.\n", "loc": ["services", "convos", "reverseProxy"], "readOnly": false, "type": "boolean"}, "services.cook-cli.autoStart": {"declarations": ["nixos/modules/services/web-apps/cook-cli.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to start cook-cli server automatically.\n", "loc": ["services", "cook-cli", "autoStart"], "readOnly": false, "type": "boolean"}, "services.cook-cli.basePath": {"declarations": ["nixos/modules/services/web-apps/cook-cli.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cook-cli\""}, "description": "Path to the directory cook-cli will look for recipes.\n", "loc": ["services", "cook-cli", "basePath"], "readOnly": false, "type": "string"}, "services.cook-cli.enable": {"declarations": ["nixos/modules/services/web-apps/cook-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cook-cli.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cook-cli", "enable"], "readOnly": false, "type": "boolean"}, "services.cook-cli.openFirewall": {"declarations": ["nixos/modules/services/web-apps/cook-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the cook-cli server port in the firewall.\n", "loc": ["services", "cook-cli", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.cook-cli.package": {"declarations": ["nixos/modules/services/web-apps/cook-cli.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cook-cli"}, "description": "The cook-cli package to use.", "loc": ["services", "cook-cli", "package"], "readOnly": false, "type": "package"}, "services.cook-cli.port": {"declarations": ["nixos/modules/services/web-apps/cook-cli.nix"], "default": {"_type": "literalExpression", "text": "9080"}, "description": "Which port cook-cli server will use.\n", "loc": ["services", "cook-cli", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coredns.config": {"declarations": ["nixos/modules/services/networking/coredns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim Corefile to use.\nSee <https://coredns.io/manual/toc/#configuration> for details.\n", "example": {"_type": "literalExpression", "text": "''\n  . {\n    whoami\n  }\n''"}, "loc": ["services", "coredns", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.coredns.enable": {"declarations": ["nixos/modules/services/networking/coredns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Coredns dns server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "coredns", "enable"], "readOnly": false, "type": "boolean"}, "services.coredns.extraArgs": {"declarations": ["nixos/modules/services/networking/coredns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to coredns.", "example": {"_type": "literalExpression", "text": "[\n  \"-dns.port=53\"\n]"}, "loc": ["services", "coredns", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.coredns.package": {"declarations": ["nixos/modules/services/networking/coredns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.coredns"}, "description": "The coredns package to use.", "loc": ["services", "coredns", "package"], "readOnly": false, "type": "package"}, "services.corerad.configFile": {"declarations": ["nixos/modules/services/networking/corerad.nix"], "description": "Path to CoreRAD TOML configuration file.", "example": {"_type": "literalExpression", "text": "\"${pkgs.corerad}/etc/corerad/corerad.toml\""}, "loc": ["services", "corerad", "configFile"], "readOnly": false, "type": "absolute path"}, "services.corerad.enable": {"declarations": ["nixos/modules/services/networking/corerad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CoreRAD IPv6 NDP RA daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "corerad", "enable"], "readOnly": false, "type": "boolean"}, "services.corerad.package": {"declarations": ["nixos/modules/services/networking/corerad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.corerad"}, "description": "The corerad package to use.", "loc": ["services", "corerad", "package"], "readOnly": false, "type": "package"}, "services.corerad.settings": {"declarations": ["nixos/modules/services/networking/corerad.nix"], "description": "Configuration for CoreRAD, see <https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml>\nfor supported values. Ignored if configFile is set.\n", "example": {"_type": "literalExpression", "text": "{\n  interfaces = [\n    # eth0 is an upstream interface monitoring for IPv6 router advertisements.\n    {\n      name = \"eth0\";\n      monitor = true;\n    }\n    # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.\n    {\n      name = \"eth1\";\n      advertise = true;\n      prefix = [{ prefix = \"::/64\"; }];\n    }\n  ];\n  # Optionally enable Prometheus metrics.\n  debug = {\n    address = \"localhost:9430\";\n    prometheus = true;\n  };\n}\n"}, "loc": ["services", "corerad", "settings"], "readOnly": false, "type": "TOML value"}, "services.corosync.clusterName": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "default": {"_type": "literalExpression", "text": "\"nixcluster\""}, "description": "Name of the corosync cluster.", "loc": ["services", "corosync", "clusterName"], "readOnly": false, "type": "string"}, "services.corosync.enable": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable corosync.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "corosync", "enable"], "readOnly": false, "type": "boolean"}, "services.corosync.extraOptions": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional options with which to start corosync.", "loc": ["services", "corosync", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.corosync.nodelist": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Corosync nodelist: all cluster members.", "loc": ["services", "corosync", "nodelist"], "readOnly": false, "type": "list of (submodule)"}, "services.corosync.nodelist.*.name": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "description": "Node name", "loc": ["services", "corosync", "nodelist", "*", "name"], "readOnly": false, "type": "string"}, "services.corosync.nodelist.*.nodeid": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "description": "Node ID number", "loc": ["services", "corosync", "nodelist", "*", "nodeid"], "readOnly": false, "type": "signed integer"}, "services.corosync.nodelist.*.ring_addrs": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "description": "List of addresses, one for each ring.", "loc": ["services", "corosync", "nodelist", "*", "ring_addrs"], "readOnly": false, "type": "list of string"}, "services.corosync.package": {"declarations": ["nixos/modules/services/cluster/corosync/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.corosync"}, "description": "The corosync package to use.", "loc": ["services", "corosync", "package"], "readOnly": false, "type": "package"}, "services.corteza.address": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP for the HTTP server.\n", "loc": ["services", "corteza", "address"], "readOnly": false, "type": "string"}, "services.corteza.enable": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Corteza, a low-code platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "corteza", "enable"], "readOnly": false, "type": "boolean"}, "services.corteza.group": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "\"corteza\""}, "description": "The group to run Corteza under.", "loc": ["services", "corteza", "group"], "readOnly": false, "type": "string"}, "services.corteza.openFirewall": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "corteza", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.corteza.package": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "pkgs.corteza"}, "description": "The corteza package to use.", "loc": ["services", "corteza", "package"], "readOnly": false, "type": "package"}, "services.corteza.port": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "Port for the HTTP server.\n", "loc": ["services", "corteza", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.corteza.settings": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Corteza, will be passed as environment variables.\nSee <https://docs.cortezaproject.org/corteza-docs/2024.9/devops-guide/references/configuration/server.html>.\n", "loc": ["services", "corteza", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.corteza.settings.HTTP_WEBAPP_ENABLED": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable webapps.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "corteza", "settings", "HTTP_WEBAPP_ENABLED"], "readOnly": false, "type": "boolean"}, "services.corteza.user": {"declarations": ["nixos/modules/services/development/corteza.nix"], "default": {"_type": "literalExpression", "text": "\"corteza\""}, "description": "The user to run Corteza under.", "loc": ["services", "corteza", "user"], "readOnly": false, "type": "string"}, "services.coturn.alt-listening-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "listening-port + 1"}, "description": "Alternative listening port for UDP and TCP listeners;\ndefault (or zero) value means \"listening port plus one\".\nThis is needed for RFC 5780 support\n(STUN extension specs, NAT behavior discovery). The TURN Server\nsupports RFC 5780 only if it is started with more than one\nlistening IP address of the same family (IPv4 or IPv6).\nRFC 5780 is supported only by UDP protocol, other protocols\nare listening to that endpoint only for \"symmetry\".\n", "loc": ["services", "coturn", "alt-listening-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.alt-tls-listening-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "tls-listening-port + 1"}, "description": "Alternative listening port for TLS and DTLS protocols.\n", "loc": ["services", "coturn", "alt-tls-listening-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.cert": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file in PEM format.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/example.com/fullchain.pem\""}, "loc": ["services", "coturn", "cert"], "readOnly": false, "type": "null or string"}, "services.coturn.cli-ip": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Local system IP address to be used for CLI server endpoint.\n", "loc": ["services", "coturn", "cli-ip"], "readOnly": false, "type": "string"}, "services.coturn.cli-password": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CLI access password.\nFor the security reasons, it is recommended to use the encrypted\nfor of the password (see the -P command in the turnadmin utility).\n", "loc": ["services", "coturn", "cli-password"], "readOnly": false, "type": "null or string"}, "services.coturn.cli-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "5766"}, "description": "CLI server port.\n", "loc": ["services", "coturn", "cli-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.dh-file": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use custom DH TLS key, stored in PEM format in the file.\n", "loc": ["services", "coturn", "dh-file"], "readOnly": false, "type": "null or string"}, "services.coturn.enable": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable coturn TURN server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "coturn", "enable"], "readOnly": false, "type": "boolean"}, "services.coturn.extraConfig": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration options", "loc": ["services", "coturn", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.coturn.listening-ips": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listener IP addresses of relay server.\nIf no IP(s) specified in the config file or in the command line options,\nthen all IPv4 and IPv6 system IPs will be used for listening.\n", "example": {"_type": "literalExpression", "text": "[\n  \"203.0.113.42\"\n  \"2001:DB8::42\"\n]"}, "loc": ["services", "coturn", "listening-ips"], "readOnly": false, "type": "list of string"}, "services.coturn.listening-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "3478"}, "description": "TURN listener port for UDP and TCP.\nNote: actually, TLS and DTLS sessions can connect to the\n\"plain\" TCP and UDP port(s), too - if allowed by configuration.\n", "loc": ["services", "coturn", "listening-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.lt-cred-mech": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use long-term credential mechanism.\n", "loc": ["services", "coturn", "lt-cred-mech"], "readOnly": false, "type": "boolean"}, "services.coturn.max-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "Upper bound of UDP relay endpoints\n", "loc": ["services", "coturn", "max-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.min-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "49152"}, "description": "Lower bound of UDP relay endpoints\n", "loc": ["services", "coturn", "min-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.no-auth": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option is opposite to lt-cred-mech.\n(TURN Server with no-auth option allows anonymous access).\nIf neither option is defined, and no users are defined,\nthen no-auth is default. If at least one user is defined,\nin this file or in command line or in usersdb file, then\nlt-cred-mech is default.\n", "loc": ["services", "coturn", "no-auth"], "readOnly": false, "type": "boolean"}, "services.coturn.no-cli": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turn OFF the CLI support.\n", "loc": ["services", "coturn", "no-cli"], "readOnly": false, "type": "boolean"}, "services.coturn.no-dtls": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable DTLS client listener", "loc": ["services", "coturn", "no-dtls"], "readOnly": false, "type": "boolean"}, "services.coturn.no-tcp": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable TCP client listener", "loc": ["services", "coturn", "no-tcp"], "readOnly": false, "type": "boolean"}, "services.coturn.no-tcp-relay": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable TCP relay endpoints", "loc": ["services", "coturn", "no-tcp-relay"], "readOnly": false, "type": "boolean"}, "services.coturn.no-tls": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable TLS client listener", "loc": ["services", "coturn", "no-tls"], "readOnly": false, "type": "boolean"}, "services.coturn.no-udp": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable UDP client listener", "loc": ["services", "coturn", "no-udp"], "readOnly": false, "type": "boolean"}, "services.coturn.no-udp-relay": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable UDP relay endpoints", "loc": ["services", "coturn", "no-udp-relay"], "readOnly": false, "type": "boolean"}, "services.coturn.pkey": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key file in PEM format.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/example.com/key.pem\""}, "loc": ["services", "coturn", "pkey"], "readOnly": false, "type": "null or string"}, "services.coturn.realm": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "The default realm to be used for the users when no explicit\norigin/realm relationship was found in the database, or if the TURN\nserver is not using any database (just the commands-line settings\nand the userdb file). Must be used with long-term credentials\nmechanism or with TURN REST API.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "coturn", "realm"], "readOnly": false, "type": "string"}, "services.coturn.relay-ips": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Relay address (the local IP address that will be used to relay the\npackets to the peer).\nMultiple relay addresses may be used.\nThe same IP(s) can be used as both listening IP(s) and relay IP(s).\n\nIf no relay IP(s) specified, then the turnserver will apply the default\npolicy: it will decide itself which relay addresses to be used, and it\nwill always be using the client socket IP address as the relay IP address\nof the TURN session (if the requested relay address family is the same\nas the family of the client socket).\n", "example": {"_type": "literalExpression", "text": "[\n  \"203.0.113.42\"\n  \"2001:DB8::42\"\n]"}, "loc": ["services", "coturn", "relay-ips"], "readOnly": false, "type": "list of string"}, "services.coturn.secure-stun": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Require authentication of the STUN Binding request.\nBy default, the clients are allowed anonymous access to the STUN Binding functionality.\n", "loc": ["services", "coturn", "secure-stun"], "readOnly": false, "type": "boolean"}, "services.coturn.static-auth-secret": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "'Static' authentication secret value (a string) for TURN REST API only.\nIf not set, then the turn server\nwill try to use the 'dynamic' value in turn_secret table\nin user database (if present). The database-stored  value can be changed on-the-fly\nby a separate program, so this is why that other mode is 'dynamic'.\n", "loc": ["services", "coturn", "static-auth-secret"], "readOnly": false, "type": "null or string"}, "services.coturn.static-auth-secret-file": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the static authentication secret.\n", "loc": ["services", "coturn", "static-auth-secret-file"], "readOnly": false, "type": "null or string"}, "services.coturn.tls-listening-port": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "5349"}, "description": "TURN listener port for TLS.\nNote: actually, \"plain\" TCP and UDP sessions can connect to the TLS and\nDTLS port(s), too - if allowed by configuration. The TURN server\n\"automatically\" recognizes the type of traffic. Actually, two listening\nendpoints (the \"plain\" one and the \"tls\" one) are equivalent in terms of\nfunctionality; but we keep both endpoints to satisfy the RFC 5766 specs.\nFor secure TCP connections, we currently support SSL version 3 and\nTLS version 1.0, 1.1 and 1.2.\nFor secure UDP connections, we support DTLS version 1.\n", "loc": ["services", "coturn", "tls-listening-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.coturn.use-auth-secret": {"declarations": ["nixos/modules/services/networking/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "TURN REST API flag.\nFlag that sets a special authorization option that is based upon authentication secret.\nThis feature can be used with the long-term authentication mechanism, only.\nThis feature purpose is to support \"TURN Server REST API\", see\n\"TURN REST API\" link in the project's page\n<https://github.com/coturn/coturn/>\n\nThis option is used with timestamp:\n\nusercombo -> \"timestamp:userid\"\nturn user -> usercombo\nturn password -> base64(hmac(secret key, usercombo))\n\nThis allows TURN credentials to be accounted for a specific user id.\nIf you don't have a suitable id, the timestamp alone can be used.\nThis option is just turning on secret-based authentication.\nThe actual value of the secret is defined either by option static-auth-secret,\nor can be found in the turn_secret table in the database.\n", "loc": ["services", "coturn", "use-auth-secret"], "readOnly": false, "type": "boolean"}, "services.couchdb.adminPass": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Couchdb (i.e. fauxton) account with permission for all dbs and\ntasks.\n", "loc": ["services", "couchdb", "adminPass"], "readOnly": false, "type": "null or string"}, "services.couchdb.adminUser": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Couchdb (i.e. fauxton) account with permission for all dbs and\ntasks.\n", "loc": ["services", "couchdb", "adminUser"], "readOnly": false, "type": "string"}, "services.couchdb.argsFile": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"config.services.couchdb.package/etc/vm.args\""}, "description": "vm.args configuration. Overrides Couchdb's Erlang VM parameters file.\n", "loc": ["services", "couchdb", "argsFile"], "readOnly": false, "type": "absolute path"}, "services.couchdb.bindAddress": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Defines the IP address by which CouchDB will be accessible.\n", "loc": ["services", "couchdb", "bindAddress"], "readOnly": false, "type": "string"}, "services.couchdb.configFile": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/couchdb/local.ini\""}, "description": "Configuration file for persisting runtime changes. File\nneeds to be readable and writable from couchdb user/group.\n", "loc": ["services", "couchdb", "configFile"], "readOnly": false, "type": "absolute path"}, "services.couchdb.databaseDir": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/couchdb\""}, "description": "Specifies location of CouchDB database files (*.couch named). This\nlocation should be writable and readable for the user the CouchDB\nservice runs as (couchdb by default).\n", "loc": ["services", "couchdb", "databaseDir"], "readOnly": false, "type": "absolute path"}, "services.couchdb.enable": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CouchDB Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "couchdb", "enable"], "readOnly": false, "type": "boolean"}, "services.couchdb.extraConfig": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options for CouchDB", "loc": ["services", "couchdb", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.couchdb.extraConfigFiles": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra configuration files. Overrides any other configuration. You can use this to setup the Admin user without putting the password in your nix store.\n", "loc": ["services", "couchdb", "extraConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "services.couchdb.group": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"couchdb\""}, "description": "Group account under which couchdb runs.\n", "loc": ["services", "couchdb", "group"], "readOnly": false, "type": "string"}, "services.couchdb.logFile": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/couchdb.log\""}, "description": "Specifies the location of file for logging output.\n", "loc": ["services", "couchdb", "logFile"], "readOnly": false, "type": "absolute path"}, "services.couchdb.package": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.couchdb3"}, "description": "The couchdb3 package to use.", "loc": ["services", "couchdb", "package"], "readOnly": false, "type": "package"}, "services.couchdb.port": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "5984"}, "description": "Defined the port number to listen.\n", "loc": ["services", "couchdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.couchdb.uriFile": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"/run/couchdb/couchdb.uri\""}, "description": "This file contains the full URI that can be used to access this\ninstance of CouchDB. It is used to help discover the port CouchDB is\nrunning on (if it was set to 0 (e.g. automatically assigned any free\none). This file should be writable and readable for the user that\nruns the CouchDB service (couchdb by default).\n", "loc": ["services", "couchdb", "uriFile"], "readOnly": false, "type": "absolute path"}, "services.couchdb.user": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"couchdb\""}, "description": "User account under which couchdb runs.\n", "loc": ["services", "couchdb", "user"], "readOnly": false, "type": "string"}, "services.couchdb.viewIndexDir": {"declarations": ["nixos/modules/services/databases/couchdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/couchdb\""}, "description": "Specifies location of CouchDB view index files. This location should\nbe writable and readable for the user that runs the CouchDB service\n(couchdb by default).\n", "loc": ["services", "couchdb", "viewIndexDir"], "readOnly": false, "type": "absolute path"}, "services.cpuminer-cryptonight.enable": {"declarations": ["nixos/modules/services/misc/cpuminer-cryptonight.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the cpuminer cryptonight miner.\n", "loc": ["services", "cpuminer-cryptonight", "enable"], "readOnly": false, "type": "boolean"}, "services.cpuminer-cryptonight.pass": {"declarations": ["nixos/modules/services/misc/cpuminer-cryptonight.nix"], "default": {"_type": "literalExpression", "text": "\"x\""}, "description": "Password for mining server", "loc": ["services", "cpuminer-cryptonight", "pass"], "readOnly": false, "type": "string"}, "services.cpuminer-cryptonight.threads": {"declarations": ["nixos/modules/services/misc/cpuminer-cryptonight.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of miner threads, defaults to available processors", "loc": ["services", "cpuminer-cryptonight", "threads"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.cpuminer-cryptonight.url": {"declarations": ["nixos/modules/services/misc/cpuminer-cryptonight.nix"], "description": "URL of mining server", "loc": ["services", "cpuminer-cryptonight", "url"], "readOnly": false, "type": "string"}, "services.cpuminer-cryptonight.user": {"declarations": ["nixos/modules/services/misc/cpuminer-cryptonight.nix"], "description": "Username for mining server", "loc": ["services", "cpuminer-cryptonight", "user"], "readOnly": false, "type": "string"}, "services.cpupower-gui.enable": {"declarations": ["nixos/modules/services/desktops/cpupower-gui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables dbus/systemd service needed by cpupower-gui.\nThese services are responsible for retrieving and modifying cpu power\nsaving settings.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cpupower-gui", "enable"], "readOnly": false, "type": "boolean"}, "services.crab-hole.configFile": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "description": "The config file of crab-hole.\n\nIf files are added via url, make sure the service has access to them.\nSetting this option will override any configuration applied by the settings option.\n", "loc": ["services", "crab-hole", "configFile"], "readOnly": false, "type": "absolute path"}, "services.crab-hole.enable": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Crab-hole Service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crab-hole", "enable"], "readOnly": false, "type": "boolean"}, "services.crab-hole.package": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "default": {"_type": "literalExpression", "text": "pkgs.crab-hole"}, "description": "The crab-hole package to use.", "loc": ["services", "crab-hole", "package"], "readOnly": false, "type": "package"}, "services.crab-hole.settings": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "description": "Crab-holes config. See big example <https://github.com/LuckyTurtleDev/crab-hole/blob/main/example-config.toml>", "example": {"_type": "literalExpression", "text": "{\n  api = {\n    admin_key = \"1234\";\n    listen = \"127.0.0.1\";\n    port = 8080;\n    show_doc = true;\n  };\n  blocklist = {\n    allow_list = [\n      \"file:///allowed.txt\"\n    ];\n    include_subdomains = true;\n    lists = [\n      \"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts\"\n      \"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt\"\n      \"file:///blocked.txt\"\n    ];\n  };\n  downstream = [\n    {\n      listen = \"localhost\";\n      port = 8080;\n      protocol = \"udp\";\n    }\n    {\n      certificate = \"dns.example.com.crt\";\n      dns_hostname = \"dns.example.com\";\n      key = \"dns.example.com.key\";\n      listen = \"[::]\";\n      port = 8055;\n      protocol = \"https\";\n      timeout_ms = 3000;\n    }\n  ];\n  upstream = {\n    name_servers = [\n      {\n        protocol = \"tls\";\n        socket_addr = \"[2606:4700:4700::1111]:853\";\n        tls_dns_name = \"1dot1dot1dot1.cloudflare-dns.com\";\n        trust_nx_responses = false;\n      }\n      {\n        protocol = \"tls\";\n        socket_addr = \"1.1.1.1:853\";\n        tls_dns_name = \"1dot1dot1dot1.cloudflare-dns.com\";\n        trust_nx_responses = false;\n      }\n    ];\n    options = {\n      validate = false;\n    };\n  };\n}"}, "loc": ["services", "crab-hole", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.crab-hole.settings.blocklist.allow_list": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of allowlists. If files are added via url, make sure the service has access to them!", "loc": ["services", "crab-hole", "settings", "blocklist", "allow_list"], "readOnly": false, "type": "list of (string or absolute path)"}, "services.crab-hole.settings.blocklist.include_subdomains": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Include subdomains.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crab-hole", "settings", "blocklist", "include_subdomains"], "readOnly": false, "type": "boolean"}, "services.crab-hole.settings.blocklist.lists": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of blocklists. If files are added via url, make sure the service has access to them!", "loc": ["services", "crab-hole", "settings", "blocklist", "lists"], "readOnly": false, "type": "list of (string or absolute path)"}, "services.crab-hole.supplementaryGroups": {"declarations": ["nixos/modules/services/networking/crab-hole.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Adds additional groups to the crab-hole service. Can be useful to prevent permission issues.", "example": {"_type": "literalExpression", "text": "[\n  \"acme\"\n]"}, "loc": ["services", "crab-hole", "supplementaryGroups"], "readOnly": false, "type": "list of string"}, "services.create_ap.enable": {"declarations": ["nixos/modules/services/networking/create_ap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable setting up wifi hotspots using create_ap.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "create_ap", "enable"], "readOnly": false, "type": "boolean"}, "services.create_ap.settings": {"declarations": ["nixos/modules/services/networking/create_ap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `create_ap`.\nSee [upstream example configuration](https://raw.githubusercontent.com/lakinduakash/linux-wifi-hotspot/master/src/scripts/create_ap.conf)\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  INTERNET_IFACE = \"eth0\";\n  PASSPHRASE = \"12345678\";\n  SSID = \"My Wifi Hotspot\";\n  WIFI_IFACE = \"wlan0\";\n}"}, "loc": ["services", "create_ap", "settings"], "readOnly": false, "type": "attribute set of (signed integer or boolean or string)"}, "services.croc.debug": {"declarations": ["nixos/modules/services/networking/croc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "croc", "debug"], "readOnly": false, "type": "boolean"}, "services.croc.enable": {"declarations": ["nixos/modules/services/networking/croc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable croc relay.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "croc", "enable"], "readOnly": false, "type": "boolean"}, "services.croc.openFirewall": {"declarations": ["nixos/modules/services/networking/croc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening of the peer port(s) in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "croc", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.croc.pass": {"declarations": ["nixos/modules/services/networking/croc.nix"], "default": {"_type": "literalExpression", "text": "\"pass123\""}, "description": "Password or passwordfile for the relay.", "loc": ["services", "croc", "pass"], "readOnly": false, "type": "absolute path or string"}, "services.croc.ports": {"declarations": ["nixos/modules/services/networking/croc.nix"], "default": {"_type": "literalExpression", "text": "[\n  9009\n  9010\n  9011\n  9012\n  9013\n]"}, "description": "Ports of the relay.", "loc": ["services", "croc", "ports"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cron.cronFiles": {"declarations": ["nixos/modules/services/scheduling/cron.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra crontab files that will be read and appended to the main\ncrontab file when the cron service starts.\n", "loc": ["services", "cron", "cronFiles"], "readOnly": false, "type": "list of absolute path"}, "services.cron.enable": {"declarations": ["nixos/modules/services/scheduling/cron.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Vixie cron daemon.", "loc": ["services", "cron", "enable"], "readOnly": false, "type": "boolean"}, "services.cron.mailto": {"declarations": ["nixos/modules/services/scheduling/cron.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Email address to which job output will be mailed.", "loc": ["services", "cron", "mailto"], "readOnly": false, "type": "null or string"}, "services.cron.systemCronJobs": {"declarations": ["nixos/modules/services/scheduling/cron.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of Cron jobs to be appended to the system-wide\ncrontab.  See the manual page for crontab for the expected\nformat. If you want to get the results mailed you must setuid\nsendmail. See {option}`security.wrappers`\n\nIf neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root\nis allowed to have its own crontab file. The /var/cron/cron.deny file\nis created automatically for you, so every user can use a crontab.\n\nMany nixos modules set systemCronJobs, so if you decide to disable vixie cron\nand enable another cron daemon, you may want it to get its system crontab\nbased on systemCronJobs.\n", "example": {"_type": "literalExpression", "text": "[ \"* * * * *  test   ls -l / > /tmp/cronout 2>&1\"\n  \"* * * * *  eelco  echo Hello World > /home/eelco/cronout\"\n]\n"}, "loc": ["services", "cron", "systemCronJobs"], "readOnly": false, "type": "list of string"}, "services.cross-seed.configDir": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cross-seed\""}, "description": "Cross-seed config directory", "loc": ["services", "cross-seed", "configDir"], "readOnly": false, "type": "absolute path"}, "services.cross-seed.enable": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cross-seed.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cross-seed", "enable"], "readOnly": false, "type": "boolean"}, "services.cross-seed.group": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "\"cross-seed\""}, "description": "Group to run cross-seed as.", "example": {"_type": "literalExpression", "text": "\"torrents\""}, "loc": ["services", "cross-seed", "group"], "readOnly": false, "type": "string"}, "services.cross-seed.package": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cross-seed"}, "description": "The cross-seed package to use.", "loc": ["services", "cross-seed", "package"], "readOnly": false, "type": "package"}, "services.cross-seed.settings": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for cross-seed.\n\nSecrets should not be set in this option, as they will be available in\nthe Nix store. For secrets, please use settingsFile.\n\nFor more details, see [the cross-seed documentation](https://www.cross-seed.org/docs/basics/options).\n", "loc": ["services", "cross-seed", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.cross-seed.settings.dataDirs": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to be searched for matching data.\n\nIf you use Injection, cross-seed will use the specified linkType\nto create a link to the original file in the linkDirs.\n\nIf linkType is hardlink, these must be on the same volume as the\ndata.\n", "loc": ["services", "cross-seed", "settings", "dataDirs"], "readOnly": false, "type": "list of absolute path"}, "services.cross-seed.settings.linkDirs": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of directories where cross-seed will create links.\n\nIf linkType is hardlink, these must be on the same volume as the data.\n", "loc": ["services", "cross-seed", "settings", "linkDirs"], "readOnly": false, "type": "list of absolute path"}, "services.cross-seed.settings.outputDir": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "\"\\${cfg.configDir}/output\""}, "description": "Directory where cross-seed will place torrent files it finds.", "loc": ["services", "cross-seed", "settings", "outputDir"], "readOnly": false, "type": "null or absolute path"}, "services.cross-seed.settings.port": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "2468"}, "description": "Port the cross-seed daemon listens on.", "example": {"_type": "literalExpression", "text": "3000"}, "loc": ["services", "cross-seed", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cross-seed.settings.torrentDir": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Directory containing torrent files, or if you're using a torrent\nclient integration and injection - your torrent client's .torrent\nfile store/cache.\n", "loc": ["services", "cross-seed", "settings", "torrentDir"], "readOnly": false, "type": "null or absolute path"}, "services.cross-seed.settingsFile": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a JSON file containing settings that will be merged with the\nsettings option. This is suitable for storing secrets, as they will not\nbe exposed on the Nix store.\n", "loc": ["services", "cross-seed", "settingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.cross-seed.useGenConfigDefaults": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use the option defaults from the configuration generated by\n{command}`cross-seed gen-config`.\n\nThose are the settings recommended by the project, and can be inspected\nfrom their [template file](https://github.com/cross-seed/cross-seed/blob/master/src/config.template.cjs).\n\nSettings set in {option}`services.cross-seed.settings` and\n{option}`services.cross-seed.settingsFile` will override the ones from\nthis option.\n", "loc": ["services", "cross-seed", "useGenConfigDefaults"], "readOnly": false, "type": "boolean"}, "services.cross-seed.user": {"declarations": ["nixos/modules/services/torrent/cross-seed.nix"], "default": {"_type": "literalExpression", "text": "\"cross-seed\""}, "description": "User to run cross-seed as.", "loc": ["services", "cross-seed", "user"], "readOnly": false, "type": "string"}, "services.crossfire-server.configFiles": {"declarations": ["nixos/modules/services/games/crossfire-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Text to append to the corresponding configuration files. Note that the\nfiles given in the example are *not* the complete set of files available\nto customize; look in /etc/crossfire after enabling the server to see\nthe available files, and read the comments in each file for detailed\ndocumentation on the format and what settings are available.\n\nNote that the motd, rules, and news files, if configured here, will\noverwrite the example files that come with the server, rather than being\nappended to them as the other configuration files are.\n", "example": {"_type": "literalExpression", "text": "{\n  dm_file = ''\n    admin:secret_password:localhost\n    alice:xyzzy:*\n  '';\n  ban_file = ''\n    # Bob is a jerk\n    bob@*\n    # So is everyone on 192.168.86.255/24\n    *@192.168.86.\n  '';\n  metaserver2 = ''\n    metaserver2_notification on\n    localhostname crossfire.example.net\n  '';\n  motd = \"Welcome to CrossFire!\";\n  news = \"No news yet.\";\n  rules = \"Don't be a jerk.\";\n  settings = ''\n    # be nicer to newbies and harsher to experienced players\n    balanced_stat_loss true\n    # don't let players pick up and use admin-created items\n    real_wiz false\n  '';\n}\n"}, "loc": ["services", "crossfire-server", "configFiles"], "readOnly": false, "type": "attribute set of string"}, "services.crossfire-server.dataDir": {"declarations": ["nixos/modules/services/games/crossfire-server.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.crossfire.package}/share/crossfire\""}, "description": "Where to load readonly data from -- maps, archetypes, treasure tables,\nand the like. If you plan to edit the data on the live server (rather\nthan overlaying the crossfire-maps and crossfire-arch packages and\nnixos-rebuilding), point this somewhere read-write and copy the data\nthere before starting the server.\n", "loc": ["services", "crossfire-server", "dataDir"], "readOnly": false, "type": "string"}, "services.crossfire-server.enable": {"declarations": ["nixos/modules/services/games/crossfire-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, the Crossfire game server will be started at boot.\n", "loc": ["services", "crossfire-server", "enable"], "readOnly": false, "type": "boolean"}, "services.crossfire-server.openFirewall": {"declarations": ["nixos/modules/services/games/crossfire-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the server.\n", "loc": ["services", "crossfire-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.crossfire-server.package": {"declarations": ["nixos/modules/services/games/crossfire-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.crossfire-server"}, "description": "The crossfire-server package to use. ::: {.note}\nThis will also be used for map/arch data, if you don't change {option}`dataDir`\n:::\n", "loc": ["services", "crossfire-server", "package"], "readOnly": false, "type": "package"}, "services.crossfire-server.stateDir": {"declarations": ["nixos/modules/services/games/crossfire-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/crossfire\""}, "description": "Where to store runtime data (save files, persistent items, etc).\n\nIf left at the default, this will be automatically created on server\nstartup if it does not already exist. If changed, it is the admin's\nresponsibility to make sure that the directory exists and is writeable\nby the `crossfire` user.\n", "loc": ["services", "crossfire-server", "stateDir"], "readOnly": false, "type": "string"}, "services.crossmacro.daemonPackage": {"declarations": ["nixos/modules/services/desktops/crossmacro.nix"], "default": {"_type": "literalExpression", "text": "pkgs.crossmacro-daemon"}, "description": "The crossmacro-daemon package to use.", "loc": ["services", "crossmacro", "daemonPackage"], "readOnly": false, "type": "package"}, "services.crossmacro.enable": {"declarations": ["nixos/modules/services/desktops/crossmacro.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CrossMacro, a cross-platform mouse and keyboard macro application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crossmacro", "enable"], "readOnly": false, "type": "boolean"}, "services.crossmacro.package": {"declarations": ["nixos/modules/services/desktops/crossmacro.nix"], "default": {"_type": "literalExpression", "text": "pkgs.crossmacro"}, "description": "The crossmacro package to use.", "loc": ["services", "crossmacro", "package"], "readOnly": false, "type": "package"}, "services.crossmacro.users": {"declarations": ["nixos/modules/services/desktops/crossmacro.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of users granted permission to use CrossMacro.", "example": {"_type": "literalExpression", "text": "[\n  \"alice\"\n  \"bob\"\n]"}, "loc": ["services", "crossmacro", "users"], "readOnly": false, "type": "list of string"}, "services.crowdsec-firewall-bouncer.createRulesets": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to have the module create the appropriate firewall configuration\nbased on the bouncer settings.\nYou may disable this option to manually configure it.\n", "loc": ["services", "crowdsec-firewall-bouncer", "createRulesets"], "readOnly": false, "type": "boolean"}, "services.crowdsec-firewall-bouncer.enable": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CrowdSec Firewall Bouncer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crowdsec-firewall-bouncer", "enable"], "readOnly": false, "type": "boolean"}, "services.crowdsec-firewall-bouncer.package": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.crowdsec-firewall-bouncer"}, "description": "The crowdsec-firewall-bouncer package to use.", "loc": ["services", "crowdsec-firewall-bouncer", "package"], "readOnly": false, "type": "package"}, "services.crowdsec-firewall-bouncer.registerBouncer.bouncerName": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "\"crowdsec-firewall-bouncer\""}, "description": "Name to register the bouncer as to the CrowdSec API", "loc": ["services", "crowdsec-firewall-bouncer", "registerBouncer", "bouncerName"], "readOnly": false, "type": "non-empty string"}, "services.crowdsec-firewall-bouncer.registerBouncer.enable": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "config.services.crowdsec.enable"}, "description": "Whether to automatically register the bouncer to the locally running\n`crowdsec` service.\n\nWhen authenticating to an external CrowdSec API, you may use the\n[](#opt-services.crowdsec-firewall-bouncer.secrets.apiKeyPath) option\ninstead.\n", "loc": ["services", "crowdsec-firewall-bouncer", "registerBouncer", "enable"], "readOnly": false, "type": "boolean"}, "services.crowdsec-firewall-bouncer.secrets.apiKeyPath": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the API key to authenticate with a local CrowdSec API.\n\nYou need to call `cscli bouncers add <bouncer-name>` to register\nthe bouncer and get this API key.\n\nWhen authenticating to the locally running `crowdsec` service, you may use the\n[](#opt-services.crowdsec-firewall-bouncer.registerBouncer.enable) option instead.\n", "loc": ["services", "crowdsec-firewall-bouncer", "secrets", "apiKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.crowdsec-firewall-bouncer.settings": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the main CrowdSec Firewall Bouncer.\n\nRefer to the defaults at <https://github.com/crowdsecurity/cs-firewall-bouncer/blob/main/config/crowdsec-firewall-bouncer.yaml>.\n", "loc": ["services", "crowdsec-firewall-bouncer", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.crowdsec-firewall-bouncer.settings.api_key": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "API key to authenticate with a local crowdsec API.\n\nYou need to call `cscli bouncers add <bouncer-name>` to register\nthe bouncer and get this API key.\n\nSetting this option will store this secret in the Nix store.\nInstead, you should set the `services.crowdsec-firewall-bouncer.secrets.apiKeyPath`\noption, which will read the value at runtime.\n", "loc": ["services", "crowdsec-firewall-bouncer", "settings", "api_key"], "readOnly": false, "type": "null or string"}, "services.crowdsec-firewall-bouncer.settings.api_url": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "http://$\\{config.services.crowdsec.settings.general.api.server.listen_uri}"}, "description": "URL of the local API.", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8080\""}, "loc": ["services", "crowdsec-firewall-bouncer", "settings", "api_url"], "readOnly": false, "type": "string"}, "services.crowdsec-firewall-bouncer.settings.mode": {"declarations": ["nixos/modules/services/security/crowdsec-firewall-bouncer.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.nftables.enable then \"nftables\" else \"iptables\""}, "description": "Firewall mode to use.", "loc": ["services", "crowdsec-firewall-bouncer", "settings", "mode"], "readOnly": false, "type": "string"}, "services.crowdsec.autoUpdateService": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable if `true` `cscli hub update` will be executed daily. See `https://docs.crowdsec.net/docs/cscli/cscli_hub_update/` for more information.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crowdsec", "autoUpdateService"], "readOnly": false, "type": "boolean"}, "services.crowdsec.enable": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable CrowdSec Security Engine.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crowdsec", "enable"], "readOnly": false, "type": "boolean"}, "services.crowdsec.group": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "\"crowdsec\""}, "description": "The group to run crowdsec as", "loc": ["services", "crowdsec", "group"], "readOnly": false, "type": "string"}, "services.crowdsec.hub": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hub collections, parsers, AppSec rules, etc.\n", "loc": ["services", "crowdsec", "hub"], "readOnly": false, "type": "submodule"}, "services.crowdsec.hub.appSecConfigs": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hub appsec configurations to install", "example": {"_type": "literalExpression", "text": "[\n  \"crowdsecurity/appsec-default\"\n]"}, "loc": ["services", "crowdsec", "hub", "appSecConfigs"], "readOnly": false, "type": "list of string"}, "services.crowdsec.hub.appSecRules": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hub appsec rules to install", "example": {"_type": "literalExpression", "text": "[\n  \"crowdsecurity/base-config\"\n]"}, "loc": ["services", "crowdsec", "hub", "appSecRules"], "readOnly": false, "type": "list of string"}, "services.crowdsec.hub.branch": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "\"master\""}, "description": "The git branch on which cscli is going to fetch configurations.\n\nSee `https://docs.crowdsec.net/docs/configuration/crowdsec_configuration/#hub_branch` for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"master\"\n  \"v1.4.3\"\n  \"v1.4.2\"\n]"}, "loc": ["services", "crowdsec", "hub", "branch"], "readOnly": false, "type": "string"}, "services.crowdsec.hub.collections": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hub collections to install", "example": {"_type": "literalExpression", "text": "[\n  \"crowdsecurity/linux\"\n]"}, "loc": ["services", "crowdsec", "hub", "collections"], "readOnly": false, "type": "list of string"}, "services.crowdsec.hub.parsers": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hub parsers to install", "example": {"_type": "literalExpression", "text": "[\n  \"crowdsecurity/sshd-logs\"\n]"}, "loc": ["services", "crowdsec", "hub", "parsers"], "readOnly": false, "type": "list of string"}, "services.crowdsec.hub.postOverflows": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hub postoverflows to install", "example": {"_type": "literalExpression", "text": "[\n  \"crowdsecurity/auditd-nix-wrappers-whitelist-process\"\n]"}, "loc": ["services", "crowdsec", "hub", "postOverflows"], "readOnly": false, "type": "list of string"}, "services.crowdsec.hub.scenarios": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hub scenarios to install", "example": {"_type": "literalExpression", "text": "[\n  \"crowdsecurity/ssh-bf\"\n]"}, "loc": ["services", "crowdsec", "hub", "scenarios"], "readOnly": false, "type": "list of string"}, "services.crowdsec.localConfig": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration for a crowdsec security engine.\n", "loc": ["services", "crowdsec", "localConfig"], "readOnly": false, "type": "submodule"}, "services.crowdsec.localConfig.acquisitions": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of acquisition specifications, which define the data sources you want to be parsed.\n\nSee <https://docs.crowdsec.net/docs/data_sources/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    journalctl_filter = [\n      \"_SYSTEMD_UNIT=sshd.service\"\n    ];\n    labels = {\n      type = \"syslog\";\n    };\n    source = \"journalctl\";\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "acquisitions"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.contexts": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of additional contexts to specify.\n\nSee <https://docs.crowdsec.net/docs/next/log_processor/alert_context/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    context = {\n      method = [\n        \"evt.Meta.http_verb\"\n      ];\n      status = [\n        \"evt.Meta.http_status\"\n      ];\n      target_uri = [\n        \"evt.Meta.http_path\"\n      ];\n      user_agent = [\n        \"evt.Meta.http_user_agent\"\n      ];\n    };\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "contexts"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.notifications": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of notifications to enable and use in your profiles. Note that for now, only the plugins shipped by default with CrowdSec are supported.\n\nSee <https://docs.crowdsec.net/docs/notification_plugins/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    format = ''\n      {{.|toJson}}\n    '';\n    log_level = \"info\";\n    method = \"POST\";\n    name = \"default_http_notification\";\n    type = \"http\";\n    url = \"https://example.com/hook\";\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "notifications"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.parsers": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The set of parser specifications.\n\nSee <https://docs.crowdsec.net/docs/parsers/intro> for details.\n", "loc": ["services", "crowdsec", "localConfig", "parsers"], "readOnly": false, "type": "submodule"}, "services.crowdsec.localConfig.parsers.s00Raw": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of stage s00-raw specifications. Most of the time, those are already included in the hub, but are presented here anyway.\n\nSee <https://docs.crowdsec.net/docs/parsers/intro> for details.\n", "loc": ["services", "crowdsec", "localConfig", "parsers", "s00Raw"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.parsers.s01Parse": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of stage s01-parse specifications.\n\nSee <https://docs.crowdsec.net/docs/parsers/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    debug = true;\n    description = \"Parsing custom service logs\";\n    filter = \"1=1\";\n    grok = {\n      apply_on = \"message\";\n      pattern = \"^%{DATA:some_data}$\";\n    };\n    name = \"example/custom-service-logs\";\n    onsuccess = \"next_stage\";\n    statics = [\n      {\n        parsed = \"is_my_custom_service\";\n        value = \"yes\";\n      }\n    ];\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "parsers", "s01Parse"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.parsers.s02Enrich": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of stage s02-enrich specifications. Inside this list, you can specify Parser Whitelists.\n\nSee <https://docs.crowdsec.net/docs/whitelist/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    description = \"Whitelist parse events from my IPs\";\n    name = \"myips/whitelist\";\n    whitelist = {\n      cidr = [\n        \"1.2.3.0/24\"\n      ];\n      ip = [\n        \"1.2.3.4\"\n      ];\n      reason = \"My IP ranges\";\n    };\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "parsers", "s02Enrich"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.patterns": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing custom grok patterns.\n", "example": {"_type": "literalExpression", "text": "[ (pkgs.writeTextDir \"custom_service_logs\" (builtins.readFile ./custom_service_logs)) ]\n"}, "loc": ["services", "crowdsec", "localConfig", "patterns"], "readOnly": false, "type": "list of package"}, "services.crowdsec.localConfig.postOverflows": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The set of Postoverflows specifications.\n\nSee <https://docs.crowdsec.net/docs/next/log_processor/parsers/intro#postoverflows> for details.\n", "loc": ["services", "crowdsec", "localConfig", "postOverflows"], "readOnly": false, "type": "submodule"}, "services.crowdsec.localConfig.postOverflows.s01Whitelist": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of stage s01-whitelist specifications. Inside this list, you can specify Postoverflows Whitelists.\n\nSee <https://docs.crowdsec.net/docs/whitelist/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    description = \"Whitelist my reverse DNS\";\n    name = \"postoverflows/whitelist_my_dns_domain\";\n    whitelist = {\n      expression = [\n        \"evt.Enriched.reverse_dns endsWith '.local.'\"\n      ];\n      reason = \"Don't ban me\";\n    };\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "postOverflows", "s01Whitelist"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.profiles": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    decisions = [\n      {\n        duration = \"4h\";\n        type = \"ban\";\n      }\n    ];\n    filters = [\n      \"Alert.Remediation == true && Alert.GetScope() == 'Ip'\"\n    ];\n    name = \"default_ip_remediation\";\n    on_success = \"break\";\n  }\n  {\n    decisions = [\n      {\n        duration = \"4h\";\n        type = \"ban\";\n      }\n    ];\n    filters = [\n      \"Alert.Remediation == true && Alert.GetScope() == 'Range'\"\n    ];\n    name = \"default_range_remediation\";\n    on_success = \"break\";\n  }\n]"}, "description": "A list of profiles to enable.\n\nSee <https://docs.crowdsec.net/docs/profiles/intro> for more details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    decisions = [\n      {\n        duration = \"4h\";\n        type = \"ban\";\n      }\n    ];\n    filters = [\n      \"Alert.Remediation == true && Alert.GetScope() == 'Ip'\"\n    ];\n    name = \"default_ip_remediation\";\n    on_success = \"break\";\n  }\n  {\n    decisions = [\n      {\n        duration = \"4h\";\n        type = \"ban\";\n      }\n    ];\n    filters = [\n      \"Alert.Remediation == true && Alert.GetScope() == 'Range'\"\n    ];\n    name = \"default_range_remediation\";\n    on_success = \"break\";\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "profiles"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.localConfig.scenarios": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of scenarios specifications.\n\nSee <https://docs.crowdsec.net/docs/scenarios/intro> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    capacity = 5;\n    description = \"Detect myservice bruteforce\";\n    filter = \"evt.Meta.log_type == 'myservice_failed_auth'\";\n    groupby = \"evt.Meta.source_ip\";\n    leakspeed = \"10s\";\n    name = \"crowdsecurity/myservice-bf\";\n    type = \"leaky\";\n  }\n]"}, "loc": ["services", "crowdsec", "localConfig", "scenarios"], "readOnly": false, "type": "list of (YAML 1.1 value)"}, "services.crowdsec.name": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Name of the machine when registering it at the central or local api.\n", "loc": ["services", "crowdsec", "name"], "readOnly": false, "type": "string"}, "services.crowdsec.openFirewall": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open firewall ports for `crowdsec`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "crowdsec", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.crowdsec.package": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "pkgs.crowdsec"}, "description": "The crowdsec package to use.", "loc": ["services", "crowdsec", "package"], "readOnly": false, "type": "package"}, "services.crowdsec.settings": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "description": "Set of various configuration attributes\n", "loc": ["services", "crowdsec", "settings"], "readOnly": false, "type": "submodule"}, "services.crowdsec.settings.capi": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "CAPI Configuration attributes\n", "loc": ["services", "crowdsec", "settings", "capi"], "readOnly": false, "type": "submodule"}, "services.crowdsec.settings.capi.credentialsFile": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The CAPI credential file to use.\n", "example": {"_type": "literalExpression", "text": "\"/run/crowdsec/capi.yaml\""}, "loc": ["services", "crowdsec", "settings", "capi", "credentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.crowdsec.settings.console": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Console Configuration attributes\n", "loc": ["services", "crowdsec", "settings", "console"], "readOnly": false, "type": "submodule"}, "services.crowdsec.settings.console.configuration": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{\n  share_context = false;\n  share_custom = false;\n  share_manual_decisions = false;\n  share_tainted = false;\n}"}, "description": "Attributes inside the console.yaml file.\n", "loc": ["services", "crowdsec", "settings", "console", "configuration"], "readOnly": false, "type": "YAML 1.1 value"}, "services.crowdsec.settings.console.tokenFile": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Console Token file to use.\n", "example": {"_type": "literalExpression", "text": "\"/run/crowdsec/console_token.yaml\""}, "loc": ["services", "crowdsec", "settings", "console", "tokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.crowdsec.settings.general": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the main CrowdSec configuration file.\n\nRefer to the defaults at <https://github.com/crowdsecurity/crowdsec/blob/master/config/config.yaml>.\n", "loc": ["services", "crowdsec", "settings", "general"], "readOnly": false, "type": "YAML 1.1 value"}, "services.crowdsec.settings.lapi": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LAPI Configuration attributes\n", "loc": ["services", "crowdsec", "settings", "lapi"], "readOnly": false, "type": "submodule"}, "services.crowdsec.settings.lapi.credentialsFile": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The LAPI credential file to use.\n", "example": {"_type": "literalExpression", "text": "\"/run/crowdsec/lapi.yaml\""}, "loc": ["services", "crowdsec", "settings", "lapi", "credentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.crowdsec.settings.simulation": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "{\n  simulation = false;\n}"}, "description": "Attributes inside the simulation.yaml file.\n", "loc": ["services", "crowdsec", "settings", "simulation"], "readOnly": false, "type": "YAML 1.1 value"}, "services.crowdsec.user": {"declarations": ["nixos/modules/services/security/crowdsec.nix"], "default": {"_type": "literalExpression", "text": "\"crowdsec\""}, "description": "The user to run crowdsec as", "loc": ["services", "crowdsec", "user"], "readOnly": false, "type": "string"}, "services.cryptpad.configureNginx": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure Nginx as a reverse proxy for Cryptpad.\nNote that this makes some assumptions on your setup, and sets settings that will\naffect other virtualHosts running on your Nginx instance, if any.\nAlternatively you can configure a reverse-proxy of your choice.\n", "loc": ["services", "cryptpad", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.cryptpad.enable": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cryptpad.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cryptpad", "enable"], "readOnly": false, "type": "boolean"}, "services.cryptpad.package": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cryptpad"}, "description": "The cryptpad package to use.", "loc": ["services", "cryptpad", "package"], "readOnly": false, "type": "package"}, "services.cryptpad.settings": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "description": "Cryptpad configuration settings.\nSee <https://github.com/cryptpad/cryptpad/blob/main/config/config.example.js> for a more extensive\nreference documentation.\nTest your deployed instance through `https://<domain>/checkup/`.\n", "loc": ["services", "cryptpad", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.cryptpad.settings.adminKeys": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of public signing keys of users that can access the admin panel", "example": {"_type": "literalExpression", "text": "[\n  \"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]\"\n]"}, "loc": ["services", "cryptpad", "settings", "adminKeys"], "readOnly": false, "type": "list of string"}, "services.cryptpad.settings.blockDailyCheck": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disable telemetry. This setting is only effective if the 'Disable server telemetry'\nsetting in the admin menu has been untouched, and will be ignored by cryptpad once\nthat option is set either way.\nNote that due to the service confinement, just enabling the option in the admin\nmenu will not be able to resolve DNS and fail; this setting must be set as well.\n", "loc": ["services", "cryptpad", "settings", "blockDailyCheck"], "readOnly": false, "type": "boolean"}, "services.cryptpad.settings.httpAddress": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address on which the Node.js server should listen", "loc": ["services", "cryptpad", "settings", "httpAddress"], "readOnly": false, "type": "string"}, "services.cryptpad.settings.httpPort": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port on which the Node.js server should listen", "loc": ["services", "cryptpad", "settings", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cryptpad.settings.httpSafeOrigin": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "description": "Cryptpad sandbox URL", "example": {"_type": "literalExpression", "text": "\"https://cryptpad-ui.example.com. Apparently optional but recommended.\""}, "loc": ["services", "cryptpad", "settings", "httpSafeOrigin"], "readOnly": false, "type": "null or string"}, "services.cryptpad.settings.httpUnsafeOrigin": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This is the URL that users will enter to load your instance", "example": {"_type": "literalExpression", "text": "\"https://cryptpad.example.com\""}, "loc": ["services", "cryptpad", "settings", "httpUnsafeOrigin"], "readOnly": false, "type": "string"}, "services.cryptpad.settings.installMethod": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "\"nixos\""}, "description": "Install method is listed in telemetry if you agree to it through the consentToContact\nsetting in the admin panel.\n", "loc": ["services", "cryptpad", "settings", "installMethod"], "readOnly": false, "type": "string"}, "services.cryptpad.settings.logLevel": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Controls log level", "loc": ["services", "cryptpad", "settings", "logLevel"], "readOnly": false, "type": "string"}, "services.cryptpad.settings.logToStdout": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Controls whether log output should go to stdout of the systemd service", "loc": ["services", "cryptpad", "settings", "logToStdout"], "readOnly": false, "type": "boolean"}, "services.cryptpad.settings.maxWorkers": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of child processes, defaults to number of cores available", "loc": ["services", "cryptpad", "settings", "maxWorkers"], "readOnly": false, "type": "null or signed integer"}, "services.cryptpad.settings.websocketPort": {"declarations": ["nixos/modules/services/web-apps/cryptpad.nix"], "default": {"_type": "literalExpression", "text": "3003"}, "description": "Port for the websocket that needs to be separate", "loc": ["services", "cryptpad", "settings", "websocketPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.cyrus-imap.cyrusConfigFile": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the configuration file used for Cyrus.", "loc": ["services", "cyrus-imap", "cyrusConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.cyrus-imap.cyrusSettings": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "description": "Cyrus configuration settings. See [cyrus.conf(5)](https://www.cyrusimap.org/imap/reference/manpages/configs/cyrus.conf.html)", "loc": ["services", "cyrus-imap", "cyrusSettings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (boolean or signed integer or list of string)"}, "services.cyrus-imap.cyrusSettings.DAEMON": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This section lists long running daemons to start before any SERVICES are spawned. {manpage}`master(8)` will ensure that these processes are running, restarting any process which dies or forks. All listed processes will be shutdown when {manpage}`master(8)` is exiting.\n", "loc": ["services", "cyrus-imap", "cyrusSettings", "DAEMON"], "readOnly": false, "type": "unspecified value"}, "services.cyrus-imap.cyrusSettings.EVENTS": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "{\n  checkpoint = {\n    cmd = [\n      \"ctl_cyrusdb\"\n      \"-c\"\n    ];\n    period = 30;\n  };\n  deleteprune = {\n    at = 430;\n    cmd = [\n      \"cyr_expire\"\n      \"-E\"\n      \"4\"\n      \"-D\"\n      \"28\"\n    ];\n  };\n  delprune = {\n    at = 400;\n    cmd = [\n      \"cyr_expire\"\n      \"-E\"\n      \"3\"\n    ];\n  };\n  expungeprune = {\n    at = 445;\n    cmd = [\n      \"cyr_expire\"\n      \"-E\"\n      \"4\"\n      \"-X\"\n      \"28\"\n    ];\n  };\n  tlsprune = {\n    at = 400;\n    cmd = [\n      \"tls_prune\"\n    ];\n  };\n}"}, "description": "This section lists processes that should be run at specific intervals, similar to cron jobs. This section is typically used to perform scheduled cleanup/maintenance.\n", "loc": ["services", "cyrus-imap", "cyrusSettings", "EVENTS"], "readOnly": false, "type": "unspecified value"}, "services.cyrus-imap.cyrusSettings.SERVICES": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "{\n  imap = {\n    cmd = [\n      \"imapd\"\n    ];\n    listen = \"imap\";\n    prefork = 0;\n  };\n  lmtpunix = {\n    cmd = [\n      \"lmtpd\"\n    ];\n    listen = \"/run/cyrus/lmtp\";\n    prefork = 0;\n  };\n  notify = {\n    cmd = [\n      \"notifyd\"\n    ];\n    listen = \"/run/cyrus/notify\";\n    prefork = 0;\n    proto = \"udp\";\n  };\n  pop3 = {\n    cmd = [\n      \"pop3d\"\n    ];\n    listen = \"pop3\";\n    prefork = 0;\n  };\n}"}, "description": "This section is the heart of the cyrus.conf file. It lists the processes that should be spawned to handle client connections made on certain Internet/UNIX sockets.\n", "loc": ["services", "cyrus-imap", "cyrusSettings", "SERVICES"], "readOnly": false, "type": "unspecified value"}, "services.cyrus-imap.cyrusSettings.START": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "{\n  recover = {\n    cmd = [\n      \"ctl_cyrusdb\"\n      \"-r\"\n    ];\n  };\n}"}, "description": "This section lists the processes to run before any SERVICES are spawned.\nThis section is typically used to initialize databases.\nMaster itself will not startup until all tasks in START have completed, so put no blocking commands here.\n", "loc": ["services", "cyrus-imap", "cyrusSettings", "START"], "readOnly": false, "type": "unspecified value"}, "services.cyrus-imap.debug": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debugging messages for the Cyrus master process.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cyrus-imap", "debug"], "readOnly": false, "type": "boolean"}, "services.cyrus-imap.enable": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Cyrus IMAP, an email, contacts and calendar server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "cyrus-imap", "enable"], "readOnly": false, "type": "boolean"}, "services.cyrus-imap.group": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cyrus IMAP group name. If this is not set, a group named `cyrus` will be created.", "loc": ["services", "cyrus-imap", "group"], "readOnly": false, "type": "null or string"}, "services.cyrus-imap.imapdConfigFile": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the configuration file used for cyrus-imap.", "loc": ["services", "cyrus-imap", "imapdConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.cyrus-imap.imapdSettings": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "{\n  admins = [\n    \"cyrus\"\n  ];\n  allowplaintext = true;\n  defaultdomain = \"localhost\";\n  defaultpartition = \"default\";\n  duplicate_db_path = \"/run/cyrus/db/deliver.db\";\n  hashimapspool = true;\n  httpmodules = [\n    \"carddav\"\n    \"caldav\"\n  ];\n  mboxname_lockpath = \"/run/cyrus/lock\";\n  partition-default = \"/var/lib/cyrus/storage\";\n  popminpoll = 1;\n  proc_path = \"/run/cyrus/proc\";\n  ptscache_db_path = \"/run/cyrus/db/ptscache.db\";\n  sasl_auto_transition = true;\n  sasl_pwcheck_method = [\n    \"saslauthd\"\n  ];\n  sievedir = \"/var/lib/cyrus/sieve\";\n  statuscache_db_path = \"/run/cyrus/db/statuscache.db\";\n  syslog_prefix = \"cyrus\";\n  tls_client_ca_dir = \"/etc/ssl/certs\";\n  tls_session_timeout = 1440;\n  tls_sessions_db_path = \"/run/cyrus/db/tls_sessions.db\";\n  virtdomains = \"on\";\n}"}, "description": "IMAP configuration settings. See [imapd.conf(5)](https://www.cyrusimap.org/imap/reference/manpages/configs/imapd.conf.html)", "loc": ["services", "cyrus-imap", "imapdSettings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean or list of string)"}, "services.cyrus-imap.imapdSettings.configdirectory": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/cyrus\""}, "description": "The pathname of the IMAP configuration directory.\n", "loc": ["services", "cyrus-imap", "imapdSettings", "configdirectory"], "readOnly": false, "type": "absolute path"}, "services.cyrus-imap.imapdSettings.idlesocket": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "\"/run/cyrus/idle\""}, "description": "Unix socket that idled listens on.\n", "loc": ["services", "cyrus-imap", "imapdSettings", "idlesocket"], "readOnly": false, "type": "absolute path"}, "services.cyrus-imap.imapdSettings.lmtpsocket": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "\"/run/cyrus/lmtp\""}, "description": "Unix socket that lmtpd listens on, used by {manpage}`deliver(8)`. This should match the path specified in {manpage}`cyrus.conf(5)`.\n", "loc": ["services", "cyrus-imap", "imapdSettings", "lmtpsocket"], "readOnly": false, "type": "absolute path"}, "services.cyrus-imap.imapdSettings.notifysocket": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "\"/run/cyrus/notify\""}, "description": "Unix domain socket that the mail notification daemon listens on.\n", "loc": ["services", "cyrus-imap", "imapdSettings", "notifysocket"], "readOnly": false, "type": "absolute path"}, "services.cyrus-imap.listenQueue": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "32"}, "description": "Socket listen queue backlog size. See {manpage}`listen(2)` for more information about a backlog.\nDefault is 32, which may be increased if you have a very high connection rate.\n", "loc": ["services", "cyrus-imap", "listenQueue"], "readOnly": false, "type": "signed integer"}, "services.cyrus-imap.tmpDBDir": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "\"/run/cyrus/db\""}, "description": "Location where DB files are stored.\nDatabases in this directory are recreated upon startup, so ideally they should live in ephemeral storage for best performance.\n", "loc": ["services", "cyrus-imap", "tmpDBDir"], "readOnly": false, "type": "absolute path"}, "services.cyrus-imap.user": {"declarations": ["nixos/modules/services/mail/cyrus-imap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cyrus IMAP user name. If this is not set, a user named `cyrus` will be created.", "loc": ["services", "cyrus-imap", "user"], "readOnly": false, "type": "null or string"}, "services.dae.assets": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ v2ray-geoip v2ray-domain-list-community ]"}, "description": "Assets required to run dae.\n", "loc": ["services", "dae", "assets"], "readOnly": false, "type": "list of absolute path"}, "services.dae.assetsPath": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "(symlinkJoin {\n    name = \"dae-assets\";\n    paths = assets;\n})/share/v2ray\n"}, "description": "The path which contains geolocation database.\nThis option will override `assets`.\n", "loc": ["services", "dae", "assetsPath"], "readOnly": false, "type": "string"}, "services.dae.config": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "WARNING: This option will expose store your config unencrypted world-readable in the nix store.\nConfig text for dae.\n\nSee <https://github.com/daeuniverse/dae/blob/main/example.dae>.\n", "loc": ["services", "dae", "config"], "readOnly": false, "type": "null or string"}, "services.dae.configFile": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of dae config file, end with `.dae`.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/config.dae\""}, "loc": ["services", "dae", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.dae.disableTxChecksumIpGeneric": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "See <https://github.com/daeuniverse/dae/issues/43>", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dae", "disableTxChecksumIpGeneric"], "readOnly": false, "type": "boolean"}, "services.dae.enable": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dae, a Linux high-performance transparent proxy solution based on eBPF.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dae", "enable"], "readOnly": false, "type": "boolean"}, "services.dae.openFirewall": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "{\n  enable = true;\n  port = 12345;\n}\n"}, "description": "Open the firewall port.\n", "loc": ["services", "dae", "openFirewall"], "readOnly": false, "type": "submodule"}, "services.dae.openFirewall.enable": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening {option}`port` in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dae", "openFirewall", "enable"], "readOnly": false, "type": "boolean"}, "services.dae.openFirewall.port": {"declarations": ["nixos/modules/services/networking/dae.nix"], "description": "Port to be opened. Consist with field `tproxy_port` in config file.\n", "loc": ["services", "dae", "openFirewall", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dae.package": {"declarations": ["nixos/modules/services/networking/dae.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dae"}, "description": "The dae package to use.", "loc": ["services", "dae", "package"], "readOnly": false, "type": "package"}, "services.dante.config": {"declarations": ["nixos/modules/services/networking/dante.nix"], "description": "Contents of Dante's configuration file.\nNOTE: user.privileged, user.unprivileged and logoutput are set by the service.\n", "loc": ["services", "dante", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.dante.enable": {"declarations": ["nixos/modules/services/networking/dante.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dante SOCKS proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dante", "enable"], "readOnly": false, "type": "boolean"}, "services.darkhttpd.address": {"declarations": ["nixos/modules/services/web-servers/darkhttpd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on.\nPass `all` to listen on all interfaces.\n", "loc": ["services", "darkhttpd", "address"], "readOnly": false, "type": "string"}, "services.darkhttpd.enable": {"declarations": ["nixos/modules/services/web-servers/darkhttpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DarkHTTPd web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "darkhttpd", "enable"], "readOnly": false, "type": "boolean"}, "services.darkhttpd.extraArgs": {"declarations": ["nixos/modules/services/web-servers/darkhttpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional configuration passed to the executable.\n", "loc": ["services", "darkhttpd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.darkhttpd.hideServerId": {"declarations": ["nixos/modules/services/web-servers/darkhttpd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Don't identify the server type in headers or directory listings.\n", "loc": ["services", "darkhttpd", "hideServerId"], "readOnly": false, "type": "boolean"}, "services.darkhttpd.port": {"declarations": ["nixos/modules/services/web-servers/darkhttpd.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "Port to listen on.\nPass 0 to let the system choose any free port for you.\n", "loc": ["services", "darkhttpd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.darkhttpd.rootDir": {"declarations": ["nixos/modules/services/web-servers/darkhttpd.nix"], "description": "Path from which to serve files.\n", "loc": ["services", "darkhttpd", "rootDir"], "readOnly": false, "type": "absolute path"}, "services.das_watchdog.enable": {"declarations": ["nixos/modules/services/monitoring/das_watchdog.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable realtime watchdog.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "das_watchdog", "enable"], "readOnly": false, "type": "boolean"}, "services.dashy.enable": {"declarations": ["nixos/modules/services/web-apps/dashy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app.\n\nNote that this builds a static web app as opposed to running a full node server, unlike the default docker image.\n\nWriting config changes to disk through the UI, triggering a rebuild through the UI and application status checks are\nunavailable without the node server; Everything else will work fine.\n\nSee the deployment docs for [building from source](https://dashy.to/docs/deployment#build-from-source), [hosting with a CDN](https://dashy.to/docs/deployment#hosting-with-cdn) and [CDN cloud deploy](https://dashy.to/docs/deployment#cdn--cloud-deploy) for more information.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dashy", "enable"], "readOnly": false, "type": "boolean"}, "services.dashy.finalDrv": {"declarations": ["nixos/modules/services/web-apps/dashy.nix"], "default": {"_type": "literalExpression", "text": "''\n  if cfg.settings != {}\n  then cfg.package.override {inherit (cfg) settings;}\n  else cfg.package;\n''"}, "description": "Final derivation containing the fully built static files\n", "loc": ["services", "dashy", "finalDrv"], "readOnly": true, "type": "package"}, "services.dashy.package": {"declarations": ["nixos/modules/services/web-apps/dashy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dashy-ui"}, "description": "The dashy-ui package to use.", "loc": ["services", "dashy", "package"], "readOnly": false, "type": "package"}, "services.dashy.settings": {"declarations": ["nixos/modules/services/web-apps/dashy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings serialized into `user-data/conf.yml` before build.\nIf left empty, the default configuration shipped with the package will be used instead.\n\nNote that the full configuration will be written to the nix store as world readable, which may include secrets such as [password hashes](https://dashy.to/docs/configuring#appconfigauthusers-optional).\n\nTo add files such as icons or backgrounds, you can reference them in line such as\n```nix\nicon = \"$\\{./icon.png}\";\n```\nThis will add the file to the nix store upon build, referencing it by file path as expected by Dashy.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    appConfig = {\n      cssThemes = [\n        \"example-theme-1\"\n        \"example-theme-2\"\n      ];\n      enableFontAwesome = true;\n      fontAwesomeKey = \"e9076c7025\";\n      theme = \"thebe\";\n    };\n    pageInfo = {\n      description = \"My Awesome Dashboard\";\n      navLinks = [\n        {\n          path = \"/\";\n          title = \"Home\";\n        }\n        {\n          path = \"https://example.com\";\n          title = \"Example 1\";\n        }\n        {\n          path = \"https://example.com\";\n          title = \"Example 2\";\n        }\n      ];\n      title = \"Dashy\";\n    };\n    sections = [\n      {\n        displayData = {\n          collapsed = true;\n          cols = 2;\n          customStyles = \"border: 2px dashed red;\";\n          itemSize = \"large\";\n        };\n        items = [\n          {\n            backgroundColor = \"#0079ff\";\n            color = \"#00ffc9\";\n            description = \"Source code and documentation on GitHub\";\n            icon = \"fab fa-github\";\n            target = \"sametab\";\n            title = \"Source\";\n            url = \"https://github.com/Lissy93/dashy\";\n          }\n          {\n            description = \"View currently open issues, or raise a new one\";\n            icon = \"fas fa-bug\";\n            title = \"Issues\";\n            url = \"https://github.com/Lissy93/dashy/issues\";\n          }\n          {\n            description = \"Live Demo #1\";\n            icon = \"fas fa-rocket\";\n            target = \"iframe\";\n            title = \"Demo 1\";\n            url = \"https://dashy-demo-1.as93.net\";\n          }\n          {\n            description = \"Live Demo #2\";\n            icon = \"favicon\";\n            target = \"newtab\";\n            title = \"Demo 2\";\n            url = \"https://dashy-demo-2.as93.net\";\n          }\n        ];\n        name = \"Getting Started\";\n      }\n    ];\n  }\n''"}, "loc": ["services", "dashy", "settings"], "readOnly": false, "type": "JSON value"}, "services.dashy.virtualHost.domain": {"declarations": ["nixos/modules/services/web-apps/dashy.nix"], "description": "Domain to use for the virtual host.\n\nThis can be used to change nginx options like\n```nix\nservices.nginx.virtualHosts.\"$\\{config.services.dashy.virtualHost.domain}\".listen = [ ... ]\n```\nor\n```nix\nservices.nginx.virtualHosts.\"example.com\".listen = [ ... ]\n```\n", "loc": ["services", "dashy", "virtualHost", "domain"], "readOnly": false, "type": "string"}, "services.dashy.virtualHost.enableNginx": {"declarations": ["nixos/modules/services/web-apps/dashy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a virtualhost to serve dashy through nginx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dashy", "virtualHost", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.datadog-agent.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "description": "Path to a file containing the Datadog API key to associate the\nagent with your account.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/datadog_api_key\""}, "loc": ["services", "datadog-agent", "apiKeyFile"], "readOnly": false, "type": "absolute path"}, "services.datadog-agent.checks": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for all Datadog checks. Keys of this attribute\nset will be used as the name of the check to create the\nappropriate configuration in `conf.d/$check.d/conf.yaml`.\n\nThe configuration is converted into JSON from the plain Nix\nlanguage configuration, meaning that you should write\nconfiguration adhering to Datadog's documentation - but in Nix\nlanguage.\n\nRefer to the implementation of this module (specifically the\ndefinition of `defaultChecks`) for an example.\n\nNote: The 'disk' and 'network' check are configured in\nseparate options because they exist by default. Attempting to\noverride their configuration here will have no effect.\n", "example": {"_type": "literalExpression", "text": "{\n  http_check = {\n    init_config = null;\n    instances = [\n      {\n        name = \"some-service\";\n        tags = [\n          \"some-service\"\n        ];\n        url = \"http://localhost:1337/healthz\";\n      }\n    ];\n  };\n}"}, "loc": ["services", "datadog-agent", "checks"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.datadog-agent.ddUrl": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom dd_url to configure the agent with. Useful if traffic to datadog\nneeds to go through a proxy.\nDon't use this to point to another datadog site (EU) - use site instead.\n", "example": {"_type": "literalExpression", "text": "\"http://haproxy.example.com:3834\""}, "loc": ["services", "datadog-agent", "ddUrl"], "readOnly": false, "type": "null or string"}, "services.datadog-agent.diskCheck": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "{\n  init_config = { };\n  instances = [\n    {\n      use_mount = \"false\";\n    }\n  ];\n}"}, "description": "Disk check config", "loc": ["services", "datadog-agent", "diskCheck"], "readOnly": false, "type": "attribute set"}, "services.datadog-agent.enable": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Datadog-agent v7 monitoring service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "datadog-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.datadog-agent.enableLiveProcessCollection": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the live process collection agent.\n", "loc": ["services", "datadog-agent", "enableLiveProcessCollection"], "readOnly": false, "type": "boolean"}, "services.datadog-agent.enableTraceAgent": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the trace agent.\n", "loc": ["services", "datadog-agent", "enableTraceAgent"], "readOnly": false, "type": "boolean"}, "services.datadog-agent.extraConfig": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options that will be merged into the\nmain config file {file}`datadog.yaml`.\n", "loc": ["services", "datadog-agent", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.datadog-agent.extraIntegrations": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra integrations from the Datadog core-integrations\nrepository that should be built and included.\n\nBy default the included integrations are disk, mongo, network,\nnginx and postgres.\n\nTo include additional integrations the name of the derivation\nand a function to filter its dependencies from the Python\npackage set must be provided.\n", "example": {"_type": "literalExpression", "text": "{\n  ntp = pythonPackages: [ pythonPackages.ntplib ];\n}\n"}, "loc": ["services", "datadog-agent", "extraIntegrations"], "readOnly": false, "type": "attribute set"}, "services.datadog-agent.hostname": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The hostname to show in the Datadog dashboard (optional)", "example": {"_type": "literalExpression", "text": "\"mymachine.mydomain\""}, "loc": ["services", "datadog-agent", "hostname"], "readOnly": false, "type": "null or string"}, "services.datadog-agent.logLevel": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Logging verbosity.", "loc": ["services", "datadog-agent", "logLevel"], "readOnly": false, "type": "null or one of \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\""}, "services.datadog-agent.networkCheck": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "{\n  init_config = { };\n  instances = [\n    {\n      collect_connection_state = false;\n      excluded_interfaces = [\n        \"lo\"\n        \"lo0\"\n      ];\n    }\n  ];\n}"}, "description": "Network check config", "loc": ["services", "datadog-agent", "networkCheck"], "readOnly": false, "type": "attribute set"}, "services.datadog-agent.package": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.datadog-agent"}, "description": "The datadog-agent package to use. ::: {.note}\nThe provided package is expected to have an overridable `pythonPackages`-attribute\nwhich configures the Python environment with the Datadog checks.\n:::\n", "loc": ["services", "datadog-agent", "package"], "readOnly": false, "type": "package"}, "services.datadog-agent.processAgentPackage": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.datadog-process-agent"}, "description": "Which DataDog v7 agent package to use. Note that the provided\npackage is expected to have an overridable `pythonPackages`-attribute\nwhich configures the Python environment with the Datadog\nchecks.\n", "loc": ["services", "datadog-agent", "processAgentPackage"], "readOnly": false, "type": "package"}, "services.datadog-agent.site": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The datadog site to point the agent towards.\nSet to datadoghq.eu to point it to their EU site.\n", "example": {"_type": "literalExpression", "text": "\"datadoghq.eu\""}, "loc": ["services", "datadog-agent", "site"], "readOnly": false, "type": "null or string"}, "services.datadog-agent.tags": {"declarations": ["nixos/modules/services/monitoring/datadog-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The tags to mark this Datadog agent", "example": {"_type": "literalExpression", "text": "[\n  \"test\"\n  \"service\"\n]"}, "loc": ["services", "datadog-agent", "tags"], "readOnly": false, "type": "null or (list of string)"}, "services.davfs2.davGroup": {"declarations": ["nixos/modules/services/network-filesystems/davfs2.nix"], "default": {"_type": "literalExpression", "text": "\"davfs2\""}, "description": "The group of the running mount.davfs daemon. Ordinary users must be\nmember of this group in order to mount a davfs2 file system. Value must\nbe given as name, not as numerical id.\n", "loc": ["services", "davfs2", "davGroup"], "readOnly": false, "type": "string"}, "services.davfs2.davUser": {"declarations": ["nixos/modules/services/network-filesystems/davfs2.nix"], "default": {"_type": "literalExpression", "text": "\"davfs2\""}, "description": "When invoked by root the mount.davfs daemon will run as this user.\nValue must be given as name, not as numerical id.\n", "loc": ["services", "davfs2", "davUser"], "readOnly": false, "type": "string"}, "services.davfs2.enable": {"declarations": ["nixos/modules/services/network-filesystems/davfs2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable davfs2.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "davfs2", "enable"], "readOnly": false, "type": "boolean"}, "services.davfs2.settings": {"declarations": ["nixos/modules/services/network-filesystems/davfs2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra settings appended to the configuration of davfs2.\nSee {manpage}`davfs2.conf(5)` for available settings.\n", "example": {"_type": "literalExpression", "text": "{\n  globalSection = {\n    proxy = \"foo.bar:8080\";\n    use_locks = false;\n  };\n  sections = {\n    \"/media/dav\" = {\n      use_locks = true;\n    };\n    \"/home/otto/mywebspace\" = {\n      gui_optimize = true;\n    };\n  };\n}\n"}, "loc": ["services", "davfs2", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (boolean or signed integer or string or attribute set of (boolean or signed integer or string))"}, "services.davis.adminLogin": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Username for the admin account.\n", "loc": ["services", "davis", "adminLogin"], "readOnly": false, "type": "string"}, "services.davis.adminPasswordFile": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "description": "The full path to a file that contains the admin's password. Must be\nreadable by the user.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/davis-admin-pass\""}, "loc": ["services", "davis", "adminPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.davis.appSecretFile": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "description": "A file containing the Symfony APP_SECRET - Its value should be a series\nof characters, numbers and symbols chosen randomly and the recommended\nlength is around 32 characters. Can be generated with <code>cat\n/dev/urandom | tr -dc a-zA-Z0-9 | fold -w 48 | head -n 1</code>.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/davis-appsecret\""}, "loc": ["services", "davis", "appSecretFile"], "readOnly": false, "type": "absolute path"}, "services.davis.config": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "davis", "config"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))"}, "services.davis.dataDir": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/davis\""}, "description": "Davis data directory.\n", "loc": ["services", "davis", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.davis.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "davis", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.davis.database.driver": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database type, required in all circumstances.", "loc": ["services", "davis", "database", "driver"], "readOnly": false, "type": "one of \"sqlite\", \"postgresql\", \"mysql\""}, "services.davis.database.name": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"davis\""}, "description": "Database name, only used when the databse is created locally.", "loc": ["services", "davis", "database", "name"], "readOnly": false, "type": "null or string"}, "services.davis.database.urlFile": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the database connection url. If set then it\noverrides all other database settings (except driver). This is\nmandatory if you want to use an external database, that is when\n`services.davis.database.createLocally` is `false`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/davis-db-url\""}, "loc": ["services", "davis", "database", "urlFile"], "readOnly": false, "type": "null or absolute path"}, "services.davis.enable": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Davis is a caldav and carddav server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "davis", "enable"], "readOnly": false, "type": "boolean"}, "services.davis.group": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"davis\""}, "description": "Group davis runs as.", "loc": ["services", "davis", "group"], "readOnly": false, "type": "string"}, "services.davis.hostname": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "description": "Domain of the host to serve davis under. You may want to change it if you\nrun Davis on a different URL than davis.yourdomain.\n", "example": {"_type": "literalExpression", "text": "\"davis.yourdomain.org\""}, "loc": ["services", "davis", "hostname"], "readOnly": false, "type": "string"}, "services.davis.mail.dsn": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mail DSN for sending emails. Mutually exclusive with `services.davis.mail.dsnFile`.", "example": {"_type": "literalExpression", "text": "\"smtp://username:password@example.com:25\""}, "loc": ["services", "davis", "mail", "dsn"], "readOnly": false, "type": "null or string"}, "services.davis.mail.dsnFile": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the mail DSN for sending emails.  Mutually exclusive with `servies.davis.mail.dsn`.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/davis-mail-dsn\""}, "loc": ["services", "davis", "mail", "dsnFile"], "readOnly": false, "type": "null or string"}, "services.davis.mail.inviteFromAddress": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Email address to send invitations from.", "example": {"_type": "literalExpression", "text": "\"no-reply@dav.example.com\""}, "loc": ["services", "davis", "mail", "inviteFromAddress"], "readOnly": false, "type": "null or string"}, "services.davis.nginx": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Use this option to customize an nginx virtual host. To disable the nginx set this to null.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    serverAliases = [\n      \"dav.''${config.networking.domain}\"\n    ];\n    # To enable encryption and let let's encrypt take care of certificate\n    forceSSL = true;\n    enableACME = true;\n  }\n''"}, "loc": ["services", "davis", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.davis.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "davis", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "davis", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "davis", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "davis", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.davis.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "davis", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.davis.nginx.default": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "davis", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "davis", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "davis", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.davis.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "davis", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "davis", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "davis", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "davis", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "davis", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "davis", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "davis", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.davis.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "description": "Listen address.", "loc": ["services", "davis", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.davis.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "davis", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.davis.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "davis", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.davis.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "davis", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "davis", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "davis", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.davis.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "davis", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.davis.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.davis.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "davis", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.davis.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "davis", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.davis.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "davis", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.davis.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "davis", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.davis.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "davis", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.davis.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "davis", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "davis", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "davis", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.davis.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.davis.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "davis", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "davis", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "davis", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "davis", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.davis.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "davis", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "davis", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.davis.nginx.root": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "davis", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.davis.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "davis", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.davis.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "davis", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.davis.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "davis", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.davis.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "davis", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.davis.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "davis", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.davis.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "davis", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.davis.package": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "pkgs.davis"}, "description": "The davis package to use.", "loc": ["services", "davis", "package"], "readOnly": false, "type": "package"}, "services.davis.poolConfig": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the davis PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "davis", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.davis.user": {"declarations": ["nixos/modules/services/web-apps/davis.nix"], "default": {"_type": "literalExpression", "text": "\"davis\""}, "description": "User davis runs as.", "loc": ["services", "davis", "user"], "readOnly": false, "type": "string"}, "services.davmail.config": {"declarations": ["nixos/modules/services/mail/davmail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Davmail configuration. Refer to\n<http://davmail.sourceforge.net/serversetup.html>\nand <http://davmail.sourceforge.net/advanced.html>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  davmail.allowRemote = true;\n  davmail.imapPort = 55555;\n  davmail.bindAddress = \"10.0.1.2\";\n  davmail.smtpSaveInSent = true;\n  davmail.folderSizeLimit = 10;\n  davmail.caldavAutoSchedule = false;\n  log4j.logger.rootLogger = \"DEBUG\";\n}\n"}, "loc": ["services", "davmail", "config"], "readOnly": false, "type": "davmail config type (str, int, bool or attribute set thereof)"}, "services.davmail.enable": {"declarations": ["nixos/modules/services/mail/davmail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable davmail, an MS Exchange gateway.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "davmail", "enable"], "readOnly": false, "type": "boolean"}, "services.davmail.url": {"declarations": ["nixos/modules/services/mail/davmail.nix"], "description": "Outlook Web Access URL to access the exchange server, i.e. the base webmail URL.", "example": {"_type": "literalExpression", "text": "\"https://outlook.office365.com/EWS/Exchange.asmx\""}, "loc": ["services", "davmail", "url"], "readOnly": false, "type": "string"}, "services.dawarich.automaticMigrations": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to perform database migrations automatically", "loc": ["services", "dawarich", "automaticMigrations"], "readOnly": false, "type": "boolean"}, "services.dawarich.configureNginx": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure nginx as a reverse proxy for dawarich.\nAlternatively you can configure a reverse-proxy of your choice to serve these paths:\n\n`/ -> ${pkgs.dawarich}/public`\n\n`/ -> 127.0.0.1:{{ webPort }} `(If there was no file in the directory above.)\n\nMake sure that websockets are forwarded properly. You might want to set up caching\nof some requests. Take a look at dawarich's provided reverse proxy configurations at\n`https://dawarich.app/docs/tutorials/reverse-proxy`.\n", "loc": ["services", "dawarich", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.dawarich.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure a local PostgreSQL server and database for Dawarich.\nThe connection is performed via Unix sockets.\n", "loc": ["services", "dawarich", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.dawarich.database.host": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "dawarich", "database", "host"], "readOnly": false, "type": "string"}, "services.dawarich.database.name": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "\"dawarich\""}, "description": "The name of the dawarich database.", "loc": ["services", "dawarich", "database", "name"], "readOnly": false, "type": "string"}, "services.dawarich.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to {option}`services.dawarich.database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/dawarich-db-password\""}, "loc": ["services", "dawarich", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.dawarich.database.port": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Port of the postgresql server.", "loc": ["services", "dawarich", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dawarich.database.user": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "\"dawarich\""}, "description": "The database user for dawarich.", "loc": ["services", "dawarich", "database", "user"], "readOnly": false, "type": "string"}, "services.dawarich.enable": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dawarich, a self-hostable alternative to Google Location History.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dawarich", "enable"], "readOnly": false, "type": "boolean"}, "services.dawarich.environment": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to all dawarich services.\n", "loc": ["services", "dawarich", "environment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "services.dawarich.extraEnvFiles": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra environment files to pass to all Dawarich services. Useful for passing down environment secrets.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/dawarich/secret.env\"\n]"}, "loc": ["services", "dawarich", "extraEnvFiles"], "readOnly": false, "type": "list of absolute path"}, "services.dawarich.group": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "\"dawarich\""}, "description": "Group under which dawarich runs.\n", "loc": ["services", "dawarich", "group"], "readOnly": false, "type": "string"}, "services.dawarich.localDomain": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "description": "The domain serving your Dawarich instance.", "example": {"_type": "literalExpression", "text": "\"dawarich.example.org\""}, "loc": ["services", "dawarich", "localDomain"], "readOnly": false, "type": "string"}, "services.dawarich.package": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dawarich"}, "description": "The dawarich package to use.", "loc": ["services", "dawarich", "package"], "readOnly": false, "type": "package"}, "services.dawarich.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure a local Redis server for Dawarich.\nThe connection is performed via Unix sockets by default,\nbut that can be changed by configuring {option}`services.dawarich.redis.host` and {option}`services.dawarich.redis.port`.\n", "loc": ["services", "dawarich", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.dawarich.redis.host": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "config.services.redis.servers.dawarich.unixSocket"}, "description": "The redis host Dawarich will connect to.", "loc": ["services", "dawarich", "redis", "host"], "readOnly": false, "type": "string"}, "services.dawarich.redis.port": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The port of the redis server Dawarich will connect to. Set to zero to disable TCP and use Unix sockets instead.", "loc": ["services", "dawarich", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dawarich.secretKeyBaseFile": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing the secret key base.\nA new secret key base can be generated by running:\n\n`nix build -f '<nixpkgs>' dawarich; cd result; bin/bundle exec rails secret`\n\nThis file is loaded using systemd credentials, and therefore does not need to be\nowned by the dawarich user.\n\nIf this option is null, it will be created at /var/lib/dawarich/secrets/secret-key-base\nwith a new secret key base.\n", "loc": ["services", "dawarich", "secretKeyBaseFile"], "readOnly": false, "type": "null or string"}, "services.dawarich.sidekiqProcesses": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "{\n  all = {\n    jobClasses = [ ];\n    threads = null;\n  };\n}"}, "description": "How many Sidekiq processes should be used to handle background jobs, and which job classes they handle.\nCan be used to [speed up](https://dawarich.app/docs/FAQ/#how-to-speed-up-the-import-process) the import process.\n", "example": {"_type": "literalExpression", "text": "{\n  all = {\n    jobClasses = [ ];\n    threads = null;\n  };\n  geocoding = {\n    jobClasses = [\n      \"reverse_geocoding\"\n    ];\n    threads = 10;\n  };\n}"}, "loc": ["services", "dawarich", "sidekiqProcesses"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.dawarich.sidekiqProcesses.<name>.jobClasses": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "description": "If not empty, which job classes should be executed by this process.\n*If left empty, all job classes will be executed by this process.*\n", "loc": ["services", "dawarich", "sidekiqProcesses", "<name>", "jobClasses"], "readOnly": false, "type": "list of (one of \"app_version_checking\", \"archival\", \"cache\", \"data_migrations\", \"default\", \"digests\", \"exports\", \"families\", \"imports\", \"mailers\", \"places\", \"points\", \"reverse_geocoding\", \"stats\", \"tracks\", \"trips\", \"visit_suggesting\")"}, "services.dawarich.sidekiqProcesses.<name>.threads": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "description": "Number of threads this process should use for executing jobs.\nIf null, the configured `sidekiqThreads` are used.\n", "loc": ["services", "dawarich", "sidekiqProcesses", "<name>", "threads"], "readOnly": false, "type": "null or signed integer"}, "services.dawarich.sidekiqThreads": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Worker threads used by the dawarich-sidekiq-all service.\nIf `sidekiqProcesses` is configured and any processes specify null `threads`, this value is used.\n", "loc": ["services", "dawarich", "sidekiqThreads"], "readOnly": false, "type": "signed integer"}, "services.dawarich.smtp.fromAddress": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"From\" address used when sending emails to users.", "example": {"_type": "literalExpression", "text": "\"dawarich@example.com\""}, "loc": ["services", "dawarich", "smtp", "fromAddress"], "readOnly": false, "type": "null or string"}, "services.dawarich.smtp.host": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP host used when sending emails to users.", "loc": ["services", "dawarich", "smtp", "host"], "readOnly": false, "type": "null or string"}, "services.dawarich.smtp.passwordFile": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing the SMTP password.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/dawarich-smtp-password\""}, "loc": ["services", "dawarich", "smtp", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.dawarich.smtp.port": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "SMTP port used when sending emails to users.", "loc": ["services", "dawarich", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dawarich.smtp.user": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP login name.", "example": {"_type": "literalExpression", "text": "\"dawarich@example.com\""}, "loc": ["services", "dawarich", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.dawarich.user": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "\"dawarich\""}, "description": "User under which dawarich runs. If it is set to \"dawarich\",\nthat user will be created, otherwise it should be set to the\nname of a user created elsewhere.\n", "loc": ["services", "dawarich", "user"], "readOnly": false, "type": "string"}, "services.dawarich.webPort": {"declarations": ["nixos/modules/services/web-apps/dawarich.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "TCP port used by the dawarich web service.", "loc": ["services", "dawarich", "webPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.db-rest.enable": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable db-rest service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "db-rest", "enable"], "readOnly": false, "type": "boolean"}, "services.db-rest.group": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "\"db-rest\""}, "description": "Group under which db-rest runs.", "loc": ["services", "db-rest", "group"], "readOnly": false, "type": "string"}, "services.db-rest.host": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address the db-rest server should listen on.", "loc": ["services", "db-rest", "host"], "readOnly": false, "type": "string"}, "services.db-rest.package": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "pkgs.db-rest"}, "description": "The db-rest package to use.", "loc": ["services", "db-rest", "package"], "readOnly": false, "type": "package"}, "services.db-rest.port": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port the db-rest server should listen on.", "loc": ["services", "db-rest", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.db-rest.redis.createLocally": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure a local redis server for db-rest.", "loc": ["services", "db-rest", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.db-rest.redis.enable": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable caching with redis for db-rest.", "loc": ["services", "db-rest", "redis", "enable"], "readOnly": false, "type": "boolean"}, "services.db-rest.redis.host": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Redis host.", "loc": ["services", "db-rest", "redis", "host"], "readOnly": false, "type": "null or string"}, "services.db-rest.redis.passwordFile": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the redis password.", "example": {"_type": "literalExpression", "text": "\"/run/keys/db-rest/pasword-redis-db\""}, "loc": ["services", "db-rest", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.db-rest.redis.port": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Redis port.", "loc": ["services", "db-rest", "redis", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.db-rest.redis.useSSL": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use SSL if using a redis network connection.", "loc": ["services", "db-rest", "redis", "useSSL"], "readOnly": false, "type": "boolean"}, "services.db-rest.redis.user": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional username used for authentication with redis.", "loc": ["services", "db-rest", "redis", "user"], "readOnly": false, "type": "null or string"}, "services.db-rest.user": {"declarations": ["nixos/modules/services/misc/db-rest.nix"], "default": {"_type": "literalExpression", "text": "\"db-rest\""}, "description": "User account under which db-rest runs.", "loc": ["services", "db-rest", "user"], "readOnly": false, "type": "string"}, "services.dbus.apparmor": {"declarations": ["nixos/modules/services/system/dbus.nix"], "default": {"_type": "literalExpression", "text": "\"disabled\""}, "description": "AppArmor mode for dbus.\n\n`enabled` enables mediation when it's\nsupported in the kernel, `disabled`\nalways disables AppArmor even with kernel support, and\n`required` fails when AppArmor was not found\nin the kernel.\n", "loc": ["services", "dbus", "apparmor"], "readOnly": false, "type": "one of \"enabled\", \"disabled\", \"required\""}, "services.dbus.brokerPackage": {"declarations": ["nixos/modules/services/system/dbus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dbus-broker"}, "description": "The dbus-broker package to use.", "loc": ["services", "dbus", "brokerPackage"], "readOnly": false, "type": "package"}, "services.dbus.dbusPackage": {"declarations": ["nixos/modules/services/system/dbus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dbus"}, "description": "The dbus package to use.", "loc": ["services", "dbus", "dbusPackage"], "readOnly": false, "type": "package"}, "services.dbus.implementation": {"declarations": ["nixos/modules/services/system/dbus.nix"], "default": {"_type": "literalExpression", "text": "\"dbus\""}, "description": "The implementation to use for the message bus defined by the D-Bus specification.\nCan be either the classic dbus daemon or dbus-broker, which aims to provide high\nperformance and reliability, while keeping compatibility to the D-Bus\nreference implementation.\n", "loc": ["services", "dbus", "implementation"], "readOnly": false, "type": "one of \"dbus\", \"broker\""}, "services.dbus.packages": {"declarations": ["nixos/modules/services/system/dbus.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages whose D-Bus configuration files should be included in\nthe configuration of the D-Bus system-wide or session-wide\nmessage bus.  Specifically, files in the following directories\nwill be included into their respective DBus configuration paths:\n{file}`\u00abpkg\u00bb/etc/dbus-1/system.d`\n{file}`\u00abpkg\u00bb/share/dbus-1/system.d`\n{file}`\u00abpkg\u00bb/share/dbus-1/system-services`\n{file}`\u00abpkg\u00bb/etc/dbus-1/session.d`\n{file}`\u00abpkg\u00bb/share/dbus-1/session.d`\n{file}`\u00abpkg\u00bb/share/dbus-1/services`\n", "loc": ["services", "dbus", "packages"], "readOnly": false, "type": "list of absolute path"}, "services.ddccontrol.enable": {"declarations": ["nixos/modules/services/hardware/ddccontrol.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ddccontrol for controlling displays.\n\nThis [enables `hardware.i2c`](#opt-hardware.i2c.enable), so note to add\nyourself to [`hardware.i2c.group`](#opt-hardware.i2c.group).\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ddccontrol", "enable"], "readOnly": false, "type": "boolean"}, "services.ddccontrol.package": {"declarations": ["nixos/modules/services/hardware/ddccontrol.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ddccontrol"}, "description": "The package with which to control brightness; added also to [services.dbus.packages](#opt-services.dbus.packages). package to use.", "example": {"_type": "literalExpression", "text": "pkgs.ddcutil-service"}, "loc": ["services", "ddccontrol", "package"], "readOnly": false, "type": "package"}, "services.ddclient.configFile": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file.\nWhen set this overrides the generated configuration from module options.\n", "example": {"_type": "literalExpression", "text": "\"/root/nixos/secrets/ddclient.conf\""}, "loc": ["services", "ddclient", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.ddclient.domains": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"\"\n]"}, "description": "Domain name(s) to synchronize.\n", "loc": ["services", "ddclient", "domains"], "readOnly": false, "type": "list of string"}, "services.ddclient.enable": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).\n", "loc": ["services", "ddclient", "enable"], "readOnly": false, "type": "boolean"}, "services.ddclient.extraConfig": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration. Contents will be added verbatim to the configuration file.\n\n::: {.note}\n`daemon` should not be added here because it does not work great with the systemd-timer approach the service uses.\n:::\n", "loc": ["services", "ddclient", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ddclient.interval": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"10min\""}, "description": "The interval at which to run the check and update.\nSee {command}`man 7 systemd.time` for the format.\n", "loc": ["services", "ddclient", "interval"], "readOnly": false, "type": "string"}, "services.ddclient.package": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ddclient"}, "description": "The ddclient executable package run by the service.\n", "loc": ["services", "ddclient", "package"], "readOnly": false, "type": "package"}, "services.ddclient.passwordFile": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password or a TSIG key in named format when using the nsupdate protocol.\n", "loc": ["services", "ddclient", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.ddclient.protocol": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"dyndns2\""}, "description": "Protocol to use with dynamic DNS provider (see <https://ddclient.net/protocols.html> ).\n", "loc": ["services", "ddclient", "protocol"], "readOnly": false, "type": "string"}, "services.ddclient.quiet": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Print no messages for unnecessary updates.\n", "loc": ["services", "ddclient", "quiet"], "readOnly": false, "type": "boolean"}, "services.ddclient.script": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "script as required by some providers.\n", "loc": ["services", "ddclient", "script"], "readOnly": false, "type": "string"}, "services.ddclient.secretsFile": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secrets for the dynamic DNS provider.\nThis file should contain lines of valid secrets in the format specified by the ddclient documentation.\nIf this option is set, it overrides the `passwordFile` option.\n", "loc": ["services", "ddclient", "secretsFile"], "readOnly": false, "type": "null or string"}, "services.ddclient.server": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Server address.\n", "loc": ["services", "ddclient", "server"], "readOnly": false, "type": "string"}, "services.ddclient.ssl": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use SSL/TLS to connect to dynamic DNS provider.\n", "loc": ["services", "ddclient", "ssl"], "readOnly": false, "type": "boolean"}, "services.ddclient.use": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Method to determine the IP address to send to the dynamic DNS provider.\n", "loc": ["services", "ddclient", "use"], "readOnly": false, "type": "string"}, "services.ddclient.username": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "User name.\n", "loc": ["services", "ddclient", "username"], "readOnly": false, "type": "string"}, "services.ddclient.usev4": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"webv4, webv4=ipify-ipv4\""}, "description": "Method to determine the IPv4 address to send to the dynamic DNS provider. Only used if `use` is not set.\n", "loc": ["services", "ddclient", "usev4"], "readOnly": false, "type": "string"}, "services.ddclient.usev6": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"webv6, webv6=ipify-ipv6\""}, "description": "Method to determine the IPv6 address to send to the dynamic DNS provider. Only used if `use` is not set.\n", "loc": ["services", "ddclient", "usev6"], "readOnly": false, "type": "string"}, "services.ddclient.verbose": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Print verbose information.\n", "loc": ["services", "ddclient", "verbose"], "readOnly": false, "type": "boolean"}, "services.ddclient.zone": {"declarations": ["nixos/modules/services/networking/ddclient.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "zone as required by some providers.\n", "loc": ["services", "ddclient", "zone"], "readOnly": false, "type": "string"}, "services.ddns-updater.enable": {"declarations": ["nixos/modules/services/networking/ddns-updater.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Container to update DNS records periodically with WebUI for many DNS providers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ddns-updater", "enable"], "readOnly": false, "type": "boolean"}, "services.ddns-updater.environment": {"declarations": ["nixos/modules/services/networking/ddns-updater.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to be set for the ddns-updater service. DATADIR is ignored to enable using systemd DynamicUser. For full list see <https://github.com/qdm12/ddns-updater>", "loc": ["services", "ddns-updater", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.ddns-updater.package": {"declarations": ["nixos/modules/services/networking/ddns-updater.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ddns-updater"}, "description": "The ddns-updater package to use.", "loc": ["services", "ddns-updater", "package"], "readOnly": false, "type": "package"}, "services.deconz.allowRebootSystem": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rebooting the system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deconz", "allowRebootSystem"], "readOnly": false, "type": "boolean"}, "services.deconz.allowRestartService": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable killing/restarting processes.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deconz", "allowRestartService"], "readOnly": false, "type": "boolean"}, "services.deconz.allowSetSystemTime": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable setting the system time.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deconz", "allowSetSystemTime"], "readOnly": false, "type": "boolean"}, "services.deconz.device": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Force deCONZ to use a specific USB device (e.g. /dev/ttyACM0). By\ndefault it does a search.\n", "loc": ["services", "deconz", "device"], "readOnly": false, "type": "null or string"}, "services.deconz.enable": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable deCONZ, a Zigbee gateway for use with ConBee/RaspBee hardware (https://phoscon.de/).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deconz", "enable"], "readOnly": false, "type": "boolean"}, "services.deconz.extraArgs": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments for deCONZ, see\n<https://github.com/dresden-elektronik/deconz-rest-plugin/wiki/deCONZ-command-line-parameters>.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--dbg-info=1\"\n  \"--dbg-err=2\"\n]"}, "loc": ["services", "deconz", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.deconz.httpPort": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "TCP port for the web server.", "loc": ["services", "deconz", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.deconz.listenAddress": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Pin deCONZ to the network interface specified through the provided IP\naddress. This applies for the webserver as well as the websocket\nnotifications.\n", "loc": ["services", "deconz", "listenAddress"], "readOnly": false, "type": "string"}, "services.deconz.openFirewall": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening up the service ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deconz", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.deconz.package": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "pkgs.deconz"}, "description": "The deconz package to use.", "loc": ["services", "deconz", "package"], "readOnly": false, "type": "package"}, "services.deconz.wsPort": {"declarations": ["nixos/modules/services/networking/deconz.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "TCP port for the WebSocket.", "loc": ["services", "deconz", "wsPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.deluge.authFile": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "description": "The file managing the authentication for deluge, the format of this\nfile is straightforward, each line contains a\nusername:password:level tuple in plaintext. It only has an effect\nwhen {option}`services.deluge.declarative` is set to\n`true`.\nSee <https://dev.deluge-torrent.org/wiki/UserGuide/Authentication> for\nmore information.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/deluge-auth\""}, "loc": ["services", "deluge", "authFile"], "readOnly": false, "type": "absolute path"}, "services.deluge.config": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Deluge core configuration for the core.conf file. Only has an effect\nwhen {option}`services.deluge.declarative` is set to\n`true`. String values must be quoted, integer and\nboolean values must not. See\n<https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41>\nfor the available options.\n", "example": {"_type": "literalExpression", "text": "{\n  download_location = \"/srv/torrents/\";\n  max_upload_speed = \"1000.0\";\n  share_ratio_limit = \"2.0\";\n  allow_remote = true;\n  daemon_port = 58846;\n  listen_ports = [ 6881 6889 ];\n}\n"}, "loc": ["services", "deluge", "config"], "readOnly": false, "type": "attribute set"}, "services.deluge.dataDir": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/deluge\""}, "description": "The directory where deluge will create files.\n", "loc": ["services", "deluge", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.deluge.declarative": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use a declarative deluge configuration.\nOnly if set to `true`, the options\n{option}`services.deluge.config`,\n{option}`services.deluge.openFirewall` and\n{option}`services.deluge.authFile` will be\napplied.\n", "loc": ["services", "deluge", "declarative"], "readOnly": false, "type": "boolean"}, "services.deluge.enable": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Deluge daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deluge", "enable"], "readOnly": false, "type": "boolean"}, "services.deluge.extraPackages": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages available at runtime to enable Deluge's plugins. For example,\nextraction utilities are required for the built-in \"Extractor\" plugin.\nThis always contains unzip, gnutar, xz and bzip2.\n", "loc": ["services", "deluge", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.deluge.group": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "\"deluge\""}, "description": "Group under which deluge runs.\n", "loc": ["services", "deluge", "group"], "readOnly": false, "type": "string"}, "services.deluge.openFilesLimit": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "Number of files to allow deluged to open.\n", "loc": ["services", "deluge", "openFilesLimit"], "readOnly": false, "type": "signed integer or string"}, "services.deluge.openFirewall": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the ports in\n{option}`services.deluge.config.listen_ports`. It only takes effet if\n{option}`services.deluge.declarative` is set to\n`true`.\n\nIt does NOT apply to the daemon port nor the web UI port. To access those\nports securely check the documentation\n<https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#CreateSSHTunnel>\nor use a VPN or configure certificates for deluge.\n", "loc": ["services", "deluge", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.deluge.package": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.deluge-2_x"}, "description": "The deluge-2_x package to use.", "loc": ["services", "deluge", "package"], "readOnly": false, "type": "package"}, "services.deluge.user": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "\"deluge\""}, "description": "User account under which deluge runs.\n", "loc": ["services", "deluge", "user"], "readOnly": false, "type": "string"}, "services.deluge.web.enable": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Deluge Web daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deluge", "web", "enable"], "readOnly": false, "type": "boolean"}, "services.deluge.web.openFirewall": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for deluge web daemon\n", "loc": ["services", "deluge", "web", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.deluge.web.port": {"declarations": ["nixos/modules/services/torrent/deluge.nix"], "default": {"_type": "literalExpression", "text": "8112"}, "description": "Deluge web UI port.\n", "loc": ["services", "deluge", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dendrite.enable": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable matrix.org dendrite.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dendrite", "enable"], "readOnly": false, "type": "boolean"}, "services.dendrite.environmentFile": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\nSecrets may be passed to the service without adding them to the world-readable\nNix store, by specifying placeholder variables as the option value in Nix and\nsetting these variables accordingly in the environment file. Currently only used\nfor the registration secret to allow secure registration when\nclient_api.registration_disabled is true.\n\n```\n  # snippet of dendrite-related config\n  services.dendrite.settings.client_api.registration_shared_secret = \"$REGISTRATION_SHARED_SECRET\";\n```\n\n```\n  # content of the environment file\n  REGISTRATION_SHARED_SECRET=verysecretpassword\n```\n\nNote that this file needs to be available on the host on which\n`dendrite` is running.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/dendrite/registration_secret\""}, "loc": ["services", "dendrite", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.dendrite.httpPort": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "8008"}, "description": "The port to listen for HTTP requests on.\n", "loc": ["services", "dendrite", "httpPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dendrite.httpsPort": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to listen for HTTPS requests on.\n", "loc": ["services", "dendrite", "httpsPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dendrite.loadCredential": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This can be used to pass secrets to the systemd service without adding them to\nthe nix store.\nTo use the example setting, see the example of\n{option}`services.dendrite.settings.global.private_key`.\nSee the LoadCredential section of systemd.exec manual for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"private_key:/path/to/my_private_key\"\n]"}, "loc": ["services", "dendrite", "loadCredential"], "readOnly": false, "type": "list of string"}, "services.dendrite.openRegistration": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow open registration without secondary verification (reCAPTCHA).\n", "loc": ["services", "dendrite", "openRegistration"], "readOnly": false, "type": "boolean"}, "services.dendrite.settings": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for dendrite, see:\n<https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.yaml>\nfor available options with which to populate settings.\n", "loc": ["services", "dendrite", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.dendrite.settings.app_service_api.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:federationapi.db\""}, "description": "Database for the Appservice API.\n", "loc": ["services", "dendrite", "settings", "app_service_api", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.client_api.registration_disabled": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to disable user registration to the server\nwithout the shared secret.\n", "loc": ["services", "dendrite", "settings", "client_api", "registration_disabled"], "readOnly": false, "type": "boolean"}, "services.dendrite.settings.federation_api.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:federationapi.db\""}, "description": "Database for the Federation API.\n", "loc": ["services", "dendrite", "settings", "federation_api", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.global.private_key": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "description": "The path to the signing private key file, used to sign\nrequests and events.\n\n```\n  nix-shell -p dendrite --command \"generate-keys --private-key matrix_key.pem\"\n```\n", "example": {"_type": "literalExpression", "text": "\"$CREDENTIALS_DIRECTORY/private_key\""}, "loc": ["services", "dendrite", "settings", "global", "private_key"], "readOnly": false, "type": "absolute path or string matching the pattern ^\\$CREDENTIALS_DIRECTORY/.+"}, "services.dendrite.settings.global.server_name": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "description": "The domain name of the server, with optional explicit port.\nThis is used by remote servers to connect to this server.\nThis is also the last part of your UserID.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "dendrite", "settings", "global", "server_name"], "readOnly": false, "type": "string"}, "services.dendrite.settings.global.trusted_third_party_id_servers": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"matrix.org\"\n  \"vector.im\"\n]"}, "description": "Lists of domains that the server will trust as identity\nservers to verify third party identifiers such as phone\nnumbers and email addresses\n", "example": {"_type": "literalExpression", "text": "[\n  \"matrix.org\"\n]"}, "loc": ["services", "dendrite", "settings", "global", "trusted_third_party_id_servers"], "readOnly": false, "type": "list of string"}, "services.dendrite.settings.key_server.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:keyserver.db\""}, "description": "Database for the Key Server (for end-to-end encryption).\n", "loc": ["services", "dendrite", "settings", "key_server", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.media_api.base_path": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dendrite/media_store\""}, "description": "Storage path for uploaded media.\n", "loc": ["services", "dendrite", "settings", "media_api", "base_path"], "readOnly": false, "type": "string"}, "services.dendrite.settings.media_api.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:mediaapi.db\""}, "description": "Database for the Media API.\n", "loc": ["services", "dendrite", "settings", "media_api", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.mscs.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:mscs.db\""}, "description": "Database for exerimental MSC's.\n", "loc": ["services", "dendrite", "settings", "mscs", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.relay_api.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:relayapi.db\""}, "description": "Database for the Relay Server.\n", "loc": ["services", "dendrite", "settings", "relay_api", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.room_server.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:roomserver.db\""}, "description": "Database for the Room Server.\n", "loc": ["services", "dendrite", "settings", "room_server", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.sync_api.database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:syncserver.db\""}, "description": "Database for the Sync API.\n", "loc": ["services", "dendrite", "settings", "sync_api", "database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.sync_api.search.enabled": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dendrite's full-text search engine.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dendrite", "settings", "sync_api", "search", "enabled"], "readOnly": false, "type": "boolean"}, "services.dendrite.settings.sync_api.search.index_path": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dendrite/searchindex\""}, "description": "The path the search index will be created in.\n", "loc": ["services", "dendrite", "settings", "sync_api", "search", "index_path"], "readOnly": false, "type": "string"}, "services.dendrite.settings.sync_api.search.language": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"en\""}, "description": "The language most likely to be used on the server - used when indexing, to\nensure the returned results match expectations. A full list of possible languages\ncan be found at <https://github.com/blevesearch/bleve/tree/master/analysis/lang>\n", "loc": ["services", "dendrite", "settings", "sync_api", "search", "language"], "readOnly": false, "type": "string"}, "services.dendrite.settings.user_api.account_database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:userapi_accounts.db\""}, "description": "Database for the User API, accounts.\n", "loc": ["services", "dendrite", "settings", "user_api", "account_database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.settings.user_api.device_database.connection_string": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "\"file:userapi_devices.db\""}, "description": "Database for the User API, devices.\n", "loc": ["services", "dendrite", "settings", "user_api", "device_database", "connection_string"], "readOnly": false, "type": "string"}, "services.dendrite.tlsCert": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the TLS certificate.\n\n```\n  nix-shell -p dendrite --command \"generate-keys --tls-cert server.crt --tls-key server.key\"\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/dendrite/server.cert\""}, "loc": ["services", "dendrite", "tlsCert"], "readOnly": false, "type": "null or absolute path"}, "services.dendrite.tlsKey": {"declarations": ["nixos/modules/services/matrix/dendrite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the TLS key.\n\n```\n  nix-shell -p dendrite --command \"generate-keys --tls-cert server.crt --tls-key server.key\"\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/dendrite/server.key\""}, "loc": ["services", "dendrite", "tlsKey"], "readOnly": false, "type": "null or absolute path"}, "services.dependency-track.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a database should be automatically created on the\nlocal host. Set this to false if you plan on provisioning a\nlocal database yourself.\n", "loc": ["services", "dependency-track", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.dependency-track.database.databaseName": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"dependency-track\""}, "description": "Database name to use when connecting to an external or\nmanually provisioned database; has no effect when a local\ndatabase is automatically provisioned.\n\nTo use this with a local database, set {option}`services.dependency-track.database.createLocally`\nto `false` and create the database and user.\n", "loc": ["services", "dependency-track", "database", "databaseName"], "readOnly": false, "type": "string"}, "services.dependency-track.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "description": "The path to a file containing the database password.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/db_password\""}, "loc": ["services", "dependency-track", "database", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.dependency-track.database.type": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql\""}, "description": "`h2` database is not recommended for a production setup.\n`postgresql` this settings it recommended for production setups.\n`manual` the module doesn't handle database settings.\n", "loc": ["services", "dependency-track", "database", "type"], "readOnly": false, "type": "one of \"h2\", \"postgresql\", \"manual\""}, "services.dependency-track.database.username": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"dependency-track\""}, "description": "Username to use when connecting to an external or manually\nprovisioned database; has no effect when a local database is\nautomatically provisioned.\n\nTo use this with a local database, set {option}`services.dependency-track.database.createLocally`\nto `false` and create the database and user.\n", "loc": ["services", "dependency-track", "database", "username"], "readOnly": false, "type": "string"}, "services.dependency-track.enable": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dependency-track.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dependency-track", "enable"], "readOnly": false, "type": "boolean"}, "services.dependency-track.frontend.baseUrl": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "lib.optionalString config.services.dependency-track.nginx.enable \"${\n  if sslEnabled then \"https\" else \"http\"\n}://${config.services.dependency-track.nginx.domain}\";\n"}, "description": "The base URL of the API server.\n\nNOTE:\n* This URL must be reachable by the browsers of your users.\n* The frontend container itself does NOT communicate with the API server directly, it just serves static files.\n* When deploying to dedicated servers, please use the external IP or domain of the API server.\n", "loc": ["services", "dependency-track", "frontend", "baseUrl"], "readOnly": false, "type": "string"}, "services.dependency-track.javaArgs": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Java options passed to JVM. Configuring this is usually not necessary, but for small systems\nit can be useful to tweak the JVM heap size.\n", "example": {"_type": "literalExpression", "text": "[ \"-Xmx16G\" ] "}, "loc": ["services", "dependency-track", "javaArgs"], "readOnly": false, "type": "list of string"}, "services.dependency-track.ldap.bindPasswordFile": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "description": "The path to a file containing the LDAP bind password.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/ldap_bind_password\""}, "loc": ["services", "dependency-track", "ldap", "bindPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.dependency-track.logLevel": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level for dependency-track", "loc": ["services", "dependency-track", "logLevel"], "readOnly": false, "type": "one of \"INFO\", \"WARN\", \"ERROR\", \"DEBUG\", \"TRACE\""}, "services.dependency-track.nginx.domain": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "description": "The domain name under which to set up the virtual host.\n", "example": {"_type": "literalExpression", "text": "\"dtrack.example.com\""}, "loc": ["services", "dependency-track", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.dependency-track.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set up an nginx virtual host.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "dependency-track", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.dependency-track.oidc.clientId": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines the client ID for OpenID Connect.\n", "loc": ["services", "dependency-track", "oidc", "clientId"], "readOnly": false, "type": "string"}, "services.dependency-track.oidc.enable": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oidc support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dependency-track", "oidc", "enable"], "readOnly": false, "type": "boolean"}, "services.dependency-track.oidc.flow": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"code\""}, "description": "Specifies the OpenID Connect flow to use.\nValues other than \"implicit\" will result in the Code+PKCE flow to be used.\nUsage of the implicit flow is strongly discouraged, but may be necessary when\nthe IdP of choice does not support the Code+PKCE flow.\nSee also:\n  - <https://oauth.net/2/grant-types/implicit/>\n  - <https://oauth.net/2/pkce/>\n", "loc": ["services", "dependency-track", "oidc", "flow"], "readOnly": false, "type": "one of \"code\", \"implicit\""}, "services.dependency-track.oidc.issuer": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines the issuer URL to be used for OpenID Connect.\nSee alpine.oidc.issuer property of the API server.\n", "loc": ["services", "dependency-track", "oidc", "issuer"], "readOnly": false, "type": "string"}, "services.dependency-track.oidc.loginButtonText": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"Login with OpenID Connect\""}, "description": "Defines the scopes to request for OpenID Connect.\nSee also: <https://openid.net/specs/openid-connect-basic-1_0.html#Scopes>\n", "loc": ["services", "dependency-track", "oidc", "loginButtonText"], "readOnly": false, "type": "string"}, "services.dependency-track.oidc.scope": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"openid profile email\""}, "description": "Defines the scopes to request for OpenID Connect.\nSee also: <https://openid.net/specs/openid-connect-basic-1_0.html#Scopes>\n", "loc": ["services", "dependency-track", "oidc", "scope"], "readOnly": false, "type": "string"}, "services.dependency-track.oidc.teamSynchronization": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option will ensure that team memberships for OpenID Connect users are dynamic and\nsynchronized with membership of OpenID Connect groups or assigned roles. When a team is\nmapped to an OpenID Connect group, all local OpenID Connect users will automatically be\nassigned to the team if they are a member of the group the team is mapped to. If the user\nis later removed from the OpenID Connect group, they will also be removed from the team. This\noption provides the ability to dynamically control user permissions via the identity provider.\nNote that team synchronization is only performed during user provisioning and after successful\nauthentication.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dependency-track", "oidc", "teamSynchronization"], "readOnly": false, "type": "boolean"}, "services.dependency-track.oidc.teams.claim": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"groups\""}, "description": "Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint.\nThe claim must be an array of strings. Most public identity providers do not support group or role management.\nWhen using a customizable / on-demand hosted identity provider, name, content, and inclusion in the userinfo endpoint\nwill most likely need to be configured.\n", "loc": ["services", "dependency-track", "oidc", "teams", "claim"], "readOnly": false, "type": "string"}, "services.dependency-track.oidc.teams.default": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Defines one or more team names that auto-provisioned OIDC users shall be added to.\nMultiple team names may be provided as comma-separated list.\n\nHas no effect when {option}`services.dependency-track.oidc.userProvisioning`=false,\nor {option}`services.dependency-track.oidc.teamSynchronization`=true.\n", "loc": ["services", "dependency-track", "oidc", "teams", "default"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.dependency-track.oidc.userProvisioning": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies if mapped OpenID Connect accounts are automatically created upon successful\nauthentication. When a user logs in with a valid access token but an account has\nnot been previously provisioned, an authentication failure will be returned.\nThis allows admins to control specifically which OpenID Connect users can access the\nsystem and which users cannot. When this value is set to true, a local OpenID Connect\nuser will be created and mapped to the OpenID Connect account automatically. This\nautomatic provisioning only affects authentication, not authorization.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dependency-track", "oidc", "userProvisioning"], "readOnly": false, "type": "boolean"}, "services.dependency-track.oidc.usernameClaim": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"name\""}, "description": "Defines the name of the claim that contains the username in the provider's userinfo endpoint.\nCommon claims are \"name\", \"username\", \"preferred_username\" or \"nickname\".\nSee also: <https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse>\n", "example": {"_type": "literalExpression", "text": "\"preferred_username\""}, "loc": ["services", "dependency-track", "oidc", "usernameClaim"], "readOnly": false, "type": "string"}, "services.dependency-track.package": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dependency-track"}, "description": "The dependency-track package to use.", "loc": ["services", "dependency-track", "package"], "readOnly": false, "type": "package"}, "services.dependency-track.port": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "On which port dependency-track should listen for new HTTP connections.\n", "loc": ["services", "dependency-track", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dependency-track.settings": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See <https://docs.dependencytrack.org/getting-started/configuration/#default-configuration> for possible options", "loc": ["services", "dependency-track", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, package, bool, int or float)"}, "services.dependency-track.settings.\"alpine.data.directory\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dependency-track\""}, "description": "Defines the path to the data directory. This directory will hold logs, keys,\nand any database or index files along with application-specific files or\ndirectories.\n", "loc": ["services", "dependency-track", "settings", "alpine.data.directory"], "readOnly": false, "type": "absolute path"}, "services.dependency-track.settings.\"alpine.database.driver\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "if config.services.dependency-track.database.type == \"h2\" then \"org.h2.Driver\"\nelse if config.services.dependency-track.database.type == \"postgresql\" then \"org.postgresql.Driver\"\nelse null;\n"}, "description": "Specifies the JDBC driver class to use.", "loc": ["services", "dependency-track", "settings", "alpine.database.driver"], "readOnly": false, "type": "one of \"org.h2.Driver\", \"org.postgresql.Driver\", \"com.microsoft.sqlserver.jdbc.SQLServerDriver\", \"com.mysql.cj.jdbc.Driver\""}, "services.dependency-track.settings.\"alpine.database.mode\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "if config.services.dependency-track.database.type == \"h2\" then \"embedded\"\nelse if config.services.dependency-track.database.type == \"postgresql\" then \"external\"\nelse null\n"}, "description": "Defines the database mode of operation. Valid choices are:\n'server', 'embedded', and 'external'.\nIn server mode, the database will listen for connections from remote hosts.\nIn embedded mode, the system will be more secure and slightly faster.\nExternal mode should be used when utilizing an external database server\n(i.e. mysql, postgresql, etc).\n", "loc": ["services", "dependency-track", "settings", "alpine.database.mode"], "readOnly": false, "type": "one of \"server\", \"embedded\", \"external\""}, "services.dependency-track.settings.\"alpine.database.url\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "if config.services.dependency-track.database.type == \"h2\" then \"jdbc:h2:/var/lib/dependency-track/db\"\n  else if config.services.dependency-track.database.type == \"postgresql\" then \"jdbc:postgresql:${config.services.dependency-track.database.name}?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=/run/postgresql/.s.PGSQL.5432\"\n  else null\n"}, "description": "Specifies the JDBC URL to use when connecting to the database.", "loc": ["services", "dependency-track", "settings", "alpine.database.url"], "readOnly": false, "type": "string"}, "services.dependency-track.settings.\"alpine.database.username\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "if config.services.dependency-track.database.createLocally then \"dependency-track\"\nelse config.services.dependency-track.database.username\n"}, "description": "Specifies the username to use when authenticating to the database.", "loc": ["services", "dependency-track", "settings", "alpine.database.username"], "readOnly": false, "type": "string"}, "services.dependency-track.settings.\"alpine.ldap.enabled\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Defines if LDAP will be used for user authentication. If enabled,\nalpine.ldap.* properties should be set accordingly.\n", "loc": ["services", "dependency-track", "settings", "alpine.ldap.enabled"], "readOnly": false, "type": "boolean"}, "services.dependency-track.settings.\"alpine.oidc.client.id\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.clientId"}, "description": "Defines the client ID to be used for OpenID Connect.\nThe client ID should be the same as the one configured for the frontend,\nand will only be used to validate ID tokens.\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.client.id"], "readOnly": false, "type": "string"}, "services.dependency-track.settings.\"alpine.oidc.enabled\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.enable"}, "description": "Defines if OpenID Connect will be used for user authentication.\nIf enabled, alpine.oidc.* properties should be set accordingly.\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.enabled"], "readOnly": false, "type": "boolean"}, "services.dependency-track.settings.\"alpine.oidc.issuer\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.issuer"}, "description": "Defines the issuer URL to be used for OpenID Connect.\nThis issuer MUST support provider configuration via the /.well-known/openid-configuration endpoint.\nSee also:\n- <https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata>\n- <https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig>\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.issuer"], "readOnly": false, "type": "string"}, "services.dependency-track.settings.\"alpine.oidc.team.synchronization\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.teamSynchronization"}, "description": "This option will ensure that team memberships for OpenID Connect users are dynamic and\nsynchronized with membership of OpenID Connect groups or assigned roles. When a team is\nmapped to an OpenID Connect group, all local OpenID Connect users will automatically be\nassigned to the team if they are a member of the group the team is mapped to. If the user\nis later removed from the OpenID Connect group, they will also be removed from the team. This\noption provides the ability to dynamically control user permissions via the identity provider.\nNote that team synchronization is only performed during user provisioning and after successful\nauthentication.\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.team.synchronization"], "readOnly": false, "type": "boolean"}, "services.dependency-track.settings.\"alpine.oidc.teams.claim\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.teams.claim"}, "description": "Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint.\nThe claim must be an array of strings. Most public identity providers do not support group or role management.\nWhen using a customizable / on-demand hosted identity provider, name, content, and inclusion in the userinfo endpoint\nwill most likely need to be configured.\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.teams.claim"], "readOnly": false, "type": "string"}, "services.dependency-track.settings.\"alpine.oidc.teams.default\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.teams.default"}, "description": "Defines one or more team names that auto-provisioned OIDC users shall be added to.\nMultiple team names may be provided as comma-separated list.\n\nHas no effect when {option}`services.dependency-track.oidc.userProvisioning`=false,\nor {option}`services.dependency-track.oidc.teamSynchronization`=true.\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.teams.default"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.dependency-track.settings.\"alpine.oidc.user.provisioning\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.userProvisioning"}, "description": "Specifies if mapped OpenID Connect accounts are automatically created upon successful\nauthentication. When a user logs in with a valid access token but an account has\nnot been previously provisioned, an authentication failure will be returned.\nThis allows admins to control specifically which OpenID Connect users can access the\nsystem and which users cannot. When this value is set to true, a local OpenID Connect\nuser will be created and mapped to the OpenID Connect account automatically. This\nautomatic provisioning only affects authentication, not authorization.\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.user.provisioning"], "readOnly": false, "type": "boolean"}, "services.dependency-track.settings.\"alpine.oidc.username.claim\"": {"declarations": ["nixos/modules/services/web-apps/dependency-track.nix"], "default": {"_type": "literalExpression", "text": "config.services.dependency-track.oidc.usernameClaim"}, "description": "Defines the name of the claim that contains the username in the provider's userinfo endpoint.\nCommon claims are \"name\", \"username\", \"preferred_username\" or \"nickname\".\nSee also: <https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse>\n", "loc": ["services", "dependency-track", "settings", "alpine.oidc.username.claim"], "readOnly": false, "type": "string"}, "services.desktopManager.budgie.enable": {"declarations": ["nixos/modules/services/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Budgie desktop.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "budgie", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.budgie.extraGSettingsOverridePackages": {"declarations": ["nixos/modules/services/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages for which GSettings are overridden.", "loc": ["services", "desktopManager", "budgie", "extraGSettingsOverridePackages"], "readOnly": false, "type": "list of absolute path"}, "services.desktopManager.budgie.extraGSettingsOverrides": {"declarations": ["nixos/modules/services/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional GSettings overrides.", "loc": ["services", "desktopManager", "budgie", "extraGSettingsOverrides"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.desktopManager.budgie.extraPlugins": {"declarations": ["nixos/modules/services/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra plugins for the Budgie desktop", "example": {"_type": "literalExpression", "text": "[ pkgs.budgie-analogue-clock-applet ]"}, "loc": ["services", "desktopManager", "budgie", "extraPlugins"], "readOnly": false, "type": "list of package"}, "services.desktopManager.budgie.sessionPath": {"declarations": ["nixos/modules/services/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional list of packages to be added to the session search path.\nUseful for GSettings-conditional autostart.\n\nNote that this should be a last resort; patching the package is preferred (see GPaste).\n", "example": {"_type": "literalExpression", "text": "[ pkgs.gpaste ]"}, "loc": ["services", "desktopManager", "budgie", "sessionPath"], "readOnly": false, "type": "list of package"}, "services.desktopManager.cosmic.enable": {"declarations": ["nixos/modules/services/desktop-managers/cosmic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable COSMIC desktop environment.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "cosmic", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.cosmic.showExcludedPkgsWarning": {"declarations": ["nixos/modules/services/desktop-managers/cosmic.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the warning for excluding core packages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "cosmic", "showExcludedPkgsWarning"], "readOnly": false, "type": "boolean"}, "services.desktopManager.cosmic.xwayland.enable": {"declarations": ["nixos/modules/services/desktop-managers/cosmic.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Xwayland support for the COSMIC compositor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "cosmic", "xwayland", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.gnome.debug": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pkgs.gnome-session debug messages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "gnome", "debug"], "readOnly": false, "type": "boolean"}, "services.desktopManager.gnome.enable": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable GNOME desktop manager.", "loc": ["services", "desktopManager", "gnome", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.gnome.extraGSettingsOverridePackages": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages for which gsettings are overridden.", "loc": ["services", "desktopManager", "gnome", "extraGSettingsOverridePackages"], "readOnly": false, "type": "list of absolute path"}, "services.desktopManager.gnome.extraGSettingsOverrides": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional gsettings overrides.", "loc": ["services", "desktopManager", "gnome", "extraGSettingsOverrides"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.desktopManager.gnome.flashback.customSessions": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Other GNOME Flashback sessions to enable.", "loc": ["services", "desktopManager", "gnome", "flashback", "customSessions"], "readOnly": false, "type": "list of (submodule)"}, "services.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the GNOME panel in this session.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "desktopManager", "gnome", "flashback", "customSessions", "*", "enableGnomePanel"], "readOnly": false, "type": "boolean"}, "services.desktopManager.gnome.flashback.customSessions.*.wmCommand": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "description": "The executable of the window manager to use.", "example": {"_type": "literalExpression", "text": "\"${pkgs.haskellPackages.xmonad}/bin/xmonad\""}, "loc": ["services", "desktopManager", "gnome", "flashback", "customSessions", "*", "wmCommand"], "readOnly": false, "type": "string"}, "services.desktopManager.gnome.flashback.customSessions.*.wmLabel": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "description": "The name of the window manager to show in the session chooser.", "example": {"_type": "literalExpression", "text": "\"XMonad\""}, "loc": ["services", "desktopManager", "gnome", "flashback", "customSessions", "*", "wmLabel"], "readOnly": false, "type": "string"}, "services.desktopManager.gnome.flashback.customSessions.*.wmName": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "description": "A unique identifier for the window manager.", "example": {"_type": "literalExpression", "text": "\"xmonad\""}, "loc": ["services", "desktopManager", "gnome", "flashback", "customSessions", "*", "wmName"], "readOnly": false, "type": "string matching the pattern [a-zA-Z0-9_-]+"}, "services.desktopManager.gnome.flashback.enableMetacity": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the standard GNOME Flashback session with Metacity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "gnome", "flashback", "enableMetacity"], "readOnly": false, "type": "boolean"}, "services.desktopManager.gnome.flashback.panelModulePackages": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.gnome-applets ]"}, "description": "Packages containing modules that should be made available to `pkgs.gnome-panel` (usually for applets).\n\nIf you're packaging something to use here, please install the modules in `$out/lib/gnome-panel/modules`.\n", "loc": ["services", "desktopManager", "gnome", "flashback", "panelModulePackages"], "readOnly": false, "type": "list of package"}, "services.desktopManager.gnome.sessionPath": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional list of packages to be added to the session search path.\nUseful for GNOME Shell extensions or GSettings-conditional autostart.\n\nNote that this should be a last resort; patching the package is preferred (see GPaste).\n", "example": {"_type": "literalExpression", "text": "[ pkgs.gpaste ]"}, "loc": ["services", "desktopManager", "gnome", "sessionPath"], "readOnly": false, "type": "list of package"}, "services.desktopManager.lomiri.enable": {"declarations": ["nixos/modules/services/desktop-managers/lomiri.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Lomiri graphical shell (formerly known as Unity8)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "lomiri", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.pantheon.debug": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gnome-session debug messages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "desktopManager", "pantheon", "debug"], "readOnly": false, "type": "boolean"}, "services.desktopManager.pantheon.enable": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the pantheon desktop manager", "loc": ["services", "desktopManager", "pantheon", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.pantheon.extraGSettingsOverridePackages": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages for which gsettings are overridden.", "loc": ["services", "desktopManager", "pantheon", "extraGSettingsOverridePackages"], "readOnly": false, "type": "list of absolute path"}, "services.desktopManager.pantheon.extraGSettingsOverrides": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional gsettings overrides.", "loc": ["services", "desktopManager", "pantheon", "extraGSettingsOverrides"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.desktopManager.pantheon.extraSwitchboardPlugs": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Plugs to add to Switchboard.", "loc": ["services", "desktopManager", "pantheon", "extraSwitchboardPlugs"], "readOnly": false, "type": "null or (list of package)"}, "services.desktopManager.pantheon.extraWingpanelIndicators": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Indicators to add to Wingpanel.", "loc": ["services", "desktopManager", "pantheon", "extraWingpanelIndicators"], "readOnly": false, "type": "null or (list of package)"}, "services.desktopManager.pantheon.sessionPath": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional list of packages to be added to the session search path.\nUseful for GSettings-conditional autostart.\n\nNote that this should be a last resort; patching the package is preferred (see GPaste).\n", "example": {"_type": "literalExpression", "text": "[ pkgs.gpaste ]"}, "loc": ["services", "desktopManager", "pantheon", "sessionPath"], "readOnly": false, "type": "list of package"}, "services.desktopManager.plasma6.enable": {"declarations": ["nixos/modules/services/desktop-managers/plasma6.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Plasma 6 (KDE 6) desktop environment.", "loc": ["services", "desktopManager", "plasma6", "enable"], "readOnly": false, "type": "boolean"}, "services.desktopManager.plasma6.enableQt5Integration": {"declarations": ["nixos/modules/services/desktop-managers/plasma6.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Qt 5 integration (theming, etc). Disable for a pure Qt 6 system.", "loc": ["services", "desktopManager", "plasma6", "enableQt5Integration"], "readOnly": false, "type": "boolean"}, "services.desktopManager.plasma6.notoPackage": {"declarations": ["nixos/modules/services/desktop-managers/plasma6.nix"], "default": {"_type": "literalExpression", "text": "pkgs.noto-fonts"}, "description": "The Noto fonts - used for UI by default package to use.", "example": {"_type": "literalExpression", "text": "noto-fonts-lgc-plus"}, "loc": ["services", "desktopManager", "plasma6", "notoPackage"], "readOnly": false, "type": "package"}, "services.devmon.enable": {"declarations": ["nixos/modules/services/misc/devmon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable devmon, an automatic device mounting daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "devmon", "enable"], "readOnly": false, "type": "boolean"}, "services.devpi-server.enable": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Devpi Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "devpi-server", "enable"], "readOnly": false, "type": "boolean"}, "services.devpi-server.host": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "domain/ip address to listen on\n", "loc": ["services", "devpi-server", "host"], "readOnly": false, "type": "string"}, "services.devpi-server.openFirewall": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the default ports in the firewall for Devpi Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "devpi-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.devpi-server.package": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.devpi-server"}, "description": "The devpi-server package to use.", "loc": ["services", "devpi-server", "package"], "readOnly": false, "type": "package"}, "services.devpi-server.port": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "3141"}, "description": "The port on which Devpi Server will listen.", "loc": ["services", "devpi-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.devpi-server.primaryUrl": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "description": "Url for the primary node. Required option for replica nodes.", "loc": ["services", "devpi-server", "primaryUrl"], "readOnly": false, "type": "string"}, "services.devpi-server.replica": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run node as a replica.\nRequires the secretFile option and the primaryUrl to be enabled.\n", "loc": ["services", "devpi-server", "replica"], "readOnly": false, "type": "boolean"}, "services.devpi-server.secretFile": {"declarations": ["nixos/modules/services/misc/devpi-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a shared secret file used for synchronization,\nRequired for all nodes in a replica/primary setup.\n", "loc": ["services", "devpi-server", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.deye-dummycloud.enable": {"declarations": ["nixos/modules/services/home-automation/deye-dummycloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the deye-dummycloud service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "deye-dummycloud", "enable"], "readOnly": false, "type": "boolean"}, "services.deye-dummycloud.mqttBrokerUrl": {"declarations": ["nixos/modules/services/home-automation/deye-dummycloud.nix"], "default": {"_type": "literalExpression", "text": "\"mqtt://localhost\""}, "description": "MQTT broker URL", "loc": ["services", "deye-dummycloud", "mqttBrokerUrl"], "readOnly": false, "type": "string"}, "services.deye-dummycloud.mqttPassword": {"declarations": ["nixos/modules/services/home-automation/deye-dummycloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MQTT password", "loc": ["services", "deye-dummycloud", "mqttPassword"], "readOnly": false, "type": "string"}, "services.deye-dummycloud.mqttUsername": {"declarations": ["nixos/modules/services/home-automation/deye-dummycloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MQTT username", "loc": ["services", "deye-dummycloud", "mqttUsername"], "readOnly": false, "type": "string"}, "services.dgraph.alpha.host": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host which dgraph alpha will be run on.\n", "loc": ["services", "dgraph", "alpha", "host"], "readOnly": false, "type": "string"}, "services.dgraph.alpha.port": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "7080"}, "description": "The port which to run dgraph alpha on.\n", "loc": ["services", "dgraph", "alpha", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dgraph.enable": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dgraph native GraphQL database with a graph backend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dgraph", "enable"], "readOnly": false, "type": "boolean"}, "services.dgraph.package": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dgraph"}, "description": "The dgraph package to use.", "loc": ["services", "dgraph", "package"], "readOnly": false, "type": "package"}, "services.dgraph.settings": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the dgraph config. For more details see <https://dgraph.io/docs/deploy/config>\n", "loc": ["services", "dgraph", "settings"], "readOnly": false, "type": "JSON value"}, "services.dgraph.zero.host": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host which dgraph zero will be run on.\n", "loc": ["services", "dgraph", "zero", "host"], "readOnly": false, "type": "string"}, "services.dgraph.zero.port": {"declarations": ["nixos/modules/services/databases/dgraph.nix"], "default": {"_type": "literalExpression", "text": "5080"}, "description": "The port which to run dgraph zero on.\n", "loc": ["services", "dgraph", "zero", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dictd.DBs": {"declarations": ["nixos/modules/services/misc/dictd.nix"], "default": {"_type": "literalExpression", "text": "with pkgs.dictdDBs; [ wiktionary wordnet ]"}, "description": "List of databases to make available.", "example": {"_type": "literalExpression", "text": "[ pkgs.dictdDBs.nld2eng ]"}, "loc": ["services", "dictd", "DBs"], "readOnly": false, "type": "list of package"}, "services.dictd.enable": {"declarations": ["nixos/modules/services/misc/dictd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the DICT.org dictionary server.\n", "loc": ["services", "dictd", "enable"], "readOnly": false, "type": "boolean"}, "services.diod.allsquash": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Remap all users to \"nobody\". The attaching user need not be present in the\npassword file.\n", "loc": ["services", "diod", "allsquash"], "readOnly": false, "type": "boolean"}, "services.diod.authRequired": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow clients to connect without authentication, i.e. without a valid MUNGE credential.\n", "loc": ["services", "diod", "authRequired"], "readOnly": false, "type": "boolean"}, "services.diod.enable": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the diod 9P file server.", "loc": ["services", "diod", "enable"], "readOnly": false, "type": "boolean"}, "services.diod.exportall": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Export all file systems listed in /proc/mounts. If new file systems are mounted\nafter diod has started, they will become immediately mountable. If there is a\nduplicate entry for a file system in the exports list, any options listed in\nthe exports entry will apply.\n", "loc": ["services", "diod", "exportall"], "readOnly": false, "type": "boolean"}, "services.diod.exportopts": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Establish a default set of export options. These are overridden, not appended\nto, by opts attributes in an \"exports\" entry.\n", "loc": ["services", "diod", "exportopts"], "readOnly": false, "type": "list of string"}, "services.diod.exports": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List the file systems that clients will be allowed to mount. All paths should\nbe fully qualified. The exports table can include two types of element:\na string element (as above),\nor an alternate table element form { path=\"/path\", opts=\"ro\" }.\nIn the alternate form, the (optional) opts attribute is a comma-separated list\nof export options. The two table element forms can be mixed in the exports\ntable. Note that although diod will not traverse file system boundaries for a\ngiven mount due to inode uniqueness constraints, subdirectories of a file\nsystem can be separately exported.\n", "loc": ["services", "diod", "exports"], "readOnly": false, "type": "list of string"}, "services.diod.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options for diod.conf.", "loc": ["services", "diod", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.diod.listen": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:564\"\n]"}, "description": "[ \"IP:PORT\" [,\"IP:PORT\",...] ]\nList the interfaces and ports that diod should listen on.\n", "loc": ["services", "diod", "listen"], "readOnly": false, "type": "list of string"}, "services.diod.logdest": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "\"syslog:daemon:err\""}, "description": "Set the destination for logging.\nThe value has the form of \"syslog:facility:level\" or \"filename\".\n", "loc": ["services", "diod", "logdest"], "readOnly": false, "type": "string"}, "services.diod.nwthreads": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Sets the (fixed) number of worker threads created to handle 9P\nrequests for a unique aname.\n", "loc": ["services", "diod", "nwthreads"], "readOnly": false, "type": "signed integer"}, "services.diod.squashuser": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "Change the squash user. The squash user must be present in the password file.\n", "loc": ["services", "diod", "squashuser"], "readOnly": false, "type": "string"}, "services.diod.statfsPassthru": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option configures statfs to return the host file system's type\nrather than V9FS_MAGIC.\n", "loc": ["services", "diod", "statfsPassthru"], "readOnly": false, "type": "boolean"}, "services.diod.userdb": {"declarations": ["nixos/modules/services/network-filesystems/diod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option disables password/group lookups. It allows any uid to attach and\nassumes gid=uid, and supplementary groups contain only the primary gid.\n", "loc": ["services", "diod", "userdb"], "readOnly": false, "type": "boolean"}, "services.discourse.admin.email": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "description": "The admin user email address.\n", "example": {"_type": "literalExpression", "text": "\"admin@example.com\""}, "loc": ["services", "discourse", "admin", "email"], "readOnly": false, "type": "string"}, "services.discourse.admin.fullName": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "description": "The admin user's full name.\n", "loc": ["services", "discourse", "admin", "fullName"], "readOnly": false, "type": "string"}, "services.discourse.admin.passwordFile": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "description": "A path to a file containing the admin user's password.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "discourse", "admin", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.discourse.admin.skipCreate": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not create the admin account, instead rely on other\nexisting admin accounts.\n", "loc": ["services", "discourse", "admin", "skipCreate"], "readOnly": false, "type": "boolean"}, "services.discourse.admin.username": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "description": "The admin user username.\n", "example": {"_type": "literalExpression", "text": "\"admin\""}, "loc": ["services", "discourse", "admin", "username"], "readOnly": false, "type": "string"}, "services.discourse.backendSettings": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings to put in the\n{file}`discourse.conf` file.\n\nLook in the\n[discourse_defaults.conf](https://github.com/discourse/discourse/blob/master/config/discourse_defaults.conf)\nfile in the upstream distribution to find available options.\n\nSetting an option to `null` means\n\u201cdefine variable, but leave right-hand side empty\u201d.\n", "example": {"_type": "literalExpression", "text": "{\n  max_reqs_per_ip_per_minute = 300;\n  max_reqs_per_ip_per_10_seconds = 60;\n  max_asset_reqs_per_ip_per_10_seconds = 250;\n  max_reqs_per_ip_mode = \"warn+block\";\n};\n"}, "loc": ["services", "discourse", "backendSettings"], "readOnly": false, "type": "attribute set of (null or string or signed integer or boolean or floating point number)"}, "services.discourse.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a database should be automatically created on the\nlocal host. Set this to `false` if you plan\non provisioning a local database yourself. This has no effect\nif {option}`services.discourse.database.host` is customized.\n", "loc": ["services", "discourse", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.discourse.database.host": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Discourse database hostname. `null` means\n\u201cprefer local unix socket connection\u201d.\n", "loc": ["services", "discourse", "database", "host"], "readOnly": false, "type": "null or string"}, "services.discourse.database.ignorePostgresqlVersion": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow other versions of PostgreSQL than the\nrecommended one. Only effective when\n{option}`services.discourse.database.createLocally`\nis enabled.\n", "loc": ["services", "discourse", "database", "ignorePostgresqlVersion"], "readOnly": false, "type": "boolean"}, "services.discourse.database.name": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"discourse\""}, "description": "Discourse database name.\n", "loc": ["services", "discourse", "database", "name"], "readOnly": false, "type": "string"}, "services.discourse.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the Discourse database user password.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "discourse", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.database.pool": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Database connection pool size.\n", "loc": ["services", "discourse", "database", "pool"], "readOnly": false, "type": "signed integer"}, "services.discourse.database.username": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"discourse\""}, "description": "Discourse database user.\n", "loc": ["services", "discourse", "database", "username"], "readOnly": false, "type": "string"}, "services.discourse.enable": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Discourse, an open source discussion platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "discourse", "enable"], "readOnly": false, "type": "boolean"}, "services.discourse.enableACME": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalMD", "text": "`true`, unless {option}`services.discourse.sslCertificate`\nand {option}`services.discourse.sslCertificateKey` are set.\n"}, "description": "Whether an ACME certificate should be used to secure\nconnections to the server.\n", "loc": ["services", "discourse", "enableACME"], "readOnly": false, "type": "boolean"}, "services.discourse.hostname": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "The hostname to serve Discourse on.\n", "example": {"_type": "literalExpression", "text": "\"discourse.example.com\""}, "loc": ["services", "discourse", "hostname"], "readOnly": false, "type": "string"}, "services.discourse.mail.contactEmailAddress": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Email address of key contact responsible for this\nsite. Used for critical notifications, as well as on the\n`/about` contact form for urgent matters.\n", "loc": ["services", "discourse", "mail", "contactEmailAddress"], "readOnly": false, "type": "string"}, "services.discourse.mail.incoming.apiKeyFile": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the Discourse API key used to add\nposts and messages from mail. If left at its default\nvalue `null`, one will be automatically\ngenerated.\n\nThis should be a string, not a nix path, since nix paths\nare copied into the world-readable nix store.\n", "loc": ["services", "discourse", "mail", "incoming", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.mail.incoming.enable": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set up Postfix to receive incoming mail.\n", "loc": ["services", "discourse", "mail", "incoming", "enable"], "readOnly": false, "type": "boolean"}, "services.discourse.mail.incoming.mailReceiverPackage": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "pkgs.discourse-mail-receiver"}, "description": "The discourse-mail-receiver package to use.\n", "loc": ["services", "discourse", "mail", "incoming", "mailReceiverPackage"], "readOnly": false, "type": "package"}, "services.discourse.mail.incoming.replyEmailAddress": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"%{reply_key}@${config.services.discourse.hostname}\""}, "description": "Template for reply by email incoming email address, for\nexample: %{reply_key}@reply.example.com or\nreplies+%{reply_key}@example.com\n", "loc": ["services", "discourse", "mail", "incoming", "replyEmailAddress"], "readOnly": false, "type": "string"}, "services.discourse.mail.notificationEmailAddress": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"${if config.services.discourse.mail.incoming.enable then \"notifications\" else \"noreply\"}@${config.services.discourse.hostname}\"\n"}, "description": "The `from:` email address used when\nsending all essential system emails. The domain specified\nhere must have SPF, DKIM and reverse PTR records set\ncorrectly for email to arrive.\n", "loc": ["services", "discourse", "mail", "notificationEmailAddress"], "readOnly": false, "type": "string"}, "services.discourse.mail.outgoing.authentication": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication type to use, see <https://api.rubyonrails.org/classes/ActionMailer/Base.html>\n", "loc": ["services", "discourse", "mail", "outgoing", "authentication"], "readOnly": false, "type": "null or one of \"plain\", \"login\", \"cram_md5\""}, "services.discourse.mail.outgoing.domain": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "config.services.discourse.hostname"}, "description": "HELO domain to use for outgoing mail.\n", "loc": ["services", "discourse", "mail", "outgoing", "domain"], "readOnly": false, "type": "string"}, "services.discourse.mail.outgoing.enableStartTLSAuto": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to try to use StartTLS.\n", "loc": ["services", "discourse", "mail", "outgoing", "enableStartTLSAuto"], "readOnly": false, "type": "boolean"}, "services.discourse.mail.outgoing.forceTLS": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force implicit TLS as per RFC 8314 3.3.\n", "loc": ["services", "discourse", "mail", "outgoing", "forceTLS"], "readOnly": false, "type": "boolean"}, "services.discourse.mail.outgoing.opensslVerifyMode": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"peer\""}, "description": "How OpenSSL checks the certificate, see <https://api.rubyonrails.org/classes/ActionMailer/Base.html>\n", "loc": ["services", "discourse", "mail", "outgoing", "opensslVerifyMode"], "readOnly": false, "type": "string"}, "services.discourse.mail.outgoing.passwordFile": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password of the SMTP server account.\n\nThis should be a string, not a nix path, since nix paths\nare copied into the world-readable nix store.\n", "loc": ["services", "discourse", "mail", "outgoing", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.mail.outgoing.port": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "The port of the SMTP server Discourse should use to\nsend email.\n", "loc": ["services", "discourse", "mail", "outgoing", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.discourse.mail.outgoing.serverAddress": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address of the SMTP server Discourse should use to\nsend email.\n", "loc": ["services", "discourse", "mail", "outgoing", "serverAddress"], "readOnly": false, "type": "string"}, "services.discourse.mail.outgoing.username": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The username of the SMTP server.\n", "loc": ["services", "discourse", "mail", "outgoing", "username"], "readOnly": false, "type": "null or string"}, "services.discourse.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether an `nginx` virtual host should be\nset up to serve Discourse. Only disable if you're planning\nto use a different web server, which is not recommended.\n", "loc": ["services", "discourse", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.discourse.package": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "pkgs.discourse"}, "description": "The discourse package to use.\n", "loc": ["services", "discourse", "package"], "readOnly": false, "type": "package"}, "services.discourse.plugins": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugins to install as part of Discourse, expressed as a list of derivations.\n", "example": {"_type": "literalExpression", "text": "with config.services.discourse.package.plugins; [\n  discourse-canned-replies\n  discourse-github\n];\n"}, "loc": ["services", "discourse", "plugins"], "readOnly": false, "type": "list of package"}, "services.discourse.redis.dbNumber": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Redis database number.\n", "loc": ["services", "discourse", "redis", "dbNumber"], "readOnly": false, "type": "signed integer"}, "services.discourse.redis.host": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Redis server hostname.\n", "loc": ["services", "discourse", "redis", "host"], "readOnly": false, "type": "string"}, "services.discourse.redis.passwordFile": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the Redis password.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "discourse", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.redis.useSSL": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "config.services.discourse.redis.host != \"localhost\""}, "description": "Connect to Redis with SSL.\n", "loc": ["services", "discourse", "redis", "useSSL"], "readOnly": false, "type": "boolean"}, "services.discourse.secretKeyBaseFile": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the\n`secret_key_base` secret.\n\nDiscourse uses `secret_key_base` to encrypt\nthe cookie store, which contains session data, and to digest\nuser auth tokens.\n\nNeeds to be a 64 byte long string of hexadecimal\ncharacters. You can generate one by running\n\n```\nopenssl rand -hex 64 >/path/to/secret_key_base_file\n```\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/secret_key_base\""}, "loc": ["services", "discourse", "secretKeyBaseFile"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.sidekiqProcesses": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "How many Sidekiq processes should be spawned.\n", "loc": ["services", "discourse", "sidekiqProcesses"], "readOnly": false, "type": "signed integer"}, "services.discourse.siteSettings": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Discourse site settings. These are the settings that can be\nchanged from the UI. This only defines their default values:\nthey can still be overridden from the UI.\n\nAvailable settings can be found by looking in the\n[site_settings.yml](https://github.com/discourse/discourse/blob/master/config/site_settings.yml)\nfile of the upstream distribution. To find a setting's path,\nyou only need to care about the first two levels; i.e. its\ncategory and name. See the example.\n\nSettings containing secret data should be set to an\nattribute set containing the attribute\n`_secret` - a string pointing to a file\ncontaining the value the option should be set to. See the\nexample to get a better picture of this: in the resulting\n{file}`config/nixos_site_settings.json` file,\nthe `login.github_client_secret` key will\nbe set to the contents of the\n{file}`/run/keys/discourse_github_client_secret`\nfile.\n", "example": {"_type": "literalExpression", "text": "{\n  required = {\n    title = \"My Cats\";\n    site_description = \"Discuss My Cats (and be nice plz)\";\n  };\n  login = {\n    enable_github_logins = true;\n    github_client_id = \"a2f6dfe838cb3206ce20\";\n    github_client_secret._secret = /run/keys/discourse_github_client_secret;\n  };\n};\n"}, "loc": ["services", "discourse", "siteSettings"], "readOnly": false, "type": "JSON value"}, "services.discourse.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the server SSL certificate. Set this to enable\nSSL.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/ssl.cert\""}, "loc": ["services", "discourse", "sslCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the server SSL certificate key. Set this to\nenable SSL.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/ssl.key\""}, "loc": ["services", "discourse", "sslCertificateKey"], "readOnly": false, "type": "null or absolute path"}, "services.discourse.unicornTimeout": {"declarations": ["nixos/modules/services/web-apps/discourse.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Time in seconds before a request to Unicorn times out.\n\nThis can be raised if the system Discourse is running on is\ntoo slow to handle many requests within 30 seconds.\n", "loc": ["services", "discourse", "unicornTimeout"], "readOnly": false, "type": "signed integer"}, "services.disnix.enable": {"declarations": ["nixos/modules/services/misc/disnix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Disnix.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "disnix", "enable"], "readOnly": false, "type": "boolean"}, "services.disnix.enableMultiUser": {"declarations": ["nixos/modules/services/misc/disnix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to support multi-user mode by enabling the Disnix D-Bus service", "loc": ["services", "disnix", "enableMultiUser"], "readOnly": false, "type": "boolean"}, "services.disnix.enableProfilePath": {"declarations": ["nixos/modules/services/misc/disnix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exposing the Disnix profiles in the system's PATH.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "disnix", "enableProfilePath"], "readOnly": false, "type": "boolean"}, "services.disnix.package": {"declarations": ["nixos/modules/services/misc/disnix.nix"], "default": {"_type": "literalExpression", "text": "pkgs.disnix"}, "description": "The disnix package to use.", "loc": ["services", "disnix", "package"], "readOnly": false, "type": "package"}, "services.disnix.profiles": {"declarations": ["nixos/modules/services/misc/disnix.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"default\"\n]"}, "description": "Names of the Disnix profiles to expose in the system's PATH", "loc": ["services", "disnix", "profiles"], "readOnly": false, "type": "list of string"}, "services.disnix.useWebServiceInterface": {"declarations": ["nixos/modules/services/misc/disnix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the DisnixWebService interface running on Apache Tomcat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "disnix", "useWebServiceInterface"], "readOnly": false, "type": "boolean"}, "services.displayManager.autoLogin": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Auto login configuration attrset.\n", "loc": ["services", "displayManager", "autoLogin"], "readOnly": false, "type": "submodule"}, "services.displayManager.autoLogin.enable": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.displayManager.autoLogin.user != null"}, "description": "Automatically log in as {option}`autoLogin.user`.\n", "loc": ["services", "displayManager", "autoLogin", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.autoLogin.user": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User to be used for the automatic login.\n", "loc": ["services", "displayManager", "autoLogin", "user"], "readOnly": false, "type": "null or string"}, "services.displayManager.cosmic-greeter.enable": {"declarations": ["nixos/modules/services/display-managers/cosmic-greeter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable COSMIC greeter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "cosmic-greeter", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.cosmic-greeter.package": {"declarations": ["nixos/modules/services/display-managers/cosmic-greeter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cosmic-greeter"}, "description": "The cosmic-greeter package to use.", "loc": ["services", "displayManager", "cosmic-greeter", "package"], "readOnly": false, "type": "package"}, "services.displayManager.defaultSession": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM).\n\nOn GDM, LightDM and SDDM, it will also be used as a session for auto-login.\n\nSet this option to empty string to get an error with a list of currently available sessions.\n", "example": {"_type": "literalExpression", "text": "\"gnome\""}, "loc": ["services", "displayManager", "defaultSession"], "readOnly": false, "type": "session name"}, "services.displayManager.dms-greeter.compositor.customConfig": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Custom compositor configuration to use for the greeter session.\n\nThis configuration is written to a file and passed to the compositor\nwhen launching the greeter. The format and available options depend\non the selected compositor.\n\nLeave empty to use the system's default compositor configuration.\n", "example": {"_type": "literalExpression", "text": "''\n  # Niri example\n  input {\n      keyboard {\n          xkb {\n              layout \"us\"\n          }\n      }\n  }\n''"}, "loc": ["services", "displayManager", "dms-greeter", "compositor", "customConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.displayManager.dms-greeter.compositor.name": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "description": "The Wayland compositor to run the greeter in.\n\nThe specified compositor must be enabled via its corresponding\n`programs.<compositor>.enable` option.\n\nSupported compositors:\n- niri: A scrollable-tiling Wayland compositor\n- hyprland: A dynamic tiling Wayland compositor\n- sway: An i3-compatible Wayland compositor\n", "example": {"_type": "literalExpression", "text": "\"niri\""}, "loc": ["services", "displayManager", "dms-greeter", "compositor", "name"], "readOnly": false, "type": "one of \"niri\", \"hyprland\", \"sway\""}, "services.displayManager.dms-greeter.configFiles": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of DankMaterialShell configuration files to copy into the greeter\ndata directory at `/var/lib/dms-greeter`.\n\nThis is useful for preserving user preferences like wallpapers, themes,\nand other settings in the greeter screen.\n\n::: {.tip}\nUse {option}`configHome` instead if your configuration files are in\nstandard XDG locations.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  \"/home/user/.config/DankMaterialShell/settings.json\"\n  \"/home/user/.local/state/DankMaterialShell/session.json\"\n]\n"}, "loc": ["services", "displayManager", "dms-greeter", "configFiles"], "readOnly": false, "type": "list of absolute path"}, "services.displayManager.dms-greeter.configHome": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a user's home directory from which to copy DankMaterialShell\nconfiguration files.\n\nWhen set, the following files will be automatically copied to the greeter:\n- `~/.config/DankMaterialShell/settings.json`\n- `~/.local/state/DankMaterialShell/session.json`\n- `~/.cache/DankMaterialShell/dms-colors.json`\n\nIf your configuration files are in non-standard locations, use the\n{option}`configFiles` option instead.\n", "example": {"_type": "literalExpression", "text": "\"/home/alice\""}, "loc": ["services", "displayManager", "dms-greeter", "configHome"], "readOnly": false, "type": "null or string"}, "services.displayManager.dms-greeter.enable": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DankMaterialShell greeter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "dms-greeter", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.dms-greeter.logs.path": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "\"/tmp/dms-greeter.log\""}, "description": "File path where DMS greeter logs will be saved.\n\nThis is useful for debugging greeter issues. Logs will include\noutput from both the greeter and the compositor.\n", "example": {"_type": "literalExpression", "text": "\"/var/log/dms-greeter.log\""}, "loc": ["services", "displayManager", "dms-greeter", "logs", "path"], "readOnly": false, "type": "absolute path"}, "services.displayManager.dms-greeter.logs.save": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable saving logs from the DMS greeter to a file.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "dms-greeter", "logs", "save"], "readOnly": false, "type": "boolean"}, "services.displayManager.dms-greeter.package": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "if config.programs.dms-shell.enable\nthen config.programs.dms-shell.package\nelse pkgs.dms-shell;\n"}, "description": "The DankMaterialShell package to use for the greeter.\n\nDefaults to the package from `programs.dms-shell` if it is enabled,\notherwise defaults to `pkgs.dms-shell`.\n", "loc": ["services", "displayManager", "dms-greeter", "package"], "readOnly": false, "type": "package"}, "services.displayManager.dms-greeter.quickshell.package": {"declarations": ["nixos/modules/services/display-managers/dms-greeter.nix"], "default": {"_type": "literalExpression", "text": "if config.programs.dms-shell.enable\nthen config.programs.dms-shell.quickshell.package\nelse pkgs.quickshell;\n"}, "description": "The Quickshell package to use for the greeter.\n\nDefaults to the quickshell package from `programs.dms-shell` if it is enabled,\notherwise defaults to `pkgs.quickshell`.\n", "loc": ["services", "displayManager", "dms-greeter", "quickshell", "package"], "readOnly": false, "type": "package"}, "services.displayManager.enable": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable shared display manager integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.gdm.autoLogin.delay": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Seconds of inactivity after which the autologin will be performed.\n", "loc": ["services", "displayManager", "gdm", "autoLogin", "delay"], "readOnly": false, "type": "signed integer"}, "services.displayManager.gdm.autoSuspend": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "On the GNOME Display Manager login screen, suspend the machine after inactivity.\n(Does not affect automatic suspend while logged in, or at lock screen.)\n", "loc": ["services", "displayManager", "gdm", "autoSuspend"], "readOnly": false, "type": "boolean"}, "services.displayManager.gdm.banner": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional message to display on the login screen.\n", "example": {"_type": "literalExpression", "text": "''\n  foo\n  bar\n  baz\n''"}, "loc": ["services", "displayManager", "gdm", "banner"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.displayManager.gdm.debug": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debugging messages in GDM.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "gdm", "debug"], "readOnly": false, "type": "boolean"}, "services.displayManager.gdm.enable": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GDM, the GNOME Display Manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "gdm", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.gdm.settings": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options passed to the gdm daemon.\nSee [here](https://help.gnome.org/admin/gdm/stable/configuration.html.en#daemonconfig) for supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  debug = {\n    enable = true;\n  };\n}"}, "loc": ["services", "displayManager", "gdm", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.displayManager.gdm.wayland": {"declarations": ["nixos/modules/services/display-managers/gdm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow GDM to run on Wayland instead of Xserver.\n", "loc": ["services", "displayManager", "gdm", "wayland"], "readOnly": false, "type": "boolean"}, "services.displayManager.generic.enable": {"declarations": ["nixos/modules/services/display-managers/generic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable generic display manager integration - deprecated.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "generic", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.generic.environment": {"declarations": ["nixos/modules/services/display-managers/generic.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables needed by the display manager.", "loc": ["services", "displayManager", "generic", "environment"], "readOnly": false, "type": "attribute set of unspecified value"}, "services.displayManager.generic.execCmd": {"declarations": ["nixos/modules/services/display-managers/generic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Command to start the display manager.", "example": {"_type": "literalExpression", "text": "\"${pkgs.lightdm}/bin/lightdm\""}, "loc": ["services", "displayManager", "generic", "execCmd"], "readOnly": false, "type": "null or string"}, "services.displayManager.generic.preStart": {"declarations": ["nixos/modules/services/display-managers/generic.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Script executed before the display manager is started.", "example": {"_type": "literalExpression", "text": "\"rm -f /var/log/my-display-manager.log\""}, "loc": ["services", "displayManager", "generic", "preStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.displayManager.hiddenUsers": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"nobody\"\n]"}, "description": "A list of users which will not be shown in the display manager.\n", "loc": ["services", "displayManager", "hiddenUsers"], "readOnly": false, "type": "list of string"}, "services.displayManager.lemurs.enable": {"declarations": ["nixos/modules/services/display-managers/lemurs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lemurs, a customizable TUI display/login manager.\n\n::: {.note}\nFor Wayland compositors, your user must be in the \"seat\" group.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "lemurs", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.lemurs.package": {"declarations": ["nixos/modules/services/display-managers/lemurs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lemurs"}, "description": "The lemurs package to use.", "loc": ["services", "displayManager", "lemurs", "package"], "readOnly": false, "type": "package"}, "services.displayManager.lemurs.settings": {"declarations": ["nixos/modules/services/display-managers/lemurs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for lemurs, provided as a Nix attribute set and automatically\nserialized to TOML.\nSee [lemurs configuration documentation](https://github.com/coastalwhite/lemurs/blob/main/extra/config.toml) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  do_log = true;\n}\n"}, "loc": ["services", "displayManager", "lemurs", "settings"], "readOnly": false, "type": "TOML value"}, "services.displayManager.logToFile": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the display manager redirects the output of the\nsession script to {file}`~/.xsession-errors`.\n", "loc": ["services", "displayManager", "logToFile"], "readOnly": false, "type": "boolean"}, "services.displayManager.logToJournal": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the display manager redirects the output of the\nsession script to the systemd journal.\n", "loc": ["services", "displayManager", "logToJournal"], "readOnly": false, "type": "boolean"}, "services.displayManager.ly.enable": {"declarations": ["nixos/modules/services/display-managers/ly.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ly as the display manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "ly", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.ly.package": {"declarations": ["nixos/modules/services/display-managers/ly.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ly"}, "description": "The ly package to use.", "loc": ["services", "displayManager", "ly", "package"], "readOnly": false, "type": "package"}, "services.displayManager.ly.settings": {"declarations": ["nixos/modules/services/display-managers/ly.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra settings merged in and overwriting defaults in config.ini.\n", "example": {"_type": "literalExpression", "text": "{\n  load = false;\n  save = false;\n}"}, "loc": ["services", "displayManager", "ly", "settings"], "readOnly": false, "type": "attribute set of (INI atom (null, bool, int, float or string))"}, "services.displayManager.ly.x11Support": {"declarations": ["nixos/modules/services/display-managers/ly.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable support for X11", "loc": ["services", "displayManager", "ly", "x11Support"], "readOnly": false, "type": "boolean"}, "services.displayManager.plasma-login-manager.enable": {"declarations": ["nixos/modules/services/display-managers/plasma-login-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Plasma Login Manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "plasma-login-manager", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.plasma-login-manager.package": {"declarations": ["nixos/modules/services/display-managers/plasma-login-manager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.plasma-login-manager"}, "description": "The plasma-login-manager package to use.", "loc": ["services", "displayManager", "plasma-login-manager", "package"], "readOnly": false, "type": "package"}, "services.displayManager.plasma-login-manager.settings": {"declarations": ["nixos/modules/services/display-managers/plasma-login-manager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings for Plasma Login Manager (see `man plasmalogin.conf`)", "example": {"_type": "literalExpression", "text": "{\n  Users = {\n    ReuseSession = false;\n  };\n}"}, "loc": ["services", "displayManager", "plasma-login-manager", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.displayManager.sddm.autoLogin.minimumUid": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Minimum user ID for auto-login user.\n", "loc": ["services", "displayManager", "sddm", "autoLogin", "minimumUid"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.displayManager.sddm.autoLogin.relogin": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true automatic login will kick in again on session exit (logout), otherwise it\nwill only log in automatically when the display-manager is started.\n", "loc": ["services", "displayManager", "sddm", "autoLogin", "relogin"], "readOnly": false, "type": "boolean"}, "services.displayManager.sddm.autoNumlock": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable numlock at login.\n", "loc": ["services", "displayManager", "sddm", "autoNumlock"], "readOnly": false, "type": "boolean"}, "services.displayManager.sddm.enable": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sddm as the display manager.\n", "loc": ["services", "displayManager", "sddm", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.sddm.enableHidpi": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable automatic HiDPI mode.\n", "loc": ["services", "displayManager", "sddm", "enableHidpi"], "readOnly": false, "type": "boolean"}, "services.displayManager.sddm.extraPackages": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "\"[]\""}, "description": "Extra Qt plugins / QML libraries to add to the environment.\n", "loc": ["services", "displayManager", "sddm", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.displayManager.sddm.package": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.sddm"}, "description": "The sddm package to use.", "loc": ["services", "displayManager", "sddm", "package"], "readOnly": false, "type": "package"}, "services.displayManager.sddm.settings": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra settings merged in and overwriting defaults in sddm.conf.\n", "example": {"_type": "literalExpression", "text": "{\n  Autologin = {\n    Session = \"plasma.desktop\";\n    User = \"john\";\n  };\n}"}, "loc": ["services", "displayManager", "sddm", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.displayManager.sddm.setupScript": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A script to execute when starting the display server. DEPRECATED, please\nuse {option}`services.xserver.displayManager.setupCommands`.\n", "example": {"_type": "literalExpression", "text": "''\n  # workaround for using NVIDIA Optimus without Bumblebee\n  xrandr --setprovideroutputsource modesetting NVIDIA-0\n  xrandr --auto\n''"}, "loc": ["services", "displayManager", "sddm", "setupScript"], "readOnly": false, "type": "string"}, "services.displayManager.sddm.stopScript": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A script to execute when stopping the display server.\n", "loc": ["services", "displayManager", "sddm", "stopScript"], "readOnly": false, "type": "string"}, "services.displayManager.sddm.theme": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Greeter theme to use.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.where-is-my-sddm-theme.override { variants = [ \"qt5\" ]; }}/share/sddm/themes/where_is_my_sddm_theme_qt5\""}, "loc": ["services", "displayManager", "sddm", "theme"], "readOnly": false, "type": "string"}, "services.displayManager.sddm.wayland.compositor": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "\"weston\""}, "description": "The compositor to use: kwin, weston", "loc": ["services", "displayManager", "sddm", "wayland", "compositor"], "readOnly": false, "type": "one of \"kwin\", \"weston\""}, "services.displayManager.sddm.wayland.enable": {"declarations": ["nixos/modules/services/display-managers/sddm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable experimental Wayland support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "displayManager", "sddm", "wayland", "enable"], "readOnly": false, "type": "boolean"}, "services.displayManager.sessionPackages": {"declarations": ["nixos/modules/services/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of packages containing x11 or wayland session files to be passed to the display manager.\n", "loc": ["services", "displayManager", "sessionPackages"], "readOnly": false, "type": "list of package with provided sessions"}, "services.distccd.allowedClients": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "description": "Client IPs which are allowed to connect to distccd in CIDR notation.\n\nAnyone who can connect to the distccd server can run arbitrary\ncommands on that system as the distcc user, therefore you should use\nthis judiciously.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"192.168.0.0/24\"\n  \"10.0.0.0/24\"\n]"}, "loc": ["services", "distccd", "allowedClients"], "readOnly": false, "type": "list of string"}, "services.distccd.enable": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable distccd, a distributed C/C++ compiler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "distccd", "enable"], "readOnly": false, "type": "boolean"}, "services.distccd.jobTimeout": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum duration, in seconds, of a single compilation request.\n", "loc": ["services", "distccd", "jobTimeout"], "readOnly": false, "type": "null or signed integer"}, "services.distccd.logLevel": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "\"warning\""}, "description": "Set the minimum severity of error that will be included in the log\nfile. Useful if you only want to see error messages rather than an\nentry for each connection.\n", "loc": ["services", "distccd", "logLevel"], "readOnly": false, "type": "null or one of \"critical\", \"error\", \"warning\", \"notice\", \"info\", \"debug\""}, "services.distccd.maxJobs": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of tasks distccd should execute at lib.any time.\n", "loc": ["services", "distccd", "maxJobs"], "readOnly": false, "type": "null or signed integer"}, "services.distccd.nice": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Niceness of the compilation tasks.\n", "loc": ["services", "distccd", "nice"], "readOnly": false, "type": "null or integer between -20 and 19 (both inclusive)"}, "services.distccd.openFirewall": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens the specified TCP port for distcc.\n", "loc": ["services", "distccd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.distccd.package": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.distcc"}, "description": "The distcc package to use.", "loc": ["services", "distccd", "package"], "readOnly": false, "type": "package"}, "services.distccd.port": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "3632"}, "description": "The TCP port which distccd will listen on.\n", "loc": ["services", "distccd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.distccd.stats.enable": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable statistics reporting via HTTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "distccd", "stats", "enable"], "readOnly": false, "type": "boolean"}, "services.distccd.stats.port": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "3633"}, "description": "The TCP port which the distccd statistics HTTP server will listen\non.\n", "loc": ["services", "distccd", "stats", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.distccd.zeroconf": {"declarations": ["nixos/modules/services/development/distccd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to register via mDNS/DNS-SD\n", "loc": ["services", "distccd", "zeroconf"], "readOnly": false, "type": "boolean"}, "services.dkimproxy-out.domains": {"declarations": ["nixos/modules/services/mail/dkimproxy-out.nix"], "description": "List of domains DKIMproxy can sign for.", "example": {"_type": "literalExpression", "text": "[\n  \"example.org\"\n  \"example.com\"\n]"}, "loc": ["services", "dkimproxy-out", "domains"], "readOnly": false, "type": "list of string"}, "services.dkimproxy-out.enable": {"declarations": ["nixos/modules/services/mail/dkimproxy-out.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dkimproxy_out.\n\nNote that a key will be auto-generated, and can be found in\n/var/lib/dkimproxy-out.\n", "loc": ["services", "dkimproxy-out", "enable"], "readOnly": false, "type": "boolean"}, "services.dkimproxy-out.keySize": {"declarations": ["nixos/modules/services/mail/dkimproxy-out.nix"], "default": {"_type": "literalExpression", "text": "2048"}, "description": "Size of the RSA key to use to sign outgoing emails. Note that the\nmaximum mandatorily verified as per RFC6376 is 2048.\n", "loc": ["services", "dkimproxy-out", "keySize"], "readOnly": false, "type": "signed integer"}, "services.dkimproxy-out.listen": {"declarations": ["nixos/modules/services/mail/dkimproxy-out.nix"], "description": "Address:port DKIMproxy should listen on.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:10027\""}, "loc": ["services", "dkimproxy-out", "listen"], "readOnly": false, "type": "string"}, "services.dkimproxy-out.relay": {"declarations": ["nixos/modules/services/mail/dkimproxy-out.nix"], "description": "Address:port DKIMproxy should forward mail to.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:10028\""}, "loc": ["services", "dkimproxy-out", "relay"], "readOnly": false, "type": "string"}, "services.dkimproxy-out.selector": {"declarations": ["nixos/modules/services/mail/dkimproxy-out.nix"], "description": "The selector to use for DKIM key identification.\n\nFor example, if 'selector1' is used here, then for each domain\n'example.org' given in `domain`, 'selector1._domainkey.example.org'\nshould contain the TXT record indicating the public key is the one\nin /var/lib/dkimproxy-out/public.key: \"v=DKIM1; t=s; p=[THE PUBLIC KEY]\".\n", "example": {"_type": "literalExpression", "text": "\"selector1\""}, "loc": ["services", "dkimproxy-out", "selector"], "readOnly": false, "type": "string"}, "services.dleyna.enable": {"declarations": ["nixos/modules/services/desktops/dleyna.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dleyna-renderer and dleyna-server service,\na DBus service for handling DLNA servers and renderers.\n", "loc": ["services", "dleyna", "enable"], "readOnly": false, "type": "boolean"}, "services.dnscache.clientIps": {"declarations": ["nixos/modules/services/networking/dnscache.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "description": "Client IP addresses (or prefixes) from which to accept connections.", "example": {"_type": "literalExpression", "text": "[\n  \"192.168\"\n  \"172.23.75.82\"\n]"}, "loc": ["services", "dnscache", "clientIps"], "readOnly": false, "type": "list of string"}, "services.dnscache.domainServers": {"declarations": ["nixos/modules/services/networking/dnscache.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts).\nIf entry for @ is not specified predefined list of root servers is used.\n", "example": {"_type": "literalExpression", "text": "{\n  \"@\" = [\"8.8.8.8\" \"8.8.4.4\"];\n  \"example.com\" = [\"192.168.100.100\"];\n}\n"}, "loc": ["services", "dnscache", "domainServers"], "readOnly": false, "type": "attribute set of list of string"}, "services.dnscache.enable": {"declarations": ["nixos/modules/services/networking/dnscache.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the dnscache caching dns server.", "loc": ["services", "dnscache", "enable"], "readOnly": false, "type": "boolean"}, "services.dnscache.forwardOnly": {"declarations": ["nixos/modules/services/networking/dnscache.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to treat root servers (for @) as caching\nservers, requesting addresses the same way a client does. This is\nneeded if you want to use e.g. Google DNS as your upstream DNS.\n", "loc": ["services", "dnscache", "forwardOnly"], "readOnly": false, "type": "boolean"}, "services.dnscache.ip": {"declarations": ["nixos/modules/services/networking/dnscache.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address on which to listen for connections.", "loc": ["services", "dnscache", "ip"], "readOnly": false, "type": "string"}, "services.dnsdist.dnscrypt.certLifetime": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "15"}, "description": "The lifetime (in minutes) of the resolver certificate.\nThis will be automatically rotated before expiration.\n", "loc": ["services", "dnsdist", "dnscrypt", "certLifetime"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.dnsdist.dnscrypt.enable": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a DNSCrypt endpoint to dnsdist.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dnsdist", "dnscrypt", "enable"], "readOnly": false, "type": "boolean"}, "services.dnsdist.dnscrypt.listenAddress": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Listen IP address of the endpoint", "loc": ["services", "dnsdist", "dnscrypt", "listenAddress"], "readOnly": false, "type": "string"}, "services.dnsdist.dnscrypt.listenPort": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "Listen port of the endpoint", "loc": ["services", "dnsdist", "dnscrypt", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dnsdist.dnscrypt.providerKey": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The filepath to the provider secret key.\nIf not given a new provider key pair will be generated in\n/var/lib/dnsdist on the first run.\n\n::: {.note}\nThe file must be readable by the dnsdist user/group.\n:::\n", "loc": ["services", "dnsdist", "dnscrypt", "providerKey"], "readOnly": false, "type": "null or absolute path"}, "services.dnsdist.dnscrypt.providerName": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "2.dnscrypt-cert.${config.networking.hostName}"}, "description": "The name that will be given to this DNSCrypt resolver.\n\n::: {.note}\nThe provider name must start with `2.dnscrypt-cert.`.\n:::\n", "example": {"_type": "literalExpression", "text": "\"2.dnscrypt-cert.myresolver\""}, "loc": ["services", "dnsdist", "dnscrypt", "providerName"], "readOnly": false, "type": "string"}, "services.dnsdist.enable": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dnsdist domain name server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dnsdist", "enable"], "readOnly": false, "type": "boolean"}, "services.dnsdist.extraConfig": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to dnsdist.conf.\n", "loc": ["services", "dnsdist", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.dnsdist.listenAddress": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Listen IP address", "loc": ["services", "dnsdist", "listenAddress"], "readOnly": false, "type": "string"}, "services.dnsdist.listenPort": {"declarations": ["nixos/modules/services/networking/dnsdist.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "Listen port", "loc": ["services", "dnsdist", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dnsmasq.alwaysKeepRunning": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.\n", "loc": ["services", "dnsmasq", "alwaysKeepRunning"], "readOnly": false, "type": "boolean"}, "services.dnsmasq.configFile": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "Path of dnsmasq config file"}, "description": "Path to the configuration file of dnsmasq.\n", "loc": ["services", "dnsmasq", "configFile"], "readOnly": true, "type": "package"}, "services.dnsmasq.enable": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run dnsmasq.\n", "loc": ["services", "dnsmasq", "enable"], "readOnly": false, "type": "boolean"}, "services.dnsmasq.package": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dnsmasq"}, "description": "The dnsmasq package to use.", "loc": ["services", "dnsmasq", "package"], "readOnly": false, "type": "package"}, "services.dnsmasq.resolveLocalQueries": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to\n/etc/resolv.conf).\n", "loc": ["services", "dnsmasq", "resolveLocalQueries"], "readOnly": false, "type": "boolean"}, "services.dnsmasq.settings": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of dnsmasq. Lists get added one value per line (empty\nlists and false values don't get added, though false values get\nturned to comments). Gets merged with\n\n    {\n      dhcp-leasefile = \"/var/lib/dnsmasq/dnsmasq.leases\";\n      conf-file = optional cfg.resolveLocalQueries \"/etc/dnsmasq-conf.conf\";\n      resolv-file = optional cfg.resolveLocalQueries \"/etc/dnsmasq-resolv.conf\";\n    }\n", "example": {"_type": "literalExpression", "text": "{\n  domain-needed = true;\n  dhcp-range = [ \"192.168.0.2,192.168.0.254\" ];\n}\n"}, "loc": ["services", "dnsmasq", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.dnsmasq.settings.server": {"declarations": ["nixos/modules/services/networking/dnsmasq.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The DNS servers which dnsmasq should query.\n", "example": {"_type": "literalExpression", "text": "[\n  \"8.8.8.8\"\n  \"8.8.4.4\"\n]"}, "loc": ["services", "dnsmasq", "settings", "server"], "readOnly": false, "type": "list of string"}, "services.dnsproxy.enable": {"declarations": ["nixos/modules/services/networking/dnsproxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dnsproxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dnsproxy", "enable"], "readOnly": false, "type": "boolean"}, "services.dnsproxy.flags": {"declarations": ["nixos/modules/services/networking/dnsproxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra command-line flags to pass to dnsproxy. For details on the\navailable options, see <https://github.com/AdguardTeam/dnsproxy#usage>.\nKeep in mind that options passed through command-line flags override\nconfig options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--upstream=1.1.1.1:53\"\n]"}, "loc": ["services", "dnsproxy", "flags"], "readOnly": false, "type": "list of string"}, "services.dnsproxy.package": {"declarations": ["nixos/modules/services/networking/dnsproxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dnsproxy"}, "description": "The dnsproxy package to use.", "loc": ["services", "dnsproxy", "package"], "readOnly": false, "type": "package"}, "services.dnsproxy.settings": {"declarations": ["nixos/modules/services/networking/dnsproxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the {file}`config.yaml` config file.\nThe `--config-path` argument will only be passed if this set is not empty.\n\nSee <https://github.com/AdguardTeam/dnsproxy/blob/master/config.yaml.dist>.\n", "example": {"_type": "literalExpression", "text": "{\n  bootstrap = [\n    \"8.8.8.8:53\"\n  ];\n  listen-addrs = [\n    \"0.0.0.0\"\n  ];\n  listen-ports = [\n    53\n  ];\n  upstream = [\n    \"1.1.1.1:53\"\n  ];\n}\n"}, "loc": ["services", "dnsproxy", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.do-agent.enable": {"declarations": ["nixos/modules/services/monitoring/do-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable do-agent, the DigitalOcean droplet metrics agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "do-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.dockerRegistry.configFile": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "pkgs.writeText \"docker-registry-config.yml\" \"# my custom docker-registry-config.yml ...\""}, "description": "Path to CNCF distribution config file.\n\nSetting this option will override any configuration applied by the extraConfig option.\n", "loc": ["services", "dockerRegistry", "configFile"], "readOnly": false, "type": "absolute path"}, "services.dockerRegistry.enable": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Docker Registry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dockerRegistry", "enable"], "readOnly": false, "type": "boolean"}, "services.dockerRegistry.enableDelete": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable delete for manifests and blobs.", "loc": ["services", "dockerRegistry", "enableDelete"], "readOnly": false, "type": "boolean"}, "services.dockerRegistry.enableGarbageCollect": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable garbage collect.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dockerRegistry", "enableGarbageCollect"], "readOnly": false, "type": "boolean"}, "services.dockerRegistry.enableRedisCache": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable redis as blob cache.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dockerRegistry", "enableRedisCache"], "readOnly": false, "type": "boolean"}, "services.dockerRegistry.extraConfig": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Docker extra registry configuration.\n", "example": {"_type": "literalExpression", "text": "{\n  log.level = \"debug\";\n}\n"}, "loc": ["services", "dockerRegistry", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.dockerRegistry.garbageCollectDates": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "Specification (in the format described by\n{manpage}`systemd.time(7)`) of the time at\nwhich the garbage collect will occur.\n", "loc": ["services", "dockerRegistry", "garbageCollectDates"], "readOnly": false, "type": "string"}, "services.dockerRegistry.listenAddress": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Docker registry host or ip to bind to.", "loc": ["services", "dockerRegistry", "listenAddress"], "readOnly": false, "type": "string"}, "services.dockerRegistry.openFirewall": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens the port used by the firewall.", "loc": ["services", "dockerRegistry", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.dockerRegistry.package": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "pkgs.distribution"}, "description": "The distribution package to use.", "example": {"_type": "literalExpression", "text": "gitlab-container-registry"}, "loc": ["services", "dockerRegistry", "package"], "readOnly": false, "type": "package"}, "services.dockerRegistry.port": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Docker registry port to bind to.", "loc": ["services", "dockerRegistry", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dockerRegistry.redisPassword": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Set redis password.", "loc": ["services", "dockerRegistry", "redisPassword"], "readOnly": false, "type": "string"}, "services.dockerRegistry.redisUrl": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:6379\""}, "description": "Set redis host and port.", "loc": ["services", "dockerRegistry", "redisUrl"], "readOnly": false, "type": "string"}, "services.dockerRegistry.storagePath": {"declarations": ["nixos/modules/services/misc/docker-registry.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/docker-registry\""}, "description": "Docker registry storage path for the filesystem storage backend. Set to\nnull to configure another backend via extraConfig.\n", "loc": ["services", "dockerRegistry", "storagePath"], "readOnly": false, "type": "null or absolute path"}, "services.docling-serve.enable": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Docling Serve server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "docling-serve", "enable"], "readOnly": false, "type": "boolean"}, "services.docling-serve.environment": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "{\n  DOCLING_SERVE_ENABLE_UI = \"False\";\n}"}, "description": "Extra environment variables for Docling Serve.\nFor more details see <https://github.com/docling-project/docling-serve/blob/main/docs/configuration.md>\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    DOCLING_SERVE_ENABLE_UI = \"True\";\n  }\n''"}, "loc": ["services", "docling-serve", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.docling-serve.environmentFile": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/doclingServeSecrets\""}, "loc": ["services", "docling-serve", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.docling-serve.host": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address which the Docling Serve server HTTP interface listens to.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "docling-serve", "host"], "readOnly": false, "type": "string"}, "services.docling-serve.openFirewall": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for Docling Serve.\nThis adds `services.Docling Serve.port` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "docling-serve", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.docling-serve.package": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "pkgs.docling-serve"}, "description": "The docling-serve package to use.", "loc": ["services", "docling-serve", "package"], "readOnly": false, "type": "package"}, "services.docling-serve.port": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "5001"}, "description": "Which port the Docling Serve server listens to.\n", "example": {"_type": "literalExpression", "text": "11111"}, "loc": ["services", "docling-serve", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.docling-serve.stateDir": {"declarations": ["nixos/modules/services/misc/docling-serve.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/docling-serve\""}, "description": "State directory of Docling Serve.", "example": {"_type": "literalExpression", "text": "\"/home/foo\""}, "loc": ["services", "docling-serve", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.documize.cert": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The {file}`cert.pem` file used for https.\n", "loc": ["services", "documize", "cert"], "readOnly": false, "type": "null or string"}, "services.documize.db": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "description": "Database specific connection string for example:\n- MySQL/Percona/MariaDB:\n  `user:password@tcp(host:3306)/documize`\n- MySQLv8+:\n  `user:password@tcp(host:3306)/documize?allowNativePasswords=true`\n- PostgreSQL:\n  `host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable`\n- MSSQL:\n  `sqlserver://username:password@localhost:1433?database=Documize` or\n  `sqlserver://sa@localhost/SQLExpress?database=Documize`\n", "loc": ["services", "documize", "db"], "readOnly": false, "type": "string"}, "services.documize.dbtype": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql\""}, "description": "Specify the database provider: `mysql`, `percona`, `mariadb`, `postgresql`, `sqlserver`\n", "loc": ["services", "documize", "dbtype"], "readOnly": false, "type": "one of \"mysql\", \"percona\", \"mariadb\", \"postgresql\", \"sqlserver\""}, "services.documize.enable": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Documize Wiki.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "documize", "enable"], "readOnly": false, "type": "boolean"}, "services.documize.forcesslport": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Redirect given http port number to TLS.\n", "loc": ["services", "documize", "forcesslport"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.documize.key": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The {file}`key.pem` file used for https.\n", "loc": ["services", "documize", "key"], "readOnly": false, "type": "null or string"}, "services.documize.location": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "reserved\n", "loc": ["services", "documize", "location"], "readOnly": false, "type": "null or string"}, "services.documize.offline": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set `true` for offline mode.\n", "loc": ["services", "documize", "offline"], "readOnly": false, "type": "boolean"}, "services.documize.package": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "pkgs.documize-community"}, "description": "The documize-community package to use.", "loc": ["services", "documize", "package"], "readOnly": false, "type": "package"}, "services.documize.port": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "5001"}, "description": "The http/https port number.\n", "loc": ["services", "documize", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.documize.salt": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The salt string used to encode JWT tokens, if not set a random value will be generated.\n", "example": {"_type": "literalExpression", "text": "\"3edIYV6c8B28b19fh\""}, "loc": ["services", "documize", "salt"], "readOnly": false, "type": "null or string"}, "services.documize.stateDirectoryName": {"declarations": ["nixos/modules/services/web-apps/documize.nix"], "default": {"_type": "literalExpression", "text": "\"documize\""}, "description": "The name of the directory below {file}`/var/lib/private`\nwhere documize runs in and stores, for example, backups.\n", "loc": ["services", "documize", "stateDirectoryName"], "readOnly": false, "type": "string"}, "services.docuseal.enable": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DocuSeal, open source document signing.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "docuseal", "enable"], "readOnly": false, "type": "boolean"}, "services.docuseal.extraConfig": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to DocuSeal services.\n", "loc": ["services", "docuseal", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.docuseal.extraEnvFiles": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra environment files to pass to DocuSeal services. Useful for passing down environmental secrets.\ne.g. DATABASE_URL\n", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/docuseal/s3config.env\"\n]"}, "loc": ["services", "docuseal", "extraEnvFiles"], "readOnly": false, "type": "list of absolute path"}, "services.docuseal.host": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "DocuSeal host.", "loc": ["services", "docuseal", "host"], "readOnly": false, "type": "string"}, "services.docuseal.package": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.docuseal"}, "description": "The docuseal package to use.", "loc": ["services", "docuseal", "package"], "readOnly": false, "type": "package"}, "services.docuseal.port": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "DocuSeal port.", "loc": ["services", "docuseal", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.docuseal.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local redis automatically.", "loc": ["services", "docuseal", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.docuseal.redis.host": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Redis server address.\n", "loc": ["services", "docuseal", "redis", "host"], "readOnly": false, "type": "string"}, "services.docuseal.redis.name": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "\"docuseal\""}, "description": "Name of the redis server. Only used if `createLocally` is set to true.\n", "loc": ["services", "docuseal", "redis", "name"], "readOnly": false, "type": "string"}, "services.docuseal.redis.port": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "Port of the redis server.", "loc": ["services", "docuseal", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.docuseal.secretKeyBaseFile": {"declarations": ["nixos/modules/services/web-apps/docuseal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/docuseal/secrets/secret-key-base\""}, "description": "Path to file containing the secret key base.\nA new secret key base can be generated by running:\n\n`openssl rand -hex 64`\n\nIf this file does not exist, it will be created with a new secret key base.\n", "loc": ["services", "docuseal", "secretKeyBaseFile"], "readOnly": false, "type": "absolute path"}, "services.docuum.deletionChunkSize": {"declarations": ["nixos/modules/services/admin/docuum.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Removes specified quantity of images at a time.", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["services", "docuum", "deletionChunkSize"], "readOnly": false, "type": "signed integer"}, "services.docuum.enable": {"declarations": ["nixos/modules/services/admin/docuum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable docuum daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "docuum", "enable"], "readOnly": false, "type": "boolean"}, "services.docuum.keep": {"declarations": ["nixos/modules/services/admin/docuum.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Prevents deletion of images for which repository:tag matches the specified regex.", "example": {"_type": "literalExpression", "text": "[\n  \"^my-image\"\n]"}, "loc": ["services", "docuum", "keep"], "readOnly": false, "type": "list of string"}, "services.docuum.minAge": {"declarations": ["nixos/modules/services/admin/docuum.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the minimum age of images to be considered for deletion.", "example": {"_type": "literalExpression", "text": "\"1d\""}, "loc": ["services", "docuum", "minAge"], "readOnly": false, "type": "null or string"}, "services.docuum.threshold": {"declarations": ["nixos/modules/services/admin/docuum.nix"], "default": {"_type": "literalExpression", "text": "\"10 GB\""}, "description": "Threshold for deletion in bytes, like `10 GB`, `10 GiB`, `10GB` or percentage-based thresholds like `50%`", "example": {"_type": "literalExpression", "text": "\"50%\""}, "loc": ["services", "docuum", "threshold"], "readOnly": false, "type": "string"}, "services.doh-proxy-rust.enable": {"declarations": ["nixos/modules/services/networking/doh-proxy-rust.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable doh-proxy-rust.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "doh-proxy-rust", "enable"], "readOnly": false, "type": "boolean"}, "services.doh-proxy-rust.flags": {"declarations": ["nixos/modules/services/networking/doh-proxy-rust.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of command-line flags to pass to doh-proxy. For details on the\navailable options, see <https://github.com/jedisct1/doh-server#usage>.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--server-address=9.9.9.9:53\"\n]"}, "loc": ["services", "doh-proxy-rust", "flags"], "readOnly": false, "type": "list of string"}, "services.doh-server.configFile": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "description": "The config file for the doh-server.\nSetting this option will override any configuration applied by the `settings` option.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/doh-server.conf\""}, "loc": ["services", "doh-server", "configFile"], "readOnly": false, "type": "absolute path"}, "services.doh-server.enable": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DNS-over-HTTPS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "doh-server", "enable"], "readOnly": false, "type": "boolean"}, "services.doh-server.package": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dns-over-https"}, "description": "The dns-over-https package to use.", "loc": ["services", "doh-server", "package"], "readOnly": false, "type": "package"}, "services.doh-server.settings": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of doh-server in toml. See example in <https://github.com/m13253/dns-over-https/blob/master/doh-server/doh-server.conf>", "example": {"_type": "literalExpression", "text": "{\n  listen = [\n    \":8153\"\n  ];\n  upstream = [\n    \"udp:127.0.0.1:53\"\n  ];\n}"}, "loc": ["services", "doh-server", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.doh-server.settings.ecs_allow_non_global_ip": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default, non global IP addresses are never forwarded to upstream servers.\nThis is to prevent two things from happening:\n  1. the upstream server knowing your private LAN addresses;\n  2. the upstream server unable to provide geographically near results,\n    or even fail to provide any result.\nHowever, if you are deploying a split tunnel corporation network environment, or for any other reason you want to inhibit this behavior and allow local (eg RFC1918) address to be forwarded, change the following option to \"true\".\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "doh-server", "settings", "ecs_allow_non_global_ip"], "readOnly": false, "type": "boolean"}, "services.doh-server.settings.ecs_use_precise_ip": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If ECS is added to the request, let the full IP address or cap it to 24 or 128 mask. This option is to be used only on private networks where knowledge of the terminal endpoint may be required for security purposes (eg. DNS Firewalling). Not a good option on the internet where IP address may be used to identify the user and not only the approximate location.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "doh-server", "settings", "ecs_use_precise_ip"], "readOnly": false, "type": "boolean"}, "services.doh-server.settings.listen": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1:8053\"\n  \"[::1]:8053\"\n]"}, "description": "HTTP listen address and port", "example": {"_type": "literalExpression", "text": "[\n  \":443\"\n]"}, "loc": ["services", "doh-server", "settings", "listen"], "readOnly": false, "type": "list of string"}, "services.doh-server.settings.log_guessed_client_ip": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP\nNote: http uri/useragent log cannot be controlled by this config\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "doh-server", "settings", "log_guessed_client_ip"], "readOnly": false, "type": "boolean"}, "services.doh-server.settings.path": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "\"/dns-query\""}, "description": "HTTP path for resolve application", "example": {"_type": "literalExpression", "text": "\"/dns-query\""}, "loc": ["services", "doh-server", "settings", "path"], "readOnly": false, "type": "string"}, "services.doh-server.settings.timeout": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Upstream timeout", "example": {"_type": "literalExpression", "text": "15"}, "loc": ["services", "doh-server", "settings", "timeout"], "readOnly": false, "type": "signed integer"}, "services.doh-server.settings.tries": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Number of tries if upstream DNS fails", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "doh-server", "settings", "tries"], "readOnly": false, "type": "signed integer"}, "services.doh-server.settings.upstream": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"udp:1.1.1.1:53\"\n  \"udp:1.0.0.1:53\"\n  \"udp:8.8.8.8:53\"\n  \"udp:8.8.4.4:53\"\n]"}, "description": "Upstream DNS resolver.\nIf multiple servers are specified, a random one will be chosen each time.\nYou can use \"udp\", \"tcp\" or \"tcp-tls\" for the type prefix.\nFor \"udp\", UDP will first be used, and switch to TCP when the server asks to or the response is too large.\nFor \"tcp\", only TCP will be used.\nFor \"tcp-tls\", DNS-over-TLS (RFC 7858) will be used to secure the upstream connection.\n", "example": {"_type": "literalExpression", "text": "[\n  \"udp:127.0.0.1:53\"\n]"}, "loc": ["services", "doh-server", "settings", "upstream"], "readOnly": false, "type": "list of string"}, "services.doh-server.settings.verbose": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable logging", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "doh-server", "settings", "verbose"], "readOnly": false, "type": "boolean"}, "services.doh-server.useACMEHost": {"declarations": ["nixos/modules/services/networking/doh-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "example": {"_type": "literalExpression", "text": "\"doh.example.com\""}, "loc": ["services", "doh-server", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.dokuwiki.sites": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more DokuWiki sites to serve", "loc": ["services", "dokuwiki", "sites"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.dokuwiki.sites.<name>.acl": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Access Control Lists: see <https://www.dokuwiki.org/acl>\nMutually exclusive with services.dokuwiki.aclFile\nSet this to a value other than null to take precedence over aclFile option.\n\nWarning: Consider using aclFile instead if you do not\nwant to store the ACL in the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    page = \"start\";\n    actor = \"@external\";\n    level = \"read\";\n  }\n  {\n    page = \"*\";\n    actor = \"@users\";\n    level = \"upload\";\n  }\n]\n"}, "loc": ["services", "dokuwiki", "sites", "<name>", "acl"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.dokuwiki.sites.<name>.acl.*.actor": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "description": "User or group to restrict", "example": {"_type": "literalExpression", "text": "\"@external\""}, "loc": ["services", "dokuwiki", "sites", "<name>", "acl", "*", "actor"], "readOnly": false, "type": "string"}, "services.dokuwiki.sites.<name>.acl.*.level": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "description": "Permission level to restrict the actor(s) to.\nSee <https://www.dokuwiki.org/acl#background_info> for explanation\n", "example": {"_type": "literalExpression", "text": "\"read\""}, "loc": ["services", "dokuwiki", "sites", "<name>", "acl", "*", "level"], "readOnly": false, "type": "one of 4, 16, 2, 0, 1, 8, \"create\", \"delete\", \"edit\", \"none\", \"read\", \"upload\""}, "services.dokuwiki.sites.<name>.acl.*.page": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "description": "Page or namespace to restrict", "example": {"_type": "literalExpression", "text": "\"start\""}, "loc": ["services", "dokuwiki", "sites", "<name>", "acl", "*", "page"], "readOnly": false, "type": "string"}, "services.dokuwiki.sites.<name>.aclFile": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dokuwiki/\u2039name\u203a/acl.auth.php\""}, "description": "Location of the dokuwiki acl rules.\nMutually exclusive with services.dokuwiki.acl which is preferred.\nConsult documentation <https://www.dokuwiki.org/acl> for further instructions.\nExample: <https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist>\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/dokuwiki/\u2039name\u203a/acl.auth.php\""}, "loc": ["services", "dokuwiki", "sites", "<name>", "aclFile"], "readOnly": false, "type": "null or string"}, "services.dokuwiki.sites.<name>.extraConfigs": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Path(s) to additional configuration files that are then linked to the 'conf' directory.\n", "example": {"_type": "literalExpression", "text": "{\n  \"acronyms.local.conf\" = pkgs.writeText \"acronyms.local.conf\" ''\n    r13y  reproducibility\n  '';\n  \"entities.local.conf\" = ./dokuwiki-entities;\n}\n"}, "loc": ["services", "dokuwiki", "sites", "<name>", "extraConfigs"], "readOnly": false, "type": "attribute set of absolute path"}, "services.dokuwiki.sites.<name>.mergedConfig": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{\n  useacl = true;\n}\n"}, "description": "Read only representation of the final configuration.\n", "loc": ["services", "dokuwiki", "sites", "<name>", "mergedConfig"], "readOnly": true, "type": "unspecified value"}, "services.dokuwiki.sites.<name>.package": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dokuwiki"}, "description": "The dokuwiki package to use.", "loc": ["services", "dokuwiki", "sites", "<name>", "package"], "readOnly": false, "type": "package"}, "services.dokuwiki.sites.<name>.phpOptions": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for PHP's php.ini file for this dokuwiki site.\n", "example": {"_type": "literalExpression", "text": "{\n  \"opcache.interned_strings_buffer\" = \"8\";\n  \"opcache.max_accelerated_files\" = \"10000\";\n  \"opcache.memory_consumption\" = \"128\";\n  \"opcache.revalidate_freq\" = \"15\";\n  \"opcache.fast_shutdown\" = \"1\";\n}\n"}, "loc": ["services", "dokuwiki", "sites", "<name>", "phpOptions"], "readOnly": false, "type": "attribute set of string"}, "services.dokuwiki.sites.<name>.phpPackage": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php84"}, "description": "The php package to use.", "loc": ["services", "dokuwiki", "sites", "<name>", "phpPackage"], "readOnly": false, "type": "package"}, "services.dokuwiki.sites.<name>.plugins": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.\n\n::: {.note}\nThese plugins need to be packaged before use, see example.\n:::\n", "example": {"_type": "literalExpression", "text": "let\n  plugin-icalevents = pkgs.stdenv.mkDerivation rec {\n    name = \"icalevents\";\n    version = \"2017-06-16\";\n    src = pkgs.fetchzip {\n      stripRoot = false;\n      url = \"https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/${version}/dokuwiki-plugin-icalevents-${version}.zip\";\n      hash = \"sha256-IPs4+qgEfe8AAWevbcCM9PnyI0uoyamtWeg4rEb+9Wc=\";\n    };\n    installPhase = \"mkdir -p $out; cp -R * $out/\";\n  };\n# And then pass this plugin to the plugin list like this:\nin [ plugin-icalevents ]\n"}, "loc": ["services", "dokuwiki", "sites", "<name>", "plugins"], "readOnly": false, "type": "list of absolute path"}, "services.dokuwiki.sites.<name>.pluginsConfig": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{\n  authad = false;\n  authldap = false;\n  authmysql = false;\n  authpgsql = false;\n}"}, "description": "List of the dokuwiki (un)loaded plugins.\n", "loc": ["services", "dokuwiki", "sites", "<name>", "pluginsConfig"], "readOnly": false, "type": "attribute set of boolean"}, "services.dokuwiki.sites.<name>.poolConfig": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the DokuWiki PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "dokuwiki", "sites", "<name>", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.dokuwiki.sites.<name>.settings": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "{\n  superuser = \"admin\";\n  useacl = true;\n}"}, "description": "Structural DokuWiki configuration.\nRefer to <https://www.dokuwiki.org/config>\nfor details and supported values.\nSettings can either be directly set from nix,\nloaded from a file using `._file` or obtained from any\nPHP function calls using `._raw`.\n", "example": {"_type": "literalExpression", "text": "{\n  title = \"My Wiki\";\n  userewrite = 1;\n  disableactions = [ \"register\" ]; # Will be concatenated with commas\n  plugin.smtp = {\n    smtp_pass._file = \"/var/run/secrets/dokuwiki/smtp_pass\";\n    smtp_user._raw = \"getenv('DOKUWIKI_SMTP_USER')\";\n  };\n}\n"}, "loc": ["services", "dokuwiki", "sites", "<name>", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.dokuwiki.sites.<name>.stateDir": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dokuwiki/\u2039name\u203a/data\""}, "description": "Location of the DokuWiki state directory.", "loc": ["services", "dokuwiki", "sites", "<name>", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.dokuwiki.sites.<name>.templates": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of path(s) to respective template(s) which are copied into the 'tpl' directory.\n\n::: {.note}\nThese templates need to be packaged before use, see example.\n:::\n", "example": {"_type": "literalExpression", "text": "let\n  template-bootstrap3 = pkgs.stdenv.mkDerivation rec {\n  name = \"bootstrap3\";\n  version = \"2022-07-27\";\n  src = pkgs.fetchFromGitHub {\n    owner = \"giterlizzi\";\n    repo = \"dokuwiki-template-bootstrap3\";\n    rev = \"v${version}\";\n    hash = \"sha256-B3Yd4lxdwqfCnfmZdp+i/Mzwn/aEuZ0ovagDxuR6lxo=\";\n  };\n  installPhase = \"mkdir -p $out; cp -R * $out/\";\n};\n# And then pass this theme to the template list like this:\nin [ template-bootstrap3 ]\n"}, "loc": ["services", "dokuwiki", "sites", "<name>", "templates"], "readOnly": false, "type": "list of absolute path"}, "services.dokuwiki.sites.<name>.usersFile": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dokuwiki/\u2039name\u203a/users.auth.php\""}, "description": "Location of the dokuwiki users file. List of users. Format:\n\n    login:passwordhash:Real Name:email:groups,comma,separated\n\nCreate passwordHash easily by using:\n\n    mkpasswd -5 password `pwgen 8 1`\n\nExample: <https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist>\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/dokuwiki/\u2039name\u203a/users.auth.php\""}, "loc": ["services", "dokuwiki", "sites", "<name>", "usersFile"], "readOnly": false, "type": "null or string"}, "services.dokuwiki.webserver": {"declarations": ["nixos/modules/services/web-apps/dokuwiki.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Whether to use nginx or caddy for virtual host management.\n\nFurther nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n\nFurther caddy configuration can be done by adapting `services.caddy.virtualHosts.<name>`.\nSee [](#opt-services.caddy.virtualHosts) for further information.\n", "loc": ["services", "dokuwiki", "webserver"], "readOnly": false, "type": "one of \"nginx\", \"caddy\""}, "services.dolibarr.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "dolibarr", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.dolibarr.database.host": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "dolibarr", "database", "host"], "readOnly": false, "type": "string"}, "services.dolibarr.database.name": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"dolibarr\""}, "description": "Database name.", "loc": ["services", "dolibarr", "database", "name"], "readOnly": false, "type": "string"}, "services.dolibarr.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database password file.", "example": {"_type": "literalExpression", "text": "\"/run/keys/dolibarr-dbpassword\""}, "loc": ["services", "dolibarr", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.database.port": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "dolibarr", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dolibarr.database.type": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"postgresql\""}, "loc": ["services", "dolibarr", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"postgresql\""}, "services.dolibarr.database.user": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"dolibarr\""}, "description": "Database username.", "loc": ["services", "dolibarr", "database", "user"], "readOnly": false, "type": "string"}, "services.dolibarr.domain": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Domain name of your server.\n", "loc": ["services", "dolibarr", "domain"], "readOnly": false, "type": "string"}, "services.dolibarr.enable": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dolibarr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dolibarr", "enable"], "readOnly": false, "type": "boolean"}, "services.dolibarr.group": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"dolibarr\""}, "description": "Group account under which dolibarr runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the group exists before the dolibarr application starts.\n:::\n", "loc": ["services", "dolibarr", "group"], "readOnly": false, "type": "string"}, "services.dolibarr.h2o": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an H2O virtual host which already\nhas sensible defaults for Dolibarr. Set to `{ }` if you do not need any\ncustomization to the virtual host. If enabled, then by default, the\n{option}`serverName` is `${domain}`, If this is set to `null` (the\ndefault), no H2O `hosts` will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  acme.enable = true;\n  tls.policy = \"force\";\n  compress = \"ON\";\n}\n"}, "loc": ["services", "dolibarr", "h2o"], "readOnly": false, "type": "null or (submodule)"}, "services.dolibarr.h2o.acme": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ACME options for virtual host.", "loc": ["services", "dolibarr", "h2o", "acme"], "readOnly": false, "type": "null or (submodule)"}, "services.dolibarr.h2o.acme.enable": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let\u2019s Encrypt to sign a certificate for this\nvirtual host. Alternatively, an existing host can be used thru\n{option}`acme.useHost`.\n", "loc": ["services", "dolibarr", "h2o", "acme", "enable"], "readOnly": false, "type": "boolean"}, "services.dolibarr.h2o.acme.root": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don\u2019t put\ncerts or keys in here. Set to `null` to inherit from\nconfig.security.acme.\n", "loc": ["services", "dolibarr", "h2o", "acme", "root"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.h2o.acme.useHost": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An existing Let\u2019s Encrypt certificate to use for this virtual\nhost. This is useful if you have many subdomains and want to\navoid hitting the [rate\nlimit](https://letsencrypt.org/docs/rate-limits). Alternately,\nyou can generate a certificate through {option}`acme.enable`.\nNote that this option neither creates any certificates nor does\nit add subdomains to existing ones\u2009\u2014\u2009you will need to create\nthem manually using [](#opt-security.acme.certs).\n", "loc": ["services", "dolibarr", "h2o", "acme", "useHost"], "readOnly": false, "type": "null or non-empty string"}, "services.dolibarr.h2o.host": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the host address for this virtual host. If unset, the default is to\nlisten on all network interfaces.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "dolibarr", "h2o", "host"], "readOnly": false, "type": "null or non-empty string"}, "services.dolibarr.h2o.http": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP options for virtual host", "loc": ["services", "dolibarr", "h2o", "http"], "readOnly": false, "type": "null or (submodule)"}, "services.dolibarr.h2o.http.port": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "config.services.h2o.defaultHTTPListenPort\n"}, "description": "Override the default HTTP port for this virtual host.\n", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "dolibarr", "h2o", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dolibarr.h2o.serverAliases": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host\nconfiguration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "dolibarr", "h2o", "serverAliases"], "readOnly": false, "type": "list of non-empty string"}, "services.dolibarr.h2o.serverName": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Server name to be used for this virtual host. Defaults to attribute\nname in hosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "dolibarr", "h2o", "serverName"], "readOnly": false, "type": "null or non-empty string"}, "services.dolibarr.h2o.settings": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset to be transformed into YAML for host config. Note that the HTTP\n/ TLS configurations will override these config values. See\n<https://h2o.examp1e.net/configure/base_directives.html#hosts>.\n", "loc": ["services", "dolibarr", "h2o", "settings"], "readOnly": false, "type": "attribute set"}, "services.dolibarr.h2o.tls": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS options for virtual host", "loc": ["services", "dolibarr", "h2o", "tls"], "readOnly": false, "type": "null or (submodule)"}, "services.dolibarr.h2o.tls.extraSettings": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional TLS/SSL-related configuration options. See\n<https://h2o.examp1e.net/configure/base_directives.html#listen-ssl>.\n", "example": {"_type": "literalExpression", "text": "{\n  minimum-version = \"TLSv1.3\";\n}\n"}, "loc": ["services", "dolibarr", "h2o", "tls", "extraSettings"], "readOnly": false, "type": "attribute set"}, "services.dolibarr.h2o.tls.identity": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Key / certificate pairs for the virtual host.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    key-file = \"/path/to/rsa.key\";\n    certificate-file = \"/path/to/rsa.crt\";\n  }\n  {\n    key-file = \"/path/to/ecdsa.key\";\n    certificate-file = \"/path/to/ecdsa.crt\";\n  }\n]\n"}, "loc": ["services", "dolibarr", "h2o", "tls", "identity"], "readOnly": false, "type": "list of (submodule)"}, "services.dolibarr.h2o.tls.identity.*.certificate-file": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "description": "Path to certificate file. See\n<https://h2o.examp1e.net/configure/base_directives.html#certificate-file>.\n", "loc": ["services", "dolibarr", "h2o", "tls", "identity", "*", "certificate-file"], "readOnly": false, "type": "absolute path"}, "services.dolibarr.h2o.tls.identity.*.key-file": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "description": "Path to key file. See\n<https://h2o.examp1e.net/configure/base_directives.html#key-file>.\n", "loc": ["services", "dolibarr", "h2o", "tls", "identity", "*", "key-file"], "readOnly": false, "type": "absolute path"}, "services.dolibarr.h2o.tls.policy": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "description": "`add` will additionally listen for TLS connections. `only` will\ndisable   TLS connections. `force` will redirect non-TLS traffic\nto the TLS connection.\n", "example": {"_type": "literalExpression", "text": "\"force\""}, "loc": ["services", "dolibarr", "h2o", "tls", "policy"], "readOnly": false, "type": "one of \"add\", \"only\", \"force\""}, "services.dolibarr.h2o.tls.port": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "config.services.h2o.defaultTLSListenPort\n"}, "description": "Override the default TLS port for this virtual host.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "dolibarr", "h2o", "tls", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dolibarr.h2o.tls.quic": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables HTTP/3 over QUIC on the UDP port for TLS. The attrset\nprovides fine-turning for QUIC behavior, but can be empty. See\n<https://h2o.examp1e.net/configure/http3_directives.html#quic-attributes>.\n", "example": {"_type": "literalExpression", "text": "{\n  amp-limit = 2;\n  handshake-timeout-rtt-multiplier = 300;\n  retry = \"ON\";\n}\n"}, "loc": ["services", "dolibarr", "h2o", "tls", "quic"], "readOnly": false, "type": "null or (attribute set)"}, "services.dolibarr.h2o.tls.recommendations": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default, H2O, without prejudice, will use as many TLS versions &\ncipher suites as it & the TLS library (OpenSSL) can support. The user is\nexpected to hone settings for the security of their server. Setting some\nconstraints is recommended, & if unsure about what TLS settings to use,\nthis option gives curated TLS settings recommendations from Mozilla\u2019s\n\u2018SSL Configuration Generator\u2019 project (see\n<https://ssl-config.mozilla.org>) or read more at Mozilla\u2019s Wiki (see\n<https://wiki.mozilla.org/Security/Server_Side_TLS>).\n\nmodern\n: Services with clients that support TLS 1.3 & don\u2019t need backward\n  compatibility\n\nintermediate\n: General-purpose servers with a variety of clients, recommended for\n  almost all systems\n\nold\n: Compatible with a number of very old clients, & should be used only as\n  a last resort\n\nThe default for all virtual hosts can be set with\nservices.h2o.defaultTLSRecommendations, but this value can be overridden\non a per-host basis using services.h2o.hosts.<name>.tls.recommmendations.\nThe settings will also be overidden by manual values set with\nservices.settings.h2o.hosts.<name>.tls.extraSettings.\n\nNOTE: older/weaker ciphers might require overriding the OpenSSL version\nof H2O (such as `openssl_legacy`). This can be done with\nsevices.settings.h2o.package.\n", "example": {"_type": "literalExpression", "text": "\"intermediate\""}, "loc": ["services", "dolibarr", "h2o", "tls", "recommendations"], "readOnly": false, "type": "null or one of \"modern\", \"intermediate\", \"old\""}, "services.dolibarr.h2o.tls.redirectCode": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` & `forceSSL`. Possible\nusecases include temporary (302, 307) redirects, keeping the\nrequest method & body (307, 308), or explicitly resetting the\nmethod to GET (303). See\n<https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "dolibarr", "h2o", "tls", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.dolibarr.nginx": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr.\nSet to {} if you do not need any customization to the virtual host.\nIf enabled, then by default, the {option}`serverName` is\n`${domain}`,\nSSL is active, and certificates are acquired via ACME.\nIf this is set to null (the default), no nginx virtualHost will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"dolibarr.${config.networking.domain}\"\n    \"erp.${config.networking.domain}\"\n  ];\n  enableACME = false;\n}\n"}, "loc": ["services", "dolibarr", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.dolibarr.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "dolibarr", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "dolibarr", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "dolibarr", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "dolibarr", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.dolibarr.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "dolibarr", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.nginx.default": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "dolibarr", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "dolibarr", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "dolibarr", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.dolibarr.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "dolibarr", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "dolibarr", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "dolibarr", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "dolibarr", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "dolibarr", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "dolibarr", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "dolibarr", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.dolibarr.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "description": "Listen address.", "loc": ["services", "dolibarr", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.dolibarr.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "dolibarr", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.dolibarr.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "dolibarr", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dolibarr.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "dolibarr", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "dolibarr", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "dolibarr", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.dolibarr.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "dolibarr", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.dolibarr.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.dolibarr.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.dolibarr.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.dolibarr.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.dolibarr.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.dolibarr.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "dolibarr", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "dolibarr", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "dolibarr", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "dolibarr", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.dolibarr.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "dolibarr", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "dolibarr", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.dolibarr.nginx.root": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "dolibarr", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "dolibarr", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.dolibarr.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "dolibarr", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.dolibarr.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "dolibarr", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.dolibarr.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "dolibarr", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.dolibarr.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "dolibarr", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.dolibarr.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "dolibarr", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.dolibarr.package": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dolibarr"}, "description": "The dolibarr package to use.", "loc": ["services", "dolibarr", "package"], "readOnly": false, "type": "package"}, "services.dolibarr.poolConfig": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the Dolibarr PHP pool. See the documentation on [`php-fpm.conf`](https://www.php.net/manual/en/install.fpm.configuration.php)\nfor details on configuration directives.\n", "loc": ["services", "dolibarr", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.dolibarr.settings": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Dolibarr settings, see <https://github.com/Dolibarr/dolibarr/blob/develop/htdocs/conf/conf.php.example> for details.", "loc": ["services", "dolibarr", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "services.dolibarr.stateDir": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dolibarr\""}, "description": "State and configuration directory dolibarr will use.\n", "loc": ["services", "dolibarr", "stateDir"], "readOnly": false, "type": "string"}, "services.dolibarr.user": {"declarations": ["nixos/modules/services/web-apps/dolibarr.nix"], "default": {"_type": "literalExpression", "text": "\"dolibarr\""}, "description": "User account under which dolibarr runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the dolibarr application starts.\n:::\n", "loc": ["services", "dolibarr", "user"], "readOnly": false, "type": "string"}, "services.domoticz.bind": {"declarations": ["nixos/modules/services/misc/domoticz.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address to bind to.", "loc": ["services", "domoticz", "bind"], "readOnly": false, "type": "string"}, "services.domoticz.enable": {"declarations": ["nixos/modules/services/misc/domoticz.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Domoticz home automation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "domoticz", "enable"], "readOnly": false, "type": "boolean"}, "services.domoticz.port": {"declarations": ["nixos/modules/services/misc/domoticz.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port to bind to for HTTP, set to 0 to disable HTTP.", "loc": ["services", "domoticz", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dovecot2.configFile": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Config file used for the whole dovecot configuration.", "loc": ["services", "dovecot2", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.dovecot2.createMailUser": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable automatically creating the user\n      given in {option}`services.dovecot.user` and the group\n      given in {option}`services.dovecot.group`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "createMailUser"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enable": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the dovecot 2.x POP3/IMAP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enable"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enableDHE": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable ssl_dh and generation of primes for the key exchange.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enableDHE"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enableImap": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable starting the IMAP listener (when Dovecot is enabled).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enableImap"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enableLmtp": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable starting the LMTP listener (when Dovecot is enabled).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enableLmtp"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enablePAM": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable creating a own Dovecot PAM service and configure PAM user logins.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enablePAM"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enablePop3": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable starting the POP3 listener (when Dovecot is enabled).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enablePop3"], "readOnly": false, "type": "boolean"}, "services.dovecot2.enableQuota": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the dovecot quota service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "enableQuota"], "readOnly": false, "type": "boolean"}, "services.dovecot2.extraConfig": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional entries to put verbatim into Dovecot's config file.", "example": {"_type": "literalExpression", "text": "\"mail_debug = yes\""}, "loc": ["services", "dovecot2", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.dovecot2.group": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"dovecot2\""}, "description": "Dovecot group name.", "loc": ["services", "dovecot2", "group"], "readOnly": false, "type": "string"}, "services.dovecot2.imapsieve.mailbox": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configure Sieve filtering rules on IMAP actions", "loc": ["services", "dovecot2", "imapsieve", "mailbox"], "readOnly": false, "type": "list of (submodule)"}, "services.dovecot2.imapsieve.mailbox.*.after": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When an IMAP event of interest occurs, this sieve script is executed after any user script respectively.\n\nThis setting each specify the location of a single sieve script. The semantics of this setting is similar to sieve_after: the specified scripts form a sequence together with the user script in which the next script is only executed when an (implicit) keep action is executed.\n", "example": {"_type": "literalExpression", "text": "./report-spam.sieve"}, "loc": ["services", "dovecot2", "imapsieve", "mailbox", "*", "after"], "readOnly": false, "type": "null or absolute path"}, "services.dovecot2.imapsieve.mailbox.*.before": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When an IMAP event of interest occurs, this sieve script is executed before any user script respectively.\n\nThis setting each specify the location of a single sieve script. The semantics of this setting is similar to sieve_before: the specified scripts form a sequence together with the user script in which the next script is only executed when an (implicit) keep action is executed.\n", "example": {"_type": "literalExpression", "text": "./report-spam.sieve"}, "loc": ["services", "dovecot2", "imapsieve", "mailbox", "*", "before"], "readOnly": false, "type": "null or absolute path"}, "services.dovecot2.imapsieve.mailbox.*.causes": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox.<name>.name when one of the listed IMAPSIEVE causes apply.\n\nThis has no effect on the user script, which is always executed no matter the cause.\n", "example": {"_type": "literalExpression", "text": "[\n  \"COPY\"\n  \"APPEND\"\n]"}, "loc": ["services", "dovecot2", "imapsieve", "mailbox", "*", "causes"], "readOnly": false, "type": "list of (one of \"APPEND\", \"COPY\", \"FLAG\")"}, "services.dovecot2.imapsieve.mailbox.*.from": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox.<name>.name when the message originates from the indicated mailbox.\n\nThis setting supports wildcards with a syntax compatible with the IMAP LIST command, meaning that this setting can apply to multiple or even all (\"*\") mailboxes.\n", "example": {"_type": "literalExpression", "text": "\"*\""}, "loc": ["services", "dovecot2", "imapsieve", "mailbox", "*", "from"], "readOnly": false, "type": "null or string"}, "services.dovecot2.imapsieve.mailbox.*.name": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "description": "This setting configures the name of a mailbox for which administrator scripts are configured.\n\nThe settings defined hereafter with matching sequence numbers apply to the mailbox named by this setting.\n\nThis setting supports wildcards with a syntax compatible with the IMAP LIST command, meaning that this setting can apply to multiple or even all (\"*\") mailboxes.\n", "example": {"_type": "literalExpression", "text": "\"Junk\""}, "loc": ["services", "dovecot2", "imapsieve", "mailbox", "*", "name"], "readOnly": false, "type": "string"}, "services.dovecot2.mailGroup": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default group to store mail for virtual users.", "loc": ["services", "dovecot2", "mailGroup"], "readOnly": false, "type": "null or string"}, "services.dovecot2.mailLocation": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"maildir:/var/spool/mail/%u\""}, "description": "Location that dovecot will use for mail folders. Dovecot mail_location option.\n", "example": {"_type": "literalExpression", "text": "\"maildir:~/mail:INBOX=/var/spool/mail/%u\""}, "loc": ["services", "dovecot2", "mailLocation"], "readOnly": false, "type": "string"}, "services.dovecot2.mailPlugins": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "{\n  globally = {\n    enable = [ ];\n  };\n  perProtocol = { };\n}"}, "description": "Additional entries to add to the mail_plugins variable, globally and per protocol", "example": {"_type": "literalExpression", "text": "{\n  globally = {\n    enable = [\n      \"acl\"\n    ];\n  };\n  perProtocol = {\n    imap = {\n      enable = [\n        \"imap_acl\"\n      ];\n    };\n  };\n}"}, "loc": ["services", "dovecot2", "mailPlugins"], "readOnly": false, "type": "submodule"}, "services.dovecot2.mailPlugins.globally": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "{\n  enable = [ ];\n}"}, "description": "Additional entries to add to the mail_plugins variable for all protocols", "example": {"_type": "literalExpression", "text": "{\n  enable = [\n    \"virtual\"\n  ];\n}"}, "loc": ["services", "dovecot2", "mailPlugins", "globally"], "readOnly": false, "type": "submodule"}, "services.dovecot2.mailPlugins.globally.enable": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "mail plugins to enable as a list of strings to append to the top-level `$mail_plugins` configuration variable", "loc": ["services", "dovecot2", "mailPlugins", "globally", "enable"], "readOnly": false, "type": "list of string"}, "services.dovecot2.mailPlugins.perProtocol": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional entries to add to the mail_plugins variable, per protocol", "example": {"_type": "literalExpression", "text": "{\n  imap = [\n    \"imap_acl\"\n  ];\n}"}, "loc": ["services", "dovecot2", "mailPlugins", "perProtocol"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.dovecot2.mailPlugins.perProtocol.<name>.enable": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "mail plugins to enable as a list of strings to append to the corresponding per-protocol `$mail_plugins` configuration variable", "loc": ["services", "dovecot2", "mailPlugins", "perProtocol", "<name>", "enable"], "readOnly": false, "type": "list of string"}, "services.dovecot2.mailUser": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default user to store mail for virtual users.", "loc": ["services", "dovecot2", "mailUser"], "readOnly": false, "type": "null or string"}, "services.dovecot2.mailboxes": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configure mailboxes and auto create or subscribe them.", "example": {"_type": "literalExpression", "text": "{\n  Spam = { specialUse = \"Junk\"; auto = \"create\"; };\n}\n"}, "loc": ["services", "dovecot2", "mailboxes"], "readOnly": false, "type": "(attribute set of (submodule)) or (list of unspecified value) convertible to it"}, "services.dovecot2.mailboxes.<name>.auto": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Whether to automatically create or create and subscribe to the mailbox or not.", "example": {"_type": "literalExpression", "text": "\"subscribe\""}, "loc": ["services", "dovecot2", "mailboxes", "<name>", "auto"], "readOnly": false, "type": "one of \"no\", \"create\", \"subscribe\""}, "services.dovecot2.mailboxes.<name>.autoexpunge": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To automatically remove all email from the mailbox which is older than the\nspecified time.\n", "example": {"_type": "literalExpression", "text": "\"60d\""}, "loc": ["services", "dovecot2", "mailboxes", "<name>", "autoexpunge"], "readOnly": false, "type": "null or string"}, "services.dovecot2.mailboxes.<name>.name": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the mailbox.", "example": {"_type": "literalExpression", "text": "\"Spam\""}, "loc": ["services", "dovecot2", "mailboxes", "<name>", "name"], "readOnly": true, "type": "string matching the pattern [^\"]+"}, "services.dovecot2.mailboxes.<name>.specialUse": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.", "example": {"_type": "literalExpression", "text": "\"Junk\""}, "loc": ["services", "dovecot2", "mailboxes", "<name>", "specialUse"], "readOnly": false, "type": "null or one of \"All\", \"Archive\", \"Drafts\", \"Flagged\", \"Junk\", \"Sent\", \"Trash\""}, "services.dovecot2.pluginSettings": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Plugin settings for dovecot in general, e.g. `sieve`, `sieve_default`, etc.\n\nSome of the other knobs of this module will influence by default the plugin settings, but you\ncan still override any plugin settings.\n\nIf you override a plugin setting, its value is cleared and you have to copy over the defaults.\n", "example": {"_type": "literalExpression", "text": "{\n  sieve = \"file:~/sieve;active=~/.dovecot.sieve\";\n}\n"}, "loc": ["services", "dovecot2", "pluginSettings"], "readOnly": false, "type": "attribute set of (string or package)"}, "services.dovecot2.protocols": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional listeners to start when Dovecot is enabled.", "loc": ["services", "dovecot2", "protocols"], "readOnly": false, "type": "list of string"}, "services.dovecot2.quotaGlobalPerUser": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"100G\""}, "description": "Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %.", "example": {"_type": "literalExpression", "text": "\"10G\""}, "loc": ["services", "dovecot2", "quotaGlobalPerUser"], "readOnly": false, "type": "string"}, "services.dovecot2.quotaPort": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"12340\""}, "description": "The Port the dovecot quota service binds to.\nIf using postfix, add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config.\n", "loc": ["services", "dovecot2", "quotaPort"], "readOnly": false, "type": "string"}, "services.dovecot2.showPAMFailure": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable showing the PAM failure message on authentication error (useful for OTPW).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dovecot2", "showPAMFailure"], "readOnly": false, "type": "boolean"}, "services.dovecot2.sieve.extensions": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Sieve extensions for use in user scripts", "example": {"_type": "literalExpression", "text": "[\n  \"notify\"\n  \"imapflags\"\n  \"vnd.dovecot.filter\"\n]"}, "loc": ["services", "dovecot2", "sieve", "extensions"], "readOnly": false, "type": "list of string"}, "services.dovecot2.sieve.globalExtensions": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Sieve extensions for use in global scripts", "example": {"_type": "literalExpression", "text": "[\n  \"vnd.dovecot.environment\"\n]"}, "loc": ["services", "dovecot2", "sieve", "globalExtensions"], "readOnly": false, "type": "list of string"}, "services.dovecot2.sieve.pipeBins": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Programs available for use by the vnd.dovecot.pipe extension", "example": {"_type": "literalExpression", "text": "map lib.getExe [\n  (pkgs.writeShellScriptBin \"learn-ham.sh\" \"exec ${pkgs.rspamd}/bin/rspamc learn_ham\")\n  (pkgs.writeShellScriptBin \"learn-spam.sh\" \"exec ${pkgs.rspamd}/bin/rspamc learn_spam\")\n]\n"}, "loc": ["services", "dovecot2", "sieve", "pipeBins"], "readOnly": false, "type": "list of absolute path"}, "services.dovecot2.sieve.plugins": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Sieve plugins to load", "example": {"_type": "literalExpression", "text": "[\n  \"sieve_extprograms\"\n]"}, "loc": ["services", "dovecot2", "sieve", "plugins"], "readOnly": false, "type": "list of string"}, "services.dovecot2.sieve.scripts": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.", "loc": ["services", "dovecot2", "sieve", "scripts"], "readOnly": false, "type": "attribute set of absolute path"}, "services.dovecot2.sslCACert": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the server's CA certificate key.", "loc": ["services", "dovecot2", "sslCACert"], "readOnly": false, "type": "null or string"}, "services.dovecot2.sslServerCert": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the server's public key.", "loc": ["services", "dovecot2", "sslServerCert"], "readOnly": false, "type": "null or string"}, "services.dovecot2.sslServerKey": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the server's private key.", "loc": ["services", "dovecot2", "sslServerKey"], "readOnly": false, "type": "null or string"}, "services.dovecot2.user": {"declarations": ["nixos/modules/services/mail/dovecot.nix"], "default": {"_type": "literalExpression", "text": "\"dovecot2\""}, "description": "Dovecot user name.", "loc": ["services", "dovecot2", "user"], "readOnly": false, "type": "string"}, "services.dragonflydb.bind": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP interface to bind to.\n`null` means \"all interfaces\".\n", "loc": ["services", "dragonflydb", "bind"], "readOnly": false, "type": "null or string"}, "services.dragonflydb.cacheMode": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Once this mode is on, Dragonfly will evict items least likely to be stumbled\nupon in the future but only when it is near maxmemory limit.\n", "loc": ["services", "dragonflydb", "cacheMode"], "readOnly": false, "type": "null or boolean"}, "services.dragonflydb.dbNum": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of supported databases for `select`", "loc": ["services", "dragonflydb", "dbNum"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.dragonflydb.enable": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DragonflyDB.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dragonflydb", "enable"], "readOnly": false, "type": "boolean"}, "services.dragonflydb.keysOutputLimit": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "8192"}, "description": "Maximum number of returned keys in keys command.\n`keys` is a dangerous command.\nWe truncate its result to avoid blowup in memory when fetching too many keys.\n", "loc": ["services", "dragonflydb", "keysOutputLimit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.dragonflydb.maxMemory": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum amount of memory to use for storage (in bytes).\n`null` means this will be automatically set.\n", "loc": ["services", "dragonflydb", "maxMemory"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.dragonflydb.memcachePort": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To enable memcached compatible API on this port.\n`null` means disabled.\n", "loc": ["services", "dragonflydb", "memcachePort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dragonflydb.port": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "The TCP port to accept connections.", "loc": ["services", "dragonflydb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dragonflydb.requirePass": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for database", "example": {"_type": "literalExpression", "text": "\"letmein!\""}, "loc": ["services", "dragonflydb", "requirePass"], "readOnly": false, "type": "null or string"}, "services.dragonflydb.user": {"declarations": ["nixos/modules/services/databases/dragonflydb.nix"], "default": {"_type": "literalExpression", "text": "\"dragonfly\""}, "description": "The user to run DragonflyDB as", "loc": ["services", "dragonflydb", "user"], "readOnly": false, "type": "string"}, "services.draupnir.enable": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Draupnir, a moderations bot for Matrix.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "draupnir", "enable"], "readOnly": false, "type": "boolean"}, "services.draupnir.package": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "pkgs.draupnir"}, "description": "The draupnir package to use.", "loc": ["services", "draupnir", "package"], "readOnly": false, "type": "package"}, "services.draupnir.secrets.accessToken": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the access token for Draupnir's Matrix account\nto be used in place of {option}`services.draupnir.settings.accessToken`.\n", "loc": ["services", "draupnir", "secrets", "accessToken"], "readOnly": false, "type": "null or absolute path"}, "services.draupnir.secrets.pantalaimon.password": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password for Draupnir's Matrix account when used in\nconjunction with Pantalaimon to be used in place of\n{option}`services.draupnir.settings.pantalaimon.password`.\n\n::: {.warning}\nTake note that upstream has limited Pantalaimon and E2EE support:\n<https://the-draupnir-project.github.io/draupnir-documentation/bot/encryption> and\n<https://the-draupnir-project.github.io/draupnir-documentation/shared/dogfood#e2ee-support>.\n:::\n", "loc": ["services", "draupnir", "secrets", "pantalaimon", "password"], "readOnly": false, "type": "null or absolute path"}, "services.draupnir.secrets.web.synapseHTTPAntispam.authorization": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the secret token when using the Synapse HTTP Antispam module\nto be used in place of\n{option}`services.draupnir.settings.web.synapseHTTPAntispam.authorization`.\n\nSee <https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam> for details.\n", "loc": ["services", "draupnir", "secrets", "web", "synapseHTTPAntispam", "authorization"], "readOnly": false, "type": "null or absolute path"}, "services.draupnir.settings": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings written to Draupnir's configuration file.\nSee [Draupnir's default configuration](https://github.com/the-draupnir-project/Draupnir/blob/main/config/default.yaml) for available settings.\n", "example": {"_type": "literalExpression", "text": "{\n  homeserverUrl = \"https://matrix.org\";\n  managementRoom = \"#moderators:example.org\";\n\n  autojoinOnlyIfManager = true;\n  automaticallyRedactForReasons = [ \"spam\" \"advertising\" ];\n}\n"}, "loc": ["services", "draupnir", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.draupnir.settings.dataPath": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/draupnir\""}, "description": "The path Draupnir will store its state/data in.\n\n::: {.warning}\nThis option is read-only.\n:::\n\n::: {.note}\nIf you want to customize where this data is stored, use a bind mount.\n:::\n", "loc": ["services", "draupnir", "settings", "dataPath"], "readOnly": true, "type": "absolute path"}, "services.draupnir.settings.homeserverUrl": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "description": "Base URL of the Matrix homeserver that provides the Client-Server API.\n\n::: {.note}\nWhen using Pantalaimon, set this to the Pantalaimon URL and\n{option}`services.draupnir.settings.rawHomeserverUrl` to the public URL.\n:::\n", "example": {"_type": "literalExpression", "text": "\"https://matrix.org\""}, "loc": ["services", "draupnir", "settings", "homeserverUrl"], "readOnly": false, "type": "string"}, "services.draupnir.settings.managementRoom": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "description": "The room ID or alias where moderators can use the bot's functionality.\n\nThe bot has no access controls, so anyone in this room can use the bot - secure this room!\nDo not enable end-to-end encryption for this room, unless set up with Pantalaimon.\n\n::: {.warning}\nWhen using a room alias, make sure the alias used is on the local homeserver!\nThis prevents an issue where the control room becomes undefined when the alias can't be resolved.\n:::\n", "example": {"_type": "literalExpression", "text": "\"#moderators:example.org\""}, "loc": ["services", "draupnir", "settings", "managementRoom"], "readOnly": false, "type": "string"}, "services.draupnir.settings.rawHomeserverUrl": {"declarations": ["nixos/modules/services/matrix/draupnir.nix"], "default": {"_type": "literalExpression", "text": "config.services.draupnir.settings.homeserverUrl"}, "description": "Public base URL of the Matrix homeserver that provides the Client-Server API when using the Draupnir's\n[Report forwarding feature](https://the-draupnir-project.github.io/draupnir-documentation/bot/homeserver-administration#report-forwarding).\n\n::: {.warning}\nWhen using Pantalaimon, do not set this to the Pantalaimon URL!\n:::\n", "example": {"_type": "literalExpression", "text": "\"https://matrix.org\""}, "loc": ["services", "draupnir", "settings", "rawHomeserverUrl"], "readOnly": false, "type": "string"}, "services.drbd.config": {"declarations": ["nixos/modules/services/network-filesystems/drbd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the {file}`drbd.conf` configuration file.\n", "loc": ["services", "drbd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.drbd.enable": {"declarations": ["nixos/modules/services/network-filesystems/drbd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for DRBD, the Distributed Replicated\nBlock Device.\n", "loc": ["services", "drbd", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.broker.config": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to runtime.properties of the druid Druid Broker\n<https://druid.apache.org/docs/latest/configuration/index.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"druid.plainTextPort\" = \"8082\";\n  \"druid.service\" = \"servicename\";\n}"}, "loc": ["services", "druid", "broker", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.broker.enable": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Druid Broker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "druid", "broker", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.broker.jdk": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The JDK package to use.", "loc": ["services", "druid", "broker", "jdk"], "readOnly": false, "type": "package"}, "services.druid.broker.jvmArgs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the JVM", "loc": ["services", "druid", "broker", "jvmArgs"], "readOnly": false, "type": "string"}, "services.druid.broker.openFirewall": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for Druid Broker.", "loc": ["services", "druid", "broker", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.druid.broker.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "druid", "broker", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.druid.commonConfig": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to common.runtime.properties", "example": {"_type": "literalExpression", "text": "{\n  \"druid.extensions.loadList\" = \"[ \\\"mysql-metadata-storage\\\" ]\";\n  \"druid.metadata.storage.connector.connectURI\" = \"jdbc:mysql://localhost:3306/druid\";\n  \"druid.metadata.storage.type\" = \"mysql\";\n  \"druid.zk.service.host\" = \"localhost:2181\";\n}"}, "loc": ["services", "druid", "commonConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.commonTmpDirs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/var/log/druid/requests\"\n]"}, "description": "Common List of directories used by druid processes", "loc": ["services", "druid", "commonTmpDirs"], "readOnly": false, "type": "list of string"}, "services.druid.coordinator.config": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to runtime.properties of the druid Druid Coordinator\n<https://druid.apache.org/docs/latest/configuration/index.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"druid.plainTextPort\" = \"8082\";\n  \"druid.service\" = \"servicename\";\n}"}, "loc": ["services", "druid", "coordinator", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.coordinator.enable": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Druid Coordinator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "druid", "coordinator", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.coordinator.jdk": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The JDK package to use.", "loc": ["services", "druid", "coordinator", "jdk"], "readOnly": false, "type": "package"}, "services.druid.coordinator.jvmArgs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the JVM", "loc": ["services", "druid", "coordinator", "jvmArgs"], "readOnly": false, "type": "string"}, "services.druid.coordinator.openFirewall": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for Druid Coordinator.", "loc": ["services", "druid", "coordinator", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.druid.coordinator.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "druid", "coordinator", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.druid.extraClassPaths": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra classpath to include in the jvm", "loc": ["services", "druid", "extraClassPaths"], "readOnly": false, "type": "list of string"}, "services.druid.extraConfDirs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra Conf Dirs to include in the jvm", "loc": ["services", "druid", "extraConfDirs"], "readOnly": false, "type": "list of absolute path"}, "services.druid.historical.config": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to runtime.properties of the druid Druid Historical\n<https://druid.apache.org/docs/latest/configuration/index.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"druid.plainTextPort\" = \"8082\";\n  \"druid.service\" = \"servicename\";\n}"}, "loc": ["services", "druid", "historical", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.historical.enable": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Druid Historical.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "druid", "historical", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.historical.jdk": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The JDK package to use.", "loc": ["services", "druid", "historical", "jdk"], "readOnly": false, "type": "package"}, "services.druid.historical.jvmArgs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the JVM", "loc": ["services", "druid", "historical", "jvmArgs"], "readOnly": false, "type": "string"}, "services.druid.historical.openFirewall": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for Druid Historical.", "loc": ["services", "druid", "historical", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.druid.historical.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "druid", "historical", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.druid.historical.segmentLocations": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Locations where the historical will store its data.", "loc": ["services", "druid", "historical", "segmentLocations"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.druid.historical.segmentLocations.*.freeSpacePercent": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "Druid Historical will fail to write if it exceeds this value", "loc": ["services", "druid", "historical", "segmentLocations", "*", "freeSpacePercent"], "readOnly": false, "type": "floating point number"}, "services.druid.historical.segmentLocations.*.maxSize": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "description": "Max size the druid historical can occupy", "loc": ["services", "druid", "historical", "segmentLocations", "*", "maxSize"], "readOnly": false, "type": "string"}, "services.druid.historical.segmentLocations.*.path": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "description": "the path to store the segments", "loc": ["services", "druid", "historical", "segmentLocations", "*", "path"], "readOnly": false, "type": "absolute path"}, "services.druid.log4j": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "description": "Log4j Configuration for the druid process", "loc": ["services", "druid", "log4j"], "readOnly": false, "type": "absolute path"}, "services.druid.middleManager.config": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to runtime.properties of the druid Druid middleManager\n<https://druid.apache.org/docs/latest/configuration/index.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"druid.plainTextPort\" = \"8082\";\n  \"druid.service\" = \"servicename\";\n}"}, "loc": ["services", "druid", "middleManager", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.middleManager.enable": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Druid middleManager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "druid", "middleManager", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.middleManager.jdk": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The JDK package to use.", "loc": ["services", "druid", "middleManager", "jdk"], "readOnly": false, "type": "package"}, "services.druid.middleManager.jvmArgs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the JVM", "loc": ["services", "druid", "middleManager", "jvmArgs"], "readOnly": false, "type": "string"}, "services.druid.middleManager.openFirewall": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for Druid middleManager.", "loc": ["services", "druid", "middleManager", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.druid.middleManager.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "druid", "middleManager", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.druid.overlord.config": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to runtime.properties of the druid Druid Overlord\n<https://druid.apache.org/docs/latest/configuration/index.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"druid.plainTextPort\" = \"8082\";\n  \"druid.service\" = \"servicename\";\n}"}, "loc": ["services", "druid", "overlord", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.overlord.enable": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Druid Overlord.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "druid", "overlord", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.overlord.jdk": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The JDK package to use.", "loc": ["services", "druid", "overlord", "jdk"], "readOnly": false, "type": "package"}, "services.druid.overlord.jvmArgs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the JVM", "loc": ["services", "druid", "overlord", "jvmArgs"], "readOnly": false, "type": "string"}, "services.druid.overlord.openFirewall": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for Druid Overlord.", "loc": ["services", "druid", "overlord", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.druid.overlord.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "druid", "overlord", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.druid.package": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.druid"}, "description": "The apache-druid package to use.", "loc": ["services", "druid", "package"], "readOnly": false, "type": "package"}, "services.druid.router.config": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "(key=value) Configuration to be written to runtime.properties of the druid Druid Router\n<https://druid.apache.org/docs/latest/configuration/index.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"druid.plainTextPort\" = \"8082\";\n  \"druid.service\" = \"servicename\";\n}"}, "loc": ["services", "druid", "router", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.druid.router.enable": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Druid Router.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "druid", "router", "enable"], "readOnly": false, "type": "boolean"}, "services.druid.router.jdk": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The JDK package to use.", "loc": ["services", "druid", "router", "jdk"], "readOnly": false, "type": "package"}, "services.druid.router.jvmArgs": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the JVM", "loc": ["services", "druid", "router", "jvmArgs"], "readOnly": false, "type": "string"}, "services.druid.router.openFirewall": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for Druid Router.", "loc": ["services", "druid", "router", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.druid.router.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/druid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "druid", "router", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.drupal.enable": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable drupal.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "drupal", "enable"], "readOnly": false, "type": "boolean"}, "services.drupal.package": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.drupal"}, "description": "The drupal package to use.", "loc": ["services", "drupal", "package"], "readOnly": false, "type": "package"}, "services.drupal.sites": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "{\n  localhost = {\n    enable = true;\n  };\n}"}, "description": "Specification of one or more Drupal sites to serve", "loc": ["services", "drupal", "sites"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.drupal.sites.<name>.configSyncDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/drupal/<name>/config/sync\""}, "description": "The location of the Drupal config sync directory.", "loc": ["services", "drupal", "sites", "<name>", "configSyncDir"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "drupal", "sites", "<name>", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.database.host": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "drupal", "sites", "<name>", "database", "host"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.database.name": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"drupal\""}, "description": "Database name.", "loc": ["services", "drupal", "sites", "<name>", "database", "name"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/database-dbpassword\""}, "loc": ["services", "drupal", "sites", "<name>", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.drupal.sites.<name>.database.port": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "drupal", "sites", "<name>", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.drupal.sites.<name>.database.socket": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "loc": ["services", "drupal", "sites", "<name>", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.drupal.sites.<name>.database.tablePrefix": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"dp_\""}, "description": "The $table_prefix is the value placed in the front of your database tables.\nChange the value if you want to use something other than dp_ for your database\nprefix. Typically this is changed if you are installing multiple Drupal sites\nin the same database.\n", "loc": ["services", "drupal", "sites", "<name>", "database", "tablePrefix"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.database.user": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"drupal\""}, "description": "Database user.", "loc": ["services", "drupal", "sites", "<name>", "database", "user"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.enable": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Drupal web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "drupal", "sites", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration values that you want to insert into settings.php.\nAll configuration must be written as PHP script.\n", "example": {"_type": "literalExpression", "text": "''\n  $config['user.settings']['anonymous'] = 'Visitor';\n  $settings['entity_update_backup'] = TRUE;\n''"}, "loc": ["services", "drupal", "sites", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.drupal.sites.<name>.filesDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/drupal/<name>/sites/default/files\""}, "description": "The location of the Drupal files directory.\n", "loc": ["services", "drupal", "sites", "<name>", "filesDir"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.modulesDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/drupal/<name>/modules\""}, "description": "The location for users to install Drupal modules.", "loc": ["services", "drupal", "sites", "<name>", "modulesDir"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.package": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.drupal"}, "description": "The drupal package to use.", "loc": ["services", "drupal", "sites", "<name>", "package"], "readOnly": false, "type": "package"}, "services.drupal.sites.<name>.phpOptions": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for PHP's php.ini file for this Drupal site.\n", "example": {"_type": "literalExpression", "text": "{\n  \"opcache.interned_strings_buffer\" = \"8\";\n  \"opcache.max_accelerated_files\" = \"10000\";\n  \"opcache.memory_consumption\" = \"128\";\n  \"opcache.revalidate_freq\" = \"15\";\n  \"opcache.fast_shutdown\" = \"1\";\n}\n"}, "loc": ["services", "drupal", "sites", "<name>", "phpOptions"], "readOnly": false, "type": "attribute set of string"}, "services.drupal.sites.<name>.poolConfig": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the Drupal PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "drupal", "sites", "<name>", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.drupal.sites.<name>.privateFilesDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/drupal/<name>/private\""}, "description": "The location of the Drupal private files directory.", "loc": ["services", "drupal", "sites", "<name>", "privateFilesDir"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.stateDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/drupal/<name>\""}, "description": "The location of the Drupal site state directory.", "loc": ["services", "drupal", "sites", "<name>", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.themesDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/drupal/<name>/themes\""}, "description": "The location for users to install Drupal themes.", "loc": ["services", "drupal", "sites", "<name>", "themesDir"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.virtualHost": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "description": "Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`.\n", "example": {"_type": "literalExpression", "text": "{\n  adminAddr = \"webmaster@example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.drupal.sites.<name>.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.drupal.sites.<name>.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.drupal.sites.<name>.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.drupal.sites.<name>.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.drupal.sites.<name>.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.drupal.sites.<name>.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.drupal.sites.<name>.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "description": "Port to listen on", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.drupal.sites.<name>.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.drupal.sites.<name>.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.drupal.sites.<name>.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.drupal.sites.<name>.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.drupal.sites.<name>.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.drupal.sites.<name>.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.drupal.sites.<name>.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.drupal.sites.<name>.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.drupal.sites.<name>.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.drupal.sites.<name>.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.drupal.sites.<name>.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.drupal.sites.<name>.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.drupal.sites.<name>.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.drupal.sites.<name>.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.drupal.sites.<name>.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "drupal", "sites", "<name>", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.drupal.webserver": {"declarations": ["nixos/modules/services/web-apps/drupal.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Whether to use nginx or caddy for virtual host management.\n\nFurther nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n\nFurther caddy configuration can be done by adapting `services.caddy.virtualHosts.<name>`.\nSee [](#opt-services.caddy.virtualHosts) for further information.\n", "loc": ["services", "drupal", "webserver"], "readOnly": false, "type": "one of \"nginx\", \"caddy\""}, "services.dsnet.enable": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dsnet, a centralised Wireguard VPN manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dsnet", "enable"], "readOnly": false, "type": "boolean"}, "services.dsnet.package": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dsnet"}, "description": "The dsnet package to use.", "loc": ["services", "dsnet", "package"], "readOnly": false, "type": "package"}, "services.dsnet.settings": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The settings to use for dsnet. This will be converted to a JSON\nobject that will be passed to dsnet as a patch, using the patch\ncommand when the service is started. See the dsnet documentation for\nmore information on the additional options.\n\nNote that the resulting /etc/dsnetconfg.json is more of a database\nthan it is a configuration file. It is therefore recommended that\nsystem specific values are configured here, rather than the full\nconfiguration including peers.\n\nPeers may be managed via the dsnet add/remove commands, negating the\nneed to manage key material and cumbersom configuration with nix. If\nyou want peer configuration in nix, you may as well use the regular\nwireguard module.\n", "example": {"_type": "literalExpression", "text": "{\n  DNS = \"8.8.8.8\";\n  ExternalHostname = \"vpn.example.com\";\n  ExternalIP = \"127.0.0.1\";\n  ExternalIP6 = \"\";\n  IP = \"10.3.148.1\";\n  IP6 = \"\";\n  ListenPort = 51820;\n  Network = \"10.3.148.0/22\";\n  Network6 = \"\";\n  Networks = [\n    \"0.0.0.0/0\"\n  ];\n}"}, "loc": ["services", "dsnet", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.dsnet.settings.ExternalHostname": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The hostname that clients should use to connect to this server.\nThis is used to generate the client configuration files.\n\nThis is preferred over ExternalIP, as it allows for IPv4 and\nIPv6, as well as enabling the ability tp change IP.\n", "example": {"_type": "literalExpression", "text": "\"vpn.example.com\""}, "loc": ["services", "dsnet", "settings", "ExternalHostname"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.ExternalIP": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The external IP address of the server. This is used to generate\nthe client configuration files for when an ExternalHostname is not set.\n\nLeaving this empty will cause dsnet to use the IP address of\nwhat looks like the WAN interface.\n", "example": {"_type": "literalExpression", "text": "\"192.0.2.1\""}, "loc": ["services", "dsnet", "settings", "ExternalIP"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.ExternalIP6": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The external IPv6 address of the server. This is used to generate\nthe client configuration files for when an ExternalHostname is\nnot set. Used in preference to ExternalIP.\n\nLeaving this empty will cause dsnet to use the IP address of\nwhat looks like the WAN interface.\n", "example": {"_type": "literalExpression", "text": "\"2001:db8::1\""}, "loc": ["services", "dsnet", "settings", "ExternalIP6"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.IP": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv4 address that the server will use on the network.\nLeave this empty to let dsnet choose an address.\n", "example": {"_type": "literalExpression", "text": "\"172.18.0.1\""}, "loc": ["services", "dsnet", "settings", "IP"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.IP6": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv6 address that the server will use on the network\nLeave this empty to let dsnet choose an address.\n", "example": {"_type": "literalExpression", "text": "\"2001:db8::1\""}, "loc": ["services", "dsnet", "settings", "IP6"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.Network": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv4 network that the server will use to allocate IPs on the network.\nLeave this empty to let dsnet choose a network.\n", "example": {"_type": "literalExpression", "text": "\"172.18.0.0/24\""}, "loc": ["services", "dsnet", "settings", "Network"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.Network6": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv6 network that the server will use to allocate IPs on the\nnetwork.\nLeave this empty to let dsnet choose a network.\n", "example": {"_type": "literalExpression", "text": "\"2001:db8::1/64\""}, "loc": ["services", "dsnet", "settings", "Network6"], "readOnly": false, "type": "null or string"}, "services.dsnet.settings.Networks": {"declarations": ["nixos/modules/services/networking/dsnet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The CIDR networks that should route through this server. Clients\nwill be configured to route traffic for these networks through\nthe server peer.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0/0\"\n  \"192.168.0.0/24\"\n]"}, "loc": ["services", "dsnet", "settings", "Networks"], "readOnly": false, "type": "null or (list of string)"}, "services.dspam.domainSocket": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "\"/run/dspam/dspam.sock\""}, "description": "Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket.", "loc": ["services", "dspam", "domainSocket"], "readOnly": false, "type": "null or absolute path"}, "services.dspam.enable": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the dspam spam filter.", "loc": ["services", "dspam", "enable"], "readOnly": false, "type": "boolean"}, "services.dspam.extraConfig": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional dspam configuration.", "loc": ["services", "dspam", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.dspam.group": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "\"dspam\""}, "description": "Group for the dspam daemon.", "loc": ["services", "dspam", "group"], "readOnly": false, "type": "string"}, "services.dspam.maintenanceInterval": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, maintenance script will be run at specified (in systemd.timer format) interval", "loc": ["services", "dspam", "maintenanceInterval"], "readOnly": false, "type": "null or string"}, "services.dspam.storageDriver": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "\"hash\""}, "description": "Storage driver backend to use for dspam.", "loc": ["services", "dspam", "storageDriver"], "readOnly": false, "type": "string"}, "services.dspam.user": {"declarations": ["nixos/modules/services/mail/dspam.nix"], "default": {"_type": "literalExpression", "text": "\"dspam\""}, "description": "User for the dspam daemon.", "loc": ["services", "dspam", "user"], "readOnly": false, "type": "string"}, "services.duckdns.domains": {"declarations": ["nixos/modules/services/misc/duckdns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The domain(s) to update in DuckDNS\n(without the .duckdns.org suffix)\n", "example": {"_type": "literalExpression", "text": "[\n  \"examplehost\"\n]"}, "loc": ["services", "duckdns", "domains"], "readOnly": false, "type": "null or (list of string)"}, "services.duckdns.domainsFile": {"declarations": ["nixos/modules/services/misc/duckdns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing a\nnewline-separated list of DuckDNS\ndomain(s) to be updated\n(without the .duckdns.org suffix)\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"duckdns-domains.txt\" ''\n  examplehost\n  examplehost2\n  examplehost3\n''\n"}, "loc": ["services", "duckdns", "domainsFile"], "readOnly": false, "type": "null or absolute path"}, "services.duckdns.enable": {"declarations": ["nixos/modules/services/misc/duckdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DuckDNS Dynamic DNS Client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "duckdns", "enable"], "readOnly": false, "type": "boolean"}, "services.duckdns.tokenFile": {"declarations": ["nixos/modules/services/misc/duckdns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the token\nused to authenticate with DuckDNS.\n", "loc": ["services", "duckdns", "tokenFile"], "readOnly": false, "type": "absolute path"}, "services.duckling.enable": {"declarations": ["nixos/modules/services/misc/duckling.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable duckling.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "duckling", "enable"], "readOnly": false, "type": "boolean"}, "services.duckling.port": {"declarations": ["nixos/modules/services/misc/duckling.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port on which duckling will run.\n", "loc": ["services", "duckling", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.dump1090-fa.enable": {"declarations": ["nixos/modules/services/misc/dump1090-fa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dump1090-fa.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dump1090-fa", "enable"], "readOnly": false, "type": "boolean"}, "services.dump1090-fa.extraArgs": {"declarations": ["nixos/modules/services/misc/dump1090-fa.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional passed arguments", "loc": ["services", "dump1090-fa", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.dump1090-fa.package": {"declarations": ["nixos/modules/services/misc/dump1090-fa.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dump1090-fa"}, "description": "The dump1090-fa package to use.", "loc": ["services", "dump1090-fa", "package"], "readOnly": false, "type": "package"}, "services.dunst.enable": {"declarations": ["nixos/modules/services/desktops/dunst.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dunst notification daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dunst", "enable"], "readOnly": false, "type": "boolean"}, "services.dunst.enableWayland": {"declarations": ["nixos/modules/services/desktops/dunst.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Wayland support.", "loc": ["services", "dunst", "enableWayland"], "readOnly": false, "type": "boolean"}, "services.dunst.enableX11": {"declarations": ["nixos/modules/services/desktops/dunst.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable X11 support.", "loc": ["services", "dunst", "enableX11"], "readOnly": false, "type": "boolean"}, "services.dunst.package": {"declarations": ["nixos/modules/services/desktops/dunst.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dunst"}, "description": "The dunst package to use.", "loc": ["services", "dunst", "package"], "readOnly": false, "type": "package"}, "services.dunst.settings": {"declarations": ["nixos/modules/services/desktops/dunst.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Dunst configuration, see dunst(5)", "example": {"_type": "literalExpression", "text": "{\n  global = {\n    width = 300;\n    height = 300;\n    offset = \"30x50\";\n    origin = \"top-right\";\n    transparency = 10;\n    frame_color = \"#eceff1\";\n    font = \"Droid Sans 9\";\n  };\n\n  urgency_normal = {\n    background = \"#37474f\";\n    foreground = \"#eceff1\";\n    timeout = 10;\n  };\n};\n"}, "loc": ["services", "dunst", "settings"], "readOnly": false, "type": "TOML value"}, "services.duplicati.dataDir": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/duplicati\""}, "description": "The directory where Duplicati stores its data files.\n\n::: {.note}\nIf left as the default value this directory will automatically be created\nbefore the Duplicati server starts, otherwise you are responsible for ensuring\nthe directory exists with appropriate ownership and permissions.\n:::\n", "loc": ["services", "duplicati", "dataDir"], "readOnly": false, "type": "string"}, "services.duplicati.enable": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Duplicati.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "duplicati", "enable"], "readOnly": false, "type": "boolean"}, "services.duplicati.interface": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listening interface for the web UI\nSet it to \"any\" to listen on all available interfaces\n", "loc": ["services", "duplicati", "interface"], "readOnly": false, "type": "string"}, "services.duplicati.package": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "pkgs.duplicati"}, "description": "The duplicati package to use.", "loc": ["services", "duplicati", "package"], "readOnly": false, "type": "package"}, "services.duplicati.parameters": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This option can be used to store some or all of the options given to the\ncommandline client.\nEach line in this option should be of the format --option=value.\nThe options in this file take precedence over the options provided\nthrough command line arguments.\n<link xlink:href=\"https://duplicati.readthedocs.io/en/latest/06-advanced-options/#parameters-file\">Duplicati docs: parameters-file</link>\n", "example": {"_type": "literalExpression", "text": "''\n  --webservice-allowedhostnames=*\n''"}, "loc": ["services", "duplicati", "parameters"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.duplicati.parametersFile": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This file can be used to store some or all of the options given to the\ncommandline client.\nEach line in the file option should be of the format --option=value.\nThe options in this file take precedence over the options provided\nthrough command line arguments.\n<link xlink:href=\"https://duplicati.readthedocs.io/en/latest/06-advanced-options/#parameters-file\">Duplicati docs: parameters-file</link>\n", "loc": ["services", "duplicati", "parametersFile"], "readOnly": false, "type": "null or absolute path"}, "services.duplicati.port": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "8200"}, "description": "Port serving the web interface\n", "loc": ["services", "duplicati", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.duplicati.user": {"declarations": ["nixos/modules/services/backup/duplicati.nix"], "default": {"_type": "literalExpression", "text": "\"duplicati\""}, "description": "Duplicati runs as it's own user. It will only be able to backup world-readable files.\nRun as root with special care.\n", "loc": ["services", "duplicati", "user"], "readOnly": false, "type": "string"}, "services.duplicity.cleanup.maxAge": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If non-null, delete all backup sets older than the given time.  Old backup sets\nwill not be deleted if backup sets newer than time depend on them.\n", "example": {"_type": "literalExpression", "text": "\"6M\""}, "loc": ["services", "duplicity", "cleanup", "maxAge"], "readOnly": false, "type": "null or string"}, "services.duplicity.cleanup.maxFull": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If non-null, delete all backups sets that are older than the count:th last full\nbackup (in other words, keep the last count full backups and\nassociated incremental sets).\n", "example": {"_type": "literalExpression", "text": "2"}, "loc": ["services", "duplicity", "cleanup", "maxFull"], "readOnly": false, "type": "null or signed integer"}, "services.duplicity.cleanup.maxIncr": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If non-null, delete incremental sets of all backups sets that are\nolder than the count:th last full backup (in other words, keep only\nold full backups and not their increments).\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "duplicity", "cleanup", "maxIncr"], "readOnly": false, "type": "null or signed integer"}, "services.duplicity.enable": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable backups with duplicity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "duplicity", "enable"], "readOnly": false, "type": "boolean"}, "services.duplicity.exclude": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths to exclude from backups. See the FILE SELECTION section in\n{manpage}`duplicity(1)` for details on the syntax.\n", "loc": ["services", "duplicity", "exclude"], "readOnly": false, "type": "list of string"}, "services.duplicity.excludeFileList": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing newline-separated list of paths to exclude into the\nbackups. See the FILE SELECTION section in {manpage}`duplicity(1)` for\ndetails on the syntax.\n", "example": {"_type": "literalExpression", "text": "/path/to/fileList.txt"}, "loc": ["services", "duplicity", "excludeFileList"], "readOnly": false, "type": "null or absolute path"}, "services.duplicity.extraFlags": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line flags passed to duplicity. See\n{manpage}`duplicity(1)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--backend-retry-delay\"\n  \"100\"\n]"}, "loc": ["services", "duplicity", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.duplicity.frequency": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "Run duplicity with the given frequency (see\n{manpage}`systemd.time(7)` for the format).\nIf null, do not run automatically.\n", "loc": ["services", "duplicity", "frequency"], "readOnly": false, "type": "null or string"}, "services.duplicity.fullIfOlderThan": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "\"never\""}, "description": "If `\"never\"` (the default) always do incremental\nbackups (the first backup will be a full backup, of course).  If\n`\"always\"` always do full backups.  Otherwise, this\nmust be a string representing a duration. Full backups will be made\nwhen the latest full backup is older than this duration. If this is not\nthe case, an incremental backup is performed.\n", "example": {"_type": "literalExpression", "text": "\"1M\""}, "loc": ["services", "duplicity", "fullIfOlderThan"], "readOnly": false, "type": "string"}, "services.duplicity.include": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths to include into the backups. See the FILE SELECTION\nsection in {manpage}`duplicity(1)` for details on the syntax.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/home\"\n]"}, "loc": ["services", "duplicity", "include"], "readOnly": false, "type": "list of string"}, "services.duplicity.includeFileList": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing newline-separated list of paths to include into the\nbackups. See the FILE SELECTION section in {manpage}`duplicity(1)` for\ndetails on the syntax.\n", "example": {"_type": "literalExpression", "text": "/path/to/fileList.txt"}, "loc": ["services", "duplicity", "includeFileList"], "readOnly": false, "type": "null or absolute path"}, "services.duplicity.root": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Root directory to backup.\n", "loc": ["services", "duplicity", "root"], "readOnly": false, "type": "absolute path"}, "services.duplicity.secretFile": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of a file containing secrets (gpg passphrase, access key...) in\nthe format of EnvironmentFile as described by\n{manpage}`systemd.exec(5)`. For example:\n```\nPASSPHRASE=\u00ab...\u00bb\nAWS_ACCESS_KEY_ID=\u00ab...\u00bb\nAWS_SECRET_ACCESS_KEY=\u00ab...\u00bb\n```\n", "loc": ["services", "duplicity", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.duplicity.targetUrl": {"declarations": ["nixos/modules/services/backup/duplicity.nix"], "description": "Target url to backup to. See the URL FORMAT section in\n{manpage}`duplicity(1)` for supported urls.\n", "example": {"_type": "literalExpression", "text": "\"s3://host:port/prefix\""}, "loc": ["services", "duplicity", "targetUrl"], "readOnly": false, "type": "string"}, "services.dwm-status.enable": {"declarations": ["nixos/modules/services/misc/dwm-status.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dwm-status user service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dwm-status", "enable"], "readOnly": false, "type": "boolean"}, "services.dwm-status.package": {"declarations": ["nixos/modules/services/misc/dwm-status.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dwm-status"}, "description": "The dwm-status package to use.", "example": {"_type": "literalExpression", "text": "dwm-status.override { enableAlsaUtils = false; }"}, "loc": ["services", "dwm-status", "package"], "readOnly": false, "type": "package"}, "services.dwm-status.settings": {"declarations": ["nixos/modules/services/misc/dwm-status.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config options for dwm-status, see <https://github.com/Gerschtli/dwm-status#configuration>\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  order = [\n    \"battery\"\n    \"cpu_load\"\n    \"time\"\n  ];\n  time = {\n    format = \"%F %a %r\";\n    update_seconds = true;\n  };\n}"}, "loc": ["services", "dwm-status", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.dwm-status.settings.order": {"declarations": ["nixos/modules/services/misc/dwm-status.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of enabled features in order.\n", "loc": ["services", "dwm-status", "settings", "order"], "readOnly": false, "type": "list of (one of \"audio\", \"backlight\", \"battery\", \"cpu_load\", \"network\", \"time\")"}, "services.dysnomia.components": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state", "loc": ["services", "dysnomia", "components"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.dysnomia.containers": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set in which each key represents a container and each value an attribute set providing its configuration properties", "loc": ["services", "dysnomia", "containers"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.dysnomia.enable": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dysnomia", "loc": ["services", "dysnomia", "enable"], "readOnly": false, "type": "boolean"}, "services.dysnomia.enableAuthentication": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to publish privacy-sensitive authentication credentials", "loc": ["services", "dysnomia", "enableAuthentication"], "readOnly": false, "type": "boolean"}, "services.dysnomia.enableLegacyModules": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Dysnomia legacy process and wrapper modules", "loc": ["services", "dysnomia", "enableLegacyModules"], "readOnly": false, "type": "boolean"}, "services.dysnomia.extraContainerPaths": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths containing additional container configurations that are added to the search folders", "loc": ["services", "dysnomia", "extraContainerPaths"], "readOnly": false, "type": "list of absolute path"}, "services.dysnomia.extraContainerProperties": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set providing additional container settings in addition to the default properties", "loc": ["services", "dysnomia", "extraContainerProperties"], "readOnly": false, "type": "attribute set"}, "services.dysnomia.extraModulePaths": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths containing additional modules that are added to the search folders", "loc": ["services", "dysnomia", "extraModulePaths"], "readOnly": false, "type": "list of absolute path"}, "services.dysnomia.package": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "description": "The Dysnomia package", "loc": ["services", "dysnomia", "package"], "readOnly": false, "type": "absolute path"}, "services.dysnomia.properties": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.", "loc": ["services", "dysnomia", "properties"], "readOnly": false, "type": "attribute set"}, "services.e-imzo.enable": {"declarations": ["nixos/modules/services/security/e-imzo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable E-IMZO.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "e-imzo", "enable"], "readOnly": false, "type": "boolean"}, "services.e-imzo.package": {"declarations": ["nixos/modules/services/security/e-imzo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.e-imzo"}, "description": "The e-imzo package to use. Official mirror deletes old versions as soon as they release new one. Feel free to use either unstable or your own custom e-imzo package and ping maintainer.", "loc": ["services", "e-imzo", "package"], "readOnly": false, "type": "package"}, "services.earlyoom.enable": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable early out of memory killing.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "earlyoom", "enable"], "readOnly": false, "type": "boolean"}, "services.earlyoom.enableDebugInfo": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable debugging messages.\n", "loc": ["services", "earlyoom", "enableDebugInfo"], "readOnly": false, "type": "boolean"}, "services.earlyoom.enableNotifications": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send notifications about killed processes via the system d-bus.\n\nWARNING: enabling this option (while convenient) should *not* be done on a\nmachine where you do not trust the other users as it allows any other\nlocal user to DoS your session by spamming notifications.\n\nTo actually see the notifications in your GUI session, you need to have\n`systembus-notify` running as your user, which this\noption handles by enabling {option}`services.systembus-notify`.\n\nSee [README](https://github.com/rfjakob/earlyoom#notifications) for details.\n", "loc": ["services", "earlyoom", "enableNotifications"], "readOnly": false, "type": "boolean"}, "services.earlyoom.extraArgs": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to be passed to earlyoom. Each element in\nthe value list will be escaped as an argument without further\nword-breaking.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-g\"\n  \"--prefer\"\n  \"(^|/)(java|chromium)$\"\n]"}, "loc": ["services", "earlyoom", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.earlyoom.freeMemKillThreshold": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Minimum available memory (in percent) before sending SIGKILL.\nIf unset, this defaults to half of {option}`freeMemThreshold`.\n\nSee the description of [](#opt-services.earlyoom.freeMemThreshold).\n", "loc": ["services", "earlyoom", "freeMemKillThreshold"], "readOnly": false, "type": "null or integer between 1 and 100 (both inclusive)"}, "services.earlyoom.freeMemThreshold": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Minimum available memory (in percent).\n\nIf the available memory falls below this threshold (and the analog is true for\n{option}`freeSwapThreshold`) the killing begins.\nSIGTERM is sent first to the process that uses the most memory; then, if the available\nmemory falls below {option}`freeMemKillThreshold` (and the analog is true for\n{option}`freeSwapKillThreshold`), SIGKILL is sent.\n\nSee [README](https://github.com/rfjakob/earlyoom#command-line-options) for details.\n", "loc": ["services", "earlyoom", "freeMemThreshold"], "readOnly": false, "type": "integer between 1 and 100 (both inclusive)"}, "services.earlyoom.freeSwapKillThreshold": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Minimum free swap space (in percent) before sending SIGKILL.\nIf unset, this defaults to half of {option}`freeSwapThreshold`.\n\nSee the description of [](#opt-services.earlyoom.freeMemThreshold).\n", "loc": ["services", "earlyoom", "freeSwapKillThreshold"], "readOnly": false, "type": "null or integer between 1 and 100 (both inclusive)"}, "services.earlyoom.freeSwapThreshold": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Minimum free swap space (in percent) before sending SIGTERM.\n\nSee the description of [](#opt-services.earlyoom.freeMemThreshold).\n", "loc": ["services", "earlyoom", "freeSwapThreshold"], "readOnly": false, "type": "integer between 1 and 100 (both inclusive)"}, "services.earlyoom.killHook": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An absolute path to an executable to be run for each process killed.\nSome environment variables are available, see\n[README](https://github.com/rfjakob/earlyoom#notifications) and\n[the man page](https://github.com/rfjakob/earlyoom/blob/master/MANPAGE.md#-n-pathtoscript)\nfor details.\n\nWARNING: earlyoom is running in a sandbox with ProtectSystem=\"strict\"\nby default, so filesystem write is also prohibited for the hook.\nIf you want to change these protection rules, override the systemd\nservice via `systemd.services.earlyoom.serviceConfig.ProtectSystem`.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeShellScript \"earlyoom-kill-hook\" ''\n  echo \"Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed\" >> /path/to/log\n''\n"}, "loc": ["services", "earlyoom", "killHook"], "readOnly": false, "type": "null or absolute path"}, "services.earlyoom.package": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "pkgs.earlyoom"}, "description": "The earlyoom package to use.", "loc": ["services", "earlyoom", "package"], "readOnly": false, "type": "package"}, "services.earlyoom.reportInterval": {"declarations": ["nixos/modules/services/system/earlyoom.nix"], "default": {"_type": "literalExpression", "text": "3600"}, "description": "Interval (in seconds) at which a memory report is printed (set to 0 to disable).", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["services", "earlyoom", "reportInterval"], "readOnly": false, "type": "signed integer"}, "services.easytier.allowSystemForward": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Allow the system to forward packets from easytier. Useful when\n`proxy_forward_by_system` enabled.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "easytier", "allowSystemForward"], "readOnly": false, "type": "boolean"}, "services.easytier.enable": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable EasyTier daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "easytier", "enable"], "readOnly": false, "type": "boolean"}, "services.easytier.instances": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "EasyTier instances.\n", "example": {"_type": "literalExpression", "text": "{\n  extraSettings = {\n    flags = {\n      dev_name = \"tun1\";\n    };\n  };\n  settings = {\n    ipv4 = \"10.144.144.1/24\";\n    network_name = \"easytier\";\n    network_secret = \"easytier\";\n    peers = [\n      \"tcp://public.easytier.cn:11010\"\n      \"wss://example.com:443\"\n    ];\n  };\n}"}, "loc": ["services", "easytier", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.easytier.instances.<name>.configFile": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to easytier config file. Setting this option will\noverride `settings` and `extraSettings` of this instance.\n", "loc": ["services", "easytier", "instances", "<name>", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.easytier.instances.<name>.configServer": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure the instance from config server. When this option\nset, any other settings for configuring the instance manually\nexcept `hostname` will be ignored. Valid formats are:\n\n- full uri for custom server: `udp://example.com:22020/<token>`\n- username only for official server: `<token>`\n", "example": {"_type": "literalExpression", "text": "\"udp://example.com:22020/myusername\""}, "loc": ["services", "easytier", "instances", "<name>", "configServer"], "readOnly": false, "type": "null or string"}, "services.easytier.instances.<name>.enable": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the instance.", "loc": ["services", "easytier", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.easytier.instances.<name>.environmentFiles": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment files for this instance. All command-line args\nhave corresponding environment variables.\n", "example": {"_type": "literalExpression", "text": "[\n  /path/to/.env\n  /path/to/.env.secret\n]\n"}, "loc": ["services", "easytier", "instances", "<name>", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.easytier.instances.<name>.extraArgs": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra args append to the easytier command-line.\n", "loc": ["services", "easytier", "instances", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.easytier.instances.<name>.extraSettings": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra settings to add to {file}`easytier-\u2039name\u203a.toml`.\n", "loc": ["services", "easytier", "instances", "<name>", "extraSettings"], "readOnly": false, "type": "TOML value"}, "services.easytier.instances.<name>.settings": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to generate {file}`easytier-\u2039name\u203a.toml`\n", "loc": ["services", "easytier", "instances", "<name>", "settings"], "readOnly": false, "type": "submodule"}, "services.easytier.instances.<name>.settings.dhcp": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically determine the IPv4 address of this peer based on\nexisting peers on network.\n", "loc": ["services", "easytier", "instances", "<name>", "settings", "dhcp"], "readOnly": false, "type": "boolean"}, "services.easytier.instances.<name>.settings.hostname": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname shown in peer list and web console.", "loc": ["services", "easytier", "instances", "<name>", "settings", "hostname"], "readOnly": false, "type": "null or string"}, "services.easytier.instances.<name>.settings.instance_name": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Identify different instances on same host", "loc": ["services", "easytier", "instances", "<name>", "settings", "instance_name"], "readOnly": false, "type": "string"}, "services.easytier.instances.<name>.settings.ipv4": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4 cidr address of this peer in the virtual network. If\nempty, this peer will only forward packets and no TUN device\nwill be created.\n", "example": {"_type": "literalExpression", "text": "\"10.144.144.1/24\""}, "loc": ["services", "easytier", "instances", "<name>", "settings", "ipv4"], "readOnly": false, "type": "null or string"}, "services.easytier.instances.<name>.settings.listeners": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"tcp://0.0.0.0:11010\"\n  \"udp://0.0.0.0:11010\"\n]"}, "description": "Listener addresses to accept connections from other peers.\nValid format is: `<proto>://<addr>:<port>`, where the protocol\ncan be `tcp`, `udp`, `ring`, `wg`, `ws`, `wss`.\n", "loc": ["services", "easytier", "instances", "<name>", "settings", "listeners"], "readOnly": false, "type": "list of string"}, "services.easytier.instances.<name>.settings.network_name": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "EasyTier network name.", "loc": ["services", "easytier", "instances", "<name>", "settings", "network_name"], "readOnly": false, "type": "null or string"}, "services.easytier.instances.<name>.settings.network_secret": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "EasyTier network credential used for verification and\nencryption. It can also be set in environmentFile.\n", "loc": ["services", "easytier", "instances", "<name>", "settings", "network_secret"], "readOnly": false, "type": "null or string"}, "services.easytier.instances.<name>.settings.peers": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Peers to connect initially. Valid format is: `<proto>://<addr>:<port>`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tcp://example.com:11010\"\n]"}, "loc": ["services", "easytier", "instances", "<name>", "settings", "peers"], "readOnly": false, "type": "list of string"}, "services.easytier.package": {"declarations": ["nixos/modules/services/networking/easytier.nix"], "default": {"_type": "literalExpression", "text": "pkgs.easytier"}, "description": "The easytier package to use.", "loc": ["services", "easytier", "package"], "readOnly": false, "type": "package"}, "services.ebusd.configpath": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"https://ebus.github.io/\""}, "description": "Directory to read CSV config files from. This can be a local folder or a URL.\n", "loc": ["services", "ebusd", "configpath"], "readOnly": false, "type": "string"}, "services.ebusd.device": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Use DEV as eBUS device [/dev/ttyUSB0].\nThis can be either:\n  enh:DEVICE or enh:IP:PORT for enhanced device (only adapter v3 and newer),\n  ens:DEVICE for enhanced high speed serial device (only adapter v3 and newer with firmware since 20220731),\n  DEVICE for serial device (normal speed, for all other serial adapters like adapter v2 as well as adapter v3 in non-enhanced mode), or\n  [udp:]IP:PORT for network device.\n\nSource: <https://github.com/john30/ebusd/wiki/2.-Run#device-options>\n", "example": {"_type": "literalExpression", "text": "\"IP:PORT\""}, "loc": ["services", "ebusd", "device"], "readOnly": false, "type": "string"}, "services.ebusd.enable": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ebusd, a daemon for communication with eBUS heating systems.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ebusd", "enable"], "readOnly": false, "type": "boolean"}, "services.ebusd.extraArguments": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to the ebus daemon\n", "loc": ["services", "ebusd", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.ebusd.logs.all": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "all"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.logs.bus": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "bus"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.logs.device": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "device"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.logs.main": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "main"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.logs.network": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "network"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.logs.other": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "other"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.logs.update": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Only write log for matching `AREA`s (all|main|network|bus|device|update|other) below or equal to `LEVEL` (none|error|notice|info|debug)\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "ebusd", "logs", "update"], "readOnly": false, "type": "one of \"none\", \"error\", \"notice\", \"info\", \"debug\""}, "services.ebusd.mqtt.enable": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for MQTT.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ebusd", "mqtt", "enable"], "readOnly": false, "type": "boolean"}, "services.ebusd.mqtt.home-assistant": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Adds the Home Assistant topics to MQTT, read more at [MQTT Integration](https://github.com/john30/ebusd/wiki/MQTT-integration)\n", "loc": ["services", "ebusd", "mqtt", "home-assistant"], "readOnly": false, "type": "boolean"}, "services.ebusd.mqtt.host": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Connect to MQTT broker on HOST.\n", "loc": ["services", "ebusd", "mqtt", "host"], "readOnly": false, "type": "string"}, "services.ebusd.mqtt.password": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "description": "The MQTT password.\n", "loc": ["services", "ebusd", "mqtt", "password"], "readOnly": false, "type": "string"}, "services.ebusd.mqtt.port": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "1883"}, "description": "The port on which to connect to MQTT\n", "loc": ["services", "ebusd", "mqtt", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ebusd.mqtt.retain": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable set the retain flag on all topics instead of only selected global ones.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ebusd", "mqtt", "retain"], "readOnly": false, "type": "boolean"}, "services.ebusd.mqtt.user": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "description": "The MQTT user to use\n", "loc": ["services", "ebusd", "mqtt", "user"], "readOnly": false, "type": "string"}, "services.ebusd.package": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ebusd"}, "description": "The ebusd package to use.", "loc": ["services", "ebusd", "package"], "readOnly": false, "type": "package"}, "services.ebusd.port": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "8888"}, "description": "The port on which to listen on\n", "loc": ["services", "ebusd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ebusd.readonly": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only read from device, never write to it\n", "loc": ["services", "ebusd", "readonly"], "readOnly": false, "type": "boolean"}, "services.ebusd.scanconfig": {"declarations": ["nixos/modules/services/home-automation/ebusd.nix"], "default": {"_type": "literalExpression", "text": "\"full\""}, "description": "Pick CSV config files matching initial scan (\"none\" or empty for no initial scan message, \"full\" for full scan, or a single hex address to scan, default is to send a broadcast ident message).\nIf combined with --checkconfig, you can add scan message data as arguments for checking a particular scan configuration, e.g. \"FF08070400/0AB5454850303003277201\". For further details on this option,\nsee [Automatic configuration](https://github.com/john30/ebusd/wiki/4.7.-Automatic-configuration).\n", "loc": ["services", "ebusd", "scanconfig"], "readOnly": false, "type": "string"}, "services.echoip.enable": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable echoip.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "echoip", "enable"], "readOnly": false, "type": "boolean"}, "services.echoip.enablePortLookup": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable port lookup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "echoip", "enablePortLookup"], "readOnly": false, "type": "boolean"}, "services.echoip.enableReverseHostnameLookups": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable reverse hostname lookups.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "echoip", "enableReverseHostnameLookups"], "readOnly": false, "type": "boolean"}, "services.echoip.extraArgs": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to echoip. See <https://github.com/mpolden/echoip> for details.", "loc": ["services", "echoip", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.echoip.listenAddress": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "\":8080\""}, "description": "The address echoip should listen on", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "loc": ["services", "echoip", "listenAddress"], "readOnly": false, "type": "string"}, "services.echoip.package": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "pkgs.echoip"}, "description": "The echoip package to use.", "loc": ["services", "echoip", "package"], "readOnly": false, "type": "package"}, "services.echoip.remoteIpHeader": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Header to trust for remote IP, if present", "example": {"_type": "literalExpression", "text": "\"X-Real-IP\""}, "loc": ["services", "echoip", "remoteIpHeader"], "readOnly": false, "type": "null or string"}, "services.echoip.virtualHost": {"declarations": ["nixos/modules/services/web-apps/echoip.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the nginx virtual host to use and setup. If null, do not setup anything.\n", "loc": ["services", "echoip", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.ecs-agent.enable": {"declarations": ["nixos/modules/virtualisation/ecs-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Amazon ECS agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ecs-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.ecs-agent.extra-environment": {"declarations": ["nixos/modules/virtualisation/ecs-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The environment the ECS agent should run with. See the ECS agent documentation for keys that work here.", "loc": ["services", "ecs-agent", "extra-environment"], "readOnly": false, "type": "attribute set of string"}, "services.ecs-agent.package": {"declarations": ["nixos/modules/virtualisation/ecs-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ecs-agent"}, "description": "The ecs-agent package to use.", "loc": ["services", "ecs-agent", "package"], "readOnly": false, "type": "package"}, "services.eg25-manager.enable": {"declarations": ["nixos/modules/hardware/network/eg25-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Quectel EG25 modem manager service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "eg25-manager", "enable"], "readOnly": false, "type": "boolean"}, "services.eg25-manager.package": {"declarations": ["nixos/modules/hardware/network/eg25-manager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.eg25-manager"}, "description": "The eg25-manager package to use.", "loc": ["services", "eg25-manager", "package"], "readOnly": false, "type": "package"}, "services.eintopf.enable": {"declarations": ["nixos/modules/services/web-apps/eintopf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Lauti (Eintopf) community event calendar web app.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "eintopf", "enable"], "readOnly": false, "type": "boolean"}, "services.eintopf.secrets": {"declarations": ["nixos/modules/services/web-apps/eintopf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing the various secrets. Should be in the\nformat expected by systemd's `EnvironmentFile` directory.\n", "loc": ["services", "eintopf", "secrets"], "readOnly": false, "type": "list of absolute path"}, "services.eintopf.settings": {"declarations": ["nixos/modules/services/web-apps/eintopf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to configure web service. See\n<https://codeberg.org/Klasse-Methode/lauti/src/branch/main/DEPLOYMENT.md>\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  EINTOPF_ADDR = \":1234\";\n  EINTOPF_ADMIN_EMAIL = \"admin@example.org\";\n  EINTOPF_TIMEZONE = \"Europe/Berlin\";\n}\n"}, "loc": ["services", "eintopf", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.ejabberd.configFile": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration file for ejabberd in YAML format", "loc": ["services", "ejabberd", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.ejabberd.ctlConfig": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration of ejabberdctl", "loc": ["services", "ejabberd", "ctlConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ejabberd.enable": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ejabberd server", "loc": ["services", "ejabberd", "enable"], "readOnly": false, "type": "boolean"}, "services.ejabberd.group": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "\"ejabberd\""}, "description": "Group under which ejabberd is ran", "loc": ["services", "ejabberd", "group"], "readOnly": false, "type": "string"}, "services.ejabberd.imagemagick": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add ImageMagick to server's path; allows for image thumbnailing", "loc": ["services", "ejabberd", "imagemagick"], "readOnly": false, "type": "boolean"}, "services.ejabberd.loadDumps": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configuration dumps that should be loaded on the first startup", "example": {"_type": "literalExpression", "text": "[ ./myejabberd.dump ]"}, "loc": ["services", "ejabberd", "loadDumps"], "readOnly": false, "type": "list of absolute path"}, "services.ejabberd.logsDir": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/ejabberd\""}, "description": "Location of the logfile directory of ejabberd", "loc": ["services", "ejabberd", "logsDir"], "readOnly": false, "type": "absolute path"}, "services.ejabberd.package": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ejabberd"}, "description": "The ejabberd package to use.", "loc": ["services", "ejabberd", "package"], "readOnly": false, "type": "package"}, "services.ejabberd.spoolDir": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ejabberd\""}, "description": "Location of the spooldir of ejabberd", "loc": ["services", "ejabberd", "spoolDir"], "readOnly": false, "type": "absolute path"}, "services.ejabberd.user": {"declarations": ["nixos/modules/services/networking/ejabberd.nix"], "default": {"_type": "literalExpression", "text": "\"ejabberd\""}, "description": "User under which ejabberd is ran", "loc": ["services", "ejabberd", "user"], "readOnly": false, "type": "string"}, "services.elasticsearch-curator.actionYAML": {"declarations": ["nixos/modules/services/search/elasticsearch-curator.nix"], "description": "curator action.yaml file contents, alternatively use curator-cli which takes a simple action command", "example": {"_type": "literalExpression", "text": "''\n  ---\n  actions:\n    1:\n      action: delete_indices\n      description: >-\n        Delete indices older than 45 days (based on index name), for logstash-\n        prefixed indices. Ignore the error if the filter does not result in an\n        actionable list of indices (ignore_empty_list) and exit cleanly.\n      options:\n        ignore_empty_list: True\n        disable_action: False\n      filters:\n      - filtertype: pattern\n        kind: prefix\n        value: logstash-\n      - filtertype: age\n        source: name\n        direction: older\n        timestring: '%Y.%m.%d'\n        unit: days\n        unit_count: 45\n''"}, "loc": ["services", "elasticsearch-curator", "actionYAML"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.elasticsearch-curator.enable": {"declarations": ["nixos/modules/services/search/elasticsearch-curator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable elasticsearch curator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "elasticsearch-curator", "enable"], "readOnly": false, "type": "boolean"}, "services.elasticsearch-curator.hosts": {"declarations": ["nixos/modules/services/search/elasticsearch-curator.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"localhost\"\n]"}, "description": "a list of elasticsearch hosts to connect to", "loc": ["services", "elasticsearch-curator", "hosts"], "readOnly": false, "type": "list of string"}, "services.elasticsearch-curator.interval": {"declarations": ["nixos/modules/services/search/elasticsearch-curator.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "The frequency to run curator, a systemd.time such as 'hourly'", "loc": ["services", "elasticsearch-curator", "interval"], "readOnly": false, "type": "string"}, "services.elasticsearch-curator.port": {"declarations": ["nixos/modules/services/search/elasticsearch-curator.nix"], "default": {"_type": "literalExpression", "text": "9200"}, "description": "the port that elasticsearch is listening on", "loc": ["services", "elasticsearch-curator", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.elasticsearch.cluster_name": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "\"elasticsearch\""}, "description": "Elasticsearch name that identifies your cluster for auto-discovery.", "loc": ["services", "elasticsearch", "cluster_name"], "readOnly": false, "type": "string"}, "services.elasticsearch.dataDir": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/elasticsearch\""}, "description": "Data directory for elasticsearch.\n", "loc": ["services", "elasticsearch", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.elasticsearch.enable": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable elasticsearch.", "loc": ["services", "elasticsearch", "enable"], "readOnly": false, "type": "boolean"}, "services.elasticsearch.extraCmdLineOptions": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for the elasticsearch launcher.", "loc": ["services", "elasticsearch", "extraCmdLineOptions"], "readOnly": false, "type": "list of string"}, "services.elasticsearch.extraConf": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for elasticsearch.", "example": {"_type": "literalExpression", "text": "''\n  node.name: \"elasticsearch\"\n  node.master: true\n  node.data: false\n''"}, "loc": ["services", "elasticsearch", "extraConf"], "readOnly": false, "type": "string"}, "services.elasticsearch.extraJavaOptions": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for Java.", "example": {"_type": "literalExpression", "text": "[\n  \"-Djava.net.preferIPv4Stack=true\"\n]"}, "loc": ["services", "elasticsearch", "extraJavaOptions"], "readOnly": false, "type": "list of string"}, "services.elasticsearch.listenAddress": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Elasticsearch listen address.", "loc": ["services", "elasticsearch", "listenAddress"], "readOnly": false, "type": "string"}, "services.elasticsearch.logging": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "''\n  logger.action.name = org.elasticsearch.action\n  logger.action.level = info\n  \n  appender.console.type = Console\n  appender.console.name = console\n  appender.console.layout.type = PatternLayout\n  appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n\n  \n  rootLogger.level = info\n  rootLogger.appenderRef.console.ref = console\n''"}, "description": "Elasticsearch logging configuration.", "loc": ["services", "elasticsearch", "logging"], "readOnly": false, "type": "string"}, "services.elasticsearch.package": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.elasticsearch"}, "description": "The elasticsearch package to use.", "loc": ["services", "elasticsearch", "package"], "readOnly": false, "type": "package"}, "services.elasticsearch.plugins": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra elasticsearch plugins", "example": {"_type": "literalExpression", "text": "[ pkgs.elasticsearchPlugins.discovery-ec2 ]"}, "loc": ["services", "elasticsearch", "plugins"], "readOnly": false, "type": "list of package"}, "services.elasticsearch.port": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "9200"}, "description": "Elasticsearch port to listen for HTTP traffic.", "loc": ["services", "elasticsearch", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.elasticsearch.restartIfChanged": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on a server or cluster.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "elasticsearch", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.elasticsearch.single_node": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Start a single-node cluster", "loc": ["services", "elasticsearch", "single_node"], "readOnly": false, "type": "boolean"}, "services.elasticsearch.tcp_port": {"declarations": ["nixos/modules/services/search/elasticsearch.nix"], "default": {"_type": "literalExpression", "text": "9300"}, "description": "Elasticsearch port for the node to node communication.", "loc": ["services", "elasticsearch", "tcp_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.elephant.enable": {"declarations": ["nixos/modules/services/misc/elephant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Elephant application launcher backend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "elephant", "enable"], "readOnly": false, "type": "boolean"}, "services.elephant.package": {"declarations": ["nixos/modules/services/misc/elephant.nix"], "default": {"_type": "literalExpression", "text": "pkgs.elephant"}, "description": "The elephant package to use.", "loc": ["services", "elephant", "package"], "readOnly": false, "type": "package"}, "services.emacs.defaultEditor": {"declarations": ["nixos/modules/services/editors/emacs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, configures emacsclient to be the default editor\nusing the EDITOR environment variable.\n", "loc": ["services", "emacs", "defaultEditor"], "readOnly": false, "type": "boolean"}, "services.emacs.enable": {"declarations": ["nixos/modules/services/editors/emacs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a user service for the Emacs daemon. Use `emacsclient` to connect to the\ndaemon. If `true`, {var}`services.emacs.install` is\nconsidered `true`.\n", "loc": ["services", "emacs", "enable"], "readOnly": false, "type": "boolean"}, "services.emacs.install": {"declarations": ["nixos/modules/services/editors/emacs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install a user service for the Emacs daemon. Once\nthe service is started, use emacsclient to connect to the\ndaemon.\n\nThe service must be manually started for each user with\n\"systemctl --user start emacs\" or globally through\n{var}`services.emacs.enable`.\n", "loc": ["services", "emacs", "install"], "readOnly": false, "type": "boolean"}, "services.emacs.package": {"declarations": ["nixos/modules/services/editors/emacs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.emacs"}, "description": "The emacs package to use.", "loc": ["services", "emacs", "package"], "readOnly": false, "type": "package"}, "services.emacs.startWithGraphical": {"declarations": ["nixos/modules/services/editors/emacs.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.enable"}, "description": "Start emacs with the graphical session instead of any session. Without this, emacs clients will not be able to create frames in the graphical session.\n", "loc": ["services", "emacs", "startWithGraphical"], "readOnly": false, "type": "boolean"}, "services.endlessh-go.enable": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable endlessh-go service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "endlessh-go", "enable"], "readOnly": false, "type": "boolean"}, "services.endlessh-go.extraOptions": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line options to pass to the endlessh-go daemon.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-conn_type=tcp4\"\n  \"-max_clients=8192\"\n]"}, "loc": ["services", "endlessh-go", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.endlessh-go.listenAddress": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Interface address to bind the endlessh-go daemon to SSH connections.\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "endlessh-go", "listenAddress"], "readOnly": false, "type": "string"}, "services.endlessh-go.openFirewall": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open a firewall port for the SSH listener.\n", "loc": ["services", "endlessh-go", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.endlessh-go.package": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "pkgs.endlessh-go"}, "description": "The endlessh-go package to use.", "loc": ["services", "endlessh-go", "package"], "readOnly": false, "type": "package"}, "services.endlessh-go.port": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "2222"}, "description": "Specifies on which port the endlessh-go daemon listens for SSH\nconnections.\n\nSetting this to `22` may conflict with {option}`services.openssh`.\n", "example": {"_type": "literalExpression", "text": "22"}, "loc": ["services", "endlessh-go", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.endlessh-go.prometheus.enable": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Prometheus integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "endlessh-go", "prometheus", "enable"], "readOnly": false, "type": "boolean"}, "services.endlessh-go.prometheus.listenAddress": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Interface address to bind the endlessh-go daemon to answer Prometheus\nqueries.\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "endlessh-go", "prometheus", "listenAddress"], "readOnly": false, "type": "string"}, "services.endlessh-go.prometheus.port": {"declarations": ["nixos/modules/services/security/endlessh-go.nix"], "default": {"_type": "literalExpression", "text": "2112"}, "description": "Specifies on which port the endlessh-go daemon listens for Prometheus\nqueries.\n", "example": {"_type": "literalExpression", "text": "9119"}, "loc": ["services", "endlessh-go", "prometheus", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.endlessh.enable": {"declarations": ["nixos/modules/services/security/endlessh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable endlessh service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "endlessh", "enable"], "readOnly": false, "type": "boolean"}, "services.endlessh.extraOptions": {"declarations": ["nixos/modules/services/security/endlessh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line options to pass to the endlessh daemon.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-6\"\n  \"-d 9000\"\n  \"-v\"\n]"}, "loc": ["services", "endlessh", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.endlessh.openFirewall": {"declarations": ["nixos/modules/services/security/endlessh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open a firewall port for the SSH listener.\n", "loc": ["services", "endlessh", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.endlessh.port": {"declarations": ["nixos/modules/services/security/endlessh.nix"], "default": {"_type": "literalExpression", "text": "2222"}, "description": "Specifies on which port the endlessh daemon listens for SSH\nconnections.\n\nSetting this to `22` may conflict with {option}`services.openssh`.\n", "example": {"_type": "literalExpression", "text": "22"}, "loc": ["services", "endlessh", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.engelsystem.createDatabase": {"declarations": ["nixos/modules/services/web-apps/engelsystem.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.\nThis will override every database setting in {option}`services.engelsystem.settings`.\n", "loc": ["services", "engelsystem", "createDatabase"], "readOnly": false, "type": "boolean"}, "services.engelsystem.domain": {"declarations": ["nixos/modules/services/web-apps/engelsystem.nix"], "description": "Domain to serve on.", "example": {"_type": "literalExpression", "text": "\"engelsystem.example.com\""}, "loc": ["services", "engelsystem", "domain"], "readOnly": false, "type": "string"}, "services.engelsystem.enable": {"declarations": ["nixos/modules/services/web-apps/engelsystem.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable engelsystem, an online tool for coordinating volunteers and shifts on large events.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "engelsystem", "enable"], "readOnly": false, "type": "boolean"}, "services.engelsystem.package": {"declarations": ["nixos/modules/services/web-apps/engelsystem.nix"], "default": {"_type": "literalExpression", "text": "pkgs.engelsystem"}, "description": "The engelsystem package to use.", "loc": ["services", "engelsystem", "package"], "readOnly": false, "type": "package"}, "services.engelsystem.settings": {"declarations": ["nixos/modules/services/web-apps/engelsystem.nix"], "default": {"_type": "literalExpression", "text": "{\n  database = {\n    database = \"engelsystem\";\n    host = \"localhost\";\n    username = \"engelsystem\";\n  };\n}"}, "description": "Options to be added to config.php, as a nix attribute set. Options containing secret data\nshould be set to an attribute set containing the attribute _secret - a string pointing to a\nfile containing the value the option should be set to. See the example to get a better\npicture of this: in the resulting config.php file, the email.password key will be set to\nthe contents of the /var/keys/engelsystem/mail file.\n\nSee <https://engelsystem.de/doc/admin/configuration/> for available options.\n\nNote that the admin user login credentials cannot be set here - they always default to\nadmin:asdfasdf. Log in and change them immediately.\n", "example": {"_type": "literalExpression", "text": "{\n  autoarrive = true;\n  database = {\n    database = \"engelsystem\";\n    host = \"database.example.com\";\n    password = {\n      _secret = \"/var/keys/engelsystem/database\";\n    };\n    username = \"engelsystem\";\n  };\n  default_locale = \"de_DE\";\n  email = {\n    driver = \"smtp\";\n    encryption = \"tls\";\n    from = {\n      address = \"engelsystem@example.com\";\n      name = \"example engelsystem\";\n    };\n    host = \"smtp.example.com\";\n    password = {\n      _secret = \"/var/keys/engelsystem/mail\";\n    };\n    port = 587;\n    username = \"engelsystem@example.com\";\n  };\n  maintenance = false;\n  min_password_length = 6;\n}"}, "loc": ["services", "engelsystem", "settings"], "readOnly": false, "type": "attribute set"}, "services.ente.api.domain": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The domain under which the api will be served.", "example": {"_type": "literalExpression", "text": "\"api.ente.example.com\""}, "loc": ["services", "ente", "api", "domain"], "readOnly": false, "type": "string"}, "services.ente.api.enable": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Museum (API server for ente.io).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ente", "api", "enable"], "readOnly": false, "type": "boolean"}, "services.ente.api.enableLocalDB": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the automatic creation of a local postgres database for museum..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ente", "api", "enableLocalDB"], "readOnly": false, "type": "boolean"}, "services.ente.api.group": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "\"ente\""}, "description": "Group under which museum runs. If you set this option you must make sure the group exists.", "loc": ["services", "ente", "api", "group"], "readOnly": false, "type": "string"}, "services.ente.api.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx proxy for the API server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ente", "api", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.ente.api.package": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "pkgs.museum"}, "description": "The museum package to use.", "loc": ["services", "ente", "api", "package"], "readOnly": false, "type": "package"}, "services.ente.api.settings": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Museum yaml configuration. Refer to upstream [local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml) for more information.\nYou can specify secret values in this configuration by setting `somevalue._secret = \"/path/to/file\"` instead of setting `somevalue` directly.\n", "loc": ["services", "ente", "api", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.ente.api.settings.apps.accounts": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "\"https://accounts.ente.io\""}, "description": "Set this to the URL where your accounts page is running.\nThis is primarily for passkey support.\n", "loc": ["services", "ente", "api", "settings", "apps", "accounts"], "readOnly": false, "type": "string"}, "services.ente.api.settings.apps.cast": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "\"https://cast.ente.io\""}, "description": "Set this to the URL where your cast page is running.\nThis is for browser and chromecast casting support.\n", "loc": ["services", "ente", "api", "settings", "apps", "cast"], "readOnly": false, "type": "string"}, "services.ente.api.settings.apps.public-albums": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "\"https://albums.ente.io\""}, "description": "If you're running a self hosted instance and wish to serve public links,\nset this to the URL where your albums web app is running.\n", "loc": ["services", "ente", "api", "settings", "apps", "public-albums"], "readOnly": false, "type": "string"}, "services.ente.api.settings.db.host": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The database host", "loc": ["services", "ente", "api", "settings", "db", "host"], "readOnly": false, "type": "string"}, "services.ente.api.settings.db.name": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The database name", "loc": ["services", "ente", "api", "settings", "db", "name"], "readOnly": false, "type": "string"}, "services.ente.api.settings.db.port": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "The database port", "loc": ["services", "ente", "api", "settings", "db", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ente.api.settings.db.user": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The database user", "loc": ["services", "ente", "api", "settings", "db", "user"], "readOnly": false, "type": "string"}, "services.ente.api.user": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "\"ente\""}, "description": "User under which museum runs. If you set this option you must make sure the user exists.", "loc": ["services", "ente", "api", "user"], "readOnly": false, "type": "string"}, "services.ente.web.domains.accounts": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The domain under which the accounts frontend will be served.", "example": {"_type": "literalExpression", "text": "\"accounts.ente.example.com\""}, "loc": ["services", "ente", "web", "domains", "accounts"], "readOnly": false, "type": "string"}, "services.ente.web.domains.albums": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The domain under which the albums frontend will be served.", "example": {"_type": "literalExpression", "text": "\"albums.ente.example.com\""}, "loc": ["services", "ente", "web", "domains", "albums"], "readOnly": false, "type": "string"}, "services.ente.web.domains.api": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The domain under which the api is served. This will NOT serve the api itself,\nbut is a required setting to host the frontends! This will automatically be set\nfor you if you enable both the api server and web frontends.\n", "example": {"_type": "literalExpression", "text": "\"api.ente.example.com\""}, "loc": ["services", "ente", "web", "domains", "api"], "readOnly": false, "type": "string"}, "services.ente.web.domains.cast": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The domain under which the cast frontend will be served.", "example": {"_type": "literalExpression", "text": "\"cast.ente.example.com\""}, "loc": ["services", "ente", "web", "domains", "cast"], "readOnly": false, "type": "string"}, "services.ente.web.domains.photos": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "description": "The domain under which the photos frontend will be served.", "example": {"_type": "literalExpression", "text": "\"photos.ente.example.com\""}, "loc": ["services", "ente", "web", "domains", "photos"], "readOnly": false, "type": "string"}, "services.ente.web.enable": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ente web frontend (Photos, Albums).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ente", "web", "enable"], "readOnly": false, "type": "boolean"}, "services.ente.web.package": {"declarations": ["nixos/modules/services/web-apps/ente.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ente-web"}, "description": "The ente-web package to use.", "loc": ["services", "ente", "web", "package"], "readOnly": false, "type": "package"}, "services.envfs.enable": {"declarations": ["nixos/modules/tasks/filesystems/envfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Fuse filesystem that returns symlinks to executables based on the PATH\nof the requesting process. This is useful to execute shebangs on NixOS\nthat assume hard coded locations in locations like /bin or /usr/bin\netc.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "envfs", "enable"], "readOnly": false, "type": "boolean"}, "services.envfs.extraFallbackPathCommands": {"declarations": ["nixos/modules/tasks/filesystems/envfs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra commands to run in the package that contains fallback executables in case not other executable is found", "example": {"_type": "literalExpression", "text": "\"ln -s $''{pkgs.bash}/bin/bash $out/bash\""}, "loc": ["services", "envfs", "extraFallbackPathCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.envfs.package": {"declarations": ["nixos/modules/tasks/filesystems/envfs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.envfs"}, "description": "Which package to use for the envfs.", "loc": ["services", "envfs", "package"], "readOnly": false, "type": "package"}, "services.envoy.enable": {"declarations": ["nixos/modules/services/networking/envoy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Envoy reverse proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "envoy", "enable"], "readOnly": false, "type": "boolean"}, "services.envoy.package": {"declarations": ["nixos/modules/services/networking/envoy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.envoy"}, "description": "The envoy package to use.", "loc": ["services", "envoy", "package"], "readOnly": false, "type": "package"}, "services.envoy.requireValidConfig": {"declarations": ["nixos/modules/services/networking/envoy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a failure during config validation at build time is fatal.\nWhen the config can't be checked during build time, for example when it includes\nother files, disable this option.\n", "loc": ["services", "envoy", "requireValidConfig"], "readOnly": false, "type": "boolean"}, "services.envoy.settings": {"declarations": ["nixos/modules/services/networking/envoy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify the configuration for Envoy in Nix.\n", "example": {"_type": "literalExpression", "text": "{\n  admin = {\n    access_log_path = \"/dev/null\";\n    address = {\n      socket_address = {\n        protocol = \"TCP\";\n        address = \"127.0.0.1\";\n        port_value = 9901;\n      };\n    };\n  };\n  static_resources = {\n    listeners = [];\n    clusters = [];\n  };\n}\n"}, "loc": ["services", "envoy", "settings"], "readOnly": false, "type": "JSON value"}, "services.epgstation.database.name": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "\"epgstation\""}, "description": "Name of the MySQL database that holds EPGStation's data.\n", "loc": ["services", "epgstation", "database", "name"], "readOnly": false, "type": "string"}, "services.epgstation.database.passwordFile": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "description": "A file containing the password for the database named\n{option}`database.name`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/epgstation-db-password\""}, "loc": ["services", "epgstation", "database", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.epgstation.enable": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable EPGStation: DVR system for Mirakurun-managed TV tuners.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "epgstation", "enable"], "readOnly": false, "type": "boolean"}, "services.epgstation.ffmpeg": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ffmpeg-headless"}, "description": "The ffmpeg package to use.", "example": {"_type": "literalExpression", "text": "ffmpeg-full"}, "loc": ["services", "epgstation", "ffmpeg"], "readOnly": false, "type": "package"}, "services.epgstation.openFirewall": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the EPGStation web interface.\n\n::: {.warning}\nExposing EPGStation to the open internet is generally advised\nagainst. Only use it inside a trusted local network, or consider\nputting it behind a VPN if you want remote access.\n:::\n", "loc": ["services", "epgstation", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.epgstation.package": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.epgstation"}, "description": "The epgstation package to use.", "loc": ["services", "epgstation", "package"], "readOnly": false, "type": "package"}, "services.epgstation.settings": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options to add to config.yml.\n\nDocumentation:\n<https://github.com/l3tnun/EPGStation/blob/master/doc/conf-manual.md>\n", "example": {"_type": "literalExpression", "text": "{\n  conflictPriority = 10;\n  recPriority = 20;\n}"}, "loc": ["services", "epgstation", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.epgstation.settings.clientSocketioPort": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.epgstation.settings.socketioPort"}, "description": "Socket.io port that the web client is going to connect to. This may\nbe different from {option}`services.epgstation.settings.socketioPort` if\nEPGStation is hidden behind a reverse proxy.\n", "loc": ["services", "epgstation", "settings", "clientSocketioPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.epgstation.settings.concurrentEncodeNum": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The maximum number of encoding jobs that EPGStation would run at the\nsame time.\n", "loc": ["services", "epgstation", "settings", "concurrentEncodeNum"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.epgstation.settings.encode": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    name = \"H.264\";\n    cmd = \"%NODE% config.services.epgstation.package/libexec/enc.js\";\n    suffix = \".mp4\";\n  }\n]\n"}, "description": "Encoding presets for recorded videos.", "loc": ["services", "epgstation", "settings", "encode"], "readOnly": false, "type": "list of (attribute set)"}, "services.epgstation.settings.encodeProcessNum": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "The maximum number of processes that EPGStation would allow to run\nat the same time for encoding or streaming videos.\n", "loc": ["services", "epgstation", "settings", "encodeProcessNum"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.epgstation.settings.mirakurunPath": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "\"http+unix://${lib.replaceStrings [\"/\"] [\"%2F\"] config.services.mirakurun.unixSocket}\"\n"}, "description": "URL to connect to Mirakurun.", "example": {"_type": "literalExpression", "text": "\"http://localhost:40772\""}, "loc": ["services", "epgstation", "settings", "mirakurunPath"], "readOnly": false, "type": "string"}, "services.epgstation.settings.port": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "20772"}, "description": "HTTP port for EPGStation to listen on.\n", "loc": ["services", "epgstation", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.epgstation.settings.socketioPort": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.epgstation.settings.port + 1"}, "description": "Socket.io port for EPGStation to listen on. It is valid to share\nports with {option}`services.epgstation.settings.port`.\n", "loc": ["services", "epgstation", "settings", "socketioPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.epgstation.usePreconfiguredStreaming": {"declarations": ["nixos/modules/services/video/epgstation/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use preconfigured default streaming options.\n\nUpstream defaults:\n<https://github.com/l3tnun/EPGStation/blob/master/config/config.yml.template>\n", "loc": ["services", "epgstation", "usePreconfiguredStreaming"], "readOnly": false, "type": "boolean"}, "services.epmd.enable": {"declarations": ["nixos/modules/services/networking/epmd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),\nwhich acts as a name server on all hosts involved in distributed\nErlang computations.\n", "loc": ["services", "epmd", "enable"], "readOnly": false, "type": "boolean"}, "services.epmd.listenStream": {"declarations": ["nixos/modules/services/networking/epmd.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:4369\""}, "description": "the listenStream used by the systemd socket.\nsee <https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=> for more information.\nuse this to change the port epmd will run on.\nif not defined, epmd will use \"[::]:4369\"\n", "loc": ["services", "epmd", "listenStream"], "readOnly": false, "type": "string"}, "services.epmd.package": {"declarations": ["nixos/modules/services/networking/epmd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.erlang"}, "description": "The erlang package to use.", "loc": ["services", "epmd", "package"], "readOnly": false, "type": "package"}, "services.ergo.api.keyHash": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.", "example": {"_type": "literalExpression", "text": "\"324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf\""}, "loc": ["services", "ergo", "api", "keyHash"], "readOnly": false, "type": "null or string"}, "services.ergo.api.listen.ip": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address that the Ergo node API should listen on if {option}`api.keyHash` is defined.", "loc": ["services", "ergo", "api", "listen", "ip"], "readOnly": false, "type": "string"}, "services.ergo.api.listen.port": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "9052"}, "description": "Listen port for the API endpoint if {option}`api.keyHash` is defined.", "loc": ["services", "ergo", "api", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ergo.dataDir": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ergo\""}, "description": "The data directory for the Ergo node.", "loc": ["services", "ergo", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.ergo.enable": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ergo service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ergo", "enable"], "readOnly": false, "type": "boolean"}, "services.ergo.group": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "config.services.ergo.user"}, "description": "The group as which to run the Ergo node.", "loc": ["services", "ergo", "group"], "readOnly": false, "type": "string"}, "services.ergo.listen.ip": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address on which the Ergo node should listen.", "loc": ["services", "ergo", "listen", "ip"], "readOnly": false, "type": "string"}, "services.ergo.listen.port": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "9006"}, "description": "Listen port for the Ergo node.", "loc": ["services", "ergo", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ergo.openFirewall": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Ergo node as well as the API.", "loc": ["services", "ergo", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.ergo.testnet": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Connect to testnet network instead of the default mainnet.", "loc": ["services", "ergo", "testnet"], "readOnly": false, "type": "boolean"}, "services.ergo.user": {"declarations": ["nixos/modules/services/networking/ergo.nix"], "default": {"_type": "literalExpression", "text": "\"ergo\""}, "description": "The user as which to run the Ergo node.", "loc": ["services", "ergo", "user"], "readOnly": false, "type": "string"}, "services.ergochat.configFile": {"declarations": ["nixos/modules/services/networking/ergochat.nix"], "default": {"_type": "literalMD", "text": "generated config file from `settings`"}, "description": "Path to configuration file.\nSetting this will skip any configuration done via `settings`\n", "loc": ["services", "ergochat", "configFile"], "readOnly": false, "type": "absolute path"}, "services.ergochat.enable": {"declarations": ["nixos/modules/services/networking/ergochat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ergo IRC daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ergochat", "enable"], "readOnly": false, "type": "boolean"}, "services.ergochat.openFilesLimit": {"declarations": ["nixos/modules/services/networking/ergochat.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Maximum number of open files. Limits the clients and server connections.\n", "loc": ["services", "ergochat", "openFilesLimit"], "readOnly": false, "type": "signed integer"}, "services.ergochat.settings": {"declarations": ["nixos/modules/services/networking/ergochat.nix"], "default": {"_type": "literalExpression", "text": "{\n  accounts = {\n    authentication-enabled = true;\n    multiclient = {\n      allowed-by-default = true;\n      always-on = \"opt-out\";\n      auto-away = \"opt-out\";\n      enabled = true;\n    };\n    registration = {\n      allow-before-connect = true;\n      bcrypt-cost = 4;\n      email-verification = {\n        enabled = false;\n      };\n      enabled = true;\n      throttling = {\n        duration = \"10m\";\n        enabled = true;\n        max-attempts = 30;\n      };\n    };\n  };\n  channels = {\n    default-modes = \"+ntC\";\n    registration = {\n      enabled = true;\n    };\n  };\n  datastore = {\n    autoupgrade = true;\n    path = \"/var/lib/ergo/ircd.db\";\n  };\n  history = {\n    autoreplay-on-join = 0;\n    autoresize-window = \"3d\";\n    channel-length = 2048;\n    chathistory-maxmessages = 100;\n    client-length = 256;\n    enabled = true;\n    restrictions = {\n      expire-time = \"1w\";\n      grace-period = \"1h\";\n      query-cutoff = \"none\";\n    };\n    retention = {\n      allow-individual-delete = false;\n      enable-account-indexing = false;\n    };\n    tagmsg-storage = {\n      default = false;\n      whitelist = [\n        \"+draft/react\"\n        \"+react\"\n      ];\n    };\n    znc-maxmessages = 2048;\n  };\n  limits = {\n    awaylen = 390;\n    channellen = 64;\n    identlen = 20;\n    kicklen = 390;\n    nicklen = 32;\n    topiclen = 390;\n  };\n  network = {\n    name = \"testnetwork\";\n  };\n  server = {\n    casemapping = \"permissive\";\n    check-ident = false;\n    enforce-utf = true;\n    forward-confirm-hostnames = false;\n    ip-cloaking = {\n      enabled = false;\n    };\n    ip-limits = {\n      count = false;\n      throttle = false;\n    };\n    listeners = {\n      \":6667\" = { };\n    };\n    lookup-hostnames = false;\n    max-sendq = \"1M\";\n    name = \"example.com\";\n    relaymsg = {\n      enabled = false;\n    };\n  };\n}"}, "description": "Ergo IRC daemon configuration file.\nhttps://raw.githubusercontent.com/ergochat/ergo/master/default.yaml\n", "loc": ["services", "ergochat", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.erigon.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/erigon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ethereum implementation on the efficiency frontier.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "erigon", "enable"], "readOnly": false, "type": "boolean"}, "services.erigon.extraArgs": {"declarations": ["nixos/modules/services/blockchain/ethereum/erigon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments passed to Erigon", "loc": ["services", "erigon", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.erigon.package": {"declarations": ["nixos/modules/services/blockchain/ethereum/erigon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.erigon"}, "description": "The erigon package to use.", "loc": ["services", "erigon", "package"], "readOnly": false, "type": "package"}, "services.erigon.secretJwtPath": {"declarations": ["nixos/modules/services/blockchain/ethereum/erigon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to the secret jwt used for the http api authentication.\n", "example": {"_type": "literalExpression", "text": "\"config.age.secrets.ERIGON_JWT.path\""}, "loc": ["services", "erigon", "secretJwtPath"], "readOnly": false, "type": "absolute path"}, "services.erigon.settings": {"declarations": ["nixos/modules/services/blockchain/ethereum/erigon.nix"], "default": {"_type": "literalExpression", "text": "{\n  datadir = \"/var/lib/erigon\";\n  chain = \"mainnet\";\n  http = true;\n  \"http.port\" = 8545;\n  \"http.api\" = [\"eth\" \"debug\" \"net\" \"trace\" \"web3\" \"erigon\"];\n  ws = true;\n  port = 30303;\n  \"authrpc.port\" = 8551;\n  \"torrent.port\" = 42069;\n  \"private.api.addr\" = \"localhost:9090\";\n  \"log.console.verbosity\" = 3; # info\n}\n"}, "description": "Configuration for Erigon\nRefer to <https://github.com/ledgerwatch/erigon#usage> for details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  \"authrpc.port\" = 8551;\n  chain = \"mainnet\";\n  datadir = \"/var/lib/erigon\";\n  http = true;\n  \"http.api\" = [\n    \"eth\"\n    \"debug\"\n    \"net\"\n    \"trace\"\n    \"web3\"\n    \"erigon\"\n  ];\n  \"http.port\" = 8545;\n  \"log.console.verbosity\" = 3;\n  port = 30303;\n  \"private.api.addr\" = \"localhost:9090\";\n  \"torrent.port\" = 42069;\n  ws = true;\n}"}, "loc": ["services", "erigon", "settings"], "readOnly": false, "type": "TOML value"}, "services.errbot.instances": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Errbot instance configs", "loc": ["services", "errbot", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.errbot.instances.<name>.admins": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of identifiers of errbot admins.", "loc": ["services", "errbot", "instances", "<name>", "admins"], "readOnly": false, "type": "list of string"}, "services.errbot.instances.<name>.backend": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "\"XMPP\""}, "description": "Errbot backend name.", "loc": ["services", "errbot", "instances", "<name>", "backend"], "readOnly": false, "type": "string"}, "services.errbot.instances.<name>.dataDir": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Data directory for errbot instance.", "loc": ["services", "errbot", "instances", "<name>", "dataDir"], "readOnly": false, "type": "null or absolute path"}, "services.errbot.instances.<name>.extraConfig": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "String to be appended to the config verbatim", "loc": ["services", "errbot", "instances", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.errbot.instances.<name>.identity": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "description": "Errbot identity configuration", "loc": ["services", "errbot", "instances", "<name>", "identity"], "readOnly": false, "type": "attribute set"}, "services.errbot.instances.<name>.logLevel": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Errbot log level", "loc": ["services", "errbot", "instances", "<name>", "logLevel"], "readOnly": false, "type": "string"}, "services.errbot.instances.<name>.plugins": {"declarations": ["nixos/modules/services/misc/errbot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of errbot plugin derivations.", "loc": ["services", "errbot", "instances", "<name>", "plugins"], "readOnly": false, "type": "list of package"}, "services.ersatztv.baseUrl": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Base URL to support reverse proxies that use paths (e.g. `/ersatztv`)\n", "loc": ["services", "ersatztv", "baseUrl"], "readOnly": false, "type": "string"}, "services.ersatztv.enable": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ErsatzTV.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ersatztv", "enable"], "readOnly": false, "type": "boolean"}, "services.ersatztv.environment": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "{\n  ETV_BASE_URL = \"/\";\n  ETV_UI_PORT = 8409;\n}"}, "description": "Environment variables to set for the ErsatzTV service.", "example": {"_type": "literalExpression", "text": "{\n  ETV_STREAMING_PORT = 8001;\n  ETV_UI_PORT = 8000;\n}"}, "loc": ["services", "ersatztv", "environment"], "readOnly": false, "type": "attribute set of (string or signed integer or floating point number or boolean or absolute path or package)"}, "services.ersatztv.group": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "\"ersatztv\""}, "description": "Group under which ErsatzTV runs.", "loc": ["services", "ersatztv", "group"], "readOnly": false, "type": "string"}, "services.ersatztv.openFirewall": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the default ports in the firewall for the server.\n", "loc": ["services", "ersatztv", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.ersatztv.package": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ersatztv"}, "description": "The ersatztv package to use.", "loc": ["services", "ersatztv", "package"], "readOnly": false, "type": "package"}, "services.ersatztv.user": {"declarations": ["nixos/modules/services/misc/ersatztv.nix"], "default": {"_type": "literalExpression", "text": "\"ersatztv\""}, "description": "User account under which ErsatzTV runs.", "loc": ["services", "ersatztv", "user"], "readOnly": false, "type": "string"}, "services.esdm.enable": {"declarations": ["nixos/modules/services/security/esdm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ESDM service configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "esdm", "enable"], "readOnly": false, "type": "boolean"}, "services.esdm.enableLinuxCompatServices": {"declarations": ["nixos/modules/services/security/esdm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable /dev/random, /dev/urandom and /proc/sys/kernel/random/* userspace wrapper.\n", "loc": ["services", "esdm", "enableLinuxCompatServices"], "readOnly": false, "type": "boolean"}, "services.esdm.package": {"declarations": ["nixos/modules/services/security/esdm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.esdm"}, "description": "The esdm package to use.", "loc": ["services", "esdm", "package"], "readOnly": false, "type": "package"}, "services.espanso.enable": {"declarations": ["nixos/modules/services/desktops/espanso.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Espanso.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "espanso", "enable"], "readOnly": false, "type": "boolean"}, "services.espanso.package": {"declarations": ["nixos/modules/services/desktops/espanso.nix"], "default": {"_type": "literalExpression", "text": "pkgs.espanso"}, "description": "The espanso package to use.", "example": {"_type": "literalExpression", "text": "pkgs.espanso-wayland"}, "loc": ["services", "espanso", "package"], "readOnly": false, "type": "package"}, "services.esphome.address": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "esphome address", "loc": ["services", "esphome", "address"], "readOnly": false, "type": "string"}, "services.esphome.allowedDevices": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"char-ttyS\"\n  \"char-ttyUSB\"\n]"}, "description": "A list of device nodes to which {command}`esphome` has access to.\nRefer to DeviceAllow in {manpage}`systemd.resource-control(5)` for more information.\nBeware that if a device is referred to by an absolute path instead of a device category,\nit will only allow devices that already are plugged in when the service is started.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0\"\n]"}, "loc": ["services", "esphome", "allowedDevices"], "readOnly": false, "type": "list of string"}, "services.esphome.enable": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable esphome, for making custom firmwares for ESP32/ESP8266.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "esphome", "enable"], "readOnly": false, "type": "boolean"}, "services.esphome.enableUnixSocket": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Listen on a unix socket `/run/esphome/esphome.sock` instead of the TCP port.", "loc": ["services", "esphome", "enableUnixSocket"], "readOnly": false, "type": "boolean"}, "services.esphome.openFirewall": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified port.", "loc": ["services", "esphome", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.esphome.package": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "pkgs.esphome"}, "description": "The esphome package to use.", "loc": ["services", "esphome", "package"], "readOnly": false, "type": "package"}, "services.esphome.port": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "6052"}, "description": "esphome port", "loc": ["services", "esphome", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.esphome.usePing": {"declarations": ["nixos/modules/services/home-automation/esphome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use ping to check online status of devices instead of mDNS", "loc": ["services", "esphome", "usePing"], "readOnly": false, "type": "boolean"}, "services.etcd.advertiseClientUrls": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "config.services.etcd.listenClientUrls"}, "description": "Etcd list of this member's client URLs to advertise to the rest of the cluster.", "loc": ["services", "etcd", "advertiseClientUrls"], "readOnly": false, "type": "list of string"}, "services.etcd.certFile": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cert file to use for clients", "loc": ["services", "etcd", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.etcd.clientCertAuth": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use certs for client authentication", "loc": ["services", "etcd", "clientCertAuth"], "readOnly": false, "type": "boolean"}, "services.etcd.dataDir": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/etcd\""}, "description": "Etcd data directory.", "loc": ["services", "etcd", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.etcd.discovery": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Etcd discovery url", "loc": ["services", "etcd", "discovery"], "readOnly": false, "type": "string"}, "services.etcd.enable": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable etcd.", "loc": ["services", "etcd", "enable"], "readOnly": false, "type": "boolean"}, "services.etcd.extraConf": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Etcd extra configuration. See\n<https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags>\n", "example": {"_type": "literalExpression", "text": "{\n  \"CORS\" = \"*\";\n  \"NAME\" = \"default-name\";\n  \"MAX_RESULT_BUFFER\" = \"1024\";\n  \"MAX_CLUSTER_SIZE\" = \"9\";\n  \"MAX_RETRY_ATTEMPTS\" = \"3\";\n}\n"}, "loc": ["services", "etcd", "extraConf"], "readOnly": false, "type": "attribute set of string"}, "services.etcd.initialAdvertisePeerUrls": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "config.services.etcd.listenPeerUrls"}, "description": "Etcd list of this member's peer URLs to advertise to rest of the cluster.", "loc": ["services", "etcd", "initialAdvertisePeerUrls"], "readOnly": false, "type": "list of string"}, "services.etcd.initialCluster": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "[\"${config.services.etcd.name}=http://127.0.0.1:2380\"]"}, "description": "Etcd initial cluster configuration for bootstrapping.", "loc": ["services", "etcd", "initialCluster"], "readOnly": false, "type": "list of string"}, "services.etcd.initialClusterState": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "\"new\""}, "description": "Etcd initial cluster configuration for bootstrapping.", "loc": ["services", "etcd", "initialClusterState"], "readOnly": false, "type": "one of \"new\", \"existing\""}, "services.etcd.initialClusterToken": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "\"etcd-cluster\""}, "description": "Etcd initial cluster token for etcd cluster during bootstrap.", "loc": ["services", "etcd", "initialClusterToken"], "readOnly": false, "type": "string"}, "services.etcd.keyFile": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file to use for clients", "loc": ["services", "etcd", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.etcd.listenClientUrls": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:2379\"\n]"}, "description": "Etcd list of URLs to listen on for client traffic.", "loc": ["services", "etcd", "listenClientUrls"], "readOnly": false, "type": "list of string"}, "services.etcd.listenPeerUrls": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:2380\"\n]"}, "description": "Etcd list of URLs to listen on for peer traffic.", "loc": ["services", "etcd", "listenPeerUrls"], "readOnly": false, "type": "list of string"}, "services.etcd.name": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Etcd unique node name.", "loc": ["services", "etcd", "name"], "readOnly": false, "type": "string"}, "services.etcd.openFirewall": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open etcd ports in the firewall.\nPorts opened:\n- 2379/tcp for client requests\n- 2380/tcp for peer communication\n", "loc": ["services", "etcd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.etcd.package": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.etcd"}, "description": "The etcd package to use.", "loc": ["services", "etcd", "package"], "readOnly": false, "type": "package"}, "services.etcd.peerCertFile": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "config.services.etcd.certFile"}, "description": "Cert file to use for peer to peer communication", "loc": ["services", "etcd", "peerCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.etcd.peerClientCertAuth": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA", "loc": ["services", "etcd", "peerClientCertAuth"], "readOnly": false, "type": "boolean"}, "services.etcd.peerKeyFile": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "config.services.etcd.keyFile"}, "description": "Key file to use for peer to peer communication", "loc": ["services", "etcd", "peerKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.etcd.peerTrustedCaFile": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "config.services.etcd.trustedCaFile"}, "description": "Certificate authority file to use for peer to peer communication", "loc": ["services", "etcd", "peerTrustedCaFile"], "readOnly": false, "type": "null or absolute path"}, "services.etcd.trustedCaFile": {"declarations": ["nixos/modules/services/databases/etcd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate authority file to use for clients", "loc": ["services", "etcd", "trustedCaFile"], "readOnly": false, "type": "null or absolute path"}, "services.etebase-server.dataDir": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/etebase-server\""}, "description": "Directory to store the Etebase server data.", "loc": ["services", "etebase-server", "dataDir"], "readOnly": false, "type": "string"}, "services.etebase-server.enable": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Etebase server.\n\nOnce enabled you need to create an admin user by invoking the\nshell command `etebase-server createsuperuser` with\nthe user specified by the `user` option or a superuser.\nThen you can login and create accounts on your-etebase-server.com/admin\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "etebase-server", "enable"], "readOnly": false, "type": "boolean"}, "services.etebase-server.openFirewall": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the server.\n", "loc": ["services", "etebase-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.etebase-server.package": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.etebase-server"}, "description": "The etebase-server package to use.", "loc": ["services", "etebase-server", "package"], "readOnly": false, "type": "package"}, "services.etebase-server.port": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "8001"}, "description": "Port to listen on.", "loc": ["services", "etebase-server", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.etebase-server.settings": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `etebase-server`. Refer to\n<https://github.com/etesync/server/blob/master/etebase-server.ini.example>\nand <https://github.com/etesync/server/wiki>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  allowed_hosts = {\n    allowed_host2 = \"localhost\";\n  };\n  global = {\n    debug = true;\n    media_root = \"/path/to/media\";\n  };\n}"}, "loc": ["services", "etebase-server", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.etebase-server.settings.allowed_hosts.allowed_host1": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The main host that is allowed access.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "etebase-server", "settings", "allowed_hosts", "allowed_host1"], "readOnly": false, "type": "string"}, "services.etebase-server.settings.database.engine": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"django.db.backends.sqlite3\""}, "description": "The database engine to use.", "loc": ["services", "etebase-server", "settings", "database", "engine"], "readOnly": false, "type": "one of \"django.db.backends.sqlite3\", \"django.db.backends.postgresql\""}, "services.etebase-server.settings.database.name": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.etebase-server.dataDir}/db.sqlite3\""}, "description": "The database name.", "loc": ["services", "etebase-server", "settings", "database", "name"], "readOnly": false, "type": "string"}, "services.etebase-server.settings.global.debug": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set django's DEBUG flag.\n", "loc": ["services", "etebase-server", "settings", "global", "debug"], "readOnly": false, "type": "boolean"}, "services.etebase-server.settings.global.media_root": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.etebase-server.dataDir}/media\""}, "description": "The media directory.", "loc": ["services", "etebase-server", "settings", "global", "media_root"], "readOnly": false, "type": "string"}, "services.etebase-server.settings.global.secret_file": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the secret\nused as django's SECRET_KEY.\n", "loc": ["services", "etebase-server", "settings", "global", "secret_file"], "readOnly": false, "type": "null or string"}, "services.etebase-server.settings.global.static_root": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.etebase-server.dataDir}/static\""}, "description": "The directory for static files.", "loc": ["services", "etebase-server", "settings", "global", "static_root"], "readOnly": false, "type": "string"}, "services.etebase-server.unixSocket": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the socket to bind to.", "example": {"_type": "literalExpression", "text": "\"/run/etebase-server/etebase-server.sock\""}, "loc": ["services", "etebase-server", "unixSocket"], "readOnly": false, "type": "null or string"}, "services.etebase-server.user": {"declarations": ["nixos/modules/services/misc/etebase-server.nix"], "default": {"_type": "literalExpression", "text": "\"etebase-server\""}, "description": "User under which Etebase server runs.", "loc": ["services", "etebase-server", "user"], "readOnly": false, "type": "string"}, "services.eternal-terminal.enable": {"declarations": ["nixos/modules/services/networking/eternal-terminal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Eternal Terminal server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "eternal-terminal", "enable"], "readOnly": false, "type": "boolean"}, "services.eternal-terminal.logSize": {"declarations": ["nixos/modules/services/networking/eternal-terminal.nix"], "default": {"_type": "literalExpression", "text": "20971520"}, "description": "The maximum log size.\n", "loc": ["services", "eternal-terminal", "logSize"], "readOnly": false, "type": "signed integer"}, "services.eternal-terminal.port": {"declarations": ["nixos/modules/services/networking/eternal-terminal.nix"], "default": {"_type": "literalExpression", "text": "2022"}, "description": "The port the server should listen on. Will use the server's default (2022) if not specified.\n\nMake sure to open this port in the firewall if necessary.\n", "loc": ["services", "eternal-terminal", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.eternal-terminal.silent": {"declarations": ["nixos/modules/services/networking/eternal-terminal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, disables all logging.\n", "loc": ["services", "eternal-terminal", "silent"], "readOnly": false, "type": "boolean"}, "services.eternal-terminal.verbosity": {"declarations": ["nixos/modules/services/networking/eternal-terminal.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The verbosity level (0-9).\n", "loc": ["services", "eternal-terminal", "verbosity"], "readOnly": false, "type": "one of 0, 1, 2, 3, 4, 5, 6, 7, 8, 9"}, "services.etesync-dav.apiUrl": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "\"https://api.etebase.com/partner/etesync/\""}, "description": "The url to the etesync API.", "loc": ["services", "etesync-dav", "apiUrl"], "readOnly": false, "type": "string"}, "services.etesync-dav.enable": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable etesync-dav, end-to-end encrypted sync for contacts, calendars and tasks.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "etesync-dav", "enable"], "readOnly": false, "type": "boolean"}, "services.etesync-dav.host": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The server host address.", "loc": ["services", "etesync-dav", "host"], "readOnly": false, "type": "string"}, "services.etesync-dav.openFirewall": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified port.", "loc": ["services", "etesync-dav", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.etesync-dav.port": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "37358"}, "description": "The server host port.", "loc": ["services", "etesync-dav", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.etesync-dav.sslCertificate": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL certificate. It will be copied into\netesync-dav's data directory.\n", "example": {"_type": "literalExpression", "text": "\"/var/etesync.crt\""}, "loc": ["services", "etesync-dav", "sslCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.etesync-dav.sslCertificateKey": {"declarations": ["nixos/modules/services/misc/etesync-dav.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL certificate key.  It will be copied into\netesync-dav's data directory.\n", "example": {"_type": "literalExpression", "text": "\"/var/etesync.key\""}, "loc": ["services", "etesync-dav", "sslCertificateKey"], "readOnly": false, "type": "null or absolute path"}, "services.evdevremapkeys.enable": {"declarations": ["nixos/modules/services/misc/evdevremapkeys.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable evdevremapkeys, a daemon to remap events on linux input devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "evdevremapkeys", "enable"], "readOnly": false, "type": "boolean"}, "services.evdevremapkeys.settings": {"declarations": ["nixos/modules/services/misc/evdevremapkeys.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "config.yaml for evdevremapkeys\n", "loc": ["services", "evdevremapkeys", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.evremap.enable": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable evremap, a keyboard input remapper for Linux/Wayland systems.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "evremap", "enable"], "readOnly": false, "type": "boolean"}, "services.evremap.settings": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for evremap.\n\nSee the [upstream documentation](https://github.com/wez/evremap/blob/master/README.md#configuration)\nfor how to configure evremap.\n", "loc": ["services", "evremap", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.evremap.settings.device_name": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "description": "The name of the device that should be remapped.\n\nYou can get a list of devices by running `evremap list-devices` with elevated permissions.\n", "example": {"_type": "literalExpression", "text": "\"AT Translated Set 2 keyboard\""}, "loc": ["services", "evremap", "settings", "device_name"], "readOnly": false, "type": "string"}, "services.evremap.settings.dual_role": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of dual-role remappings that output different key sequences based on whether the\ninput key is held or tapped.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    hold = [\n      \"KEY_LEFTCTRL\"\n    ];\n    input = \"KEY_CAPSLOCK\";\n    tap = [\n      \"KEY_ESC\"\n    ];\n  }\n]"}, "loc": ["services", "evremap", "settings", "dual_role"], "readOnly": false, "type": "list of (submodule)"}, "services.evremap.settings.dual_role.*.hold": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "description": "The key sequence that should be output when the input key is held.\n\nYou can get a list of keys by running `evremap list-keys`.\n", "loc": ["services", "evremap", "settings", "dual_role", "*", "hold"], "readOnly": false, "type": "list of key ID prefixed with BTN_ or KEY_"}, "services.evremap.settings.dual_role.*.input": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "description": "The key that should be remapped.\n\nYou can get a list of keys by running `evremap list-keys`.\n", "loc": ["services", "evremap", "settings", "dual_role", "*", "input"], "readOnly": false, "type": "key ID prefixed with BTN_ or KEY_"}, "services.evremap.settings.dual_role.*.tap": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "description": "The key sequence that should be output when the input key is tapped.\n\nYou can get a list of keys by running `evremap list-keys`.\n", "loc": ["services", "evremap", "settings", "dual_role", "*", "tap"], "readOnly": false, "type": "list of key ID prefixed with BTN_ or KEY_"}, "services.evremap.settings.phys": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The physical device name to listen on.\n\nThis attribute may be specified to disambiguate multiple devices with the same device name.\nThe physical device names of each device can be obtained by running `evremap list-devices` with elevated permissions.\n", "example": {"_type": "literalExpression", "text": "\"usb-0000:07:00.3-2.1.1/input0\""}, "loc": ["services", "evremap", "settings", "phys"], "readOnly": false, "type": "null or string"}, "services.evremap.settings.remap": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of remappings.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    input = [\n      \"KEY_LEFTALT\"\n      \"KEY_UP\"\n    ];\n    output = [\n      \"KEY_PAGEUP\"\n    ];\n  }\n]"}, "loc": ["services", "evremap", "settings", "remap"], "readOnly": false, "type": "list of (submodule)"}, "services.evremap.settings.remap.*.input": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "description": "The key sequence that should be remapped.\n\nYou can get a list of keys by running `evremap list-keys`.\n", "loc": ["services", "evremap", "settings", "remap", "*", "input"], "readOnly": false, "type": "list of key ID prefixed with BTN_ or KEY_"}, "services.evremap.settings.remap.*.output": {"declarations": ["nixos/modules/services/misc/evremap.nix"], "description": "The key sequence that should be output when the input sequence is entered.\n\nYou can get a list of keys by running `evremap list-keys`.\n", "loc": ["services", "evremap", "settings", "remap", "*", "output"], "readOnly": false, "type": "list of key ID prefixed with BTN_ or KEY_"}, "services.exim.config": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim Exim configuration.  This should not contain exim_user,\nexim_group, exim_path, or spool_directory.\n", "loc": ["services", "exim", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.exim.enable": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Exim mail transfer agent.", "loc": ["services", "exim", "enable"], "readOnly": false, "type": "boolean"}, "services.exim.group": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "\"exim\""}, "description": "Group to use when no root privileges are required.\n", "loc": ["services", "exim", "group"], "readOnly": false, "type": "string"}, "services.exim.package": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exim"}, "description": "The exim package to use. This can be used to enable features such as LDAP or PAM support.\n", "loc": ["services", "exim", "package"], "readOnly": false, "type": "package"}, "services.exim.queueRunnerInterval": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "\"5m\""}, "description": "How often to spawn a new queue runner.\n", "loc": ["services", "exim", "queueRunnerInterval"], "readOnly": false, "type": "string"}, "services.exim.spoolDir": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/exim\""}, "description": "Location of the spool directory of exim.\n", "loc": ["services", "exim", "spoolDir"], "readOnly": false, "type": "absolute path"}, "services.exim.user": {"declarations": ["nixos/modules/services/mail/exim.nix"], "default": {"_type": "literalExpression", "text": "\"exim\""}, "description": "User to use when no root privileges are required.\nIn particular, this applies when receiving messages and when doing\nremote deliveries.  (Local deliveries run as various non-root users,\ntypically as the owner of a local mailbox.) Specifying this value\nas root is not supported.\n", "loc": ["services", "exim", "user"], "readOnly": false, "type": "string"}, "services.expressvpn.enable": {"declarations": ["nixos/modules/services/networking/expressvpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the ExpressVPN daemon.\n", "loc": ["services", "expressvpn", "enable"], "readOnly": false, "type": "boolean"}, "services.factorio.admins": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of player names which will be admin.\n", "example": {"_type": "literalExpression", "text": "[\n  \"username\"\n]"}, "loc": ["services", "factorio", "admins"], "readOnly": false, "type": "list of string"}, "services.factorio.allowedPlayers": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If non-empty, only these player names are allowed to connect. The game\nwill not be able to save any changes made in-game with the /whitelist\nconsole command, though they will still take effect until the server\nis restarted.\n\nIf empty, the whitelist defaults to open, but can be managed with the\nin-game /whitelist console command (see: /help whitelist), which will\ncause changes to be saved to the game's state directory (see also:\n`stateDirName`).\n", "example": {"_type": "literalExpression", "text": "[\n  \"Rseding91\"\n  \"Oxyd\"\n]"}, "loc": ["services", "factorio", "allowedPlayers"], "readOnly": false, "type": "list of string"}, "services.factorio.autosave-interval": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Autosave interval in minutes.\n", "example": {"_type": "literalExpression", "text": "10"}, "loc": ["services", "factorio", "autosave-interval"], "readOnly": false, "type": "null or signed integer"}, "services.factorio.bind": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address to which the service should bind.\n", "loc": ["services", "factorio", "bind"], "readOnly": false, "type": "string"}, "services.factorio.configFile": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "configFile"}, "description": "The server's configuration file.\n\nThe default file generated by this module contains lines essential to\nthe server's operation. Use its contents as a basis for any\ncustomizations.\n", "loc": ["services", "factorio", "configFile"], "readOnly": false, "type": "absolute path"}, "services.factorio.description": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of the game that will appear in the listing.\n", "loc": ["services", "factorio", "description"], "readOnly": false, "type": "null or string"}, "services.factorio.enable": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Factorio.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "factorio", "enable"], "readOnly": false, "type": "boolean"}, "services.factorio.extraArgs": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments.", "example": {"_type": "literalExpression", "text": "[\n  \"--rcon-bind=localhost:27015\"\n  \"--rcon-password=...\"\n]"}, "loc": ["services", "factorio", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.factorio.extraSettings": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra game configuration that will go into server-settings.json\n", "example": {"_type": "literalExpression", "text": "{\n  max_players = 64;\n}"}, "loc": ["services", "factorio", "extraSettings"], "readOnly": false, "type": "attribute set"}, "services.factorio.extraSettingsFile": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File, which is dynamically applied to server-settings.json before\nstartup.\n\nThis option should be used for credentials.\n\nFor example a settings file could contain:\n```json\n{\n  \"game-password\": \"hunter1\"\n}\n```\n", "loc": ["services", "factorio", "extraSettingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.factorio.game-name": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "\"Factorio Game\""}, "description": "Name of the game as it will appear in the game listing.\n", "loc": ["services", "factorio", "game-name"], "readOnly": false, "type": "null or string"}, "services.factorio.game-password": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Game password.\n\nThis option is insecure. Use extraSettingsFile instead.\n", "loc": ["services", "factorio", "game-password"], "readOnly": false, "type": "null or string"}, "services.factorio.lan": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Game will be broadcast on LAN.\n", "loc": ["services", "factorio", "lan"], "readOnly": false, "type": "boolean"}, "services.factorio.loadLatestSave": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Load the latest savegame on startup. This overrides saveName, in that the latest\nsave will always be used even if a saved game of the given name exists. It still\ncontrols the 'canonical' name of the savegame.\n\nSet this to true to have the server automatically reload a recent autosave after\na crash or desync.\n", "loc": ["services", "factorio", "loadLatestSave"], "readOnly": false, "type": "boolean"}, "services.factorio.mods": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mods the server should install and activate.\n\nThe derivations in this list must \"build\" the mod by simply copying\nthe .zip, named correctly, into the output directory. Eventually,\nthere will be a way to pull in the most up-to-date list of\nderivations via nixos-channel. Until then, this is for experts only.\n", "loc": ["services", "factorio", "mods"], "readOnly": false, "type": "list of package"}, "services.factorio.mods-dat": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mods settings can be changed by specifying a dat file, in the [mod\nsettings file\nformat](https://wiki.factorio.com/Mod_settings_file_format).\n", "loc": ["services", "factorio", "mods-dat"], "readOnly": false, "type": "null or absolute path"}, "services.factorio.nonBlockingSaving": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Highly experimental feature, enable only at your own risk of losing your saves.\nOn UNIX systems, server will fork itself to create an autosave.\nAutosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.\n", "loc": ["services", "factorio", "nonBlockingSaving"], "readOnly": false, "type": "boolean"}, "services.factorio.openFirewall": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the specified UDP port in the firewall.\n", "loc": ["services", "factorio", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.factorio.package": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.factorio-headless"}, "description": "The factorio-headless package to use.", "example": {"_type": "literalExpression", "text": "factorio-headless-experimental"}, "loc": ["services", "factorio", "package"], "readOnly": false, "type": "package"}, "services.factorio.password": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your factorio.com login credentials. Required for games with visibility public.\n\nThis option is insecure. Use extraSettingsFile instead.\n", "loc": ["services", "factorio", "password"], "readOnly": false, "type": "null or string"}, "services.factorio.port": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "34197"}, "description": "The port to which the service should bind.\n", "loc": ["services", "factorio", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.factorio.public": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Game will be published on the official Factorio matching server.\n", "loc": ["services", "factorio", "public"], "readOnly": false, "type": "boolean"}, "services.factorio.requireUserVerification": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When set to true, the server will only allow clients that have a valid factorio.com account.\n", "loc": ["services", "factorio", "requireUserVerification"], "readOnly": false, "type": "boolean"}, "services.factorio.saveName": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "The name of the savegame that will be used by the server.\n\nWhen not present in /var/lib/${config.services.factorio.stateDirName}/saves,\na new map with default settings will be generated before starting the service.\n", "loc": ["services", "factorio", "saveName"], "readOnly": false, "type": "string"}, "services.factorio.stateDirName": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "\"factorio\""}, "description": "Name of the directory under /var/lib holding the server's data.\n\nThe configuration and map will be stored here.\n", "loc": ["services", "factorio", "stateDirName"], "readOnly": false, "type": "string"}, "services.factorio.token": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication token. May be used instead of 'password' above.\n", "loc": ["services", "factorio", "token"], "readOnly": false, "type": "null or string"}, "services.factorio.username": {"declarations": ["nixos/modules/services/games/factorio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your factorio.com login credentials. Required for games with visibility public.\n\nThis option is insecure. Use extraSettingsFile instead.\n", "loc": ["services", "factorio", "username"], "readOnly": false, "type": "null or string"}, "services.fail2ban.banaction": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.nftables.enable then \"nftables-multiport\" else \"iptables-multiport\""}, "description": "Default banning action (e.g. iptables, iptables-new, iptables-multiport,\niptables-ipset-proto6-allports, shorewall, etc). It is used to\ndefine action_* variables. Can be overridden globally or per\nsection within jail.local file\n", "loc": ["services", "fail2ban", "banaction"], "readOnly": false, "type": "string"}, "services.fail2ban.banaction-allports": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.nftables.enable then \"nftables-allports\" else \"iptables-allports\""}, "description": "Default banning action (e.g. iptables, iptables-new, iptables-multiport,\nshorewall, etc) for \"allports\" jails. It is used to define action_* variables. Can be overridden\nglobally or per section within jail.local file\n", "loc": ["services", "fail2ban", "banaction-allports"], "readOnly": false, "type": "string"}, "services.fail2ban.bantime": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "\"10m\""}, "description": "Number of seconds that a host is banned.", "example": {"_type": "literalExpression", "text": "\"1h\""}, "loc": ["services", "fail2ban", "bantime"], "readOnly": false, "type": "string"}, "services.fail2ban.bantime-increment.enable": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "\"bantime.increment\" allows to use database for searching of previously banned ip's to increase\na default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32 ...\n", "loc": ["services", "fail2ban", "bantime-increment", "enable"], "readOnly": false, "type": "boolean"}, "services.fail2ban.bantime-increment.factor": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"bantime.factor\" is a coefficient to calculate exponent growing of the formula or common multiplier,\ndefault value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ...\n", "example": {"_type": "literalExpression", "text": "\"4\""}, "loc": ["services", "fail2ban", "bantime-increment", "factor"], "readOnly": false, "type": "null or string"}, "services.fail2ban.bantime-increment.formula": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"bantime.formula\" used by default to calculate next value of ban time, default value below,\nthe same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ...\n", "example": {"_type": "literalExpression", "text": "\"ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)\""}, "loc": ["services", "fail2ban", "bantime-increment", "formula"], "readOnly": false, "type": "null or string"}, "services.fail2ban.bantime-increment.maxtime": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"bantime.maxtime\" is the max number of seconds using the ban time can reach (don't grows further)\n", "example": {"_type": "literalExpression", "text": "\"48h\""}, "loc": ["services", "fail2ban", "bantime-increment", "maxtime"], "readOnly": false, "type": "null or string"}, "services.fail2ban.bantime-increment.multipliers": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"bantime.multipliers\" used to calculate next value of ban time instead of formula, corresponding\npreviously ban count and given \"bantime.factor\" (for multipliers default is 1);\nfollowing example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count,\nalways used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours\n", "example": {"_type": "literalExpression", "text": "\"1 2 4 8 16 32 64\""}, "loc": ["services", "fail2ban", "bantime-increment", "multipliers"], "readOnly": false, "type": "null or string"}, "services.fail2ban.bantime-increment.overalljails": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"bantime.overalljails\" (if true) specifies the search of IP in the database will be executed\ncross over all jails, if false (default), only current jail of the ban IP will be searched.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fail2ban", "bantime-increment", "overalljails"], "readOnly": false, "type": "null or boolean"}, "services.fail2ban.bantime-increment.rndtime": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"bantime.rndtime\" is the max number of seconds using for mixing with random time\nto prevent \"clever\" botnets calculate exact time IP can be unbanned again\n", "example": {"_type": "literalExpression", "text": "\"8m\""}, "loc": ["services", "fail2ban", "bantime-increment", "rndtime"], "readOnly": false, "type": "null or string"}, "services.fail2ban.daemonSettings": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "{\n  Definition = {\n    logtarget = \"SYSLOG\";\n    socket = \"/run/fail2ban/fail2ban.sock\";\n    pidfile = \"/run/fail2ban/fail2ban.pid\";\n    dbfile = \"/var/lib/fail2ban/fail2ban.sqlite3\";\n  };\n}\n"}, "description": "The contents of Fail2ban's main configuration file.\nIt's generally not necessary to change it.\n", "loc": ["services", "fail2ban", "daemonSettings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.fail2ban.enable": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the fail2ban service.\n\nSee the documentation of [](#opt-services.fail2ban.jails)\nfor what jails are enabled by default.\n", "loc": ["services", "fail2ban", "enable"], "readOnly": false, "type": "boolean"}, "services.fail2ban.extraPackages": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to be made available to the fail2ban service. The example contains\nthe packages needed by the `iptables-ipset-proto6` action.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.ipset ]"}, "loc": ["services", "fail2ban", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.fail2ban.ignoreIP": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "\"ignoreIP\" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban will not ban a host which\nmatches an address in this list. Several addresses can be defined using space (and/or comma) separator.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.0.0/16\"\n  \"2001:DB8::42\"\n]"}, "loc": ["services", "fail2ban", "ignoreIP"], "readOnly": false, "type": "list of string"}, "services.fail2ban.jails": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration of each Fail2ban \u201cjail\u201d.  A jail\nconsists of an action (such as blocking a port using\n{command}`iptables`) that is triggered when a\nfilter applied to a log file triggers more than a certain\nnumber of times in a certain time period.  Actions are\ndefined in {file}`/etc/fail2ban/action.d`,\nwhile filters are defined in\n{file}`/etc/fail2ban/filter.d`.\n\nNixOS comes with a default `sshd` jail;\nfor it to work well,\n[](#opt-services.openssh.settings.LogLevel) should be set to\n`\"VERBOSE\"` or higher so that fail2ban\ncan observe failed login attempts.\nThis module sets it to `\"VERBOSE\"` if\nnot set otherwise, so enabling fail2ban can make SSH logs\nmore verbose.\n", "example": {"_type": "literalExpression", "text": "{\n  apache-nohome-iptables = {\n    settings = {\n      # Block an IP address if it accesses a non-existent\n      # home directory more than 5 times in 10 minutes,\n      # since that indicates that it's scanning.\n      filter = \"apache-nohome\";\n      action = ''iptables-multiport[name=HTTP, port=\"http,https\"]'';\n      logpath = \"/var/log/httpd/error_log*\";\n      backend = \"auto\";\n      findtime = 600;\n      bantime = 600;\n      maxretry = 5;\n    };\n  };\n  dovecot = {\n    settings = {\n      # block IPs which failed to log-in\n      # aggressive mode add blocking for aborted connections\n      filter = \"dovecot[mode=aggressive]\";\n      maxretry = 3;\n    };\n  };\n};\n"}, "loc": ["services", "fail2ban", "jails"], "readOnly": false, "type": "attribute set of (strings concatenated with \"\\n\" or (submodule))"}, "services.fail2ban.maxretry": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Number of failures before a host gets banned.", "loc": ["services", "fail2ban", "maxretry"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.fail2ban.package": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fail2ban"}, "description": "The fail2ban package to use.", "example": {"_type": "literalExpression", "text": "fail2ban_0_11"}, "loc": ["services", "fail2ban", "package"], "readOnly": false, "type": "package"}, "services.fail2ban.packageFirewall": {"declarations": ["nixos/modules/services/security/fail2ban.nix"], "default": {"_type": "literalExpression", "text": "config.networking.firewall.package"}, "description": "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables).", "loc": ["services", "fail2ban", "packageFirewall"], "readOnly": false, "type": "package"}, "services.fakeroute.enable": {"declarations": ["nixos/modules/services/networking/fakeroute.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the fakeroute service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fakeroute", "enable"], "readOnly": false, "type": "boolean"}, "services.fakeroute.route": {"declarations": ["nixos/modules/services/networking/fakeroute.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Fake route that will appear after the real\none to any host running a traceroute.\n", "example": {"_type": "literalExpression", "text": "[\n  \"216.102.187.130\"\n  \"4.0.1.122\"\n  \"198.116.142.34\"\n  \"63.199.8.242\"\n]"}, "loc": ["services", "fakeroute", "route"], "readOnly": false, "type": "list of string"}, "services.fanout.bufferSize": {"declarations": ["nixos/modules/config/fanout.nix"], "default": {"_type": "literalExpression", "text": "16384"}, "description": "Size of /dev/fanout buffer in bytes", "loc": ["services", "fanout", "bufferSize"], "readOnly": false, "type": "signed integer"}, "services.fanout.enable": {"declarations": ["nixos/modules/config/fanout.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fanout.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fanout", "enable"], "readOnly": false, "type": "boolean"}, "services.fanout.fanoutDevices": {"declarations": ["nixos/modules/config/fanout.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of /dev/fanout devices", "loc": ["services", "fanout", "fanoutDevices"], "readOnly": false, "type": "signed integer"}, "services.fastnetmon-advanced.bgpPeers": {"declarations": ["nixos/modules/services/networking/fastnetmon-advanced.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "BGP Peers to declaratively load into FastNetMon Advanced", "loc": ["services", "fastnetmon-advanced", "bgpPeers"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.fastnetmon-advanced.enable": {"declarations": ["nixos/modules/services/networking/fastnetmon-advanced.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the fastnetmon-advanced DDoS Protection daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fastnetmon-advanced", "enable"], "readOnly": false, "type": "boolean"}, "services.fastnetmon-advanced.enableAdvancedTrafficPersistence": {"declarations": ["nixos/modules/services/networking/fastnetmon-advanced.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Store historical flow data in clickhouse", "loc": ["services", "fastnetmon-advanced", "enableAdvancedTrafficPersistence"], "readOnly": false, "type": "boolean"}, "services.fastnetmon-advanced.hostgroups": {"declarations": ["nixos/modules/services/networking/fastnetmon-advanced.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hostgroups to declaratively load into FastNetMon Advanced", "loc": ["services", "fastnetmon-advanced", "hostgroups"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.fastnetmon-advanced.settings": {"declarations": ["nixos/modules/services/networking/fastnetmon-advanced.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options to declaratively load into FastNetMon Advanced.\n\nSee the [FastNetMon Advanced Configuration options reference](https://fastnetmon.com/docs-fnm-advanced/fastnetmon-advanced-configuration-options/) for more details.\n", "example": {"_type": "literalExpression", "text": "{\n  networks_list = [ \"192.0.2.0/24\" ];\n  gobgp = true;\n  gobgp_flow_spec_announces = true;\n}\n"}, "loc": ["services", "fastnetmon-advanced", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.fastnetmon-advanced.traffic_db.settings": {"declarations": ["nixos/modules/services/networking/fastnetmon-advanced.nix"], "description": "Additional settings for /etc/fastnetmon/traffic_db.conf", "loc": ["services", "fastnetmon-advanced", "traffic_db", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.fcgiwrap.instances": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for fcgiwrap instances.", "loc": ["services", "fcgiwrap", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.fcgiwrap.instances.<name>.process.group": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group as which this instance of fcgiwrap will be run.", "loc": ["services", "fcgiwrap", "instances", "<name>", "process", "group"], "readOnly": false, "type": "null or string"}, "services.fcgiwrap.instances.<name>.process.prefork": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of processes to prefork.", "loc": ["services", "fcgiwrap", "instances", "<name>", "process", "prefork"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.fcgiwrap.instances.<name>.process.user": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User as which this instance of fcgiwrap will be run.\nSet to `null` (the default) to use a dynamically allocated user.\n", "loc": ["services", "fcgiwrap", "instances", "<name>", "process", "user"], "readOnly": false, "type": "null or string"}, "services.fcgiwrap.instances.<name>.socket.address": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "\"/run/fcgiwrap-\u2039name\u203a.sock\""}, "description": "Socket address.\nIn case of a UNIX socket, this should be its filesystem path.\n", "example": {"_type": "literalExpression", "text": "\"1.2.3.4:5678\""}, "loc": ["services", "fcgiwrap", "instances", "<name>", "socket", "address"], "readOnly": false, "type": "string"}, "services.fcgiwrap.instances.<name>.socket.group": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group to be set as owner of the UNIX socket.\n", "loc": ["services", "fcgiwrap", "instances", "<name>", "socket", "group"], "readOnly": false, "type": "null or string"}, "services.fcgiwrap.instances.<name>.socket.mode": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "if config.socket.type == \"unix\" then \"0600\" else null\n"}, "description": "Mode to be set on the UNIX socket.\nDefaults to private to the socket's owner.\n", "loc": ["services", "fcgiwrap", "instances", "<name>", "socket", "mode"], "readOnly": false, "type": "null or string"}, "services.fcgiwrap.instances.<name>.socket.type": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "\"unix\""}, "description": "Socket type: 'unix', 'tcp' or 'tcp6'.", "loc": ["services", "fcgiwrap", "instances", "<name>", "socket", "type"], "readOnly": false, "type": "one of \"unix\", \"tcp\", \"tcp6\""}, "services.fcgiwrap.instances.<name>.socket.user": {"declarations": ["nixos/modules/services/web-servers/fcgiwrap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User to be set as owner of the UNIX socket.\n", "loc": ["services", "fcgiwrap", "instances", "<name>", "socket", "user"], "readOnly": false, "type": "null or string"}, "services.fcron.allow": {"declarations": ["nixos/modules/services/scheduling/fcron.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"all\"\n]"}, "description": "Users allowed to use fcrontab and fcrondyn (one name per\nline, `all` for everyone).\n", "loc": ["services", "fcron", "allow"], "readOnly": false, "type": "list of string"}, "services.fcron.deny": {"declarations": ["nixos/modules/services/scheduling/fcron.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Users forbidden from using fcron.", "loc": ["services", "fcron", "deny"], "readOnly": false, "type": "list of string"}, "services.fcron.enable": {"declarations": ["nixos/modules/services/scheduling/fcron.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the {command}`fcron` daemon.", "loc": ["services", "fcron", "enable"], "readOnly": false, "type": "boolean"}, "services.fcron.maxSerialJobs": {"declarations": ["nixos/modules/services/scheduling/fcron.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Maximum number of serial jobs which can run simultaneously.", "loc": ["services", "fcron", "maxSerialJobs"], "readOnly": false, "type": "signed integer"}, "services.fcron.queuelen": {"declarations": ["nixos/modules/services/scheduling/fcron.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of jobs the serial queue and the lavg queue can contain.", "loc": ["services", "fcron", "queuelen"], "readOnly": false, "type": "null or signed integer"}, "services.fcron.systab": {"declarations": ["nixos/modules/services/scheduling/fcron.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The \"system\" crontab contents.", "loc": ["services", "fcron", "systab"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fedimintd": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more fedimintd instances.", "loc": ["services", "fedimintd"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.fedimintd.<name>.api_iroh.bind": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to bind on for Iroh endpoint for API connections", "loc": ["services", "fedimintd", "<name>", "api_iroh", "bind"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.api_iroh.openFirewall": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens UDP port in firewall for fedimintd's API Iroh endpoint", "loc": ["services", "fedimintd", "<name>", "api_iroh", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.api_iroh.port": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "8174"}, "description": "UDP Port to bind Iroh endpoint for API connections", "loc": ["services", "fedimintd", "<name>", "api_iroh", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fedimintd.<name>.api_ws.bind": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to bind on for API connections relied by the reverse proxy/tls terminator.", "loc": ["services", "fedimintd", "<name>", "api_ws", "bind"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.api_ws.openFirewall": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens TCP port in firewall for fedimintd's Websocket API", "loc": ["services", "fedimintd", "<name>", "api_ws", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.api_ws.port": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "8174"}, "description": "TCP Port to bind on for API connections relayed by the reverse proxy/tls terminator.", "loc": ["services", "fedimintd", "<name>", "api_ws", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fedimintd.<name>.api_ws.url": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "description": "Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`.\n", "loc": ["services", "fedimintd", "<name>", "api_ws", "url"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.bitcoin.network": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"signet\""}, "description": "Bitcoin network to participate in.", "example": {"_type": "literalExpression", "text": "\"bitcoin\""}, "loc": ["services", "fedimintd", "<name>", "bitcoin", "network"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.bitcoin.rpc.kind": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoind\""}, "description": "Kind of a bitcoin node.", "example": {"_type": "literalExpression", "text": "\"electrum\""}, "loc": ["services", "fedimintd", "<name>", "bitcoin", "rpc", "kind"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.bitcoin.rpc.secretFile": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set the URL specified in `bitcoin.rpc.url` will get the content of this file added\nas an URL password, so `http://user@example.com` will turn into `http://user:SOMESECRET@example.com`.\n\nExample:\n\n`/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public` (for nix-bitcoin default)\n", "loc": ["services", "fedimintd", "<name>", "bitcoin", "rpc", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.bitcoin.rpc.url": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:38332\""}, "description": "Bitcoin node (bitcoind/electrum/esplora) address to connect to", "example": {"_type": "literalExpression", "text": "\"signet\""}, "loc": ["services", "fedimintd", "<name>", "bitcoin", "rpc", "url"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.consensus.finalityDelay": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Consensus peg-in finality delay.", "loc": ["services", "fedimintd", "<name>", "consensus", "finalityDelay"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.fedimintd.<name>.dataDir": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/fedimintd-\u2039name\u203a/\""}, "description": "Path to the data dir fedimintd will use to store its data.\nNote that due to using the DynamicUser feature of systemd, this value should not be changed\nand is set to be read only.\n", "loc": ["services", "fedimintd", "<name>", "dataDir"], "readOnly": true, "type": "absolute path"}, "services.fedimintd.<name>.enable": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fedimintd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fedimintd", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.environment": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{\n  RUST_BACKTRACE = \"1\";\n}"}, "description": "Extra Environment variables to pass to the fedimintd.", "example": {"_type": "literalExpression", "text": "{\n  RUST_BACKTRACE = \"1\";\n  RUST_LOG = \"info,fm=debug\";\n}"}, "loc": ["services", "fedimintd", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.fedimintd.<name>.nginx.config": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Overrides to the nginx vhost section for api", "loc": ["services", "fedimintd", "<name>", "nginx", "config"], "readOnly": false, "type": "submodule"}, "services.fedimintd.<name>.nginx.config.acmeFallbackHost": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.acmeRoot": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.addSSL": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "addSSL"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.basicAuth": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.fedimintd.<name>.nginx.config.basicAuthFile": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.nginx.config.default": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "default"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.enableACME": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "enableACME"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.extraConfig": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fedimintd.<name>.nginx.config.forceSSL": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.globalRedirect": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.http2": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "http2"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.http3": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "http3"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.http3_hq": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.kTLS": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "kTLS"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.listen": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.fedimintd.<name>.nginx.config.listen.*.addr": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "description": "Listen address.", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.nginx.config.listen.*.extraParameters": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.fedimintd.<name>.nginx.config.listen.*.port": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.listen.*.ssl": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.listenAddresses": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.fedimintd.<name>.nginx.config.locations": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.fedimintd.<name>.nginx.config.locations.<name>.alias": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.nginx.config.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.fedimintd.<name>.nginx.config.locations.<name>.index": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.locations.<name>.priority": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.fedimintd.<name>.nginx.config.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.locations.<name>.return": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.fedimintd.<name>.nginx.config.locations.<name>.root": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.nginx.config.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.onlySSL": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.quic": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "quic"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.redirectCode": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.fedimintd.<name>.nginx.config.rejectSSL": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.reuseport": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "reuseport"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.config.root": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "root"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.nginx.config.serverAliases": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.fedimintd.<name>.nginx.config.serverName": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "serverName"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.config.sslCertificate": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.fedimintd.<name>.nginx.config.sslCertificateKey": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.fedimintd.<name>.nginx.config.sslTrustedCertificate": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "config", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.fedimintd.<name>.nginx.config.useACMEHost": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "fedimintd", "<name>", "nginx", "config", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.nginx.enable": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure nginx for fedimintd\n", "loc": ["services", "fedimintd", "<name>", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.nginx.fqdn": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "description": "Public domain of the API address of the reverse proxy/tls terminator.", "example": {"_type": "literalExpression", "text": "\"api.myfedimint.com\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "fqdn"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.nginx.path_ui": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Path to host the built-in UI on and forward to the daemon's api port", "example": {"_type": "literalExpression", "text": "\"/\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "path_ui"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.nginx.path_ws": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"/ws/\""}, "description": "Path to host the API on and forward to the daemon's api port", "example": {"_type": "literalExpression", "text": "\"/\""}, "loc": ["services", "fedimintd", "<name>", "nginx", "path_ws"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.p2p.bind": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to bind on for p2p connections from peers (both TCP and UDP)", "loc": ["services", "fedimintd", "<name>", "p2p", "bind"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.p2p.openFirewall": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens port in firewall for fedimintd's p2p port (both TCP and UDP)", "loc": ["services", "fedimintd", "<name>", "p2p", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.p2p.port": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "8173"}, "description": "Port to bind on for p2p connections from peers (both TCP and UDP)", "loc": ["services", "fedimintd", "<name>", "p2p", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fedimintd.<name>.p2p.url": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "description": "Public address for p2p connections from peers (if TCP is used)\n", "example": {"_type": "literalExpression", "text": "\"fedimint://p2p.myfedimint.com:8173\""}, "loc": ["services", "fedimintd", "<name>", "p2p", "url"], "readOnly": false, "type": "null or string"}, "services.fedimintd.<name>.package": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fedimint"}, "description": "The fedimint package to use.", "loc": ["services", "fedimintd", "<name>", "package"], "readOnly": false, "type": "package"}, "services.fedimintd.<name>.ui.bind": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to bind on for UI connections", "loc": ["services", "fedimintd", "<name>", "ui", "bind"], "readOnly": false, "type": "string"}, "services.fedimintd.<name>.ui.openFirewall": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens TCP port in firewall for built-in UI", "loc": ["services", "fedimintd", "<name>", "ui", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.fedimintd.<name>.ui.port": {"declarations": ["nixos/modules/services/networking/fedimintd.nix"], "default": {"_type": "literalExpression", "text": "8175"}, "description": "TCP Port to bind on for UI connections", "loc": ["services", "fedimintd", "<name>", "ui", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fediwall.enable": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fediwall, a social media wall for the fediverse.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fediwall", "enable"], "readOnly": false, "type": "boolean"}, "services.fediwall.hostName": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "The hostname to serve fediwall on.", "example": {"_type": "literalExpression", "text": "\"fediwall.example.org\""}, "loc": ["services", "fediwall", "hostName"], "readOnly": false, "type": "string"}, "services.fediwall.nginx": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Allows customizing the nginx virtualHost settings", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"fedi.${config.networking.domain}\"\n  ];\n  # Enable TLS and use let's encrypt for ACME\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "fediwall", "nginx"], "readOnly": false, "type": "submodule"}, "services.fediwall.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "fediwall", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "fediwall", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "fediwall", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "fediwall", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.fediwall.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "fediwall", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.fediwall.nginx.default": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "fediwall", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "fediwall", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "fediwall", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fediwall.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "fediwall", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "fediwall", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "fediwall", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "fediwall", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "fediwall", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "fediwall", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "fediwall", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.fediwall.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "description": "Listen address.", "loc": ["services", "fediwall", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.fediwall.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "fediwall", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.fediwall.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "fediwall", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fediwall.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "fediwall", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "fediwall", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "fediwall", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.fediwall.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "fediwall", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.fediwall.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.fediwall.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.fediwall.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "fediwall", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.fediwall.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "fediwall", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fediwall.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "fediwall", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.fediwall.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "fediwall", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.fediwall.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "fediwall", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "fediwall", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.fediwall.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.fediwall.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "fediwall", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "fediwall", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "fediwall", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "fediwall", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.fediwall.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "fediwall", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "fediwall", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.fediwall.nginx.root": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "fediwall", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.fediwall.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "fediwall", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.fediwall.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "fediwall", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.fediwall.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "fediwall", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.fediwall.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "fediwall", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.fediwall.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "fediwall", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.fediwall.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "fediwall", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.fediwall.package": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fediwall"}, "description": "The fediwall package to use.", "loc": ["services", "fediwall", "package"], "readOnly": false, "type": "package"}, "services.fediwall.settings": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Fediwall configuration. See\nhttps://github.com/defnull/fediwall/blob/main/public/wall-config.json.example\nfor information on supported values.\n", "loc": ["services", "fediwall", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.fediwall.settings.hideBoosts": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hide boosts", "loc": ["services", "fediwall", "settings", "hideBoosts"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.hideBots": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Hide posts from bot accounts", "loc": ["services", "fediwall", "settings", "hideBots"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.hideReplies": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Hide replies", "loc": ["services", "fediwall", "settings", "hideReplies"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.hideSensitive": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Hide sensitive (potentially NSFW) posts", "loc": ["services", "fediwall", "settings", "hideSensitive"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.loadFederated": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Load federated posts", "loc": ["services", "fediwall", "settings", "loadFederated"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.loadPublic": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Load public posts", "loc": ["services", "fediwall", "settings", "loadPublic"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.loadTrends": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Load trending posts", "loc": ["services", "fediwall", "settings", "loadTrends"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.playVideos": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Autoplay videos in posts", "loc": ["services", "fediwall", "settings", "playVideos"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.servers": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"mastodon.social\"\n]"}, "description": "Servers to load posts from", "loc": ["services", "fediwall", "settings", "servers"], "readOnly": false, "type": "list of string"}, "services.fediwall.settings.showMedia": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Show media in posts", "loc": ["services", "fediwall", "settings", "showMedia"], "readOnly": false, "type": "boolean"}, "services.fediwall.settings.tags": {"declarations": ["nixos/modules/services/web-apps/fediwall.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Tags to follow", "example": {"_type": "literalExpression", "text": "[ \"cats\" \"dogs\"]"}, "loc": ["services", "fediwall", "settings", "tags"], "readOnly": false, "type": "list of string"}, "services.felix.bundles": {"declarations": ["nixos/modules/services/misc/felix.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.felix_remoteshell ]"}, "description": "List of bundles that should be activated on startup", "loc": ["services", "felix", "bundles"], "readOnly": false, "type": "list of package"}, "services.felix.enable": {"declarations": ["nixos/modules/services/misc/felix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Apache Felix OSGi service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "felix", "enable"], "readOnly": false, "type": "boolean"}, "services.felix.group": {"declarations": ["nixos/modules/services/misc/felix.nix"], "default": {"_type": "literalExpression", "text": "\"osgi\""}, "description": "Group account under which Apache Felix runs.", "loc": ["services", "felix", "group"], "readOnly": false, "type": "string"}, "services.felix.user": {"declarations": ["nixos/modules/services/misc/felix.nix"], "default": {"_type": "literalExpression", "text": "\"osgi\""}, "description": "User account under which Apache Felix runs.", "loc": ["services", "felix", "user"], "readOnly": false, "type": "string"}, "services.ferm.config": {"declarations": ["nixos/modules/services/networking/ferm.nix"], "default": {"_type": "literalMD", "text": "empty firewall, allows any traffic"}, "description": "Verbatim ferm.conf configuration.", "loc": ["services", "ferm", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ferm.enable": {"declarations": ["nixos/modules/services/networking/ferm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ferm Firewall.\n*Warning*: Enabling this service WILL disable the existing NixOS\nfirewall! Default firewall rules provided by packages are not\nconsidered at the moment.\n", "loc": ["services", "ferm", "enable"], "readOnly": false, "type": "boolean"}, "services.ferm.package": {"declarations": ["nixos/modules/services/networking/ferm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ferm"}, "description": "The ferm package to use.", "loc": ["services", "ferm", "package"], "readOnly": false, "type": "package"}, "services.ferretdb.enable": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FerretDB, an Open Source MongoDB alternative.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ferretdb", "enable"], "readOnly": false, "type": "boolean"}, "services.ferretdb.package": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ferretdb"}, "description": "The ferretdb package to use.", "loc": ["services", "ferretdb", "package"], "readOnly": false, "type": "package"}, "services.ferretdb.settings": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "description": "Additional configuration for FerretDB, see\n<https://docs.ferretdb.io/configuration/flags/>\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  FERRETDB_LOG_LEVEL = \"warn\";\n  FERRETDB_MODE = \"normal\";\n}"}, "loc": ["services", "ferretdb", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.ferretdb.settings.FERRETDB_HANDLER": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Backend handler", "loc": ["services", "ferretdb", "settings", "FERRETDB_HANDLER"], "readOnly": false, "type": "one of \"sqlite\", \"pg\""}, "services.ferretdb.settings.FERRETDB_POSTGRESQL_URL": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "default": {"_type": "literalExpression", "text": "\"postgres://ferretdb@localhost/ferretdb?host=/run/postgresql\""}, "description": "PostgreSQL URL for 'pg' handler", "loc": ["services", "ferretdb", "settings", "FERRETDB_POSTGRESQL_URL"], "readOnly": false, "type": "string"}, "services.ferretdb.settings.FERRETDB_SQLITE_URL": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "default": {"_type": "literalExpression", "text": "\"file:/var/lib/ferretdb/\""}, "description": "SQLite URI (directory) for 'sqlite' handler", "loc": ["services", "ferretdb", "settings", "FERRETDB_SQLITE_URL"], "readOnly": false, "type": "string"}, "services.ferretdb.settings.FERRETDB_TELEMETRY": {"declarations": ["nixos/modules/services/databases/ferretdb.nix"], "default": {"_type": "literalExpression", "text": "\"disable\""}, "description": "Enable or disable basic telemetry.\n\nSee <https://docs.ferretdb.io/telemetry/> for more information.\n", "loc": ["services", "ferretdb", "settings", "FERRETDB_TELEMETRY"], "readOnly": false, "type": "one of \"enable\", \"disable\""}, "services.fider.dataDir": {"declarations": ["nixos/modules/services/web-apps/fider.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/fider\""}, "description": "Default data folder for Fider.", "example": {"_type": "literalExpression", "text": "\"/mnt/fider\""}, "loc": ["services", "fider", "dataDir"], "readOnly": false, "type": "string"}, "services.fider.database.url": {"declarations": ["nixos/modules/services/web-apps/fider.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "URI to use for the main PostgreSQL database. If this needs to include\ncredentials that shouldn't be world-readable in the Nix store, set an\nenvironment file on the systemd service and override the\n`DATABASE_URL` entry. Pass the string\n`local` to setup a database on the local server.\n", "loc": ["services", "fider", "database", "url"], "readOnly": false, "type": "string"}, "services.fider.enable": {"declarations": ["nixos/modules/services/web-apps/fider.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Fider server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fider", "enable"], "readOnly": false, "type": "boolean"}, "services.fider.environment": {"declarations": ["nixos/modules/services/web-apps/fider.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the service. Secrets should be\nspecified using {option}`environmentFiles`.\nRefer to <https://github.com/getfider/fider/blob/stable/.example.env>\nand <https://github.com/getfider/fider/blob/stable/app/pkg/env/env.go>\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  BASE_URL = \"https://fider.example.com\";\n  BLOB_STORAGE = \"fs\";\n  EMAIL = \"smtp\";\n  EMAIL_NOREPLY = \"fider@example.com\";\n  EMAIL_SMTP_HOST = \"mail.example.com\";\n  EMAIL_SMTP_PORT = \"587\";\n  EMAIL_SMTP_USERNAME = \"fider@example.com\";\n  PORT = \"31213\";\n}"}, "loc": ["services", "fider", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.fider.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/fider.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load environment variables from. Loaded variables override\nvalues set in {option}`environment`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/fider.env\""}, "loc": ["services", "fider", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.fider.package": {"declarations": ["nixos/modules/services/web-apps/fider.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fider"}, "description": "The fider package to use.", "loc": ["services", "fider", "package"], "readOnly": false, "type": "package"}, "services.filebeat.enable": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable filebeat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "filebeat", "enable"], "readOnly": false, "type": "boolean"}, "services.filebeat.inputs": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Inputs specify how Filebeat locates and processes input data.\n\nThis is like `services.filebeat.settings.filebeat.inputs`,\nbut structured as an attribute set. This has the benefit\nthat multiple NixOS modules can contribute settings to a\nsingle filebeat input.\n\nAn input type can be specified multiple times by choosing a\ndifferent `<name>` for each, but setting\n[](#opt-services.filebeat.inputs._name_.type)\nto the same value.\n\nSee <https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  journald.id = \"everything\";  # Only for filebeat7\n  log = {\n    enabled = true;\n    paths = [\n      \"/var/log/*.log\"\n    ];\n  };\n};\n"}, "loc": ["services", "filebeat", "inputs"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.filebeat.inputs.<name>.type": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The input type.\n\nLook for the value after `type:` on\nthe individual input pages linked from\n<https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html>.\n", "loc": ["services", "filebeat", "inputs", "<name>", "type"], "readOnly": false, "type": "string"}, "services.filebeat.modules": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Filebeat modules provide a quick way to get started\nprocessing common log formats. They contain default\nconfigurations, Elasticsearch ingest pipeline definitions,\nand Kibana dashboards to help you implement and deploy a log\nmonitoring solution.\n\nThis is like `services.filebeat.settings.filebeat.modules`,\nbut structured as an attribute set. This has the benefit\nthat multiple NixOS modules can contribute settings to a\nsingle filebeat module.\n\nA module can be specified multiple times by choosing a\ndifferent `<name>` for each, but setting\n[](#opt-services.filebeat.modules._name_.module)\nto the same value.\n\nSee <https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  nginx = {\n    access = {\n      enabled = true;\n      var.paths = [ \"/path/to/log/nginx/access.log*\" ];\n    };\n    error = {\n      enabled = true;\n      var.paths = [ \"/path/to/log/nginx/error.log*\" ];\n    };\n  };\n};\n"}, "loc": ["services", "filebeat", "modules"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.filebeat.modules.<name>.module": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the module.\n\nLook for the value after `module:` on\nthe individual input pages linked from\n<https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html>.\n", "loc": ["services", "filebeat", "modules", "<name>", "module"], "readOnly": false, "type": "string"}, "services.filebeat.package": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.filebeat"}, "description": "The filebeat package to use.", "example": {"_type": "literalExpression", "text": "filebeat7"}, "loc": ["services", "filebeat", "package"], "readOnly": false, "type": "package"}, "services.filebeat.settings": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for filebeat. See\n<https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html>\nfor supported values.\n\nOptions containing secret data should be set to an attribute\nset containing the attribute `_secret` - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting\n{file}`filebeat.yml` file, the\n`output.elasticsearch.password`\nkey will be set to the contents of the\n{file}`/var/keys/elasticsearch_password` file.\n", "example": {"_type": "literalExpression", "text": "{\n  settings = {\n    output.elasticsearch = {\n      hosts = [ \"myEShost:9200\" ];\n      username = \"filebeat_internal\";\n      password = { _secret = \"/var/keys/elasticsearch_password\"; };\n    };\n    logging.level = \"info\";\n  };\n};\n"}, "loc": ["services", "filebeat", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.filebeat.settings.output.elasticsearch.hosts": {"declarations": ["nixos/modules/services/logging/filebeat.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1:9200\"\n]"}, "description": "The list of Elasticsearch nodes to connect to.\n\nThe events are distributed to these nodes in round\nrobin order. If one node becomes unreachable, the\nevent is automatically sent to another node. Each\nElasticsearch node can be defined as a URL or\nIP:PORT. For example:\n`http://192.15.3.2`,\n`https://es.found.io:9230` or\n`192.24.3.2:9300`. If no port is\nspecified, `9200` is used.\n", "example": {"_type": "literalExpression", "text": "[\n  \"myEShost:9200\"\n]"}, "loc": ["services", "filebeat", "settings", "output", "elasticsearch", "hosts"], "readOnly": false, "type": "list of string"}, "services.filebrowser.enable": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FileBrowser.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "filebrowser", "enable"], "readOnly": false, "type": "boolean"}, "services.filebrowser.group": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "\"filebrowser\""}, "description": "Group under which FileBrowser runs.", "loc": ["services", "filebrowser", "group"], "readOnly": false, "type": "string"}, "services.filebrowser.openFirewall": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening firewall ports for FileBrowser.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "filebrowser", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.filebrowser.package": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "pkgs.filebrowser"}, "description": "The filebrowser package to use.", "loc": ["services", "filebrowser", "package"], "readOnly": false, "type": "package"}, "services.filebrowser.settings": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for FileBrowser.\nRefer to <https://filebrowser.org/cli/filebrowser#options> for all supported values.\n", "loc": ["services", "filebrowser", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.filebrowser.settings.address": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address to listen on.\n", "loc": ["services", "filebrowser", "settings", "address"], "readOnly": false, "type": "string"}, "services.filebrowser.settings.cache-dir": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/filebrowser\""}, "description": "The directory where FileBrowser stores its cache.\n", "loc": ["services", "filebrowser", "settings", "cache-dir"], "readOnly": true, "type": "absolute path"}, "services.filebrowser.settings.database": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/filebrowser/database.db\""}, "description": "The path to FileBrowser's Bolt database.\n", "loc": ["services", "filebrowser", "settings", "database"], "readOnly": false, "type": "absolute path"}, "services.filebrowser.settings.port": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port to listen on.\n", "loc": ["services", "filebrowser", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.filebrowser.settings.root": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/filebrowser/data\""}, "description": "The directory where FileBrowser stores files.\n", "loc": ["services", "filebrowser", "settings", "root"], "readOnly": false, "type": "absolute path"}, "services.filebrowser.user": {"declarations": ["nixos/modules/services/web-apps/filebrowser.nix"], "default": {"_type": "literalExpression", "text": "\"filebrowser\""}, "description": "User account under which FileBrowser runs.", "loc": ["services", "filebrowser", "user"], "readOnly": false, "type": "string"}, "services.firebird.baseDir": {"declarations": ["nixos/modules/services/databases/firebird.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/firebird\""}, "description": "Location containing data/ and system/ directories.\ndata/ stores the databases, system/ stores the password database security2.fdb.\n", "loc": ["services", "firebird", "baseDir"], "readOnly": false, "type": "string"}, "services.firebird.enable": {"declarations": ["nixos/modules/services/databases/firebird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Firebird super server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firebird", "enable"], "readOnly": false, "type": "boolean"}, "services.firebird.package": {"declarations": ["nixos/modules/services/databases/firebird.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firebird"}, "description": "The firebird package to use. For SuperServer use override: `pkgs.firebird_3.override { superServer = true; };`\n", "example": {"_type": "literalExpression", "text": "firebird_3"}, "loc": ["services", "firebird", "package"], "readOnly": false, "type": "package"}, "services.firebird.port": {"declarations": ["nixos/modules/services/databases/firebird.nix"], "default": {"_type": "literalExpression", "text": "3050"}, "description": "Port Firebird uses.\n", "loc": ["services", "firebird", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firebird.user": {"declarations": ["nixos/modules/services/databases/firebird.nix"], "default": {"_type": "literalExpression", "text": "\"firebird\""}, "description": "User account under which firebird runs.\n", "loc": ["services", "firebird", "user"], "readOnly": false, "type": "string"}, "services.firefly-iii-data-importer.dataDir": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/firefly-iii-data-importer\""}, "description": "The place where firefly-iii data importer stores its state.\n", "loc": ["services", "firefly-iii-data-importer", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.firefly-iii-data-importer.enable": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Firefly III Data Importer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firefly-iii-data-importer", "enable"], "readOnly": false, "type": "boolean"}, "services.firefly-iii-data-importer.enableNginx": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx or not. If enabled, an nginx virtual host will\nbe created for access to firefly-iii data importer. If not enabled, then you may use\n`${config.services.firefly-iii-data-importer.package}` as your document root in\nwhichever webserver you wish to setup.\n", "loc": ["services", "firefly-iii-data-importer", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.firefly-iii-data-importer.group": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "\"If `services.firefly-iii-data-importer.enableNginx` is true then `nginx` else firefly-iii-data-importer\""}, "description": "Group under which firefly-iii-data-importer runs. It is best to set this to the group\nof whatever webserver is being used as the frontend.\n", "loc": ["services", "firefly-iii-data-importer", "group"], "readOnly": false, "type": "string"}, "services.firefly-iii-data-importer.package": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firefly-iii-data-importer"}, "description": "The firefly-iii-data-importer package served by php-fpm and the webserver of choice.\nThis option can be used to point the webserver to the correct root. It\nmay also be used to set the package to a different version, say a\ndevelopment version.\n", "loc": ["services", "firefly-iii-data-importer", "package"], "readOnly": false, "type": "package"}, "services.firefly-iii-data-importer.poolConfig": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"pm\" = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.start_servers\" = 2;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.max_requests\" = 500;\n}\n"}, "description": "Options for the Firefly III Data Importer PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "firefly-iii-data-importer", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.firefly-iii-data-importer.settings": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for firefly-iii data importer configuration. Refer to\n<https://github.com/firefly-iii/data-importer/blob/main/.env.example> for\ndetails on supported values. All <option>_FILE values supported by\nupstream are supported here.\n\nAPP_URL will be the same as `services.firefly-iii-data-importer.virtualHost` if the\nformer is unset in `services.firefly-iii-data-importer.settings`.\n", "example": {"_type": "literalExpression", "text": "{\n  APP_ENV = \"local\";\n  LOG_CHANNEL = \"syslog\";\n  FIREFLY_III_ACCESS_TOKEN= = \"/var/secrets/firefly-iii-access-token.txt\";\n}\n"}, "loc": ["services", "firefly-iii-data-importer", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.firefly-iii-data-importer.user": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "\"firefly-iii-data-importer\""}, "description": "User account under which firefly-iii-data-importer runs.", "loc": ["services", "firefly-iii-data-importer", "user"], "readOnly": false, "type": "string"}, "services.firefly-iii-data-importer.virtualHost": {"declarations": ["nixos/modules/services/web-apps/firefly-iii-data-importer.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The hostname at which you wish firefly-iii-data-importer to be served. If you have\nenabled nginx using `services.firefly-iii-data-importer.enableNginx` then this will\nbe used.\n", "loc": ["services", "firefly-iii-data-importer", "virtualHost"], "readOnly": false, "type": "string"}, "services.firefly-iii.dataDir": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/firefly-iii\""}, "description": "The place where firefly-iii stores its state.\n", "loc": ["services", "firefly-iii", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.firefly-iii.enable": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Firefly III: A free and open source personal finance manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firefly-iii", "enable"], "readOnly": false, "type": "boolean"}, "services.firefly-iii.enableNginx": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx or not. If enabled, an nginx virtual host will\nbe created for access to firefly-iii. If not enabled, then you may use\n`${config.services.firefly-iii.package}` as your document root in\nwhichever webserver you wish to setup.\n", "loc": ["services", "firefly-iii", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.firefly-iii.group": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "\"If `services.firefly-iii.enableNginx` is true then `nginx` else firefly-iii\""}, "description": "Group under which firefly-iii runs. It is best to set this to the group\nof whatever webserver is being used as the frontend.\n", "loc": ["services", "firefly-iii", "group"], "readOnly": false, "type": "string"}, "services.firefly-iii.package": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firefly-iii"}, "description": "The firefly-iii package to use.", "loc": ["services", "firefly-iii", "package"], "readOnly": false, "type": "package"}, "services.firefly-iii.poolConfig": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    \"pm\" = \"dynamic\";\n    \"pm.max_children\" = 32;\n    \"pm.start_servers\" = 2;\n    \"pm.min_spare_servers\" = 2;\n    \"pm.max_spare_servers\" = 4;\n    \"pm.max_requests\" = 500;\n  }\n''"}, "description": "Options for the Firefly III PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "firefly-iii", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.firefly-iii.settings": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for firefly-iii configuration. Refer to\n<https://github.com/firefly-iii/firefly-iii/blob/main/.env.example> for\ndetails on supported values. All <option>_FILE values supported by\nupstream are supported here.\n\nAPP_URL will be the same as `services.firefly-iii.virtualHost` if the\nformer is unset in `services.firefly-iii.settings`.\n", "example": {"_type": "literalExpression", "text": "{\n  APP_ENV = \"production\";\n  APP_KEY_FILE = \"/var/secrets/firefly-iii-app-key.txt\";\n  SITE_OWNER = \"mail@example.com\";\n  DB_CONNECTION = \"mysql\";\n  DB_HOST = \"db\";\n  DB_PORT = 3306;\n  DB_DATABASE = \"firefly\";\n  DB_USERNAME = \"firefly\";\n  DB_PASSWORD_FILE = \"/var/secrets/firefly-iii-mysql-password.txt\";\n}\n"}, "loc": ["services", "firefly-iii", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.firefly-iii.settings.APP_ENV": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "The app environment. It is recommended to keep this at \"local\".\nPossible values are \"local\", \"production\" and \"testing\"\n", "example": {"_type": "literalExpression", "text": "\"production\""}, "loc": ["services", "firefly-iii", "settings", "APP_ENV"], "readOnly": false, "type": "one of \"local\", \"production\", \"testing\""}, "services.firefly-iii.settings.APP_KEY_FILE": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "description": "The path to your appkey. The file should contain a 32 character\nrandom app key. This may be set using `echo \"base64:$(head -c 32\n/dev/urandom | base64)\" > /path/to/key-file`.\n", "loc": ["services", "firefly-iii", "settings", "APP_KEY_FILE"], "readOnly": false, "type": "absolute path"}, "services.firefly-iii.settings.APP_URL": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "''\n  http(s)://''${config.services.firefly-iii.virtualHost}\n''"}, "description": "The APP_URL used by firefly-iii internally. Please make sure this\nURL matches the external URL of your Firefly III installation. It\nis used to validate specific requests and to generate URLs in\nemails.\n", "loc": ["services", "firefly-iii", "settings", "APP_URL"], "readOnly": false, "type": "string"}, "services.firefly-iii.settings.DB_CONNECTION": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "The type of database you wish to use. Can be one of \"sqlite\",\n\"mysql\" or \"pgsql\".\n", "example": {"_type": "literalExpression", "text": "\"pgsql\""}, "loc": ["services", "firefly-iii", "settings", "DB_CONNECTION"], "readOnly": false, "type": "one of \"sqlite\", \"pgsql\", \"mysql\""}, "services.firefly-iii.settings.DB_HOST": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "''\n  \"localhost\" if DB_CONNECTION is \"sqlite\" or \"mysql\", \"/run/postgresql\" if \"pgsql\".\n''"}, "description": "The machine which hosts your database. This is left at the\ndefault value for \"mysql\" because we use the \"DB_SOCKET\" option\nto connect to a unix socket instead. \"pgsql\" requires that the\nunix socket location be specified here instead of at \"DB_SOCKET\".\nThis option does not affect \"sqlite\".\n", "loc": ["services", "firefly-iii", "settings", "DB_HOST"], "readOnly": false, "type": "string"}, "services.firefly-iii.settings.DB_PORT": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "''\n  `null` if DB_CONNECTION is \"sqlite\", `3306` if \"mysql\", `5432` if \"pgsql\"\n''"}, "description": "The port your database is listening at. sqlite does not require\nthis value to be filled.\n", "loc": ["services", "firefly-iii", "settings", "DB_PORT"], "readOnly": false, "type": "null or signed integer"}, "services.firefly-iii.user": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "\"firefly-iii\""}, "description": "User account under which firefly-iii runs.", "loc": ["services", "firefly-iii", "user"], "readOnly": false, "type": "string"}, "services.firefly-iii.virtualHost": {"declarations": ["nixos/modules/services/web-apps/firefly-iii.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The hostname at which you wish firefly-iii to be served. If you have\nenabled nginx using `services.firefly-iii.enableNginx` then this will\nbe used.\n", "loc": ["services", "firefly-iii", "virtualHost"], "readOnly": false, "type": "string"}, "services.firefox-syncserver.database.createLocally": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create database and user on the local machine if they do not exist.\nThis includes enabling unix domain socket authentication for the configured user.\n", "loc": ["services", "firefox-syncserver", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.firefox-syncserver.database.host": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host name. `localhost` is treated specially and inserts\nsystemd dependencies, other hostnames or IP addresses of the local machine do not.\n", "loc": ["services", "firefox-syncserver", "database", "host"], "readOnly": false, "type": "string"}, "services.firefox-syncserver.database.name": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "\"firefox_syncserver\""}, "description": "Database to use for storage. Will be created automatically if it does not exist\nand `config.services.firefox-syncserver.database.createLocally` is set.\n", "loc": ["services", "firefox-syncserver", "database", "name"], "readOnly": false, "type": "string matching the pattern [a-z_][a-z0-9_]*"}, "services.firefox-syncserver.database.user": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "\"firefox-syncserver\""}, "description": "Username for database connections.\n", "loc": ["services", "firefox-syncserver", "database", "user"], "readOnly": false, "type": "string"}, "services.firefox-syncserver.enable": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Firefox Sync storage service.\n\nOut of the box this will not be very useful unless you also configure at least\none service and one nodes by inserting them into the mysql database manually, e.g.\nby running\n\n```\n  INSERT INTO `services` (`id`, `service`, `pattern`) VALUES ('1', 'sync-1.5', '{node}/1.5/{uid}');\n  INSERT INTO `nodes` (`id`, `service`, `node`, `available`, `current_load`,\n      `capacity`, `downed`, `backoff`)\n    VALUES ('1', '1', 'https://mydomain.tld', '1', '0', '10', '0', '0');\n```\n\n{option}`services.firefox-syncserver.singleNode.enable` does this automatically when enabled\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firefox-syncserver", "enable"], "readOnly": false, "type": "boolean"}, "services.firefox-syncserver.logLevel": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "\"error\""}, "description": "Log level to run with. This can be a simple log level like `error`\nor `trace`, or a more complicated logging expression.\n", "loc": ["services", "firefox-syncserver", "logLevel"], "readOnly": false, "type": "string"}, "services.firefox-syncserver.package": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.syncstorage-rs"}, "description": "The syncstorage-rs package to use.", "loc": ["services", "firefox-syncserver", "package"], "readOnly": false, "type": "package"}, "services.firefox-syncserver.secrets": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "description": "A file containing the various secrets. Should be in the format expected by systemd's\n`EnvironmentFile` directory. Two secrets are currently available:\n`SYNC_MASTER_SECRET` and\n`SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET`.\n", "loc": ["services", "firefox-syncserver", "secrets"], "readOnly": false, "type": "absolute path"}, "services.firefox-syncserver.settings": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the sync server. These take priority over values computed\nfrom NixOS options.\n\nSee the example config in\n<https://github.com/mozilla-services/syncstorage-rs/blob/master/config/local.example.toml>\nand the doc comments on the `Settings` structs in\n<https://github.com/mozilla-services/syncstorage-rs/blob/master/syncstorage-settings/src/lib.rs>\nand\n<https://github.com/mozilla-services/syncstorage-rs/blob/master/tokenserver-settings/src/lib.rs>\nfor available options.\n", "loc": ["services", "firefox-syncserver", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.firefox-syncserver.settings.port": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port to bind to.\n", "loc": ["services", "firefox-syncserver", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firefox-syncserver.settings.tokenserver.enabled": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the token service as well.\n", "loc": ["services", "firefox-syncserver", "settings", "tokenserver", "enabled"], "readOnly": false, "type": "boolean"}, "services.firefox-syncserver.singleNode.capacity": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "How many sync accounts are allowed on this server. Setting this value\nequal to or less than the number of currently active accounts will\neffectively deny service to accounts not yet registered here.\n", "loc": ["services", "firefox-syncserver", "singleNode", "capacity"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.firefox-syncserver.singleNode.enable": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable auto-configuration for a simple single-node setup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firefox-syncserver", "singleNode", "enable"], "readOnly": false, "type": "boolean"}, "services.firefox-syncserver.singleNode.enableNginx": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx virtualhost definitions.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firefox-syncserver", "singleNode", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.firefox-syncserver.singleNode.enableTLS": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic TLS setup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firefox-syncserver", "singleNode", "enableTLS"], "readOnly": false, "type": "boolean"}, "services.firefox-syncserver.singleNode.hostname": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "description": "Host name to use for this service.\n", "loc": ["services", "firefox-syncserver", "singleNode", "hostname"], "readOnly": false, "type": "string"}, "services.firefox-syncserver.singleNode.url": {"declarations": ["nixos/modules/services/networking/firefox-syncserver.nix"], "default": {"_type": "literalExpression", "text": "${if cfg.singleNode.enableTLS then \"https\" else \"http\"}://${config.services.firefox-syncserver.singleNode.hostname}\n"}, "description": "URL of the host. If you are not using the automatic webserver proxy setup you will have\nto change this setting or your sync server may not be functional.\n", "loc": ["services", "firefox-syncserver", "singleNode", "url"], "readOnly": false, "type": "string"}, "services.fireqos.config": {"declarations": ["nixos/modules/services/networking/fireqos.nix"], "description": "The FireQOS configuration.\n", "example": {"_type": "literalExpression", "text": "''\n  interface wlp3s0 world-in input rate 10mbit ethernet\n    class web commit 50kbit\n      match tcp ports 80,443\n  \n  interface wlp3s0 world-out input rate 10mbit ethernet\n    class web commit 50kbit\n      match tcp ports 80,443\n''"}, "loc": ["services", "fireqos", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fireqos.enable": {"declarations": ["nixos/modules/services/networking/fireqos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FireQOS.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fireqos", "enable"], "readOnly": false, "type": "boolean"}, "services.firewalld.enable": {"declarations": ["nixos/modules/services/networking/firewalld"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FirewallD.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firewalld", "enable"], "readOnly": false, "type": "boolean"}, "services.firewalld.extraArgs": {"declarations": ["nixos/modules/services/networking/firewalld"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to FirewallD.", "example": {"_type": "literalExpression", "text": "[\n  \"--debug\"\n]"}, "loc": ["services", "firewalld", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.firewalld.package": {"declarations": ["nixos/modules/services/networking/firewalld"], "default": {"_type": "literalExpression", "text": "pkgs.firewalld"}, "description": "The firewalld package to use.", "loc": ["services", "firewalld", "package"], "readOnly": false, "type": "package"}, "services.firewalld.packages": {"declarations": ["nixos/modules/services/networking/firewalld"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages providing firewalld zones and other files.\nFiles found in `/lib/firewalld` will be included.\n", "loc": ["services", "firewalld", "packages"], "readOnly": false, "type": "list of package"}, "services.firewalld.services": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "firewalld service configuration files. See {manpage}`firewalld.service(5)`.\n", "loc": ["services", "firewalld", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firewalld.services.<name>.description": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Description for the service.", "loc": ["services", "firewalld", "services", "<name>", "description"], "readOnly": false, "type": "null or non-empty string"}, "services.firewalld.services.<name>.destination": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Destinations for the service.", "loc": ["services", "firewalld", "services", "<name>", "destination"], "readOnly": false, "type": "submodule"}, "services.firewalld.services.<name>.destination.ipv4": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4 destination.", "loc": ["services", "firewalld", "services", "<name>", "destination", "ipv4"], "readOnly": false, "type": "null or string matching the pattern ([0-9]{1,3}\\.){3}[0-9]{1,3}(/[0-9]{1,2})?"}, "services.firewalld.services.<name>.destination.ipv6": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv6 destination.", "loc": ["services", "firewalld", "services", "<name>", "destination", "ipv6"], "readOnly": false, "type": "null or string matching the pattern [0-9A-Fa-f:]{3,39}(/[0-9]{1,3})?"}, "services.firewalld.services.<name>.helpers": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Helpers for the service.", "loc": ["services", "firewalld", "services", "<name>", "helpers"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.services.<name>.includes": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Services to include for the service.", "loc": ["services", "firewalld", "services", "<name>", "includes"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.services.<name>.ports": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ports of the service.", "loc": ["services", "firewalld", "services", "<name>", "ports"], "readOnly": false, "type": "list of (submodule)"}, "services.firewalld.services.<name>.ports.*.port": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "description": "", "loc": ["services", "firewalld", "services", "<name>", "ports", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.firewalld.services.<name>.ports.*.protocol": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "description": "", "loc": ["services", "firewalld", "services", "<name>", "ports", "*", "protocol"], "readOnly": false, "type": "one of \"tcp\", \"udp\", \"sctp\", \"dccp\""}, "services.firewalld.services.<name>.protocols": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Protocols for the service.", "loc": ["services", "firewalld", "services", "<name>", "protocols"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.services.<name>.short": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Short description for the service.", "loc": ["services", "firewalld", "services", "<name>", "short"], "readOnly": false, "type": "null or non-empty string"}, "services.firewalld.services.<name>.sourcePorts": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Source ports for the service.", "loc": ["services", "firewalld", "services", "<name>", "sourcePorts"], "readOnly": false, "type": "list of (submodule)"}, "services.firewalld.services.<name>.sourcePorts.*.port": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "description": "", "loc": ["services", "firewalld", "services", "<name>", "sourcePorts", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.firewalld.services.<name>.sourcePorts.*.protocol": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "description": "", "loc": ["services", "firewalld", "services", "<name>", "sourcePorts", "*", "protocol"], "readOnly": false, "type": "one of \"tcp\", \"udp\", \"sctp\", \"dccp\""}, "services.firewalld.services.<name>.version": {"declarations": ["nixos/modules/services/networking/firewalld/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Version of the service.", "loc": ["services", "firewalld", "services", "<name>", "version"], "readOnly": false, "type": "null or non-empty string"}, "services.firewalld.settings": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FirewallD config file.\nSee {manpage}`firewalld.conf(5)`.\n", "loc": ["services", "firewalld", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "services.firewalld.settings.CleanupModulesOnExit": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to unload all firewall-related kernel modules when firewalld stops.", "loc": ["services", "firewalld", "settings", "CleanupModulesOnExit"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.CleanupOnExit": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to clean up firewall rules when firewalld stops.", "loc": ["services", "firewalld", "settings", "CleanupOnExit"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.DefaultZone": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "\"public\""}, "description": "Default zone for connections.", "loc": ["services", "firewalld", "settings", "DefaultZone"], "readOnly": false, "type": "non-empty string"}, "services.firewalld.settings.FirewallBackend": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "\"nftables\""}, "description": "The firewall backend implementation.\nThis applies to all firewalld primitives.\nThe only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends.\n\n::: {.caution}\nThe iptables backend is deprecated.\nIt will be removed in a future release.\n:::\n", "loc": ["services", "firewalld", "settings", "FirewallBackend"], "readOnly": false, "type": "one of \"nftables\", \"iptables\""}, "services.firewalld.settings.FlushAllOnReload": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to flush all runtime rules on a reload.", "loc": ["services", "firewalld", "settings", "FlushAllOnReload"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.IPv6_rpfilter": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "\"strict\""}, "description": "Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704.\n\nPossible values:\n\n`\"strict\"`\n: Performs \"strict\" filtering as per RFC 3704.\n  This check verifies that the in ingress interface is the same interface that would be used to send a packet reply to the source.\n  That is, `ingress == egress`.\n\n`\"loose\"`\n: Performs \"loose\" filtering as per RFC 3704.\n  This check only verifies that there is a route back to the source through any interface; even if it's not the same one on which the packet arrived.\n\n`\"strict-forward\"`\n: This is almost identical to \"strict\", but does not perform RPF for packets targeted to the host (INPUT).\n\n`\"loose-forward\"`\n: This is almost identical to \"loose\", but does not perform RPF for packets targeted to the host (INPUT).\n\n`\"no\"`\n: RPF is completely disabled.\n\nThe rp_filter for IPv4 is controlled using sysctl.\n", "loc": ["services", "firewalld", "settings", "IPv6_rpfilter"], "readOnly": false, "type": "one of \"strict\", \"loose\", \"strict-forward\", \"loose-forward\", \"no\""}, "services.firewalld.settings.IndividualCalls": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use individual -restore calls to apply changes to the firewall.\nThe use of individual calls increases the time that is needed to apply changes and to start the daemon, but is good for debugging as error messages are more specific.\n", "loc": ["services", "firewalld", "settings", "IndividualCalls"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.LogDenied": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "\"off\""}, "description": "Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.\n", "loc": ["services", "firewalld", "settings", "LogDenied"], "readOnly": false, "type": "one of \"all\", \"unicast\", \"broadcast\", \"multicast\", \"off\""}, "services.firewalld.settings.NftablesCounters": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a counter to every nftables rule.", "loc": ["services", "firewalld", "settings", "NftablesCounters"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.NftablesFlowtable": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "\"off\""}, "description": "This may improve forwarded traffic throughput by enabling nftables flowtable.\nIt is a software fastpath and avoids calling nftables rule evaluation for data packets.\nIts value is a space separate list of interfaces.\n", "loc": ["services", "firewalld", "settings", "NftablesFlowtable"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.firewalld.settings.NftablesTableOwner": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, the generated nftables rule set will be owned exclusively by firewalld.\nThis prevents other entities from mistakenly (or maliciously) modifying firewalld's rule set.\nIf you intend to modify firewalld's rules, set this to `false`.\n", "loc": ["services", "firewalld", "settings", "NftablesTableOwner"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.RFC3964_IPv4": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet.\n", "loc": ["services", "firewalld", "settings", "RFC3964_IPv4"], "readOnly": false, "type": "boolean"}, "services.firewalld.settings.ReloadPolicy": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "\"INPUT:DROP,FORWARD:DROP,OUTPUT:DROP\""}, "description": "The policy during reload.", "loc": ["services", "firewalld", "settings", "ReloadPolicy"], "readOnly": false, "type": "one of \"DROP\", \"REJECT\", \"ACCEPT\" or strings concatenated with \",\""}, "services.firewalld.settings.StrictForwardPorts": {"declarations": ["nixos/modules/services/networking/firewalld/settings.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker.\nFirewalld will be strict and not allow published container ports until they're explicitly allowed via firewalld.\nIf set to `false`, then docker (and podman) integrates seamlessly with firewalld.\nPublished container ports are implicitly allowed.\n", "loc": ["services", "firewalld", "settings", "StrictForwardPorts"], "readOnly": false, "type": "boolean"}, "services.firewalld.zones": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "firewalld zone configuration files.\nSee {manpage}`firewalld.zone(5)`.\n", "example": {"_type": "literalExpression", "text": "{\n  dmz = {\n    forward = true;\n    services = [\n      \"ssh\"\n    ];\n  };\n  external = {\n    forward = true;\n    masquerade = true;\n    services = [\n      \"ssh\"\n    ];\n  };\n  home = {\n    forward = true;\n    services = [\n      \"ssh\"\n      \"mdns\"\n      \"samba-client\"\n      \"dhcpv6-client\"\n    ];\n  };\n  internal = {\n    forward = true;\n    services = [\n      \"ssh\"\n      \"mdns\"\n      \"samba-client\"\n      \"dhcpv6-client\"\n    ];\n  };\n  public = {\n    forward = true;\n    services = [\n      \"ssh\"\n      \"dhcpv6-client\"\n    ];\n  };\n  work = {\n    forward = true;\n    services = [\n      \"ssh\"\n      \"dhcpv6-client\"\n    ];\n  };\n}"}, "loc": ["services", "firewalld", "zones"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firewalld.zones.<name>.description": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Description for the zone.", "loc": ["services", "firewalld", "zones", "<name>", "description"], "readOnly": false, "type": "null or non-empty string"}, "services.firewalld.zones.<name>.egressPriority": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Priority for outbound traffic.\nLower values have higher priority.\n", "loc": ["services", "firewalld", "zones", "<name>", "egressPriority"], "readOnly": false, "type": "null or 16 bit signed integer; between -32768 and 32767 (both inclusive)"}, "services.firewalld.zones.<name>.forward": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable intra-zone forwarding.\nWhen enabled, packets will be forwarded between interfaces or sources within a zone, even if the zone's target is not set to ACCEPT.\n", "loc": ["services", "firewalld", "zones", "<name>", "forward"], "readOnly": false, "type": "boolean"}, "services.firewalld.zones.<name>.forwardPorts": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ports to forward in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "services.firewalld.zones.<name>.forwardPorts.*.port": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "", "loc": ["services", "firewalld", "zones", "<name>", "forwardPorts", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.firewalld.zones.<name>.forwardPorts.*.protocol": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "", "loc": ["services", "firewalld", "zones", "<name>", "forwardPorts", "*", "protocol"], "readOnly": false, "type": "one of \"tcp\", \"udp\", \"sctp\", \"dccp\""}, "services.firewalld.zones.<name>.forwardPorts.*.to-addr": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Destination IP address.", "loc": ["services", "firewalld", "zones", "<name>", "forwardPorts", "*", "to-addr"], "readOnly": false, "type": "null or non-empty string"}, "services.firewalld.zones.<name>.forwardPorts.*.to-port": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "", "loc": ["services", "firewalld", "zones", "<name>", "forwardPorts", "*", "to-port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.firewalld.zones.<name>.icmpBlockInversion": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to invert the icmp block handling.\nOnly enabled ICMP types are accepted and all others are rejected in the zone.\n", "loc": ["services", "firewalld", "zones", "<name>", "icmpBlockInversion"], "readOnly": false, "type": "boolean"}, "services.firewalld.zones.<name>.icmpBlocks": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "ICMP types to block in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "icmpBlocks"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.zones.<name>.ingressPriority": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Priority for inbound traffic.\nLower values have higher priority.\n", "loc": ["services", "firewalld", "zones", "<name>", "ingressPriority"], "readOnly": false, "type": "null or 16 bit signed integer; between -32768 and 32767 (both inclusive)"}, "services.firewalld.zones.<name>.interfaces": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Interfaces to bind.", "loc": ["services", "firewalld", "zones", "<name>", "interfaces"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.zones.<name>.masquerade": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable masquerading in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "masquerade"], "readOnly": false, "type": "boolean"}, "services.firewalld.zones.<name>.ports": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ports to allow in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "ports"], "readOnly": false, "type": "list of (submodule)"}, "services.firewalld.zones.<name>.ports.*.port": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "", "loc": ["services", "firewalld", "zones", "<name>", "ports", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.firewalld.zones.<name>.ports.*.protocol": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "", "loc": ["services", "firewalld", "zones", "<name>", "ports", "*", "protocol"], "readOnly": false, "type": "one of \"tcp\", \"udp\", \"sctp\", \"dccp\""}, "services.firewalld.zones.<name>.protocols": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Protocols to allow in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "protocols"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.zones.<name>.rules": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rich rules for the zone.", "loc": ["services", "firewalld", "zones", "<name>", "rules"], "readOnly": false, "type": "list of (XML value)"}, "services.firewalld.zones.<name>.services": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Services to allow in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "services"], "readOnly": false, "type": "list of non-empty string"}, "services.firewalld.zones.<name>.short": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Short description for the zone.", "loc": ["services", "firewalld", "zones", "<name>", "short"], "readOnly": false, "type": "null or non-empty string"}, "services.firewalld.zones.<name>.sourcePorts": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Source ports to allow in the zone.", "loc": ["services", "firewalld", "zones", "<name>", "sourcePorts"], "readOnly": false, "type": "list of (submodule)"}, "services.firewalld.zones.<name>.sourcePorts.*.port": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "", "loc": ["services", "firewalld", "zones", "<name>", "sourcePorts", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.firewalld.zones.<name>.sourcePorts.*.protocol": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "", "loc": ["services", "firewalld", "zones", "<name>", "sourcePorts", "*", "protocol"], "readOnly": false, "type": "one of \"tcp\", \"udp\", \"sctp\", \"dccp\""}, "services.firewalld.zones.<name>.sources": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Source addresses, address ranges, MAC addresses or ipsets to bind.", "loc": ["services", "firewalld", "zones", "<name>", "sources"], "readOnly": false, "type": "list of attribute-tagged union with choices: address, ipset, mac"}, "services.firewalld.zones.<name>.sources.*.address": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "An IP address or a network IP address with a mask for IPv4 or IPv6.\nFor IPv4, the mask can be a network mask or a plain number.\nFor IPv6 the mask is a plain number.\nThe use of host names is not supported.\n", "loc": ["services", "firewalld", "zones", "<name>", "sources", "*", "address"], "readOnly": false, "type": "non-empty string"}, "services.firewalld.zones.<name>.sources.*.ipset": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "An ipset.", "loc": ["services", "firewalld", "zones", "<name>", "sources", "*", "ipset"], "readOnly": false, "type": "non-empty string"}, "services.firewalld.zones.<name>.sources.*.mac": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "description": "A MAC address.", "loc": ["services", "firewalld", "zones", "<name>", "sources", "*", "mac"], "readOnly": false, "type": "string matching the pattern ([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}"}, "services.firewalld.zones.<name>.target": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "\"%%REJECT%%\""}, "description": "Action for packets that doesn't match any rules.", "loc": ["services", "firewalld", "zones", "<name>", "target"], "readOnly": false, "type": "one of \"ACCEPT\", \"%%REJECT%%\", \"DROP\""}, "services.firewalld.zones.<name>.version": {"declarations": ["nixos/modules/services/networking/firewalld/zone.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Version of the zone.", "loc": ["services", "firewalld", "zones", "<name>", "version"], "readOnly": false, "type": "null or non-empty string"}, "services.firezone.gateway.apiUrl": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "description": "The URL of your firezone server's API. This should be the same\nas your server's setting for {option}`services.firezone.server.settings.api.externalUrl`,\nbut with `wss://` instead of `https://`.\n", "example": {"_type": "literalExpression", "text": "\"wss://firezone.example.com/api/\""}, "loc": ["services", "firezone", "gateway", "apiUrl"], "readOnly": false, "type": "string matching the pattern ^wss://.+/$"}, "services.firezone.gateway.enable": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the firezone gateway.\n\nYou have to manually masquerade and forward traffic from the\ntun-firezone interface to your resource! Refer to the\n[upstream setup script](https://github.com/firezone/firezone/blob/8c7c0a9e8e33ae790aeb75fdb5a15432c2870b79/scripts/gateway-systemd-install.sh#L154-L168)\nfor a list of iptable commands.\n\nSee the firezone nixos test in this repository for an nftables based example.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "gateway", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.gateway.enableTelemetry": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable telemetry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "gateway", "enableTelemetry"], "readOnly": false, "type": "boolean"}, "services.firezone.gateway.logLevel": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The log level for the firezone application. See\n[RUST_LOG](https://docs.rs/env_logger/latest/env_logger/#enabling-logging)\nfor the format.\n", "loc": ["services", "firezone", "gateway", "logLevel"], "readOnly": false, "type": "string"}, "services.firezone.gateway.name": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "description": "The name of this gateway as shown in firezone", "loc": ["services", "firezone", "gateway", "name"], "readOnly": false, "type": "string"}, "services.firezone.gateway.package": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-gateway"}, "description": "The firezone-gateway package to use.", "loc": ["services", "firezone", "gateway", "package"], "readOnly": false, "type": "package"}, "services.firezone.gateway.tokenFile": {"declarations": ["nixos/modules/services/networking/firezone/gateway.nix"], "description": "A file containing the firezone gateway token. Do not use a nix-store path here\nas it will make the token publicly readable!\n\nThis file will be passed via systemd credentials, it should only be accessible\nby the root user.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/firezone-gateway-token\""}, "loc": ["services", "firezone", "gateway", "tokenFile"], "readOnly": false, "type": "absolute path"}, "services.firezone.gui-client.allowedUsers": {"declarations": ["nixos/modules/services/networking/firezone/gui-client.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "All listed users will become part of the `firezone-client` group so\nthey can control the tunnel service. This is a convenience option.\n", "loc": ["services", "firezone", "gui-client", "allowedUsers"], "readOnly": false, "type": "list of string"}, "services.firezone.gui-client.enable": {"declarations": ["nixos/modules/services/networking/firezone/gui-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the firezone gui client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "gui-client", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.gui-client.logLevel": {"declarations": ["nixos/modules/services/networking/firezone/gui-client.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The log level for the firezone application. See\n[RUST_LOG](https://docs.rs/env_logger/latest/env_logger/#enabling-logging)\nfor the format.\n", "loc": ["services", "firezone", "gui-client", "logLevel"], "readOnly": false, "type": "string"}, "services.firezone.gui-client.name": {"declarations": ["nixos/modules/services/networking/firezone/gui-client.nix"], "description": "The name of this client as shown in firezone", "loc": ["services", "firezone", "gui-client", "name"], "readOnly": false, "type": "string"}, "services.firezone.gui-client.package": {"declarations": ["nixos/modules/services/networking/firezone/gui-client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-gui-client"}, "description": "The firezone-gui-client package to use.", "loc": ["services", "firezone", "gui-client", "package"], "readOnly": false, "type": "package"}, "services.firezone.headless-client.apiUrl": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "description": "The URL of your firezone server's API. This should be the same\nas your server's setting for {option}`services.firezone.server.settings.api.externalUrl`,\nbut with `wss://` instead of `https://`.\n", "example": {"_type": "literalExpression", "text": "\"wss://firezone.example.com/api/\""}, "loc": ["services", "firezone", "headless-client", "apiUrl"], "readOnly": false, "type": "string matching the pattern ^wss://.+/$"}, "services.firezone.headless-client.enable": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the firezone headless client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "headless-client", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.headless-client.enableTelemetry": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable telemetry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "headless-client", "enableTelemetry"], "readOnly": false, "type": "boolean"}, "services.firezone.headless-client.logLevel": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The log level for the firezone application. See\n[RUST_LOG](https://docs.rs/env_logger/latest/env_logger/#enabling-logging)\nfor the format.\n", "loc": ["services", "firezone", "headless-client", "logLevel"], "readOnly": false, "type": "string"}, "services.firezone.headless-client.name": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "description": "The name of this client as shown in firezone", "loc": ["services", "firezone", "headless-client", "name"], "readOnly": false, "type": "string"}, "services.firezone.headless-client.package": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-headless-client"}, "description": "The firezone-headless-client package to use.", "loc": ["services", "firezone", "headless-client", "package"], "readOnly": false, "type": "package"}, "services.firezone.headless-client.tokenFile": {"declarations": ["nixos/modules/services/networking/firezone/headless-client.nix"], "description": "A file containing the firezone client token. Do not use a nix-store path here\nas it will make the token publicly readable!\n\nThis file will be passed via systemd credentials, it should only be accessible\nby the root user.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/firezone-client-token\""}, "loc": ["services", "firezone", "headless-client", "tokenFile"], "readOnly": false, "type": "absolute path"}, "services.firezone.relay.apiUrl": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "description": "The URL of your firezone server's API. This should be the same\nas your server's setting for {option}`services.firezone.server.settings.api.externalUrl`,\nbut with `wss://` instead of `https://`.\n", "example": {"_type": "literalExpression", "text": "\"wss://firezone.example.com/api/\""}, "loc": ["services", "firezone", "relay", "apiUrl"], "readOnly": false, "type": "string matching the pattern ^wss://.+/$"}, "services.firezone.relay.enable": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the firezone relay server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "relay", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.relay.enableTelemetry": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable telemetry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "relay", "enableTelemetry"], "readOnly": false, "type": "boolean"}, "services.firezone.relay.highestPort": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "The highest port to use in TURN allocation", "loc": ["services", "firezone", "relay", "highestPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.relay.logLevel": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The log level for the firezone application. See\n[RUST_LOG](https://docs.rs/env_logger/latest/env_logger/#enabling-logging)\nfor the format.\n", "loc": ["services", "firezone", "relay", "logLevel"], "readOnly": false, "type": "string"}, "services.firezone.relay.lowestPort": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "49152"}, "description": "The lowest port to use in TURN allocation", "loc": ["services", "firezone", "relay", "lowestPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.relay.name": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "description": "The name of this gateway as shown in firezone", "example": {"_type": "literalExpression", "text": "\"My relay\""}, "loc": ["services", "firezone", "relay", "name"], "readOnly": false, "type": "string"}, "services.firezone.relay.openFirewall": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens up the main STUN port and the TURN allocation range.", "loc": ["services", "firezone", "relay", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.firezone.relay.package": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-relay"}, "description": "The firezone-relay package to use.", "loc": ["services", "firezone", "relay", "package"], "readOnly": false, "type": "package"}, "services.firezone.relay.port": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "3478"}, "description": "The port to listen on for STUN messages", "loc": ["services", "firezone", "relay", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.relay.publicIpv4": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public ipv4 address of this relay", "loc": ["services", "firezone", "relay", "publicIpv4"], "readOnly": false, "type": "null or string"}, "services.firezone.relay.publicIpv6": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public ipv6 address of this relay", "loc": ["services", "firezone", "relay", "publicIpv6"], "readOnly": false, "type": "null or string"}, "services.firezone.relay.tokenFile": {"declarations": ["nixos/modules/services/networking/firezone/relay.nix"], "description": "A file containing the firezone relay token. Do not use a nix-store path here\nas it will make the token publicly readable!\n\nThis file will be passed via systemd credentials, it should only be accessible\nby the root user.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/firezone-relay-token\""}, "loc": ["services", "firezone", "relay", "tokenFile"], "readOnly": false, "type": "absolute path"}, "services.firezone.server.api.address": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address to listen on", "loc": ["services", "firezone", "server", "api", "address"], "readOnly": false, "type": "string"}, "services.firezone.server.api.enable": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Firezone api server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "api", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.server.api.externalUrl": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The external URL under which you will serve the api. You need to\nsetup a reverse proxy for TLS termination, either with\n{option}`services.firezone.server.nginx.enable` or manually.\n", "example": {"_type": "literalExpression", "text": "\"https://firezone.example.com/api/\""}, "loc": ["services", "firezone", "server", "api", "externalUrl"], "readOnly": false, "type": "string matching the pattern ^https://.+/$"}, "services.firezone.server.api.package": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-server-api"}, "description": "The firezone-server-api package to use.", "loc": ["services", "firezone", "server", "api", "package"], "readOnly": false, "type": "package"}, "services.firezone.server.api.port": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "The port under which the api will be served locally", "loc": ["services", "firezone", "server", "api", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.server.api.settings": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for this component of the Firezone server. For a\nlist of available variables, please refer to the [upstream definitions](https://github.com/firezone/firezone/blob/main/elixir/apps/domain/lib/domain/config/definitions.ex).\nSome variables like `OUTBOUND_EMAIL_ADAPTER_OPTS` require json values\nfor which you can use `VAR = builtins.toJSON { /* ... */ }`.\n\nThis component will automatically inherit all variables defined via\n{option}`services.firezone.server.settings` and\n{option}`services.firezone.server.settingsSecret`, but which can be\noverwritten by this option.\n", "loc": ["services", "firezone", "server", "api", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or string or absolute path or package)"}, "services.firezone.server.api.trustedProxies": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of trusted proxies", "loc": ["services", "firezone", "server", "api", "trustedProxies"], "readOnly": false, "type": "list of string"}, "services.firezone.server.clusterHosts": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"api@localhost.localdomain\"\n  \"web@localhost.localdomain\"\n  \"domain@localhost.localdomain\"\n]"}, "description": "A list of components and their hosts that are part of this cluster. For\na single-machine setup, the default value will be sufficient. This\nvalue will automatically set `ERLANG_CLUSTER_ADAPTER_CONFIG`.\n\nThe format is `<COMPONENT_NAME>@<HOSTNAME>`.\n", "loc": ["services", "firezone", "server", "clusterHosts"], "readOnly": false, "type": "list of string"}, "services.firezone.server.domain.enable": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Firezone domain server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "domain", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.server.domain.package": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-server-domain"}, "description": "The firezone-server-domain package to use.", "loc": ["services", "firezone", "server", "domain", "package"], "readOnly": false, "type": "package"}, "services.firezone.server.domain.settings": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for this component of the Firezone server. For a\nlist of available variables, please refer to the [upstream definitions](https://github.com/firezone/firezone/blob/main/elixir/apps/domain/lib/domain/config/definitions.ex).\nSome variables like `OUTBOUND_EMAIL_ADAPTER_OPTS` require json values\nfor which you can use `VAR = builtins.toJSON { /* ... */ }`.\n\nThis component will automatically inherit all variables defined via\n{option}`services.firezone.server.settings` and\n{option}`services.firezone.server.settingsSecret`, but which can be\noverwritten by this option.\n", "loc": ["services", "firezone", "server", "domain", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or string or absolute path or package)"}, "services.firezone.server.enable": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable all Firezone components.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.server.enableLocalDB": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a local postgresql database for Firezone.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "enableLocalDB"], "readOnly": false, "type": "boolean"}, "services.firezone.server.nginx.enable": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx virtualhost definition.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.server.openClusterFirewall": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens up the erlang distribution port of all enabled components to\nallow reaching the server cluster from the internet. You only need to\nset this if you are actually distributing your cluster across multiple\nmachines.\n", "loc": ["services", "firezone", "server", "openClusterFirewall"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All accounts to provision. The attribute name specified here will\nbecome the account slug. By using `\"{file:/path/to/file}\"` as a\nstring value anywhere in these settings, the provisioning script will\nreplace that value with the content of the given file at runtime.\n\nPlease refer to the [Firezone source code](https://github.com/firezone/firezone/blob/main/elixir/apps/domain/lib/domain/accounts/account.ex)\nfor all available properties.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    features = {\n      rest_api = false;\n    };\n    metadata = {\n      stripe = {\n        billing_email = \"org@myorg.example.com\";\n      };\n    };\n    name = \"My Account / Organization\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.firezone.server.provision.accounts.<name>.actors": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All actors (users) to provision. The attribute name will only\nbe used to track the actor and does not have any significance\nfor Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  admin = {\n    email = \"admin@myorg.example.com\";\n    name = \"Admin\";\n    type = \"account_admin_user\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "actors"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firezone.server.provision.accounts.<name>.actors.<name>.email": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The email address used to authenticate as this account", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "actors", "<name>", "email"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.actors.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The name of this actor", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "actors", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.actors.<name>.type": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The account type", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "actors", "<name>", "type"], "readOnly": false, "type": "one of \"account_admin_user\", \"account_user\", \"service_account\", \"api_client\""}, "services.firezone.server.provision.accounts.<name>.auth": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All authentication providers to provision. The attribute name\nwill only be used to track the provider and does not have any\nsignificance for Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  myoidcprovider = {\n    adapter = \"openid_connect\";\n    adapter_config = {\n      clientSecretFile = \"/run/secrets/oidc-client-secret\";\n      client_id = \"clientid\";\n      discovery_document_uri = \"https://auth.example.com/.well-known/openid-configuration\";\n      response_type = \"code\";\n      scope = \"openid email name\";\n    };\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "auth"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.firezone.server.provision.accounts.<name>.auth.<name>.adapter": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The auth adapter type", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "auth", "<name>", "adapter"], "readOnly": false, "type": "one of \"email\", \"openid_connect\", \"userpass\", \"token\", \"google_workspace\", \"microsoft_entra\", \"okta\", \"jumpcloud\""}, "services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a the client secret for an openid_connect adapter.\nYou only need to set this if this is an openid_connect provider.\n", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "auth", "<name>", "adapter_config", "clientSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.provision.accounts.<name>.auth.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The name of this authentication provider", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "auth", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.features.idp_sync": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `idp_sync` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "idp_sync"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.features.internet_resource": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `internet_resource` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "internet_resource"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.features.multi_site_resources": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `multi_site_resources` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "multi_site_resources"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.features.policy_conditions": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `policy_conditions` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "policy_conditions"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.features.rest_api": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `rest_api` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "rest_api"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.features.self_hosted_relays": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `self_hosted_relays` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "self_hosted_relays"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.features.traffic_filters": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `traffic_filters` feature for this account.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "features", "traffic_filters"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.gatewayGroups": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All gateway groups (sites) to provision. The attribute name\nwill only be used to track the gateway group and does not have any\nsignificance for Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  my-gateways = {\n    name = \"My Gateways\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "gatewayGroups"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firezone.server.provision.accounts.<name>.gatewayGroups.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The name of this gateway group", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "gatewayGroups", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.groups": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All groups to provision. The attribute name will only be used\nto track the group and does not have any significance for\nFirezone.\n\nA group named `everyone` will automatically be managed by Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  users = {\n    name = \"Users\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "groups"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Ensure that only the given members are part of this group at every server start.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "groups", "<name>", "forceMembers"], "readOnly": false, "type": "boolean"}, "services.firezone.server.provision.accounts.<name>.groups.<name>.members": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The members of this group", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "groups", "<name>", "members"], "readOnly": false, "type": "list of string"}, "services.firezone.server.provision.accounts.<name>.groups.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The name of this group", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "groups", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The account name", "example": {"_type": "literalExpression", "text": "\"My Organization\""}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.policies": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All policies to provision. The attribute name will only be used to\ntrack the policy and does not have any significance for Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  access_vaultwarden = {\n    group = \"everyone\";\n    name = \"Allow anyone to access vaultwarden\";\n    resource = \"vaultwarden\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "policies"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firezone.server.provision.accounts.<name>.policies.<name>.description": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The description of this policy", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "policies", "<name>", "description"], "readOnly": false, "type": "null or string"}, "services.firezone.server.provision.accounts.<name>.policies.<name>.group": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The group which should be allowed access to the given resource.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "policies", "<name>", "group"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.policies.<name>.resource": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The resource to which access should be allowed.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "policies", "<name>", "resource"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.relayGroups": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All relay groups to provision. The attribute name\nwill only be used to track the relay group and does not have any\nsignificance for Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  my-relays = {\n    name = \"My Relays\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "relayGroups"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firezone.server.provision.accounts.<name>.relayGroups.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The name of this relay group", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "relayGroups", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.resources": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All resources to provision. The attribute name will only be used to\ntrack the resource and does not have any significance for Firezone.\n", "example": {"_type": "literalExpression", "text": "{\n  vaultwarden = {\n    address = \"vault.example.com\";\n    address_description = \"https://vault.example.com\";\n    filters = [\n      {\n        protocol = \"icmp\";\n      }\n      {\n        ports = [\n          80\n          443\n        ];\n        protocol = \"tcp\";\n      }\n    ];\n    gatewayGroups = [\n      \"my-site\"\n    ];\n    name = \"Vaultwarden\";\n    type = \"dns\";\n  };\n}"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.address": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The address of this resource. Depending on the resource type, this should be an ip, ip with cidr mask or a domain.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "address"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An optional description for resource address, usually a full link to the resource including a schema.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "addressDescription"], "readOnly": false, "type": "null or string"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.filters": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of filter to restrict traffic. If no filters are given, all traffic is allowed.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "filters"], "readOnly": false, "type": "list of (submodule)"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Either a single port or port range to allow. Both bounds are inclusive.", "example": {"_type": "literalExpression", "text": "[\n  443\n  {\n    from = 8080;\n    to = 8100;\n  }\n]"}, "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "filters", "*", "ports"], "readOnly": false, "type": "list of ((submodule) or 16 bit unsigned integer; between 0 and 65535 (both inclusive) convertible to it)"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The start of the port range, inclusive.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "filters", "*", "ports", "*", "from"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The end of the port range, inclusive.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "filters", "*", "ports", "*", "to"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The protocol to allow", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "filters", "*", "protocol"], "readOnly": false, "type": "one of \"icmp\", \"tcp\", \"udp\""}, "services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "A list of gateway groups (sites) which can reach the resource and may be used to connect to it.", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "gatewayGroups"], "readOnly": false, "type": "non-empty (list of string)"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.name": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The name of this resource", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "name"], "readOnly": false, "type": "string"}, "services.firezone.server.provision.accounts.<name>.resources.<name>.type": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The resource type", "loc": ["services", "firezone", "server", "provision", "accounts", "<name>", "resources", "<name>", "type"], "readOnly": false, "type": "one of \"dns\", \"cidr\", \"ip\""}, "services.firezone.server.provision.enable": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable provisioning of the Firezone domain server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "provision", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.server.settings": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for the Firezone server. For a list of available\nvariables, please refer to the [upstream definitions](https://github.com/firezone/firezone/blob/main/elixir/apps/domain/lib/domain/config/definitions.ex).\nSome variables like `OUTBOUND_EMAIL_ADAPTER_OPTS` require json values\nfor which you can use `VAR = builtins.toJSON { /* ... */ }`.\n\nEach component has an additional `settings` option which allows you to\noverride specific variables passed to that component.\n", "loc": ["services", "firezone", "server", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or string or absolute path or package)"}, "services.firezone.server.settingsSecret": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This is a convenience option which allows you to set secret values for\nenvironment variables by specifying a file which will contain the value\nat runtime. Before starting the server, the content of each file will\nbe loaded into the respective environment variable.\n\nOtherwise, this option is equivalent to\n{option}`services.firezone.server.settings`. Refer to the settings\noption for more information regarding the actual variables and how\nfiltering rules are applied for each component.\n", "loc": ["services", "firezone", "server", "settingsSecret"], "readOnly": false, "type": "open submodule of attribute set of absolute path"}, "services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique base64 encoded secret for the\n`COOKIE_ENCRYPTION_SALT`. All Firezone components in your cluster must\nuse the same value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "COOKIE_ENCRYPTION_SALT"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.settingsSecret.COOKIE_SIGNING_SALT": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique base64 encoded secret for the\n`COOKIE_SIGNING_SALT`. All Firezone components in your cluster must\nuse the same value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "COOKIE_SIGNING_SALT"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.settingsSecret.LIVE_VIEW_SIGNING_SALT": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique base64 encoded secret for the\n`LIVE_VIEW_SIGNING_SALT`. All Firezone components in your cluster must\nuse the same value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "LIVE_VIEW_SIGNING_SALT"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.settingsSecret.RELEASE_COOKIE": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique secret identifier for the Erlang\ncluster. All Firezone components in your cluster must use the\nsame value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "RELEASE_COOKIE"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.settingsSecret.SECRET_KEY_BASE": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique base64 encoded secret for the\n`SECRET_KEY_BASE`. All Firezone components in your cluster must\nuse the same value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "SECRET_KEY_BASE"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.settingsSecret.TOKENS_KEY_BASE": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique base64 encoded secret for the\n`TOKENS_KEY_BASE`. All Firezone components in your cluster must\nuse the same value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "TOKENS_KEY_BASE"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.settingsSecret.TOKENS_SALT": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a unique base64 encoded secret for the\n`TOKENS_SALT`. All Firezone components in your cluster must\nuse the same value.\n\nIf this is `null`, a shared value will automatically be generated\non startup and used for all components on this machine. You do\nnot need to set this except when you spread your cluster over\nmultiple hosts.\n", "loc": ["services", "firezone", "server", "settingsSecret", "TOKENS_SALT"], "readOnly": false, "type": "null or absolute path"}, "services.firezone.server.smtp.configureManually": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Outbound email configuration is mandatory for Firezone and supports\nmany different delivery adapters. Yet, most users will only need an\nSMTP relay to send emails, so this configuration enforced by default.\n\nIf you want to utilize an alternative way to send emails (e.g. via a\nsupportd API-based service), enable this option and define\n`OUTBOUND_EMAIL_FROM`, `OUTBOUND_EMAIL_ADAPTER` and\n`OUTBOUND_EMAIL_ADAPTER_OPTS` manually via\n{option}`services.firezone.server.settings` and/or\n{option}`services.firezone.server.settingsSecret`.\n\nThe Firezone documentation holds [a list of supported Swoosh adapters](https://github.com/firezone/firezone/blob/main/website/src/app/docs/reference/env-vars/readme.mdx#outbound-emails).\n", "loc": ["services", "firezone", "server", "smtp", "configureManually"], "readOnly": false, "type": "boolean"}, "services.firezone.server.smtp.from": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "Outbound SMTP FROM address", "example": {"_type": "literalExpression", "text": "\"firezone@example.com\""}, "loc": ["services", "firezone", "server", "smtp", "from"], "readOnly": false, "type": "string"}, "services.firezone.server.smtp.host": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "Outbound SMTP host", "example": {"_type": "literalExpression", "text": "\"mail.example.com\""}, "loc": ["services", "firezone", "server", "smtp", "host"], "readOnly": false, "type": "string"}, "services.firezone.server.smtp.implicitTls": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use implicit TLS instead of STARTTLS (usually port 465)", "loc": ["services", "firezone", "server", "smtp", "implicitTls"], "readOnly": false, "type": "boolean"}, "services.firezone.server.smtp.passwordFile": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "File containing the password for the given username. Beware that a file in the nix store will be world readable.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/smtp-password\""}, "loc": ["services", "firezone", "server", "smtp", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.firezone.server.smtp.port": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "Outbound SMTP port", "example": {"_type": "literalExpression", "text": "465"}, "loc": ["services", "firezone", "server", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.server.smtp.username": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "Username to authenticate against the SMTP relay", "example": {"_type": "literalExpression", "text": "\"firezone@example.com\""}, "loc": ["services", "firezone", "server", "smtp", "username"], "readOnly": false, "type": "string"}, "services.firezone.server.web.address": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address to listen on", "loc": ["services", "firezone", "server", "web", "address"], "readOnly": false, "type": "string"}, "services.firezone.server.web.enable": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Firezone web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "firezone", "server", "web", "enable"], "readOnly": false, "type": "boolean"}, "services.firezone.server.web.externalUrl": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "description": "The external URL under which you will serve the web interface. You\nneed to setup a reverse proxy for TLS termination, either with\n{option}`services.firezone.server.nginx.enable` or manually.\n", "example": {"_type": "literalExpression", "text": "\"https://firezone.example.com/\""}, "loc": ["services", "firezone", "server", "web", "externalUrl"], "readOnly": false, "type": "string matching the pattern ^https://.+/$"}, "services.firezone.server.web.package": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.firezone-server-web"}, "description": "The firezone-server-web package to use.", "loc": ["services", "firezone", "server", "web", "package"], "readOnly": false, "type": "package"}, "services.firezone.server.web.port": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port under which the web interface will be served locally", "loc": ["services", "firezone", "server", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.firezone.server.web.settings": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for this component of the Firezone server. For a\nlist of available variables, please refer to the [upstream definitions](https://github.com/firezone/firezone/blob/main/elixir/apps/domain/lib/domain/config/definitions.ex).\nSome variables like `OUTBOUND_EMAIL_ADAPTER_OPTS` require json values\nfor which you can use `VAR = builtins.toJSON { /* ... */ }`.\n\nThis component will automatically inherit all variables defined via\n{option}`services.firezone.server.settings` and\n{option}`services.firezone.server.settingsSecret`, but which can be\noverwritten by this option.\n", "loc": ["services", "firezone", "server", "web", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or string or absolute path or package)"}, "services.firezone.server.web.trustedProxies": {"declarations": ["nixos/modules/services/networking/firezone/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of trusted proxies", "loc": ["services", "firezone", "server", "web", "trustedProxies"], "readOnly": false, "type": "list of string"}, "services.flannel.backend": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "{\n  Type = \"vxlan\";\n}"}, "description": "Type of backend to use and specific configurations for that backend.", "loc": ["services", "flannel", "backend"], "readOnly": false, "type": "attribute set"}, "services.flannel.enable": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable flannel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flannel", "enable"], "readOnly": false, "type": "boolean"}, "services.flannel.etcd.caFile": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Etcd certificate authority file", "loc": ["services", "flannel", "etcd", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.flannel.etcd.certFile": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Etcd cert file", "loc": ["services", "flannel", "etcd", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.flannel.etcd.endpoints": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:2379\"\n]"}, "description": "Etcd endpoints", "loc": ["services", "flannel", "etcd", "endpoints"], "readOnly": false, "type": "list of string"}, "services.flannel.etcd.keyFile": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Etcd key file", "loc": ["services", "flannel", "etcd", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.flannel.etcd.prefix": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "\"/coreos.com/network\""}, "description": "Etcd key prefix", "loc": ["services", "flannel", "etcd", "prefix"], "readOnly": false, "type": "string"}, "services.flannel.extraNetworkConfig": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to be added to the net-conf.json/etcd-backed network configuration.", "example": {"_type": "literalExpression", "text": "{\n  EnableIPv6 = true;\n}"}, "loc": ["services", "flannel", "extraNetworkConfig"], "readOnly": false, "type": "JSON value"}, "services.flannel.iface": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interface to use (IP or name) for inter-host communication.\nDefaults to the interface for the default route on the machine.\n", "loc": ["services", "flannel", "iface"], "readOnly": false, "type": "null or string"}, "services.flannel.kubeconfig": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to kubeconfig to use for storing flannel config using the\nKubernetes API\n", "loc": ["services", "flannel", "kubeconfig"], "readOnly": false, "type": "null or absolute path"}, "services.flannel.network": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "description": "IPv4 network in CIDR format to use for the entire flannel network", "loc": ["services", "flannel", "network"], "readOnly": false, "type": "string"}, "services.flannel.nodeName": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "Needed when running with Kubernetes as backend as this cannot be auto-detected\";\n", "example": {"_type": "literalExpression", "text": "\"node1.example.com\""}, "loc": ["services", "flannel", "nodeName"], "readOnly": false, "type": "null or string"}, "services.flannel.package": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flannel"}, "description": "The flannel package to use.", "loc": ["services", "flannel", "package"], "readOnly": false, "type": "package"}, "services.flannel.publicIp": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP accessible by other nodes for inter-host communication.\nDefaults to the IP of the interface being used for communication.\n", "loc": ["services", "flannel", "publicIp"], "readOnly": false, "type": "null or string"}, "services.flannel.storageBackend": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "\"etcd\""}, "description": "Determines where flannel stores its configuration at runtime", "loc": ["services", "flannel", "storageBackend"], "readOnly": false, "type": "one of \"etcd\", \"kubernetes\""}, "services.flannel.subnetLen": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "24"}, "description": "The size of the subnet allocated to each host. Defaults to 24 (i.e. /24)\nunless the Network was configured to be smaller than a /24 in which case\nit is one less than the network.\n", "loc": ["services", "flannel", "subnetLen"], "readOnly": false, "type": "signed integer"}, "services.flannel.subnetMax": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The end of IP range which the subnet allocation should start with.\nDefaults to the last subnet of Network.\n", "loc": ["services", "flannel", "subnetMax"], "readOnly": false, "type": "null or string"}, "services.flannel.subnetMin": {"declarations": ["nixos/modules/services/networking/flannel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The beginning of IP range which the subnet allocation should start with.\nDefaults to the first subnet of Network.\n", "loc": ["services", "flannel", "subnetMin"], "readOnly": false, "type": "null or string"}, "services.flaresolverr.enable": {"declarations": ["nixos/modules/services/misc/flaresolverr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FlareSolverr, a proxy server to bypass Cloudflare protection.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flaresolverr", "enable"], "readOnly": false, "type": "boolean"}, "services.flaresolverr.openFirewall": {"declarations": ["nixos/modules/services/misc/flaresolverr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the port in the firewall for FlareSolverr.", "loc": ["services", "flaresolverr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.flaresolverr.package": {"declarations": ["nixos/modules/services/misc/flaresolverr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flaresolverr"}, "description": "The flaresolverr package to use.", "loc": ["services", "flaresolverr", "package"], "readOnly": false, "type": "package"}, "services.flaresolverr.port": {"declarations": ["nixos/modules/services/misc/flaresolverr.nix"], "default": {"_type": "literalExpression", "text": "8191"}, "description": "The port on which FlareSolverr will listen for incoming HTTP traffic.", "loc": ["services", "flaresolverr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.flarum.adminEmail": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"admin@example.com\""}, "description": "Email for first web application administrator", "loc": ["services", "flarum", "adminEmail"], "readOnly": false, "type": "string"}, "services.flarum.adminUser": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"flarum\""}, "description": "Username for first web application administrator", "loc": ["services", "flarum", "adminUser"], "readOnly": false, "type": "string"}, "services.flarum.baseUrl": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost\""}, "description": "Change `domain` instead.", "example": {"_type": "literalExpression", "text": "\"https://forum.example.com\""}, "loc": ["services", "flarum", "baseUrl"], "readOnly": false, "type": "string"}, "services.flarum.createDatabaseLocally": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create the database and database user locally, and run installation.\n\nWARNING: Due to <https://github.com/flarum/framework/issues/4018>, this option is set\nto false by default. The 'flarum install' command may delete existing database tables.\nOnly set this to true if you are certain you are working with a fresh, empty database.\n", "loc": ["services", "flarum", "createDatabaseLocally"], "readOnly": false, "type": "boolean"}, "services.flarum.database": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "{\n  database = \"flarum\";\n  driver = \"mysql\";\n  host = \"localhost\";\n  password = \"\";\n  port = 3306;\n  prefix = \"\";\n  strict = false;\n  username = \"flarum\";\n}"}, "description": "MySQL database parameters", "loc": ["services", "flarum", "database"], "readOnly": false, "type": "attribute set of (string or boolean or signed integer)"}, "services.flarum.domain": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Domain to serve on.", "example": {"_type": "literalExpression", "text": "\"forum.example.com\""}, "loc": ["services", "flarum", "domain"], "readOnly": false, "type": "string"}, "services.flarum.enable": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Flarum discussion platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flarum", "enable"], "readOnly": false, "type": "boolean"}, "services.flarum.forumTitle": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"A Flarum Forum on NixOS\""}, "description": "Title of the forum.", "loc": ["services", "flarum", "forumTitle"], "readOnly": false, "type": "string"}, "services.flarum.group": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"flarum\""}, "description": "System group to run Flarum", "loc": ["services", "flarum", "group"], "readOnly": false, "type": "string"}, "services.flarum.initialAdminPassword": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"flarum\""}, "description": "Initial password for the adminUser", "loc": ["services", "flarum", "initialAdminPassword"], "readOnly": false, "type": "string"}, "services.flarum.package": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flarum"}, "description": "The flarum package to use.", "loc": ["services", "flarum", "package"], "readOnly": false, "type": "package"}, "services.flarum.stateDir": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/flarum\""}, "description": "Home directory for writable storage", "loc": ["services", "flarum", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.flarum.user": {"declarations": ["nixos/modules/services/web-apps/flarum.nix"], "default": {"_type": "literalExpression", "text": "\"flarum\""}, "description": "System user to run Flarum", "loc": ["services", "flarum", "user"], "readOnly": false, "type": "string"}, "services.flatpak.enable": {"declarations": ["nixos/modules/services/desktops/flatpak.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable flatpak.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flatpak", "enable"], "readOnly": false, "type": "boolean"}, "services.flatpak.package": {"declarations": ["nixos/modules/services/desktops/flatpak.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flatpak"}, "description": "The flatpak package to use.", "loc": ["services", "flatpak", "package"], "readOnly": false, "type": "package"}, "services.flexget.config": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The YAML configuration for FlexGet.", "loc": ["services", "flexget", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.flexget.enable": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FlexGet daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flexget", "enable"], "readOnly": false, "type": "boolean"}, "services.flexget.homeDir": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/deluge\""}, "description": "Where files live.", "example": {"_type": "literalExpression", "text": "\"/home/flexget\""}, "loc": ["services", "flexget", "homeDir"], "readOnly": false, "type": "absolute path"}, "services.flexget.interval": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "\"10m\""}, "description": "When to perform a {command}`flexget` run. See {command}`man 7 systemd.time` for the format.", "example": {"_type": "literalExpression", "text": "\"1h\""}, "loc": ["services", "flexget", "interval"], "readOnly": false, "type": "string"}, "services.flexget.package": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flexget"}, "description": "The flexget package to use.", "loc": ["services", "flexget", "package"], "readOnly": false, "type": "package"}, "services.flexget.systemScheduler": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "flexget", "systemScheduler"], "readOnly": false, "type": "boolean"}, "services.flexget.user": {"declarations": ["nixos/modules/services/torrent/flexget.nix"], "default": {"_type": "literalExpression", "text": "\"deluge\""}, "description": "The user under which to run flexget.", "example": {"_type": "literalExpression", "text": "\"some_user\""}, "loc": ["services", "flexget", "user"], "readOnly": false, "type": "string"}, "services.flood.enable": {"declarations": ["nixos/modules/services/torrent/flood.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable flood.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flood", "enable"], "readOnly": false, "type": "boolean"}, "services.flood.extraArgs": {"declarations": ["nixos/modules/services/torrent/flood.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to `flood`.", "example": {"_type": "literalExpression", "text": "[\n  \"--baseuri=/\"\n]"}, "loc": ["services", "flood", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.flood.host": {"declarations": ["nixos/modules/services/torrent/flood.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host to bind webserver.", "example": {"_type": "literalExpression", "text": "\"::\""}, "loc": ["services", "flood", "host"], "readOnly": false, "type": "string"}, "services.flood.openFirewall": {"declarations": ["nixos/modules/services/torrent/flood.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.flood.port`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "flood", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.flood.package": {"declarations": ["nixos/modules/services/torrent/flood.nix"], "default": {"_type": "literalExpression", "text": "pkgs.flood"}, "description": "The flood package to use.", "loc": ["services", "flood", "package"], "readOnly": false, "type": "package"}, "services.flood.port": {"declarations": ["nixos/modules/services/torrent/flood.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port to bind webserver.", "example": {"_type": "literalExpression", "text": "3001"}, "loc": ["services", "flood", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fluent-bit.configurationFile": {"declarations": ["nixos/modules/services/monitoring/fluent-bit.nix"], "default": {"_type": "literalExpression", "text": "yamlFormat.generate \"fluent-bit.yaml\" cfg.settings"}, "description": "Fluent Bit configuration. See\n<https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/yaml>\nfor supported values.\n\n{option}`configurationFile` takes precedence over {option}`settings`.\n\nNote: Restricted evaluation blocks access to paths outside the Nix store.\nThis means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.\nAs a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.\n`systemctl restart fluent-bit.service` must be used instead.\n", "example": {"_type": "literalExpression", "text": "\"/etc/fluent-bit/fluent-bit.yaml\""}, "loc": ["services", "fluent-bit", "configurationFile"], "readOnly": false, "type": "absolute path"}, "services.fluent-bit.enable": {"declarations": ["nixos/modules/services/monitoring/fluent-bit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Fluent Bit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fluent-bit", "enable"], "readOnly": false, "type": "boolean"}, "services.fluent-bit.graceLimit": {"declarations": ["nixos/modules/services/monitoring/fluent-bit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The grace time limit. Sets the systemd unit's `TimeoutStopSec`.\n\nThe `service.grace` option in the Fluent Bit configuration should be \u2264 this option.\n", "example": {"_type": "literalExpression", "text": "30"}, "loc": ["services", "fluent-bit", "graceLimit"], "readOnly": false, "type": "null or positive integer, meaning >0, or string"}, "services.fluent-bit.package": {"declarations": ["nixos/modules/services/monitoring/fluent-bit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fluent-bit"}, "description": "The fluent-bit package to use.", "loc": ["services", "fluent-bit", "package"], "readOnly": false, "type": "package"}, "services.fluent-bit.settings": {"declarations": ["nixos/modules/services/monitoring/fluent-bit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See {option}`configurationFile`.\n\n{option}`configurationFile` takes precedence over {option}`settings`.\n", "example": {"_type": "literalExpression", "text": "{\n  pipeline = {\n    inputs = [\n      {\n        name = \"systemd\";\n        systemd_filter = \"_SYSTEMD_UNIT=fluent-bit.service\";\n      }\n    ];\n    outputs = [\n      {\n        file = \"fluent-bit.out\";\n        name = \"file\";\n        path = \"/var/log/fluent-bit\";\n      }\n    ];\n  };\n  service = {\n    grace = 30;\n  };\n}"}, "loc": ["services", "fluent-bit", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.fluentd.config": {"declarations": ["nixos/modules/services/logging/fluentd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Fluentd config.", "loc": ["services", "fluentd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fluentd.enable": {"declarations": ["nixos/modules/services/logging/fluentd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fluentd, a data/log collector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fluentd", "enable"], "readOnly": false, "type": "boolean"}, "services.fluentd.package": {"declarations": ["nixos/modules/services/logging/fluentd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fluentd"}, "description": "The fluentd package to use.", "loc": ["services", "fluentd", "package"], "readOnly": false, "type": "package"}, "services.fluentd.plugins": {"declarations": ["nixos/modules/services/logging/fluentd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of plugin paths to pass into fluentd. It will make plugins defined in ruby files\nthere available in your config.\n", "loc": ["services", "fluentd", "plugins"], "readOnly": false, "type": "list of absolute path"}, "services.fluidd.enable": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Fluidd, a Klipper web interface for managing your 3d printer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fluidd", "enable"], "readOnly": false, "type": "boolean"}, "services.fluidd.hostName": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname to serve fluidd on", "loc": ["services", "fluidd", "hostName"], "readOnly": false, "type": "string"}, "services.fluidd.nginx": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the nginx virtual host of fluidd.", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [ \"fluidd.${config.networking.domain}\" ];\n}\n"}, "loc": ["services", "fluidd", "nginx"], "readOnly": false, "type": "submodule"}, "services.fluidd.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "fluidd", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "fluidd", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "fluidd", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "fluidd", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.fluidd.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "fluidd", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.fluidd.nginx.default": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "fluidd", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "fluidd", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "fluidd", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fluidd.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "fluidd", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "fluidd", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "fluidd", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "fluidd", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "fluidd", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "fluidd", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "fluidd", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.fluidd.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "description": "Listen address.", "loc": ["services", "fluidd", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.fluidd.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "fluidd", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.fluidd.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "fluidd", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.fluidd.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "fluidd", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "fluidd", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "fluidd", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.fluidd.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "fluidd", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.fluidd.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.fluidd.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.fluidd.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "fluidd", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.fluidd.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "fluidd", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fluidd.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "fluidd", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.fluidd.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "fluidd", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.fluidd.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "fluidd", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "fluidd", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.fluidd.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.fluidd.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "fluidd", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "fluidd", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "fluidd", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "fluidd", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.fluidd.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "fluidd", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "fluidd", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.fluidd.nginx.root": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "fluidd", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.fluidd.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "fluidd", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.fluidd.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "fluidd", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.fluidd.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "fluidd", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.fluidd.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "fluidd", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.fluidd.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "fluidd", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.fluidd.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "fluidd", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.fluidd.package": {"declarations": ["nixos/modules/services/web-apps/fluidd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fluidd"}, "description": "The fluidd package to use.", "loc": ["services", "fluidd", "package"], "readOnly": false, "type": "package"}, "services.foldingathome.daemonNiceLevel": {"declarations": ["nixos/modules/services/computing/foldingathome/client.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Daemon process priority for FAHClient.\n0 is the default Unix process priority, 19 is the lowest.\n", "loc": ["services", "foldingathome", "daemonNiceLevel"], "readOnly": false, "type": "integer between -20 and 19 (both inclusive)"}, "services.foldingathome.enable": {"declarations": ["nixos/modules/services/computing/foldingathome/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Folding@home client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "foldingathome", "enable"], "readOnly": false, "type": "boolean"}, "services.foldingathome.extraArgs": {"declarations": ["nixos/modules/services/computing/foldingathome/client.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra startup options for the FAHClient. Run\n`fah-client --help` to find all the available options.\n", "loc": ["services", "foldingathome", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.foldingathome.package": {"declarations": ["nixos/modules/services/computing/foldingathome/client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fahclient"}, "description": "The fahclient package to use.", "loc": ["services", "foldingathome", "package"], "readOnly": false, "type": "package"}, "services.foldingathome.team": {"declarations": ["nixos/modules/services/computing/foldingathome/client.nix"], "default": {"_type": "literalExpression", "text": "236565"}, "description": "The team ID associated with the reported computation results. This\nwill be used in the ranking statistics.\n\nBy default, use the NixOS folding@home team ID is being used.\n", "loc": ["services", "foldingathome", "team"], "readOnly": false, "type": "signed integer"}, "services.foldingathome.user": {"declarations": ["nixos/modules/services/computing/foldingathome/client.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The user associated with the reported computation results. This will\nbe used in the ranking statistics.\n", "loc": ["services", "foldingathome", "user"], "readOnly": false, "type": "null or string"}, "services.forgejo.customDir": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.forgejo.stateDir}/custom\""}, "description": "Base directory for custom templates and other options.\n\nIf {option}`services.forgejo.useWizard` is disabled (default), this directory will also\nhold secrets and the resulting {file}`app.ini` config at runtime.\n", "loc": ["services", "forgejo", "customDir"], "readOnly": false, "type": "string"}, "services.forgejo.database.createDatabase": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "forgejo", "database", "createDatabase"], "readOnly": false, "type": "boolean"}, "services.forgejo.database.host": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Database host address.", "loc": ["services", "forgejo", "database", "host"], "readOnly": false, "type": "string"}, "services.forgejo.database.name": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"forgejo\""}, "description": "Database name.", "loc": ["services", "forgejo", "database", "name"], "readOnly": false, "type": "string"}, "services.forgejo.database.passwordFile": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`services.forgejo.database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/forgejo-dbpassword\""}, "loc": ["services", "forgejo", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.forgejo.database.path": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.forgejo.stateDir}/data/forgejo.db\""}, "description": "Path to the sqlite3 database file.", "loc": ["services", "forgejo", "database", "path"], "readOnly": false, "type": "string"}, "services.forgejo.database.port": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "if config.services.forgejo.database.type != \"postgresql\"\nthen 3306\nelse 5432\n"}, "description": "Database host port.", "loc": ["services", "forgejo", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.forgejo.database.socket": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the unix socket file to use for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/mysqld/mysqld.sock\""}, "loc": ["services", "forgejo", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.forgejo.database.type": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite3\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"mysql\""}, "loc": ["services", "forgejo", "database", "type"], "readOnly": false, "type": "one of \"sqlite3\", \"mysql\", \"postgres\""}, "services.forgejo.database.user": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"forgejo\""}, "description": "Database user.", "loc": ["services", "forgejo", "database", "user"], "readOnly": false, "type": "string"}, "services.forgejo.dump.age": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"4w\""}, "description": "Age of backup used to decide what files to delete when cleaning.\nIf a file or directory is older than the current time minus the age field, it is deleted.\n\nThe format is described in\n{manpage}`tmpfiles.d(5)`.\n", "example": {"_type": "literalExpression", "text": "\"5d\""}, "loc": ["services", "forgejo", "dump", "age"], "readOnly": false, "type": "string"}, "services.forgejo.dump.backupDir": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.forgejo.stateDir}/dump\""}, "description": "Path to the directory where the dump archives will be stored.", "loc": ["services", "forgejo", "dump", "backupDir"], "readOnly": false, "type": "string"}, "services.forgejo.dump.enable": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable periodic dumps via the [built-in {command}`dump` command](https://forgejo.org/docs/latest/admin/command-line/#dump).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "forgejo", "dump", "enable"], "readOnly": false, "type": "boolean"}, "services.forgejo.dump.file": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Filename to be used for the dump. If `null` a default name is chosen by forgejo.", "example": {"_type": "literalExpression", "text": "\"forgejo-dump\""}, "loc": ["services", "forgejo", "dump", "file"], "readOnly": false, "type": "null or string"}, "services.forgejo.dump.interval": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"04:31\""}, "description": "Run a Forgejo dump at this interval. Runs by default at 04:31 every day.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"hourly\""}, "loc": ["services", "forgejo", "dump", "interval"], "readOnly": false, "type": "string"}, "services.forgejo.dump.type": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"zip\""}, "description": "Archive format used to store the dump file.", "loc": ["services", "forgejo", "dump", "type"], "readOnly": false, "type": "one of \"zip\", \"tar\", \"tar.sz\", \"tar.gz\", \"tar.xz\", \"tar.bz2\", \"tar.br\", \"tar.lz4\", \"tar.zst\""}, "services.forgejo.enable": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Forgejo, a software forge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "forgejo", "enable"], "readOnly": false, "type": "boolean"}, "services.forgejo.group": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"forgejo\""}, "description": "Group under which Forgejo runs.", "loc": ["services", "forgejo", "group"], "readOnly": false, "type": "string"}, "services.forgejo.lfs.contentDir": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.forgejo.stateDir}/data/lfs\""}, "description": "Where to store LFS files.", "loc": ["services", "forgejo", "lfs", "contentDir"], "readOnly": false, "type": "string"}, "services.forgejo.lfs.enable": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables git-lfs support.", "loc": ["services", "forgejo", "lfs", "enable"], "readOnly": false, "type": "boolean"}, "services.forgejo.package": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.forgejo-lts"}, "description": "The forgejo-lts package to use.", "loc": ["services", "forgejo", "package"], "readOnly": false, "type": "package"}, "services.forgejo.repositoryRoot": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.forgejo.stateDir}/repositories\""}, "description": "Path to the git repositories.", "loc": ["services", "forgejo", "repositoryRoot"], "readOnly": false, "type": "string"}, "services.forgejo.secrets": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This is a small wrapper over systemd's `LoadCredential`.\n\nIt takes the same sections and keys as {option}`services.forgejo.settings`,\nbut the value of each key is a path instead of a string or bool.\n\nThe path is then loaded as credential, exported as environment variable\nand then feed through\n<https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/environment-to-ini/environment-to-ini.go>.\n\nIt does the required environment variable escaping for you.\n\n::: {.note}\nKeys specified here take priority over the ones in {option}`services.forgejo.settings`!\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  metrics = {\n    TOKEN = \"/run/keys/forgejo-metrics-token\";\n  };\n  camo = {\n    HMAC_KEY = \"/run/keys/forgejo-camo-hmac\";\n  };\n  service = {\n    HCAPTCHA_SECRET = \"/run/keys/forgejo-hcaptcha-secret\";\n    HCAPTCHA_SITEKEY = \"/run/keys/forgejo-hcaptcha-sitekey\";\n  };\n}\n"}, "loc": ["services", "forgejo", "secrets"], "readOnly": false, "type": "open submodule of attribute set of attribute set of absolute path"}, "services.forgejo.settings": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings written directly to the `app.ini` configfile file.\nRefer to <https://forgejo.org/docs/latest/admin/config-cheat-sheet/> for supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  DEFAULT = {\n    RUN_MODE = \"dev\";\n  };\n  \"cron.sync_external_users\" = {\n    RUN_AT_START = true;\n    SCHEDULE = \"@every 24h\";\n    UPDATE_EXISTING = true;\n  };\n  mailer = {\n    ENABLED = true;\n    PROTOCOL = \"sendmail\";\n    FROM = \"do-not-reply@example.org\";\n    SENDMAIL_PATH = \"${pkgs.system-sendmail}/bin/sendmail\";\n  };\n  other = {\n    SHOW_FOOTER_VERSION = false;\n  };\n}\n"}, "loc": ["services", "forgejo", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.forgejo.settings.log.LEVEL": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"Info\""}, "description": "General log level.", "loc": ["services", "forgejo", "settings", "log", "LEVEL"], "readOnly": false, "type": "one of \"Trace\", \"Debug\", \"Info\", \"Warn\", \"Error\", \"Critical\""}, "services.forgejo.settings.log.ROOT_PATH": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.forgejo.stateDir}/log\""}, "description": "Root path for log files.", "loc": ["services", "forgejo", "settings", "log", "ROOT_PATH"], "readOnly": false, "type": "string"}, "services.forgejo.settings.server.DISABLE_SSH": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable external SSH feature.", "loc": ["services", "forgejo", "settings", "server", "DISABLE_SSH"], "readOnly": false, "type": "boolean"}, "services.forgejo.settings.server.DOMAIN": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Domain name of your server.", "loc": ["services", "forgejo", "settings", "server", "DOMAIN"], "readOnly": false, "type": "string"}, "services.forgejo.settings.server.HTTP_ADDR": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "if lib.hasSuffix \"+unix\" cfg.settings.server.PROTOCOL then \"/run/forgejo/forgejo.sock\" else \"0.0.0.0\""}, "description": "Listen address. Must be a path when using a unix socket.", "loc": ["services", "forgejo", "settings", "server", "HTTP_ADDR"], "readOnly": false, "type": "string or absolute path"}, "services.forgejo.settings.server.HTTP_PORT": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Listen port. Ignored when using a unix socket.", "loc": ["services", "forgejo", "settings", "server", "HTTP_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.forgejo.settings.server.PROTOCOL": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "Listen protocol. `+unix` means \"over unix\", not \"in addition to.\"", "loc": ["services", "forgejo", "settings", "server", "PROTOCOL"], "readOnly": false, "type": "one of \"http\", \"https\", \"fcgi\", \"http+unix\", \"fcgi+unix\""}, "services.forgejo.settings.server.ROOT_URL": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"http://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}/\""}, "description": "Full public URL of Forgejo server.", "loc": ["services", "forgejo", "settings", "server", "ROOT_URL"], "readOnly": false, "type": "string"}, "services.forgejo.settings.server.SSH_PORT": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "22"}, "description": "SSH port displayed in clone URL.\nThe option is required to configure a service when the external visible port\ndiffers from the local listening port i.e. if port forwarding is used.\n", "example": {"_type": "literalExpression", "text": "2222"}, "loc": ["services", "forgejo", "settings", "server", "SSH_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.forgejo.settings.server.STATIC_ROOT_PATH": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "config.services.forgejo.package.data"}, "description": "Upper level of template and static files path.", "example": {"_type": "literalExpression", "text": "\"/var/lib/forgejo/data\""}, "loc": ["services", "forgejo", "settings", "server", "STATIC_ROOT_PATH"], "readOnly": false, "type": "string or absolute path"}, "services.forgejo.settings.session.COOKIE_SECURE": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Marks session cookies as \"secure\" as a hint for browsers to only send\nthem via HTTPS. This option is recommend, if Forgejo is being served over HTTPS.\n", "loc": ["services", "forgejo", "settings", "session", "COOKIE_SECURE"], "readOnly": false, "type": "boolean"}, "services.forgejo.stateDir": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/forgejo\""}, "description": "Forgejo data directory.", "loc": ["services", "forgejo", "stateDir"], "readOnly": false, "type": "string"}, "services.forgejo.useWizard": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use the built-in installation wizard instead of\ndeclaratively managing the {file}`app.ini` config file in nix.\n", "loc": ["services", "forgejo", "useWizard"], "readOnly": false, "type": "boolean"}, "services.forgejo.user": {"declarations": ["nixos/modules/services/misc/forgejo.nix"], "default": {"_type": "literalExpression", "text": "\"forgejo\""}, "description": "User account under which Forgejo runs.", "loc": ["services", "forgejo", "user"], "readOnly": false, "type": "string"}, "services.foundationdb.backupProcesses": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of backup_agent processes to run for snapshots.", "loc": ["services", "foundationdb", "backupProcesses"], "readOnly": false, "type": "signed integer"}, "services.foundationdb.class": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Process class", "loc": ["services", "foundationdb", "class"], "readOnly": false, "type": "null or one of \"storage\", \"transaction\", \"stateless\""}, "services.foundationdb.dataDir": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/foundationdb\""}, "description": "Data directory. All cluster data will be put under here.", "loc": ["services", "foundationdb", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.foundationdb.enable": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FoundationDB Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "foundationdb", "enable"], "readOnly": false, "type": "boolean"}, "services.foundationdb.extraReadWritePaths": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An extra set of filesystem paths that FoundationDB can read to\nand write from. By default, FoundationDB runs under a heavily\nnamespaced systemd environment without write access to most of\nthe filesystem outside of its data and log directories. By\nadding paths to this list, the set of writeable paths will be\nexpanded. This is useful for allowing e.g. backups to local files,\nwhich must be performed on behalf of the foundationdb service.\n", "loc": ["services", "foundationdb", "extraReadWritePaths"], "readOnly": false, "type": "list of absolute path"}, "services.foundationdb.group": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"foundationdb\""}, "description": "Group account under which FoundationDB runs.", "loc": ["services", "foundationdb", "group"], "readOnly": false, "type": "string"}, "services.foundationdb.listenAddress": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"public\""}, "description": "Publicly visible IP address of the process. Port is determined by process ID", "loc": ["services", "foundationdb", "listenAddress"], "readOnly": false, "type": "string"}, "services.foundationdb.listenPortStart": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "4500"}, "description": "Starting port number for database listening sockets. Every FDB process binds to a\nsubsequent port, to this number reflects the start of the overall range. e.g. having\n8 server processes will use all ports between 4500 and 4507.\n", "loc": ["services", "foundationdb", "listenPortStart"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.foundationdb.locality": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "{\n  dataHall = null;\n  datacenterId = null;\n  machineId = null;\n  zoneId = null;\n}"}, "description": "FoundationDB locality settings.\n", "loc": ["services", "foundationdb", "locality"], "readOnly": false, "type": "submodule"}, "services.foundationdb.locality.dataHall": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Data hall identifier key. All processes physically located in a\ndata hall should share the id. If you are depending on data\nhall based replication this must be set on all processes.\n", "loc": ["services", "foundationdb", "locality", "dataHall"], "readOnly": false, "type": "null or string"}, "services.foundationdb.locality.datacenterId": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Data center identifier key. All processes physically located in a\ndata center should share the id. If you are depending on data\ncenter based replication this must be set on all processes.\n", "loc": ["services", "foundationdb", "locality", "datacenterId"], "readOnly": false, "type": "null or string"}, "services.foundationdb.locality.machineId": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Machine identifier key. All processes on a machine should share a\nunique id. By default, processes on a machine determine a unique id to share.\nThis does not generally need to be set.\n", "loc": ["services", "foundationdb", "locality", "machineId"], "readOnly": false, "type": "null or string"}, "services.foundationdb.locality.zoneId": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Zone identifier key. Processes that share a zone id are\nconsidered non-unique for the purposes of data replication.\nIf unset, defaults to machine id.\n", "loc": ["services", "foundationdb", "locality", "zoneId"], "readOnly": false, "type": "null or string"}, "services.foundationdb.logDir": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/foundationdb\""}, "description": "Log directory.", "loc": ["services", "foundationdb", "logDir"], "readOnly": false, "type": "absolute path"}, "services.foundationdb.logSize": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"10MiB\""}, "description": "Roll over to a new log file after the current log file\nreaches the specified size.\n", "loc": ["services", "foundationdb", "logSize"], "readOnly": false, "type": "string"}, "services.foundationdb.maxLogSize": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"100MiB\""}, "description": "Delete the oldest log file when the total size of all log\nfiles exceeds the specified size. If set to 0, old log files\nwill not be deleted.\n", "loc": ["services", "foundationdb", "maxLogSize"], "readOnly": false, "type": "string"}, "services.foundationdb.memory": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"8GiB\""}, "description": "Maximum memory used by the process. The default value is\n`8GiB`. When specified without a unit,\n`MiB` is assumed. This parameter does not\nchange the memory allocation of the program. Rather, it sets\na hard limit beyond which the process will kill itself and\nbe restarted. The default value of `8GiB`\nis double the intended memory usage in the default\nconfiguration (providing an emergency buffer to deal with\nmemory leaks or similar problems). It is not recommended to\ndecrease the value of this parameter below its default\nvalue. It may be increased if you wish to allocate a very\nlarge amount of storage engine memory or cache. In\nparticular, when the `storageMemory`\nparameter is increased, the `memory`\nparameter should be increased by an equal amount.\n", "loc": ["services", "foundationdb", "memory"], "readOnly": false, "type": "string"}, "services.foundationdb.openFirewall": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the firewall ports corresponding to FoundationDB processes and coordinators\nusing {option}`config.networking.firewall.*`.\n", "loc": ["services", "foundationdb", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.foundationdb.package": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "description": "The FoundationDB package to use for this server. This must be specified by the user\nin order to ensure migrations and upgrades are controlled appropriately.\n", "loc": ["services", "foundationdb", "package"], "readOnly": false, "type": "package"}, "services.foundationdb.pidfile": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"/run/foundationdb.pid\""}, "description": "Path to pidfile for fdbmonitor.", "loc": ["services", "foundationdb", "pidfile"], "readOnly": false, "type": "absolute path"}, "services.foundationdb.publicAddress": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Publicly visible IP address of the process. Port is determined by process ID", "loc": ["services", "foundationdb", "publicAddress"], "readOnly": false, "type": "string"}, "services.foundationdb.restartDelay": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Number of seconds to wait before restarting servers.", "loc": ["services", "foundationdb", "restartDelay"], "readOnly": false, "type": "signed integer"}, "services.foundationdb.serverProcesses": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of fdbserver processes to run.", "loc": ["services", "foundationdb", "serverProcesses"], "readOnly": false, "type": "signed integer"}, "services.foundationdb.storageMemory": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"1GiB\""}, "description": "Maximum memory used for data storage. The default value is\n`1GiB`. When specified without a unit,\n`MB` is assumed. Clusters using the memory\nstorage engine will be restricted to using this amount of\nmemory per process for purposes of data storage. Memory\noverhead associated with storing the data is counted against\nthis total. If you increase the\n`storageMemory`, you should also increase\nthe `memory` parameter by the same amount.\n", "loc": ["services", "foundationdb", "storageMemory"], "readOnly": false, "type": "string"}, "services.foundationdb.tls": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "FoundationDB Transport Security Layer (TLS) settings.\n", "loc": ["services", "foundationdb", "tls"], "readOnly": false, "type": "null or (submodule)"}, "services.foundationdb.tls.allowedPeers": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"Check.Valid=1,Check.Unexpired=1\""}, "description": "\"Peer verification string\". This may be used to adjust which TLS\nclient certificates a server will accept, as a form of user\nauthorization; for example, it may only accept TLS clients who\noffer a certificate abiding by some locality or organization name.\n\nFor more information, please see the FoundationDB documentation.\n", "loc": ["services", "foundationdb", "tls", "allowedPeers"], "readOnly": false, "type": "string"}, "services.foundationdb.tls.certificate": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "description": "Path to the TLS certificate file. This certificate will\nbe offered to, and may be verified by, clients.\n", "loc": ["services", "foundationdb", "tls", "certificate"], "readOnly": false, "type": "string"}, "services.foundationdb.tls.key": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "description": "Private key file for the certificate.", "loc": ["services", "foundationdb", "tls", "key"], "readOnly": false, "type": "string"}, "services.foundationdb.traceFormat": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"xml\""}, "description": "Trace logging format.", "loc": ["services", "foundationdb", "traceFormat"], "readOnly": false, "type": "one of \"xml\", \"json\""}, "services.foundationdb.user": {"declarations": ["nixos/modules/services/databases/foundationdb.nix"], "default": {"_type": "literalExpression", "text": "\"foundationdb\""}, "description": "User account under which FoundationDB runs.", "loc": ["services", "foundationdb", "user"], "readOnly": false, "type": "string"}, "services.fprintd.enable": {"declarations": ["nixos/modules/services/security/fprintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fprintd daemon and PAM module for fingerprint readers handling.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fprintd", "enable"], "readOnly": false, "type": "boolean"}, "services.fprintd.package": {"declarations": ["nixos/modules/services/security/fprintd.nix"], "default": {"_type": "literalExpression", "text": "if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd"}, "description": "fprintd package to use.\n", "loc": ["services", "fprintd", "package"], "readOnly": false, "type": "package"}, "services.fprintd.tod.driver": {"declarations": ["nixos/modules/services/security/fprintd.nix"], "description": "Touch OEM Drivers (TOD) package to use.\n", "example": {"_type": "literalExpression", "text": "pkgs.libfprint-2-tod1-goodix"}, "loc": ["services", "fprintd", "tod", "driver"], "readOnly": false, "type": "package"}, "services.fprintd.tod.enable": {"declarations": ["nixos/modules/services/security/fprintd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Touch OEM Drivers library support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fprintd", "tod", "enable"], "readOnly": false, "type": "boolean"}, "services.fractalart.enable": {"declarations": ["nixos/modules/services/x11/fractalart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable FractalArt for generating colorful wallpapers on login", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fractalart", "enable"], "readOnly": false, "type": "boolean"}, "services.fractalart.height": {"declarations": ["nixos/modules/services/x11/fractalart.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Screen height", "example": {"_type": "literalExpression", "text": "1080"}, "loc": ["services", "fractalart", "height"], "readOnly": false, "type": "null or signed integer"}, "services.fractalart.width": {"declarations": ["nixos/modules/services/x11/fractalart.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Screen width", "example": {"_type": "literalExpression", "text": "1920"}, "loc": ["services", "fractalart", "width"], "readOnly": false, "type": "null or signed integer"}, "services.freeciv.enable": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable freeciv.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeciv", "enable"], "readOnly": false, "type": "boolean"}, "services.freeciv.openFirewall": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the firewall for the port listening for clients.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeciv", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.freeciv.settings": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameters of freeciv-server.\n", "loc": ["services", "freeciv", "settings"], "readOnly": false, "type": "open submodule of (freeciv-server params)"}, "services.freeciv.settings.Announce": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Announce game in LAN using given protocol.", "loc": ["services", "freeciv", "settings", "Announce"], "readOnly": false, "type": "one of \"IPv4\", \"IPv6\", \"none\""}, "services.freeciv.settings.Database": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "''\n  [fcdb]\n    backend=\"sqlite\"\n    database=\"/var/lib/freeciv/auth.sqlite\"\n''"}, "description": "Enable database connection with given configuration.", "loc": ["services", "freeciv", "settings", "Database"], "readOnly": false, "type": "null or string"}, "services.freeciv.settings.Guests": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable guests to login if auth is enabled.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeciv", "settings", "Guests"], "readOnly": false, "type": "boolean"}, "services.freeciv.settings.Newusers": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable new users to login if auth is enabled.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeciv", "settings", "Newusers"], "readOnly": false, "type": "boolean"}, "services.freeciv.settings.auth": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable server authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeciv", "settings", "auth"], "readOnly": false, "type": "boolean"}, "services.freeciv.settings.debug": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Set debug log level.", "loc": ["services", "freeciv", "settings", "debug"], "readOnly": false, "type": "integer between 0 and 3 (both inclusive)"}, "services.freeciv.settings.exit-on-end": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exit instead of restarting when a game ends.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeciv", "settings", "exit-on-end"], "readOnly": false, "type": "boolean"}, "services.freeciv.settings.port": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "5556"}, "description": "Listen for clients on given port", "loc": ["services", "freeciv", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.freeciv.settings.quitidle": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Quit if no players for given time in seconds.", "loc": ["services", "freeciv", "settings", "quitidle"], "readOnly": false, "type": "null or signed integer"}, "services.freeciv.settings.read": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "''\n  /fcdb lua sqlite_createdb()\n''"}, "description": "Startup script.", "loc": ["services", "freeciv", "settings", "read"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.freeciv.settings.saves": {"declarations": ["nixos/modules/services/games/freeciv.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/freeciv/saves/\""}, "description": "Save games to given directory,\na sub-directory named after the starting date of the service\nwill me inserted to preserve older saves.\n", "loc": ["services", "freeciv", "settings", "saves"], "readOnly": false, "type": "null or string"}, "services.freefall.devices": {"declarations": ["nixos/modules/services/hardware/freefall.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/dev/sda\"\n]"}, "description": "Device paths to all internal spinning hard drives.\n", "loc": ["services", "freefall", "devices"], "readOnly": false, "type": "list of string"}, "services.freefall.enable": {"declarations": ["nixos/modules/services/hardware/freefall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.\n", "loc": ["services", "freefall", "enable"], "readOnly": false, "type": "boolean"}, "services.freefall.package": {"declarations": ["nixos/modules/services/hardware/freefall.nix"], "default": {"_type": "literalExpression", "text": "pkgs.freefall"}, "description": "The freefall package to use.", "loc": ["services", "freefall", "package"], "readOnly": false, "type": "package"}, "services.freenet.enable": {"declarations": ["nixos/modules/services/networking/freenet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Freenet daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freenet", "enable"], "readOnly": false, "type": "boolean"}, "services.freenet.nice": {"declarations": ["nixos/modules/services/networking/freenet.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Set the nice level for the Freenet daemon", "loc": ["services", "freenet", "nice"], "readOnly": false, "type": "integer between -20 and 19 (both inclusive)"}, "services.freeradius.configDir": {"declarations": ["nixos/modules/services/networking/freeradius.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/raddb\""}, "description": "The path of the freeradius server configuration directory.\n", "loc": ["services", "freeradius", "configDir"], "readOnly": false, "type": "absolute path"}, "services.freeradius.debug": {"declarations": ["nixos/modules/services/networking/freeradius.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging for freeradius (-xx\noption). This should not be left on, since it includes\nsensitive data such as passwords in the logs.\n", "loc": ["services", "freeradius", "debug"], "readOnly": false, "type": "boolean"}, "services.freeradius.enable": {"declarations": ["nixos/modules/services/networking/freeradius.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the freeradius server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeradius", "enable"], "readOnly": false, "type": "boolean"}, "services.freeradius.package": {"declarations": ["nixos/modules/services/networking/freeradius.nix"], "default": {"_type": "literalExpression", "text": "pkgs.freeradius"}, "description": "The freeradius package to use.", "loc": ["services", "freeradius", "package"], "readOnly": false, "type": "package"}, "services.freeswitch.configDir": {"declarations": ["nixos/modules/services/misc/freeswitch.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Override file in FreeSWITCH config template directory.\nEach top-level attribute denotes a file path in the configuration directory, its value is the file path.\nSee [FreeSWITCH documentation](https://freeswitch.org/confluence/display/FREESWITCH/Default+Configuration) for more info.\nAlso check available templates in [FreeSWITCH repository](https://github.com/signalwire/freeswitch/tree/master/conf).\n", "example": {"_type": "literalExpression", "text": "{\n  \"freeswitch.xml\" = ./freeswitch.xml;\n  \"dialplan/default.xml\" = pkgs.writeText \"dialplan-default.xml\" ''\n    [xml lines]\n  '';\n}\n"}, "loc": ["services", "freeswitch", "configDir"], "readOnly": false, "type": "attribute set of absolute path"}, "services.freeswitch.configTemplate": {"declarations": ["nixos/modules/services/misc/freeswitch.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.freeswitch.package}/share/freeswitch/conf/vanilla\""}, "description": "Configuration template to use.\nSee available templates in [FreeSWITCH repository](https://github.com/signalwire/freeswitch/tree/master/conf).\nYou can also set your own configuration directory.\n", "example": {"_type": "literalExpression", "text": "\"${config.services.freeswitch.package}/share/freeswitch/conf/minimal\""}, "loc": ["services", "freeswitch", "configTemplate"], "readOnly": false, "type": "absolute path"}, "services.freeswitch.enable": {"declarations": ["nixos/modules/services/misc/freeswitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FreeSWITCH.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freeswitch", "enable"], "readOnly": false, "type": "boolean"}, "services.freeswitch.enableReload": {"declarations": ["nixos/modules/services/misc/freeswitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Issue the `reloadxml` command to FreeSWITCH when configuration directory changes (instead of restart).\nSee [FreeSWITCH documentation](https://freeswitch.org/confluence/display/FREESWITCH/Reloading) for more info.\nThe configuration directory is exposed at {file}`/etc/freeswitch`.\nSee also `systemd.services.*.restartIfChanged`.\n", "loc": ["services", "freeswitch", "enableReload"], "readOnly": false, "type": "boolean"}, "services.freeswitch.package": {"declarations": ["nixos/modules/services/misc/freeswitch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.freeswitch"}, "description": "The freeswitch package to use.", "loc": ["services", "freeswitch", "package"], "readOnly": false, "type": "package"}, "services.freshrss.api.enable": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API). Users must set individual API passwords in their profile settings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freshrss", "api", "enable"], "readOnly": false, "type": "boolean"}, "services.freshrss.authType": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"form\""}, "description": "Authentication type for FreshRSS.", "loc": ["services", "freshrss", "authType"], "readOnly": false, "type": "one of \"form\", \"http_auth\", \"none\""}, "services.freshrss.baseUrl": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "description": "Default URL for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"https://freshrss.example.com\""}, "loc": ["services", "freshrss", "baseUrl"], "readOnly": false, "type": "string"}, "services.freshrss.dataDir": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/freshrss\""}, "description": "Default data folder for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"/mnt/freshrss\""}, "loc": ["services", "freshrss", "dataDir"], "readOnly": false, "type": "string"}, "services.freshrss.database.host": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host for FreshRSS.", "loc": ["services", "freshrss", "database", "host"], "readOnly": false, "type": "null or string"}, "services.freshrss.database.name": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"freshrss\""}, "description": "Database name for FreshRSS.", "loc": ["services", "freshrss", "database", "name"], "readOnly": false, "type": "null or string"}, "services.freshrss.database.passFile": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database password file for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/freshrss\""}, "loc": ["services", "freshrss", "database", "passFile"], "readOnly": false, "type": "null or absolute path"}, "services.freshrss.database.port": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database port for FreshRSS.", "example": {"_type": "literalExpression", "text": "3306"}, "loc": ["services", "freshrss", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.freshrss.database.tableprefix": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database table prefix for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"freshrss\""}, "loc": ["services", "freshrss", "database", "tableprefix"], "readOnly": false, "type": "null or string"}, "services.freshrss.database.type": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database type.", "example": {"_type": "literalExpression", "text": "\"pgsql\""}, "loc": ["services", "freshrss", "database", "type"], "readOnly": false, "type": "one of \"sqlite\", \"pgsql\", \"mysql\""}, "services.freshrss.database.user": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"freshrss\""}, "description": "Database user for FreshRSS.", "loc": ["services", "freshrss", "database", "user"], "readOnly": false, "type": "null or string"}, "services.freshrss.defaultUser": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Default username for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"eva\""}, "loc": ["services", "freshrss", "defaultUser"], "readOnly": false, "type": "string"}, "services.freshrss.enable": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FreshRSS RSS aggregator and reader with php-fpm backend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "freshrss", "enable"], "readOnly": false, "type": "boolean"}, "services.freshrss.extensions": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "[]"}, "description": "Additional extensions to be used.", "example": {"_type": "literalExpression", "text": "with freshrss-extensions; [\n  youtube\n] ++ [\n  (freshrss-extensions.buildFreshRssExtension {\n    FreshRssExtUniqueId = \"ReadingTime\";\n    pname = \"reading-time\";\n    version = \"1.5\";\n    src = pkgs.fetchFromGitLab {\n      domain = \"framagit.org\";\n      owner = \"Lapineige\";\n      repo = \"FreshRSS_Extension-ReadingTime\";\n      rev = \"fb6e9e944ef6c5299fa56ffddbe04c41e5a34ebf\";\n     hash = \"sha256-C5cRfaphx4Qz2xg2z+v5qRji8WVSIpvzMbethTdSqsk=\";\n   };\n  })\n]\n"}, "loc": ["services", "freshrss", "extensions"], "readOnly": false, "type": "list of package"}, "services.freshrss.language": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"en\""}, "description": "Default language for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"de\""}, "loc": ["services", "freshrss", "language"], "readOnly": false, "type": "string"}, "services.freshrss.package": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "pkgs.freshrss"}, "description": "The freshrss package to use.", "loc": ["services", "freshrss", "package"], "readOnly": false, "type": "package"}, "services.freshrss.passwordFile": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for the defaultUser for FreshRSS.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/freshrss\""}, "loc": ["services", "freshrss", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.freshrss.pool": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"freshrss\""}, "description": "Name of the php-fpm pool to use and setup. If not specified, a pool will be created\nwith default values.\n", "loc": ["services", "freshrss", "pool"], "readOnly": false, "type": "null or string"}, "services.freshrss.user": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"freshrss\""}, "description": "User under which FreshRSS runs.", "loc": ["services", "freshrss", "user"], "readOnly": false, "type": "string"}, "services.freshrss.virtualHost": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"freshrss\""}, "description": "Name of the caddy/nginx virtualhost to use and setup.\n", "loc": ["services", "freshrss", "virtualHost"], "readOnly": false, "type": "string"}, "services.freshrss.webserver": {"declarations": ["nixos/modules/services/web-apps/freshrss.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Whether to use nginx or caddy for virtual host management.\n\nFurther nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n\nFurther caddy configuration can be done by adapting `services.caddy.virtualHosts.<name>`.\nSee [](#opt-services.caddy.virtualHosts) for further information.\n", "loc": ["services", "freshrss", "webserver"], "readOnly": false, "type": "one of \"nginx\", \"caddy\""}, "services.froide-govplan.dataDir": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/froide-govplan\""}, "description": "Directory to store the Froide-Govplan server data.", "loc": ["services", "froide-govplan", "dataDir"], "readOnly": false, "type": "string"}, "services.froide-govplan.enable": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gouvernment planer web app Govplan.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "froide-govplan", "enable"], "readOnly": false, "type": "boolean"}, "services.froide-govplan.hostName": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "FQDN for the froide-govplan instance.", "loc": ["services", "froide-govplan", "hostName"], "readOnly": false, "type": "string"}, "services.froide-govplan.package": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "pkgs.froide-govplan"}, "description": "The froide-govplan package to use.", "loc": ["services", "froide-govplan", "package"], "readOnly": false, "type": "package"}, "services.froide-govplan.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the secret key.\n", "loc": ["services", "froide-govplan", "secretKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.froide-govplan.settings": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options to set in `extra_settings.py`.\n", "loc": ["services", "froide-govplan", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Python value)"}, "services.froide-govplan.settings.ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/froide-govplan.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "A list of valid fully-qualified domain names (FQDNs) and/or IP\naddresses that can be used to reach the Froide-Govplan service.\n", "loc": ["services", "froide-govplan", "settings", "ALLOWED_HOSTS"], "readOnly": false, "type": "list of string"}, "services.frp.instances": {"declarations": ["nixos/modules/services/networking/frp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Frp instances.\n", "loc": ["services", "frp", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.frp.instances.<name>.enable": {"declarations": ["nixos/modules/services/networking/frp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable frp.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frp", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.frp.instances.<name>.environmentFiles": {"declarations": ["nixos/modules/services/networking/frp.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths files that follows systemd environmentfile structure.\nCan be used to pass secrets to settings attribute.\n\nExample content of a file: SECRET_TOKEN=1234\n", "loc": ["services", "frp", "instances", "<name>", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.frp.instances.<name>.role": {"declarations": ["nixos/modules/services/networking/frp.nix"], "description": "The frp consists of `client` and `server`. The server is usually\ndeployed on the machine with a public IP address, and\nthe client is usually deployed on the machine\nwhere the Intranet service to be penetrated resides.\n", "loc": ["services", "frp", "instances", "<name>", "role"], "readOnly": false, "type": "one of \"server\", \"client\""}, "services.frp.instances.<name>.settings": {"declarations": ["nixos/modules/services/networking/frp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Frp configuration, for configuration options\nsee the example of [client](https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml)\nor [server](https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml) on github.\n", "example": {"_type": "literalExpression", "text": "{\n  proxies = [\n    {\n      localIP = \"127.0.0.1\";\n      localPort = 22;\n      name = \"ssh\";\n      remotePort = 6000;\n      type = \"tcp\";\n    }\n  ];\n  serverAddr = \"x.x.x.x\";\n  serverPort = 7000;\n}"}, "loc": ["services", "frp", "instances", "<name>", "settings"], "readOnly": false, "type": "TOML value"}, "services.frp.package": {"declarations": ["nixos/modules/services/networking/frp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.frp"}, "description": "The frp package to use.", "loc": ["services", "frp", "package"], "readOnly": false, "type": "package"}, "services.fstrim.enable": {"declarations": ["nixos/modules/services/misc/fstrim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable periodic SSD TRIM of mounted partitions in background.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fstrim", "enable"], "readOnly": false, "type": "boolean"}, "services.fstrim.interval": {"declarations": ["nixos/modules/services/misc/fstrim.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "How often we run fstrim. For most desktop and server systems\na sufficient trimming frequency is once a week.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "loc": ["services", "fstrim", "interval"], "readOnly": false, "type": "string"}, "services.fusionInventory.enable": {"declarations": ["nixos/modules/services/monitoring/fusion-inventory.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Fusion Inventory Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "fusionInventory", "enable"], "readOnly": false, "type": "boolean"}, "services.fusionInventory.extraConfig": {"declarations": ["nixos/modules/services/monitoring/fusion-inventory.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration that is injected verbatim into the configuration file.\n", "loc": ["services", "fusionInventory", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.fusionInventory.servers": {"declarations": ["nixos/modules/services/monitoring/fusion-inventory.nix"], "description": "The urls of the OCS/GLPI servers to connect to.\n", "loc": ["services", "fusionInventory", "servers"], "readOnly": false, "type": "list of string"}, "services.fwupd.daemonSettings": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configurations for the fwupd daemon.\n", "loc": ["services", "fwupd", "daemonSettings"], "readOnly": false, "type": "open submodule of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.fwupd.daemonSettings.DisabledDevices": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of device GUIDs to be disabled.\n", "example": {"_type": "literalExpression", "text": "[\n  \"2082b5e0-7a64-478a-b1b2-e3404fab6dad\"\n]"}, "loc": ["services", "fwupd", "daemonSettings", "DisabledDevices"], "readOnly": false, "type": "list of string"}, "services.fwupd.daemonSettings.DisabledPlugins": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of plugins to be disabled.\n", "example": {"_type": "literalExpression", "text": "[\n  \"udev\"\n]"}, "loc": ["services", "fwupd", "daemonSettings", "DisabledPlugins"], "readOnly": false, "type": "list of string"}, "services.fwupd.daemonSettings.EspLocation": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "config.boot.loader.efi.efiSysMountPoint"}, "description": "The EFI system partition (ESP) path used if UDisks is not available\nor if this partition is not mounted at /boot/efi, /boot, or /efi\n", "loc": ["services", "fwupd", "daemonSettings", "EspLocation"], "readOnly": false, "type": "absolute path"}, "services.fwupd.enable": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fwupd, a DBus service that allows\napplications to update firmware.\n", "loc": ["services", "fwupd", "enable"], "readOnly": false, "type": "boolean"}, "services.fwupd.extraRemotes": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enables extra remotes in fwupd. See `/etc/fwupd/remotes.d`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"lvfs-testing\"\n]"}, "loc": ["services", "fwupd", "extraRemotes"], "readOnly": false, "type": "list of string"}, "services.fwupd.extraTrustedKeys": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.\n", "example": {"_type": "literalExpression", "text": "[ /etc/nixos/fwupd/myfirmware.pem ]"}, "loc": ["services", "fwupd", "extraTrustedKeys"], "readOnly": false, "type": "list of absolute path"}, "services.fwupd.package": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fwupd"}, "description": "The fwupd package to use.", "loc": ["services", "fwupd", "package"], "readOnly": false, "type": "package"}, "services.fwupd.uefiCapsuleSettings": {"declarations": ["nixos/modules/services/hardware/fwupd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "UEFI capsule configurations for the fwupd daemon.\n", "loc": ["services", "fwupd", "uefiCapsuleSettings"], "readOnly": false, "type": "open submodule of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.g3proxy.enable": {"declarations": ["nixos/modules/services/networking/g3proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable g3proxy, a generic purpose forward proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "g3proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.g3proxy.package": {"declarations": ["nixos/modules/services/networking/g3proxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.g3proxy"}, "description": "The g3proxy package to use.", "loc": ["services", "g3proxy", "package"], "readOnly": false, "type": "package"}, "services.g3proxy.settings": {"declarations": ["nixos/modules/services/networking/g3proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings of g3proxy.\n", "example": {"_type": "literalExpression", "text": "{\n  server = [{\n    name = \"test\";\n    escaper = \"default\";\n    type = \"socks_proxy\";\n    listen = {\n      address = \"[::]:10086\";\n    };\n  }];\n}\n"}, "loc": ["services", "g3proxy", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.g810-led.enable": {"declarations": ["nixos/modules/services/hardware/g810-led.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable g810-led, a Linux LED controller for some Logitech G Keyboards.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "g810-led", "enable"], "readOnly": false, "type": "boolean"}, "services.g810-led.package": {"declarations": ["nixos/modules/services/hardware/g810-led.nix"], "default": {"_type": "literalExpression", "text": "pkgs.g810-led"}, "description": "The g810-led package to use.", "loc": ["services", "g810-led", "package"], "readOnly": false, "type": "package"}, "services.g810-led.profile": {"declarations": ["nixos/modules/services/hardware/g810-led.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Keyboard profile to apply at boot time.\n\nThe upstream repository provides [example configurations](https://github.com/MatMoul/g810-led/tree/master/sample_profiles).\n", "example": {"_type": "literalExpression", "text": "''\n  # G810-LED Profile (turn all keys on)\n  \n  # Set all keys on\n  a ffffff\n  \n  # Commit changes\n  c\n''"}, "loc": ["services", "g810-led", "profile"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.galene.certFile": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the server's certificate. The file is copied at runtime to\nGalene's data directory where it needs to reside.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/cert.pem\""}, "loc": ["services", "galene", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.galene.dataDir": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.galene.stateDir}/data\""}, "description": "Data directory.", "example": {"_type": "literalExpression", "text": "\"/var/lib/galene/data\""}, "loc": ["services", "galene", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.galene.enable": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Galene Service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "galene", "enable"], "readOnly": false, "type": "boolean"}, "services.galene.group": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"galene\""}, "description": "Group under which galene runs.", "loc": ["services", "galene", "group"], "readOnly": false, "type": "string"}, "services.galene.groupsDir": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.galene.stateDir}/groups\""}, "description": "Web server directory.", "example": {"_type": "literalExpression", "text": "\"/var/lib/galene/groups\""}, "loc": ["services", "galene", "groupsDir"], "readOnly": false, "type": "absolute path"}, "services.galene.httpAddress": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "HTTP listen address for galene.", "loc": ["services", "galene", "httpAddress"], "readOnly": false, "type": "string"}, "services.galene.httpPort": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "8443"}, "description": "HTTP listen port.", "loc": ["services", "galene", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.galene.insecure": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether Galene should listen in http or in https. If left as the default\nvalue (false), Galene needs to be fed a private key and a certificate.\n", "loc": ["services", "galene", "insecure"], "readOnly": false, "type": "boolean"}, "services.galene.keyFile": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the server's private key. The file is copied at runtime to\nGalene's data directory where it needs to reside.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/key.pem\""}, "loc": ["services", "galene", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.galene.package": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "pkgs.galene"}, "description": "The galene package to use.", "loc": ["services", "galene", "package"], "readOnly": false, "type": "package"}, "services.galene.recordingsDir": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.galene.stateDir}/recordings\""}, "description": "Recordings directory.", "example": {"_type": "literalExpression", "text": "\"/var/lib/galene/recordings\""}, "loc": ["services", "galene", "recordingsDir"], "readOnly": false, "type": "absolute path"}, "services.galene.stateDir": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/galene\""}, "description": "The directory where Galene stores its internal state. If left as the default\nvalue this directory will automatically be created before the Galene server\nstarts, otherwise the sysadmin is responsible for ensuring the directory\nexists with appropriate ownership and permissions.\n", "loc": ["services", "galene", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.galene.staticDir": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"${package.static}/static\""}, "description": "Web server directory.", "example": {"_type": "literalExpression", "text": "\"/var/lib/galene/static\""}, "loc": ["services", "galene", "staticDir"], "readOnly": false, "type": "absolute path"}, "services.galene.turnAddress": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Built-in TURN server listen address and port. Set to \"\" to disable.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:1194\""}, "loc": ["services", "galene", "turnAddress"], "readOnly": false, "type": "string"}, "services.galene.user": {"declarations": ["nixos/modules/services/web-apps/galene.nix"], "default": {"_type": "literalExpression", "text": "\"galene\""}, "description": "User account under which galene runs.", "loc": ["services", "galene", "user"], "readOnly": false, "type": "string"}, "services.gammu-smsd.backend.files.errorSMSPath": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/sms/error/\""}, "description": "Where SMSes with error in transmission is placed", "loc": ["services", "gammu-smsd", "backend", "files", "errorSMSPath"], "readOnly": false, "type": "absolute path"}, "services.gammu-smsd.backend.files.inboxPath": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/sms/inbox/\""}, "description": "Where the received SMSes are stored", "loc": ["services", "gammu-smsd", "backend", "files", "inboxPath"], "readOnly": false, "type": "absolute path"}, "services.gammu-smsd.backend.files.outboxPath": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/sms/outbox/\""}, "description": "Where SMSes to be sent should be placed", "loc": ["services", "gammu-smsd", "backend", "files", "outboxPath"], "readOnly": false, "type": "absolute path"}, "services.gammu-smsd.backend.files.sentSMSPath": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/sms/sent/\""}, "description": "Where the transmitted SMSes are placed", "loc": ["services", "gammu-smsd", "backend", "files", "sentSMSPath"], "readOnly": false, "type": "absolute path"}, "services.gammu-smsd.backend.service": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"null\""}, "description": "Service to use to store sms data.", "loc": ["services", "gammu-smsd", "backend", "service"], "readOnly": false, "type": "one of \"null\", \"files\", \"sql\""}, "services.gammu-smsd.backend.sql.database": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database name to store sms data", "loc": ["services", "gammu-smsd", "backend", "sql", "database"], "readOnly": false, "type": "null or string"}, "services.gammu-smsd.backend.sql.driver": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "description": "DB driver to use", "loc": ["services", "gammu-smsd", "backend", "sql", "driver"], "readOnly": false, "type": "one of \"native_mysql\", \"native_pgsql\", \"odbc\", \"dbi\""}, "services.gammu-smsd.backend.sql.host": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database server address", "loc": ["services", "gammu-smsd", "backend", "sql", "host"], "readOnly": false, "type": "string"}, "services.gammu-smsd.backend.sql.password": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User password used for connection to the database", "loc": ["services", "gammu-smsd", "backend", "sql", "password"], "readOnly": false, "type": "null or string"}, "services.gammu-smsd.backend.sql.sqlDialect": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL dialect to use (odbc driver only)", "loc": ["services", "gammu-smsd", "backend", "sql", "sqlDialect"], "readOnly": false, "type": "null or string"}, "services.gammu-smsd.backend.sql.user": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User name used for connection to the database", "loc": ["services", "gammu-smsd", "backend", "sql", "user"], "readOnly": false, "type": "null or string"}, "services.gammu-smsd.device.connection": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"at\""}, "description": "Protocol which will be used to talk to the phone", "loc": ["services", "gammu-smsd", "device", "connection"], "readOnly": false, "type": "string"}, "services.gammu-smsd.device.group": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Owner group of the device", "example": {"_type": "literalExpression", "text": "\"dialout\""}, "loc": ["services", "gammu-smsd", "device", "group"], "readOnly": false, "type": "string"}, "services.gammu-smsd.device.path": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "description": "Device node or address of the phone", "example": {"_type": "literalExpression", "text": "\"/dev/ttyUSB2\""}, "loc": ["services", "gammu-smsd", "device", "path"], "readOnly": false, "type": "absolute path"}, "services.gammu-smsd.device.pin": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "PIN code for the simcard", "loc": ["services", "gammu-smsd", "device", "pin"], "readOnly": false, "type": "null or string"}, "services.gammu-smsd.device.synchronizeTime": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set time from computer to the phone during starting connection", "loc": ["services", "gammu-smsd", "device", "synchronizeTime"], "readOnly": false, "type": "boolean"}, "services.gammu-smsd.enable": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gammu-smsd daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gammu-smsd", "enable"], "readOnly": false, "type": "boolean"}, "services.gammu-smsd.extraConfig.gammu": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config lines to be added into [gammu] section", "loc": ["services", "gammu-smsd", "extraConfig", "gammu"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gammu-smsd.extraConfig.smsd": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config lines to be added into [smsd] section", "loc": ["services", "gammu-smsd", "extraConfig", "smsd"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gammu-smsd.log.file": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"syslog\""}, "description": "Path to file where information about communication will be stored", "loc": ["services", "gammu-smsd", "log", "file"], "readOnly": false, "type": "string"}, "services.gammu-smsd.log.format": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"errors\""}, "description": "Determines what will be logged to the LogFile", "loc": ["services", "gammu-smsd", "log", "format"], "readOnly": false, "type": "one of \"nothing\", \"text\", \"textall\", \"textalldate\", \"errors\", \"errorsdate\", \"binary\""}, "services.gammu-smsd.user": {"declarations": ["nixos/modules/services/misc/gammu-smsd.nix"], "default": {"_type": "literalExpression", "text": "\"smsd\""}, "description": "User that has access to the device", "loc": ["services", "gammu-smsd", "user"], "readOnly": false, "type": "string"}, "services.gancio.enable": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gancio, a shared agenda for local communities.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gancio", "enable"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the nginx virtual host of gancio.", "example": {"_type": "literalExpression", "text": "{\n  enableACME = false;\n  forceSSL = false;\n}"}, "loc": ["services", "gancio", "nginx"], "readOnly": false, "type": "submodule"}, "services.gancio.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "gancio", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "gancio", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "gancio", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "gancio", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.gancio.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "gancio", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.gancio.nginx.default": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "gancio", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "gancio", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "gancio", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gancio.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "gancio", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "gancio", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "gancio", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "gancio", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "gancio", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "gancio", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "gancio", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.gancio.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "description": "Listen address.", "loc": ["services", "gancio", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.gancio.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "gancio", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.gancio.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "gancio", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gancio.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "gancio", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "gancio", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "gancio", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.gancio.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "gancio", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.gancio.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.gancio.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.gancio.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "gancio", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.gancio.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "gancio", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gancio.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "gancio", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.gancio.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "gancio", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.gancio.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "gancio", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "gancio", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.gancio.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.gancio.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "gancio", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "gancio", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "gancio", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "gancio", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.gancio.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "gancio", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "gancio", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.gancio.nginx.root": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "gancio", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.gancio.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "gancio", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.gancio.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "gancio", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.gancio.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "gancio", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.gancio.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "gancio", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.gancio.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "gancio", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.gancio.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "gancio", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.gancio.package": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gancio"}, "description": "The gancio package to use.", "loc": ["services", "gancio", "package"], "readOnly": false, "type": "package"}, "services.gancio.plugins": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths of gancio plugins to activate (linked under $WorkingDirectory/plugins/).\n", "example": {"_type": "literalExpression", "text": "[ pkgs.gancioPlugins.telegram-bridge ]"}, "loc": ["services", "gancio", "plugins"], "readOnly": false, "type": "list of package"}, "services.gancio.settings": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "description": "Configuration for Gancio, see <https://gancio.org/install/config> for supported values.\n", "loc": ["services", "gancio", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.gancio.settings.baseurl": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"https://${config.services.gancio.settings.hostname}\""}, "description": "The full URL under which the server is reachable.", "example": {"_type": "literalExpression", "text": "\"https://demo.gancio.org/gancio\""}, "loc": ["services", "gancio", "settings", "baseurl"], "readOnly": false, "type": "string"}, "services.gancio.settings.db.database": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"if config.services.gancio.settings.db.dialect == \\\"postgres\\\" then cfg.user else null\""}, "description": "Name of the PostgreSQL database\n", "loc": ["services", "gancio", "settings", "db", "database"], "readOnly": true, "type": "null or string"}, "services.gancio.settings.db.dialect": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "The database dialect to use\n", "loc": ["services", "gancio", "settings", "db", "dialect"], "readOnly": false, "type": "one of \"sqlite\", \"postgres\""}, "services.gancio.settings.db.host": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"if config.services.gancio.settings.db.dialect == \\\"postgres\\\" then \\\"/run/postgresql\\\" else null\""}, "description": "Connection string for the PostgreSQL database\n", "loc": ["services", "gancio", "settings", "db", "host"], "readOnly": true, "type": "null or string"}, "services.gancio.settings.db.storage": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"if config.services.gancio.settings.db.dialect == \\\"sqlite\\\" then \\\"/var/lib/gancio/db.sqlite\\\" else null\""}, "description": "Location for the SQLite database.\n", "loc": ["services", "gancio", "settings", "db", "storage"], "readOnly": true, "type": "null or string"}, "services.gancio.settings.hostname": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "description": "The domain name under which the server is reachable.", "loc": ["services", "gancio", "settings", "hostname"], "readOnly": false, "type": "string"}, "services.gancio.settings.log_level": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Gancio log level.", "loc": ["services", "gancio", "settings", "log_level"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"error\""}, "services.gancio.settings.log_path": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/gancio\""}, "description": "Directory Gancio logs into", "loc": ["services", "gancio", "settings", "log_path"], "readOnly": true, "type": "string"}, "services.gancio.settings.server.socket": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"/run/gancio/socket\""}, "description": "The unix socket for the gancio server to listen on.\n", "loc": ["services", "gancio", "settings", "server", "socket"], "readOnly": true, "type": "absolute path"}, "services.gancio.user": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "\"gancio\""}, "description": "The user (and PostgreSQL database name) used to run the gancio server", "loc": ["services", "gancio", "user"], "readOnly": false, "type": "string"}, "services.gancio.userLocale": {"declarations": ["nixos/modules/services/web-apps/gancio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Override default locales within gancio.\nSee [default languages and locales](https://framagit.org/les/gancio/tree/master/locales).\n", "example": {"_type": "literalExpression", "text": "{\n  en = {\n    register = {\n      description = \"My new registration page description\";\n    };\n  };\n}"}, "loc": ["services", "gancio", "userLocale"], "readOnly": false, "type": "attribute set of attribute set of attribute set of string"}, "services.garage.enable": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Garage Object Storage (S3 compatible).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "garage", "enable"], "readOnly": false, "type": "boolean"}, "services.garage.environmentFile": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to the Garage server.", "loc": ["services", "garage", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.garage.extraEnvironment": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to the Garage server.", "example": {"_type": "literalExpression", "text": "{\n  RUST_BACKTRACE = \"yes\";\n}"}, "loc": ["services", "garage", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.garage.logLevel": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Garage log level, see <https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server> for examples.", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "garage", "logLevel"], "readOnly": false, "type": "one of \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.garage.package": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "description": "Garage package to use, needs to be set explicitly. If you are upgrading from a major version, please read NixOS and Garage release notes for upgrade instructions.", "loc": ["services", "garage", "package"], "readOnly": false, "type": "package"}, "services.garage.settings": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "description": "Garage configuration, see <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/> for reference.", "loc": ["services", "garage", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.garage.settings.data_dir": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/garage/data\""}, "description": "The directory in which Garage will store the data blocks of objects. This folder can be placed on an HDD.\nSince v0.9.0, Garage supports multiple data directories, refer to <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#data_dir> for the exact format.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    capacity = \"2T\";\n    path = \"/var/lib/garage/data\";\n  }\n]"}, "loc": ["services", "garage", "settings", "data_dir"], "readOnly": false, "type": "absolute path or list of (attribute set)"}, "services.garage.settings.metadata_dir": {"declarations": ["nixos/modules/services/web-servers/garage.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/garage/meta\""}, "description": "The metadata directory, put this on a fast disk (e.g. SSD) if possible.", "loc": ["services", "garage", "settings", "metadata_dir"], "readOnly": false, "type": "absolute path"}, "services.gatus.configFile": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "let settingsFormat = pkgs.formats.yaml { }; in settingsFormat.generate \"gatus.yaml\" cfg.settings;\n"}, "description": "Path to the Gatus configuration file.\nOverrides any configuration made using the `settings` option.\n", "loc": ["services", "gatus", "configFile"], "readOnly": false, "type": "absolute path"}, "services.gatus.enable": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gatus.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gatus", "enable"], "readOnly": false, "type": "boolean"}, "services.gatus.environmentFile": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to load as environment file.\nEnvironmental variables from this file can be interpolated in the configuration file using `${VARIABLE}`.\nThis is useful to avoid putting secrets into the nix store.\n", "loc": ["services", "gatus", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.gatus.openFirewall": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the Gatus web interface.\n", "loc": ["services", "gatus", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.gatus.package": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gatus"}, "description": "The gatus package to use.", "loc": ["services", "gatus", "package"], "readOnly": false, "type": "package"}, "services.gatus.settings": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Gatus.\nSupported options can be found at the [docs](https://gatus.io/docs).\n", "example": {"_type": "literalExpression", "text": "{\n  web.port = 8080;\n  endpoints = [{\n    name = \"website\";\n    url = \"https://twin.sh/health\";\n    interval = \"5m\";\n    conditions = [\n      \"[STATUS] == 200\"\n      \"[BODY].status == UP\"\n      \"[RESPONSE_TIME] < 300\"\n    ];\n  }];\n}\n"}, "loc": ["services", "gatus", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.gatus.settings.web.port": {"declarations": ["nixos/modules/services/monitoring/gatus.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The TCP port to serve the Gatus service at.\n", "loc": ["services", "gatus", "settings", "web", "port"], "readOnly": false, "type": "signed integer"}, "services.gdomap.enable": {"declarations": ["nixos/modules/services/networking/gdomap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNUstep Distributed Objects name server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gdomap", "enable"], "readOnly": false, "type": "boolean"}, "services.gemstash.enable": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gemstash, a cache for rubygems.org and a private gem server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gemstash", "enable"], "readOnly": false, "type": "boolean"}, "services.gemstash.openFirewall": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.gemstash.bind`.\n", "loc": ["services", "gemstash", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.gemstash.settings": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Gemstash. The details can be found at in\n[gemstash documentation](https://github.com/rubygems/gemstash/blob/master/man/gemstash-configuration.5.md).\nEach key set here is automatically prefixed with \":\" to match the gemstash expectations.\n", "loc": ["services", "gemstash", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.gemstash.settings.base_path": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/gemstash\""}, "description": "Path to store the gem files and the sqlite database. If left unchanged, the directory will be created.", "loc": ["services", "gemstash", "settings", "base_path"], "readOnly": false, "type": "absolute path"}, "services.gemstash.settings.bind": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://0.0.0.0:9292\""}, "description": "Host and port combination for the server to listen on.", "loc": ["services", "gemstash", "settings", "bind"], "readOnly": false, "type": "string"}, "services.gemstash.settings.db_adapter": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Which database type to use. For choices other than sqlite3, the dbUrl has to be specified as well.", "loc": ["services", "gemstash", "settings", "db_adapter"], "readOnly": false, "type": "null or one of \"sqlite3\", \"postgres\", \"mysql\", \"mysql2\""}, "services.gemstash.settings.db_url": {"declarations": ["nixos/modules/services/development/gemstash.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database to connect to when using postgres, mysql, or mysql2.", "loc": ["services", "gemstash", "settings", "db_url"], "readOnly": false, "type": "null or string"}, "services.geoclue2.appConfig": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify extra settings per application.\n", "example": {"_type": "literalExpression", "text": "\"com.github.app\" = {\n  isAllowed = true;\n  isSystem = true;\n  users = [ \"300\" ];\n};\n"}, "loc": ["services", "geoclue2", "appConfig"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.geoclue2.appConfig.<name>.desktopID": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Desktop ID of the application.", "loc": ["services", "geoclue2", "appConfig", "<name>", "desktopID"], "readOnly": false, "type": "string"}, "services.geoclue2.appConfig.<name>.isAllowed": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Whether the application will be allowed access to location information.\n", "loc": ["services", "geoclue2", "appConfig", "<name>", "isAllowed"], "readOnly": false, "type": "boolean"}, "services.geoclue2.appConfig.<name>.isSystem": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Whether the application is a system component or not.\n", "loc": ["services", "geoclue2", "appConfig", "<name>", "isSystem"], "readOnly": false, "type": "boolean"}, "services.geoclue2.appConfig.<name>.users": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of UIDs of all users for which this application is allowed location\ninfo access, Defaults to an empty string to allow it for all users.\n", "loc": ["services", "geoclue2", "appConfig", "<name>", "users"], "readOnly": false, "type": "list of string"}, "services.geoclue2.enable": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GeoClue 2 daemon, a DBus service\nthat provides location information for accessing.\n", "loc": ["services", "geoclue2", "enable"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enable3G": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable 3G source.\n", "loc": ["services", "geoclue2", "enable3G"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enableCDMA": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable CDMA source.\n", "loc": ["services", "geoclue2", "enableCDMA"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enableDemoAgent": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use the GeoClue demo agent. This should be\noverridden by desktop environments that provide their own\nagent.\n", "loc": ["services", "geoclue2", "enableDemoAgent"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enableModemGPS": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Modem-GPS source.\n", "loc": ["services", "geoclue2", "enableModemGPS"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enableNmea": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to fetch location from NMEA sources on local network.\n", "loc": ["services", "geoclue2", "enableNmea"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enableStatic": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the static source. This source defines a fixed\nlocation using the `staticLatitude`, `staticLongitude`,\n`staticAltitude`, and `staticAccuracy` options.\n\nSetting `enableStatic` to true will disable all other sources, to\nprevent conflicts. Use `lib.mkForce true` when enabling other sources\nif for some reason you want to override this.\n", "loc": ["services", "geoclue2", "enableStatic"], "readOnly": false, "type": "boolean"}, "services.geoclue2.enableWifi": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable WiFi source.\n", "loc": ["services", "geoclue2", "enableWifi"], "readOnly": false, "type": "boolean"}, "services.geoclue2.geoProviderUrl": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "\"https://api.beacondb.net/v1/geolocate\""}, "description": "The url to the wifi GeoLocation Service.\n", "example": {"_type": "literalExpression", "text": "\"https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY\""}, "loc": ["services", "geoclue2", "geoProviderUrl"], "readOnly": false, "type": "string"}, "services.geoclue2.package": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.geoclue2"}, "description": "The geoclue2 package to use", "loc": ["services", "geoclue2", "package"], "readOnly": false, "type": "package"}, "services.geoclue2.staticAccuracy": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Accuracy radius in meters to use for the static source.\n", "loc": ["services", "geoclue2", "staticAccuracy"], "readOnly": false, "type": "positive integer or floating point number, meaning >0"}, "services.geoclue2.staticAltitude": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Altitude in meters to use for the static source.\n", "loc": ["services", "geoclue2", "staticAltitude"], "readOnly": false, "type": "signed integer or floating point number"}, "services.geoclue2.staticLatitude": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Latitude to use for the static source. Defaults to `location.latitude`.\n", "loc": ["services", "geoclue2", "staticLatitude"], "readOnly": false, "type": "integer or floating point number between -90 and 90 (both inclusive)"}, "services.geoclue2.staticLongitude": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "description": "Longitude to use for the static source. Defaults to `location.longitude`.\n", "loc": ["services", "geoclue2", "staticLongitude"], "readOnly": false, "type": "integer or floating point number between -180 and 180 (both inclusive)"}, "services.geoclue2.submissionNick": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "\"geoclue\""}, "description": "A nickname to submit network data with.\nMust be 2-32 characters long.\n", "loc": ["services", "geoclue2", "submissionNick"], "readOnly": false, "type": "string"}, "services.geoclue2.submissionUrl": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "\"https://api.beacondb.net/v2/geosubmit\""}, "description": "The url to submit data to a GeoLocation Service.\n", "loc": ["services", "geoclue2", "submissionUrl"], "readOnly": false, "type": "string"}, "services.geoclue2.submitData": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to submit data to a GeoLocation Service.\n", "loc": ["services", "geoclue2", "submitData"], "readOnly": false, "type": "boolean"}, "services.geoclue2.whitelistedAgents": {"declarations": ["nixos/modules/services/desktops/geoclue2.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"gnome-shell\"\n  \"io.elementary.desktop.agent-geoclue2\"\n]"}, "description": "Desktop IDs (without the .desktop extension) of whitelisted agents.\n", "loc": ["services", "geoclue2", "whitelistedAgents"], "readOnly": false, "type": "list of string"}, "services.geoipupdate.enable": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable periodic downloading of GeoIP databases using geoipupdate\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "geoipupdate", "enable"], "readOnly": false, "type": "boolean"}, "services.geoipupdate.interval": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "Update the GeoIP databases at this time / interval.\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "loc": ["services", "geoipupdate", "interval"], "readOnly": false, "type": "string"}, "services.geoipupdate.settings": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "description": "geoipupdate configuration options. See\n<https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md>\nfor a full list of available options.\n\nSettings containing secret data should be set to an\nattribute set containing the attribute\n`_secret` - a string pointing to a file\ncontaining the value the option should be set to. See the\nexample to get a better picture of this: in the resulting\n{file}`GeoIP.conf` file, the\n`ProxyUserPassword` key will be set to the\ncontents of the\n{file}`/run/keys/proxy_pass` file.\n", "example": {"_type": "literalExpression", "text": "{\n  AccountID = 200001;\n  DatabaseDirectory = \"/var/lib/GeoIP\";\n  LicenseKey = { _secret = \"/run/keys/maxmind_license_key\"; };\n  Proxy = \"10.0.0.10:8888\";\n  ProxyUserPassword = { _secret = \"/run/keys/proxy_pass\"; };\n}\n"}, "loc": ["services", "geoipupdate", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean or list of (string or signed integer or boolean))"}, "services.geoipupdate.settings.AccountID": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "description": "Your MaxMind account ID.\n", "loc": ["services", "geoipupdate", "settings", "AccountID"], "readOnly": false, "type": "signed integer"}, "services.geoipupdate.settings.DatabaseDirectory": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/GeoIP\""}, "description": "The directory to store the database files in. The\ndirectory will be automatically created, the owner\nchanged to `geoip` and permissions\nset to world readable. This applies if the directory\nalready exists as well, so don't use a directory with\nsensitive contents.\n", "example": {"_type": "literalExpression", "text": "\"/run/GeoIP\""}, "loc": ["services", "geoipupdate", "settings", "DatabaseDirectory"], "readOnly": false, "type": "absolute path"}, "services.geoipupdate.settings.EditionIDs": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "description": "List of database edition IDs. This includes new string\nIDs like `GeoIP2-City` and old\nnumeric IDs like `106`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"GeoLite2-ASN\"\n  \"GeoLite2-City\"\n  \"GeoLite2-Country\"\n]"}, "loc": ["services", "geoipupdate", "settings", "EditionIDs"], "readOnly": false, "type": "list of (string or signed integer)"}, "services.geoipupdate.settings.LicenseKey": {"declarations": ["nixos/modules/services/misc/geoipupdate.nix"], "description": "A file containing the MaxMind license key.\n\nAlways handled as a secret whether the value is\nwrapped in a `{ _secret = ...; }`\nattrset or not (refer to [](#opt-services.geoipupdate.settings) for\ndetails).\n", "loc": ["services", "geoipupdate", "settings", "LicenseKey"], "readOnly": false, "type": "absolute path or attribute set of absolute path"}, "services.gerbil.environmentFile": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing sensitive environment variables for Gerbil. See the [Gerbil Documentation](https://docs.fossorial.io/Pangolin/Configuration/config) for more information.\nThese will overwrite anything defined in the config.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/secrets/gerbil.env\""}, "loc": ["services", "gerbil", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.gerbil.port": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "3004"}, "description": "Specifies the port to listen on for Gerbil.\n", "loc": ["services", "gerbil", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.geth": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more geth instances.", "loc": ["services", "geth"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.geth.<name>.authrpc.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Go Ethereum Auth RPC API.", "loc": ["services", "geth", "<name>", "authrpc", "address"], "readOnly": false, "type": "string"}, "services.geth.<name>.authrpc.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Go Ethereum Auth RPC API.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "geth", "<name>", "authrpc", "enable"], "readOnly": false, "type": "boolean"}, "services.geth.<name>.authrpc.jwtsecret": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to a JWT secret for authenticated RPC endpoint.", "example": {"_type": "literalExpression", "text": "\"/var/run/geth/jwtsecret\""}, "loc": ["services", "geth", "<name>", "authrpc", "jwtsecret"], "readOnly": false, "type": "string"}, "services.geth.<name>.authrpc.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "8551"}, "description": "Port number of Go Ethereum Auth RPC API.", "loc": ["services", "geth", "<name>", "authrpc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.geth.<name>.authrpc.vhosts": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"localhost\"\n]"}, "description": "List of virtual hostnames from which to accept requests.", "example": {"_type": "literalExpression", "text": "[\n  \"localhost\"\n  \"geth.example.org\"\n]"}, "loc": ["services", "geth", "<name>", "authrpc", "vhosts"], "readOnly": false, "type": "null or (list of string)"}, "services.geth.<name>.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Go Ethereum Node.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "geth", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.geth.<name>.extraArgs": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments passed to Go Ethereum.", "loc": ["services", "geth", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.geth.<name>.gcmode": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"full\""}, "description": "Blockchain garbage collection mode.", "loc": ["services", "geth", "<name>", "gcmode"], "readOnly": false, "type": "one of \"full\", \"archive\""}, "services.geth.<name>.http.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Go Ethereum HTTP API.", "loc": ["services", "geth", "<name>", "http", "address"], "readOnly": false, "type": "string"}, "services.geth.<name>.http.apis": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "APIs to enable over WebSocket", "example": {"_type": "literalExpression", "text": "[\n  \"net\"\n  \"eth\"\n]"}, "loc": ["services", "geth", "<name>", "http", "apis"], "readOnly": false, "type": "null or (list of string)"}, "services.geth.<name>.http.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Go Ethereum HTTP API.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "geth", "<name>", "http", "enable"], "readOnly": false, "type": "boolean"}, "services.geth.<name>.http.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "8545"}, "description": "Port number of Go Ethereum HTTP API.", "loc": ["services", "geth", "<name>", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.geth.<name>.maxpeers": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "50"}, "description": "Maximum peers to connect to.", "loc": ["services", "geth", "<name>", "maxpeers"], "readOnly": false, "type": "signed integer"}, "services.geth.<name>.metrics.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Go Ethereum metrics service.", "loc": ["services", "geth", "<name>", "metrics", "address"], "readOnly": false, "type": "string"}, "services.geth.<name>.metrics.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Go Ethereum prometheus metrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "geth", "<name>", "metrics", "enable"], "readOnly": false, "type": "boolean"}, "services.geth.<name>.metrics.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "6060"}, "description": "Port number of Go Ethereum metrics service.", "loc": ["services", "geth", "<name>", "metrics", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.geth.<name>.network": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The network to connect to. Mainnet (null) is the default ethereum network.", "loc": ["services", "geth", "<name>", "network"], "readOnly": false, "type": "null or one of \"holesky\", \"sepolia\""}, "services.geth.<name>.package": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "pkgs.go-ethereum.geth"}, "description": "The geth package to use.", "loc": ["services", "geth", "<name>", "package"], "readOnly": false, "type": "package"}, "services.geth.<name>.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "30303"}, "description": "Port number Go Ethereum will be listening on, both TCP and UDP.", "loc": ["services", "geth", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.geth.<name>.syncmode": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"snap\""}, "description": "Blockchain sync mode.", "loc": ["services", "geth", "<name>", "syncmode"], "readOnly": false, "type": "one of \"snap\", \"fast\", \"full\", \"light\""}, "services.geth.<name>.websocket.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Go Ethereum WebSocket API.", "loc": ["services", "geth", "<name>", "websocket", "address"], "readOnly": false, "type": "string"}, "services.geth.<name>.websocket.apis": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "APIs to enable over WebSocket", "example": {"_type": "literalExpression", "text": "[\n  \"net\"\n  \"eth\"\n]"}, "loc": ["services", "geth", "<name>", "websocket", "apis"], "readOnly": false, "type": "null or (list of string)"}, "services.geth.<name>.websocket.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Go Ethereum WebSocket API.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "geth", "<name>", "websocket", "enable"], "readOnly": false, "type": "boolean"}, "services.geth.<name>.websocket.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/geth.nix"], "default": {"_type": "literalExpression", "text": "8546"}, "description": "Port number of Go Ethereum WebSocket API.", "loc": ["services", "geth", "<name>", "websocket", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.getty.autologinOnce": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled the automatic login will only happen in the first tty\nonce per boot. This can be useful to avoid retyping the account\npassword on systems with full disk encrypted.\n", "loc": ["services", "getty", "autologinOnce"], "readOnly": false, "type": "boolean"}, "services.getty.autologinUser": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username of the account that will be automatically logged in at the console.\nIf unspecified, a login prompt is shown as usual.\n", "loc": ["services", "getty", "autologinUser"], "readOnly": false, "type": "null or string"}, "services.getty.extraArgs": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments passed to agetty.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--nohostname\"\n]"}, "loc": ["services", "getty", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.getty.greetingLine": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "description": "Welcome line printed by agetty.\nThe default shows current NixOS version label, machine type and tty.\n", "loc": ["services", "getty", "greetingLine"], "readOnly": false, "type": "string"}, "services.getty.helpLine": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Help line printed by agetty below the welcome line.\nUsed by the installation CD to give some hints on\nhow to proceed.\n", "loc": ["services", "getty", "helpLine"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.getty.loginOptions": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Template for arguments to be passed to\n{manpage}`login(1)`.\n\nSee {manpage}`agetty(1)` for details,\nincluding security considerations.  If unspecified, agetty\nwill not be invoked with a {option}`--login-options`\noption.\n", "example": {"_type": "literalExpression", "text": "\"-h darkstar -- \\\\u\""}, "loc": ["services", "getty", "loginOptions"], "readOnly": false, "type": "null or string"}, "services.getty.loginProgram": {"declarations": ["nixos/modules/services/ttys/getty.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.shadow}/bin/login\""}, "description": "Path to the login binary executed by agetty.\n", "loc": ["services", "getty", "loginProgram"], "readOnly": false, "type": "absolute path"}, "services.ghostunnel.enable": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ghostunnel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ghostunnel", "enable"], "readOnly": false, "type": "boolean"}, "services.ghostunnel.package": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ghostunnel"}, "description": "The ghostunnel package to use.", "loc": ["services", "ghostunnel", "package"], "readOnly": false, "type": "package"}, "services.ghostunnel.servers": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Server mode ghostunnels (TLS listener -> plain TCP/UNIX target)\n", "loc": ["services", "ghostunnel", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.ghostunnel.servers.<name>.allowAll": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, allow all clients, do not check client cert subject.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "allowAll"], "readOnly": false, "type": "boolean"}, "services.ghostunnel.servers.<name>.allowCN": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if common name appears in the list.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "allowCN"], "readOnly": false, "type": "list of string"}, "services.ghostunnel.servers.<name>.allowDNS": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if DNS subject alternative name appears in the list.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "allowDNS"], "readOnly": false, "type": "list of string"}, "services.ghostunnel.servers.<name>.allowOU": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if organizational unit name appears in the list.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "allowOU"], "readOnly": false, "type": "list of string"}, "services.ghostunnel.servers.<name>.allowURI": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if URI subject alternative name appears in the list.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "allowURI"], "readOnly": false, "type": "list of string"}, "services.ghostunnel.servers.<name>.cacert": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "description": "Path to CA bundle file (PEM/X509). Uses system trust store if `null`.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "cacert"], "readOnly": false, "type": "null or string"}, "services.ghostunnel.servers.<name>.cert": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to certificate (PEM with certificate chain).\n\nNot required if `keystore` is set.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "cert"], "readOnly": false, "type": "null or string"}, "services.ghostunnel.servers.<name>.disableAuthentication": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable client authentication, no client certificate will be required.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "disableAuthentication"], "readOnly": false, "type": "boolean"}, "services.ghostunnel.servers.<name>.extraArguments": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra arguments to pass to `ghostunnel server`", "loc": ["services", "ghostunnel", "servers", "<name>", "extraArguments"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.ghostunnel.servers.<name>.key": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to certificate private key (PEM with private key).\n\nNot required if `keystore` is set.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "key"], "readOnly": false, "type": "null or string"}, "services.ghostunnel.servers.<name>.keystore": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to keystore (combined PEM with cert/key, or PKCS12 keystore).\n\nNB: storepass is not supported because it would expose credentials via `/proc/*/cmdline`.\n\nSpecify this or `cert` and `key`.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "keystore"], "readOnly": false, "type": "null or string"}, "services.ghostunnel.servers.<name>.listen": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "description": "Address and port to listen on (can be HOST:PORT, unix:PATH).\n", "loc": ["services", "ghostunnel", "servers", "<name>", "listen"], "readOnly": false, "type": "string"}, "services.ghostunnel.servers.<name>.target": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "description": "Address to forward connections to (can be HOST:PORT or unix:PATH).\n", "loc": ["services", "ghostunnel", "servers", "<name>", "target"], "readOnly": false, "type": "string"}, "services.ghostunnel.servers.<name>.unsafeTarget": {"declarations": ["nixos/modules/services/networking/ghostunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets.\n\nThis is meant to protect against accidental unencrypted traffic on\nuntrusted networks.\n", "loc": ["services", "ghostunnel", "servers", "<name>", "unsafeTarget"], "readOnly": false, "type": "boolean"}, "services.gitDaemon.basePath": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Remap all the path requests as relative to the given path. For example,\nif you set base-path to /srv/git, then if you later try to pull\ngit://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.\n", "example": {"_type": "literalExpression", "text": "\"/srv/git/\""}, "loc": ["services", "gitDaemon", "basePath"], "readOnly": false, "type": "string"}, "services.gitDaemon.enable": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Git daemon, which allows public hosting of git repositories\nwithout any access controls. This is mostly intended for read-only access.\n\nYou can allow write access by setting daemon.receivepack configuration\nitem of the repository to true. This is solely meant for a closed LAN setting\nwhere everybody is friendly.\n\nIf you need any access controls, use something else.\n", "loc": ["services", "gitDaemon", "enable"], "readOnly": false, "type": "boolean"}, "services.gitDaemon.exportAll": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Publish all directories that look like Git repositories (have the objects\nand refs subdirectories), even if they do not have the git-daemon-export-ok file.\n\nIf disabled, you need to touch .git/git-daemon-export-ok in each repository\nyou want the daemon to publish.\n\nWarning: enabling this without a repository whitelist or basePath\npublishes every git repository you have.\n", "loc": ["services", "gitDaemon", "exportAll"], "readOnly": false, "type": "boolean"}, "services.gitDaemon.group": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"git\""}, "description": "Group under which Git daemon would be running.", "loc": ["services", "gitDaemon", "group"], "readOnly": false, "type": "string"}, "services.gitDaemon.listenAddress": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Listen on a specific IP address or hostname.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "gitDaemon", "listenAddress"], "readOnly": false, "type": "string"}, "services.gitDaemon.options": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options to be passed to Git daemon.", "loc": ["services", "gitDaemon", "options"], "readOnly": false, "type": "string"}, "services.gitDaemon.package": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.git"}, "description": "The git package to use.", "loc": ["services", "gitDaemon", "package"], "readOnly": false, "type": "package"}, "services.gitDaemon.port": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "9418"}, "description": "Port to listen on.", "loc": ["services", "gitDaemon", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitDaemon.repositories": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A whitelist of paths of git repositories, or directories containing repositories\nall of which would be published. Paths must not end in \"/\".\n\nWarning: leaving this empty and enabling exportAll publishes all\nrepositories in your filesystem or basePath if specified.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/srv/git\"\n  \"/home/user/git/repo2\"\n]"}, "loc": ["services", "gitDaemon", "repositories"], "readOnly": false, "type": "list of string"}, "services.gitDaemon.user": {"declarations": ["nixos/modules/services/networking/git-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"git\""}, "description": "User under which Git daemon would be running.", "loc": ["services", "gitDaemon", "user"], "readOnly": false, "type": "string"}, "services.gitea-actions-runner.instances": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Gitea Actions Runner instances.\n", "loc": ["services", "gitea-actions-runner", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.gitea-actions-runner.instances.<name>.enable": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gitea Actions Runner instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitea-actions-runner", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.gitea-actions-runner.instances.<name>.hostPackages": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [\n  bash\n  coreutils\n  curl\n  gawk\n  gitMinimal\n  gnused\n  nodejs\n  wget\n]\n"}, "description": "List of packages, that are available to actions, when the runner is configured\nwith a host execution label.\n", "loc": ["services", "gitea-actions-runner", "instances", "<name>", "hostPackages"], "readOnly": false, "type": "list of package"}, "services.gitea-actions-runner.instances.<name>.labels": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "description": "Labels used to map jobs to their runtime environment. Changing these\nlabels currently requires a new registration token.\n\nMany common actions require bash, git and nodejs, as well as a filesystem\nthat follows the filesystem hierarchy standard.\n", "example": {"_type": "literalExpression", "text": "[\n  # provide a debian base with nodejs for actions\n  \"debian-latest:docker://node:18-bullseye\"\n  # fake the ubuntu name, because node provides no ubuntu builds\n  \"ubuntu-latest:docker://node:18-bullseye\"\n  # provide native execution on the host\n  #\"native:host\"\n]\n"}, "loc": ["services", "gitea-actions-runner", "instances", "<name>", "labels"], "readOnly": false, "type": "list of string"}, "services.gitea-actions-runner.instances.<name>.name": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "description": "The name identifying the runner instance towards the Gitea/Forgejo instance.\n", "example": {"_type": "literalExpression", "text": "config.networking.hostName"}, "loc": ["services", "gitea-actions-runner", "instances", "<name>", "name"], "readOnly": false, "type": "string"}, "services.gitea-actions-runner.instances.<name>.settings": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `act_runner daemon`.\nSee <https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml> for an example configuration\n", "loc": ["services", "gitea-actions-runner", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.gitea-actions-runner.instances.<name>.token": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Plain token to register at the configured Gitea/Forgejo instance.\n", "loc": ["services", "gitea-actions-runner", "instances", "<name>", "token"], "readOnly": false, "type": "null or string"}, "services.gitea-actions-runner.instances.<name>.tokenFile": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an environment file, containing the `TOKEN` environment\nvariable, that holds a token to register at the configured\nGitea/Forgejo instance.\n", "loc": ["services", "gitea-actions-runner", "instances", "<name>", "tokenFile"], "readOnly": false, "type": "null or string or absolute path"}, "services.gitea-actions-runner.instances.<name>.url": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "description": "Base URL of your Gitea/Forgejo instance.\n", "example": {"_type": "literalExpression", "text": "\"https://forge.example.com\""}, "loc": ["services", "gitea-actions-runner", "instances", "<name>", "url"], "readOnly": false, "type": "string"}, "services.gitea-actions-runner.package": {"declarations": ["nixos/modules/services/continuous-integration/gitea-actions-runner.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitea-actions-runner"}, "description": "The gitea-actions-runner package to use.", "loc": ["services", "gitea-actions-runner", "package"], "readOnly": false, "type": "package"}, "services.gitea.appName": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"gitea: Gitea Service\""}, "description": "Application name.", "loc": ["services", "gitea", "appName"], "readOnly": false, "type": "string"}, "services.gitea.camoHmacKeyFile": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the camo HMAC key.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/gitea/camoHmacKey\""}, "loc": ["services", "gitea", "camoHmacKeyFile"], "readOnly": false, "type": "null or string"}, "services.gitea.captcha.enable": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables Gitea to display a CAPTCHA challenge on registration.\n", "loc": ["services", "gitea", "captcha", "enable"], "readOnly": false, "type": "boolean"}, "services.gitea.captcha.requireForExternalRegistration": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Displays a CAPTCHA challenge for users that register externally.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitea", "captcha", "requireForExternalRegistration"], "readOnly": false, "type": "boolean"}, "services.gitea.captcha.requireForLogin": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Displays a CAPTCHA challenge whenever a user logs in.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitea", "captcha", "requireForLogin"], "readOnly": false, "type": "boolean"}, "services.gitea.captcha.secretFile": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the CAPTCHA secret key.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/gitea/captcha_secret\""}, "loc": ["services", "gitea", "captcha", "secretFile"], "readOnly": false, "type": "null or string"}, "services.gitea.captcha.siteKey": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CAPTCHA site key to use for Gitea.", "example": {"_type": "literalExpression", "text": "\"my_site_key\""}, "loc": ["services", "gitea", "captcha", "siteKey"], "readOnly": false, "type": "null or string"}, "services.gitea.captcha.type": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"image\""}, "description": "The type of CAPTCHA to use for Gitea.", "example": {"_type": "literalExpression", "text": "\"recaptcha\""}, "loc": ["services", "gitea", "captcha", "type"], "readOnly": false, "type": "one of \"image\", \"recaptcha\", \"hcaptcha\", \"mcaptcha\", \"cfturnstile\""}, "services.gitea.captcha.url": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CAPTCHA url to use for Gitea. Only relevant for `recaptcha` and `mcaptcha`.", "example": {"_type": "literalExpression", "text": "\"https://google.com/recaptcha\""}, "loc": ["services", "gitea", "captcha", "url"], "readOnly": false, "type": "null or string"}, "services.gitea.customDir": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.gitea.stateDir}/custom\""}, "description": "Gitea custom directory. Used for config, custom templates and other options.", "loc": ["services", "gitea", "customDir"], "readOnly": false, "type": "string"}, "services.gitea.database.createDatabase": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "gitea", "database", "createDatabase"], "readOnly": false, "type": "boolean"}, "services.gitea.database.host": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Database host address.", "loc": ["services", "gitea", "database", "host"], "readOnly": false, "type": "string"}, "services.gitea.database.name": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"gitea\""}, "description": "Database name.", "loc": ["services", "gitea", "database", "name"], "readOnly": false, "type": "string"}, "services.gitea.database.password": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The password corresponding to {option}`database.user`.\nWarning: this is stored in cleartext in the Nix store!\nUse {option}`database.passwordFile` instead.\n", "loc": ["services", "gitea", "database", "password"], "readOnly": false, "type": "string"}, "services.gitea.database.passwordFile": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/gitea-dbpassword\""}, "loc": ["services", "gitea", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitea.database.path": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.gitea.stateDir}/data/gitea.db\""}, "description": "Path to the sqlite3 database file.", "loc": ["services", "gitea", "database", "path"], "readOnly": false, "type": "string"}, "services.gitea.database.port": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "if config.services.gitea.database.type != \"postgresql\"\nthen 3306\nelse 5432\n"}, "description": "Database host port.", "loc": ["services", "gitea", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitea.database.socket": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the unix socket file to use for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/mysqld/mysqld.sock\""}, "loc": ["services", "gitea", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.gitea.database.type": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite3\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"mysql\""}, "loc": ["services", "gitea", "database", "type"], "readOnly": false, "type": "one of \"sqlite3\", \"mysql\", \"postgres\""}, "services.gitea.database.user": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"gitea\""}, "description": "Database user.", "loc": ["services", "gitea", "database", "user"], "readOnly": false, "type": "string"}, "services.gitea.dump.backupDir": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.gitea.stateDir}/dump\""}, "description": "Path to the dump files.", "loc": ["services", "gitea", "dump", "backupDir"], "readOnly": false, "type": "string"}, "services.gitea.dump.enable": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable a timer that runs gitea dump to generate backup-files of the\ncurrent gitea database and repositories.\n", "loc": ["services", "gitea", "dump", "enable"], "readOnly": false, "type": "boolean"}, "services.gitea.dump.file": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Filename to be used for the dump. If `null` a default name is chosen by gitea.", "example": {"_type": "literalExpression", "text": "\"gitea-dump\""}, "loc": ["services", "gitea", "dump", "file"], "readOnly": false, "type": "null or string"}, "services.gitea.dump.interval": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"04:31\""}, "description": "Run a gitea dump at this interval. Runs by default at 04:31 every day.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"hourly\""}, "loc": ["services", "gitea", "dump", "interval"], "readOnly": false, "type": "string"}, "services.gitea.dump.type": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"zip\""}, "description": "Archive format used to store the dump file.", "loc": ["services", "gitea", "dump", "type"], "readOnly": false, "type": "one of \"zip\", \"rar\", \"tar\", \"sz\", \"tar.gz\", \"tar.xz\", \"tar.bz2\", \"tar.br\", \"tar.lz4\", \"tar.zst\""}, "services.gitea.enable": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Gitea Service.", "loc": ["services", "gitea", "enable"], "readOnly": false, "type": "boolean"}, "services.gitea.extraConfig": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration lines appended to the generated gitea configuration file.", "loc": ["services", "gitea", "extraConfig"], "readOnly": false, "type": "null or string"}, "services.gitea.group": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"gitea\""}, "description": "Group under which gitea runs.", "loc": ["services", "gitea", "group"], "readOnly": false, "type": "string"}, "services.gitea.lfs.contentDir": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.gitea.stateDir}/data/lfs\""}, "description": "Where to store LFS files.", "loc": ["services", "gitea", "lfs", "contentDir"], "readOnly": false, "type": "string"}, "services.gitea.lfs.enable": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables git-lfs support.", "loc": ["services", "gitea", "lfs", "enable"], "readOnly": false, "type": "boolean"}, "services.gitea.mailerPasswordFile": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the SMTP password.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/gitea/mailpw\""}, "loc": ["services", "gitea", "mailerPasswordFile"], "readOnly": false, "type": "null or string"}, "services.gitea.metricsTokenFile": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the metrics authentication token.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/gitea/metrics_token\""}, "loc": ["services", "gitea", "metricsTokenFile"], "readOnly": false, "type": "null or string"}, "services.gitea.minioAccessKeyId": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the Minio access key id.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/gitea/minio_access_key_id\""}, "loc": ["services", "gitea", "minioAccessKeyId"], "readOnly": false, "type": "null or string"}, "services.gitea.minioSecretAccessKey": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the Minio secret access key.", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/gitea/minio_secret_access_key\""}, "loc": ["services", "gitea", "minioSecretAccessKey"], "readOnly": false, "type": "null or string"}, "services.gitea.package": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitea"}, "description": "The gitea package to use.", "loc": ["services", "gitea", "package"], "readOnly": false, "type": "package"}, "services.gitea.repositoryRoot": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.gitea.stateDir}/repositories\""}, "description": "Path to the git repositories.", "loc": ["services", "gitea", "repositoryRoot"], "readOnly": false, "type": "string"}, "services.gitea.settings": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Gitea configuration. Refer to <https://docs.gitea.io/en-us/config-cheat-sheet/>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  \"cron.sync_external_users\" = {\n    RUN_AT_START = true;\n    SCHEDULE = \"@every 24h\";\n    UPDATE_EXISTING = true;\n  };\n  mailer = {\n    ENABLED = true;\n    PROTOCOL = \"smtp+starttls\";\n    SMTP_ADDR = \"smtp.example.org\";\n    SMTP_PORT = \"587\";\n    FROM = \"Gitea Service <do-not-reply@example.org>\";\n    USER = \"do-not-reply@example.org\";\n  };\n  other = {\n    SHOW_FOOTER_VERSION = false;\n  };\n}\n"}, "loc": ["services", "gitea", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.gitea.settings.log.LEVEL": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"Info\""}, "description": "General log level.", "loc": ["services", "gitea", "settings", "log", "LEVEL"], "readOnly": false, "type": "one of \"Trace\", \"Debug\", \"Info\", \"Warn\", \"Error\", \"Critical\""}, "services.gitea.settings.log.ROOT_PATH": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.gitea.stateDir}/log\""}, "description": "Root path for log files.", "loc": ["services", "gitea", "settings", "log", "ROOT_PATH"], "readOnly": false, "type": "string"}, "services.gitea.settings.mailer.ENABLED": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use an email service to send notifications.", "loc": ["services", "gitea", "settings", "mailer", "ENABLED"], "readOnly": false, "type": "boolean"}, "services.gitea.settings.mailer.PROTOCOL": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Which mail server protocol to use.", "loc": ["services", "gitea", "settings", "mailer", "PROTOCOL"], "readOnly": false, "type": "one of <null>, \"smtp\", \"smtps\", \"smtp+starttls\", \"smtp+unix\", \"sendmail\", \"dummy\""}, "services.gitea.settings.mailer.SENDMAIL_PATH": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "if config.services.gitea.settings.mailer.ENABLED && config.services.gitea.settings.mailer.PROTOCOL == \"sendmail\" then \"/run/wrappers/bin/sendmail\" else \"sendmail\""}, "description": "Path to sendmail binary or script.", "loc": ["services", "gitea", "settings", "mailer", "SENDMAIL_PATH"], "readOnly": false, "type": "string"}, "services.gitea.settings.server.DISABLE_SSH": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable external SSH feature.", "loc": ["services", "gitea", "settings", "server", "DISABLE_SSH"], "readOnly": false, "type": "boolean"}, "services.gitea.settings.server.DOMAIN": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Domain name of your server.", "loc": ["services", "gitea", "settings", "server", "DOMAIN"], "readOnly": false, "type": "string"}, "services.gitea.settings.server.HTTP_ADDR": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "if lib.hasSuffix \"+unix\" cfg.settings.server.PROTOCOL then \"/run/gitea/gitea.sock\" else \"0.0.0.0\""}, "description": "Listen address. Must be a path when using a unix socket.", "loc": ["services", "gitea", "settings", "server", "HTTP_ADDR"], "readOnly": false, "type": "string or absolute path"}, "services.gitea.settings.server.HTTP_PORT": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Listen port. Ignored when using a unix socket.", "loc": ["services", "gitea", "settings", "server", "HTTP_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitea.settings.server.PROTOCOL": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "Listen protocol. `+unix` means \"over unix\", not \"in addition to.\"", "loc": ["services", "gitea", "settings", "server", "PROTOCOL"], "readOnly": false, "type": "one of \"http\", \"https\", \"fcgi\", \"http+unix\", \"fcgi+unix\""}, "services.gitea.settings.server.ROOT_URL": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/\""}, "description": "Full public URL of gitea server.", "loc": ["services", "gitea", "settings", "server", "ROOT_URL"], "readOnly": false, "type": "string"}, "services.gitea.settings.server.SSH_PORT": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "22"}, "description": "SSH port displayed in clone URL.\nThe option is required to configure a service when the external visible port\ndiffers from the local listening port i.e. if port forwarding is used.\n", "example": {"_type": "literalExpression", "text": "2222"}, "loc": ["services", "gitea", "settings", "server", "SSH_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitea.settings.server.STATIC_ROOT_PATH": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "config.services.gitea.package.data"}, "description": "Upper level of template and static files path.", "example": {"_type": "literalExpression", "text": "\"/var/lib/gitea/data\""}, "loc": ["services", "gitea", "settings", "server", "STATIC_ROOT_PATH"], "readOnly": false, "type": "string or absolute path"}, "services.gitea.settings.service.DISABLE_REGISTRATION": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default any user can create an account on this `gitea` instance.\nThis can be disabled by using this option.\n\n*Note:* please keep in mind that this should be added after the initial\ndeploy as the first registered user will be the administrator.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitea", "settings", "service", "DISABLE_REGISTRATION"], "readOnly": false, "type": "boolean"}, "services.gitea.settings.session.COOKIE_SECURE": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Marks session cookies as \"secure\" as a hint for browsers to only send\nthem via HTTPS. This option is recommend, if gitea is being served over HTTPS.\n", "loc": ["services", "gitea", "settings", "session", "COOKIE_SECURE"], "readOnly": false, "type": "boolean"}, "services.gitea.stateDir": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/gitea\""}, "description": "Gitea data directory.", "loc": ["services", "gitea", "stateDir"], "readOnly": false, "type": "string"}, "services.gitea.user": {"declarations": ["nixos/modules/services/misc/gitea.nix"], "default": {"_type": "literalExpression", "text": "\"gitea\""}, "description": "User account under which gitea runs.", "loc": ["services", "gitea", "user"], "readOnly": false, "type": "string"}, "services.gitlab-runner.clear-docker-cache.dates": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "Specification (in the format described by\n{manpage}`systemd.time(7)`) of the time at\nwhich the prune will occur.\n", "loc": ["services", "gitlab-runner", "clear-docker-cache", "dates"], "readOnly": false, "type": "string"}, "services.gitlab-runner.clear-docker-cache.enable": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to periodically prune gitlab runner's Docker resources. If\nenabled, a systemd timer will run {command}`clear-docker-cache` as\nspecified by the `dates` option.\n", "loc": ["services", "gitlab-runner", "clear-docker-cache", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.clear-docker-cache.flags": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any additional flags passed to {command}`clear-docker-cache`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"prune\"\n]"}, "loc": ["services", "gitlab-runner", "clear-docker-cache", "flags"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.clear-docker-cache.package": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "config.virtualisation.docker.package"}, "description": "Docker package to use for clearing up docker cache.", "example": {"_type": "literalExpression", "text": "pkgs.docker"}, "loc": ["services", "gitlab-runner", "clear-docker-cache", "package"], "readOnly": false, "type": "unspecified value"}, "services.gitlab-runner.configFile": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration file for gitlab-runner.\n\n{option}`configFile` takes precedence over {option}`services`.\n{option}`checkInterval` and {option}`concurrent` will be ignored too.\n\nThis option is deprecated, please use {option}`services` instead.\nYou can use {option}`registrationConfigFile` and\n{option}`registrationFlags`\nfor settings not covered by this module.\n", "loc": ["services", "gitlab-runner", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab-runner.enable": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gitlab Runner.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitlab-runner", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.extraPackages": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to `PATH` for the `gitlab-runner` process.\nThese packages won't be added to the system, use `environment.systemPackages` for that.\n", "loc": ["services", "gitlab-runner", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.gitlab-runner.gracefulTermination": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Finish all remaining jobs before stopping.\nIf not set gitlab-runner will stop immediately without waiting\nfor jobs to finish, which will lead to failed builds.\n", "loc": ["services", "gitlab-runner", "gracefulTermination"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.gracefulTimeout": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "\"infinity\""}, "description": "Time to wait until a graceful shutdown is turned into a forceful one.\n", "example": {"_type": "literalExpression", "text": "\"5min 20s\""}, "loc": ["services", "gitlab-runner", "gracefulTimeout"], "readOnly": false, "type": "string"}, "services.gitlab-runner.package": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitlab-runner"}, "description": "The gitlab-runner package to use.", "example": {"_type": "literalExpression", "text": "gitlab-runner_1_11"}, "loc": ["services", "gitlab-runner", "package"], "readOnly": false, "type": "package"}, "services.gitlab-runner.services": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "GitLab Runner services.", "example": {"_type": "literalExpression", "text": "{\n  # runner for building in docker via host's nix-daemon\n  # nix store will be readable in runner, might be insecure\n  nix = {\n    # File should contain at least these two variables:\n    # - `CI_SERVER_URL`\n    # - `REGISTRATION_TOKEN`\n    #\n    # NOTE: Support for runner registration tokens will be removed in GitLab 18.0.\n    # Please migrate to runner authentication tokens soon. For reference, the example\n    # runners below this one are configured with authentication tokens instead.\n    registrationConfigFile = \"/run/secrets/gitlab-runner-registration\";\n\n    dockerImage = \"alpine\";\n    dockerVolumes = [\n      \"/nix/store:/nix/store:ro\"\n      \"/nix/var/nix/db:/nix/var/nix/db:ro\"\n      \"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro\"\n    ];\n    dockerDisableCache = true;\n    preBuildScript = pkgs.writeScript \"setup-container\" ''\n      mkdir -p -m 0755 /nix/var/log/nix/drvs\n      mkdir -p -m 0755 /nix/var/nix/gcroots\n      mkdir -p -m 0755 /nix/var/nix/profiles\n      mkdir -p -m 0755 /nix/var/nix/temproots\n      mkdir -p -m 0755 /nix/var/nix/userpool\n      mkdir -p -m 1777 /nix/var/nix/gcroots/per-user\n      mkdir -p -m 1777 /nix/var/nix/profiles/per-user\n      mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root\n      mkdir -p -m 0700 \"$HOME/.nix-defexpr\"\n\n      . ${pkgs.nix}/etc/profile.d/nix.sh\n\n      ${pkgs.nix}/bin/nix-env -i ${concatStringsSep \" \" (with pkgs; [ nix cacert git openssh ])}\n\n      ${pkgs.nix}/bin/nix-channel --add https://channels.nixos.org/nixpkgs-unstable\n      ${pkgs.nix}/bin/nix-channel --update nixpkgs\n    '';\n    environmentVariables = {\n      ENV = \"/etc/profile\";\n      USER = \"root\";\n      NIX_REMOTE = \"daemon\";\n      PATH = \"/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin\";\n      NIX_SSL_CERT_FILE = \"/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt\";\n    };\n    tagList = [ \"nix\" ];\n  };\n  # runner for building docker images\n  docker-images = {\n    # File should contain at least these two variables:\n    # `CI_SERVER_URL`\n    # `CI_SERVER_TOKEN`\n    authenticationTokenConfigFile = \"/run/secrets/gitlab-runner-docker-images-token-env\";\n\n    dockerImage = \"docker:stable\";\n    dockerVolumes = [\n      \"/var/run/docker.sock:/var/run/docker.sock\"\n    ];\n    tagList = [ \"docker-images\" ];\n  };\n  # runner for executing stuff on host system (very insecure!)\n  # make sure to add required packages (including git!)\n  # to `environment.systemPackages`\n  shell = {\n    # File should contain at least these two variables:\n    # `CI_SERVER_URL`\n    # `CI_SERVER_TOKEN`\n    authenticationTokenConfigFile = \"/run/secrets/gitlab-runner-shell-token-env\";\n\n    executor = \"shell\";\n    tagList = [ \"shell\" ];\n  };\n  # runner for everything else\n  default = {\n    # File should contain at least these two variables:\n    # `CI_SERVER_URL`\n    # `CI_SERVER_TOKEN`\n    authenticationTokenConfigFile = \"/run/secrets/gitlab-runner-default-token-env\";\n    dockerImage = \"debian:stable\";\n  };\n}\n"}, "loc": ["services", "gitlab-runner", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.gitlab-runner.services.<name>.authenticationTokenConfigFile": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to a file containing environment variables used for\ngitlab-runner registrations with *runner authentication tokens*.\nThey replace the deprecated *runner registration tokens*, as\noutlined in the [GitLab documentation].\n\nA list of all supported environment variables can be found with\n`gitlab-runner register --help`.\n\nThe ones you probably want to set are:\n- `CI_SERVER_URL=<CI server URL>`\n- `CI_SERVER_TOKEN=<runner authentication token secret>`\n\n::: {.warning}\nMake sure to use a quoted absolute path,\nor it is going to be copied to Nix Store.\n:::\n\n[GitLab documentation]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes\n", "loc": ["services", "gitlab-runner", "services", "<name>", "authenticationTokenConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab-runner.services.<name>.buildsDir": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to a directory where builds will be stored\nin context of selected executor (Locally, Docker, SSH).\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/gitlab-runner/builds\""}, "loc": ["services", "gitlab-runner", "services", "<name>", "buildsDir"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab-runner.services.<name>.cloneUrl": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Overwrite the URL for the GitLab instance. Used if the Runner can\u2019t connect to GitLab on the URL GitLab exposes itself.\n", "example": {"_type": "literalExpression", "text": "\"http://gitlab.example.local\""}, "loc": ["services", "gitlab-runner", "services", "<name>", "cloneUrl"], "readOnly": false, "type": "null or string"}, "services.gitlab-runner.services.<name>.debugTraceDisabled": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When set to true Runner will disable the possibility of\nusing the `CI_DEBUG_TRACE` feature.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "debugTraceDisabled"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.services.<name>.description": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name/description of the runner.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "description"], "readOnly": false, "type": "null or string"}, "services.gitlab-runner.services.<name>.dockerAllowedImages": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Whitelist allowed images.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ruby:*\"\n  \"python:*\"\n  \"php:*\"\n  \"my.registry.tld:5000/*:*\"\n]"}, "loc": ["services", "gitlab-runner", "services", "<name>", "dockerAllowedImages"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.services.<name>.dockerAllowedServices": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Whitelist allowed services.\n", "example": {"_type": "literalExpression", "text": "[\n  \"postgres:9\"\n  \"redis:*\"\n  \"mysql:*\"\n]"}, "loc": ["services", "gitlab-runner", "services", "<name>", "dockerAllowedServices"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.services.<name>.dockerDisableCache": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable all container caching.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "dockerDisableCache"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.services.<name>.dockerExtraHosts": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Add a custom host-to-IP mapping.\n", "example": {"_type": "literalExpression", "text": "[\n  \"other-host:127.0.0.1\"\n]"}, "loc": ["services", "gitlab-runner", "services", "<name>", "dockerExtraHosts"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.services.<name>.dockerImage": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Docker image to be used.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "dockerImage"], "readOnly": false, "type": "null or string"}, "services.gitlab-runner.services.<name>.dockerPrivileged": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Give extended privileges to container.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "dockerPrivileged"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.services.<name>.dockerPullPolicy": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default pull-policy for Docker images\n", "loc": ["services", "gitlab-runner", "services", "<name>", "dockerPullPolicy"], "readOnly": false, "type": "null or one of \"always\", \"never\", \"if-not-present\""}, "services.gitlab-runner.services.<name>.dockerVolumes": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Bind-mount a volume and create it\nif it doesn't exist prior to mounting.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/run/docker.sock:/var/run/docker.sock\"\n]"}, "loc": ["services", "gitlab-runner", "services", "<name>", "dockerVolumes"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.services.<name>.environmentVariables": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Custom environment variables injected to build environment.\nFor secrets you can use {option}`registrationConfigFile`\nwith `RUNNER_ENV` variable set.\n", "example": {"_type": "literalExpression", "text": "{\n  NAME = \"value\";\n}"}, "loc": ["services", "gitlab-runner", "services", "<name>", "environmentVariables"], "readOnly": false, "type": "attribute set of string"}, "services.gitlab-runner.services.<name>.executor": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "\"docker\""}, "description": "Select executor, eg. shell, docker, etc.\nSee [runner executor documentation](https://docs.gitlab.com/runner/executors/) for more information.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "executor"], "readOnly": false, "type": "string"}, "services.gitlab-runner.services.<name>.limit": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Limit how many jobs can be handled concurrently by this service.\n0 (default) simply means don't limit.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "limit"], "readOnly": false, "type": "signed integer"}, "services.gitlab-runner.services.<name>.maximumTimeout": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "What is the maximum timeout (in seconds) that will be set for\njob when using this Runner. 0 (default) simply means don't limit.\n\nThis option has no effect for runners registered with an runner\nauthentication tokens and will be ignored.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "maximumTimeout"], "readOnly": false, "type": "signed integer"}, "services.gitlab-runner.services.<name>.postBuildScript": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Runner-specific command script executed after code is pulled\nand just after build executes.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "postBuildScript"], "readOnly": false, "type": "null or string or absolute path"}, "services.gitlab-runner.services.<name>.postGetSourcesScript": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Runner-specific command script executed after code is pulled.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "postGetSourcesScript"], "readOnly": false, "type": "null or string or absolute path"}, "services.gitlab-runner.services.<name>.preBuildScript": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Runner-specific command script executed after code is pulled,\njust before build executes.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "preBuildScript"], "readOnly": false, "type": "null or string or absolute path"}, "services.gitlab-runner.services.<name>.preGetSourcesScript": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Runner-specific command script executed before code is pulled.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "preGetSourcesScript"], "readOnly": false, "type": "null or string or absolute path"}, "services.gitlab-runner.services.<name>.protected": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When set to true Runner will only run on pipelines\ntriggered on protected branches.\n\nThis option has no effect for runners registered with an runner\nauthentication tokens and will be ignored.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "protected"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.services.<name>.registrationConfigFile": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to a file with environment variables\nused for gitlab-runner registration with *runner registration\ntokens*.\n\nA list of all supported environment variables can be found in\n`gitlab-runner register --help`.\n\nThe ones you probably want to set are:\n- `CI_SERVER_URL=<CI server URL>`\n- `REGISTRATION_TOKEN=<registration secret>`\n\nSupport for *runner registration tokens* is deprecated since\nGitLab 16.0, has been disabled by default in GitLab 17.0 and\nwill be removed in GitLab 18.0, as outlined in the\n[GitLab documentation]. Please consider migrating to\n[runner authentication tokens] and check the documentation on\n{option}`services.gitlab-runner.services.<name>.authenticationTokenConfigFile`.\n\n::: {.warning}\nMake sure to use a quoted absolute path,\nor it is going to be copied to Nix Store.\n:::\n\n[GitLab documentation]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes\n[runner authentication tokens]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#the-new-runner-registration-workflow\n", "loc": ["services", "gitlab-runner", "services", "<name>", "registrationConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab-runner.services.<name>.registrationFlags": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line flags passed to\n`gitlab-runner register`.\nExecute `gitlab-runner register --help`\nfor a list of supported flags.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--docker-helper-image my/gitlab-runner-helper\"\n]"}, "loc": ["services", "gitlab-runner", "services", "<name>", "registrationFlags"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.services.<name>.requestConcurrency": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Limit number of concurrent requests for new jobs from GitLab.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "requestConcurrency"], "readOnly": false, "type": "signed integer"}, "services.gitlab-runner.services.<name>.runUntagged": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Register to run untagged builds; defaults to\n`true` when {option}`tagList` is empty.\n\nThis option has no effect for runners registered with an runner\nauthentication tokens and will be ignored.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "runUntagged"], "readOnly": false, "type": "boolean"}, "services.gitlab-runner.services.<name>.tagList": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Tag list.\n\nThis option has no effect for runners registered with an runner\nauthentication tokens and will be ignored.\n", "loc": ["services", "gitlab-runner", "services", "<name>", "tagList"], "readOnly": false, "type": "list of string"}, "services.gitlab-runner.settings": {"declarations": ["nixos/modules/services/continuous-integration/gitlab-runner/runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Global gitlab-runner configuration. See\n<https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section>\nfor supported values.\n", "loc": ["services", "gitlab-runner", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.gitlab.backup.keepTime": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "How long to keep the backups around, in\nhours. `0` means \u201ckeep forever\u201d.\n", "example": {"_type": "literalExpression", "text": "48"}, "loc": ["services", "gitlab", "backup", "keepTime"], "readOnly": false, "type": "signed integer"}, "services.gitlab.backup.path": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "config.services.gitlab.statePath + \"/backup\""}, "description": "GitLab path for backups.", "loc": ["services", "gitlab", "backup", "path"], "readOnly": false, "type": "string"}, "services.gitlab.backup.skip": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories to exclude from the backup. The example excludes\nCI artifacts and LFS objects from the backups. The\n`tar` option skips the creation of a tar\nfile.\n\nRefer to <https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"artifacts\"\n  \"lfs\"\n]"}, "loc": ["services", "gitlab", "backup", "skip"], "readOnly": false, "type": "one of \"db\", \"uploads\", \"builds\", \"artifacts\", \"lfs\", \"registry\", \"pages\", \"repositories\", \"tar\" or list of (one of \"db\", \"uploads\", \"builds\", \"artifacts\", \"lfs\", \"registry\", \"pages\", \"repositories\", \"tar\")"}, "services.gitlab.backup.startAt": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The time(s) to run automatic backup of GitLab\nstate. Specified in systemd's time format; see\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"03:00\""}, "loc": ["services", "gitlab", "backup", "startAt"], "readOnly": false, "type": "string or list of string"}, "services.gitlab.backup.uploadOptions": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "GitLab automatic upload specification. Tells GitLab to\nupload the backup to a remote location when done.\n\nAttributes specified here are added under\n`production -> backup -> upload` in\n{file}`config/gitlab.yml`.\n", "example": {"_type": "literalExpression", "text": "{\n  # Fog storage connection settings, see http://fog.io/storage/\n  connection = {\n    provider = \"AWS\";\n    region = \"eu-north-1\";\n    aws_access_key_id = \"AKIAXXXXXXXXXXXXXXXX\";\n    aws_secret_access_key = { _secret = config.deployment.keys.aws_access_key.path; };\n  };\n\n  # The remote 'directory' to store your backups in.\n  # For S3, this would be the bucket name.\n  remote_directory = \"my-gitlab-backups\";\n\n  # Use multipart uploads when file size reaches 100MB, see\n  # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html\n  multipart_chunk_size = 104857600;\n\n  # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional\n  encryption = \"AES256\";\n\n  # Specifies Amazon S3 storage class to use for backups, this is optional\n  storage_class = \"STANDARD\";\n};\n"}, "loc": ["services", "gitlab", "backup", "uploadOptions"], "readOnly": false, "type": "attribute set"}, "services.gitlab.databaseCreateLocally": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a database should be automatically created on the\nlocal host. Set this to `false` if you plan\non provisioning a local database yourself. This has no effect\nif {option}`services.gitlab.databaseHost` is customized.\n", "loc": ["services", "gitlab", "databaseCreateLocally"], "readOnly": false, "type": "boolean"}, "services.gitlab.databaseHost": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "GitLab database hostname. An empty string means\n\u201cuse local unix socket connection\u201d.\n", "loc": ["services", "gitlab", "databaseHost"], "readOnly": false, "type": "string"}, "services.gitlab.databaseName": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"gitlab\""}, "description": "GitLab database name.", "loc": ["services", "gitlab", "databaseName"], "readOnly": false, "type": "string"}, "services.gitlab.databasePasswordFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the GitLab database user password.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "databasePasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.databasePool": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Database connection pool size.", "loc": ["services", "gitlab", "databasePool"], "readOnly": false, "type": "signed integer"}, "services.gitlab.databaseUsername": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"gitlab\""}, "description": "GitLab database user.", "loc": ["services", "gitlab", "databaseUsername"], "readOnly": false, "type": "string"}, "services.gitlab.enable": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the gitlab service.\n", "loc": ["services", "gitlab", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab.extraConfig": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options to be added under\n`production` in\n{file}`config/gitlab.yml`, as a nix attribute\nset.\n\nOptions containing secret data should be set to an attribute\nset containing the attribute `_secret` - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting\n{file}`config/gitlab.yml` file, the\n`production.omniauth.providers[0].args.client_options.secret`\nkey will be set to the contents of the\n{file}`/var/keys/gitlab_oidc_secret` file.\n", "example": {"_type": "literalExpression", "text": "{\n  gitlab = {\n    default_projects_features = {\n      builds = false;\n    };\n  };\n  omniauth = {\n    enabled = true;\n    auto_sign_in_with_provider = \"openid_connect\";\n    allow_single_sign_on = [\"openid_connect\"];\n    block_auto_created_users = false;\n    providers = [\n      {\n        name = \"openid_connect\";\n        label = \"OpenID Connect\";\n        args = {\n          name = \"openid_connect\";\n          scope = [\"openid\" \"profile\"];\n          response_type = \"code\";\n          issuer = \"https://keycloak.example.com/auth/realms/My%20Realm\";\n          discovery = true;\n          client_auth_method = \"query\";\n          uid_field = \"preferred_username\";\n          client_options = {\n            identifier = \"gitlab\";\n            secret = { _secret = \"/var/keys/gitlab_oidc_secret\"; };\n            redirect_uri = \"https://git.example.com/users/auth/openid_connect/callback\";\n          };\n        };\n      }\n    ];\n  };\n};\n"}, "loc": ["services", "gitlab", "extraConfig"], "readOnly": false, "type": "YAML 1.1 value"}, "services.gitlab.extraDatabaseConfig": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration in config/database.yml.", "loc": ["services", "gitlab", "extraDatabaseConfig"], "readOnly": false, "type": "attribute set"}, "services.gitlab.extraEnv": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables for the GitLab environment.\n", "loc": ["services", "gitlab", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.gitlab.extraGitlabRb": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be placed in config/extra-gitlab.rb. This can\nbe used to add configuration not otherwise exposed through this module's\noptions.\n", "example": {"_type": "literalExpression", "text": "''\n  if Rails.env.production?\n    Rails.application.config.action_mailer.delivery_method = :sendmail\n    ActionMailer::Base.delivery_method = :sendmail\n    ActionMailer::Base.sendmail_settings = {\n      location: \"/run/wrappers/bin/sendmail\",\n      arguments: \"-i -t\"\n    }\n  end\n''"}, "loc": ["services", "gitlab", "extraGitlabRb"], "readOnly": false, "type": "string"}, "services.gitlab.extraShellConfig": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to merge into shell-config.yml", "loc": ["services", "gitlab", "extraShellConfig"], "readOnly": false, "type": "attribute set"}, "services.gitlab.group": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"gitlab\""}, "description": "Group to run gitlab and all related services.", "loc": ["services", "gitlab", "group"], "readOnly": false, "type": "string"}, "services.gitlab.host": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "GitLab host name. Used e.g. for copy-paste URLs.", "loc": ["services", "gitlab", "host"], "readOnly": false, "type": "string"}, "services.gitlab.https": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether gitlab prints URLs with https as scheme.", "loc": ["services", "gitlab", "https"], "readOnly": false, "type": "boolean"}, "services.gitlab.initialRootEmail": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"admin@local.host\""}, "description": "Initial email address of the root account if this is a new install.\n", "loc": ["services", "gitlab", "initialRootEmail"], "readOnly": false, "type": "string"}, "services.gitlab.initialRootPasswordFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the initial password of the root account if\nthis is a new install.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "initialRootPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.logrotate.enable": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable rotation of log files.\n", "loc": ["services", "gitlab", "logrotate", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab.logrotate.frequency": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "How often to rotate the logs.", "loc": ["services", "gitlab", "logrotate", "frequency"], "readOnly": false, "type": "string"}, "services.gitlab.logrotate.keep": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "How many rotations to keep.", "loc": ["services", "gitlab", "logrotate", "keep"], "readOnly": false, "type": "signed integer"}, "services.gitlab.packages.gitaly": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitaly"}, "description": "The gitaly package to use.", "loc": ["services", "gitlab", "packages", "gitaly"], "readOnly": false, "type": "package"}, "services.gitlab.packages.gitlab": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitlab"}, "description": "The gitlab package to use.", "example": {"_type": "literalExpression", "text": "gitlab-ee"}, "loc": ["services", "gitlab", "packages", "gitlab"], "readOnly": false, "type": "package"}, "services.gitlab.packages.gitlab-shell": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitlab-shell"}, "description": "The gitlab-shell package to use.", "loc": ["services", "gitlab", "packages", "gitlab-shell"], "readOnly": false, "type": "package"}, "services.gitlab.packages.gitlab-workhorse": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitlab-workhorse"}, "description": "The gitlab-workhorse package to use.", "loc": ["services", "gitlab", "packages", "gitlab-workhorse"], "readOnly": false, "type": "package"}, "services.gitlab.packages.pages": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gitlab-pages"}, "description": "The gitlab-pages package to use.", "loc": ["services", "gitlab", "packages", "pages"], "readOnly": false, "type": "package"}, "services.gitlab.pages.enable": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the GitLab Pages service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitlab", "pages", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab.pages.settings": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "description": "Configuration options to set in the GitLab Pages config\nfile.\n\nOptions containing secret data should be set to an attribute\nset containing the attribute `_secret` - a string pointing\nto a file containing the value the option should be set\nto. See the example to get a better picture of this: in the\nresulting configuration file, the `auth-client-secret` and\n`auth-secret` keys will be set to the contents of the\n{file}`/var/keys/auth-client-secret` and\n{file}`/var/keys/auth-secret` files respectively.\n", "example": {"_type": "literalExpression", "text": "{\n  pages-domain = \"example.com\";\n  auth-client-id = \"generated-id-xxxxxxx\";\n  auth-client-secret = { _secret = \"/var/keys/auth-client-secret\"; };\n  auth-redirect-uri = \"https://projects.example.com/auth\";\n  auth-secret = { _secret = \"/var/keys/auth-secret\"; };\n  auth-server = \"https://gitlab.example.com\";\n}\n"}, "loc": ["services", "gitlab", "pages", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or signed integer or boolean or (attribute set))"}, "services.gitlab.pages.settings.artifacts-server": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"http(s)://<services.gitlab.host>/api/v4\""}, "description": "API URL to proxy artifact requests to.\n", "example": {"_type": "literalExpression", "text": "\"https://gitlab.example.com/api/v4\""}, "loc": ["services", "gitlab", "pages", "settings", "artifacts-server"], "readOnly": false, "type": "null or string"}, "services.gitlab.pages.settings.gitlab-server": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"http(s)://<services.gitlab.host>\""}, "description": "Public GitLab server URL.\n", "example": {"_type": "literalExpression", "text": "\"https://gitlab.example.com\""}, "loc": ["services", "gitlab", "pages", "settings", "gitlab-server"], "readOnly": false, "type": "null or string"}, "services.gitlab.pages.settings.internal-gitlab-server": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"http(s)://<services.gitlab.host>\""}, "description": "Internal GitLab server used for API requests, useful\nif you want to send that traffic over an internal load\nbalancer. By default, the value of\n`services.gitlab.pages.settings.gitlab-server` is\nused.\n", "example": {"_type": "literalExpression", "text": "\"https://gitlab.example.internal\""}, "loc": ["services", "gitlab", "pages", "settings", "internal-gitlab-server"], "readOnly": false, "type": "null or string"}, "services.gitlab.pages.settings.listen-http": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The address(es) to listen on for HTTP requests.\n", "loc": ["services", "gitlab", "pages", "settings", "listen-http"], "readOnly": false, "type": "list of string"}, "services.gitlab.pages.settings.listen-https": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The address(es) to listen on for HTTPS requests.\n", "loc": ["services", "gitlab", "pages", "settings", "listen-https"], "readOnly": false, "type": "list of string"}, "services.gitlab.pages.settings.listen-proxy": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1:8090\"\n]"}, "description": "The address(es) to listen on for proxy requests.\n", "loc": ["services", "gitlab", "pages", "settings", "listen-proxy"], "readOnly": false, "type": "list of string"}, "services.gitlab.pages.settings.pages-domain": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "description": "The domain to serve static pages on.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "gitlab", "pages", "settings", "pages-domain"], "readOnly": false, "type": "null or string"}, "services.gitlab.pages.settings.pages-root": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "config.services.gitlab.extraConfig.production.shared.path + \"/pages\""}, "description": "The directory where pages are stored.\n", "loc": ["services", "gitlab", "pages", "settings", "pages-root"], "readOnly": false, "type": "string"}, "services.gitlab.port": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "GitLab server port for copy-paste URLs, e.g. 80 or 443 if you're\nservice over https.\n", "loc": ["services", "gitlab", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitlab.puma.threadsMax": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "The maximum number of threads Puma should use per\nworker. This limits how many threads Puma will automatically\nspawn in response to requests. In contrast to workers,\nthreads will never be able to run Ruby code in parallel, but\ngive higher IO parallelism.\n\n::: {.note}\nEach thread consumes memory and contributes to Global VM\nLock contention, so be careful when increasing this.\n:::\n", "loc": ["services", "gitlab", "puma", "threadsMax"], "readOnly": false, "type": "signed integer"}, "services.gitlab.puma.threadsMin": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The minimum number of threads Puma should use per\nworker.\n\n::: {.note}\nEach thread consumes memory and contributes to Global VM\nLock contention, so be careful when increasing this.\n:::\n", "loc": ["services", "gitlab", "puma", "threadsMin"], "readOnly": false, "type": "signed integer"}, "services.gitlab.puma.workers": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "The number of worker processes Puma should spawn. This\ncontrols the amount of parallel Ruby code can be\nexecuted. GitLab recommends `Number of CPU cores - 1`, but at least two.\n\n::: {.note}\nEach worker consumes quite a bit of memory, so\nbe careful when increasing this.\n:::\n", "loc": ["services", "gitlab", "puma", "workers"], "readOnly": false, "type": "signed integer"}, "services.gitlab.redisUrl": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"unix:/run/gitlab/redis.sock\""}, "description": "Redis URL for all GitLab services.", "example": {"_type": "literalExpression", "text": "\"redis://localhost:6379/\""}, "loc": ["services", "gitlab", "redisUrl"], "readOnly": false, "type": "string"}, "services.gitlab.registry.certFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "description": "Path to GitLab container registry certificate.", "loc": ["services", "gitlab", "registry", "certFile"], "readOnly": false, "type": "absolute path"}, "services.gitlab.registry.defaultForProjects": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "config.services.gitlab.registry.enable"}, "description": "If GitLab container registry should be enabled by default for projects.", "loc": ["services", "gitlab", "registry", "defaultForProjects"], "readOnly": false, "type": "boolean"}, "services.gitlab.registry.enable": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable GitLab container registry.", "loc": ["services", "gitlab", "registry", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab.registry.externalAddress": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "External address used to access registry from the internet", "loc": ["services", "gitlab", "registry", "externalAddress"], "readOnly": false, "type": "string"}, "services.gitlab.registry.externalPort": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "description": "External port used to access registry from the internet", "loc": ["services", "gitlab", "registry", "externalPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitlab.registry.host": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "config.services.gitlab.host"}, "description": "GitLab container registry host name.", "loc": ["services", "gitlab", "registry", "host"], "readOnly": false, "type": "string"}, "services.gitlab.registry.issuer": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"gitlab-issuer\""}, "description": "GitLab container registry issuer.", "loc": ["services", "gitlab", "registry", "issuer"], "readOnly": false, "type": "string"}, "services.gitlab.registry.keyFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "description": "Path to GitLab container registry certificate-key.", "loc": ["services", "gitlab", "registry", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.gitlab.registry.package": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "pkgs.distribution"}, "description": "Container registry package to use.\n\nExternal container registries such as `pkgs.distribution` are not supported\nanymore since GitLab 16.0.0.\n", "loc": ["services", "gitlab", "registry", "package"], "readOnly": false, "type": "package"}, "services.gitlab.registry.port": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "4567"}, "description": "GitLab container registry port.", "loc": ["services", "gitlab", "registry", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitlab.registry.serviceName": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"container_registry\""}, "description": "GitLab container registry service name.", "loc": ["services", "gitlab", "registry", "serviceName"], "readOnly": false, "type": "string"}, "services.gitlab.secrets.activeRecordDeterministicKeyFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secret used to encrypt some rails data in a deterministic way\nin the DB. This should not be the same as `services.gitlab.secrets.activeRecordPrimaryKeyFile`!\n\nMake sure the secret is at ideally 32 characters and all random,\nno regular words or you'll be exposed to dictionary attacks.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "activeRecordDeterministicKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.secrets.activeRecordPrimaryKeyFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secret used to encrypt some rails data\nin the DB. This should not be the same as `services.gitlab.secrets.activeRecordDeterministicKeyFile`!\n\nMake sure the secret is at ideally 32 characters and all random,\nno regular words or you'll be exposed to dictionary attacks.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "activeRecordPrimaryKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.secrets.activeRecordSaltFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the salt for active record encryption in the DB.\n\nMake sure the secret is at ideally 32 characters and all random,\nno regular words or you'll be exposed to dictionary attacks.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "activeRecordSaltFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.secrets.dbFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secret used to encrypt variables in\nthe DB. If you change or lose this key you will be unable to\naccess variables stored in database.\n\nMake sure the secret is at least 32 characters and all random,\nno regular words or you'll be exposed to dictionary attacks.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "dbFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.secrets.jwsFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secret used to encrypt session\nkeys. If you change or lose this key, users will be\ndisconnected.\n\nMake sure the secret is an RSA private key in PEM format. You can\ngenerate one with\n\nopenssl genrsa 2048\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "jwsFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.secrets.otpFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secret used to encrypt secrets for OTP\ntokens. If you change or lose this key, users which have 2FA\nenabled for login won't be able to login anymore.\n\nMake sure the secret is at least 32 characters and all random,\nno regular words or you'll be exposed to dictionary attacks.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "otpFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.secrets.secretFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the secret used to encrypt variables in\nthe DB. If you change or lose this key you will be unable to\naccess variables stored in database.\n\nMake sure the secret is at least 32 characters and all random,\nno regular words or you'll be exposed to dictionary attacks.\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "loc": ["services", "gitlab", "secrets", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.sidekiq.concurrency": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How many processor threads to use for processing sidekiq background job queues. When null, the GitLab default is used.\n\nSee <https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#manage-thread-counts-explicitly> for details.\n", "loc": ["services", "gitlab", "sidekiq", "concurrency"], "readOnly": false, "type": "null or signed integer"}, "services.gitlab.sidekiq.memoryKiller.enable": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the Sidekiq MemoryKiller should be turned\non. MemoryKiller kills Sidekiq when its memory consumption\nexceeds a certain limit.\n\nSee <https://docs.gitlab.com/ee/administration/operations/sidekiq_memory_killer.html>\nfor details.\n", "loc": ["services", "gitlab", "sidekiq", "memoryKiller", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab.sidekiq.memoryKiller.graceTime": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "900"}, "description": "The time MemoryKiller waits after noticing excessive memory\nconsumption before killing Sidekiq.\n", "loc": ["services", "gitlab", "sidekiq", "memoryKiller", "graceTime"], "readOnly": false, "type": "signed integer"}, "services.gitlab.sidekiq.memoryKiller.maxMemory": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "2000"}, "description": "The maximum amount of memory, in MiB, a Sidekiq worker is\nallowed to consume before being killed.\n", "loc": ["services", "gitlab", "sidekiq", "memoryKiller", "maxMemory"], "readOnly": false, "type": "signed integer"}, "services.gitlab.sidekiq.memoryKiller.shutdownWait": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "The time allowed for all jobs to finish before Sidekiq is\nkilled forcefully.\n", "loc": ["services", "gitlab", "sidekiq", "memoryKiller", "shutdownWait"], "readOnly": false, "type": "signed integer"}, "services.gitlab.smtp.address": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address of the SMTP server for GitLab.", "loc": ["services", "gitlab", "smtp", "address"], "readOnly": false, "type": "string"}, "services.gitlab.smtp.authentication": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication type to use, see <http://api.rubyonrails.org/classes/ActionMailer/Base.html>", "loc": ["services", "gitlab", "smtp", "authentication"], "readOnly": false, "type": "null or string"}, "services.gitlab.smtp.domain": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "HELO domain to use for outgoing mail.", "loc": ["services", "gitlab", "smtp", "domain"], "readOnly": false, "type": "string"}, "services.gitlab.smtp.enable": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable gitlab mail delivery over SMTP.", "loc": ["services", "gitlab", "smtp", "enable"], "readOnly": false, "type": "boolean"}, "services.gitlab.smtp.enableStartTLSAuto": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to try to use StartTLS.", "loc": ["services", "gitlab", "smtp", "enableStartTLSAuto"], "readOnly": false, "type": "boolean"}, "services.gitlab.smtp.opensslVerifyMode": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"peer\""}, "description": "How OpenSSL checks the certificate, see <http://api.rubyonrails.org/classes/ActionMailer/Base.html>", "loc": ["services", "gitlab", "smtp", "opensslVerifyMode"], "readOnly": false, "type": "string"}, "services.gitlab.smtp.passwordFile": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password of the SMTP server for GitLab.\n\nThis should be a string, not a nix path, since nix paths\nare copied into the world-readable nix store.\n", "loc": ["services", "gitlab", "smtp", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.gitlab.smtp.port": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "Port of the SMTP server for GitLab.", "loc": ["services", "gitlab", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gitlab.smtp.tls": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use TLS wrapper-mode.", "loc": ["services", "gitlab", "smtp", "tls"], "readOnly": false, "type": "boolean"}, "services.gitlab.smtp.username": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username of the SMTP server for GitLab.", "loc": ["services", "gitlab", "smtp", "username"], "readOnly": false, "type": "null or string"}, "services.gitlab.statePath": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"/var/gitlab/state\""}, "description": "GitLab state directory. Configuration, repositories and\nlogs, among other things, are stored here.\n\nThe directory will be created automatically if it doesn't\nexist already. Its parent directories must be owned by\neither `root` or the user set in\n{option}`services.gitlab.user`.\n", "loc": ["services", "gitlab", "statePath"], "readOnly": false, "type": "string"}, "services.gitlab.user": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "\"gitlab\""}, "description": "User to run gitlab and all related services.", "loc": ["services", "gitlab", "user"], "readOnly": false, "type": "string"}, "services.gitlab.workhorse.config": {"declarations": ["nixos/modules/services/misc/gitlab.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options to add to Workhorse's configuration\nfile.\n\nSee\n<https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/config.toml.example>\nand\n<https://docs.gitlab.com/ee/development/workhorse/configuration.html>\nfor examples and option documentation.\n\nOptions containing secret data should be set to an attribute\nset containing the attribute `_secret` - a string pointing\nto a file containing the value the option should be set\nto. See the example to get a better picture of this: in the\nresulting configuration file, the\n`object_storage.s3.aws_secret_access_key` key will be set to\nthe contents of the {file}`/var/keys/aws_secret_access_key`\nfile.\n", "example": {"_type": "literalExpression", "text": "{\n  object_storage.provider = \"AWS\";\n  object_storage.s3 = {\n    aws_access_key_id = \"AKIAXXXXXXXXXXXXXXXX\";\n    aws_secret_access_key = { _secret = \"/var/keys/aws_secret_access_key\"; };\n  };\n};\n"}, "loc": ["services", "gitlab", "workhorse", "config"], "readOnly": false, "type": "TOML value"}, "services.gitolite.adminPubkey": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "description": "Initial administrative public key for Gitolite. This should\nbe an SSH Public Key. Note that this key will only be used\nonce, upon the first initialization of the Gitolite user.\nThe key string cannot have any line breaks in it.\n", "loc": ["services", "gitolite", "adminPubkey"], "readOnly": false, "type": "string"}, "services.gitolite.commonHooks": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of custom git hooks that get copied to `~/.gitolite/hooks/common`.\n", "loc": ["services", "gitolite", "commonHooks"], "readOnly": false, "type": "list of absolute path"}, "services.gitolite.dataDir": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/gitolite\""}, "description": "The gitolite home directory used to store all repositories. If left as the default value\nthis directory will automatically be created before the gitolite server starts, otherwise\nthe sysadmin is responsible for ensuring the directory exists with appropriate ownership\nand permissions.\n", "loc": ["services", "gitolite", "dataDir"], "readOnly": false, "type": "string"}, "services.gitolite.description": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "\"Gitolite user\""}, "description": "Gitolite user account's description.\n", "loc": ["services", "gitolite", "description"], "readOnly": false, "type": "string"}, "services.gitolite.enable": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable gitolite management under the\n`gitolite` user. After\nswitching to a configuration with Gitolite enabled, you can\nthen run `git clone gitolite@host:gitolite-admin.git` to manage it further.\n", "loc": ["services", "gitolite", "enable"], "readOnly": false, "type": "boolean"}, "services.gitolite.enableGitAnnex": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable git-annex support. Uses the `extraGitoliteRc` option\nto apply the necessary configuration.\n", "loc": ["services", "gitolite", "enableGitAnnex"], "readOnly": false, "type": "boolean"}, "services.gitolite.extraGitoliteRc": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to append to the default `~/.gitolite.rc`.\n\nThis should be Perl code that modifies the `%RC`\nconfiguration variable. The default `~/.gitolite.rc`\ncontent is generated by invoking `gitolite print-default-rc`,\nand extra configuration from this option is appended to it. The result\nis placed to Nix store, and the `~/.gitolite.rc` file\nbecomes a symlink to it.\n\nIf you already have a customized (or otherwise changed)\n`~/.gitolite.rc` file, NixOS will refuse to replace\nit with a symlink, and the `gitolite-init` initialization service\nwill fail. In this situation, in order to use this option, you\nwill need to take any customizations you may have in\n`~/.gitolite.rc`, convert them to appropriate Perl\nstatements, add them to this option, and remove the file.\n\nSee also the `enableGitAnnex` option.\n", "example": {"_type": "literalExpression", "text": "''\n  $RC{UMASK} = 0027;\n  $RC{SITE_INFO} = 'This is our private repository host';\n  push( @{$RC{ENABLE}}, 'Kindergarten' ); # enable the command/feature\n  @{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature\n''\n"}, "loc": ["services", "gitolite", "extraGitoliteRc"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gitolite.group": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "\"gitolite\""}, "description": "Primary group of the Gitolite user account.\n", "loc": ["services", "gitolite", "group"], "readOnly": false, "type": "string"}, "services.gitolite.user": {"declarations": ["nixos/modules/services/misc/gitolite.nix"], "default": {"_type": "literalExpression", "text": "\"gitolite\""}, "description": "Gitolite user account. This is the username of the gitolite endpoint.\n", "loc": ["services", "gitolite", "user"], "readOnly": false, "type": "string"}, "services.gitwatch": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of git repositories to watch for. See\n[gitwatch](https://github.com/gitwatch/gitwatch) for more.\n", "example": {"_type": "literalExpression", "text": "{\n  disabled-repo = {\n    branch = \"autobranch\";\n    enable = false;\n    path = \"/home/user/disabled-project\";\n    remote = \"git@github.com:me/my-old-project.git\";\n    user = \"user\";\n  };\n  my-repo = {\n    enable = true;\n    message = \"Auto-commit by gitwatch on %d\";\n    path = \"/home/user/watched-project\";\n    remote = \"git@github.com:me/my-project.git\";\n    user = \"user\";\n  };\n}"}, "loc": ["services", "gitwatch"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.gitwatch.<name>.branch": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional branch in remote repository", "loc": ["services", "gitwatch", "<name>", "branch"], "readOnly": false, "type": "null or string"}, "services.gitwatch.<name>.enable": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable watching for repo.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gitwatch", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.gitwatch.<name>.message": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional text to use in as commit message; all occurrences of `%d` will be replaced by formatted date/time", "loc": ["services", "gitwatch", "<name>", "message"], "readOnly": false, "type": "null or string"}, "services.gitwatch.<name>.path": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "description": "The path to repo in local machine", "loc": ["services", "gitwatch", "<name>", "path"], "readOnly": false, "type": "string"}, "services.gitwatch.<name>.remote": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional url of remote repository", "loc": ["services", "gitwatch", "<name>", "remote"], "readOnly": false, "type": "null or string"}, "services.gitwatch.<name>.user": {"declarations": ["nixos/modules/services/monitoring/gitwatch.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The name of services's user", "loc": ["services", "gitwatch", "<name>", "user"], "readOnly": false, "type": "string"}, "services.gitweb.extraConfig": {"declarations": ["nixos/modules/services/misc/gitweb.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim configuration text appended to the generated gitweb.conf file.\n", "example": {"_type": "literalExpression", "text": "''\n  $feature{'highlight'}{'default'} = [1];\n  $feature{'ctags'}{'default'} = [1];\n  $feature{'avatar'}{'default'} = ['gravatar'];\n''"}, "loc": ["services", "gitweb", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gitweb.gitwebTheme": {"declarations": ["nixos/modules/services/misc/gitweb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use an alternative theme for gitweb, strongly inspired by GitHub.\n", "loc": ["services", "gitweb", "gitwebTheme"], "readOnly": false, "type": "boolean"}, "services.gitweb.projectroot": {"declarations": ["nixos/modules/services/misc/gitweb.nix"], "default": {"_type": "literalExpression", "text": "\"/srv/git\""}, "description": "Path to git projects (bare repositories) that should be served by\ngitweb. Must not end with a slash.\n", "loc": ["services", "gitweb", "projectroot"], "readOnly": false, "type": "absolute path"}, "services.glance.enable": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable glance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "glance", "enable"], "readOnly": false, "type": "boolean"}, "services.glance.environmentFile": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Path to an environment file as defined in {manpage}`systemd.exec(5)`.\n\nSee upstream documentation\n<https://github.com/glanceapp/glance/blob/main/docs/configuration.md#environment-variables>.\n\nExample content of the file:\n```\nTIMEZONE=Europe/Paris\n```\n\nExample `services.glance.settings.pages` configuration:\n```nix\n  [\n    {\n      name = \"Home\";\n      columns = [\n        {\n          size = \"full\";\n          widgets = [\n            {\n              type = \"clock\";\n              timezone = \"\\${TIMEZONE}\";\n              label = \"Local Time\";\n            }\n          ];\n        }\n      ];\n    }\n  ];\n```\n\nNote that when using Glance's `${ENV_VAR}` syntax in Nix,\nyou need to escape it as follows: use `\\${ENV_VAR}` in `\"` strings\nand `''${ENV_VAR}` in `''` strings.\n\nAlternatively, you can put each secret in it's own file,\nsee `services.glance.settings`.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/glance\""}, "loc": ["services", "glance", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.glance.openFirewall": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for Glance.\nThis adds `services.glance.settings.server.port` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "glance", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.glance.package": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "pkgs.glance"}, "description": "The glance package to use.", "loc": ["services", "glance", "package"], "readOnly": false, "type": "package"}, "services.glance.settings": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration written to a yaml file that is read by glance. See\n<https://github.com/glanceapp/glance/blob/main/docs/configuration.md>\nfor more.\n\nSettings containing secret data should be set to an\nattribute set with this format: `{ _secret = \"/path/to/secret\"; }`.\nSee the example in `services.glance.settings.pages` at the weather widget\nwith a location secret to get a better picture of this.\n\nAlternatively, you can use a single file with environment variables,\nsee `services.glance.environmentFile`.\n", "loc": ["services", "glance", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.glance.settings.pages": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    columns = [\n      {\n        size = \"full\";\n        widgets = [\n          {\n            type = \"calendar\";\n          }\n        ];\n      }\n    ];\n    name = \"Calendar\";\n  }\n]"}, "description": "List of pages to be present on the dashboard.\n\nSee <https://github.com/glanceapp/glance/blob/main/docs/configuration.md#pages--columns>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    columns = [\n      {\n        size = \"full\";\n        widgets = [\n          {\n            type = \"calendar\";\n          }\n          {\n            location = {\n              _secret = \"/var/lib/secrets/glance/location\";\n            };\n            type = \"weather\";\n          }\n        ];\n      }\n    ];\n    name = \"Home\";\n  }\n]"}, "loc": ["services", "glance", "settings", "pages"], "readOnly": false, "type": "YAML 1.1 value"}, "services.glance.settings.server.host": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Glance bind address", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "glance", "settings", "server", "host"], "readOnly": false, "type": "string"}, "services.glance.settings.server.port": {"declarations": ["nixos/modules/services/web-apps/glance.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Glance port to listen on", "example": {"_type": "literalExpression", "text": "5678"}, "loc": ["services", "glance", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.glances.enable": {"declarations": ["nixos/modules/services/monitoring/glances.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Glances.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "glances", "enable"], "readOnly": false, "type": "boolean"}, "services.glances.extraArgs": {"declarations": ["nixos/modules/services/monitoring/glances.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--webserver\"\n]"}, "description": "Extra command-line arguments to pass to glances.\n\nSee <https://glances.readthedocs.io/en/latest/cmds.html> for all available options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--webserver\"\n  \"--disable-webui\"\n]"}, "loc": ["services", "glances", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.glances.openFirewall": {"declarations": ["nixos/modules/services/monitoring/glances.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in the firewall for glances.", "loc": ["services", "glances", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.glances.package": {"declarations": ["nixos/modules/services/monitoring/glances.nix"], "default": {"_type": "literalExpression", "text": "pkgs.glances"}, "description": "The glances package to use.", "loc": ["services", "glances", "package"], "readOnly": false, "type": "package"}, "services.glances.port": {"declarations": ["nixos/modules/services/monitoring/glances.nix"], "default": {"_type": "literalExpression", "text": "61208"}, "description": "Port the server will isten on.", "loc": ["services", "glances", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.glitchtip.celery.extraArgs": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments for celery.", "loc": ["services", "glitchtip", "celery", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.glitchtip.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable and configure a local PostgreSQL database server.\n", "loc": ["services", "glitchtip", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.glitchtip.enable": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GlitchTip.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "glitchtip", "enable"], "readOnly": false, "type": "boolean"}, "services.glitchtip.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load environment variables from in addition to [](#opt-services.glitchtip.settings).\nThis is useful to avoid putting secrets into the nix store.\nSee <https://glitchtip.com/documentation/install#configuration> for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/glitchtip.env\"\n]"}, "loc": ["services", "glitchtip", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.glitchtip.group": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "\"glitchtip\""}, "description": "The group under which GlitchTip runs.", "loc": ["services", "glitchtip", "group"], "readOnly": false, "type": "string"}, "services.glitchtip.gunicorn.extraArgs": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments for gunicorn.", "loc": ["services", "glitchtip", "gunicorn", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.glitchtip.listenAddress": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address to listen on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "glitchtip", "listenAddress"], "readOnly": false, "type": "string"}, "services.glitchtip.package": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "pkgs.glitchtip"}, "description": "The glitchtip package to use.", "loc": ["services", "glitchtip", "package"], "readOnly": false, "type": "package"}, "services.glitchtip.port": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "The port to listen on.", "loc": ["services", "glitchtip", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.glitchtip.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable and configure a local Redis instance.\n", "loc": ["services", "glitchtip", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.glitchtip.settings": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "{\n  DEBUG = 0;\n  DEBUG_TOOLBAR = 0;\n  DATABASE_URL = lib.mkIf config.services.glitchtip.database.createLocally \"postgresql://@/glitchtip\";\n  REDIS_URL = lib.mkIf config.services.glitchtip.redis.createLocally \"unix://${config.services.redis.servers.glitchtip.unixSocket}\";\n  CELERY_BROKER_URL = lib.mkIf config.services.glitchtip.redis.createLocally \"redis+socket://${config.services.redis.servers.glitchtip.unixSocket}\";\n}\n"}, "description": "Configuration of GlitchTip. See <https://glitchtip.com/documentation/install#configuration> for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  DATABASE_URL = \"postgres://postgres:postgres@postgres/postgres\";\n  GLITCHTIP_DOMAIN = \"https://glitchtip.example.com\";\n}"}, "loc": ["services", "glitchtip", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.glitchtip.settings.ENABLE_ORGANIZATION_CREATION": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When false, only superusers will be able to create new organizations after the first. When true, any user can create a new organization.\n", "loc": ["services", "glitchtip", "settings", "ENABLE_ORGANIZATION_CREATION"], "readOnly": false, "type": "boolean"}, "services.glitchtip.settings.ENABLE_USER_REGISTRATION": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When true, any user will be able to register. When false, user self-signup is disabled after the first user is registered. Subsequent users must be created by a superuser on the backend and organization invitations may only be sent to existing users.\n", "loc": ["services", "glitchtip", "settings", "ENABLE_USER_REGISTRATION"], "readOnly": false, "type": "boolean"}, "services.glitchtip.settings.GLITCHTIP_DOMAIN": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "description": "The URL under which GlitchTip is externally reachable.", "example": {"_type": "literalExpression", "text": "\"https://glitchtip.example.com\""}, "loc": ["services", "glitchtip", "settings", "GLITCHTIP_DOMAIN"], "readOnly": false, "type": "string"}, "services.glitchtip.stateDir": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/glitchtip\""}, "description": "State directory of glitchtip.", "loc": ["services", "glitchtip", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.glitchtip.user": {"declarations": ["nixos/modules/services/web-apps/glitchtip.nix"], "default": {"_type": "literalExpression", "text": "\"glitchtip\""}, "description": "The user account under which GlitchTip runs.", "loc": ["services", "glitchtip", "user"], "readOnly": false, "type": "string"}, "services.globalprotect.csdWrapper": {"declarations": ["nixos/modules/services/networking/globalprotect-vpn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A script that will produce a Host Integrity Protection (HIP) report,\nas described at <https://www.infradead.org/openconnect/hip.html>\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.openconnect}/libexec/openconnect/hipreport.sh\""}, "loc": ["services", "globalprotect", "csdWrapper"], "readOnly": false, "type": "null or absolute path"}, "services.globalprotect.enable": {"declarations": ["nixos/modules/services/networking/globalprotect-vpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable globalprotect.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "globalprotect", "enable"], "readOnly": false, "type": "boolean"}, "services.globalprotect.settings": {"declarations": ["nixos/modules/services/networking/globalprotect-vpn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "GlobalProtect-openconnect configuration. For more information, visit\n<https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>.\n", "example": {"_type": "literalExpression", "text": "{\n  \"vpn1.company.com\" = {\n    openconnect-args = \"--script=/path/to/vpnc-script\";\n  };\n}"}, "loc": ["services", "globalprotect", "settings"], "readOnly": false, "type": "attribute set"}, "services.glpiAgent.enable": {"declarations": ["nixos/modules/services/monitoring/glpi-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GLPI Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "glpiAgent", "enable"], "readOnly": false, "type": "boolean"}, "services.glpiAgent.package": {"declarations": ["nixos/modules/services/monitoring/glpi-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.glpi-agent"}, "description": "The glpi-agent package to use.", "loc": ["services", "glpiAgent", "package"], "readOnly": false, "type": "package"}, "services.glpiAgent.settings": {"declarations": ["nixos/modules/services/monitoring/glpi-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "GLPI Agent configuration options.\nSee <https://glpi-agent.readthedocs.io/en/latest/configuration.html> for all available options.\n\nThe 'server' option is mandatory and must point to your GLPI server.\n", "example": {"_type": "literalExpression", "text": "{\n  server = [ \"https://glpi.example.com/inventory\" ];\n  delaytime = 3600;\n  tag = \"production\";\n  logger = [ \"stderr\" \"file\" ];\n  debug = 1;\n  \"no-category\" = [ \"printer\" \"software\" ];\n}\n"}, "loc": ["services", "glpiAgent", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string or list of string)"}, "services.glpiAgent.stateDir": {"declarations": ["nixos/modules/services/monitoring/glpi-agent.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/glpi-agent\""}, "description": "Directory where GLPI Agent stores its state.", "loc": ["services", "glpiAgent", "stateDir"], "readOnly": false, "type": "string"}, "services.glusterfs.enable": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GlusterFS Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "glusterfs", "enable"], "readOnly": false, "type": "boolean"}, "services.glusterfs.enableGlustereventsd": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the GlusterFS Events Daemon", "loc": ["services", "glusterfs", "enableGlustereventsd"], "readOnly": false, "type": "boolean"}, "services.glusterfs.extraFlags": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the GlusterFS daemon", "loc": ["services", "glusterfs", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.glusterfs.killMode": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "\"control-group\""}, "description": "The systemd KillMode to use for glusterd.\n\nglusterd spawns other daemons like gsyncd.\nIf you want these to stop when glusterd is stopped (e.g. to ensure\nthat NixOS config changes are reflected even for these sub-daemons),\nset this to 'control-group'.\nIf however you want running volume processes (glusterfsd) and thus\ngluster mounts not be interrupted when glusterd is restarted\n(for example, when you want to restart them manually at a later time),\nset this to 'process'.\n", "loc": ["services", "glusterfs", "killMode"], "readOnly": false, "type": "one of \"control-group\", \"process\", \"mixed\", \"none\""}, "services.glusterfs.logLevel": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level used by the GlusterFS daemon", "loc": ["services", "glusterfs", "logLevel"], "readOnly": false, "type": "one of \"DEBUG\", \"INFO\", \"WARNING\", \"ERROR\", \"CRITICAL\", \"TRACE\", \"NONE\""}, "services.glusterfs.stopKillTimeout": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "\"5s\""}, "description": "The systemd TimeoutStopSec to use.\n\nAfter this time after having been asked to shut down, glusterd\n(and depending on the killMode setting also its child processes)\nare killed by systemd.\n\nThe default is set low because GlusterFS (as of 3.10) is known to\nnot tell its children (like gsyncd) to terminate at all.\n", "loc": ["services", "glusterfs", "stopKillTimeout"], "readOnly": false, "type": "string"}, "services.glusterfs.tlsSettings": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Make the server communicate via TLS.\nThis means it will only connect to other gluster\nservers having certificates signed by the same CA.\n\nEnabling this will create a file {file}`/var/lib/glusterd/secure-access`.\nDisabling will delete this file again.\n\nSee also: <https://gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL/>\n", "loc": ["services", "glusterfs", "tlsSettings"], "readOnly": false, "type": "null or (submodule)"}, "services.glusterfs.tlsSettings.caCert": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "description": "Path certificate authority used to sign the cluster certificates.", "loc": ["services", "glusterfs", "tlsSettings", "caCert"], "readOnly": false, "type": "absolute path"}, "services.glusterfs.tlsSettings.tlsKeyPath": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "description": "Path to the private key used for TLS.", "loc": ["services", "glusterfs", "tlsSettings", "tlsKeyPath"], "readOnly": false, "type": "string"}, "services.glusterfs.tlsSettings.tlsPem": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "description": "Path to the certificate used for TLS.", "loc": ["services", "glusterfs", "tlsSettings", "tlsPem"], "readOnly": false, "type": "absolute path"}, "services.glusterfs.useRpcbind": {"declarations": ["nixos/modules/services/network-filesystems/glusterfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable use of rpcbind. This is required for Gluster's NFS functionality.\n\nYou may want to turn it off to reduce the attack surface for DDoS reflection attacks.\n\nSee <https://davelozier.com/glusterfs-and-rpcbind-portmap-ddos-reflection-attacks/>\nand <https://bugzilla.redhat.com/show_bug.cgi?id=1426842> for details.\n", "loc": ["services", "glusterfs", "useRpcbind"], "readOnly": false, "type": "boolean"}, "services.gmediarender.audioDevice": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The audio device to use.\n", "loc": ["services", "gmediarender", "audioDevice"], "readOnly": false, "type": "null or string"}, "services.gmediarender.audioSink": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The audio sink to use.\n", "loc": ["services", "gmediarender", "audioSink"], "readOnly": false, "type": "null or string"}, "services.gmediarender.enable": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the gmediarender DLNA renderer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gmediarender", "enable"], "readOnly": false, "type": "boolean"}, "services.gmediarender.friendlyName": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A \"friendly name\" for identifying the endpoint.\n", "loc": ["services", "gmediarender", "friendlyName"], "readOnly": false, "type": "null or string"}, "services.gmediarender.initialVolume": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "A default volume attenuation (in dB) for the endpoint.\n", "loc": ["services", "gmediarender", "initialVolume"], "readOnly": false, "type": "null or signed integer"}, "services.gmediarender.package": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gmrender-resurrect"}, "description": "The gmediarender package to use.", "loc": ["services", "gmediarender", "package"], "readOnly": false, "type": "package"}, "services.gmediarender.port": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port that will be used to accept client connections.", "loc": ["services", "gmediarender", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gmediarender.uuid": {"declarations": ["nixos/modules/services/audio/gmediarender.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A UUID for uniquely identifying the endpoint.  If you have\nmultiple renderers on your network, you MUST set this.\n", "loc": ["services", "gmediarender", "uuid"], "readOnly": false, "type": "null or string"}, "services.gnome.at-spi2-core.enable": {"declarations": ["nixos/modules/services/desktops/gnome/at-spi2-core.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable at-spi2-core, a service for the Assistive Technologies\navailable on the GNOME platform.\n\nEnable this if you get the error or warning\n`The name org.a11y.Bus was not provided by any .service files`.\n", "loc": ["services", "gnome", "at-spi2-core", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.core-apps.enable": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME core apps.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "core-apps", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.core-developer-tools.enable": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME core developer tools.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "core-developer-tools", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.core-os-services.enable": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable essential services for GNOME3.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "core-os-services", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.core-shell.enable": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Shell services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "core-shell", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.evolution-data-server.enable": {"declarations": ["nixos/modules/services/desktops/gnome/evolution-data-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "evolution-data-server", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.evolution-data-server.plugins": {"declarations": ["nixos/modules/services/desktops/gnome/evolution-data-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugins for Evolution Data Server.", "loc": ["services", "gnome", "evolution-data-server", "plugins"], "readOnly": false, "type": "list of package"}, "services.gnome.games.enable": {"declarations": ["nixos/modules/services/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME games.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "games", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gcr-ssh-agent.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gcr-ssh-agent.nix"], "default": {"_type": "literalExpression", "text": "config.services.gnome.gnome-keyring.enable"}, "description": "Whether to enable GCR SSH agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gcr-ssh-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gcr-ssh-agent.package": {"declarations": ["nixos/modules/services/desktops/gnome/gcr-ssh-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gcr_4"}, "description": "The GCR package to use.", "loc": ["services", "gnome", "gcr-ssh-agent", "package"], "readOnly": false, "type": "package"}, "services.gnome.glib-networking.enable": {"declarations": ["nixos/modules/services/desktops/gnome/glib-networking.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable network extensions for GLib.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "glib-networking", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-browser-connector.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-browser-connector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable native host connector for the GNOME Shell browser extension, a DBus service\nallowing to install GNOME Shell extensions from a web browser\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-browser-connector", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-initial-setup.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-initial-setup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-initial-setup", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-keyring.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-keyring.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Keyring daemon, a service designed to\ntake care of the user's security credentials,\nsuch as user names and passwords\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-keyring", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-online-accounts.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-online-accounts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Online Accounts daemon, a service that provides\na single sign-on framework for the GNOME desktop.\n", "loc": ["services", "gnome", "gnome-online-accounts", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-remote-desktop.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Remote Desktop support using Pipewire.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-remote-desktop", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-settings-daemon.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Settings Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-settings-daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-software.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-software.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME Software, package manager for GNOME.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-software", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.gnome-user-share.enable": {"declarations": ["nixos/modules/services/desktops/gnome/gnome-user-share.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNOME User Share, a user-level file sharing service for GNOME.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gnome", "gnome-user-share", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.localsearch.enable": {"declarations": ["nixos/modules/services/desktops/gnome/localsearch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LocalSearch, indexing services for TinySPARQL\nsearch engine and metadata storage system.\n", "loc": ["services", "gnome", "localsearch", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.rygel.enable": {"declarations": ["nixos/modules/services/desktops/gnome/rygel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Rygel UPnP Mediaserver.\n\nYou will need to also allow UPnP connections in firewall, see the following [comment](https://github.com/NixOS/nixpkgs/pull/45045#issuecomment-416030795).\n", "loc": ["services", "gnome", "rygel", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.rygel.package": {"declarations": ["nixos/modules/services/desktops/gnome/rygel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rygel"}, "description": "The rygel package to use.", "loc": ["services", "gnome", "rygel", "package"], "readOnly": false, "type": "package"}, "services.gnome.sushi.enable": {"declarations": ["nixos/modules/services/desktops/gnome/sushi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sushi, a quick previewer for nautilus.\n", "loc": ["services", "gnome", "sushi", "enable"], "readOnly": false, "type": "boolean"}, "services.gnome.tinysparql.enable": {"declarations": ["nixos/modules/services/desktops/gnome/tinysparql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TinySPARQL services, a search engine,\nsearch tool and metadata storage system.\n", "loc": ["services", "gnome", "tinysparql", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.auth.enable": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable password based HTTP authentication to access the GNS3 Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "auth", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.auth.passwordFile": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password to access the GNS3 Server.\n\n::: {.warning}\nThis should be a string, not a nix path, since nix paths\nare copied into the world-readable nix store.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/gns3-server-password\""}, "loc": ["services", "gns3-server", "auth", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.gns3-server.auth.user": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username used to access the GNS3 Server.", "example": {"_type": "literalExpression", "text": "\"gns3\""}, "loc": ["services", "gns3-server", "auth", "user"], "readOnly": false, "type": "null or string"}, "services.gns3-server.dynamips.enable": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dynamips support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "dynamips", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.dynamips.package": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dynamips"}, "description": "The dynamips package to use.", "loc": ["services", "gns3-server", "dynamips", "package"], "readOnly": false, "type": "package"}, "services.gns3-server.enable": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GNS3 Server daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.log.debug": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "log", "debug"], "readOnly": false, "type": "boolean"}, "services.gns3-server.log.file": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/gns3/server.log\""}, "description": "Path of the file GNS3 Server should log to.", "loc": ["services", "gns3-server", "log", "file"], "readOnly": false, "type": "null or absolute path"}, "services.gns3-server.package": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gns3-server"}, "description": "The gns3-server package to use.", "loc": ["services", "gns3-server", "package"], "readOnly": false, "type": "package"}, "services.gns3-server.settings": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The global options in `config` file in ini format.\n\nRefer to <https://docs.gns3.com/docs/using-gns3/administration/gns3-server-configuration-file/>\nfor all available options.\n", "example": {"_type": "literalExpression", "text": "{\n  host = \"127.0.0.1\";\n  port = 3080;\n}"}, "loc": ["services", "gns3-server", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.gns3-server.ssl.certFile": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the SSL certificate file. This certificate will\nbe offered to, and may be verified by, clients.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/gns3/ssl/server.pem\""}, "loc": ["services", "gns3-server", "ssl", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.gns3-server.ssl.enable": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL encryption.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "ssl", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.ssl.keyFile": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key file for the certificate.", "example": {"_type": "literalExpression", "text": "\"/var/lib/gns3/ssl/server.key\""}, "loc": ["services", "gns3-server", "ssl", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.gns3-server.ubridge.enable": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uBridge support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "ubridge", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.ubridge.package": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ubridge"}, "description": "The ubridge package to use.", "loc": ["services", "gns3-server", "ubridge", "package"], "readOnly": false, "type": "package"}, "services.gns3-server.vpcs.enable": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VPCS support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gns3-server", "vpcs", "enable"], "readOnly": false, "type": "boolean"}, "services.gns3-server.vpcs.package": {"declarations": ["nixos/modules/services/networking/gns3-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vpcs"}, "description": "The vpcs package to use.", "loc": ["services", "gns3-server", "vpcs", "package"], "readOnly": false, "type": "package"}, "services.gnunet.enable": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the GNUnet daemon.  GNUnet is GNU's anonymous\npeer-to-peer communication and file sharing framework.\n", "loc": ["services", "gnunet", "enable"], "readOnly": false, "type": "boolean"}, "services.gnunet.extraOptions": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional options that will be copied verbatim in {file}`gnunet.conf`.\nSee {manpage}`gnunet.conf(5)` for details.\n", "loc": ["services", "gnunet", "extraOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gnunet.fileSharing.quota": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Maximum file system usage (in MiB) for file sharing.\n", "loc": ["services", "gnunet", "fileSharing", "quota"], "readOnly": false, "type": "signed integer"}, "services.gnunet.load.hardNetUpBandwidth": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Hard bandwidth limit (in bits per second) when uploading\ndata.\n", "loc": ["services", "gnunet", "load", "hardNetUpBandwidth"], "readOnly": false, "type": "signed integer"}, "services.gnunet.load.maxNetDownBandwidth": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "50000"}, "description": "Maximum bandwidth usage (in bits per second) for GNUnet\nwhen downloading data.\n", "loc": ["services", "gnunet", "load", "maxNetDownBandwidth"], "readOnly": false, "type": "signed integer"}, "services.gnunet.load.maxNetUpBandwidth": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "50000"}, "description": "Maximum bandwidth usage (in bits per second) for GNUnet\nwhen downloading data.\n", "loc": ["services", "gnunet", "load", "maxNetUpBandwidth"], "readOnly": false, "type": "signed integer"}, "services.gnunet.package": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnunet"}, "description": "The gnunet package to use.", "example": {"_type": "literalExpression", "text": "gnunet_git"}, "loc": ["services", "gnunet", "package"], "readOnly": false, "type": "package"}, "services.gnunet.tcp.port": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "2086"}, "description": "The TCP port for use by GNUnet.\n", "loc": ["services", "gnunet", "tcp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gnunet.udp.port": {"declarations": ["nixos/modules/services/networking/gnunet.nix"], "default": {"_type": "literalExpression", "text": "2086"}, "description": "The UDP port for use by GNUnet.\n", "loc": ["services", "gnunet", "udp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.go-autoconfig.enable": {"declarations": ["nixos/modules/services/networking/go-autoconfig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IMAP/SMTP autodiscover feature for mail clients.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go-autoconfig", "enable"], "readOnly": false, "type": "boolean"}, "services.go-autoconfig.settings": {"declarations": ["nixos/modules/services/networking/go-autoconfig.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for go-autoconfig. See\n<https://github.com/L11R/go-autoconfig/blob/master/config.yml>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  service_addr = \":1323\";\n  domain = \"autoconfig.example.org\";\n  imap = {\n    server = \"example.org\";\n    port = 993;\n  };\n  smtp = {\n    server = \"example.org\";\n    port = 465;\n  };\n}\n"}, "loc": ["services", "go-autoconfig", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.go-camo.enable": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable go-camo service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go-camo", "enable"], "readOnly": false, "type": "boolean"}, "services.go-camo.extraOptions": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options passed to the go-camo command.", "loc": ["services", "go-camo", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.go-camo.keyFile": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the HMAC key to use for signing URLs.\nThe file can contain any string. Can be generated using \"openssl rand -base64 18 > the_file\".\n", "loc": ["services", "go-camo", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.go-camo.listen": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address:Port to bind to for HTTP (default: 0.0.0.0:8080).", "loc": ["services", "go-camo", "listen"], "readOnly": false, "type": "null or string"}, "services.go-camo.sslCert": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to TLS certificate.", "loc": ["services", "go-camo", "sslCert"], "readOnly": false, "type": "null or absolute path"}, "services.go-camo.sslKey": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to TLS private key.", "loc": ["services", "go-camo", "sslKey"], "readOnly": false, "type": "null or absolute path"}, "services.go-camo.sslListen": {"declarations": ["nixos/modules/services/networking/go-camo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address:Port to bind to for HTTPS.", "loc": ["services", "go-camo", "sslListen"], "readOnly": false, "type": "null or string"}, "services.go-csp-collector.enable": {"declarations": ["nixos/modules/services/monitoring/go-csp-collector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable go-csp-collector, a content security policy violation collector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go-csp-collector", "enable"], "readOnly": false, "type": "boolean"}, "services.go-csp-collector.package": {"declarations": ["nixos/modules/services/monitoring/go-csp-collector.nix"], "default": {"_type": "literalExpression", "text": "pkgs.go-csp-collector"}, "description": "The go-csp-collector package to use.", "loc": ["services", "go-csp-collector", "package"], "readOnly": false, "type": "package"}, "services.go-csp-collector.settings": {"declarations": ["nixos/modules/services/monitoring/go-csp-collector.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for go-csp-collector. See\n<https://github.com/jacobbednarz/go-csp-collector> for supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  debug = true;\n  health-check-path = \"/health\";\n}\n"}, "loc": ["services", "go-csp-collector", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or absolute path or string)"}, "services.go-csp-collector.settings.output-format": {"declarations": ["nixos/modules/services/monitoring/go-csp-collector.nix"], "default": {"_type": "literalExpression", "text": "\"text\""}, "description": "Define how the violation reports are formatted for output.", "example": {"_type": "literalExpression", "text": "\"text\""}, "loc": ["services", "go-csp-collector", "settings", "output-format"], "readOnly": false, "type": "one of \"text\", \"json\""}, "services.go-csp-collector.settings.port": {"declarations": ["nixos/modules/services/monitoring/go-csp-collector.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port to listen on.", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "go-csp-collector", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.go-httpbin.enable": {"declarations": ["nixos/modules/services/web-apps/go-httpbin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable go-httpbin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go-httpbin", "enable"], "readOnly": false, "type": "boolean"}, "services.go-httpbin.package": {"declarations": ["nixos/modules/services/web-apps/go-httpbin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.go-httpbin"}, "description": "The go-httpbin package to use.", "loc": ["services", "go-httpbin", "package"], "readOnly": false, "type": "package"}, "services.go-httpbin.settings": {"declarations": ["nixos/modules/services/web-apps/go-httpbin.nix"], "description": "Configuration of go-httpbin.\nSee <https://github.com/mccutchen/go-httpbin#configuration> for a list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  HOST = \"0.0.0.0\";\n  PORT = 8080;\n}"}, "loc": ["services", "go-httpbin", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.go-httpbin.settings.HOST": {"declarations": ["nixos/modules/services/web-apps/go-httpbin.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host to listen on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "go-httpbin", "settings", "HOST"], "readOnly": false, "type": "string"}, "services.go-httpbin.settings.PORT": {"declarations": ["nixos/modules/services/web-apps/go-httpbin.nix"], "description": "The port to listen on.", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "go-httpbin", "settings", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.go-neb.baseUrl": {"declarations": ["nixos/modules/services/networking/go-neb.nix"], "description": "Public-facing endpoint that can receive webhooks.", "loc": ["services", "go-neb", "baseUrl"], "readOnly": false, "type": "string"}, "services.go-neb.bindAddress": {"declarations": ["nixos/modules/services/networking/go-neb.nix"], "default": {"_type": "literalExpression", "text": "\":4050\""}, "description": "Port (and optionally address) to listen on.", "loc": ["services", "go-neb", "bindAddress"], "readOnly": false, "type": "string"}, "services.go-neb.config": {"declarations": ["nixos/modules/services/networking/go-neb.nix"], "description": "Your {file}`config.yaml` as a Nix attribute set.\nSee [config.sample.yaml](https://github.com/matrix-org/go-neb/blob/master/config.sample.yaml)\nfor possible options.\n", "loc": ["services", "go-neb", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.go-neb.enable": {"declarations": ["nixos/modules/services/networking/go-neb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable an extensible matrix bot written in Go.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go-neb", "enable"], "readOnly": false, "type": "boolean"}, "services.go-neb.secretFile": {"declarations": ["nixos/modules/services/networking/go-neb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment variables from this file will be interpolated into the\nfinal config file using envsubst with this syntax: `$ENVIRONMENT`\nor `${VARIABLE}`.\nThe file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/go-neb.env\""}, "loc": ["services", "go-neb", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.go-shadowsocks2.server.enable": {"declarations": ["nixos/modules/services/networking/go-shadowsocks2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable go-shadowsocks2 server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go-shadowsocks2", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.go-shadowsocks2.server.listenAddress": {"declarations": ["nixos/modules/services/networking/go-shadowsocks2.nix"], "description": "Server listen address or URL", "example": {"_type": "literalExpression", "text": "\"ss://AEAD_CHACHA20_POLY1305:your-password@:8488\""}, "loc": ["services", "go-shadowsocks2", "server", "listenAddress"], "readOnly": false, "type": "string"}, "services.goatcounter.address": {"declarations": ["nixos/modules/services/web-apps/goatcounter.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Web interface address.", "loc": ["services", "goatcounter", "address"], "readOnly": false, "type": "string"}, "services.goatcounter.enable": {"declarations": ["nixos/modules/services/web-apps/goatcounter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable goatcounter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "goatcounter", "enable"], "readOnly": false, "type": "boolean"}, "services.goatcounter.extraArgs": {"declarations": ["nixos/modules/services/web-apps/goatcounter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra arguments to be passed to goatcounter cli.\nSee {command}`goatcounter help serve` for more information.\n", "loc": ["services", "goatcounter", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.goatcounter.package": {"declarations": ["nixos/modules/services/web-apps/goatcounter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.goatcounter"}, "description": "The goatcounter package to use.", "loc": ["services", "goatcounter", "package"], "readOnly": false, "type": "package"}, "services.goatcounter.port": {"declarations": ["nixos/modules/services/web-apps/goatcounter.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Web interface port.", "loc": ["services", "goatcounter", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.goatcounter.proxy": {"declarations": ["nixos/modules/services/web-apps/goatcounter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether Goatcounter service is running behind a reverse proxy. Will listen for HTTPS if `false`.\nRefer to [documentation](https://github.com/arp242/goatcounter?tab=readme-ov-file#running) for more details.\n", "loc": ["services", "goatcounter", "proxy"], "readOnly": false, "type": "boolean"}, "services.gobgpd.enable": {"declarations": ["nixos/modules/services/networking/gobgpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GoBGP Routing Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gobgpd", "enable"], "readOnly": false, "type": "boolean"}, "services.gobgpd.settings": {"declarations": ["nixos/modules/services/networking/gobgpd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "GoBGP configuration. Refer to\n<https://github.com/osrg/gobgp#documentation>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  global = {\n    config = {\n      as = 64512;\n      router-id = \"192.168.255.1\";\n    };\n  };\n  neighbors = [\n    {\n      config = {\n        neighbor-address = \"10.0.255.1\";\n        peer-as = 65001;\n      };\n    }\n    {\n      config = {\n        neighbor-address = \"10.0.255.2\";\n        peer-as = 65002;\n      };\n    }\n  ];\n}\n"}, "loc": ["services", "gobgpd", "settings"], "readOnly": false, "type": "TOML value"}, "services.gocd-agent.agentConfig": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Agent registration configuration.\n", "example": {"_type": "literalExpression", "text": "''\n  agent.auto.register.resources=ant,java\n  agent.auto.register.environments=QA,Performance\n  agent.auto.register.hostname=Agent01\n''"}, "loc": ["services", "gocd-agent", "agentConfig"], "readOnly": false, "type": "string"}, "services.gocd-agent.enable": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gocd-agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gocd-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.gocd-agent.environment": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to be passed to the Go.CD agent process.\nAs a base environment, Go.CD agent receives NIX_PATH from\n{option}`environment.sessionVariables`, NIX_REMOTE is set to\n\"daemon\".\n", "loc": ["services", "gocd-agent", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.gocd-agent.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra groups that the \"gocd-agent\" user should be a part of.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wheel\"\n  \"docker\"\n]"}, "loc": ["services", "gocd-agent", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.gocd-agent.extraOptions": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies additional command line arguments to pass to Go.CD agent\njava process.  Example contains debug and gcLog arguments.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-X debug\"\n  \"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006\"\n  \"-verbose:gc\"\n  \"-Xloggc:go-agent-gc.log\"\n  \"-XX:+PrintGCTimeStamps\"\n  \"-XX:+PrintTenuringDistribution\"\n  \"-XX:+PrintGCDetails\"\n  \"-XX:+PrintGC\"\n]"}, "loc": ["services", "gocd-agent", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.gocd-agent.goServer": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"https://127.0.0.1:8154/go\""}, "description": "URL of the GoCD Server to attach the Go.CD Agent to.\n", "loc": ["services", "gocd-agent", "goServer"], "readOnly": false, "type": "string"}, "services.gocd-agent.group": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"gocd-agent\""}, "description": "If the default user \"gocd-agent\" is configured then this is the primary\ngroup of that user.\n", "loc": ["services", "gocd-agent", "group"], "readOnly": false, "type": "string"}, "services.gocd-agent.initialJavaHeapSize": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"128m\""}, "description": "Specifies the initial java heap memory size for the Go.CD agent java process.\n", "loc": ["services", "gocd-agent", "initialJavaHeapSize"], "readOnly": false, "type": "string"}, "services.gocd-agent.maxJavaHeapMemory": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"256m\""}, "description": "Specifies the java maximum heap memory size for the Go.CD agent java process.\n", "loc": ["services", "gocd-agent", "maxJavaHeapMemory"], "readOnly": false, "type": "string"}, "services.gocd-agent.packages": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"}, "description": "Packages to add to PATH for the Go.CD agent process.\n", "loc": ["services", "gocd-agent", "packages"], "readOnly": false, "type": "list of package"}, "services.gocd-agent.startupOptions": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-Xms${config.services.gocd-agent.initialJavaHeapSize}\"\n  \"-Xmx${config.services.gocd-agent.maxJavaHeapMemory}\"\n  \"-Djava.io.tmpdir=/tmp\"\n  \"-Dcruise.console.publish.interval=10\"\n  \"-Djava.security.egd=file:/dev/./urandom\"\n]\n"}, "description": "Specifies startup command line arguments to pass to Go.CD agent\njava process.\n", "loc": ["services", "gocd-agent", "startupOptions"], "readOnly": false, "type": "list of string"}, "services.gocd-agent.user": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"gocd-agent\""}, "description": "User the Go.CD agent should execute under.\n", "loc": ["services", "gocd-agent", "user"], "readOnly": false, "type": "string"}, "services.gocd-agent.workDir": {"declarations": ["nixos/modules/services/continuous-integration/gocd-agent/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/go-agent\""}, "description": "Specifies the working directory in which the Go.CD agent java archive resides.\n", "loc": ["services", "gocd-agent", "workDir"], "readOnly": false, "type": "string"}, "services.gocd-server.enable": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gocd-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gocd-server", "enable"], "readOnly": false, "type": "boolean"}, "services.gocd-server.environment": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to be passed to the gocd-server process.\nAs a base environment, gocd-server receives NIX_PATH from\n{option}`environment.sessionVariables`, NIX_REMOTE is set to\n\"daemon\".\n", "loc": ["services", "gocd-server", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.gocd-server.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra groups that the \"gocd-server\" user should be a part of.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wheel\"\n  \"docker\"\n]"}, "loc": ["services", "gocd-server", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.gocd-server.extraOptions": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies additional command line arguments to pass to Go.CD server's\njava process.  Example contains debug and gcLog arguments.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-X debug\"\n  \"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005\"\n  \"-verbose:gc\"\n  \"-Xloggc:go-server-gc.log\"\n  \"-XX:+PrintGCTimeStamps\"\n  \"-XX:+PrintTenuringDistribution\"\n  \"-XX:+PrintGCDetails\"\n  \"-XX:+PrintGC\"\n]"}, "loc": ["services", "gocd-server", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.gocd-server.group": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"gocd-server\""}, "description": "If the default user \"gocd-server\" is configured then this is the primary group of that user.\n", "loc": ["services", "gocd-server", "group"], "readOnly": false, "type": "string"}, "services.gocd-server.initialJavaHeapSize": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"512m\""}, "description": "Specifies the initial java heap memory size for the Go.CD server's java process.\n", "loc": ["services", "gocd-server", "initialJavaHeapSize"], "readOnly": false, "type": "string"}, "services.gocd-server.listenAddress": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Specifies the bind address on which the Go.CD server HTTP interface listens.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "gocd-server", "listenAddress"], "readOnly": false, "type": "string"}, "services.gocd-server.maxJavaHeapMemory": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"1024m\""}, "description": "Specifies the java maximum heap memory size for the Go.CD server's java process.\n", "loc": ["services", "gocd-server", "maxJavaHeapMemory"], "readOnly": false, "type": "string"}, "services.gocd-server.packages": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"}, "description": "Packages to add to PATH for the Go.CD server's process.\n", "loc": ["services", "gocd-server", "packages"], "readOnly": false, "type": "list of package"}, "services.gocd-server.port": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "8153"}, "description": "Specifies port number on which the Go.CD server HTTP interface listens.\n", "loc": ["services", "gocd-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gocd-server.sslPort": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "8154"}, "description": "Specifies port number on which the Go.CD server HTTPS interface listens.\n", "loc": ["services", "gocd-server", "sslPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gocd-server.startupOptions": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-Xms${config.services.gocd-server.initialJavaHeapSize}\"\n  \"-Xmx${config.services.gocd-server.maxJavaHeapMemory}\"\n  \"-Dcruise.listen.host=${config.services.gocd-server.listenAddress}\"\n  \"-Duser.language=en\"\n  \"-Djruby.rack.request.size.threshold.bytes=30000000\"\n  \"-Duser.country=US\"\n  \"-Dcruise.config.dir=${config.services.gocd-server.workDir}/conf\"\n  \"-Dcruise.config.file=${config.services.gocd-server.workDir}/conf/cruise-config.xml\"\n  \"-Dcruise.server.port=${toString config.services.gocd-server.port}\"\n  \"-Dcruise.server.ssl.port=${toString config.services.gocd-server.sslPort}\"\n  \"--add-opens=java.base/java.lang=ALL-UNNAMED\"\n  \"--add-opens=java.base/java.util=ALL-UNNAMED\"\n]\n"}, "description": "Specifies startup command line arguments to pass to Go.CD server\njava process.\n", "loc": ["services", "gocd-server", "startupOptions"], "readOnly": false, "type": "list of string"}, "services.gocd-server.user": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"gocd-server\""}, "description": "User the Go.CD server should execute under.\n", "loc": ["services", "gocd-server", "user"], "readOnly": false, "type": "string"}, "services.gocd-server.workDir": {"declarations": ["nixos/modules/services/continuous-integration/gocd-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/go-server\""}, "description": "Specifies the working directory in which the Go.CD server java archive resides.\n", "loc": ["services", "gocd-server", "workDir"], "readOnly": false, "type": "string"}, "services.godns.enable": {"declarations": ["nixos/modules/services/networking/godns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GoDNS service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "godns", "enable"], "readOnly": false, "type": "boolean"}, "services.godns.loadCredential": {"declarations": ["nixos/modules/services/networking/godns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This can be used to pass secrets to the systemd service without adding\nthem to the nix store.\n", "example": {"_type": "literalExpression", "text": "[\n  \"login_token:/path/to/login_token\"\n]"}, "loc": ["services", "godns", "loadCredential"], "readOnly": false, "type": "list of string"}, "services.godns.package": {"declarations": ["nixos/modules/services/networking/godns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.godns"}, "description": "The godns package to use.", "loc": ["services", "godns", "package"], "readOnly": false, "type": "package"}, "services.godns.settings": {"declarations": ["nixos/modules/services/networking/godns.nix"], "description": "Configuration for GoDNS. Refer to the [configuration section](1) in the\nGoDNS GitHub repository for details.\n\n[1]: https://github.com/TimothyYe/godns?tab=readme-ov-file#configuration\n", "example": {"_type": "literalExpression", "text": "{\n  domains = [\n    {\n      domain_name = \"example.com\";\n      sub_domains = [\n        \"foo\"\n      ];\n    }\n  ];\n  interval = 300;\n  ip_type = \"IPv6\";\n  ipv6_urls = [\n    \"https://api6.ipify.org\"\n    \"https://ip2location.io/ip\"\n    \"https://v6.ipinfo.io/ip\"\n  ];\n  login_token_file = \"$CREDENTIALS_DIRECTORY/login_token\";\n  provider = \"Cloudflare\";\n}"}, "loc": ["services", "godns", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.goeland.enable": {"declarations": ["nixos/modules/services/mail/goeland.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable goeland, an alternative to rss2email.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "goeland", "enable"], "readOnly": false, "type": "boolean"}, "services.goeland.schedule": {"declarations": ["nixos/modules/services/mail/goeland.nix"], "default": {"_type": "literalExpression", "text": "\"12h\""}, "description": "How often to run goeland, in systemd time format.", "example": {"_type": "literalExpression", "text": "\"Mon, 00:00:00\""}, "loc": ["services", "goeland", "schedule"], "readOnly": false, "type": "string"}, "services.goeland.settings": {"declarations": ["nixos/modules/services/mail/goeland.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of goeland.\nSee the [example config file](https://github.com/slurdge/goeland/blob/master/cmd/asset/config.default.toml) for the available options.\n", "loc": ["services", "goeland", "settings"], "readOnly": false, "type": "TOML value"}, "services.goeland.stateDir": {"declarations": ["nixos/modules/services/mail/goeland.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/goeland\""}, "description": "The data directory for goeland where the database will reside if using the unseen filter.\nIf left as the default value this directory will automatically be created before the goeland\nserver starts, otherwise you are responsible for ensuring the directory exists with\nappropriate ownership and permissions.\n", "loc": ["services", "goeland", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.gokapi.enable": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Lightweight selfhosted Firefox Send alternative without public upload.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gokapi", "enable"], "readOnly": false, "type": "boolean"}, "services.gokapi.environment": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to be set for the gokapi service. Can use systemd specifiers.\nFor full list see <https://gokapi.readthedocs.io/en/latest/advanced.html#environment-variables>.\n", "loc": ["services", "gokapi", "environment"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer)"}, "services.gokapi.environment.GOKAPI_CONFIG_DIR": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "\"%S/gokapi/config\""}, "description": "Sets the directory for the config file.", "loc": ["services", "gokapi", "environment", "GOKAPI_CONFIG_DIR"], "readOnly": false, "type": "string"}, "services.gokapi.environment.GOKAPI_CONFIG_FILE": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "\"config.json\""}, "description": "Sets the filename for the config file.", "loc": ["services", "gokapi", "environment", "GOKAPI_CONFIG_FILE"], "readOnly": false, "type": "string"}, "services.gokapi.environment.GOKAPI_DATA_DIR": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "\"%S/gokapi/data\""}, "description": "Sets the directory for the data.", "loc": ["services", "gokapi", "environment", "GOKAPI_DATA_DIR"], "readOnly": false, "type": "string"}, "services.gokapi.environment.GOKAPI_PORT": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "53842"}, "description": "Sets the port of the service.", "loc": ["services", "gokapi", "environment", "GOKAPI_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gokapi.mutableSettings": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow changes to the program config made by the program to persist between restarts.\nIf disabled all required values must be set using nix, and all changes to config format over application updates must be resolved by user.\n", "loc": ["services", "gokapi", "mutableSettings"], "readOnly": false, "type": "boolean"}, "services.gokapi.package": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gokapi"}, "description": "The gokapi package to use.", "loc": ["services", "gokapi", "package"], "readOnly": false, "type": "package"}, "services.gokapi.settings": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration settings for the generated config json file.\nSee <https://gokapi.readthedocs.io/en/latest/advanced.html#config-json> for more information\n", "loc": ["services", "gokapi", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.gokapi.settingsFile": {"declarations": ["nixos/modules/services/networking/gokapi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to config file to parse and append to settings.\nLargely useful for loading secrets from a file not in the nix store. Can use systemd specifiers.\nSee <https://gokapi.readthedocs.io/en/latest/advanced.html#config-json> for more information\n", "loc": ["services", "gokapi", "settingsFile"], "readOnly": false, "type": "null or string"}, "services.gollum.address": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address on which the web server will listen.", "loc": ["services", "gollum", "address"], "readOnly": false, "type": "string"}, "services.gollum.allowUploads": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable uploads of external files", "loc": ["services", "gollum", "allowUploads"], "readOnly": false, "type": "null or one of \"dir\", \"page\""}, "services.gollum.branch": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "\"master\""}, "description": "Git branch to serve", "example": {"_type": "literalExpression", "text": "\"develop\""}, "loc": ["services", "gollum", "branch"], "readOnly": false, "type": "string"}, "services.gollum.emoji": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Parse and interpret emoji tags", "loc": ["services", "gollum", "emoji"], "readOnly": false, "type": "boolean"}, "services.gollum.enable": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gollum, a git-powered wiki service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gollum", "enable"], "readOnly": false, "type": "boolean"}, "services.gollum.extraConfig": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Content of the configuration file", "example": {"_type": "literalExpression", "text": "''\n  wiki_options = {\n    show_local_time: true\n  }\n  \n  Precious::App.set(:wiki_options, wiki_options)\n''"}, "loc": ["services", "gollum", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gollum.group": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "\"gollum\""}, "description": "Specifies the owner group of the wiki directory", "loc": ["services", "gollum", "group"], "readOnly": false, "type": "string"}, "services.gollum.h1-title": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use the first h1 as page title", "loc": ["services", "gollum", "h1-title"], "readOnly": false, "type": "boolean"}, "services.gollum.math": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for math rendering using KaTeX", "loc": ["services", "gollum", "math"], "readOnly": false, "type": "boolean"}, "services.gollum.no-edit": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable editing pages", "loc": ["services", "gollum", "no-edit"], "readOnly": false, "type": "boolean"}, "services.gollum.package": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gollum"}, "description": "The gollum package to use.", "loc": ["services", "gollum", "package"], "readOnly": false, "type": "package"}, "services.gollum.port": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "4567"}, "description": "Port on which the web server will run.", "loc": ["services", "gollum", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gollum.stateDir": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/gollum\""}, "description": "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.", "loc": ["services", "gollum", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.gollum.user": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "\"gollum\""}, "description": "Specifies the owner of the wiki directory", "loc": ["services", "gollum", "user"], "readOnly": false, "type": "string"}, "services.gollum.user-icons": {"declarations": ["nixos/modules/services/misc/gollum.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable specific user icons for history view", "loc": ["services", "gollum", "user-icons"], "readOnly": false, "type": "null or one of \"gravatar\", \"identicon\""}, "services.gonic.enable": {"declarations": ["nixos/modules/services/audio/gonic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gonic music server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gonic", "enable"], "readOnly": false, "type": "boolean"}, "services.gonic.package": {"declarations": ["nixos/modules/services/audio/gonic.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gonic"}, "description": "The gonic package to use.", "loc": ["services", "gonic", "package"], "readOnly": false, "type": "package"}, "services.gonic.settings": {"declarations": ["nixos/modules/services/audio/gonic.nix"], "default": {"_type": "literalExpression", "text": "{\n  cache-path = \"/var/cache/gonic\";\n  listen-addr = \"127.0.0.1:4747\";\n  tls-cert = null;\n  tls-key = null;\n}"}, "description": "Configuration for Gonic, see <https://github.com/sentriz/gonic#configuration-options> for supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  music-path = [\n    \"/mnt/music\"\n  ];\n  playlists-path = \"/mnt/playlists\";\n  podcast-path = \"/mnt/podcasts\";\n}"}, "loc": ["services", "gonic", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.goss.enable": {"declarations": ["nixos/modules/services/monitoring/goss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Goss daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "goss", "enable"], "readOnly": false, "type": "boolean"}, "services.goss.environment": {"declarations": ["nixos/modules/services/monitoring/goss.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the goss service.\n\nSee <https://github.com/goss-org/goss/blob/master/docs/manual.md>\n", "example": {"_type": "literalExpression", "text": "{\n  GOSS_FMT = \"json\";\n  GOSS_LISTEN = \":8080\";\n  GOSS_LOGLEVEL = \"FATAL\";\n}"}, "loc": ["services", "goss", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.goss.package": {"declarations": ["nixos/modules/services/monitoring/goss.nix"], "default": {"_type": "literalExpression", "text": "pkgs.goss"}, "description": "The goss package to use.", "loc": ["services", "goss", "package"], "readOnly": false, "type": "package"}, "services.goss.settings": {"declarations": ["nixos/modules/services/monitoring/goss.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The global options in `config` file in yaml format.\n\nRefer to <https://github.com/goss-org/goss/blob/master/docs/goss-json-schema.yaml> for schema.\n", "example": {"_type": "literalExpression", "text": "{\n  addr = {\n    \"tcp://localhost:8080\" = {\n      local-address = \"127.0.0.1\";\n      reachable = true;\n    };\n  };\n  service = {\n    goss = {\n      enabled = true;\n      running = true;\n    };\n  };\n}"}, "loc": ["services", "goss", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.gotenberg.bindIP": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Port the API listener should bind to. Set to 0.0.0.0 to listen on all available IPs.", "loc": ["services", "gotenberg", "bindIP"], "readOnly": false, "type": "null or string"}, "services.gotenberg.bodyLimit": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the max limit for `multipart/form-data` requests. Accepts values like '5M', '20G', etc.", "loc": ["services", "gotenberg", "bodyLimit"], "readOnly": false, "type": "null or string"}, "services.gotenberg.chromium.autoStart": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically start Chromium when Gotenberg starts. If false, Chromium will start on the first conversion request that uses it.", "loc": ["services", "gotenberg", "chromium", "autoStart"], "readOnly": false, "type": "boolean"}, "services.gotenberg.chromium.disableJavascript": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable Javascript execution.", "loc": ["services", "gotenberg", "chromium", "disableJavascript"], "readOnly": false, "type": "boolean"}, "services.gotenberg.chromium.disableRoutes": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable all routes allowing Chromium-based conversion.", "loc": ["services", "gotenberg", "chromium", "disableRoutes"], "readOnly": false, "type": "boolean"}, "services.gotenberg.chromium.maxQueueSize": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum queue size for chromium-based conversions. Setting to 0 disables the limit.", "loc": ["services", "gotenberg", "chromium", "maxQueueSize"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.gotenberg.chromium.package": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.chromium"}, "description": "The chromium package to use.", "loc": ["services", "gotenberg", "chromium", "package"], "readOnly": false, "type": "package"}, "services.gotenberg.downloadFrom.allowList": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "\".*\""}, "description": "Allow these URLs to be used in the `downloadFrom` API field. Accepts a regular expression.", "loc": ["services", "gotenberg", "downloadFrom", "allowList"], "readOnly": false, "type": "null or string"}, "services.gotenberg.downloadFrom.denyList": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Deny accepting URLs from these domains in the `downloadFrom` API field. Accepts a regular expression.", "loc": ["services", "gotenberg", "downloadFrom", "denyList"], "readOnly": false, "type": "null or string"}, "services.gotenberg.downloadFrom.disable": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the ability to download files for conversion from outside sources.", "loc": ["services", "gotenberg", "downloadFrom", "disable"], "readOnly": false, "type": "boolean"}, "services.gotenberg.downloadFrom.maxRetries": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "The maximum amount of times to retry downloading a file specified with `downloadFrom`.", "loc": ["services", "gotenberg", "downloadFrom", "maxRetries"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.gotenberg.enable": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gotenberg, a stateless API for PDF files.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gotenberg", "enable"], "readOnly": false, "type": "boolean"}, "services.gotenberg.enableBasicAuth": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "HTTP Basic Authentication.\n\nIf you set this, be sure to set `GOTENBERG_API_BASIC_AUTH_USERNAME`and `GOTENBERG_API_BASIC_AUTH_PASSWORD`\nin your `services.gotenberg.environmentFile` file.\n", "loc": ["services", "gotenberg", "enableBasicAuth"], "readOnly": false, "type": "boolean"}, "services.gotenberg.environmentFile": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to load extra environment variables from.", "loc": ["services", "gotenberg", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.gotenberg.extraArgs": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any extra command-line flags to pass to the Gotenberg service.", "loc": ["services", "gotenberg", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.gotenberg.extraFontPackages": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra fonts to make available.", "loc": ["services", "gotenberg", "extraFontPackages"], "readOnly": false, "type": "list of package"}, "services.gotenberg.libreoffice.autoStart": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically start LibreOffice when Gotenberg starts. If false, LibreOffice will start on the first conversion request that uses it.", "loc": ["services", "gotenberg", "libreoffice", "autoStart"], "readOnly": false, "type": "boolean"}, "services.gotenberg.libreoffice.disableRoutes": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable all routes allowing LibreOffice-based conversion.", "loc": ["services", "gotenberg", "libreoffice", "disableRoutes"], "readOnly": false, "type": "boolean"}, "services.gotenberg.libreoffice.maxQueueSize": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum queue size for LibreOffice-based conversions. Setting to 0 disables the limit.", "loc": ["services", "gotenberg", "libreoffice", "maxQueueSize"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.gotenberg.libreoffice.package": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libreoffice"}, "description": "The libreoffice package to use.", "loc": ["services", "gotenberg", "libreoffice", "package"], "readOnly": false, "type": "package"}, "services.gotenberg.libreoffice.restartAfter": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Restart LibreOffice after this many conversions. Setting to 0 disables this feature.", "loc": ["services", "gotenberg", "libreoffice", "restartAfter"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.gotenberg.logLevel": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The logging level for Gotenberg.", "loc": ["services", "gotenberg", "logLevel"], "readOnly": false, "type": "one of \"error\", \"warn\", \"info\", \"debug\""}, "services.gotenberg.package": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gotenberg"}, "description": "The gotenberg package to use.", "loc": ["services", "gotenberg", "package"], "readOnly": false, "type": "package"}, "services.gotenberg.pdfEngines.convert": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"libreoffice-pdfengine\"\n]"}, "description": "PDF Engines to use for converting files.", "loc": ["services", "gotenberg", "pdfEngines", "convert"], "readOnly": false, "type": "list of value \"libreoffice-pdfengine\" (singular enum)"}, "services.gotenberg.pdfEngines.disableRoutes": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable routes related to PDF engines.", "loc": ["services", "gotenberg", "pdfEngines", "disableRoutes"], "readOnly": false, "type": "boolean"}, "services.gotenberg.pdfEngines.merge": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"qpdf\"\n  \"pdfcpu\"\n  \"pdftk\"\n]"}, "description": "PDF Engines to use for merging files.", "loc": ["services", "gotenberg", "pdfEngines", "merge"], "readOnly": false, "type": "list of (one of \"qpdf\", \"pdfcpu\", \"pdftk\")"}, "services.gotenberg.pdfEngines.readMetadata": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"exiftool\"\n]"}, "description": "PDF Engines to use for reading metadata from files.", "loc": ["services", "gotenberg", "pdfEngines", "readMetadata"], "readOnly": false, "type": "list of value \"exiftool\" (singular enum)"}, "services.gotenberg.pdfEngines.writeMetadata": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"exiftool\"\n]"}, "description": "PDF Engines to use for writing metadata to files.", "loc": ["services", "gotenberg", "pdfEngines", "writeMetadata"], "readOnly": false, "type": "list of value \"exiftool\" (singular enum)"}, "services.gotenberg.port": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port on which the API should listen.", "loc": ["services", "gotenberg", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gotenberg.rootPath": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Root path for the Gotenberg API.", "loc": ["services", "gotenberg", "rootPath"], "readOnly": false, "type": "string"}, "services.gotenberg.timeout": {"declarations": ["nixos/modules/services/misc/gotenberg.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Timeout for API requests.", "loc": ["services", "gotenberg", "timeout"], "readOnly": false, "type": "null or string"}, "services.gotify.enable": {"declarations": ["nixos/modules/services/web-apps/gotify-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gotify webserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gotify", "enable"], "readOnly": false, "type": "boolean"}, "services.gotify.environment": {"declarations": ["nixos/modules/services/web-apps/gotify-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config environment variables for the gotify-server.\nSee <https://gotify.net/docs/config> for more details.\n", "example": {"_type": "literalExpression", "text": "{\n  GOTIFY_DATABASE_DIALECT = \"sqlite3\";\n  GOTIFY_SERVER_PORT = 8080;\n}"}, "loc": ["services", "gotify", "environment"], "readOnly": false, "type": "attribute set of (string or signed integer)"}, "services.gotify.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/gotify-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files containing additional config environment variables for gotify-server.\nSecrets should be set in environmentFiles instead of environment.\n", "loc": ["services", "gotify", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.gotify.package": {"declarations": ["nixos/modules/services/web-apps/gotify-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gotify-server"}, "description": "The gotify-server package to use.", "loc": ["services", "gotify", "package"], "readOnly": false, "type": "package"}, "services.gotify.stateDirectoryName": {"declarations": ["nixos/modules/services/web-apps/gotify-server.nix"], "default": {"_type": "literalExpression", "text": "\"gotify-server\""}, "description": "The name of the directory below {file}`/var/lib` where\ngotify stores its runtime data.\n", "loc": ["services", "gotify", "stateDirectoryName"], "readOnly": false, "type": "string"}, "services.gotosocial.enable": {"declarations": ["nixos/modules/services/web-apps/gotosocial.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ActivityPub social network server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gotosocial", "enable"], "readOnly": false, "type": "boolean"}, "services.gotosocial.environmentFile": {"declarations": ["nixos/modules/services/web-apps/gotosocial.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing environment variables for configuring the GoToSocial service\nin the format of an EnvironmentFile as described by {manpage}`systemd.exec(5)`.\n\nThis option could be used to pass sensitive configuration to the GoToSocial daemon.\n\nPlease refer to the Environment Variables section in the\n[documentation](https://docs.gotosocial.org/en/latest/configuration/).\n", "example": {"_type": "literalExpression", "text": "\"/root/nixos/secrets/gotosocial.env\""}, "loc": ["services", "gotosocial", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.gotosocial.openFirewall": {"declarations": ["nixos/modules/services/web-apps/gotosocial.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the configured port in the firewall.\nUsing a reverse proxy instead is highly recommended.\n", "loc": ["services", "gotosocial", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.gotosocial.package": {"declarations": ["nixos/modules/services/web-apps/gotosocial.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gotosocial"}, "description": "The gotosocial package to use.", "loc": ["services", "gotosocial", "package"], "readOnly": false, "type": "package"}, "services.gotosocial.settings": {"declarations": ["nixos/modules/services/web-apps/gotosocial.nix"], "default": {"_type": "literalExpression", "text": "{\n  application-name = \"gotosocial\";\n  bind-address = \"127.0.0.1\";\n  db-address = \"/var/lib/gotosocial/database.sqlite\";\n  db-type = \"sqlite\";\n  port = 8080;\n  protocol = \"https\";\n  storage-local-base-path = \"/var/lib/gotosocial/storage\";\n}"}, "description": "Contents of the GoToSocial YAML config.\n\nPlease refer to the\n[documentation](https://docs.gotosocial.org/en/latest/configuration/)\nand\n[example config](https://github.com/superseriousbusiness/gotosocial/blob/main/example/config.yaml).\n\nPlease note that the `host` option cannot be changed later so it is important to configure this correctly before you start GoToSocial.\n", "example": {"_type": "literalExpression", "text": "{\n  application-name = \"My GoToSocial\";\n  host = \"gotosocial.example.com\";\n}"}, "loc": ["services", "gotosocial", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.gotosocial.setupPostgresqlDB": {"declarations": ["nixos/modules/services/web-apps/gotosocial.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to setup a local postgres database and populate the\n`db-type` fields in `services.gotosocial.settings`.\n", "loc": ["services", "gotosocial", "setupPostgresqlDB"], "readOnly": false, "type": "boolean"}, "services.govee2mqtt.enable": {"declarations": ["nixos/modules/services/home-automation/govee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Govee2MQTT.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "govee2mqtt", "enable"], "readOnly": false, "type": "boolean"}, "services.govee2mqtt.environmentFile": {"declarations": ["nixos/modules/services/home-automation/govee2mqtt.nix"], "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSee upstream documentation <https://github.com/wez/govee2mqtt/blob/main/docs/CONFIG.md>.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/govee2mqtt/govee2mqtt.env\""}, "loc": ["services", "govee2mqtt", "environmentFile"], "readOnly": false, "type": "absolute path"}, "services.govee2mqtt.group": {"declarations": ["nixos/modules/services/home-automation/govee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "\"govee2mqtt\""}, "description": "Group under which Govee2MQTT should run.", "loc": ["services", "govee2mqtt", "group"], "readOnly": false, "type": "string"}, "services.govee2mqtt.package": {"declarations": ["nixos/modules/services/home-automation/govee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.govee2mqtt"}, "description": "The govee2mqtt package to use.", "loc": ["services", "govee2mqtt", "package"], "readOnly": false, "type": "package"}, "services.govee2mqtt.user": {"declarations": ["nixos/modules/services/home-automation/govee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "\"govee2mqtt\""}, "description": "User under which Govee2MQTT should run.", "loc": ["services", "govee2mqtt", "user"], "readOnly": false, "type": "string"}, "services.goxlr-utility.autoStart.xdg": {"declarations": ["nixos/modules/services/audio/goxlr-utility.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Start the daemon automatically using XDG autostart.\nSets `xdg.autostart.enable = true` if not already enabled.\n", "loc": ["services", "goxlr-utility", "autoStart", "xdg"], "readOnly": false, "type": "boolean"}, "services.goxlr-utility.enable": {"declarations": ["nixos/modules/services/audio/goxlr-utility.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable goxlr-utility for controlling your TC-Helicon GoXLR or GoXLR Mini\n", "loc": ["services", "goxlr-utility", "enable"], "readOnly": false, "type": "boolean"}, "services.goxlr-utility.package": {"declarations": ["nixos/modules/services/audio/goxlr-utility.nix"], "default": {"_type": "literalExpression", "text": "pkgs.goxlr-utility"}, "description": "The goxlr-utility package to use.", "loc": ["services", "goxlr-utility", "package"], "readOnly": false, "type": "package"}, "services.gpm.enable": {"declarations": ["nixos/modules/services/ttys/gpm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GPM, the General Purpose Mouse daemon,\nwhich enables mouse support in virtual consoles.\n", "loc": ["services", "gpm", "enable"], "readOnly": false, "type": "boolean"}, "services.gpm.protocol": {"declarations": ["nixos/modules/services/ttys/gpm.nix"], "default": {"_type": "literalExpression", "text": "\"ps/2\""}, "description": "Mouse protocol to use.", "loc": ["services", "gpm", "protocol"], "readOnly": false, "type": "string"}, "services.gpsd.debugLevel": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The debugging level.\n", "loc": ["services", "gpsd", "debugLevel"], "readOnly": false, "type": "signed integer"}, "services.gpsd.devices": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/dev/ttyUSB0\"\n]"}, "description": "List of devices that `gpsd` should subscribe to.\n\nA device may be a local serial device for GPS input, or a\nURL of the form:\n`[{dgpsip|ntrip}://][user:passwd@]host[:port][/stream]` in\nwhich case it specifies an input source for DGPS or ntrip\ndata.\n", "loc": ["services", "gpsd", "devices"], "readOnly": false, "type": "list of string"}, "services.gpsd.enable": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable `gpsd`, a GPS service daemon.\n", "loc": ["services", "gpsd", "enable"], "readOnly": false, "type": "boolean"}, "services.gpsd.extraArgs": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra command line arguments to pass to gpsd.\nCheck {manpage}`gpsd(8)` mangpage for possible arguments.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-r\"\n  \"-s\"\n  \"19200\"\n]"}, "loc": ["services", "gpsd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.gpsd.listenany": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Listen on all addresses rather than just loopback.\n", "loc": ["services", "gpsd", "listenany"], "readOnly": false, "type": "boolean"}, "services.gpsd.nowait": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "don't wait for client connects to poll GPS\n", "loc": ["services", "gpsd", "nowait"], "readOnly": false, "type": "boolean"}, "services.gpsd.port": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "2947"}, "description": "The port where to listen for TCP connections.\n", "loc": ["services", "gpsd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.gpsd.readonly": {"declarations": ["nixos/modules/services/misc/gpsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the broken-device-safety, otherwise\nknown as read-only mode.  Some popular bluetooth and USB\nreceivers lock up or become totally inaccessible when\nprobed or reconfigured.  This switch prevents gpsd from\nwriting to a receiver.  This means that gpsd cannot\nconfigure the receiver for optimal performance, but it\nalso means that gpsd cannot break the receiver.  A better\nsolution would be for Bluetooth to not be so fragile.  A\nplatform independent method to identify\nserial-over-Bluetooth devices would also be nice.\n", "loc": ["services", "gpsd", "readonly"], "readOnly": false, "type": "boolean"}, "services.grafana-image-renderer.enable": {"declarations": ["nixos/modules/services/monitoring/grafana-image-renderer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable grafana-image-renderer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grafana-image-renderer", "enable"], "readOnly": false, "type": "boolean"}, "services.grafana-image-renderer.provisionGrafana": {"declarations": ["nixos/modules/services/monitoring/grafana-image-renderer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Grafana configuration for grafana-image-renderer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grafana-image-renderer", "provisionGrafana"], "readOnly": false, "type": "boolean"}, "services.grafana-image-renderer.settings": {"declarations": ["nixos/modules/services/monitoring/grafana-image-renderer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration attributes for `grafana-image-renderer`.\n", "loc": ["services", "grafana-image-renderer", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (string or signed integer or boolean or list of (string or signed integer))"}, "services.grafana-image-renderer.settings.browser.path": {"declarations": ["nixos/modules/services/monitoring/grafana-image-renderer.nix"], "default": {"_type": "literalExpression", "text": "lib.getExe pkgs.chromium"}, "description": "Path to the executable of the chromium to use.\n", "loc": ["services", "grafana-image-renderer", "settings", "browser", "path"], "readOnly": false, "type": "absolute path"}, "services.grafana-image-renderer.settings.server.addr": {"declarations": ["nixos/modules/services/monitoring/grafana-image-renderer.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:8081\""}, "description": "Listen address of the service.\n", "loc": ["services", "grafana-image-renderer", "settings", "server", "addr"], "readOnly": false, "type": "string"}, "services.grafana-to-ntfy.enable": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Grafana-to-ntfy (ntfy.sh) alerts channel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grafana-to-ntfy", "enable"], "readOnly": false, "type": "boolean"}, "services.grafana-to-ntfy.package": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grafana-to-ntfy"}, "description": "The grafana-to-ntfy package to use.", "loc": ["services", "grafana-to-ntfy", "package"], "readOnly": false, "type": "package"}, "services.grafana-to-ntfy.settings.bauthPass": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "description": "The path to the password you will use in the Grafana webhook settings.", "loc": ["services", "grafana-to-ntfy", "settings", "bauthPass"], "readOnly": false, "type": "absolute path"}, "services.grafana-to-ntfy.settings.bauthUser": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "The user that you will authenticate with in the Grafana webhook settings.\nYou can set this to whatever you like, as this is not the same as the ntfy-sh user.\n", "loc": ["services", "grafana-to-ntfy", "settings", "bauthUser"], "readOnly": false, "type": "string"}, "services.grafana-to-ntfy.settings.ntfyBAuthPass": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the password for the specified ntfy-sh user.\nSetting this option is required when using a ntfy-sh instance with access control enabled.\n", "loc": ["services", "grafana-to-ntfy", "settings", "ntfyBAuthPass"], "readOnly": false, "type": "absolute path"}, "services.grafana-to-ntfy.settings.ntfyBAuthUser": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ntfy-sh user to use for authenticating with the ntfy-sh instance.\nSetting this option is required when using a ntfy-sh instance with access control enabled.\n", "example": {"_type": "literalExpression", "text": "\"grafana\""}, "loc": ["services", "grafana-to-ntfy", "settings", "ntfyBAuthUser"], "readOnly": false, "type": "null or string"}, "services.grafana-to-ntfy.settings.ntfyUrl": {"declarations": ["nixos/modules/services/monitoring/grafana-to-ntfy.nix"], "description": "The URL to the ntfy-sh topic.", "example": {"_type": "literalExpression", "text": "\"https://push.example.com/grafana\""}, "loc": ["services", "grafana-to-ntfy", "settings", "ntfyUrl"], "readOnly": false, "type": "string"}, "services.grafana.dataDir": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/grafana\""}, "description": "Data directory.", "loc": ["services", "grafana", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.grafana.declarativePlugins": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot\nbe manually installed.\n\nKeep in mind that this turns off drilldown: for this to work, you need to add\n`grafana-metricsdrilldown-app`, `grafana-lokiexplore-app`, `grafana-exploretraces-app`\nand `grafana-pyroscope-app` to this option.\n", "example": {"_type": "literalExpression", "text": "with pkgs.grafanaPlugins; [ grafana-piechart-panel ]"}, "loc": ["services", "grafana", "declarativePlugins"], "readOnly": false, "type": "null or (list of absolute path)"}, "services.grafana.enable": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable grafana.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grafana", "enable"], "readOnly": false, "type": "boolean"}, "services.grafana.openFirewall": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the ports in the firewall for the server.", "loc": ["services", "grafana", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.grafana.package": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grafana"}, "description": "The grafana package to use.", "loc": ["services", "grafana", "package"], "readOnly": false, "type": "package"}, "services.grafana.provision.alerting.contactPoints.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML contact points configuration. Can't be used with\n[](#opt-services.grafana.provision.alerting.contactPoints.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.alerting.contactPoints.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana contact points configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.alerting.contactPoints.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#contact-points>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  contactPoints = [{\n    orgId = 1;\n    name = \"cp_1\";\n    receivers = [{\n      uid = \"first_uid\";\n      type = \"prometheus-alertmanager\";\n      settings.url = \"http://test:9000\";\n    }];\n  }];\n\n  deleteContactPoints = [{\n    orgId = 1;\n    uid = \"first_uid\";\n  }];\n}\n"}, "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.alerting.contactPoints.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.contactPoints.settings.contactPoints": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of contact points to import or update.", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings", "contactPoints"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the contact point. Required.", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings", "contactPoints", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of receivers that should be deleted.", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings", "deleteContactPoints"], "readOnly": false, "type": "list of (submodule)"}, "services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.orgId": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Organization ID, default = 1.", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings", "deleteContactPoints", "*", "orgId"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.uid": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Unique identifier for the receiver. Required.", "loc": ["services", "grafana", "provision", "alerting", "contactPoints", "settings", "deleteContactPoints", "*", "uid"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.muteTimings.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML mute timings configuration. Can't be used with\n[](#opt-services.grafana.provision.alerting.muteTimings.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.alerting.muteTimings.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana mute timings configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.alerting.muteTimings.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#mute-timings>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  muteTimes = [{\n    orgId = 1;\n    name = \"mti_1\";\n    time_intervals = [{\n      times = [{\n        start_time = \"06:00\";\n        end_time = \"23:59\";\n      }];\n      weekdays = [\n        \"monday:wednesday\"\n        \"saturday\"\n        \"sunday\"\n      ];\n      months = [\n        \"1:3\"\n        \"may:august\"\n        \"december\"\n      ];\n      years = [\n        \"2020:2022\"\n        \"2030\"\n      ];\n      days_of_month = [\n        \"1:5\"\n        \"-3:-1\"\n      ];\n    }];\n  }];\n\n  deleteMuteTimes = [{\n    orgId = 1;\n    name = \"mti_1\";\n  }];\n}\n"}, "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.alerting.muteTimings.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of mute time intervals that should be deleted.", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings", "deleteMuteTimes"], "readOnly": false, "type": "list of (submodule)"}, "services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the mute time interval, must be unique. Required.", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings", "deleteMuteTimes", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.orgId": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Organization ID, default = 1.", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings", "deleteMuteTimes", "*", "orgId"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.muteTimings.settings.muteTimes": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of mute time intervals to import or update.", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings", "muteTimes"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the mute time interval, must be unique. Required.", "loc": ["services", "grafana", "provision", "alerting", "muteTimings", "settings", "muteTimes", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.policies.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML notification policies configuration. Can't be used with\n[](#opt-services.grafana.provision.alerting.policies.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "alerting", "policies", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.alerting.policies.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana notification policies configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.alerting.policies.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#notification-policies>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  policies = [{\n    orgId = 1;\n    receiver = \"grafana-default-email\";\n    group_by = [ \"...\" ];\n    matchers = [\n      \"alertname = Watchdog\"\n      \"severity =~ \\\"warning|critical\\\"\"\n    ];\n    mute_time_intervals = [\n      \"abc\"\n    ];\n    group_wait = \"30s\";\n    group_interval = \"5m\";\n    repeat_interval = \"4h\";\n  }];\n\n  resetPolicies = [\n    1\n  ];\n}\n"}, "loc": ["services", "grafana", "provision", "alerting", "policies", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.alerting.policies.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "alerting", "policies", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.policies.settings.policies": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of contact points to import or update.", "loc": ["services", "grafana", "provision", "alerting", "policies", "settings", "policies"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.alerting.policies.settings.resetPolicies": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of orgIds that should be reset to the default policy.", "loc": ["services", "grafana", "provision", "alerting", "policies", "settings", "resetPolicies"], "readOnly": false, "type": "list of signed integer"}, "services.grafana.provision.alerting.rules.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML rules configuration. Can't be used with\n[](#opt-services.grafana.provision.alerting.rules.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "alerting", "rules", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.alerting.rules.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana rules configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.alerting.rules.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#rules>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  groups = [{\n    orgId = 1;\n    name = \"my_rule_group\";\n    folder = \"my_first_folder\";\n    interval = \"60s\";\n    rules = [{\n      uid = \"my_id_1\";\n      title = \"my_first_rule\";\n      condition = \"A\";\n      data = [{\n        refId = \"A\";\n        datasourceUid = \"-100\";\n        model = {\n          conditions = [{\n            evaluator = {\n              params = [ 3 ];\n              type = \"git\";\n            };\n            operator.type = \"and\";\n            query.params = [ \"A\" ];\n            reducer.type = \"last\";\n            type = \"query\";\n          }];\n          datasource = {\n            type = \"__expr__\";\n            uid = \"-100\";\n          };\n          expression = \"1==0\";\n          intervalMs = 1000;\n          maxDataPoints = 43200;\n          refId = \"A\";\n          type = \"math\";\n        };\n      }];\n      dashboardUid = \"my_dashboard\";\n      panelId = 123;\n      noDataState = \"Alerting\";\n      for = \"60s\";\n      annotations.some_key = \"some_value\";\n      labels.team = \"sre_team1\";\n    }];\n  }];\n\n  deleteRules = [{\n    orgId = 1;\n    uid = \"my_id_1\";\n  }];\n}\n"}, "loc": ["services", "grafana", "provision", "alerting", "rules", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.alerting.rules.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.rules.settings.deleteRules": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of alert rule UIDs that should be deleted.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "deleteRules"], "readOnly": false, "type": "list of (submodule)"}, "services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Organization ID, default = 1", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "deleteRules", "*", "orgId"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.rules.settings.deleteRules.*.uid": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Unique identifier for the rule. Required.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "deleteRules", "*", "uid"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.rules.settings.groups": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of rule groups to import or update.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "groups"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.alerting.rules.settings.groups.*.folder": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the folder the rule group will be stored in. Required.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "groups", "*", "folder"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.rules.settings.groups.*.interval": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Interval that the rule group should be evaluated at. Required.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "groups", "*", "interval"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.rules.settings.groups.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the rule group. Required.", "loc": ["services", "grafana", "provision", "alerting", "rules", "settings", "groups", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.templates.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML templates configuration. Can't be used with\n[](#opt-services.grafana.provision.alerting.templates.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "alerting", "templates", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.alerting.templates.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana templates configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.alerting.templates.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#templates>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  templates = [{\n    orgId = 1;\n    name = \"my_first_template\";\n    template = \"Alerting with a custom text template\";\n  }];\n\n  deleteTemplates = [{\n    orgId = 1;\n    name = \"my_first_template\";\n  }];\n}\n"}, "loc": ["services", "grafana", "provision", "alerting", "templates", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.alerting.templates.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.templates.settings.deleteTemplates": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of alert rule UIDs that should be deleted.", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "deleteTemplates"], "readOnly": false, "type": "list of (submodule)"}, "services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the template, must be unique. Required.", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "deleteTemplates", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.templates.settings.deleteTemplates.*.orgId": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Organization ID, default = 1.", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "deleteTemplates", "*", "orgId"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.alerting.templates.settings.templates": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of templates to import or update.", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "templates"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.alerting.templates.settings.templates.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the template, must be unique. Required.", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "templates", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.alerting.templates.settings.templates.*.template": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Alerting with a custom text template", "loc": ["services", "grafana", "provision", "alerting", "templates", "settings", "templates", "*", "template"], "readOnly": false, "type": "string"}, "services.grafana.provision.dashboards": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declaratively provision Grafana's dashboards.\n", "loc": ["services", "grafana", "provision", "dashboards"], "readOnly": false, "type": "submodule"}, "services.grafana.provision.dashboards.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML dashboard configuration. Can't be used with\n[](#opt-services.grafana.provision.dashboards.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "dashboards", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.dashboards.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana dashboard configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.dashboards.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  providers = [{\n      name = \"default\";\n      options.path = \"/var/lib/grafana/dashboards\";\n  }];\n}\n"}, "loc": ["services", "grafana", "provision", "dashboards", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.dashboards.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "dashboards", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.dashboards.settings.providers": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of dashboards to insert/update.", "loc": ["services", "grafana", "provision", "dashboards", "settings", "providers"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.dashboards.settings.providers.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "A unique provider name.", "loc": ["services", "grafana", "provision", "dashboards", "settings", "providers", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.dashboards.settings.providers.*.options.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Path grafana will watch for dashboards. Required when using the 'file' type.", "loc": ["services", "grafana", "provision", "dashboards", "settings", "providers", "*", "options", "path"], "readOnly": false, "type": "absolute path"}, "services.grafana.provision.dashboards.settings.providers.*.type": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"file\""}, "description": "Dashboard provider type.", "loc": ["services", "grafana", "provision", "dashboards", "settings", "providers", "*", "type"], "readOnly": false, "type": "string"}, "services.grafana.provision.datasources": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declaratively provision Grafana's datasources.\n", "loc": ["services", "grafana", "provision", "datasources"], "readOnly": false, "type": "submodule"}, "services.grafana.provision.datasources.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to YAML datasource configuration. Can't be used with\n[](#opt-services.grafana.provision.datasources.settings) simultaneously.\nCan be either a directory or a single YAML file. Will end up in the store.\n", "loc": ["services", "grafana", "provision", "datasources", "path"], "readOnly": false, "type": "null or absolute path"}, "services.grafana.provision.datasources.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Grafana datasource configuration in Nix. Can't be used with\n[](#opt-services.grafana.provision.datasources.path) simultaneously. See\n<https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources>\nfor supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  apiVersion = 1;\n\n  datasources = [{\n    name = \"Graphite\";\n    type = \"graphite\";\n  }];\n\n  deleteDatasources = [{\n    name = \"Graphite\";\n    orgId = 1;\n  }];\n}\n"}, "loc": ["services", "grafana", "provision", "datasources", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.grafana.provision.datasources.settings.apiVersion": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Config file version.", "loc": ["services", "grafana", "provision", "datasources", "settings", "apiVersion"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.datasources.settings.datasources": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of datasources to insert/update.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.grafana.provision.datasources.settings.datasources.*.access": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"proxy\""}, "description": "Access mode. proxy or direct (Server or Browser in the UI). Required.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "access"], "readOnly": false, "type": "one of \"proxy\", \"direct\""}, "services.grafana.provision.datasources.settings.datasources.*.editable": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow users to edit datasources from the UI.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "editable"], "readOnly": false, "type": "boolean"}, "services.grafana.provision.datasources.settings.datasources.*.jsonData": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra data for datasource plugins.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "jsonData"], "readOnly": false, "type": "null or (attribute set)"}, "services.grafana.provision.datasources.settings.datasources.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the datasource. Required.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.datasources.settings.datasources.*.secureJsonData": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Datasource specific secure configuration. Please note that the contents of this option\nwill end up in a world-readable Nix store. Use the file provider\npointing at a reasonably secured file in the local filesystem\nto work around that. Look at the documentation for details:\n<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>\n", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "secureJsonData"], "readOnly": false, "type": "null or (attribute set)"}, "services.grafana.provision.datasources.settings.datasources.*.type": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Datasource type. Required.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "type"], "readOnly": false, "type": "string"}, "services.grafana.provision.datasources.settings.datasources.*.uid": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "uid"], "readOnly": false, "type": "null or string"}, "services.grafana.provision.datasources.settings.datasources.*.url": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Url of the datasource.", "loc": ["services", "grafana", "provision", "datasources", "settings", "datasources", "*", "url"], "readOnly": false, "type": "string"}, "services.grafana.provision.datasources.settings.deleteDatasources": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of datasources that should be deleted from the database.", "loc": ["services", "grafana", "provision", "datasources", "settings", "deleteDatasources"], "readOnly": false, "type": "list of (submodule)"}, "services.grafana.provision.datasources.settings.deleteDatasources.*.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Name of the datasource to delete.", "loc": ["services", "grafana", "provision", "datasources", "settings", "deleteDatasources", "*", "name"], "readOnly": false, "type": "string"}, "services.grafana.provision.datasources.settings.deleteDatasources.*.orgId": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Organization ID of the datasource to delete.", "loc": ["services", "grafana", "provision", "datasources", "settings", "deleteDatasources", "*", "orgId"], "readOnly": false, "type": "signed integer"}, "services.grafana.provision.datasources.settings.prune": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When `true`, provisioned datasources from this file will be deleted\nautomatically when removed from\n{option}`services.grafana.provision.datasources.settings.datasources`.\n", "loc": ["services", "grafana", "provision", "datasources", "settings", "prune"], "readOnly": false, "type": "boolean"}, "services.grafana.provision.enable": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable provision.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grafana", "provision", "enable"], "readOnly": false, "type": "boolean"}, "services.grafana.settings": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Grafana settings. See <https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/>\nfor available options. INI format is used.\n", "loc": ["services", "grafana", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.grafana.settings.analytics.check_for_plugin_updates": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "cfg.declarativePlugins == null"}, "description": "When set to `false`, disables checking for new versions of installed plugins from https://grafana.com.\nWhen enabled, the check for a new plugin runs every 10 minutes.\nIt will notify, via the UI, when a new plugin update exists.\nThe check itself will not prompt any auto-updates of the plugin, nor will it send any sensitive information.\n", "loc": ["services", "grafana", "settings", "analytics", "check_for_plugin_updates"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.analytics.check_for_updates": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When set to `false`, disables checking for new versions of Grafana from Grafana's GitHub repository.\nWhen enabled, the check for a new version runs every 10 minutes.\nIt will notify, via the UI, when a new version is available.\nThe check itself will not prompt any auto-updates of the Grafana software, nor will it send any sensitive information.\n", "loc": ["services", "grafana", "settings", "analytics", "check_for_updates"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.analytics.feedback_links_enabled": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to `false` to remove all feedback links from the UI.", "loc": ["services", "grafana", "settings", "analytics", "feedback_links_enabled"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.analytics.reporting_enabled": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled Grafana will send anonymous usage statistics to `stats.grafana.org`.\nNo IP addresses are being tracked, only simple counters to track running instances, versions, dashboard and error counts.\nCounters are sent every 24 hours.\n", "loc": ["services", "grafana", "settings", "analytics", "reporting_enabled"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.database.ca_cert_path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the CA certificate to use.", "loc": ["services", "grafana", "settings", "database", "ca_cert_path"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.database.cache_mode": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"private\""}, "description": "For `sqlite3` only.\n[Shared cache](https://www.sqlite.org/sharedcache.html) setting used for connecting to the database.\n", "loc": ["services", "grafana", "settings", "database", "cache_mode"], "readOnly": false, "type": "one of \"private\", \"shared\""}, "services.grafana.settings.database.client_cert_path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the client cert. Only if server requires client authentication.", "loc": ["services", "grafana", "settings", "database", "client_cert_path"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.database.client_key_path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the client key. Only if server requires client authentication.", "loc": ["services", "grafana", "settings", "database", "client_key_path"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.database.conn_max_lifetime": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "14400"}, "description": "Sets the maximum amount of time a connection may be reused.\nThe default is 14400 (which means 14400 seconds or 4 hours).\nFor MySQL, this setting should be shorter than the `wait_timeout` variable.\n", "loc": ["services", "grafana", "settings", "database", "conn_max_lifetime"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.database.host": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:3306\""}, "description": "Only applicable to MySQL or Postgres.\nIncludes IP or hostname and port or in case of Unix sockets the path to it.\nFor example, for MySQL running on the same host as Grafana: `host = \"127.0.0.1:3306\"`\nor with Unix sockets: `host = \"/var/run/mysqld/mysqld.sock\"`\n", "loc": ["services", "grafana", "settings", "database", "host"], "readOnly": false, "type": "string"}, "services.grafana.settings.database.isolation_level": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only the MySQL driver supports isolation levels in Grafana.\nIn case the value is empty, the driver's default isolation level is applied.\n", "loc": ["services", "grafana", "settings", "database", "isolation_level"], "readOnly": false, "type": "null or one of \"READ-UNCOMMITTED\", \"READ-COMMITTED\", \"REPEATABLE-READ\", \"SERIALIZABLE\""}, "services.grafana.settings.database.locking_attempt_timeout_sec": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "For `mysql`, if the `migrationLocking` feature toggle is set,\nspecify the time (in seconds) to wait before failing to lock the database for the migrations.\n", "loc": ["services", "grafana", "settings", "database", "locking_attempt_timeout_sec"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.database.log_queries": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to log the sql calls and execution times", "loc": ["services", "grafana", "settings", "database", "log_queries"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.database.max_idle_conn": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "The maximum number of connections in the idle connection pool.", "loc": ["services", "grafana", "settings", "database", "max_idle_conn"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.database.max_open_conn": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The maximum number of open connections to the database.", "loc": ["services", "grafana", "settings", "database", "max_open_conn"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.database.name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"grafana\""}, "description": "The name of the Grafana database.", "loc": ["services", "grafana", "settings", "database", "name"], "readOnly": false, "type": "string"}, "services.grafana.settings.database.password": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The database user's password (not applicable for `sqlite3`).\n\nPlease note that the contents of this option\nwill end up in a world-readable Nix store. Use the file provider\npointing at a reasonably secured file in the local filesystem\nto work around that. Look at the documentation for details:\n<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>\n", "loc": ["services", "grafana", "settings", "database", "password"], "readOnly": false, "type": "string"}, "services.grafana.settings.database.path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.grafana.dataDir}/data/grafana.db\""}, "description": "Only applicable to `sqlite3` database. The file path where the database will be stored.", "loc": ["services", "grafana", "settings", "database", "path"], "readOnly": false, "type": "absolute path"}, "services.grafana.settings.database.query_retries": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "This setting applies to `sqlite3` only and controls the number of times the system retries a query when the database is locked.\n", "loc": ["services", "grafana", "settings", "database", "query_retries"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.database.server_cert_name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The common name field of the certificate used by the `mysql` or `postgres` server.\nNot necessary if `ssl_mode` is set to `skip-verify`.\n", "loc": ["services", "grafana", "settings", "database", "server_cert_name"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.database.ssl_mode": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"disable\""}, "description": "For Postgres, use either `disable`, `require` or `verify-full`.\nFor MySQL, use either `true`, `false`, or `skip-verify`.\n", "loc": ["services", "grafana", "settings", "database", "ssl_mode"], "readOnly": false, "type": "one of \"disable\", \"require\", \"verify-full\", \"true\", \"false\", \"skip-verify\""}, "services.grafana.settings.database.transaction_retries": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "This setting applies to `sqlite3` only and controls the number of times the system retries a transaction when the database is locked.\n", "loc": ["services", "grafana", "settings", "database", "transaction_retries"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.database.type": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite3\""}, "description": "Database type.", "loc": ["services", "grafana", "settings", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"sqlite3\", \"postgres\""}, "services.grafana.settings.database.user": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The database user (not applicable for `sqlite3`).", "loc": ["services", "grafana", "settings", "database", "user"], "readOnly": false, "type": "string"}, "services.grafana.settings.database.wal": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "For `sqlite3` only.\nSetting to enable/disable [Write-Ahead Logging](https://sqlite.org/wal.html).\n", "loc": ["services", "grafana", "settings", "database", "wal"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.paths.plugins": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "if (cfg.declarativePlugins == null) then \"${cfg.dataDir}/plugins\" else declarativePlugins"}, "description": "Directory where grafana will automatically scan and look for plugins", "loc": ["services", "grafana", "settings", "paths", "plugins"], "readOnly": false, "type": "absolute path"}, "services.grafana.settings.paths.provisioning": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"directory with links to files generated from services.grafana.provision\""}, "description": "Folder that contains provisioning config files that grafana will apply on startup and while running.\nDon't change the value of this option if you are planning to use `services.grafana.provision` options.\n", "loc": ["services", "grafana", "settings", "paths", "provisioning"], "readOnly": false, "type": "absolute path"}, "services.grafana.settings.plugins.preinstall_disabled": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "cfg.declarativePlugins != null"}, "description": "When set to `true`, disables the Background Plugin Installer, which runs before Grafana starts.\nThis component causes issues with `declarativePlugins` and is disabled by default if those are used.\n", "loc": ["services", "grafana", "settings", "plugins", "preinstall_disabled"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.admin_email": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"admin@localhost\""}, "description": "The email of the default Grafana Admin, created on startup.", "loc": ["services", "grafana", "settings", "security", "admin_email"], "readOnly": false, "type": "string"}, "services.grafana.settings.security.admin_password": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Default admin password. Please note that the contents of this option\nwill end up in a world-readable Nix store. Use the file provider\npointing at a reasonably secured file in the local filesystem\nto work around that. Look at the documentation for details:\n<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>\n", "loc": ["services", "grafana", "settings", "security", "admin_password"], "readOnly": false, "type": "string"}, "services.grafana.settings.security.admin_user": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Default admin username.", "loc": ["services", "grafana", "settings", "security", "admin_user"], "readOnly": false, "type": "string"}, "services.grafana.settings.security.allow_embedding": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When `false`, the HTTP header `X-Frame-Options: deny` will be set in Grafana HTTP responses\nwhich will instruct browsers to not allow rendering Grafana in a `<frame>`, `<iframe>`, `<embed>` or `<object>`.\nThe main goal is to mitigate the risk of [Clickjacking](https://owasp.org/www-community/attacks/Clickjacking).\n", "loc": ["services", "grafana", "settings", "security", "allow_embedding"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.content_security_policy": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to add the `Content-Security-Policy` header to your requests.\nCSP allows to control resources that the user agent can load and helps prevent XSS attacks.\n", "loc": ["services", "grafana", "settings", "security", "content_security_policy"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.content_security_policy_report_only": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to add the `Content-Security-Policy-Report-Only` header to your requests.\nCSP in Report Only mode enables you to experiment with policies by monitoring their effects without enforcing them.\nYou can enable both policies simultaneously.\n", "loc": ["services", "grafana", "settings", "security", "content_security_policy_report_only"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.cookie_samesite": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"lax\""}, "description": "Sets the `SameSite` cookie attribute and prevents the browser from sending this cookie along with cross-site requests.\nThe main goal is to mitigate the risk of cross-origin information leakage.\nThis setting also provides some protection against cross-site request forgery attacks (CSRF),\n[read more about SameSite here](https://owasp.org/www-community/SameSite).\nUsing value `disabled` does not add any `SameSite` attribute to cookies.\n", "loc": ["services", "grafana", "settings", "security", "cookie_samesite"], "readOnly": false, "type": "one of \"lax\", \"strict\", \"none\", \"disabled\""}, "services.grafana.settings.security.cookie_secure": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` if you host Grafana behind HTTPS.", "loc": ["services", "grafana", "settings", "security", "cookie_secure"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.csrf_additional_headers": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of allowed headers to be set by the user.\nSuggested to use for if authentication lives behind reverse proxies.\n", "loc": ["services", "grafana", "settings", "security", "csrf_additional_headers"], "readOnly": false, "type": "string or list of string"}, "services.grafana.settings.security.csrf_trusted_origins": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional allowed URLs to pass by the CSRF check.\nSuggested when authentication comes from an IdP.\n", "loc": ["services", "grafana", "settings", "security", "csrf_trusted_origins"], "readOnly": false, "type": "string or list of string"}, "services.grafana.settings.security.data_source_proxy_whitelist": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Define a whitelist of allowed IP addresses or domains, with ports,\nto be used in data source URLs with the Grafana data source proxy.\nFormat: `ip_or_domain:port` separated by spaces.\nPostgreSQL, MySQL, and MSSQL data sources do not use the proxy and are therefore unaffected by this setting.\n", "loc": ["services", "grafana", "settings", "security", "data_source_proxy_whitelist"], "readOnly": false, "type": "string or list of string"}, "services.grafana.settings.security.disable_brute_force_login_protection": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to disable [brute force login protection](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#account-lockout).", "loc": ["services", "grafana", "settings", "security", "disable_brute_force_login_protection"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.disable_gravatar": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to disable the use of Gravatar for user profile images.", "loc": ["services", "grafana", "settings", "security", "disable_gravatar"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.disable_initial_admin_creation": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable creation of admin user on first start of Grafana.", "loc": ["services", "grafana", "settings", "security", "disable_initial_admin_creation"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.secret_key": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "description": "Secret key used for signing data source settings like secrets and passwords.\nSet this to a unique, random string in production, generated for example by running `openssl rand -hex 32`.\n\nIf you change this later you will need to update data source settings to re-encode them.\n\n<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#secret_key>\n\nPlease note that the contents of this option\nwill end up in a world-readable Nix store. Use the file provider\npointing at a reasonably secured file in the local filesystem\nto work around that. Look at the documentation for details:\n<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>\n", "loc": ["services", "grafana", "settings", "security", "secret_key"], "readOnly": false, "type": "string"}, "services.grafana.settings.security.strict_transport_security": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` if you want to enable HTTP `Strict-Transport-Security` (HSTS) response header.\nOnly use this when HTTPS is enabled in your configuration,\nor when there is another upstream system that ensures your application does HTTPS (like a frontend load balancer).\nHSTS tells browsers that the site should only be accessed using HTTPS.\n", "loc": ["services", "grafana", "settings", "security", "strict_transport_security"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.strict_transport_security_max_age_seconds": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "86400"}, "description": "Sets how long a browser should cache HSTS in seconds.\nOnly applied if `strict_transport_security` is enabled.\n", "loc": ["services", "grafana", "settings", "security", "strict_transport_security_max_age_seconds"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.security.strict_transport_security_preload": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to enable HSTS `preloading` option.\nOnly applied if `strict_transport_security` is enabled.\n", "loc": ["services", "grafana", "settings", "security", "strict_transport_security_preload"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.strict_transport_security_subdomains": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to enable HSTS `includeSubDomains` option.\nOnly applied if `strict_transport_security` is enabled.\n", "loc": ["services", "grafana", "settings", "security", "strict_transport_security_subdomains"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.x_content_type_options": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to `false` to disable the `X-Content-Type-Options` response header.\nThe `X-Content-Type-Options` response HTTP header is a marker used by the server\nto indicate that the MIME types advertised in the `Content-Type` headers should not be changed and be followed.\n", "loc": ["services", "grafana", "settings", "security", "x_content_type_options"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.security.x_xss_protection": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` to enable the `X-XSS-Protection` header,\nwhich tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.\n\n__Note:__ this is the default in Grafana, it's turned off here\nsince it's [recommended to not use this header anymore](https://owasp.org/www-project-secure-headers/#x-xss-protection).\n", "loc": ["services", "grafana", "settings", "security", "x_xss_protection"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.server.cdn_url": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a full HTTP URL address to the root of your Grafana CDN assets.\nGrafana will add edition and version paths.\n\nFor example, given a cdn url like `https://cdn.myserver.com`\ngrafana will try to load a javascript file from `http://cdn.myserver.com/grafana-oss/7.4.0/public/build/app.<hash>.js`.\n", "loc": ["services", "grafana", "settings", "server", "cdn_url"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.server.cert_file": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the certificate file (if `protocol` is set to `https` or `h2`).\n", "loc": ["services", "grafana", "settings", "server", "cert_file"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.server.cert_key": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the certificate key file (if `protocol` is set to `https` or `h2`).\n", "loc": ["services", "grafana", "settings", "server", "cert_key"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.server.domain": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The public facing domain name used to access grafana from a browser.\n\nThis setting is only used in the default value of the `root_url` setting.\nIf you set the latter manually, this option does not have to be specified.\n", "loc": ["services", "grafana", "settings", "server", "domain"], "readOnly": false, "type": "string"}, "services.grafana.settings.server.enable_gzip": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set this option to `true` to enable HTTP compression, this can improve transfer speed and bandwidth utilization.\nIt is recommended that most users set it to `true`. By default it is set to `false` for compatibility reasons.\n", "loc": ["services", "grafana", "settings", "server", "enable_gzip"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.server.enforce_domain": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Redirect to correct domain if the host header does not match the domain.\nPrevents DNS rebinding attacks.\n", "loc": ["services", "grafana", "settings", "server", "enforce_domain"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.server.http_addr": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listening address.\n\n::: {.note}\nThis setting intentionally varies from upstream's default to be a bit more secure by default.\n:::\n", "loc": ["services", "grafana", "settings", "server", "http_addr"], "readOnly": false, "type": "string"}, "services.grafana.settings.server.http_port": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Listening port.", "loc": ["services", "grafana", "settings", "server", "http_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.grafana.settings.server.protocol": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "Which protocol to listen.", "loc": ["services", "grafana", "settings", "server", "protocol"], "readOnly": false, "type": "one of \"http\", \"https\", \"h2\", \"socket\""}, "services.grafana.settings.server.read_timeout": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Sets the maximum time using a duration format (5s/5m/5ms)\nbefore timing out read of an incoming request and closing idle connections.\n0 means there is no timeout for reading the request.\n", "loc": ["services", "grafana", "settings", "server", "read_timeout"], "readOnly": false, "type": "string"}, "services.grafana.settings.server.root_url": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"%(protocol)s://%(domain)s:%(http_port)s/\""}, "description": "This is the full URL used to access Grafana from a web browser.\nThis is important if you use Google or GitHub OAuth authentication (for the callback URL to be correct).\n\nThis setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath.\nIn that case add the subpath to the end of this URL setting.\n", "loc": ["services", "grafana", "settings", "server", "root_url"], "readOnly": false, "type": "string"}, "services.grafana.settings.server.router_logging": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `true` for Grafana to log all HTTP requests (not just errors).\nThese are logged as Info level events to the Grafana log.\n", "loc": ["services", "grafana", "settings", "server", "router_logging"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.server.serve_from_sub_path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Serve Grafana from subpath specified in the `root_url` setting.\nBy default it is set to `false` for compatibility reasons.\n\nBy enabling this setting and using a subpath in `root_url` above,\ne.g. `root_url = \"http://localhost:3000/grafana\"`,\nGrafana is accessible on `http://localhost:3000/grafana`.\nIf accessed without subpath, Grafana will redirect to an URL with the subpath.\n", "loc": ["services", "grafana", "settings", "server", "serve_from_sub_path"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.server.socket": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"/run/grafana/grafana.sock\""}, "description": "Path where the socket should be created when `protocol=socket`.\nMake sure that Grafana has appropriate permissions before you change this setting.\n", "loc": ["services", "grafana", "settings", "server", "socket"], "readOnly": false, "type": "string"}, "services.grafana.settings.server.socket_gid": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "-1"}, "description": "GID where the socket should be set when `protocol=socket`.\nMake sure that the target group is in the group of Grafana process and that Grafana process is the file owner before you change this setting.\nIt is recommended to set the gid as http server user gid.\nNot set when the value is -1.\n", "loc": ["services", "grafana", "settings", "server", "socket_gid"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.server.socket_mode": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"0660\""}, "description": "Mode where the socket should be set when `protocol=socket`.\nMake sure that Grafana process is the file owner before you change this setting.\n", "loc": ["services", "grafana", "settings", "server", "socket_mode"], "readOnly": false, "type": "string"}, "services.grafana.settings.server.static_root_path": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"${package}/share/grafana/public\""}, "description": "Root path for static assets.", "loc": ["services", "grafana", "settings", "server", "static_root_path"], "readOnly": false, "type": "string"}, "services.grafana.settings.smtp.cert_file": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path to a cert file.", "loc": ["services", "grafana", "settings", "smtp", "cert_file"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.smtp.ehlo_identity": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name to be used as client identity for EHLO in SMTP dialog.", "loc": ["services", "grafana", "settings", "smtp", "ehlo_identity"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.smtp.enabled": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SMTP.", "loc": ["services", "grafana", "settings", "smtp", "enabled"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.smtp.from_address": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"admin@grafana.localhost\""}, "description": "Address used when sending out emails.", "loc": ["services", "grafana", "settings", "smtp", "from_address"], "readOnly": false, "type": "string"}, "services.grafana.settings.smtp.from_name": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"Grafana\""}, "description": "Name to be used as client identity for EHLO in SMTP dialog.", "loc": ["services", "grafana", "settings", "smtp", "from_name"], "readOnly": false, "type": "string"}, "services.grafana.settings.smtp.host": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:25\""}, "description": "Host to connect to.", "loc": ["services", "grafana", "settings", "smtp", "host"], "readOnly": false, "type": "string"}, "services.grafana.settings.smtp.key_file": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path to a key file.", "loc": ["services", "grafana", "settings", "smtp", "key_file"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.smtp.password": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Password used for authentication. Please note that the contents of this option\nwill end up in a world-readable Nix store. Use the file provider\npointing at a reasonably secured file in the local filesystem\nto work around that. Look at the documentation for details:\n<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>\n", "loc": ["services", "grafana", "settings", "smtp", "password"], "readOnly": false, "type": "string"}, "services.grafana.settings.smtp.skip_verify": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Verify SSL for SMTP server.", "loc": ["services", "grafana", "settings", "smtp", "skip_verify"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.smtp.startTLS_policy": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "StartTLS policy when connecting to server.", "loc": ["services", "grafana", "settings", "smtp", "startTLS_policy"], "readOnly": false, "type": "null or one of \"OpportunisticStartTLS\", \"MandatoryStartTLS\", \"NoStartTLS\""}, "services.grafana.settings.smtp.user": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User used for authentication.", "loc": ["services", "grafana", "settings", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.grafana.settings.users.allow_org_create": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to `false` to prohibit users from creating new organizations.", "loc": ["services", "grafana", "settings", "users", "allow_org_create"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.users.allow_sign_up": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to false to prohibit users from being able to sign up / create user accounts.\nThe admin user can still create users.\n", "loc": ["services", "grafana", "settings", "users", "allow_sign_up"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.users.auto_assign_org": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to `true` to automatically add new users to the main organization (id 1).\nWhen set to `false,` new users automatically cause a new organization to be created for that new user.\nThe organization will be created even if the `allow_org_create` setting is set to `false`.\n", "loc": ["services", "grafana", "settings", "users", "auto_assign_org"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.users.auto_assign_org_id": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Set this value to automatically add new users to the provided org.\nThis requires `auto_assign_org` to be set to `true`.\nPlease make sure that this organization already exists.\n", "loc": ["services", "grafana", "settings", "users", "auto_assign_org_id"], "readOnly": false, "type": "signed integer"}, "services.grafana.settings.users.auto_assign_org_role": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"Viewer\""}, "description": "The role new users will be assigned for the main organization (if the `auto_assign_org` setting is set to `true`).\n", "loc": ["services", "grafana", "settings", "users", "auto_assign_org_role"], "readOnly": false, "type": "one of \"Viewer\", \"Editor\", \"Admin\""}, "services.grafana.settings.users.default_language": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"en-US\""}, "description": "This setting configures the default UI language, which must be a supported IETF language tag, such as `en-US`.", "loc": ["services", "grafana", "settings", "users", "default_language"], "readOnly": false, "type": "string"}, "services.grafana.settings.users.default_theme": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"dark\""}, "description": "Sets the default UI theme. `system` matches the user's system theme.", "loc": ["services", "grafana", "settings", "users", "default_theme"], "readOnly": false, "type": "one of \"dark\", \"light\", \"system\""}, "services.grafana.settings.users.hidden_users": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This is a comma-separated list of usernames.\nUsers specified here are hidden in the Grafana UI.\nThey are still visible to Grafana administrators and to themselves.\n", "loc": ["services", "grafana", "settings", "users", "hidden_users"], "readOnly": false, "type": "string"}, "services.grafana.settings.users.home_page": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to a custom home page.\nUsers are only redirected to this if the default home dashboard is used.\nIt should match a frontend route and contain a leading slash.\n", "loc": ["services", "grafana", "settings", "users", "home_page"], "readOnly": false, "type": "string"}, "services.grafana.settings.users.login_hint": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"email or username\""}, "description": "Text used as placeholder text on login page for login/username input.", "loc": ["services", "grafana", "settings", "users", "login_hint"], "readOnly": false, "type": "string"}, "services.grafana.settings.users.password_hint": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"password\""}, "description": "Text used as placeholder text on login page for password input.", "loc": ["services", "grafana", "settings", "users", "password_hint"], "readOnly": false, "type": "string"}, "services.grafana.settings.users.user_invite_max_lifetime_duration": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "\"24h\""}, "description": "The duration in time a user invitation remains valid before expiring.\nThis setting should be expressed as a duration.\nExamples: `6h` (hours), `2d` (days), `1w` (week).\nThe minimum supported duration is `15m` (15 minutes).\n", "loc": ["services", "grafana", "settings", "users", "user_invite_max_lifetime_duration"], "readOnly": false, "type": "string"}, "services.grafana.settings.users.verify_email_enabled": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Require email validation before sign up completes.", "loc": ["services", "grafana", "settings", "users", "verify_email_enabled"], "readOnly": false, "type": "boolean"}, "services.grafana.settings.users.viewers_can_edit": {"declarations": ["nixos/modules/services/monitoring/grafana.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to.\nThey cannot save their changes.\n", "loc": ["services", "grafana", "settings", "users", "viewers_can_edit"], "readOnly": false, "type": "boolean"}, "services.grafana_reporter.addr": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listening address.", "loc": ["services", "grafana_reporter", "addr"], "readOnly": false, "type": "string"}, "services.grafana_reporter.enable": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable grafana_reporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grafana_reporter", "enable"], "readOnly": false, "type": "boolean"}, "services.grafana_reporter.grafana.addr": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Grafana address.", "loc": ["services", "grafana_reporter", "grafana", "addr"], "readOnly": false, "type": "string"}, "services.grafana_reporter.grafana.port": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Grafana port.", "loc": ["services", "grafana_reporter", "grafana", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.grafana_reporter.grafana.protocol": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "Grafana protocol.", "loc": ["services", "grafana_reporter", "grafana", "protocol"], "readOnly": false, "type": "one of \"http\", \"https\""}, "services.grafana_reporter.port": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "8686"}, "description": "Listening port.", "loc": ["services", "grafana_reporter", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.grafana_reporter.templateDir": {"declarations": ["nixos/modules/services/monitoring/grafana-reporter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grafana_reporter"}, "description": "Optional template directory to use custom tex templates", "loc": ["services", "grafana_reporter", "templateDir"], "readOnly": false, "type": "string or absolute path"}, "services.graphite.carbon.aggregationRules": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Defines if and how received metrics will be aggregated.", "example": {"_type": "literalExpression", "text": "''\n  <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests\n  <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency\n''"}, "loc": ["services", "graphite", "carbon", "aggregationRules"], "readOnly": false, "type": "null or string"}, "services.graphite.carbon.blacklist": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Any metrics received which match one of the expressions will be dropped.", "example": {"_type": "literalExpression", "text": "\"^some\\\\.noisy\\\\.metric\\\\.prefix\\\\..*\""}, "loc": ["services", "graphite", "carbon", "blacklist"], "readOnly": false, "type": "null or string"}, "services.graphite.carbon.config": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "''\n  [cache]\n  # Listen on localhost by default for security reasons\n  UDP_RECEIVER_INTERFACE = 127.0.0.1\n  PICKLE_RECEIVER_INTERFACE = 127.0.0.1\n  LINE_RECEIVER_INTERFACE = 127.0.0.1\n  CACHE_QUERY_INTERFACE = 127.0.0.1\n  # Do not log every update\n  LOG_UPDATES = False\n  LOG_CACHE_HITS = False\n''"}, "description": "Content of carbon configuration file.", "loc": ["services", "graphite", "carbon", "config"], "readOnly": false, "type": "string"}, "services.graphite.carbon.enableAggregator": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable carbon aggregator, the carbon buffering service.", "loc": ["services", "graphite", "carbon", "enableAggregator"], "readOnly": false, "type": "boolean"}, "services.graphite.carbon.enableCache": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable carbon cache, the graphite storage daemon.", "loc": ["services", "graphite", "carbon", "enableCache"], "readOnly": false, "type": "boolean"}, "services.graphite.carbon.enableRelay": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable carbon relay, the carbon replication and sharding service.", "loc": ["services", "graphite", "carbon", "enableRelay"], "readOnly": false, "type": "boolean"}, "services.graphite.carbon.relayRules": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Relay rules are used to send certain metrics to a certain backend.", "example": {"_type": "literalExpression", "text": "''\n  [example]\n  pattern = ^mydata\\.foo\\..+\n  servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com\n''"}, "loc": ["services", "graphite", "carbon", "relayRules"], "readOnly": false, "type": "null or string"}, "services.graphite.carbon.rewriteRules": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Regular expression patterns that can be used to rewrite metric names\nin a search and replace fashion.\n", "example": {"_type": "literalExpression", "text": "''\n  [post]\n  _sum$ =\n  _avg$ =\n''"}, "loc": ["services", "graphite", "carbon", "rewriteRules"], "readOnly": false, "type": "null or string"}, "services.graphite.carbon.storageAggregation": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Defines how to aggregate data to lower-precision retentions.", "example": {"_type": "literalExpression", "text": "''\n  [all_min]\n  pattern = \\.min$\n  xFilesFactor = 0.1\n  aggregationMethod = min\n''"}, "loc": ["services", "graphite", "carbon", "storageAggregation"], "readOnly": false, "type": "null or string"}, "services.graphite.carbon.storageSchemas": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines retention rates for storing metrics.", "example": {"_type": "literalExpression", "text": "''\n  [apache_busyWorkers]\n  pattern = ^servers\\.www.*\\.workers\\.busyWorkers$\n  retentions = 15s:7d,1m:21d,15m:5y\n''"}, "loc": ["services", "graphite", "carbon", "storageSchemas"], "readOnly": false, "type": "null or string"}, "services.graphite.carbon.whitelist": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only metrics received which match one of the expressions will be persisted.", "example": {"_type": "literalExpression", "text": "\".*\""}, "loc": ["services", "graphite", "carbon", "whitelist"], "readOnly": false, "type": "null or string"}, "services.graphite.dataDir": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/graphite\""}, "description": "Data directory for graphite.\n", "loc": ["services", "graphite", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.graphite.seyren.enable": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable seyren service.", "loc": ["services", "graphite", "seyren", "enable"], "readOnly": false, "type": "boolean"}, "services.graphite.seyren.extraConfig": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra seyren configuration. See\n<https://github.com/scobal/seyren#config>\n", "example": {"_type": "literalExpression", "text": "{\n  GRAPHITE_USERNAME = \"user\";\n  GRAPHITE_PASSWORD = \"pass\";\n}\n"}, "loc": ["services", "graphite", "seyren", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.graphite.seyren.graphiteUrl": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"http://${config.services.graphite.web.listenAddress}:${toString config.services.graphite.web.port}\""}, "description": "Host where graphite service runs.", "loc": ["services", "graphite", "seyren", "graphiteUrl"], "readOnly": false, "type": "string"}, "services.graphite.seyren.mongoUrl": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb://${config.services.mongodb.bind_ip}:27017/seyren\""}, "description": "Mongodb connection string.", "loc": ["services", "graphite", "seyren", "mongoUrl"], "readOnly": false, "type": "string"}, "services.graphite.seyren.port": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Seyren listening port.", "loc": ["services", "graphite", "seyren", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.graphite.seyren.seyrenUrl": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:${toString config.services.graphite.seyren.port}/\""}, "description": "Host where seyren is accessible.", "loc": ["services", "graphite", "seyren", "seyrenUrl"], "readOnly": false, "type": "string"}, "services.graphite.web.enable": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable graphite web frontend.", "loc": ["services", "graphite", "web", "enable"], "readOnly": false, "type": "boolean"}, "services.graphite.web.extraConfig": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Graphite webapp settings. See:\n<https://graphite.readthedocs.io/en/latest/config-local-settings.html>\n", "loc": ["services", "graphite", "web", "extraConfig"], "readOnly": false, "type": "string"}, "services.graphite.web.listenAddress": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Graphite web frontend listen address.", "loc": ["services", "graphite", "web", "listenAddress"], "readOnly": false, "type": "string"}, "services.graphite.web.port": {"declarations": ["nixos/modules/services/monitoring/graphite.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Graphite web frontend port.", "loc": ["services", "graphite", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.grav.enable": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable grav.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grav", "enable"], "readOnly": false, "type": "boolean"}, "services.grav.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "\"128M\""}, "description": "The upload limit for files. This changes the relevant options in\n{file}`php.ini` and nginx if enabled.\n", "loc": ["services", "grav", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.grav.package": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grav"}, "description": "The grav package to use.", "loc": ["services", "grav", "package"], "readOnly": false, "type": "package"}, "services.grav.phpPackage": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php83"}, "description": "The php83 package to use.", "loc": ["services", "grav", "phpPackage"], "readOnly": false, "type": "package"}, "services.grav.pool": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "\"grav\""}, "description": "Name of existing phpfpm pool that is used to run web-application.\nIf not specified a pool will be created automatically with\ndefault values.\n", "loc": ["services", "grav", "pool"], "readOnly": false, "type": "string"}, "services.grav.root": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/grav\""}, "description": "Root of the application.\n", "loc": ["services", "grav", "root"], "readOnly": false, "type": "absolute path"}, "services.grav.systemSettings": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "{\n  log = {\n    handler = \"syslog\";\n  };\n}"}, "description": "Settings written to {file}`user/config/system.yaml`.\n", "loc": ["services", "grav", "systemSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.grav.virtualHost": {"declarations": ["nixos/modules/services/web-apps/grav.nix"], "default": {"_type": "literalExpression", "text": "\"grav\""}, "description": "Name of the nginx virtualhost to use and setup. If null, do not setup\nany virtualhost.\n", "loc": ["services", "grav", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.graylog.dataDir": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/graylog/data\""}, "description": "Directory used to store Graylog server state.", "loc": ["services", "graylog", "dataDir"], "readOnly": false, "type": "string"}, "services.graylog.elasticsearchHosts": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "description": "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication", "example": {"_type": "literalExpression", "text": "[ \"http://node1:9200\" \"http://user:password@node2:19200\" ]"}, "loc": ["services", "graylog", "elasticsearchHosts"], "readOnly": false, "type": "list of string"}, "services.graylog.enable": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Graylog, a log management solution.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "graylog", "enable"], "readOnly": false, "type": "boolean"}, "services.graylog.extraConfig": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any other configuration options you might want to add", "loc": ["services", "graylog", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.graylog.isMaster": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this is the master instance of your Graylog cluster", "loc": ["services", "graylog", "isMaster"], "readOnly": false, "type": "boolean"}, "services.graylog.messageJournalDir": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/graylog/data/journal\""}, "description": "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself", "loc": ["services", "graylog", "messageJournalDir"], "readOnly": false, "type": "string"}, "services.graylog.mongodbUri": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb://localhost/graylog\""}, "description": "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details", "loc": ["services", "graylog", "mongodbUri"], "readOnly": false, "type": "string"}, "services.graylog.nodeIdFile": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/graylog/server/node-id\""}, "description": "Path of the file containing the graylog node-id", "loc": ["services", "graylog", "nodeIdFile"], "readOnly": false, "type": "string"}, "services.graylog.package": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "pkgs.graylog"}, "description": "The graylog package to use.", "example": {"_type": "literalExpression", "text": "graylog-6_0"}, "loc": ["services", "graylog", "package"], "readOnly": false, "type": "package"}, "services.graylog.passwordSecret": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "description": "You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.\nGenerate one by using for example: pwgen -N 1 -s 96\n", "loc": ["services", "graylog", "passwordSecret"], "readOnly": false, "type": "string"}, "services.graylog.plugins": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra graylog plugins", "loc": ["services", "graylog", "plugins"], "readOnly": false, "type": "list of package"}, "services.graylog.rootPasswordSha2": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "description": "You MUST specify a hash password for the root user (which you only need to initially set up the\nsystem and in case you lose connectivity to your authentication backend)\nThis password cannot be changed using the API or via the web interface. If you need to change it,\nmodify it here.\nCreate one by using for example: echo -n yourpassword | shasum -a 256\nand use the resulting hash value as string for the option\n", "example": {"_type": "literalExpression", "text": "\"e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952\""}, "loc": ["services", "graylog", "rootPasswordSha2"], "readOnly": false, "type": "string"}, "services.graylog.rootUsername": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Name of the default administrator user", "loc": ["services", "graylog", "rootUsername"], "readOnly": false, "type": "string"}, "services.graylog.user": {"declarations": ["nixos/modules/services/logging/graylog.nix"], "default": {"_type": "literalExpression", "text": "\"graylog\""}, "description": "User account under which graylog runs", "loc": ["services", "graylog", "user"], "readOnly": false, "type": "string"}, "services.greenclip.enable": {"declarations": ["nixos/modules/services/misc/greenclip.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Greenclip, a clipboard manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "greenclip", "enable"], "readOnly": false, "type": "boolean"}, "services.greenclip.package": {"declarations": ["nixos/modules/services/misc/greenclip.nix"], "default": {"_type": "literalExpression", "text": "pkgs.haskellPackages.greenclip"}, "description": "The greenclip package to use.", "loc": ["services", "greenclip", "package"], "readOnly": false, "type": "package"}, "services.greetd.enable": {"declarations": ["nixos/modules/services/display-managers/greetd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable greetd, a minimal and flexible login manager daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "greetd", "enable"], "readOnly": false, "type": "boolean"}, "services.greetd.package": {"declarations": ["nixos/modules/services/display-managers/greetd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.greetd"}, "description": "The greetd package to use.", "loc": ["services", "greetd", "package"], "readOnly": false, "type": "package"}, "services.greetd.restart": {"declarations": ["nixos/modules/services/display-managers/greetd.nix"], "default": {"_type": "literalExpression", "text": "!(config.services.greetd.settings ? initial_session)"}, "description": "Whether to restart greetd when it terminates (e.g. on failure).\nThis is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin),\nbecause every greetd restart will trigger the autologin again.\n", "loc": ["services", "greetd", "restart"], "readOnly": false, "type": "boolean"}, "services.greetd.settings": {"declarations": ["nixos/modules/services/display-managers/greetd.nix"], "description": "greetd configuration ([documentation](https://man.sr.ht/~kennylevinsen/greetd/))\nas a Nix attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  default_session = {\n    command = \"${pkgs.greetd}/bin/agreety --cmd sway\";\n  };\n}\n"}, "loc": ["services", "greetd", "settings"], "readOnly": false, "type": "TOML value"}, "services.greetd.useTextGreeter": {"declarations": ["nixos/modules/services/display-managers/greetd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the greeter uses text-based user interfaces (For example, tuigreet).\n\nWhen set to true, some systemd service configuration will be adjusted to avoid systemd boot messages interrupt TUI.\n", "loc": ["services", "greetd", "useTextGreeter"], "readOnly": false, "type": "boolean"}, "services.grocy.dataDir": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/grocy\""}, "description": "Home directory of the `grocy` user which contains\nthe application's state.\n", "loc": ["services", "grocy", "dataDir"], "readOnly": false, "type": "string"}, "services.grocy.enable": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable grocy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "grocy", "enable"], "readOnly": false, "type": "boolean"}, "services.grocy.hostName": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "description": "FQDN for the grocy instance.\n", "loc": ["services", "grocy", "hostName"], "readOnly": false, "type": "string"}, "services.grocy.nginx.enableSSL": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether or not to enable SSL (with ACME and let's encrypt)\nfor the grocy vhost.\n", "loc": ["services", "grocy", "nginx", "enableSSL"], "readOnly": false, "type": "boolean"}, "services.grocy.package": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grocy"}, "description": "The grocy package to use.", "loc": ["services", "grocy", "package"], "readOnly": false, "type": "package"}, "services.grocy.phpfpm.settings": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "{\n  catch_workers_output = true;\n  \"listen.owner\" = \"nginx\";\n  \"php_admin_flag[log_errors]\" = true;\n  \"php_admin_value[error_log]\" = \"stderr\";\n  pm = \"dynamic\";\n  \"pm.max_children\" = \"32\";\n  \"pm.max_requests\" = \"500\";\n  \"pm.max_spare_servers\" = \"4\";\n  \"pm.min_spare_servers\" = \"2\";\n  \"pm.start_servers\" = \"2\";\n}"}, "description": "Options for grocy's PHPFPM pool.\n", "loc": ["services", "grocy", "phpfpm", "settings"], "readOnly": false, "type": "attribute set of (signed integer or string or boolean)"}, "services.grocy.settings.calendar.firstDayOfWeek": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Which day of the week (0=Sunday, 1=Monday etc.) should be the\nfirst day.\n", "loc": ["services", "grocy", "settings", "calendar", "firstDayOfWeek"], "readOnly": false, "type": "null or one of 0, 1, 2, 3, 4, 5, 6"}, "services.grocy.settings.calendar.showWeekNumber": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Show the number of the weeks in the calendar views.\n", "loc": ["services", "grocy", "settings", "calendar", "showWeekNumber"], "readOnly": false, "type": "boolean"}, "services.grocy.settings.culture": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "\"en\""}, "description": "Display language of the frontend.\n", "loc": ["services", "grocy", "settings", "culture"], "readOnly": false, "type": "one of \"de\", \"en\", \"da\", \"en_GB\", \"es\", \"fr\", \"hu\", \"it\", \"nl\", \"no\", \"pl\", \"pt_BR\", \"ru\", \"sk_SK\", \"sv_SE\", \"tr\""}, "services.grocy.settings.currency": {"declarations": ["nixos/modules/services/web-apps/grocy.nix"], "default": {"_type": "literalExpression", "text": "\"USD\""}, "description": "ISO 4217 code for the currency to display.\n", "example": {"_type": "literalExpression", "text": "\"EUR\""}, "loc": ["services", "grocy", "settings", "currency"], "readOnly": false, "type": "string"}, "services.guacamole-client.enable": {"declarations": ["nixos/modules/services/web-apps/guacamole-client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Guacamole Client (Tomcat).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "guacamole-client", "enable"], "readOnly": false, "type": "boolean"}, "services.guacamole-client.enableWebserver": {"declarations": ["nixos/modules/services/web-apps/guacamole-client.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the Guacamole web application in a Tomcat webserver.\n", "loc": ["services", "guacamole-client", "enableWebserver"], "readOnly": false, "type": "boolean"}, "services.guacamole-client.logbackXml": {"declarations": ["nixos/modules/services/web-apps/guacamole-client.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration file that correspond to `logback.xml`.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/logback.xml\""}, "loc": ["services", "guacamole-client", "logbackXml"], "readOnly": false, "type": "null or absolute path"}, "services.guacamole-client.package": {"declarations": ["nixos/modules/services/web-apps/guacamole-client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.guacamole-client"}, "description": "The guacamole-client package to use.", "loc": ["services", "guacamole-client", "package"], "readOnly": false, "type": "package"}, "services.guacamole-client.settings": {"declarations": ["nixos/modules/services/web-apps/guacamole-client.nix"], "default": {"_type": "literalExpression", "text": "{\n  guacd-hostname = \"localhost\";\n  guacd-port = 4822;\n}"}, "description": "Configuration written to `guacamole.properties`.\n\n::: {.note}\nThe Guacamole web application uses one main configuration file called\n`guacamole.properties`. This file is the common location for all\nconfiguration properties read by Guacamole or any extension of\nGuacamole, including authentication providers.\n:::\n", "loc": ["services", "guacamole-client", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, package, bool, int or float)"}, "services.guacamole-client.userMappingXml": {"declarations": ["nixos/modules/services/web-apps/guacamole-client.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration file that correspond to `user-mapping.xml`.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/user-mapping.xml\""}, "loc": ["services", "guacamole-client", "userMappingXml"], "readOnly": false, "type": "null or absolute path"}, "services.guacamole-server.enable": {"declarations": ["nixos/modules/services/web-apps/guacamole-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Guacamole Server (guacd).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "guacamole-server", "enable"], "readOnly": false, "type": "boolean"}, "services.guacamole-server.extraEnvironment": {"declarations": ["nixos/modules/services/web-apps/guacamole-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to pass to guacd.", "example": {"_type": "literalExpression", "text": "{\n  ENVIRONMENT = \"production\";\n}\n"}, "loc": ["services", "guacamole-server", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.guacamole-server.host": {"declarations": ["nixos/modules/services/web-apps/guacamole-server.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host name or IP address the server should listen to.\n", "loc": ["services", "guacamole-server", "host"], "readOnly": false, "type": "string"}, "services.guacamole-server.package": {"declarations": ["nixos/modules/services/web-apps/guacamole-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.guacamole-server"}, "description": "The guacamole-server package to use.", "loc": ["services", "guacamole-server", "package"], "readOnly": false, "type": "package"}, "services.guacamole-server.port": {"declarations": ["nixos/modules/services/web-apps/guacamole-server.nix"], "default": {"_type": "literalExpression", "text": "4822"}, "description": "The port the guacd server should listen to.\n", "loc": ["services", "guacamole-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.guix.enable": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Guix build daemon service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "guix", "enable"], "readOnly": false, "type": "boolean"}, "services.guix.extraArgs": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to the Guix daemon service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--max-jobs=4\"\n  \"--debug\"\n]"}, "loc": ["services", "guix", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.guix.gc.dates": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "\"03:15\""}, "description": "How often the garbage collection occurs. This takes the time format\nfrom {manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"weekly\""}, "loc": ["services", "guix", "gc", "dates"], "readOnly": false, "type": "string"}, "services.guix.gc.enable": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic garbage collection service for Guix.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "guix", "gc", "enable"], "readOnly": false, "type": "boolean"}, "services.guix.gc.extraArgs": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of arguments to be passed to {command}`guix gc`.\n\nWhen given no option, it will try to collect all garbage which is\noften inconvenient so it is recommended to set [some\noptions](https://guix.gnu.org/en/manual/en/html_node/Invoking-guix-gc.html).\n", "example": {"_type": "literalExpression", "text": "[\n  \"--delete-generations=1m\"\n  \"--free-space=10G\"\n  \"--optimize\"\n]"}, "loc": ["services", "guix", "gc", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.guix.group": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "\"guixbuild\""}, "description": "The group of the Guix build user pool.\n", "example": {"_type": "literalExpression", "text": "\"guixbuild\""}, "loc": ["services", "guix", "group"], "readOnly": false, "type": "string"}, "services.guix.nrBuildUsers": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Number of Guix build users to be used in the build pool.\n", "example": {"_type": "literalExpression", "text": "20"}, "loc": ["services", "guix", "nrBuildUsers"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.guix.package": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "pkgs.guix"}, "description": "The guix package to use. It should contain {command}`guix-daemon` and {command}`guix`\nexecutable.\n", "loc": ["services", "guix", "package"], "readOnly": false, "type": "package"}, "services.guix.publish.enable": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable substitute server for your Guix store directory.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "guix", "publish", "enable"], "readOnly": false, "type": "boolean"}, "services.guix.publish.extraArgs": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to the substitute server.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--compression=zstd:6\"\n  \"--discover=no\"\n]"}, "loc": ["services", "guix", "publish", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.guix.publish.generateKeyPair": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to generate signing keys in {file}`/etc/guix` which are\nrequired to initialize a substitute server. Otherwise,\n`--public-key=$FILE` and `--private-key=$FILE` can be passed in\n{option}`services.guix.publish.extraArgs`.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "guix", "publish", "generateKeyPair"], "readOnly": false, "type": "boolean"}, "services.guix.publish.port": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "8181"}, "description": "Port of the substitute server to listen on.\n", "example": {"_type": "literalExpression", "text": "8200"}, "loc": ["services", "guix", "publish", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.guix.publish.user": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "\"guix-publish\""}, "description": "Name of the user to change once the server is up.\n", "loc": ["services", "guix", "publish", "user"], "readOnly": false, "type": "string"}, "services.guix.stateDir": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "\"/var\""}, "description": "The state directory where Guix service will store its data such as its\nuser-specific profiles, cache, and state files.\n\n::: {.warning}\nChanging it to something other than the default will rebuild the\npackage.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/gnu/var\""}, "loc": ["services", "guix", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.guix.storeDir": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "\"/gnu/store\""}, "description": "The store directory where the Guix service will serve to/from. Take\nnote Guix cannot take advantage of substitutes if you set it something\nother than {file}`/gnu/store` since most of the cached builds are\nassumed to be in there.\n\n::: {.warning}\nThis will also recompile all packages because the normal cache no\nlonger applies.\n:::\n", "loc": ["services", "guix", "storeDir"], "readOnly": false, "type": "absolute path"}, "services.guix.substituters.authorizedKeys": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "''\n  The packaged signing keys from {option}`services.guix.package`.\n''"}, "description": "A list of signing keys for each substitute server to be authorized as\na source of substitutes. Without this, the listed substitute servers\nfrom {option}`services.guix.substituters.urls` would be ignored [with\nsome\nexceptions](https://guix.gnu.org/manual/en/html_node/Substitute-Authentication.html).\n", "example": {"_type": "literalExpression", "text": "options.services.guix.substituters.authorizedKeys.default ++ [\n  (builtins.fetchurl {\n    url = \"https://guix.example.com/signing-key.pub\";\n  })\n\n  (builtins.fetchurl {\n    url = \"https://guix.example.org/static/signing-key.pub\";\n  })\n]\n"}, "loc": ["services", "guix", "substituters", "authorizedKeys"], "readOnly": false, "type": "list of absolute path"}, "services.guix.substituters.urls": {"declarations": ["nixos/modules/services/misc/guix"], "default": {"_type": "literalExpression", "text": "[\n  \"https://ci.guix.gnu.org\"\n  \"https://bordeaux.guix.gnu.org\"\n  \"https://berlin.guix.gnu.org\"\n]"}, "description": "A list of substitute servers' URLs for the Guix daemon to download\nsubstitutes from.\n", "example": {"_type": "literalExpression", "text": "options.services.guix.substituters.urls.default ++ [\n  \"https://guix.example.com\"\n  \"https://guix.example.org\"\n]\n"}, "loc": ["services", "guix", "substituters", "urls"], "readOnly": false, "type": "list of string"}, "services.gvfs.enable": {"declarations": ["nixos/modules/services/desktops/gvfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GVfs, a userspace virtual filesystem.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gvfs", "enable"], "readOnly": false, "type": "boolean"}, "services.gvfs.package": {"declarations": ["nixos/modules/services/desktops/gvfs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnome.gvfs"}, "description": "The gvfs package to use.", "loc": ["services", "gvfs", "package"], "readOnly": false, "type": "package"}, "services.gvpe.configFile": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "GVPE config file, if already present\n", "example": {"_type": "literalExpression", "text": "\"/root/my-gvpe-conf\""}, "loc": ["services", "gvpe", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.gvpe.configText": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "GVPE config contents\n", "example": {"_type": "literalExpression", "text": "''\n  tcp-port = 655\n  udp-port = 655\n  mtu = 1480\n  ifname = vpn0\n  \n  node = alpha\n  hostname = alpha.example.org\n  connect = always\n  enable-udp = true\n  enable-tcp = true\n  on alpha if-up = if-up-0\n  on alpha pid-file = /var/gvpe/gvpe.pid\n''"}, "loc": ["services", "gvpe", "configText"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.gvpe.customIFSetup": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional commands to apply in ifup script\n", "loc": ["services", "gvpe", "customIFSetup"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.gvpe.enable": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gvpe.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gvpe", "enable"], "readOnly": false, "type": "boolean"}, "services.gvpe.ipAddress": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP address to assign to GVPE interface\n", "loc": ["services", "gvpe", "ipAddress"], "readOnly": false, "type": "null or string"}, "services.gvpe.nodename": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "GVPE node name\n", "loc": ["services", "gvpe", "nodename"], "readOnly": false, "type": "null or string"}, "services.gvpe.subnet": {"declarations": ["nixos/modules/services/networking/gvpe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP subnet assigned to GVPE network\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.0/8\""}, "loc": ["services", "gvpe", "subnet"], "readOnly": false, "type": "null or string"}, "services.h2o.defaultHTTPListenPort": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "If hosts do not specify listen.port, use these ports for HTTP by default.\n", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "h2o", "defaultHTTPListenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.h2o.defaultTLSListenPort": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "If hosts do not specify listen.port, use these ports for SSL by default.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "h2o", "defaultTLSListenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.h2o.defaultTLSRecommendations": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default, H2O, without prejudice, will use as many TLS versions &\ncipher suites as it & the TLS library (OpenSSL) can support. The user is\nexpected to hone settings for the security of their server. Setting some\nconstraints is recommended, & if unsure about what TLS settings to use,\nthis option gives curated TLS settings recommendations from Mozilla\u2019s\n\u2018SSL Configuration Generator\u2019 project (see\n<https://ssl-config.mozilla.org>) or read more at Mozilla\u2019s Wiki (see\n<https://wiki.mozilla.org/Security/Server_Side_TLS>).\n\nmodern\n: Services with clients that support TLS 1.3 & don\u2019t need backward\n  compatibility\n\nintermediate\n: General-purpose servers with a variety of clients, recommended for\n  almost all systems\n\nold\n: Compatible with a number of very old clients, & should be used only as\n  a last resort\n\nThe default for all virtual hosts can be set with\nservices.h2o.defaultTLSRecommendations, but this value can be overridden\non a per-host basis using services.h2o.hosts.<name>.tls.recommmendations.\nThe settings will also be overidden by manual values set with\nservices.settings.h2o.hosts.<name>.tls.extraSettings.\n\nNOTE: older/weaker ciphers might require overriding the OpenSSL version\nof H2O (such as `openssl_legacy`). This can be done with\nsevices.settings.h2o.package.\n", "example": {"_type": "literalExpression", "text": "\"intermediate\""}, "loc": ["services", "h2o", "defaultTLSRecommendations"], "readOnly": false, "type": "null or one of \"modern\", \"intermediate\", \"old\""}, "services.h2o.enable": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable H2O web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "h2o", "enable"], "readOnly": false, "type": "boolean"}, "services.h2o.group": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "\"h2o\""}, "description": "Group running H2O services", "loc": ["services", "h2o", "group"], "readOnly": false, "type": "non-empty string"}, "services.h2o.hosts": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The `hosts` config to be merged with the settings.\n\nNote that unlike YAML used for H2O, Nix will not support duplicate\nkeys to, for instance, have multiple listens in a host block; use the\nvirtual host options in like `http` & `tls` or use `$HOST:$PORT`\nkeys if manually specifying config.\n", "example": {"_type": "literalExpression", "text": "{\n  \"hydra.example.com\" = {\n    tls = {\n      policy = \"force\";\n      identity = [\n        {\n          key-file = \"/path/to/key\";\n          certificate-file = \"/path/to/cert\";\n        };\n      ];\n      extraSettings = {\n        minimum-version = \"TLSv1.3\";\n      };\n    };\n    settings = {\n      paths.\"/\" = {\n        \"file:dir\" = \"/var/www/default\";\n      };\n    };\n  };\n}\n"}, "loc": ["services", "h2o", "hosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.h2o.hosts.<name>.acme": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ACME options for virtual host.", "loc": ["services", "h2o", "hosts", "<name>", "acme"], "readOnly": false, "type": "null or (submodule)"}, "services.h2o.hosts.<name>.acme.enable": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let\u2019s Encrypt to sign a certificate for this\nvirtual host. Alternatively, an existing host can be used thru\n{option}`acme.useHost`.\n", "loc": ["services", "h2o", "hosts", "<name>", "acme", "enable"], "readOnly": false, "type": "boolean"}, "services.h2o.hosts.<name>.acme.root": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don\u2019t put\ncerts or keys in here. Set to `null` to inherit from\nconfig.security.acme.\n", "loc": ["services", "h2o", "hosts", "<name>", "acme", "root"], "readOnly": false, "type": "null or absolute path"}, "services.h2o.hosts.<name>.acme.useHost": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An existing Let\u2019s Encrypt certificate to use for this virtual\nhost. This is useful if you have many subdomains and want to\navoid hitting the [rate\nlimit](https://letsencrypt.org/docs/rate-limits). Alternately,\nyou can generate a certificate through {option}`acme.enable`.\nNote that this option neither creates any certificates nor does\nit add subdomains to existing ones\u2009\u2014\u2009you will need to create\nthem manually using [](#opt-security.acme.certs).\n", "loc": ["services", "h2o", "hosts", "<name>", "acme", "useHost"], "readOnly": false, "type": "null or non-empty string"}, "services.h2o.hosts.<name>.host": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the host address for this virtual host. If unset, the default is to\nlisten on all network interfaces.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "h2o", "hosts", "<name>", "host"], "readOnly": false, "type": "null or non-empty string"}, "services.h2o.hosts.<name>.http": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP options for virtual host", "loc": ["services", "h2o", "hosts", "<name>", "http"], "readOnly": false, "type": "null or (submodule)"}, "services.h2o.hosts.<name>.http.port": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.h2o.defaultHTTPListenPort\n"}, "description": "Override the default HTTP port for this virtual host.\n", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "h2o", "hosts", "<name>", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.h2o.hosts.<name>.serverAliases": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host\nconfiguration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "h2o", "hosts", "<name>", "serverAliases"], "readOnly": false, "type": "list of non-empty string"}, "services.h2o.hosts.<name>.serverName": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Server name to be used for this virtual host. Defaults to attribute\nname in hosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "h2o", "hosts", "<name>", "serverName"], "readOnly": false, "type": "null or non-empty string"}, "services.h2o.hosts.<name>.settings": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset to be transformed into YAML for host config. Note that the HTTP\n/ TLS configurations will override these config values. See\n<https://h2o.examp1e.net/configure/base_directives.html#hosts>.\n", "loc": ["services", "h2o", "hosts", "<name>", "settings"], "readOnly": false, "type": "attribute set"}, "services.h2o.hosts.<name>.tls": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS options for virtual host", "loc": ["services", "h2o", "hosts", "<name>", "tls"], "readOnly": false, "type": "null or (submodule)"}, "services.h2o.hosts.<name>.tls.extraSettings": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional TLS/SSL-related configuration options. See\n<https://h2o.examp1e.net/configure/base_directives.html#listen-ssl>.\n", "example": {"_type": "literalExpression", "text": "{\n  minimum-version = \"TLSv1.3\";\n}\n"}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "extraSettings"], "readOnly": false, "type": "attribute set"}, "services.h2o.hosts.<name>.tls.identity": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Key / certificate pairs for the virtual host.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    key-file = \"/path/to/rsa.key\";\n    certificate-file = \"/path/to/rsa.crt\";\n  }\n  {\n    key-file = \"/path/to/ecdsa.key\";\n    certificate-file = \"/path/to/ecdsa.crt\";\n  }\n]\n"}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "identity"], "readOnly": false, "type": "list of (submodule)"}, "services.h2o.hosts.<name>.tls.identity.*.certificate-file": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "description": "Path to certificate file. See\n<https://h2o.examp1e.net/configure/base_directives.html#certificate-file>.\n", "loc": ["services", "h2o", "hosts", "<name>", "tls", "identity", "*", "certificate-file"], "readOnly": false, "type": "absolute path"}, "services.h2o.hosts.<name>.tls.identity.*.key-file": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "description": "Path to key file. See\n<https://h2o.examp1e.net/configure/base_directives.html#key-file>.\n", "loc": ["services", "h2o", "hosts", "<name>", "tls", "identity", "*", "key-file"], "readOnly": false, "type": "absolute path"}, "services.h2o.hosts.<name>.tls.policy": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "description": "`add` will additionally listen for TLS connections. `only` will\ndisable   TLS connections. `force` will redirect non-TLS traffic\nto the TLS connection.\n", "example": {"_type": "literalExpression", "text": "\"force\""}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "policy"], "readOnly": false, "type": "one of \"add\", \"only\", \"force\""}, "services.h2o.hosts.<name>.tls.port": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.h2o.defaultTLSListenPort\n"}, "description": "Override the default TLS port for this virtual host.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.h2o.hosts.<name>.tls.quic": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables HTTP/3 over QUIC on the UDP port for TLS. The attrset\nprovides fine-turning for QUIC behavior, but can be empty. See\n<https://h2o.examp1e.net/configure/http3_directives.html#quic-attributes>.\n", "example": {"_type": "literalExpression", "text": "{\n  amp-limit = 2;\n  handshake-timeout-rtt-multiplier = 300;\n  retry = \"ON\";\n}\n"}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "quic"], "readOnly": false, "type": "null or (attribute set)"}, "services.h2o.hosts.<name>.tls.recommendations": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default, H2O, without prejudice, will use as many TLS versions &\ncipher suites as it & the TLS library (OpenSSL) can support. The user is\nexpected to hone settings for the security of their server. Setting some\nconstraints is recommended, & if unsure about what TLS settings to use,\nthis option gives curated TLS settings recommendations from Mozilla\u2019s\n\u2018SSL Configuration Generator\u2019 project (see\n<https://ssl-config.mozilla.org>) or read more at Mozilla\u2019s Wiki (see\n<https://wiki.mozilla.org/Security/Server_Side_TLS>).\n\nmodern\n: Services with clients that support TLS 1.3 & don\u2019t need backward\n  compatibility\n\nintermediate\n: General-purpose servers with a variety of clients, recommended for\n  almost all systems\n\nold\n: Compatible with a number of very old clients, & should be used only as\n  a last resort\n\nThe default for all virtual hosts can be set with\nservices.h2o.defaultTLSRecommendations, but this value can be overridden\non a per-host basis using services.h2o.hosts.<name>.tls.recommmendations.\nThe settings will also be overidden by manual values set with\nservices.settings.h2o.hosts.<name>.tls.extraSettings.\n\nNOTE: older/weaker ciphers might require overriding the OpenSSL version\nof H2O (such as `openssl_legacy`). This can be done with\nsevices.settings.h2o.package.\n", "example": {"_type": "literalExpression", "text": "\"intermediate\""}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "recommendations"], "readOnly": false, "type": "null or one of \"modern\", \"intermediate\", \"old\""}, "services.h2o.hosts.<name>.tls.redirectCode": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` & `forceSSL`. Possible\nusecases include temporary (302, 307) redirects, keeping the\nrequest method & body (307, 308), or explicitly resetting the\nmethod to GET (303). See\n<https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "h2o", "hosts", "<name>", "tls", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.h2o.package": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.h2o"}, "description": "The h2o package to use.", "example": {"_type": "literalExpression", "text": "pkgs.h2o.override {\n  withMruby = false;\n  openssl = pkgs.openssl_legacy;\n}\n"}, "loc": ["services", "h2o", "package"], "readOnly": false, "type": "package"}, "services.h2o.settings": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for H2O (see <https://h2o.examp1e.net/configure.html>)", "example": {"_type": "literalExpression", "text": "{\n  compress = \"ON\";\n  ssl-offload = \"kernel\";\n  http2-reprioritize-blocking-assets = \"ON\";\n  \"file.mime.addtypes\" = {\n    \"text/x-rst\" = {\n      extensions = [ \".rst\" ];\n      is_compressible = \"YES\";\n    };\n  };\n}\n"}, "loc": ["services", "h2o", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.h2o.user": {"declarations": ["nixos/modules/services/web-servers/h2o/default.nix"], "default": {"_type": "literalExpression", "text": "\"h2o\""}, "description": "User running H2O service", "loc": ["services", "h2o", "user"], "readOnly": false, "type": "non-empty string"}, "services.hadoop.containerExecutorCfg": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"feature.mount-cgroup.enabled\" = 1;\n  \"feature.terminal.enabled\" = 1;\n  \"min.user.id\" = 1000;\n  \"yarn.nodemanager.linux-container-executor.group\" = \"hadoop\";\n}"}, "description": "Yarn container-executor.cfg definition\n<https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html>\n", "example": {"_type": "literalExpression", "text": "options.services.hadoop.containerExecutorCfg.default // {\n  \"feature.terminal.enabled\" = 0;\n}\n"}, "loc": ["services", "hadoop", "containerExecutorCfg"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.coreSite": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hadoop core-site.xml definition\n<https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml>\n", "example": {"_type": "literalExpression", "text": "{\n  \"fs.defaultFS\" = \"hdfs://localhost\";\n}\n"}, "loc": ["services", "hadoop", "coreSite"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.extraConfDirs": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories containing additional config files to be added to HADOOP_CONF_DIR", "example": {"_type": "literalExpression", "text": "[\n  ./extraHDFSConfs\n  ./extraYARNConfs\n]\n"}, "loc": ["services", "hadoop", "extraConfDirs"], "readOnly": false, "type": "list of absolute path"}, "services.hadoop.gatewayRole.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable gateway role for deploying hadoop configs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "gatewayRole", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.gatewayRole.enableHbaseCli": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HBase CLI tools.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "gatewayRole", "enableHbaseCli"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.master.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HBase master.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hbase", "master", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.master.environment": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to master.", "example": {"_type": "literalExpression", "text": "{\n  HBASE_MASTER_OPTS = \"-Dcom.sun.management.jmxremote.ssl=true\";\n}\n"}, "loc": ["services", "hadoop", "hbase", "master", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hbase.master.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags for the master service.", "example": {"_type": "literalExpression", "text": "[ \"--backup\" ]"}, "loc": ["services", "hadoop", "hbase", "master", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hbase.master.initHDFS": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable initialization of the hbase directory on HDFS.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hbase", "master", "initHDFS"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.master.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HBase master.", "loc": ["services", "hadoop", "hbase", "master", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.master.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Restart master con config change.", "loc": ["services", "hadoop", "hbase", "master", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.package": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hbase"}, "description": "The hbase package to use.", "loc": ["services", "hadoop", "hbase", "package"], "readOnly": false, "type": "package"}, "services.hadoop.hbase.regionServer.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HBase regionServer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hbase", "regionServer", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.regionServer.environment": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to regionServer.", "example": {"_type": "literalExpression", "text": "{\n  HBASE_MASTER_OPTS = \"-Dcom.sun.management.jmxremote.ssl=true\";\n}\n"}, "loc": ["services", "hadoop", "hbase", "regionServer", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hbase.regionServer.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags for the regionServer service.", "example": {"_type": "literalExpression", "text": "[ \"--backup\" ]"}, "loc": ["services", "hadoop", "hbase", "regionServer", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hbase.regionServer.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HBase regionServer.", "loc": ["services", "hadoop", "hbase", "regionServer", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.regionServer.overrideHosts": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Remove /etc/hosts entries for \"127.0.0.2\" and \"::1\" defined in nixos/modules/config/networking.nix\nRegionservers must be able to resolve their hostnames to their IP addresses, through PTR records\nor /etc/hosts entries.\n", "loc": ["services", "hadoop", "hbase", "regionServer", "overrideHosts"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.regionServer.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Restart regionServer con config change.", "loc": ["services", "hadoop", "hbase", "regionServer", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.rest.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HBase rest.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hbase", "rest", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.rest.environment": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to rest.", "example": {"_type": "literalExpression", "text": "{\n  HBASE_MASTER_OPTS = \"-Dcom.sun.management.jmxremote.ssl=true\";\n}\n"}, "loc": ["services", "hadoop", "hbase", "rest", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hbase.rest.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags for the rest service.", "example": {"_type": "literalExpression", "text": "[ \"--backup\" ]"}, "loc": ["services", "hadoop", "hbase", "rest", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hbase.rest.infoPort": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "8085"}, "description": "web UI port", "loc": ["services", "hadoop", "hbase", "rest", "infoPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hadoop.hbase.rest.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HBase rest.", "loc": ["services", "hadoop", "hbase", "rest", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.rest.port": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "RPC port", "loc": ["services", "hadoop", "hbase", "rest", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hadoop.hbase.rest.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Restart rest con config change.", "loc": ["services", "hadoop", "hbase", "rest", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.rootdir": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "\"/hbase\""}, "description": "This option will set \"hbase.rootdir\" in hbase-site.xml and determine\nthe directory shared by region servers and into which HBase persists.\nThe URL should be 'fully-qualified' to include the filesystem scheme.\nIf a core-site.xml is provided, the FS scheme defaults to the value\nof \"fs.defaultFS\".\n\nFilesystems other than HDFS (like S3, QFS, Swift) are also supported.\n", "example": {"_type": "literalExpression", "text": "\"hdfs://nameservice1/hbase\""}, "loc": ["services", "hadoop", "hbase", "rootdir"], "readOnly": false, "type": "string"}, "services.hadoop.hbase.thrift.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HBase thrift.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hbase", "thrift", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.thrift.environment": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to thrift.", "example": {"_type": "literalExpression", "text": "{\n  HBASE_MASTER_OPTS = \"-Dcom.sun.management.jmxremote.ssl=true\";\n}\n"}, "loc": ["services", "hadoop", "hbase", "thrift", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hbase.thrift.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags for the thrift service.", "example": {"_type": "literalExpression", "text": "[ \"--backup\" ]"}, "loc": ["services", "hadoop", "hbase", "thrift", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hbase.thrift.infoPort": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "9095"}, "description": "web UI port", "loc": ["services", "hadoop", "hbase", "thrift", "infoPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hadoop.hbase.thrift.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HBase thrift.", "loc": ["services", "hadoop", "hbase", "thrift", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.thrift.port": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "9090"}, "description": "RPC port", "loc": ["services", "hadoop", "hbase", "thrift", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hadoop.hbase.thrift.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Restart thrift con config change.", "loc": ["services", "hadoop", "hbase", "thrift", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hbase.zookeeperQuorum": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option will set \"hbase.zookeeper.quorum\" in hbase-site.xml.\nComma separated list of servers in the ZooKeeper ensemble.\n", "example": {"_type": "literalExpression", "text": "\"zk1.internal,zk2.internal,zk3.internal\""}, "loc": ["services", "hadoop", "hbase", "zookeeperQuorum"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.hadoop.hbaseSite": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional options and overrides for hbase-site.xml\n<https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml>\n", "example": {"_type": "literalExpression", "text": "{\n  \"hbase.hregion.max.filesize\" = 20*1024*1024*1024;\n  \"hbase.table.normalization.enabled\" = \"true\";\n}\n"}, "loc": ["services", "hadoop", "hbaseSite"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.hbaseSiteDefault": {"declarations": ["nixos/modules/services/cluster/hadoop/hbase.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"hbase.cluster.distributed\" = \"true\";\n  \"hbase.master.info.bindAddress\" = \"0.0.0.0\";\n  \"hbase.master.ipc.address\" = \"0.0.0.0\";\n  \"hbase.regionserver.info.bindAddress\" = \"0.0.0.0\";\n  \"hbase.regionserver.ipc.address\" = \"0.0.0.0\";\n}"}, "description": "Default options for hbase-site.xml\n", "loc": ["services", "hadoop", "hbaseSiteDefault"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.hdfs.datanode.dataDirs": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tier and path definitions for datanode storage.", "loc": ["services", "hadoop", "hdfs", "datanode", "dataDirs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.hadoop.hdfs.datanode.dataDirs.*.path": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "description": "Determines where on the local filesystem a data node should store its blocks.", "example": {"_type": "literalExpression", "text": "[\n  \"/var/lib/hadoop/hdfs/dn\"\n]"}, "loc": ["services", "hadoop", "hdfs", "datanode", "dataDirs", "*", "path"], "readOnly": false, "type": "absolute path"}, "services.hadoop.hdfs.datanode.dataDirs.*.type": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "description": "Storage types ([SSD]/[DISK]/[ARCHIVE]/[RAM_DISK]) for HDFS storage policies.\n", "loc": ["services", "hadoop", "hdfs", "datanode", "dataDirs", "*", "type"], "readOnly": false, "type": "one of \"SSD\", \"DISK\", \"ARCHIVE\", \"RAM_DISK\""}, "services.hadoop.hdfs.datanode.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HDFS DataNode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hdfs", "datanode", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.datanode.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for HDFS DataNode", "loc": ["services", "hadoop", "hdfs", "datanode", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hdfs.datanode.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to HDFS DataNode", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "hdfs", "datanode", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hdfs.datanode.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HDFS DataNode.", "loc": ["services", "hadoop", "hdfs", "datanode", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.datanode.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "hdfs", "datanode", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.httpfs.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HDFS JournalNode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hdfs", "httpfs", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.httpfs.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for HDFS JournalNode", "loc": ["services", "hadoop", "hdfs", "httpfs", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hdfs.httpfs.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to HDFS JournalNode", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "hdfs", "httpfs", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hdfs.httpfs.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HDFS JournalNode.", "loc": ["services", "hadoop", "hdfs", "httpfs", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.httpfs.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "hdfs", "httpfs", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.httpfs.tempPath": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "\"/tmp/hadoop/httpfs\""}, "description": "HTTPFS_TEMP path used by HTTPFS", "loc": ["services", "hadoop", "hdfs", "httpfs", "tempPath"], "readOnly": false, "type": "absolute path"}, "services.hadoop.hdfs.journalnode.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HDFS JournalNode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hdfs", "journalnode", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.journalnode.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for HDFS JournalNode", "loc": ["services", "hadoop", "hdfs", "journalnode", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hdfs.journalnode.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to HDFS JournalNode", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "hdfs", "journalnode", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hdfs.journalnode.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HDFS JournalNode.", "loc": ["services", "hadoop", "hdfs", "journalnode", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.journalnode.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "hdfs", "journalnode", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.namenode.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HDFS NameNode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hdfs", "namenode", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.namenode.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for HDFS NameNode", "loc": ["services", "hadoop", "hdfs", "namenode", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hdfs.namenode.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to HDFS NameNode", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "hdfs", "namenode", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hdfs.namenode.formatOnInit": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Format HDFS namenode on first start. This is useful for quickly spinning up\nephemeral HDFS clusters with a single namenode.\nFor HA clusters, initialization involves multiple steps across multiple nodes.\nFollow this guide to initialize an HA cluster manually:\n<https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithQJM.html>\n", "loc": ["services", "hadoop", "hdfs", "namenode", "formatOnInit"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.namenode.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for HDFS NameNode.", "loc": ["services", "hadoop", "hdfs", "namenode", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.namenode.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "hdfs", "namenode", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.zkfc.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HDFS ZooKeeper failover controller.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "hdfs", "zkfc", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfs.zkfc.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for HDFS ZooKeeper failover controller", "loc": ["services", "hadoop", "hdfs", "zkfc", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.hdfs.zkfc.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to HDFS ZooKeeper failover controller", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "hdfs", "zkfc", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.hdfs.zkfc.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/hdfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "hdfs", "zkfc", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.hdfsSite": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional options and overrides for hdfs-site.xml\n<https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml>\n", "example": {"_type": "literalExpression", "text": "{\n  \"dfs.nameservices\" = \"namenode1\";\n}\n"}, "loc": ["services", "hadoop", "hdfsSite"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.hdfsSiteDefault": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"dfs.namenode.http-address\" = \"0.0.0.0:9870\";\n  \"dfs.namenode.http-bind-host\" = \"0.0.0.0\";\n  \"dfs.namenode.rpc-bind-host\" = \"0.0.0.0\";\n  \"dfs.namenode.servicerpc-bind-host\" = \"0.0.0.0\";\n}"}, "description": "Default options for hdfs-site.xml\n", "loc": ["services", "hadoop", "hdfsSiteDefault"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.httpfsSite": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hadoop httpfs-site.xml definition\n<https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html>\n", "example": {"_type": "literalExpression", "text": "{\n  \"hadoop.http.max.threads\" = 500;\n}\n"}, "loc": ["services", "hadoop", "httpfsSite"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.log4jProperties": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.hadoop.package}/etc/hadoop/log4j.properties\"\n"}, "description": "log4j.properties file added to HADOOP_CONF_DIR", "example": {"_type": "literalExpression", "text": "\"${pkgs.hadoop}/etc/hadoop/log4j.properties\";\n"}, "loc": ["services", "hadoop", "log4jProperties"], "readOnly": false, "type": "absolute path"}, "services.hadoop.mapredSite": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional options and overrides for mapred-site.xml\n<https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml>\n", "example": {"_type": "literalExpression", "text": "{\n  \"mapreduce.map.java.opts\" = \"-Xmx900m -XX:+UseParallelGC\";\n}\n"}, "loc": ["services", "hadoop", "mapredSite"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.mapredSiteDefault": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"mapreduce.framework.name\" = \"yarn\";\n  \"yarn.app.mapreduce.am.env\" = \"HADOOP_MAPRED_HOME=${config.services.hadoop.package}\";\n  \"mapreduce.map.env\" = \"HADOOP_MAPRED_HOME=${config.services.hadoop.package}\";\n  \"mapreduce.reduce.env\" = \"HADOOP_MAPRED_HOME=${config.services.hadoop.package}\";\n}\n"}, "description": "Default options for mapred-site.xml\n", "loc": ["services", "hadoop", "mapredSiteDefault"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.package": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hadoop"}, "description": "The hadoop package to use.", "loc": ["services", "hadoop", "package"], "readOnly": false, "type": "package"}, "services.hadoop.yarn.nodemanager.addBinBash": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Add /bin/bash. This is needed by the linux container executor's launch script.\n", "loc": ["services", "hadoop", "yarn", "nodemanager", "addBinBash"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.nodemanager.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hadoop YARN NodeManager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "yarn", "nodemanager", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.nodemanager.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables", "loc": ["services", "hadoop", "yarn", "nodemanager", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.yarn.nodemanager.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to the service", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "yarn", "nodemanager", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.yarn.nodemanager.localDir": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of directories to store localized files in.", "example": {"_type": "literalExpression", "text": "[\n  \"/var/lib/hadoop/yarn/nm\"\n]"}, "loc": ["services", "hadoop", "yarn", "nodemanager", "localDir"], "readOnly": false, "type": "null or (list of absolute path)"}, "services.hadoop.yarn.nodemanager.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for nodemanager.\nBecause containers can listen on any ephemeral port, TCP ports 1024\u201365535 will be opened.\n", "loc": ["services", "hadoop", "yarn", "nodemanager", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.nodemanager.resource.cpuVCores": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of vcores that can be allocated for containers.", "loc": ["services", "hadoop", "yarn", "nodemanager", "resource", "cpuVCores"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.hadoop.yarn.nodemanager.resource.maximumAllocationMB": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum physical memory any container can be allocated.", "loc": ["services", "hadoop", "yarn", "nodemanager", "resource", "maximumAllocationMB"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.hadoop.yarn.nodemanager.resource.maximumAllocationVCores": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum virtual CPU cores any container can be allocated.", "loc": ["services", "hadoop", "yarn", "nodemanager", "resource", "maximumAllocationVCores"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.hadoop.yarn.nodemanager.resource.memoryMB": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Amount of physical memory, in MB, that can be allocated for containers.", "loc": ["services", "hadoop", "yarn", "nodemanager", "resource", "memoryMB"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.hadoop.yarn.nodemanager.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "yarn", "nodemanager", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.nodemanager.useCGroups": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use cgroups to enforce resource limits on containers\n", "loc": ["services", "hadoop", "yarn", "nodemanager", "useCGroups"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.resourcemanager.enable": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hadoop YARN ResourceManager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hadoop", "yarn", "resourcemanager", "enable"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.resourcemanager.extraEnv": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables", "loc": ["services", "hadoop", "yarn", "resourcemanager", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hadoop.yarn.resourcemanager.extraFlags": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line flags to pass to the service", "example": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.port=8010\"\n]"}, "loc": ["services", "hadoop", "yarn", "resourcemanager", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.hadoop.yarn.resourcemanager.openFirewall": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open firewall ports for resourcemanager\n", "loc": ["services", "hadoop", "yarn", "resourcemanager", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarn.resourcemanager.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/hadoop/yarn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "hadoop", "yarn", "resourcemanager", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.hadoop.yarnSite": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional options and overrides for yarn-site.xml\n<https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml>\n", "example": {"_type": "literalExpression", "text": "{\n  \"yarn.resourcemanager.hostname\" = \"${config.networking.hostName}\";\n}\n"}, "loc": ["services", "hadoop", "yarnSite"], "readOnly": false, "type": "attribute set of anything"}, "services.hadoop.yarnSiteDefault": {"declarations": ["nixos/modules/services/cluster/hadoop/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"yarn.nodemanager.admin-env\" = \"PATH=$PATH\";\n  \"yarn.nodemanager.aux-services\" = \"mapreduce_shuffle\";\n  \"yarn.nodemanager.aux-services.mapreduce_shuffle.class\" = \"org.apache.hadoop.mapred.ShuffleHandler\";\n  \"yarn.nodemanager.bind-host\" = \"0.0.0.0\";\n  \"yarn.nodemanager.container-executor.class\" = \"org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor\";\n  \"yarn.nodemanager.env-whitelist\" = \"JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ\";\n  \"yarn.nodemanager.linux-container-executor.group\" = \"hadoop\";\n  \"yarn.nodemanager.linux-container-executor.path\" = \"/run/wrappers/yarn-nodemanager/bin/container-executor\";\n  \"yarn.nodemanager.log-dirs\" = \"/var/log/hadoop/yarn/nodemanager\";\n  \"yarn.resourcemanager.bind-host\" = \"0.0.0.0\";\n  \"yarn.resourcemanager.scheduler.class\" = \"org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler\";\n}"}, "description": "Default options for yarn-site.xml\n", "loc": ["services", "hadoop", "yarnSiteDefault"], "readOnly": false, "type": "attribute set of anything"}, "services.handheld-daemon.adjustor.enable": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Handheld Daemon TDP control plugin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "handheld-daemon", "adjustor", "enable"], "readOnly": false, "type": "boolean"}, "services.handheld-daemon.adjustor.loadAcpiCallModule": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "description": "Whether to load the acpi_call kernel module.\nRequired for TDP control by adjustor on most devices.\n", "loc": ["services", "handheld-daemon", "adjustor", "loadAcpiCallModule"], "readOnly": false, "type": "boolean"}, "services.handheld-daemon.enable": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Handheld Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "handheld-daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.handheld-daemon.package": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.handheld-daemon"}, "description": "The handheld-daemon package to use.", "loc": ["services", "handheld-daemon", "package"], "readOnly": false, "type": "package"}, "services.handheld-daemon.ui.enable": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Handheld Daemon UI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "handheld-daemon", "ui", "enable"], "readOnly": false, "type": "boolean"}, "services.handheld-daemon.ui.package": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.handheld-daemon-ui"}, "description": "The handheld-daemon-ui package to use.", "loc": ["services", "handheld-daemon", "ui", "package"], "readOnly": false, "type": "package"}, "services.handheld-daemon.user": {"declarations": ["nixos/modules/services/hardware/handheld-daemon.nix"], "description": "The user to run Handheld Daemon with.\n", "loc": ["services", "handheld-daemon", "user"], "readOnly": false, "type": "string"}, "services.hans.clients": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute of this option defines a systemd service that\nruns hans. Many or none may be defined.\nThe name of each service is\n`hans-\u00abname\u00bb`\nwhere \u00abname\u00bb is the name of the\ncorresponding attribute name.\n", "example": {"_type": "literalExpression", "text": "{\n  foo = {\n    server = \"192.0.2.1\";\n    extraConfig = \"-v\";\n  }\n}\n"}, "loc": ["services", "hans", "clients"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.hans.clients.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional command line parameters", "example": {"_type": "literalExpression", "text": "\"-v\""}, "loc": ["services", "hans", "clients", "<name>", "extraConfig"], "readOnly": false, "type": "string"}, "services.hans.clients.<name>.passwordFile": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "File that contains password", "loc": ["services", "hans", "clients", "<name>", "passwordFile"], "readOnly": false, "type": "string"}, "services.hans.clients.<name>.server": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "IP address of server running hans", "example": {"_type": "literalExpression", "text": "\"192.0.2.1\""}, "loc": ["services", "hans", "clients", "<name>", "server"], "readOnly": false, "type": "string"}, "services.hans.server.enable": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "enable hans server", "loc": ["services", "hans", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.hans.server.extraConfig": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional command line parameters", "example": {"_type": "literalExpression", "text": "\"-v\""}, "loc": ["services", "hans", "server", "extraConfig"], "readOnly": false, "type": "string"}, "services.hans.server.ip": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The assigned ip range", "example": {"_type": "literalExpression", "text": "\"198.51.100.0\""}, "loc": ["services", "hans", "server", "ip"], "readOnly": false, "type": "string"}, "services.hans.server.passwordFile": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "File that contains password", "loc": ["services", "hans", "server", "passwordFile"], "readOnly": false, "type": "string"}, "services.hans.server.respondToSystemPings": {"declarations": ["nixos/modules/services/networking/hans.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force hans respond to ordinary pings", "loc": ["services", "hans", "server", "respondToSystemPings"], "readOnly": false, "type": "boolean"}, "services.haproxy.config": {"declarations": ["nixos/modules/services/networking/haproxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Contents of the HAProxy configuration file,\n{file}`haproxy.conf`.\n", "loc": ["services", "haproxy", "config"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.haproxy.enable": {"declarations": ["nixos/modules/services/networking/haproxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HAProxy, the reliable, high performance TCP/HTTP load balancer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "haproxy", "enable"], "readOnly": false, "type": "boolean"}, "services.haproxy.group": {"declarations": ["nixos/modules/services/networking/haproxy.nix"], "default": {"_type": "literalExpression", "text": "\"haproxy\""}, "description": "Group account under which haproxy runs.", "loc": ["services", "haproxy", "group"], "readOnly": false, "type": "string"}, "services.haproxy.package": {"declarations": ["nixos/modules/services/networking/haproxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.haproxy"}, "description": "The haproxy package to use.", "loc": ["services", "haproxy", "package"], "readOnly": false, "type": "package"}, "services.haproxy.user": {"declarations": ["nixos/modules/services/networking/haproxy.nix"], "default": {"_type": "literalExpression", "text": "\"haproxy\""}, "description": "User account under which haproxy runs.", "loc": ["services", "haproxy", "user"], "readOnly": false, "type": "string"}, "services.hardware.argonone.enable": {"declarations": ["nixos/modules/services/hardware/argonone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the driver for Argon One Raspberry Pi case fan and power button.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hardware", "argonone", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.argonone.package": {"declarations": ["nixos/modules/services/hardware/argonone.nix"], "default": {"_type": "literalExpression", "text": "pkgs.argononed"}, "description": "The argononed package to use.", "loc": ["services", "hardware", "argonone", "package"], "readOnly": false, "type": "package"}, "services.hardware.bolt.enable": {"declarations": ["nixos/modules/services/hardware/bolt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bolt, a userspace daemon to enable\nsecurity levels for Thunderbolt 3 on GNU/Linux.\n\nBolt is used by GNOME 3 to handle Thunderbolt settings.\n", "loc": ["services", "hardware", "bolt", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.bolt.package": {"declarations": ["nixos/modules/services/hardware/bolt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bolt"}, "description": "The bolt package to use.", "loc": ["services", "hardware", "bolt", "package"], "readOnly": false, "type": "package"}, "services.hardware.deepcool-digital-linux.enable": {"declarations": ["nixos/modules/services/hardware/deepcool-digital-linux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DeepCool Digital monitoring daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hardware", "deepcool-digital-linux", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.deepcool-digital-linux.extraArgs": {"declarations": ["nixos/modules/services/hardware/deepcool-digital-linux.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to be passed to the deepcool-digital-linux daemon.\n", "example": {"_type": "literalExpression", "text": "[\n  # Change the update interval\n  \"--update 750\"\n  # Enable the alarm\n  \"--alarm\"\n]\n"}, "loc": ["services", "hardware", "deepcool-digital-linux", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.hardware.deepcool-digital-linux.package": {"declarations": ["nixos/modules/services/hardware/deepcool-digital-linux.nix"], "default": {"_type": "literalExpression", "text": "pkgs.deepcool-digital-linux"}, "description": "The deepcool-digital-linux package to use.", "loc": ["services", "hardware", "deepcool-digital-linux", "package"], "readOnly": false, "type": "package"}, "services.hardware.dell-bios-fan-control.enable": {"declarations": ["nixos/modules/services/hardware/dell-bios-fan-control.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable One-shot service to disable dell bios fan control on startup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hardware", "dell-bios-fan-control", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.dell-bios-fan-control.package": {"declarations": ["nixos/modules/services/hardware/dell-bios-fan-control.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dell-bios-fan-control"}, "description": "The dell-bios-fan-control package to use.", "loc": ["services", "hardware", "dell-bios-fan-control", "package"], "readOnly": false, "type": "package"}, "services.hardware.lcd.client.enable": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the LCD panel client (LCDproc)", "loc": ["services", "hardware", "lcd", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.lcd.client.extraConfig": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration added verbatim to the client config.", "loc": ["services", "hardware", "lcd", "client", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.hardware.lcd.client.restartForever": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Try restarting the client forever.", "loc": ["services", "hardware", "lcd", "client", "restartForever"], "readOnly": false, "type": "boolean"}, "services.hardware.lcd.server.enable": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the LCD panel server (LCDd)", "loc": ["services", "hardware", "lcd", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.lcd.server.extraConfig": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration added verbatim to the server config.", "loc": ["services", "hardware", "lcd", "server", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.hardware.lcd.server.openPorts": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the ports in the firewall", "loc": ["services", "hardware", "lcd", "server", "openPorts"], "readOnly": false, "type": "boolean"}, "services.hardware.lcd.server.usbGroup": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "\"dialout\""}, "description": "The group to use for settings permissions. This group must exist or you will have to create it.", "loc": ["services", "hardware", "lcd", "server", "usbGroup"], "readOnly": false, "type": "string"}, "services.hardware.lcd.server.usbPermissions": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set group-write permissions on a USB device.\n\nA USB connected LCD panel will most likely require having its\npermissions modified for lcdd to write to it. Enabling this option\nsets group-write permissions on the device identified by\n{option}`services.hardware.lcd.usbVid` and\n{option}`services.hardware.lcd.usbPid`. In order to find the\nvalues, you can run the {command}`lsusb` command. Example\noutput:\n\n```\nBus 005 Device 002: ID 0403:c630 Future Technology Devices International, Ltd lcd2usb interface\n```\n\nIn this case the vendor id is 0403 and the product id is c630.\n", "loc": ["services", "hardware", "lcd", "server", "usbPermissions"], "readOnly": false, "type": "boolean"}, "services.hardware.lcd.server.usbPid": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The product ID of the USB device to claim.", "loc": ["services", "hardware", "lcd", "server", "usbPid"], "readOnly": false, "type": "string"}, "services.hardware.lcd.server.usbVid": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The vendor ID of the USB device to claim.", "loc": ["services", "hardware", "lcd", "server", "usbVid"], "readOnly": false, "type": "string"}, "services.hardware.lcd.serverHost": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host on which LCDd is listening.", "loc": ["services", "hardware", "lcd", "serverHost"], "readOnly": false, "type": "string"}, "services.hardware.lcd.serverPort": {"declarations": ["nixos/modules/services/hardware/lcd.nix"], "default": {"_type": "literalExpression", "text": "13666"}, "description": "Port on which LCDd is listening.", "loc": ["services", "hardware", "lcd", "serverPort"], "readOnly": false, "type": "signed integer"}, "services.hardware.openrgb.enable": {"declarations": ["nixos/modules/services/hardware/openrgb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenRGB server, for RGB lighting control.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hardware", "openrgb", "enable"], "readOnly": false, "type": "boolean"}, "services.hardware.openrgb.motherboard": {"declarations": ["nixos/modules/services/hardware/openrgb.nix"], "default": {"_type": "literalMD", "text": "if config.hardware.cpu.intel.updateMicrocode then \"intel\"\nelse if config.hardware.cpu.amd.updateMicrocode then \"amd\"\nelse null;\n"}, "description": "CPU family of motherboard. Allows for addition motherboard i2c support.", "loc": ["services", "hardware", "openrgb", "motherboard"], "readOnly": false, "type": "null or one of \"amd\", \"intel\""}, "services.hardware.openrgb.package": {"declarations": ["nixos/modules/services/hardware/openrgb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openrgb"}, "description": "The openrgb package to use.", "loc": ["services", "hardware", "openrgb", "package"], "readOnly": false, "type": "package"}, "services.hardware.openrgb.server.port": {"declarations": ["nixos/modules/services/hardware/openrgb.nix"], "default": {"_type": "literalExpression", "text": "6742"}, "description": "Set server port of openrgb.", "loc": ["services", "hardware", "openrgb", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hardware.openrgb.startupProfile": {"declarations": ["nixos/modules/services/hardware/openrgb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The profile file to load from \"/var/lib/OpenRGB\" at startup.", "loc": ["services", "hardware", "openrgb", "startupProfile"], "readOnly": false, "type": "null or string"}, "services.hardware.pommed.configFile": {"declarations": ["nixos/modules/services/hardware/pommed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the {file}`pommed.conf` file. Leave\nto null to use the default config file\n({file}`/etc/pommed.conf.mactel`). See the\nfiles {file}`/etc/pommed.conf.mactel` and\n{file}`/etc/pommed.conf.pmac` for examples to\nbuild on.\n", "loc": ["services", "hardware", "pommed", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.hardware.pommed.enable": {"declarations": ["nixos/modules/services/hardware/pommed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use the pommed tool to handle Apple laptop\nkeyboard hotkeys.\n", "loc": ["services", "hardware", "pommed", "enable"], "readOnly": false, "type": "boolean"}, "services.harmonia.enable": {"declarations": ["nixos/modules/services/networking/harmonia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Harmonia: Nix binary cache written in Rust.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "harmonia", "enable"], "readOnly": false, "type": "boolean"}, "services.harmonia.package": {"declarations": ["nixos/modules/services/networking/harmonia.nix"], "default": {"_type": "literalExpression", "text": "pkgs.harmonia"}, "description": "The harmonia package to use.", "loc": ["services", "harmonia", "package"], "readOnly": false, "type": "package"}, "services.harmonia.settings": {"declarations": ["nixos/modules/services/networking/harmonia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to merge with the default configuration.\nFor the list of the default configuration, see <https://github.com/nix-community/harmonia/tree/master#configuration>.\n", "loc": ["services", "harmonia", "settings"], "readOnly": false, "type": "TOML value"}, "services.harmonia.signKeyPath": {"declarations": ["nixos/modules/services/networking/harmonia.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DEPRECATED: Use `services.harmonia.signKeyPaths` instead. Path to the signing key to use for signing the cache", "loc": ["services", "harmonia", "signKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.harmonia.signKeyPaths": {"declarations": ["nixos/modules/services/networking/harmonia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to the signing keys to use for signing the cache", "loc": ["services", "harmonia", "signKeyPaths"], "readOnly": false, "type": "list of absolute path"}, "services.haste-server.enable": {"declarations": ["nixos/modules/services/editors/haste.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable haste-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "haste-server", "enable"], "readOnly": false, "type": "boolean"}, "services.haste-server.openFirewall": {"declarations": ["nixos/modules/services/editors/haste.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable firewall passthrough for haste-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "haste-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.haste-server.settings": {"declarations": ["nixos/modules/services/editors/haste.nix"], "description": "Configuration for haste-server.\nFor documentation see [project readme](https://github.com/toptal/haste-server#settings)\n", "loc": ["services", "haste-server", "settings"], "readOnly": false, "type": "JSON value"}, "services.hatsu.enable": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Self-hosted and fully-automated ActivityPub bridge for static sites.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hatsu", "enable"], "readOnly": false, "type": "boolean"}, "services.hatsu.package": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hatsu"}, "description": "The hatsu package to use.", "loc": ["services", "hatsu", "package"], "readOnly": false, "type": "package"}, "services.hatsu.settings": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Hatsu, see\n<link xlink:href=\"https://hatsu.cli.rs/admins/environments.html\"/>\nfor supported values.\n", "loc": ["services", "hatsu", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or string)"}, "services.hatsu.settings.HATSU_DATABASE_URL": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:///var/lib/hatsu/hatsu.sqlite?mode=rwc\""}, "description": "Database URL.", "example": {"_type": "literalExpression", "text": "\"postgres://username:password@host/database\""}, "loc": ["services", "hatsu", "settings", "HATSU_DATABASE_URL"], "readOnly": false, "type": "string"}, "services.hatsu.settings.HATSU_DOMAIN": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "description": "The domain name of your instance (eg 'hatsu.local').", "loc": ["services", "hatsu", "settings", "HATSU_DOMAIN"], "readOnly": false, "type": "string"}, "services.hatsu.settings.HATSU_LISTEN_HOST": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host where hatsu should listen for incoming requests.", "loc": ["services", "hatsu", "settings", "HATSU_LISTEN_HOST"], "readOnly": false, "type": "string"}, "services.hatsu.settings.HATSU_LISTEN_PORT": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "default": {"_type": "literalExpression", "text": "3939"}, "description": "Port where hatsu should listen for incoming requests.", "loc": ["services", "hatsu", "settings", "HATSU_LISTEN_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hatsu.settings.HATSU_PRIMARY_ACCOUNT": {"declarations": ["nixos/modules/services/web-apps/hatsu.nix"], "description": "The primary account of your instance (eg 'example.com').", "loc": ["services", "hatsu", "settings", "HATSU_PRIMARY_ACCOUNT"], "readOnly": false, "type": "string"}, "services.haveged.enable": {"declarations": ["nixos/modules/services/security/haveged.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable haveged entropy daemon, which refills /dev/random when low.\nNOTE: does nothing on kernels newer than 5.6\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "haveged", "enable"], "readOnly": false, "type": "boolean"}, "services.haveged.refill_threshold": {"declarations": ["nixos/modules/services/security/haveged.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "The number of bits of available entropy beneath which\nhaveged should refill the entropy pool.\n", "loc": ["services", "haveged", "refill_threshold"], "readOnly": false, "type": "signed integer"}, "services.haven.blastrRelays": {"declarations": ["nixos/modules/services/web-apps/haven.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of relay configurations for blastr", "example": {"_type": "literalExpression", "text": "[\n  \"relay.example.com\"\n]\n"}, "loc": ["services", "haven", "blastrRelays"], "readOnly": false, "type": "list of string"}, "services.haven.enable": {"declarations": ["nixos/modules/services/web-apps/haven.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable haven.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "haven", "enable"], "readOnly": false, "type": "boolean"}, "services.haven.environmentFile": {"declarations": ["nixos/modules/services/web-apps/haven.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing sensitive environment variables. See <https://github.com/bitvora/haven> for documentation.\nThe file should contain environment-variable assignments like:\nS3_SECRET_KEY=mysecretkey\nS3_ACCESS_KEY_ID=myaccesskey\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/haven/secrets.env\""}, "loc": ["services", "haven", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.haven.importRelays": {"declarations": ["nixos/modules/services/web-apps/haven.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of relay configurations for importing historical events", "example": {"_type": "literalExpression", "text": "[\n  \"relay.example.com\"\n]\n"}, "loc": ["services", "haven", "importRelays"], "readOnly": false, "type": "list of string"}, "services.haven.package": {"declarations": ["nixos/modules/services/web-apps/haven.nix"], "default": {"_type": "literalExpression", "text": "pkgs.haven"}, "description": "The haven package to use.", "loc": ["services", "haven", "package"], "readOnly": false, "type": "package"}, "services.haven.settings": {"declarations": ["nixos/modules/services/web-apps/haven.nix"], "default": {"_type": "literalExpression", "text": "\"See <https://github.com/bitvora/haven/blob/master/.env.example>\""}, "description": "See <https://github.com/bitvora/haven> for documentation.", "example": {"_type": "literalExpression", "text": "{\n  RELAY_URL = \"relay.example.com\";\n  OWNER_NPUB = \"npub1...\";\n}\n"}, "loc": ["services", "haven", "settings"], "readOnly": false, "type": "unspecified value"}, "services.hbase-standalone.dataDir": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hbase\""}, "description": "Specifies location of HBase database files. This location should be\nwritable and readable for the user the HBase service runs as\n(hbase by default).\n", "loc": ["services", "hbase-standalone", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.hbase-standalone.enable": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HBase master in standalone mode with embedded regionserver and zookeper.\nDo not use this configuration for production nor for evaluating HBase performance\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hbase-standalone", "enable"], "readOnly": false, "type": "boolean"}, "services.hbase-standalone.group": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "\"hbase\""}, "description": "Group account under which HBase runs.\n", "loc": ["services", "hbase-standalone", "group"], "readOnly": false, "type": "string"}, "services.hbase-standalone.logDir": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/hbase\""}, "description": "Specifies the location of HBase log files.\n", "loc": ["services", "hbase-standalone", "logDir"], "readOnly": false, "type": "absolute path"}, "services.hbase-standalone.package": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hbase"}, "description": "The hbase package to use.", "loc": ["services", "hbase-standalone", "package"], "readOnly": false, "type": "package"}, "services.hbase-standalone.settings": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"hbase.rootdir\" = \"file://${config.services.hbase-standalone.dataDir}/hbase\";\n  \"hbase.zookeeper.property.dataDir\" = \"${config.services.hbase-standalone.dataDir}/zookeeper\";\n}\n"}, "description": "configurations in hbase-site.xml, see <https://github.com/apache/hbase/blob/master/hbase-server/src/test/resources/hbase-site.xml> for details.\n", "loc": ["services", "hbase-standalone", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.hbase-standalone.user": {"declarations": ["nixos/modules/services/databases/hbase-standalone.nix"], "default": {"_type": "literalExpression", "text": "\"hbase\""}, "description": "User account under which HBase runs.\n", "loc": ["services", "hbase-standalone", "user"], "readOnly": false, "type": "string"}, "services.hdapsd.enable": {"declarations": ["nixos/modules/services/monitoring/hdaps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hard Drive Active Protection System Daemon,\ndevices are detected and managed automatically by udev and systemd\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hdapsd", "enable"], "readOnly": false, "type": "boolean"}, "services.hddfancontrol.enable": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hddfancontrol daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hddfancontrol", "enable"], "readOnly": false, "type": "boolean"}, "services.hddfancontrol.package": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hddfancontrol"}, "description": "The hddfancontrol package to use.", "loc": ["services", "hddfancontrol", "package"], "readOnly": false, "type": "package"}, "services.hddfancontrol.settings": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameter-sets for each instance of hddfancontrol.\n", "example": {"_type": "literalExpression", "text": "{\n  harddrives = {\n    disks = [\n      \"/dev/sda\"\n      \"/dev/sdb\"\n      \"/dev/sdc\"\n    ];\n    pwmPaths = [\n      \"/sys/class/hwmon/hwmon1/pwm1:25:10\"\n    ];\n    logVerbosity = \"DEBUG\";\n  };\n  ssddrives = {\n    disks = [\n      \"/dev/sdd\"\n      \"/dev/sde\"\n      \"/dev/sdf\"\n    ];\n    pwmPaths = [\n      \"/sys/class/hwmon/hwmon1/pwm2:25:10\"\n    ];\n    extraArgs = [\n      \"--interval=30s\"\n    ];\n  };\n}\n"}, "loc": ["services", "hddfancontrol", "settings"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.hddfancontrol.settings.<drive-bay-name>.disks": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Drive(s) to get temperature from\n\nCan also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/sda\"\n  \"`find /dev/disk/by-id -name \\\"scsi*\\\" -and -not -name \\\"*-part*\\\" -printf \\\"%p \\\"`\"\n]"}, "loc": ["services", "hddfancontrol", "settings", "<drive-bay-name>", "disks"], "readOnly": false, "type": "list of string"}, "services.hddfancontrol.settings.<drive-bay-name>.extraArgs": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline arguments for hddfancontrol\n", "example": {"_type": "literalExpression", "text": "[\n  \"--min-fan-speed-prct=10\"\n  \"--interval=1min\"\n]"}, "loc": ["services", "hddfancontrol", "settings", "<drive-bay-name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.hddfancontrol.settings.<drive-bay-name>.logVerbosity": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Verbosity of the log level\n", "loc": ["services", "hddfancontrol", "settings", "<drive-bay-name>", "logVerbosity"], "readOnly": false, "type": "one of \"TRACE\", \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\""}, "services.hddfancontrol.settings.<drive-bay-name>.pwmPaths": {"declarations": ["nixos/modules/services/hardware/hddfancontrol.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "PWM filepath(s) to control fan speed (under /sys), followed by initial and fan-stop PWM values\nCan also use command substitution to ensure the correct hwmonX is selected on every boot\n", "example": {"_type": "literalExpression", "text": "[\n  \"/sys/class/hwmon/hwmon2/pwm1:30:10\"\n  \"`echo /sys/devices/platform/nct6775.656/hwmon/hwmon[[:print:]]`/pwm4:80:20\"\n]"}, "loc": ["services", "hddfancontrol", "settings", "<drive-bay-name>", "pwmPaths"], "readOnly": false, "type": "list of string"}, "services.headphones.configFile": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.headphones.dataDir}/config.ini\""}, "description": "Path to config file.", "loc": ["services", "headphones", "configFile"], "readOnly": false, "type": "absolute path"}, "services.headphones.dataDir": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/headphones\""}, "description": "Path where to store data files.", "loc": ["services", "headphones", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.headphones.enable": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the headphones server.", "loc": ["services", "headphones", "enable"], "readOnly": false, "type": "boolean"}, "services.headphones.group": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "\"headphones\""}, "description": "Group to run the service as", "loc": ["services", "headphones", "group"], "readOnly": false, "type": "string"}, "services.headphones.host": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host to listen on.", "loc": ["services", "headphones", "host"], "readOnly": false, "type": "string"}, "services.headphones.port": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "8181"}, "description": "Port to bind to.", "loc": ["services", "headphones", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.headphones.user": {"declarations": ["nixos/modules/services/misc/headphones.nix"], "default": {"_type": "literalExpression", "text": "\"headphones\""}, "description": "User to run the service as", "loc": ["services", "headphones", "user"], "readOnly": false, "type": "string"}, "services.headscale.address": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listening address of headscale.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "headscale", "address"], "readOnly": false, "type": "string"}, "services.headscale.configFile": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "(pkgs.formats.yaml { }).generate \"headscale.yaml\" config.services.headscale.settings"}, "description": "Path to the configuration file of headscale.\n", "loc": ["services", "headscale", "configFile"], "readOnly": true, "type": "absolute path"}, "services.headscale.enable": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable headscale, Open Source coordination server for Tailscale.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "headscale", "enable"], "readOnly": false, "type": "boolean"}, "services.headscale.group": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"headscale\""}, "description": "Group under which headscale runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the headscale service starts.\n:::\n", "loc": ["services", "headscale", "group"], "readOnly": false, "type": "string"}, "services.headscale.package": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "pkgs.headscale"}, "description": "The headscale package to use.", "loc": ["services", "headscale", "package"], "readOnly": false, "type": "package"}, "services.headscale.port": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Listening port of headscale.\n", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "headscale", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.headscale.settings": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "description": "Overrides to {file}`config.yaml` as a Nix attribute set.\nCheck the [example config](https://github.com/juanfont/headscale/blob/main/config-example.yaml)\nfor possible options.\n", "loc": ["services", "headscale", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.headscale.settings.database.postgres.host": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database host address.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "headscale", "settings", "database", "postgres", "host"], "readOnly": false, "type": "null or string"}, "services.headscale.settings.database.postgres.name": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database name.", "example": {"_type": "literalExpression", "text": "\"headscale\""}, "loc": ["services", "headscale", "settings", "database", "postgres", "name"], "readOnly": false, "type": "null or string"}, "services.headscale.settings.database.postgres.password_file": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/headscale-dbpassword\""}, "loc": ["services", "headscale", "settings", "database", "postgres", "password_file"], "readOnly": false, "type": "null or absolute path"}, "services.headscale.settings.database.postgres.port": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database host port.", "example": {"_type": "literalExpression", "text": "3306"}, "loc": ["services", "headscale", "settings", "database", "postgres", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.headscale.settings.database.postgres.user": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database user.", "example": {"_type": "literalExpression", "text": "\"headscale\""}, "loc": ["services", "headscale", "settings", "database", "postgres", "user"], "readOnly": false, "type": "null or string"}, "services.headscale.settings.database.sqlite.path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/headscale/db.sqlite\""}, "description": "Path to the sqlite3 database file.", "loc": ["services", "headscale", "settings", "database", "sqlite", "path"], "readOnly": false, "type": "null or string"}, "services.headscale.settings.database.sqlite.write_ahead_log": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable WAL mode for SQLite. This is recommended for production environments.\n<https://www.sqlite.org/wal.html>\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "headscale", "settings", "database", "sqlite", "write_ahead_log"], "readOnly": false, "type": "boolean"}, "services.headscale.settings.database.type": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.\nPlease note that using Postgres is highly discouraged as it is only supported for legacy reasons.\nAll new development, testing and optimisations are done with SQLite in mind.\n", "example": {"_type": "literalExpression", "text": "\"postgres\""}, "loc": ["services", "headscale", "settings", "database", "type"], "readOnly": false, "type": "one of \"sqlite\", \"sqlite3\", \"postgres\""}, "services.headscale.settings.derp.auto_update_enabled": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically update DERP maps on a set frequency.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "headscale", "settings", "derp", "auto_update_enabled"], "readOnly": false, "type": "boolean"}, "services.headscale.settings.derp.paths": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of file paths containing DERP maps.\nSee [How Tailscale works](https://tailscale.com/blog/how-tailscale-works/) for more information on DERP maps.\n", "loc": ["services", "headscale", "settings", "derp", "paths"], "readOnly": false, "type": "list of absolute path"}, "services.headscale.settings.derp.server.private_key_path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/headscale/derp_server_private.key\""}, "description": "Path to derp private key file, generated automatically if it does not exist.\n", "loc": ["services", "headscale", "settings", "derp", "server", "private_key_path"], "readOnly": false, "type": "absolute path"}, "services.headscale.settings.derp.update_frequency": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"24h\""}, "description": "Frequency to update DERP maps.\n", "example": {"_type": "literalExpression", "text": "\"5m\""}, "loc": ["services", "headscale", "settings", "derp", "update_frequency"], "readOnly": false, "type": "string"}, "services.headscale.settings.derp.urls": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"https://controlplane.tailscale.com/derpmap/default\"\n]"}, "description": "List of urls containing DERP maps.\nSee [How Tailscale works](https://tailscale.com/blog/how-tailscale-works/) for more information on DERP maps.\n", "loc": ["services", "headscale", "settings", "derp", "urls"], "readOnly": false, "type": "list of string"}, "services.headscale.settings.dns.base_domain": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines the base domain to create the hostnames for MagicDNS.\nThis domain must be different from the {option}`server_url`\ndomain.\n{option}`base_domain` must be a FQDN, without the trailing dot.\nThe FQDN of the hosts will be `hostname.base_domain` (e.g.\n`myhost.tailnet.example.com`).\n", "example": {"_type": "literalExpression", "text": "\"tailnet.example.com\""}, "loc": ["services", "headscale", "settings", "dns", "base_domain"], "readOnly": false, "type": "string"}, "services.headscale.settings.dns.extra_records": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra DNS records to expose to clients.\n", "example": {"_type": "literalExpression", "text": "''\n  [ {\n    name = \"grafana.tailnet.example.com\";\n    type = \"A\";\n    example = \"100.64.0.3\";\n  } ]\n''"}, "loc": ["services", "headscale", "settings", "dns", "extra_records"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.headscale.settings.dns.extra_records.*.name": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "description": "DNS record name.", "example": {"_type": "literalExpression", "text": "\"grafana.tailnet.example.com\""}, "loc": ["services", "headscale", "settings", "dns", "extra_records", "*", "name"], "readOnly": false, "type": "string"}, "services.headscale.settings.dns.extra_records.*.type": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "description": "DNS record type.", "example": {"_type": "literalExpression", "text": "\"A\""}, "loc": ["services", "headscale", "settings", "dns", "extra_records", "*", "type"], "readOnly": false, "type": "one of \"A\", \"AAAA\""}, "services.headscale.settings.dns.extra_records.*.value": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "description": "DNS record value (IP address).", "example": {"_type": "literalExpression", "text": "\"100.64.0.3\""}, "loc": ["services", "headscale", "settings", "dns", "extra_records", "*", "value"], "readOnly": false, "type": "string"}, "services.headscale.settings.dns.magic_dns": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "headscale", "settings", "dns", "magic_dns"], "readOnly": false, "type": "boolean"}, "services.headscale.settings.dns.nameservers.global": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of nameservers to pass to Tailscale clients.\n", "loc": ["services", "headscale", "settings", "dns", "nameservers", "global"], "readOnly": false, "type": "list of string"}, "services.headscale.settings.dns.override_local_dns": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to [override clients' DNS servers](https://tailscale.com/kb/1054/dns#override-dns-servers).\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "headscale", "settings", "dns", "override_local_dns"], "readOnly": false, "type": "boolean"}, "services.headscale.settings.dns.search_domains": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Search domains to inject to Tailscale clients.\n", "example": {"_type": "literalExpression", "text": "[\n  \"mydomain.internal\"\n]"}, "loc": ["services", "headscale", "settings", "dns", "search_domains"], "readOnly": false, "type": "list of string"}, "services.headscale.settings.dns.split": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Split DNS configuration (map of domains and which DNS server to use for each).\nSee <https://tailscale.com/kb/1054/dns/>.\n", "example": {"_type": "literalExpression", "text": "{\n  \"foo.bar.com\" = [\n    \"1.1.1.1\"\n  ];\n}"}, "loc": ["services", "headscale", "settings", "dns", "split"], "readOnly": false, "type": "attribute set of list of string"}, "services.headscale.settings.ephemeral_node_inactivity_timeout": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"30m\""}, "description": "Time before an inactive ephemeral node is deleted.\n", "example": {"_type": "literalExpression", "text": "\"5m\""}, "loc": ["services", "headscale", "settings", "ephemeral_node_inactivity_timeout"], "readOnly": false, "type": "string"}, "services.headscale.settings.log.format": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"text\""}, "description": "headscale log format.\n", "example": {"_type": "literalExpression", "text": "\"json\""}, "loc": ["services", "headscale", "settings", "log", "format"], "readOnly": false, "type": "string"}, "services.headscale.settings.log.level": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "headscale log level.\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "headscale", "settings", "log", "level"], "readOnly": false, "type": "string"}, "services.headscale.settings.noise.private_key_path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/headscale/noise_private.key\""}, "description": "Path to noise private key file, generated automatically if it does not exist.\n", "loc": ["services", "headscale", "settings", "noise", "private_key_path"], "readOnly": false, "type": "absolute path"}, "services.headscale.settings.oidc.allowed_domains": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allowed principal domains. if an authenticated user's domain\nis not in this list authentication request will be rejected.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example.com\"\n]"}, "loc": ["services", "headscale", "settings", "oidc", "allowed_domains"], "readOnly": false, "type": "list of string"}, "services.headscale.settings.oidc.allowed_users": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Users allowed to authenticate even if not in allowedDomains.\n", "example": {"_type": "literalExpression", "text": "[\n  \"alice@example.com\"\n]"}, "loc": ["services", "headscale", "settings", "oidc", "allowed_users"], "readOnly": false, "type": "list of string"}, "services.headscale.settings.oidc.client_id": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "OpenID Connect client ID.\n", "loc": ["services", "headscale", "settings", "oidc", "client_id"], "readOnly": false, "type": "string"}, "services.headscale.settings.oidc.client_secret_path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to OpenID Connect client secret file. Expands environment variables in format ${VAR}.\n", "loc": ["services", "headscale", "settings", "oidc", "client_secret_path"], "readOnly": false, "type": "null or string"}, "services.headscale.settings.oidc.extra_params": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Custom query parameters to send with the Authorize Endpoint request.\n", "example": {"_type": "literalExpression", "text": "{\n  domain_hint = \"example.com\";\n}"}, "loc": ["services", "headscale", "settings", "oidc", "extra_params"], "readOnly": false, "type": "attribute set of string"}, "services.headscale.settings.oidc.issuer": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL to OpenID issuer.\n", "example": {"_type": "literalExpression", "text": "\"https://openid.example.com\""}, "loc": ["services", "headscale", "settings", "oidc", "issuer"], "readOnly": false, "type": "string"}, "services.headscale.settings.oidc.pkce.enabled": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable or disable PKCE (Proof Key for Code Exchange) support.\nPKCE adds an additional layer of security to the OAuth 2.0\nauthorization code flow by preventing authorization code\ninterception attacks\nSee https://datatracker.ietf.org/doc/html/rfc7636\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "headscale", "settings", "oidc", "pkce", "enabled"], "readOnly": false, "type": "boolean"}, "services.headscale.settings.oidc.pkce.method": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"S256\""}, "description": "PKCE method to use:\n  - plain: Use plain code verifier\n  - S256: Use SHA256 hashed code verifier (default, recommended)\n", "loc": ["services", "headscale", "settings", "oidc", "pkce", "method"], "readOnly": false, "type": "string"}, "services.headscale.settings.oidc.scope": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"openid\"\n  \"profile\"\n  \"email\"\n]"}, "description": "Scopes used in the OIDC flow.\n", "loc": ["services", "headscale", "settings", "oidc", "scope"], "readOnly": false, "type": "list of string"}, "services.headscale.settings.policy.mode": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"file\""}, "description": "The mode can be \"file\" or \"database\" that defines\nwhere the ACL policies are stored and read from.\n", "loc": ["services", "headscale", "settings", "policy", "mode"], "readOnly": false, "type": "one of \"file\", \"database\""}, "services.headscale.settings.policy.path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If the mode is set to \"file\", the path to a\nHuJSON file containing ACL policies.\n", "loc": ["services", "headscale", "settings", "policy", "path"], "readOnly": false, "type": "null or absolute path"}, "services.headscale.settings.prefixes.allocation": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"sequential\""}, "description": "Strategy used for allocation of IPs to nodes, available options:\n- sequential (default): assigns the next free IP from the previous given IP.\n- random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).\n", "example": {"_type": "literalExpression", "text": "\"random\""}, "loc": ["services", "headscale", "settings", "prefixes", "allocation"], "readOnly": false, "type": "one of \"sequential\", \"random\""}, "services.headscale.settings.prefixes.v4": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"100.64.0.0/10\""}, "description": "Each prefix consists of either an IPv4 or IPv6 address,\nand the associated prefix length, delimited by a slash.\nIt must be within IP ranges supported by the Tailscale\nclient - i.e., subnets of 100.64.0.0/10 and fd7a:115c:a1e0::/48.\n", "loc": ["services", "headscale", "settings", "prefixes", "v4"], "readOnly": false, "type": "string"}, "services.headscale.settings.prefixes.v6": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"fd7a:115c:a1e0::/48\""}, "description": "Each prefix consists of either an IPv4 or IPv6 address,\nand the associated prefix length, delimited by a slash.\nIt must be within IP ranges supported by the Tailscale\nclient - i.e., subnets of 100.64.0.0/10 and fd7a:115c:a1e0::/48.\n", "loc": ["services", "headscale", "settings", "prefixes", "v6"], "readOnly": false, "type": "string"}, "services.headscale.settings.server_url": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8080\""}, "description": "The url clients will connect to.\n", "example": {"_type": "literalExpression", "text": "\"https://myheadscale.example.com:443\""}, "loc": ["services", "headscale", "settings", "server_url"], "readOnly": false, "type": "string"}, "services.headscale.settings.tls_cert_path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to already created certificate.\n", "loc": ["services", "headscale", "settings", "tls_cert_path"], "readOnly": false, "type": "null or absolute path"}, "services.headscale.settings.tls_key_path": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to key for already created certificate.\n", "loc": ["services", "headscale", "settings", "tls_key_path"], "readOnly": false, "type": "null or absolute path"}, "services.headscale.settings.tls_letsencrypt_challenge_type": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"HTTP-01\""}, "description": "Type of ACME challenge to use, currently supported types:\n`HTTP-01` or `TLS-ALPN-01`.\n", "loc": ["services", "headscale", "settings", "tls_letsencrypt_challenge_type"], "readOnly": false, "type": "one of \"TLS-ALPN-01\", \"HTTP-01\""}, "services.headscale.settings.tls_letsencrypt_hostname": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Domain name to request a TLS certificate for.\n", "loc": ["services", "headscale", "settings", "tls_letsencrypt_hostname"], "readOnly": false, "type": "null or string"}, "services.headscale.settings.tls_letsencrypt_listen": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\":http\""}, "description": "When HTTP-01 challenge is chosen, letsencrypt must set up a\nverification endpoint, and it will be listening on:\n`:http = port 80`.\n", "loc": ["services", "headscale", "settings", "tls_letsencrypt_listen"], "readOnly": false, "type": "null or string"}, "services.headscale.user": {"declarations": ["nixos/modules/services/networking/headscale.nix"], "default": {"_type": "literalExpression", "text": "\"headscale\""}, "description": "User account under which headscale runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the headscale service starts.\n:::\n", "loc": ["services", "headscale", "user"], "readOnly": false, "type": "string"}, "services.healthchecks.dataDir": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/healthchecks\""}, "description": "The directory used to store all data for healthchecks.\n\n::: {.note}\nIf left as the default value this directory will automatically be created before\nthe healthchecks server starts, otherwise you are responsible for ensuring the\ndirectory exists with appropriate ownership and permissions.\n:::\n", "loc": ["services", "healthchecks", "dataDir"], "readOnly": false, "type": "string"}, "services.healthchecks.enable": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable healthchecks.\nIt is expected to be run behind a HTTP reverse proxy.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "healthchecks", "enable"], "readOnly": false, "type": "boolean"}, "services.healthchecks.group": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "\"healthchecks\""}, "description": "Group account under which healthchecks runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the group exists before the healthchecks service starts.\n:::\n", "loc": ["services", "healthchecks", "group"], "readOnly": false, "type": "string"}, "services.healthchecks.listenAddress": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address the server will listen on.", "loc": ["services", "healthchecks", "listenAddress"], "readOnly": false, "type": "string"}, "services.healthchecks.package": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "pkgs.healthchecks"}, "description": "The healthchecks package to use.", "loc": ["services", "healthchecks", "package"], "readOnly": false, "type": "package"}, "services.healthchecks.port": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port the server will listen on.", "loc": ["services", "healthchecks", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.healthchecks.settings": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "description": "Environment variables which are read by healthchecks `(local)_settings.py`.\n\nSettings which are explicitly covered in options below, are type-checked and/or transformed\nbefore added to the environment, everything else is passed as a string.\n\nSee <https://healthchecks.io/docs/self_hosted_configuration/>\nfor a full documentation of settings.\n\nWe add additional variables to this list inside the packages `local_settings.py.`\n- `STATIC_ROOT` to set a state directory for dynamically generated static files.\n- `SECRET_KEY_FILE` to read `SECRET_KEY` from a file at runtime and keep it out of\n  /nix/store.\n- `_FILE` variants for several values that hold sensitive information in\n  [Healthchecks configuration](https://healthchecks.io/docs/self_hosted_configuration/) so\n  that they also can be read from a file and kept out of /nix/store. To see which values\n  have support for a `_FILE` variant, run:\n  - `nix-instantiate --eval --expr '(import <nixpkgs> {}).healthchecks.secrets'`\n  - or `nix eval 'nixpkgs#healthchecks.secrets'` if the flake support has been enabled.\n\nIf the same variable is set in both `settings` and `settingsFile` the value from `settingsFile` has priority.\n", "loc": ["services", "healthchecks", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.healthchecks.settings.ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "The host/domain names that this site can serve.", "loc": ["services", "healthchecks", "settings", "ALLOWED_HOSTS"], "readOnly": false, "type": "list of string"}, "services.healthchecks.settings.DB": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.", "loc": ["services", "healthchecks", "settings", "DB"], "readOnly": false, "type": "one of \"sqlite\", \"postgres\", \"mysql\""}, "services.healthchecks.settings.DB_NAME": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "if config.services.healthchecks.settings.DB == \"sqlite\"\nthen \"${config.services.healthchecks.dataDir}/healthchecks.sqlite\"\nelse \"hc\"\n"}, "description": "Database name.", "loc": ["services", "healthchecks", "settings", "DB_NAME"], "readOnly": false, "type": "string"}, "services.healthchecks.settings.DEBUG": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable debug mode.", "loc": ["services", "healthchecks", "settings", "DEBUG"], "readOnly": false, "type": "boolean"}, "services.healthchecks.settings.REGISTRATION_OPEN": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "A boolean that controls whether site visitors can create new accounts.\nSet it to false if you are setting up a private Healthchecks instance,\nbut it needs to be publicly accessible (so, for example, your cloud\nservices can send pings to it).\nIf you close new user registration, you can still selectively invite\nusers to your team account.\n", "loc": ["services", "healthchecks", "settings", "REGISTRATION_OPEN"], "readOnly": false, "type": "boolean"}, "services.healthchecks.settings.SECRET_KEY_FILE": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the secret key.", "loc": ["services", "healthchecks", "settings", "SECRET_KEY_FILE"], "readOnly": false, "type": "null or absolute path"}, "services.healthchecks.settingsFile": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment variables which are read by healthchecks `(local)_settings.py`.\n\nSettings which are explicitly covered in options below, are type-checked and/or transformed\nbefore added to the environment, everything else is passed as a string.\n\nSee <https://healthchecks.io/docs/self_hosted_configuration/>\nfor a full documentation of settings.\n\nWe add additional variables to this list inside the packages `local_settings.py.`\n- `STATIC_ROOT` to set a state directory for dynamically generated static files.\n- `SECRET_KEY_FILE` to read `SECRET_KEY` from a file at runtime and keep it out of\n  /nix/store.\n- `_FILE` variants for several values that hold sensitive information in\n  [Healthchecks configuration](https://healthchecks.io/docs/self_hosted_configuration/) so\n  that they also can be read from a file and kept out of /nix/store. To see which values\n  have support for a `_FILE` variant, run:\n  - `nix-instantiate --eval --expr '(import <nixpkgs> {}).healthchecks.secrets'`\n  - or `nix eval 'nixpkgs#healthchecks.secrets'` if the flake support has been enabled.\n\nIf the same variable is set in both `settings` and `settingsFile` the value from `settingsFile` has priority.\n", "loc": ["services", "healthchecks", "settingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.healthchecks.user": {"declarations": ["nixos/modules/services/web-apps/healthchecks.nix"], "default": {"_type": "literalExpression", "text": "\"healthchecks\""}, "description": "User account under which healthchecks runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the healthchecks service starts.\n:::\n", "loc": ["services", "healthchecks", "user"], "readOnly": false, "type": "string"}, "services.heapster.enable": {"declarations": ["nixos/modules/services/monitoring/heapster.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Heapster monitoring.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "heapster", "enable"], "readOnly": false, "type": "boolean"}, "services.heapster.extraOpts": {"declarations": ["nixos/modules/services/monitoring/heapster.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Heapster extra options", "loc": ["services", "heapster", "extraOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.heapster.package": {"declarations": ["nixos/modules/services/monitoring/heapster.nix"], "default": {"_type": "literalExpression", "text": "pkgs.heapster"}, "description": "The heapster package to use.", "loc": ["services", "heapster", "package"], "readOnly": false, "type": "package"}, "services.heapster.sink": {"declarations": ["nixos/modules/services/monitoring/heapster.nix"], "description": "Heapster metic sink", "example": {"_type": "literalExpression", "text": "\"influxdb:http://localhost:8086\""}, "loc": ["services", "heapster", "sink"], "readOnly": false, "type": "string"}, "services.heapster.source": {"declarations": ["nixos/modules/services/monitoring/heapster.nix"], "description": "Heapster metric source", "example": {"_type": "literalExpression", "text": "\"kubernetes:https://kubernetes.default\""}, "loc": ["services", "heapster", "source"], "readOnly": false, "type": "string"}, "services.heartbeat.enable": {"declarations": ["nixos/modules/services/logging/heartbeat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable heartbeat, uptime monitoring.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "heartbeat", "enable"], "readOnly": false, "type": "boolean"}, "services.heartbeat.extraConfig": {"declarations": ["nixos/modules/services/logging/heartbeat.nix"], "default": {"_type": "literalExpression", "text": "''\n  heartbeat.monitors:\n  - type: http\n    urls: [\"http://localhost:9200\"]\n    schedule: '@every 10s'\n''"}, "description": "Any other configuration options you want to add", "loc": ["services", "heartbeat", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.heartbeat.name": {"declarations": ["nixos/modules/services/logging/heartbeat.nix"], "default": {"_type": "literalExpression", "text": "\"heartbeat\""}, "description": "Name of the beat", "loc": ["services", "heartbeat", "name"], "readOnly": false, "type": "string"}, "services.heartbeat.package": {"declarations": ["nixos/modules/services/logging/heartbeat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.heartbeat"}, "description": "The heartbeat package to use.", "example": {"_type": "literalExpression", "text": "heartbeat7"}, "loc": ["services", "heartbeat", "package"], "readOnly": false, "type": "package"}, "services.heartbeat.stateDir": {"declarations": ["nixos/modules/services/logging/heartbeat.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/heartbeat\""}, "description": "The state directory. heartbeat's own logs and other data are stored here.", "loc": ["services", "heartbeat", "stateDir"], "readOnly": false, "type": "string"}, "services.heartbeat.tags": {"declarations": ["nixos/modules/services/logging/heartbeat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Tags to place on the shipped log messages", "loc": ["services", "heartbeat", "tags"], "readOnly": false, "type": "list of string"}, "services.hebbot.botPasswordFile": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "description": "A path to the password file for your bot.\n\nConsider using a path that does not end up in your Nix store\nas it would be world readable.\n", "loc": ["services", "hebbot", "botPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.hebbot.enable": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hebbot.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hebbot", "enable"], "readOnly": false, "type": "boolean"}, "services.hebbot.package": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hebbot"}, "description": "The hebbot package to use.", "loc": ["services", "hebbot", "package"], "readOnly": false, "type": "package"}, "services.hebbot.settings": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Hebbot, see, for examples:\n\n- <https://github.com/matrix-org/twim-config/blob/master/config.toml>\n- <https://gitlab.gnome.org/Teams/Websites/thisweek.gnome.org/-/blob/main/hebbot/config.toml>\n", "loc": ["services", "hebbot", "settings"], "readOnly": false, "type": "TOML value"}, "services.hebbot.templates.project": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "description": "A path to the Markdown file for the project template.\n", "loc": ["services", "hebbot", "templates", "project"], "readOnly": false, "type": "absolute path"}, "services.hebbot.templates.report": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "description": "A path to the Markdown file for the report template.\n", "loc": ["services", "hebbot", "templates", "report"], "readOnly": false, "type": "absolute path"}, "services.hebbot.templates.section": {"declarations": ["nixos/modules/services/matrix/hebbot.nix"], "description": "A path to the Markdown file for the section template.\n", "loc": ["services", "hebbot", "templates", "section"], "readOnly": false, "type": "absolute path"}, "services.hedgedoc.configureNginx": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure nginx as a reverse proxy.", "loc": ["services", "hedgedoc", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.hedgedoc.enable": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HedgeDoc Markdown Editor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hedgedoc", "enable"], "readOnly": false, "type": "boolean"}, "services.hedgedoc.environmentFile": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the world-readable\nNix store, by specifying placeholder variables as the option value in Nix and\nsetting these variables accordingly in the environment file.\n\n```\n  # snippet of HedgeDoc-related config\n  services.hedgedoc.settings.dbURL = \"postgres://hedgedoc:\\${DB_PASSWORD}@db-host:5432/hedgedocdb\";\n  services.hedgedoc.settings.minio.secretKey = \"$MINIO_SECRET_KEY\";\n```\n\n```\n  # content of the environment file\n  DB_PASSWORD=verysecretdbpassword\n  MINIO_SECRET_KEY=verysecretminiokey\n```\n\nNote that this file needs to be available on the host on which\n`HedgeDoc` is running.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/hedgedoc/hedgedoc.env\""}, "loc": ["services", "hedgedoc", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.hedgedoc.package": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hedgedoc"}, "description": "The hedgedoc package to use.", "loc": ["services", "hedgedoc", "package"], "readOnly": false, "type": "package"}, "services.hedgedoc.settings": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "description": "HedgeDoc configuration, see\n<https://docs.hedgedoc.org/configuration/>\nfor documentation.\n", "loc": ["services", "hedgedoc", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.hedgedoc.settings.allowGravatar": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [Libravatar](https://wiki.libravatar.org/) as\nprofile picture source on your instance.\n\nDespite the naming of the setting, Hedgedoc replaced Gravatar\nwith Libravatar in [CodiMD 1.4.0](https://hedgedoc.org/releases/1.4.0/)\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hedgedoc", "settings", "allowGravatar"], "readOnly": false, "type": "boolean"}, "services.hedgedoc.settings.allowOrigin": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "with config.services.hedgedoc.settings; [ host ] ++ lib.optionals (domain != null) [ domain ]\n"}, "description": "List of domains to whitelist.\n", "example": {"_type": "literalExpression", "text": "[\n  \"localhost\"\n  \"hedgedoc.org\"\n]"}, "loc": ["services", "hedgedoc", "settings", "allowOrigin"], "readOnly": false, "type": "list of string"}, "services.hedgedoc.settings.db": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "{\n  dialect = \"sqlite\";\n  storage = \"/var/lib/hedgedoc/db.sqlite\";\n}\n"}, "description": "Specify the configuration for sequelize.\nHedgeDoc supports `mysql`, `postgres`, `sqlite` and `mssql`.\nSee <https://sequelize.readthedocs.io/en/v3/>\nfor more information.\n\n::: {.note}\n  The relevant parts will be overriden if you set {option}`dbURL`.\n:::\n", "example": {"_type": "literalExpression", "text": "db = {\n  username = \"hedgedoc\";\n  database = \"hedgedoc\";\n  host = \"localhost:5432\";\n  # or via socket\n  # host = \"/run/postgresql\";\n  dialect = \"postgresql\";\n};\n"}, "loc": ["services", "hedgedoc", "settings", "db"], "readOnly": false, "type": "attribute set"}, "services.hedgedoc.settings.domain": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Domain to use for website.\n\nThis is useful if you are trying to run hedgedoc behind\na reverse proxy.\n", "example": {"_type": "literalExpression", "text": "\"hedgedoc.org\""}, "loc": ["services", "hedgedoc", "settings", "domain"], "readOnly": false, "type": "null or string"}, "services.hedgedoc.settings.host": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address to listen on.\n", "loc": ["services", "hedgedoc", "settings", "host"], "readOnly": false, "type": "null or string"}, "services.hedgedoc.settings.path": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to UNIX domain socket to listen on\n\n::: {.note}\n  If specified, {option}`host` and {option}`port` will be ignored.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/run/hedgedoc/hedgedoc.sock\""}, "loc": ["services", "hedgedoc", "settings", "path"], "readOnly": false, "type": "null or absolute path"}, "services.hedgedoc.settings.port": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port to listen on.\n", "example": {"_type": "literalExpression", "text": "80"}, "loc": ["services", "hedgedoc", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hedgedoc.settings.protocolUseSSL": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use `https://` for all links.\n\nThis is useful if you are trying to run hedgedoc behind\na reverse proxy.\n\n::: {.note}\n  Only applied if {option}`domain` is set.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hedgedoc", "settings", "protocolUseSSL"], "readOnly": false, "type": "boolean"}, "services.hedgedoc.settings.uploadsPath": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hedgedoc/uploads\""}, "description": "Directory for storing uploaded images.\n", "loc": ["services", "hedgedoc", "settings", "uploadsPath"], "readOnly": false, "type": "absolute path"}, "services.hedgedoc.settings.urlPath": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL path for the website.\n\nThis is useful if you are hosting hedgedoc on a path like\n`www.example.com/hedgedoc`\n", "example": {"_type": "literalExpression", "text": "\"hedgedoc\""}, "loc": ["services", "hedgedoc", "settings", "urlPath"], "readOnly": false, "type": "null or string"}, "services.hedgedoc.settings.useSSL": {"declarations": ["nixos/modules/services/web-apps/hedgedoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable to use SSL server.\n\n::: {.note}\n  This will also enable {option}`protocolUseSSL`.\n\n  It will also require you to set the following:\n\n  - {option}`sslKeyPath`\n  - {option}`sslCertPath`\n  - {option}`sslCAPath`\n  - {option}`dhParamPath`\n:::\n", "loc": ["services", "hedgedoc", "settings", "useSSL"], "readOnly": false, "type": "boolean"}, "services.heisenbridge.address": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on. IPv6 does not seem to be supported.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "heisenbridge", "address"], "readOnly": false, "type": "string"}, "services.heisenbridge.debug": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "More verbose logging. Recommended during initial setup.", "loc": ["services", "heisenbridge", "debug"], "readOnly": false, "type": "boolean"}, "services.heisenbridge.enable": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Matrix to IRC bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "heisenbridge", "enable"], "readOnly": false, "type": "boolean"}, "services.heisenbridge.extraArgs": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Heisenbridge is configured over the command line. Append extra arguments here", "loc": ["services", "heisenbridge", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.heisenbridge.homeserver": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "description": "The URL to the home server for client-server API calls", "example": {"_type": "literalExpression", "text": "\"http://localhost:8008\""}, "loc": ["services", "heisenbridge", "homeserver"], "readOnly": false, "type": "string"}, "services.heisenbridge.identd.enable": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable identd service support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "heisenbridge", "identd", "enable"], "readOnly": false, "type": "boolean"}, "services.heisenbridge.identd.port": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "113"}, "description": "identd listen port", "loc": ["services", "heisenbridge", "identd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.heisenbridge.namespaces": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "{\n  aliases = [ ];\n  rooms = [ ];\n  users = [\n    {\n      exclusive = true;\n      regex = \"@irc_.*\";\n    }\n  ];\n}"}, "description": "Configure the 'namespaces' section of the registration.yml for the bridge and the server", "loc": ["services", "heisenbridge", "namespaces"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.heisenbridge.owner": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set owner MXID otherwise first talking local user will claim the bridge\n", "example": {"_type": "literalExpression", "text": "\"@admin:example.org\""}, "loc": ["services", "heisenbridge", "owner"], "readOnly": false, "type": "null or string"}, "services.heisenbridge.package": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.heisenbridge"}, "description": "The heisenbridge package to use.", "loc": ["services", "heisenbridge", "package"], "readOnly": false, "type": "package"}, "services.heisenbridge.port": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "9898"}, "description": "The port to listen on", "loc": ["services", "heisenbridge", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.heisenbridge.registrationUrl": {"declarations": ["nixos/modules/services/misc/heisenbridge.nix"], "default": {"_type": "literalExpression", "text": "\"http://$\\${cfg.address}:$\\${toString cfg.port}\""}, "description": "The URL where the application service is listening for HS requests, from the Matrix HS perspective.#\nThe default value assumes the bridge runs on the same host as the home server, in the same network.\n", "example": {"_type": "literalExpression", "text": "\"https://matrix.example.org\""}, "loc": ["services", "heisenbridge", "registrationUrl"], "readOnly": false, "type": "string"}, "services.hickory-dns.configFile": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "let toml = pkgs.formats.toml { }; in toml.generate \"hickory-dns.toml\" cfg.settings\n"}, "description": "Path to an existing toml file to configure hickory-dns with.\n\nThis can usually be left unspecified, in which case it will be\ngenerated from the values in `settings`.\nIf manually specified, then the options in `settings` are ignored.\n", "loc": ["services", "hickory-dns", "configFile"], "readOnly": false, "type": "absolute path"}, "services.hickory-dns.debug": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log DEBUG, INFO, WARN and ERROR messages.\nThis option is mutually exclusive with the `debug` option.\nIf neither `quiet` nor `debug` are enabled, logging defaults to the INFO level.\n", "loc": ["services", "hickory-dns", "debug"], "readOnly": false, "type": "boolean"}, "services.hickory-dns.enable": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hickory-dns.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hickory-dns", "enable"], "readOnly": false, "type": "boolean"}, "services.hickory-dns.package": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hickory-dns"}, "description": "The hickory-dns package to use. ::: {.note}\nThe package must provide `meta.mainProgram` which names the server binary; any other utilities (client, resolver) are not needed.\n:::\n", "loc": ["services", "hickory-dns", "package"], "readOnly": false, "type": "package"}, "services.hickory-dns.quiet": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log ERROR level messages only.\nThis option is mutually exclusive with the `debug` option.\nIf neither `quiet` nor `debug` are enabled, logging defaults to the INFO level.\n", "loc": ["services", "hickory-dns", "quiet"], "readOnly": false, "type": "boolean"}, "services.hickory-dns.settings": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "description": "Settings for hickory-dns. The options enumerated here are not exhaustive.\nRefer to upstream documentation for all available options:\n- [Example settings](https://github.com/hickory-dns/hickory-dns/blob/main/tests/test-data/test_configs/example.toml)\n", "loc": ["services", "hickory-dns", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.hickory-dns.settings.directory": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hickory-dns\""}, "description": "The directory in which hickory-dns should look for .zone files,\nwhenever zones aren't specified by absolute path.\n", "loc": ["services", "hickory-dns", "settings", "directory"], "readOnly": false, "type": "string"}, "services.hickory-dns.settings.listen_addrs_ipv4": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0\"\n]"}, "description": "List of ipv4 addresses on which to listen for DNS queries.\n", "loc": ["services", "hickory-dns", "settings", "listen_addrs_ipv4"], "readOnly": false, "type": "list of string"}, "services.hickory-dns.settings.listen_addrs_ipv6": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "lib.optional config.networking.enableIPv6 \"::0\""}, "description": "List of ipv6 addresses on which to listen for DNS queries.\n", "loc": ["services", "hickory-dns", "settings", "listen_addrs_ipv6"], "readOnly": false, "type": "list of string"}, "services.hickory-dns.settings.listen_port": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "Port to listen on (applies to all listen addresses).\n", "loc": ["services", "hickory-dns", "settings", "listen_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hickory-dns.settings.zones": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of zones to serve.", "loc": ["services", "hickory-dns", "settings", "zones"], "readOnly": false, "type": "list of ((open submodule of (TOML value)) or string convertible to it)"}, "services.hickory-dns.settings.zones.*.file": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "if config.zone_type != \"External\" then \"${config.zone}.zone\" else null"}, "description": "Path to the .zone file.\nIf not fully-qualified, this path will be interpreted relative to the `directory` option.\nIf omitted, defaults to the value of the `zone` option suffixed with \".zone\" when `zone_type` isn't External; otherwise, defaults to `null`.\n", "loc": ["services", "hickory-dns", "settings", "zones", "*", "file"], "readOnly": false, "type": "null or absolute path or string"}, "services.hickory-dns.settings.zones.*.zone": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "description": "Zone name, like \"example.com\", \"localhost\", or \"0.0.127.in-addr.arpa\".\n", "loc": ["services", "hickory-dns", "settings", "zones", "*", "zone"], "readOnly": false, "type": "string"}, "services.hickory-dns.settings.zones.*.zone_type": {"declarations": ["nixos/modules/services/networking/hickory-dns.nix"], "default": {"_type": "literalExpression", "text": "\"Primary\""}, "description": "One of:\n- \"Primary\" (the master, authority for the zone).\n- \"Secondary\" (the slave, replicated from the primary).\n- \"External\" (a cached zone that queries other nameservers).\n\nFor more details about these zone types, consult the documentation for BIND,\nthough note that hickory-dns supports only a subset of BIND's zone types:\n<https://bind9.readthedocs.io/en/v9_18_4/reference.html#type>\n", "loc": ["services", "hickory-dns", "settings", "zones", "*", "zone_type"], "readOnly": false, "type": "one of \"Primary\", \"Secondary\", \"External\""}, "services.hitch.backend": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "description": "The host and port Hitch connects to when receiving\na connection in the form [HOST]:PORT\n", "loc": ["services", "hitch", "backend"], "readOnly": false, "type": "string"}, "services.hitch.ciphers": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "\"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\""}, "description": "The list of ciphers to use", "loc": ["services", "hitch", "ciphers"], "readOnly": false, "type": "string"}, "services.hitch.enable": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hitch Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hitch", "enable"], "readOnly": false, "type": "boolean"}, "services.hitch.extraConfig": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration lines", "loc": ["services", "hitch", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.hitch.frontend": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "\"[127.0.0.1]:443\""}, "description": "The port and interface of the listen endpoint in the\nform [HOST]:PORT[+CERT].\n", "loc": ["services", "hitch", "frontend"], "readOnly": false, "type": "string or list of string"}, "services.hitch.group": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "\"hitch\""}, "description": "The group to run as", "loc": ["services", "hitch", "group"], "readOnly": false, "type": "string"}, "services.hitch.ocsp-stapling.enabled": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable OCSP Stapling", "loc": ["services", "hitch", "ocsp-stapling", "enabled"], "readOnly": false, "type": "boolean"}, "services.hitch.pem-files": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "PEM files to use", "loc": ["services", "hitch", "pem-files"], "readOnly": false, "type": "list of absolute path"}, "services.hitch.user": {"declarations": ["nixos/modules/services/web-servers/hitch/default.nix"], "default": {"_type": "literalExpression", "text": "\"hitch\""}, "description": "The user to run as", "loc": ["services", "hitch", "user"], "readOnly": false, "type": "string"}, "services.hledger-web.allow": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "\"view\""}, "description": "User's access level for changing data.\n\n* view: view only permission.\n* add: view and add permissions.\n* edit: view, add, and edit permissions.\n* sandstorm: permissions from the `X-Sandstorm-Permissions` request header.\n", "loc": ["services", "hledger-web", "allow"], "readOnly": false, "type": "one of \"view\", \"add\", \"edit\", \"sandstorm\""}, "services.hledger-web.baseUrl": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base URL, when sharing over a network.\n", "example": {"_type": "literalExpression", "text": "\"https://example.org\""}, "loc": ["services", "hledger-web", "baseUrl"], "readOnly": false, "type": "null or string"}, "services.hledger-web.enable": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hledger-web service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hledger-web", "enable"], "readOnly": false, "type": "boolean"}, "services.hledger-web.extraOptions": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to hledger-web.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--forecast\"\n]"}, "loc": ["services", "hledger-web", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.hledger-web.host": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on.\n", "loc": ["services", "hledger-web", "host"], "readOnly": false, "type": "string"}, "services.hledger-web.journalFiles": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "[\n  \".hledger.journal\"\n]"}, "description": "Paths to journal files relative to {option}`services.hledger-web.stateDir`.\n", "loc": ["services", "hledger-web", "journalFiles"], "readOnly": false, "type": "list of string"}, "services.hledger-web.port": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port to listen on.\n", "example": {"_type": "literalExpression", "text": "80"}, "loc": ["services", "hledger-web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hledger-web.serveApi": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving only the JSON web API, without the web UI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hledger-web", "serveApi"], "readOnly": false, "type": "boolean"}, "services.hledger-web.stateDir": {"declarations": ["nixos/modules/services/web-apps/hledger-web.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hledger-web\""}, "description": "Path the service has access to. If left as the default value this\ndirectory will automatically be created before the hledger-web server\nstarts, otherwise the sysadmin is responsible for ensuring the\ndirectory exists with appropriate ownership and permissions.\n", "loc": ["services", "hledger-web", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.hockeypuck.enable": {"declarations": ["nixos/modules/services/security/hockeypuck.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hockeypuck OpenPGP Key Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hockeypuck", "enable"], "readOnly": false, "type": "boolean"}, "services.hockeypuck.port": {"declarations": ["nixos/modules/services/security/hockeypuck.nix"], "default": {"_type": "literalExpression", "text": "11371"}, "description": "HKP port to listen on.", "loc": ["services", "hockeypuck", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hockeypuck.settings": {"declarations": ["nixos/modules/services/security/hockeypuck.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration file for hockeypuck, here you can override\ncertain settings (`loglevel` and\n`openpgp.db.dsn`) by just setting those values.\n\nFor other settings you need to use lib.mkForce to override them.\n\nThis service doesn't provision or enable postgres on your\nsystem, it rather assumes that you enable postgres and create\nthe database yourself.\n\nExample:\n```\n  services.postgresql = {\n    enable = true;\n    ensureDatabases = [ \"hockeypuck\" ];\n    ensureUsers = [{\n      name = \"hockeypuck\";\n      ensureDBOwnership = true;\n    }];\n  };\n```\n", "example": {"_type": "literalExpression", "text": "{\n  hockeypuck = {\n    loglevel = \"INFO\";\n    logfile = \"/var/log/hockeypuck/hockeypuck.log\";\n    indexTemplate = \"${pkgs.hockeypuck-web}/share/templates/index.html.tmpl\";\n    vindexTemplate = \"${pkgs.hockeypuck-web}/share/templates/index.html.tmpl\";\n    statsTemplate = \"${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl\";\n    webroot = \"${pkgs.hockeypuck-web}/share/webroot\";\n\n    hkp.bind = \":${toString cfg.port}\";\n\n    openpgp.db = {\n      driver = \"postgres-jsonb\";\n      dsn = \"database=hockeypuck host=/var/run/postgresql sslmode=disable\";\n    };\n  };\n}\n"}, "loc": ["services", "hockeypuck", "settings"], "readOnly": false, "type": "TOML value"}, "services.hologram-agent.dialAddress": {"declarations": ["nixos/modules/services/security/hologram-agent.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:3100\""}, "description": "Hologram server and port.", "loc": ["services", "hologram-agent", "dialAddress"], "readOnly": false, "type": "string"}, "services.hologram-agent.enable": {"declarations": ["nixos/modules/services/security/hologram-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Hologram agent for AWS instance credentials", "loc": ["services", "hologram-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.hologram-agent.httpPort": {"declarations": ["nixos/modules/services/security/hologram-agent.nix"], "default": {"_type": "literalExpression", "text": "\"80\""}, "description": "Port for metadata service to listen on.", "loc": ["services", "hologram-agent", "httpPort"], "readOnly": false, "type": "string"}, "services.hologram-server.awsAccount": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "description": "AWS account number", "loc": ["services", "hologram-server", "awsAccount"], "readOnly": false, "type": "string"}, "services.hologram-server.awsDefaultRole": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "description": "AWS default role", "loc": ["services", "hologram-server", "awsDefaultRole"], "readOnly": false, "type": "string"}, "services.hologram-server.cacheTimeoutSeconds": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "3600"}, "description": "How often (in seconds) to refresh the LDAP cache", "loc": ["services", "hologram-server", "cacheTimeoutSeconds"], "readOnly": false, "type": "signed integer"}, "services.hologram-server.enable": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Hologram server for AWS instance credentials", "loc": ["services", "hologram-server", "enable"], "readOnly": false, "type": "boolean"}, "services.hologram-server.enableLdapRoles": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to assign user roles based on the user's LDAP group memberships", "loc": ["services", "hologram-server", "enableLdapRoles"], "readOnly": false, "type": "boolean"}, "services.hologram-server.groupClassAttr": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "\"groupOfNames\""}, "description": "The objectclass attribute to search for groups when enableLdapRoles is true", "loc": ["services", "hologram-server", "groupClassAttr"], "readOnly": false, "type": "string"}, "services.hologram-server.ldapBaseDN": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "description": "The base DN for your Hologram users", "loc": ["services", "hologram-server", "ldapBaseDN"], "readOnly": false, "type": "string"}, "services.hologram-server.ldapBindDN": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "description": "DN of account to use to query the LDAP server", "loc": ["services", "hologram-server", "ldapBindDN"], "readOnly": false, "type": "string"}, "services.hologram-server.ldapBindPassword": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "description": "Password of account to use to query the LDAP server", "loc": ["services", "hologram-server", "ldapBindPassword"], "readOnly": false, "type": "string"}, "services.hologram-server.ldapHost": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "description": "Address of the LDAP server to use", "loc": ["services", "hologram-server", "ldapHost"], "readOnly": false, "type": "string"}, "services.hologram-server.ldapInsecure": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to connect to LDAP over SSL or not", "loc": ["services", "hologram-server", "ldapInsecure"], "readOnly": false, "type": "boolean"}, "services.hologram-server.ldapUserAttr": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "\"cn\""}, "description": "The LDAP attribute for usernames", "loc": ["services", "hologram-server", "ldapUserAttr"], "readOnly": false, "type": "string"}, "services.hologram-server.listenAddress": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:3100\""}, "description": "Address and port to listen on", "loc": ["services", "hologram-server", "listenAddress"], "readOnly": false, "type": "string"}, "services.hologram-server.roleAttr": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "\"businessCategory\""}, "description": "Which LDAP group attribute to search for authorized role ARNs", "loc": ["services", "hologram-server", "roleAttr"], "readOnly": false, "type": "string"}, "services.hologram-server.statsAddress": {"declarations": ["nixos/modules/services/security/hologram-server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address of statsd server", "loc": ["services", "hologram-server", "statsAddress"], "readOnly": false, "type": "string"}, "services.homebox.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/homebox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local PostgreSQL database server for Homebox.\n", "loc": ["services", "homebox", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.homebox.enable": {"declarations": ["nixos/modules/services/web-apps/homebox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable homebox.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homebox", "enable"], "readOnly": false, "type": "boolean"}, "services.homebox.group": {"declarations": ["nixos/modules/services/web-apps/homebox.nix"], "default": {"_type": "literalExpression", "text": "\"homebox\""}, "description": "Group under which Homebox runs.", "loc": ["services", "homebox", "group"], "readOnly": false, "type": "string"}, "services.homebox.package": {"declarations": ["nixos/modules/services/web-apps/homebox.nix"], "default": {"_type": "literalExpression", "text": "pkgs.homebox"}, "description": "The homebox package to use.", "loc": ["services", "homebox", "package"], "readOnly": false, "type": "package"}, "services.homebox.settings": {"declarations": ["nixos/modules/services/web-apps/homebox.nix"], "default": {"_type": "literalExpression", "text": "{\n  HBOX_STORAGE_CONN_STRING = \"file:///var/lib/homebox\";\n  HBOX_STORAGE_PREFIX_PATH = \"data\";\n  HBOX_DATABASE_DRIVER = \"sqlite3\";\n  HBOX_DATABASE_SQLITE_PATH = \"/var/lib/homebox/data/homebox.db?_pragma=busy_timeout=999&_pragma=journal_mode=WAL&_fk=1\";\n  HBOX_OPTIONS_ALLOW_REGISTRATION = \"false\";\n  HBOX_OPTIONS_CHECK_GITHUB_RELEASE = \"false\";\n  HBOX_MODE = \"production\";\n  HOME = \"/var/lib/homebox\";\n  TMPDIR = \"/var/lib/homebox/tmp\";\n}\n"}, "description": "The homebox configuration as environment variables. For definitions and available options see the upstream\n[documentation](https://homebox.software/en/configure/#configure-homebox).\n", "loc": ["services", "homebox", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string)"}, "services.homebox.user": {"declarations": ["nixos/modules/services/web-apps/homebox.nix"], "default": {"_type": "literalExpression", "text": "\"homebox\""}, "description": "User account under which Homebox runs.", "loc": ["services", "homebox", "user"], "readOnly": false, "type": "string"}, "services.homebridge.enable": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Homebridge: Homekit home automation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homebridge", "enable"], "readOnly": false, "type": "boolean"}, "services.homebridge.environmentFile": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an environment-file which may contain secrets.\n", "loc": ["services", "homebridge", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.homebridge.group": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"homebridge\""}, "description": "Group to run homebridge as.", "loc": ["services", "homebridge", "group"], "readOnly": false, "type": "string"}, "services.homebridge.openFirewall": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Homebridge web interface and service.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homebridge", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.homebridge.pluginPath": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/homebridge/node_modules\""}, "description": "Path to the plugin download directory (needs to be writeable).\nSeems this needs to end with node_modules, as Homebridge will run npm\non the parent directory.\n", "loc": ["services", "homebridge", "pluginPath"], "readOnly": false, "type": "string"}, "services.homebridge.settings": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for homebridge.\n\nFor more details, see [the homebridge documentation](https://github.com/homebridge/homebridge/wiki/Homebridge-Config-JSON-Explained).\n", "loc": ["services", "homebridge", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.homebridge.settings.accessories": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Homebridge Accessories", "loc": ["services", "homebridge", "settings", "accessories"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.homebridge.settings.accessories.*.accessory": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "description": "Accessory type", "loc": ["services", "homebridge", "settings", "accessories", "*", "accessory"], "readOnly": false, "type": "string"}, "services.homebridge.settings.accessories.*.name": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "description": "Name of the accessory", "loc": ["services", "homebridge", "settings", "accessories", "*", "name"], "readOnly": false, "type": "string"}, "services.homebridge.settings.bridge.name": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"Homebridge\""}, "description": "Name of the homebridge", "loc": ["services", "homebridge", "settings", "bridge", "name"], "readOnly": false, "type": "string"}, "services.homebridge.settings.bridge.port": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "51826"}, "description": "The port homebridge listens on", "loc": ["services", "homebridge", "settings", "bridge", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.homebridge.settings.description": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"Homebridge\""}, "description": "Description of the homebridge instance.", "loc": ["services", "homebridge", "settings", "description"], "readOnly": true, "type": "string"}, "services.homebridge.settings.platforms": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Homebridge Platforms", "loc": ["services", "homebridge", "settings", "platforms"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.homebridge.settings.platforms.*.name": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "description": "Name of the platform", "loc": ["services", "homebridge", "settings", "platforms", "*", "name"], "readOnly": false, "type": "string"}, "services.homebridge.settings.platforms.*.platform": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "description": "Platform type", "loc": ["services", "homebridge", "settings", "platforms", "*", "platform"], "readOnly": false, "type": "string"}, "services.homebridge.uiSettings": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for homebridge config UI plugin.\n\nFor more details, see [the homebridge-config-ui-x documentation](https://github.com/homebridge/homebridge-config-ui-x/wiki/Config-Options).\n", "loc": ["services", "homebridge", "uiSettings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.homebridge.uiSettings.log.method": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"systemd\""}, "description": "Method to use for logging", "loc": ["services", "homebridge", "uiSettings", "log", "method"], "readOnly": true, "type": "string"}, "services.homebridge.uiSettings.log.service": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"homebridge\""}, "description": "Name of the systemd service to log to", "loc": ["services", "homebridge", "uiSettings", "log", "service"], "readOnly": true, "type": "string"}, "services.homebridge.uiSettings.name": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"Config\""}, "description": "Name of the homebridge UI platform", "loc": ["services", "homebridge", "uiSettings", "name"], "readOnly": true, "type": "string"}, "services.homebridge.uiSettings.platform": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"config\""}, "description": "Type of the homebridge UI platform", "loc": ["services", "homebridge", "uiSettings", "platform"], "readOnly": true, "type": "string"}, "services.homebridge.uiSettings.port": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "8581"}, "description": "The port the UI web service should listen on", "loc": ["services", "homebridge", "uiSettings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.homebridge.uiSettings.restart": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"sudo -n systemctl restart homebridge\""}, "description": "Command to restart the homebridge UI service", "loc": ["services", "homebridge", "uiSettings", "restart"], "readOnly": true, "type": "string"}, "services.homebridge.user": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"homebridge\""}, "description": "User to run homebridge as.", "loc": ["services", "homebridge", "user"], "readOnly": false, "type": "string"}, "services.homebridge.userStoragePath": {"declarations": ["nixos/modules/services/home-automation/homebridge.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/homebridge\""}, "description": "Path to store homebridge user files (needs to be writeable).\n", "loc": ["services", "homebridge", "userStoragePath"], "readOnly": false, "type": "string"}, "services.homed.enable": {"declarations": ["nixos/modules/system/boot/systemd/homed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable systemd home area/user account manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homed", "enable"], "readOnly": false, "type": "boolean"}, "services.homed.promptOnFirstBoot": {"declarations": ["nixos/modules/system/boot/systemd/homed.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable interactively prompting for user creation on first boot\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homed", "promptOnFirstBoot"], "readOnly": false, "type": "boolean"}, "services.homed.settings.Home": {"declarations": ["nixos/modules/system/boot/systemd/homed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for systemd-homed. See {manpage}`homed.conf(5)` man page for\navailable options.\n", "example": {"_type": "literalExpression", "text": "{\n  DefaultFileSystemType = \"btrfs\";\n  DefaultStorage = \"luks\";\n}"}, "loc": ["services", "homed", "settings", "Home"], "readOnly": false, "type": "open submodule of attribute set of (systemd option)"}, "services.homepage-dashboard.allowedHosts": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:8082,127.0.0.1:8082\""}, "description": "Hosts that homepage-dashboard will be running under.\nYou will want to change this in order to acess homepage from anything other than localhost.\nsee the upsream documentation:\n\n<https://gethomepage.dev/installation/#homepage_allowed_hosts>\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "homepage-dashboard", "allowedHosts"], "readOnly": false, "type": "string"}, "services.homepage-dashboard.bookmarks": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Homepage bookmarks configuration.\n\nSee <https://gethomepage.dev/configs/bookmarks/>.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Developer = [\n      {\n        Github = [\n          {\n            abbr = \"GH\";\n            href = \"https://github.com/\";\n          }\n        ];\n      }\n    ];\n  }\n  {\n    Entertainment = [\n      {\n        YouTube = [\n          {\n            abbr = \"YT\";\n            href = \"https://youtube.com/\";\n          }\n        ];\n      }\n    ];\n  }\n]"}, "loc": ["services", "homepage-dashboard", "bookmarks"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homepage-dashboard.customCSS": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Custom CSS for styling Homepage.\n\nSee <https://gethomepage.dev/configs/custom-css-js/>.\n", "loc": ["services", "homepage-dashboard", "customCSS"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.homepage-dashboard.customJS": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Custom Javascript for Homepage.\n\nSee <https://gethomepage.dev/configs/custom-css-js/>.\n", "loc": ["services", "homepage-dashboard", "customJS"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.homepage-dashboard.docker": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Homepage docker configuration.\n\nSee <https://gethomepage.dev/configs/docker/>.\n", "loc": ["services", "homepage-dashboard", "docker"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homepage-dashboard.enable": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Homepage Dashboard, a highly customizable application dashboard.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homepage-dashboard", "enable"], "readOnly": false, "type": "boolean"}, "services.homepage-dashboard.environmentFiles": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths to environment files that contain environment variables to pass\nto the homepage-dashboard service, for the purpose of passing secrets to\nthe service.\n\nSee the upstream documentation:\n\n<https://gethomepage.dev/installation/docker/#using-environment-secrets>\n", "loc": ["services", "homepage-dashboard", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.homepage-dashboard.kubernetes": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Homepage kubernetes configuration.\n\nSee <https://gethomepage.dev/configs/kubernetes/>.\n", "loc": ["services", "homepage-dashboard", "kubernetes"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homepage-dashboard.listenPort": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "8082"}, "description": "Port for Homepage to bind to.", "loc": ["services", "homepage-dashboard", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.homepage-dashboard.openFirewall": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Homepage.", "loc": ["services", "homepage-dashboard", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.homepage-dashboard.package": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.homepage-dashboard"}, "description": "The homepage-dashboard package to use.", "loc": ["services", "homepage-dashboard", "package"], "readOnly": false, "type": "package"}, "services.homepage-dashboard.proxmox": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Homepage proxmox configuration.\n\nSee <https://gethomepage.dev/configs/proxmox/>.\n", "loc": ["services", "homepage-dashboard", "proxmox"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homepage-dashboard.services": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Homepage services configuration.\n\nSee <https://gethomepage.dev/configs/services/>.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    \"My First Group\" = [\n      {\n        \"My First Service\" = {\n          description = \"Homepage is awesome\";\n          href = \"http://localhost/\";\n        };\n      }\n    ];\n  }\n  {\n    \"My Second Group\" = [\n      {\n        \"My Second Service\" = {\n          description = \"Homepage is the best\";\n          href = \"http://localhost/\";\n        };\n      }\n    ];\n  }\n]"}, "loc": ["services", "homepage-dashboard", "services"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homepage-dashboard.settings": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Homepage settings.\n\nSee <https://gethomepage.dev/configs/settings/>.\n", "loc": ["services", "homepage-dashboard", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homepage-dashboard.widgets": {"declarations": ["nixos/modules/services/misc/homepage-dashboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Homepage widgets configuration.\n\nSee <https://gethomepage.dev/widgets/>.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    resources = {\n      cpu = true;\n      disk = \"/\";\n      memory = true;\n    };\n  }\n  {\n    search = {\n      provider = \"duckduckgo\";\n      target = \"_blank\";\n    };\n  }\n]"}, "loc": ["services", "homepage-dashboard", "widgets"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homer.enable": {"declarations": ["nixos/modules/services/web-apps/homer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable A dead simple static HOMepage for your servER to keep your services on hand, from a simple yaml configuration file.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homer", "enable"], "readOnly": false, "type": "boolean"}, "services.homer.package": {"declarations": ["nixos/modules/services/web-apps/homer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.homer"}, "description": "The homer package to use.", "loc": ["services", "homer", "package"], "readOnly": false, "type": "package"}, "services.homer.settings": {"declarations": ["nixos/modules/services/web-apps/homer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings serialized into {file}`config.yml` before build.\nIf left empty, the default configuration shipped with the package will be used instead.\nFor more information, see the [official documentation](https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md).\n\nNote that the full configuration will be written to the nix store as world readable, which may include secrets such as [api-keys](https://github.com/bastienwirtz/homer/blob/main/docs/customservices.md).\n\nTo add files such as icons or backgrounds, you can reference them in line such as\n```nix\nicon = \"${./icon.png}\";\n```\nThis will add the file to the nix store upon build, referencing it by file path as expected by Homer.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    title = \"App dashboard\";\n    subtitle = \"Homer\";\n    logo = \"assets/logo.png\";\n    header = true;\n    footer = '''\n      <p>Created with <span class=\"has-text-danger\">\u2764\ufe0f</span> with\n      <a href=\"https://bulma.io/\">bulma</a>,\n      <a href=\"https://vuejs.org/\">vuejs</a> &\n      <a href=\"https://fontawesome.com/\">font awesome</a> //\n      Fork me on <a href=\"https://github.com/bastienwirtz/homer\">\n      <i class=\"fab fa-github-alt\"></i></a></p>\n    ''';\n    columns = \"3\";\n    connectivityCheck = true;\n  \n    proxy = {\n      useCredentials = false;\n      headers = {\n        Test = \"Example\";\n        Test1 = \"Example1\";\n      };\n    };\n  \n    defaults = {\n      layout = \"columns\";\n      colorTheme = \"auto\";\n    };\n  \n    theme = \"default\";\n  \n    message = {\n      style = \"is-warning\";\n      title = \"Optional message!\";\n      icon = \"fa fa-exclamation-triangle\";\n      content = \"Lorem ipsum dolor sit amet, consectetur adipiscing elit.\";\n    };\n  \n    links = [\n      {\n        name = \"Link 1\";\n        icon = \"fab fa-github\";\n        url = \"https://github.com/bastienwirtz/homer\";\n        target = \"_blank\";\n      }\n      {\n        name = \"link 2\";\n        icon = \"fas fa-book\";\n        url = \"https://github.com/bastienwirtz/homer\";\n      }\n    ];\n  \n    services = [\n      {\n        name = \"Application\";\n        icon = \"fas fa-code-branch\";\n        items = [\n          {\n            name = \"Awesome app\";\n            logo = \"assets/tools/sample.png\";\n            subtitle = \"Bookmark example\";\n            tag = \"app\";\n            keywords = \"self hosted reddit\";\n            url = \"https://www.reddit.com/r/selfhosted/\";\n            target = \"_blank\";\n          }\n          {\n            name = \"Another one\";\n            logo = \"assets/tools/sample2.png\";\n            subtitle = \"Another application\";\n            tag = \"app\";\n            tagstyle = \"is-success\";\n            url = \"#\";\n          }\n        ];\n      }\n      {\n        name = \"Other group\";\n        icon = \"fas fa-heartbeat\";\n        items = [\n          {\n            name = \"Pi-hole\";\n            logo = \"assets/tools/sample.png\";\n            tag = \"other\";\n            url = \"http://192.168.0.151/admin\";\n            type = \"PiHole\";\n            target = \"_blank\";\n          }\n        ];\n      }\n    ];\n  }\n  \n''"}, "loc": ["services", "homer", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.homer.virtualHost.caddy.enable": {"declarations": ["nixos/modules/services/web-apps/homer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a virtualhost to serve homer through caddy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homer", "virtualHost", "caddy", "enable"], "readOnly": false, "type": "boolean"}, "services.homer.virtualHost.domain": {"declarations": ["nixos/modules/services/web-apps/homer.nix"], "description": "Domain to use for the virtual host.\n\nThis can be used to change nginx options like\n```nix\nservices.nginx.virtualHosts.\"$\\{config.services.homer.virtualHost.domain}\".listen = [ ... ]\n```\nor\n```nix\nservices.nginx.virtualHosts.\"example.com\".listen = [ ... ]\n```\n", "loc": ["services", "homer", "virtualHost", "domain"], "readOnly": false, "type": "string"}, "services.homer.virtualHost.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/homer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a virtualhost to serve homer through nginx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "homer", "virtualHost", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.honk.enable": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Honk server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "honk", "enable"], "readOnly": false, "type": "boolean"}, "services.honk.extraCSS": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An extra CSS file to be loaded by the client.\n", "loc": ["services", "honk", "extraCSS"], "readOnly": false, "type": "null or absolute path"}, "services.honk.extraJS": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An extra JavaScript file to be loaded by the client.\n", "loc": ["services", "honk", "extraJS"], "readOnly": false, "type": "null or absolute path"}, "services.honk.host": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host name or IP address the server should listen to.\n", "loc": ["services", "honk", "host"], "readOnly": false, "type": "string"}, "services.honk.package": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.honk"}, "description": "The honk package to use.", "loc": ["services", "honk", "package"], "readOnly": false, "type": "package"}, "services.honk.passwordFile": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "description": "Password for admin account.\nNOTE: Should be string not a store path, to prevent the password from being world readable\n", "loc": ["services", "honk", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.honk.port": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port the server should listen to.\n", "loc": ["services", "honk", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.honk.servername": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "description": "The server name.\n", "loc": ["services", "honk", "servername"], "readOnly": false, "type": "string"}, "services.honk.username": {"declarations": ["nixos/modules/services/web-apps/honk.nix"], "description": "The admin account username.\n", "loc": ["services", "honk", "username"], "readOnly": false, "type": "string"}, "services.hoogle.enable": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Haskell documentation server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hoogle", "enable"], "readOnly": false, "type": "boolean"}, "services.hoogle.extraOptions": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments to pass to\n{command}`hoogle server`\n", "example": {"_type": "literalExpression", "text": "[\n  \"--no-security-headers\"\n]"}, "loc": ["services", "hoogle", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.hoogle.haskellPackages": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "pkgs.haskellPackages"}, "description": "Which haskell package set to use.", "loc": ["services", "hoogle", "haskellPackages"], "readOnly": false, "type": "attribute set"}, "services.hoogle.home": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "\"https://hoogle.haskell.org\""}, "description": "Url for hoogle logo", "loc": ["services", "hoogle", "home"], "readOnly": false, "type": "string"}, "services.hoogle.host": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Set the host to bind on.", "loc": ["services", "hoogle", "host"], "readOnly": false, "type": "string"}, "services.hoogle.packages": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "hp: []"}, "description": "The Haskell packages to generate documentation for.\n\nThe option value is a function that takes the package set specified in\nthe {var}`haskellPackages` option as its sole parameter and\nreturns a list of packages.\n", "example": {"_type": "literalExpression", "text": "hp: with hp; [ text lens ]"}, "loc": ["services", "hoogle", "packages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.hoogle.port": {"declarations": ["nixos/modules/services/development/hoogle.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port number Hoogle will be listening to.\n", "loc": ["services", "hoogle", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hostapd.enable": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hostapd, a user space daemon for access point and\nauthentication servers. It implements IEEE 802.11 access point management,\nIEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS\nauthentication server\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hostapd", "enable"], "readOnly": false, "type": "boolean"}, "services.hostapd.package": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hostapd"}, "description": "The hostapd package to use.", "loc": ["services", "hostapd", "package"], "readOnly": false, "type": "package"}, "services.hostapd.radios": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option allows you to define APs for one or multiple physical radios.\nAt least one radio must be specified.\n\nFor each radio, hostapd requires a separate logical interface (like wlp3s0, wlp3s1, ...).\nA default interface is usually be created automatically by your system, but to use\nmultiple radios of a single device, it may be required to create additional logical interfaces\nfor example by using {option}`networking.wlanInterfaces`.\n\nEach physical radio can only support a single hardware-mode that is configured via\n({option}`services.hostapd.radios.<radio>.band`). To create a dual-band\nor tri-band AP, you will have to use a device that has multiple physical radios\nand supports configuring multiple APs (Refer to valid interface combinations in\n{command}`iw list`).\n", "example": {"_type": "literalExpression", "text": "{\n  # Simple 2.4GHz AP\n  wlp2s0 = {\n    # countryCode = \"US\";\n    networks.wlp2s0 = {\n      ssid = \"AP 1\";\n      authentication.saePasswords = [{ passwordFile = \"/run/secrets/my-password\"; }];\n    };\n  };\n\n  # WiFi 5 (5GHz) with two advertised networks\n  wlp3s0 = {\n    band = \"5g\";\n    channel = 0; # Enable automatic channel selection (ACS). Use only if your hardware supports it.\n    # countryCode = \"US\";\n    networks.wlp3s0 = {\n      ssid = \"My AP\";\n      authentication.saePasswords = [{ passwordFile = \"/run/secrets/my-password\"; }];\n    };\n    networks.wlp3s0-1 = {\n      ssid = \"Open AP with WiFi5\";\n      authentication.mode = \"none\";\n    };\n  };\n\n  # Legacy WPA2 example\n  wlp4s0 = {\n    # countryCode = \"US\";\n    networks.wlp4s0 = {\n      ssid = \"AP 2\";\n      authentication = {\n        mode = \"wpa2-sha256\";\n        wpaPassword = \"a flakey password\"; # Use wpaPasswordFile if possible.\n      };\n    };\n  };\n}\n"}, "loc": ["services", "hostapd", "radios"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.hostapd.radios.<name>.band": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"2g\""}, "description": "Specifies the frequency band to use, possible values are 2g for 2.4 GHz,\n5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.\n", "loc": ["services", "hostapd", "radios", "<name>", "band"], "readOnly": false, "type": "one of \"2g\", \"5g\", \"6g\", \"60g\""}, "services.hostapd.radios.<name>.channel": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The channel to operate on. Use 0 to enable ACS (Automatic Channel Selection).\nBeware that not every device supports ACS in which case {command}`hostapd`\nwill fail to start.\n", "example": {"_type": "literalExpression", "text": "11"}, "loc": ["services", "hostapd", "radios", "<name>", "channel"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.hostapd.radios.<name>.countryCode": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Country code (ISO/IEC 3166-1). Used to set regulatory domain.\nSet as needed to indicate country in which device is operating.\nThis can limit available channels and transmit power.\nThese two octets are used as the first two octets of the Country String\n(dot11CountryString).\n\nSetting this will force you to also enable IEEE 802.11d and IEEE 802.11h.\n\nIEEE 802.11d: This advertises the countryCode and the set of allowed channels\nand transmit power levels based on the regulatory limits.\n\nIEEE802.11h: This enables radar detection and DFS (Dynamic Frequency Selection)\nsupport if available. DFS support is required on outdoor 5 GHz channels in most\ncountries of the world.\n", "example": {"_type": "literalExpression", "text": "\"US\""}, "loc": ["services", "hostapd", "radios", "<name>", "countryCode"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.driver": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"nl80211\""}, "description": "The driver {command}`hostapd` will use.\n{var}`nl80211` is used with all Linux mac80211 drivers.\n{var}`none` is used if building a standalone RADIUS server that does\nnot control any wireless/wired driver.\nMost applications will probably use the default.\n", "example": {"_type": "literalExpression", "text": "\"none\""}, "loc": ["services", "hostapd", "radios", "<name>", "driver"], "readOnly": false, "type": "string"}, "services.hostapd.radios.<name>.dynamicConfigScripts": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All of these scripts will be executed in lexicographical order before hostapd\nis started, right after the global segment was generated and may dynamically\nappend global options the generated configuration file.\n\nThe first argument will point to the configuration file that you may append to.\n", "example": {"_type": "literalExpression", "text": "{\n  exampleDynamicConfig = pkgs.writeShellScript \"dynamic-config\" ''\n    HOSTAPD_CONFIG=$1\n\n    cat >> \"$HOSTAPD_CONFIG\" << EOF\n    # Add some dynamically generated statements here,\n    # for example based on the physical adapter in use\n    EOF\n  '';\n}\n"}, "loc": ["services", "hostapd", "radios", "<name>", "dynamicConfigScripts"], "readOnly": false, "type": "attribute set of absolute path"}, "services.hostapd.radios.<name>.networks": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This defines a BSS, colloquially known as a WiFi network.\nYou have to specify at least one.\n", "example": {"_type": "literalExpression", "text": "{\n  wlp2s0 = {\n    ssid = \"Primary advertised network\";\n    authentication.saePasswords = [{ passwordFile = \"/run/secrets/my-password\"; }];\n  };\n  wlp2s0-1 = {\n    ssid = \"Secondary advertised network (Open)\";\n    authentication.mode = \"none\";\n  };\n}\n"}, "loc": ["services", "hostapd", "radios", "<name>", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.hostapd.radios.<name>.networks.<name>.apIsolate": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Isolate traffic between stations (clients) and prevent them from\ncommunicating with each other.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "apIsolate"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Additionally enable the recommended set of pairwise ciphers.\nThis enables newer secure ciphers, additionally to those defined in {option}`pairwiseCiphers`.\nYou will have to test whether your hardware supports these by trial-and-error, because\neven if `iw list` indicates hardware support, your driver might not expose it.\n\nBeware {command}`hostapd` will most likely not return a useful error message in case\nthis is enabled despite the driver or hardware not supporting the newer ciphers.\nLook out for messages like `Failed to set beacon parameters`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "enableRecommendedPairwiseCiphers"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.networks.<name>.authentication.mode": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"wpa3-sae\""}, "description": "Selects the authentication mode for this AP.\n\n- {var}`\"none\"`: Don't configure any authentication. This will disable wpa alltogether\n  and create an open AP. Use {option}`settings` together with this option if you\n  want to configure the authentication manually. Any password options will still be\n  effective, if set.\n- {var}`\"wpa2-sha1\"`: Not recommended. WPA2-Personal using HMAC-SHA1. Passwords are set\n  using {option}`wpaPassword` or preferably by {option}`wpaPasswordFile` or {option}`wpaPskFile`.\n- {var}`\"wpa2-sha256\"`: WPA2-Personal using HMAC-SHA256 (IEEE 802.11i/RSN). Passwords are set\n  using {option}`wpaPassword` or preferably by {option}`wpaPasswordFile` or {option}`wpaPskFile`.\n- {var}`\"wpa3-sae-transition\"`: Use WPA3-Personal (SAE) if possible, otherwise fallback\n  to WPA2-SHA256. Only use if necessary and switch to the newer WPA3-SAE when possible.\n  You will have to specify both {option}`wpaPassword` and {option}`saePasswords` (or one of their alternatives).\n- {var}`\"wpa3-sae\"`: Use WPA3-Personal (SAE). This is currently the recommended way to\n  setup a secured WiFi AP (as of March 2023) and therefore the default. Passwords are set\n  using either {option}`saePasswords` or {option}`saePasswordsFile`.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "mode"], "readOnly": false, "type": "one of \"none\", \"wpa2-sha1\", \"wpa2-sha256\", \"wpa3-sae-transition\", \"wpa3-sae\""}, "services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"CCMP\"\n]"}, "description": "Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets).\nBy default this allows just CCMP, which is the only commonly supported secure option.\nUse {option}`enableRecommendedPairwiseCiphers` to also enable newer recommended ciphers.\n\nPlease refer to the hostapd documentation for allowed values. Generally, only\nCCMP or GCMP modes should be considered safe options. Most devices support CCMP while\nGCMP and GCMP-256 is often only available with devices supporting WiFi 5 (IEEE 802.11ac) or higher.\nCCMP-256 support is rare.\n", "example": {"_type": "literalExpression", "text": "[\n  \"GCMP\"\n  \"GCMP-256\"\n]"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "pairwiseCiphers"], "readOnly": false, "type": "list of string"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, all sae password entries that have a non-wildcard MAC associated to\nthem will additionally be used to populate the MAC allow list. This is\nadditional to any entries set via {option}`macAllow` or {option}`macAllowFile`.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saeAddToMacAllow"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Sets allowed passwords for WPA3-SAE.\n\nThe last matching (based on peer MAC address and identifier) entry is used to\nselect which password to use. An empty string has the special meaning of\nremoving all previously added entries.\n\nWarning: These entries will get put into a world-readable file in\nthe Nix store! Using {option}`saePasswordFile` instead is recommended.\n\nNot used when {option}`mode` is {var}`\"wpa2-sha1\"` or {var}`\"wpa2-sha256\"`.\n", "example": {"_type": "literalExpression", "text": "[\n  # Any client may use these passwords\n  { password = \"Wi-Figure it out\"; }\n  { passwordFile = \"/run/secrets/my-password-file\"; mac = \"ff:ff:ff:ff:ff:ff\"; }\n\n  # Only the client with MAC-address 11:22:33:44:55:66 can use this password\n  { password = \"sekret pazzword\"; mac = \"11:22:33:44:55:66\"; }\n]\n"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords"], "readOnly": false, "type": "list of (submodule)"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If this attribute is given with non-zero length, it will set the password identifier\nfor this entry. It can then only be used with that identifier.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords", "*", "id"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If this attribute is not included, or if is set to the wildcard address (`ff:ff:ff:ff:ff:ff`),\nthe entry is available for any station (client) to use. If a specific peer MAC address is included,\nonly a station with that MAC address is allowed to use the entry.\n", "example": {"_type": "literalExpression", "text": "\"11:22:33:44:55:66\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords", "*", "mac"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password for this entry. SAE technically imposes no restrictions on\npassword length or character set. But due to limitations of {command}`hostapd`'s\nconfig file format, a true newline character cannot be parsed.\n\nWarning: This password will get put into a world-readable file in\nthe Nix store! Prefer using the sibling option {option}`passwordFile` or directly set {option}`saePasswordsFile`.\n", "example": {"_type": "literalExpression", "text": "\"a flakey password\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords", "*", "password"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password for this entry, read from the given file when starting hostapd.\nSAE technically imposes no restrictions on password length or character set.\nBut due to limitations of {command}`hostapd`'s config file format, a true newline\ncharacter cannot be parsed.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords", "*", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If this attribute is given, SAE-PK will be enabled for this connection.\nThis prevents evil-twin attacks, but a public key is required additionally to connect.\n(Essentially adds pubkey authentication such that the client can verify identity of the AP)\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords", "*", "pk"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswords", "*", "vlanid"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the password for WPA3-SAE. Follows the same rules as {option}`saePasswords`,\nbut reads the entries from the given file to prevent them from being\nput into the Nix store.\n\nOne entry per line, empty lines and lines beginning with # will be ignored.\nEach line must match the following format, although the order of optional\nparameters doesn't matter:\n`<password>[|mac=<peer mac>][|vlanid=<VLAN ID>][|pk=<m:ECPrivateKey-base64>][|id=<identifier>]`\n\nNot used when {option}`mode` is {var}`\"wpa2-sha1\"` or {var}`\"wpa2-sha256\"`.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "saePasswordsFile"], "readOnly": false, "type": "null or absolute path"}, "services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the password for WPA-PSK that will be converted to the pre-shared key.\nThe password length must be in the range [8, 63] characters. While some devices\nmay allow arbitrary characters (such as UTF-8) to be used, but the standard specifies\nthat each character in the passphrase must be an ASCII character in the range [0x20, 0x7e]\n(IEEE Std. 802.11i-2004, Annex H.4.1). Use emojis at your own risk.\n\nNot used when {option}`mode` is {var}`\"wpa3-sae\"`.\n\nWarning: This password will get put into a world-readable file in the Nix store!\nUsing {option}`wpaPasswordFile` or {option}`wpaPskFile` instead is recommended.\n", "example": {"_type": "literalExpression", "text": "\"a flakey password\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "wpaPassword"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the password for WPA-PSK. Follows the same rules as {option}`wpaPassword`,\nbut reads the password from the given file to prevent the password from being\nput into the Nix store.\n\nNot used when {option}`mode` is {var}`\"wpa3-sae\"`.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "wpaPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the password(s) for WPA-PSK. Similar to {option}`wpaPasswordFile`,\nbut additionally allows specifying multiple passwords, and some other options.\n\nEach line, except for empty lines and lines starting with #, must contain a\nMAC address and either a 64-hex-digit PSK or a password separated with a space.\nThe password must follow the same rules as outlined in {option}`wpaPassword`.\nThe special MAC address `00:00:00:00:00:00` can be used to configure PSKs\nthat any client can use.\n\nAn optional key identifier can be added by prefixing the line with `keyid=<keyid_string>`\nAn optional VLAN ID can be specified by prefixing the line with `vlanid=<VLAN ID>`.\nAn optional WPS tag can be added by prefixing the line with `wps=<0/1>` (default: 0).\nAny matching entry with that tag will be used when generating a PSK for a WPS Enrollee\ninstead of generating a new random per-Enrollee PSK.\n\nNot used when {option}`mode` is {var}`\"wpa3-sae\"`.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "authentication", "wpaPskFile"], "readOnly": false, "type": "null or absolute path"}, "services.hostapd.radios.<name>.networks.<name>.bssid": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the BSSID for this BSS. Usually determined automatically,\nbut for now you have to manually specify them when using multiple BSS.\nTry assigning related addresses from the locally administered MAC address ranges,\nby reusing the hardware address but replacing the second nibble with 2, 6, A or E.\n(e.g. if real address is `XX:XX:XX:XX:XX`, try `X2:XX:XX:XX:XX:XX`, `X6:XX:XX:XX:XX:XX`, ...\nfor the second, third, ... BSS)\n", "example": {"_type": "literalExpression", "text": "\"11:22:33:44:55:66\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "bssid"], "readOnly": false, "type": "null or string"}, "services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All of these scripts will be executed in lexicographical order before hostapd\nis started, right after the bss segment was generated and may dynamically\nappend bss options to the generated configuration file.\n\nThe first argument will point to the configuration file that you may append to.\nThe second and third argument will point to this BSS's MAC allow and MAC deny file respectively.\n", "example": {"_type": "literalExpression", "text": "{\n  exampleDynamicConfig = pkgs.writeShellScript \"dynamic-config\" ''\n    HOSTAPD_CONFIG=$1\n    # These always exist, but may or may not be used depending on the actual configuration\n    MAC_ALLOW_FILE=$2\n    MAC_DENY_FILE=$3\n\n    cat >> \"$HOSTAPD_CONFIG\" << EOF\n    # Add some dynamically generated statements here\n    EOF\n  '';\n}\n"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "dynamicConfigScripts"], "readOnly": false, "type": "attribute set of absolute path"}, "services.hostapd.radios.<name>.networks.<name>.group": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"wheel\""}, "description": "Members of this group can access the control socket for this interface.\n", "example": {"_type": "literalExpression", "text": "\"network\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "group"], "readOnly": false, "type": "string"}, "services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"disabled\""}, "description": "Send empty SSID in beacons and ignore probe request frames that do not\nspecify full SSID, i.e., require stations to know SSID. Note that this does\nnot increase security, since your clients will then broadcast the SSID instead,\nwhich can increase congestion.\n\n- {var}`\"disabled\"`: Advertise ssid normally.\n- {var}`\"empty\"`: send empty (length=0) SSID in beacon and ignore probe request for broadcast SSID\n- {var}`\"clear\"`: clear SSID (ASCII 0), but keep the original length (this may be required with some\n  legacy clients that do not support empty SSID) and ignore probe requests for broadcast SSID. Only\n  use this if empty does not work with your clients.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "ignoreBroadcastSsid"], "readOnly": false, "type": "one of \"disabled\", \"empty\", \"clear\""}, "services.hostapd.radios.<name>.networks.<name>.logLevel": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Levels (minimum value for logged events):\n0 = verbose debugging\n1 = debugging\n2 = informational messages\n3 = notification\n4 = warning\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "logLevel"], "readOnly": false, "type": "integer between 0 and 4 (both inclusive)"}, "services.hostapd.radios.<name>.networks.<name>.macAcl": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"deny\""}, "description": "Station MAC address -based authentication. The following modes are available:\n\n- {var}`\"deny\"`: Allow unless listed in {option}`macDeny` (default)\n- {var}`\"allow\"`: Deny unless listed in {option}`macAllow`\n- {var}`\"radius\"`: Use external radius server, but check both {option}`macAllow` and {option}`macDeny` first\n\nPlease note that this kind of access control requires a driver that uses\nhostapd to take care of management frame processing and as such, this can be\nused with driver=hostap or driver=nl80211, but not with driver=atheros.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "macAcl"], "readOnly": false, "type": "one of \"deny\", \"allow\", \"radius\""}, "services.hostapd.radios.<name>.networks.<name>.macAllow": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies the MAC addresses to allow if {option}`macAcl` is set to {var}`\"allow\"` or {var}`\"radius\"`.\nThese values will be world-readable in the Nix store. Values will automatically be merged with\n{option}`macAllowFile` if necessary.\n", "example": {"_type": "literalExpression", "text": "[\n  \"11:22:33:44:55:66\"\n]"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "macAllow"], "readOnly": false, "type": "list of string"}, "services.hostapd.radios.<name>.networks.<name>.macAllowFile": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies a file containing the MAC addresses to allow if {option}`macAcl` is set to {var}`\"allow\"` or {var}`\"radius\"`.\nThe file should contain exactly one MAC address per line. Comments and empty lines are ignored,\nonly lines starting with a valid MAC address will be considered (e.g. `11:22:33:44:55:66`) and\nany content after the MAC address is ignored.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "macAllowFile"], "readOnly": false, "type": "null or absolute path"}, "services.hostapd.radios.<name>.networks.<name>.macDeny": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies the MAC addresses to deny if {option}`macAcl` is set to {var}`\"deny\"` or {var}`\"radius\"`.\nThese values will be world-readable in the Nix store. Values will automatically be merged with\n{option}`macDenyFile` if necessary.\n", "example": {"_type": "literalExpression", "text": "[\n  \"11:22:33:44:55:66\"\n]"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "macDeny"], "readOnly": false, "type": "list of string"}, "services.hostapd.radios.<name>.networks.<name>.macDenyFile": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies a file containing the MAC addresses to deny if {option}`macAcl` is set to {var}`\"deny\"` or {var}`\"radius\"`.\nThe file should contain exactly one MAC address per line. Comments and empty lines are ignored,\nonly lines starting with a valid MAC address will be considered (e.g. `11:22:33:44:55:66`) and\nany content after the MAC address is ignored.\n", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "macDenyFile"], "readOnly": false, "type": "null or absolute path"}, "services.hostapd.radios.<name>.networks.<name>.settings": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options to put at the end of this BSS's defintion in the\nhostapd.conf for the associated interface. To find out which options are global\nand which are per-bss you have to read hostapd's source code, which is non-trivial\nand not documented otherwise.\n\nLists will be converted to multiple definitions of the same key, and booleans to 0/1.\nOtherwise, the inputs are not modified or checked for correctness.\n", "example": {"_type": "literalExpression", "text": "{\n  multi_ap = true;\n}"}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (bool, int or string) or a list of them for duplicate keys)"}, "services.hostapd.radios.<name>.networks.<name>.ssid": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "description": "SSID to be used in IEEE 802.11 management frames.", "example": {"_type": "literalExpression", "text": "\"\u2744\ufe0f cool \u2744\ufe0f\""}, "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "ssid"], "readOnly": false, "type": "string"}, "services.hostapd.radios.<name>.networks.<name>.utf8Ssid": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the SSID is to be interpreted using UTF-8 encoding.", "loc": ["services", "hostapd", "radios", "<name>", "networks", "<name>", "utf8Ssid"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.noScan": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disables scan for overlapping BSSs in HT40+/- mode.\nCaution: turning this on will likely violate regulatory requirements!\n", "loc": ["services", "hostapd", "radios", "<name>", "noScan"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.settings": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options to put at the end of global initialization, before defining BSSs.\nTo find out which options are global and which are per-bss you have to read hostapd's source code,\nwhich is non-trivial and not documented otherwise.\n\nLists will be converted to multiple definitions of the same key, and booleans to 0/1.\nOtherwise, the inputs are not modified or checked for correctness.\n", "example": {"_type": "literalExpression", "text": "{\n  acs_exclude_dfs = true;\n}"}, "loc": ["services", "hostapd", "radios", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (bool, int or string) or a list of them for duplicate keys)"}, "services.hostapd.radios.<name>.wifi4.capabilities": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"HT40\"\n  \"SHORT-GI-20\"\n  \"SHORT-GI-40\"\n]"}, "description": "HT (High Throughput) capabilities given as a list of flags.\nPlease refer to the hostapd documentation for allowed values and\nonly set values supported by your physical adapter.\n\nThe default contains common values supported by most adapters.\n", "example": {"_type": "literalExpression", "text": "[\n  \"LDPC\"\n  \"HT40+\"\n  \"HT40-\"\n  \"GF\"\n  \"SHORT-GI-20\"\n  \"SHORT-GI-40\"\n  \"TX-STBC\"\n  \"RX-STBC1\"\n]"}, "loc": ["services", "hostapd", "radios", "<name>", "wifi4", "capabilities"], "readOnly": false, "type": "list of string"}, "services.hostapd.radios.<name>.wifi4.enable": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables support for IEEE 802.11n (WiFi 4, HT).\nThis is enabled by default, since the vase majority of devices\nare expected to support this.\n", "loc": ["services", "hostapd", "radios", "<name>", "wifi4", "enable"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi4.require": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.", "loc": ["services", "hostapd", "radios", "<name>", "wifi4", "require"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi5.capabilities": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "VHT (Very High Throughput) capabilities given as a list of flags.\nPlease refer to the hostapd documentation for allowed values and\nonly set values supported by your physical adapter.\n", "example": {"_type": "literalExpression", "text": "[\n  \"SHORT-GI-80\"\n  \"TX-STBC-2BY1\"\n  \"RX-STBC-1\"\n  \"RX-ANTENNA-PATTERN\"\n  \"TX-ANTENNA-PATTERN\"\n]"}, "loc": ["services", "hostapd", "radios", "<name>", "wifi5", "capabilities"], "readOnly": false, "type": "list of string"}, "services.hostapd.radios.<name>.wifi5.enable": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables support for IEEE 802.11ac (WiFi 5, VHT)", "loc": ["services", "hostapd", "radios", "<name>", "wifi5", "enable"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi5.operatingChannelWidth": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"20or40\""}, "description": "Determines the operating channel width for VHT.\n\n- {var}`\"20or40\"`: 20 or 40 MHz operating channel width\n- {var}`\"80\"`: 80 MHz channel width\n- {var}`\"160\"`: 160 MHz channel width\n- {var}`\"80+80\"`: 80+80 MHz channel width\n", "loc": ["services", "hostapd", "radios", "<name>", "wifi5", "operatingChannelWidth"], "readOnly": false, "type": "one of \"20or40\", \"80\", \"160\", \"80+80\""}, "services.hostapd.radios.<name>.wifi5.require": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.", "loc": ["services", "hostapd", "radios", "<name>", "wifi5", "require"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi6.enable": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables support for IEEE 802.11ax (WiFi 6, HE)", "loc": ["services", "hostapd", "radios", "<name>", "wifi6", "enable"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi6.multiUserBeamformer": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "HE multi user beamformee support", "loc": ["services", "hostapd", "radios", "<name>", "wifi6", "multiUserBeamformer"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi6.operatingChannelWidth": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"20or40\""}, "description": "Determines the operating channel width for HE.\n\n- {var}`\"20or40\"`: 20 or 40 MHz operating channel width\n- {var}`\"80\"`: 80 MHz channel width\n- {var}`\"160\"`: 160 MHz channel width\n- {var}`\"80+80\"`: 80+80 MHz channel width\n", "loc": ["services", "hostapd", "radios", "<name>", "wifi6", "operatingChannelWidth"], "readOnly": false, "type": "one of \"20or40\", \"80\", \"160\", \"80+80\""}, "services.hostapd.radios.<name>.wifi6.require": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.", "loc": ["services", "hostapd", "radios", "<name>", "wifi6", "require"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi6.singleUserBeamformee": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "HE single user beamformee support", "loc": ["services", "hostapd", "radios", "<name>", "wifi6", "singleUserBeamformee"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi6.singleUserBeamformer": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "HE single user beamformer support", "loc": ["services", "hostapd", "radios", "<name>", "wifi6", "singleUserBeamformer"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi7.enable": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables support for IEEE 802.11be (WiFi 7, EHT). This is currently experimental\nand requires you to manually enable CONFIG_IEEE80211BE when building hostapd.\n", "loc": ["services", "hostapd", "radios", "<name>", "wifi7", "enable"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi7.multiUserBeamformer": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "EHT multi user beamformee support", "loc": ["services", "hostapd", "radios", "<name>", "wifi7", "multiUserBeamformer"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi7.operatingChannelWidth": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "\"20or40\""}, "description": "Determines the operating channel width for EHT.\n\n- {var}`\"20or40\"`: 20 or 40 MHz operating channel width\n- {var}`\"80\"`: 80 MHz channel width\n- {var}`\"160\"`: 160 MHz channel width\n- {var}`\"80+80\"`: 80+80 MHz channel width\n", "loc": ["services", "hostapd", "radios", "<name>", "wifi7", "operatingChannelWidth"], "readOnly": false, "type": "one of \"20or40\", \"80\", \"160\", \"80+80\""}, "services.hostapd.radios.<name>.wifi7.singleUserBeamformee": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "EHT single user beamformee support", "loc": ["services", "hostapd", "radios", "<name>", "wifi7", "singleUserBeamformee"], "readOnly": false, "type": "boolean"}, "services.hostapd.radios.<name>.wifi7.singleUserBeamformer": {"declarations": ["nixos/modules/services/networking/hostapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "EHT single user beamformer support", "loc": ["services", "hostapd", "radios", "<name>", "wifi7", "singleUserBeamformer"], "readOnly": false, "type": "boolean"}, "services.hound.enable": {"declarations": ["nixos/modules/services/search/hound.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hound.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hound", "enable"], "readOnly": false, "type": "boolean"}, "services.hound.group": {"declarations": ["nixos/modules/services/search/hound.nix"], "default": {"_type": "literalExpression", "text": "\"hound\""}, "description": "Group the hound daemon should execute under.\n", "loc": ["services", "hound", "group"], "readOnly": false, "type": "string"}, "services.hound.home": {"declarations": ["nixos/modules/services/search/hound.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hound\""}, "description": "The path to use as hound's $HOME.\nIf the default user \"hound\" is configured then this is the home of the \"hound\" user.\n", "loc": ["services", "hound", "home"], "readOnly": false, "type": "absolute path"}, "services.hound.listen": {"declarations": ["nixos/modules/services/search/hound.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:6080\""}, "description": "Listen on this [IP]:port\n", "example": {"_type": "literalExpression", "text": "\":6080\""}, "loc": ["services", "hound", "listen"], "readOnly": false, "type": "string"}, "services.hound.package": {"declarations": ["nixos/modules/services/search/hound.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hound"}, "description": "The hound package to use.", "loc": ["services", "hound", "package"], "readOnly": false, "type": "package"}, "services.hound.settings": {"declarations": ["nixos/modules/services/search/hound.nix"], "description": "The full configuration of the Hound daemon.\nSee the upstream documentation <https://github.com/hound-search/hound/blob/main/docs/config-options.md> for details.\n\n:::{.note}\nThe `dbpath` should be an absolute path to a writable directory.\n:::.com/hound-search/hound/blob/main/docs/config-options.md>.\n", "example": {"_type": "literalExpression", "text": "{\n  max-concurrent-indexers = 2;\n  repos.nixpkgs.url = \"https://www.github.com/NixOS/nixpkgs.git\";\n}\n"}, "loc": ["services", "hound", "settings"], "readOnly": false, "type": "JSON value"}, "services.hound.user": {"declarations": ["nixos/modules/services/search/hound.nix"], "default": {"_type": "literalExpression", "text": "\"hound\""}, "description": "User the hound daemon should execute under.\n", "loc": ["services", "hound", "user"], "readOnly": false, "type": "string"}, "services.howdy.control": {"declarations": ["nixos/modules/services/security/howdy"], "default": {"_type": "literalExpression", "text": "\"required\""}, "description": "PAM control flag to use for Howdy.\n\nSets the {option}`security.pam.howdy.control` option.\n\nRefer to {manpage}`pam.conf(5)` for options.\n", "loc": ["services", "howdy", "control"], "readOnly": false, "type": "string"}, "services.howdy.enable": {"declarations": ["nixos/modules/services/security/howdy"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Howdy and its PAM module for face recognition. See\n`services.linux-enable-ir-emitter` for enabling the IR emitter support.\n\n::: {.caution}\nHowdy is not a safe alternative to unlocking with your password. It\ncan be fooled using a well-printed photo.\n\nDo **not** use it as the sole authentication method for your system.\n:::\n\n::: {.note}\nBy default, the {option}`config.services.howdy.control` option is set\nto `\"required\"`, meaning it will act as a second-factor authentication\nin most services. To change this, set the option to `\"sufficient\"`.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "howdy", "enable"], "readOnly": false, "type": "boolean"}, "services.howdy.package": {"declarations": ["nixos/modules/services/security/howdy"], "default": {"_type": "literalExpression", "text": "pkgs.howdy"}, "description": "The howdy package to use.", "loc": ["services", "howdy", "package"], "readOnly": false, "type": "package"}, "services.howdy.settings": {"declarations": ["nixos/modules/services/security/howdy"], "default": {"_type": "literalExpression", "text": "{\n  core = {\n    abort_if_lid_closed = true;\n    abort_if_ssh = true;\n    detection_notice = false;\n    disabled = false;\n    no_confirmation = false;\n    suppress_unknown = false;\n    timeout_notice = true;\n    use_cnn = false;\n    workaround = \"off\";\n  };\n  debug = {\n    end_report = false;\n    gtk_stdout = false;\n    verbose_stamps = false;\n  };\n  rubberstamps = {\n    enabled = false;\n    stamp_rules = \"nod\t\t5s\t\tfailsafe     min_distance=12\";\n  };\n  snapshots = {\n    save_failed = false;\n    save_successful = false;\n  };\n  video = {\n    certainty = 3.5;\n    dark_threshold = 60;\n    device_format = \"v4l2\";\n    device_fps = -1;\n    device_path = \"/dev/video2\";\n    exposure = -1;\n    force_mjpeg = false;\n    frame_height = -1;\n    frame_width = -1;\n    max_height = 320;\n    recording_plugin = \"opencv\";\n    rotate = 0;\n    timeout = 4;\n    warn_no_device = true;\n  };\n}"}, "description": "Howdy configuration file. Refer to\n<https://github.com/boltgolt/howdy/blob/d3ab99382f88f043d15f15c1450ab69433892a1c/howdy/src/config.ini>\nfor options.\n", "loc": ["services", "howdy", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.hqplayerd.auth.password": {"declarations": ["nixos/modules/services/audio/hqplayerd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password used for HQPlayer's WebUI.\n\nWithout this you will need to manually create the credentials after\nfirst start by going to http://your.ip/8088/auth\n", "loc": ["services", "hqplayerd", "auth", "password"], "readOnly": false, "type": "null or string"}, "services.hqplayerd.auth.username": {"declarations": ["nixos/modules/services/audio/hqplayerd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username used for HQPlayer's WebUI.\n\nWithout this you will need to manually create the credentials after\nfirst start by going to http://your.ip/8088/auth\n", "loc": ["services", "hqplayerd", "auth", "username"], "readOnly": false, "type": "null or string"}, "services.hqplayerd.config": {"declarations": ["nixos/modules/services/audio/hqplayerd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml.\n\nRefer to share/doc/hqplayerd/readme.txt in the hqplayerd derivation for possible values.\n", "loc": ["services", "hqplayerd", "config"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.hqplayerd.enable": {"declarations": ["nixos/modules/services/audio/hqplayerd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HQPlayer Embedded.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hqplayerd", "enable"], "readOnly": false, "type": "boolean"}, "services.hqplayerd.licenseFile": {"declarations": ["nixos/modules/services/audio/hqplayerd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the HQPlayer license key file.\n\nWithout this, the service will run in trial mode and restart every 30\nminutes.\n", "loc": ["services", "hqplayerd", "licenseFile"], "readOnly": false, "type": "null or absolute path"}, "services.hqplayerd.openFirewall": {"declarations": ["nixos/modules/services/audio/hqplayerd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens ports needed for the WebUI and controller API.\n", "loc": ["services", "hqplayerd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.htpdate.enable": {"declarations": ["nixos/modules/services/networking/htpdate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable htpdate daemon.\n", "loc": ["services", "htpdate", "enable"], "readOnly": false, "type": "boolean"}, "services.htpdate.extraOptions": {"declarations": ["nixos/modules/services/networking/htpdate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional command line arguments to pass to htpdate.\n", "loc": ["services", "htpdate", "extraOptions"], "readOnly": false, "type": "string"}, "services.htpdate.proxy": {"declarations": ["nixos/modules/services/networking/htpdate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "HTTP proxy used for requests.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8118\""}, "loc": ["services", "htpdate", "proxy"], "readOnly": false, "type": "string"}, "services.htpdate.servers": {"declarations": ["nixos/modules/services/networking/htpdate.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"www.google.com\"\n]"}, "description": "HTTP servers to use for time synchronization.\n", "loc": ["services", "htpdate", "servers"], "readOnly": false, "type": "list of string"}, "services.httpd.adminAddr": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "httpd", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.httpd.configFile": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "confFile"}, "description": "Override the configuration file used by Apache. By default,\nNixOS generates one automatically.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"httpd.conf\" \"# my custom config file ...\""}, "loc": ["services", "httpd", "configFile"], "readOnly": false, "type": "absolute path"}, "services.httpd.customLogFormat": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Defines a custom Apache HTTPD access log format string.\n\nThis option is only consulted when `logFormat` is set to `custom`.\nThe value must be a valid Apache `LogFormat` specification and will be registered under the symbolic name `custom`.\n\nSee <https://httpd.apache.org/docs/2.4/logs.html#formats> for the formal definition of log format directives.\n", "example": {"_type": "literalExpression", "text": "\"%{X-Forwarded-For}i %l %u %t \\\\\\\"%r\\\\\\\" %>s %b\""}, "loc": ["services", "httpd", "customLogFormat"], "readOnly": false, "type": "string"}, "services.httpd.enable": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Apache HTTP Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "httpd", "enable"], "readOnly": false, "type": "boolean"}, "services.httpd.enableMellon": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the mod_auth_mellon module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "httpd", "enableMellon"], "readOnly": false, "type": "boolean"}, "services.httpd.enablePHP": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the PHP module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "httpd", "enablePHP"], "readOnly": false, "type": "boolean"}, "services.httpd.enablePerl": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Perl module (mod_perl).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "httpd", "enablePerl"], "readOnly": false, "type": "boolean"}, "services.httpd.extraConfig": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines appended to the generated Apache\nconfiguration file. Note that this mechanism will not work\nwhen {option}`configFile` is overridden.\n", "loc": ["services", "httpd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.httpd.extraModules": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional Apache modules to be used. These can be\nspecified as a string in the case of modules distributed\nwith Apache, or as an attribute set specifying the\n{var}`name` and {var}`path` of the\nmodule.\n", "example": {"_type": "literalExpression", "text": "[\n  \"proxy_connect\"\n  { name = \"jk\"; path = \"${pkgs.apacheHttpdPackages.mod_jk}/modules/mod_jk.so\"; }\n]\n"}, "loc": ["services", "httpd", "extraModules"], "readOnly": false, "type": "list of unspecified value"}, "services.httpd.group": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"wwwrun\""}, "description": "Group under which httpd children processes run.\n", "loc": ["services", "httpd", "group"], "readOnly": false, "type": "string"}, "services.httpd.logDir": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/httpd\""}, "description": "Directory for Apache's log files. It is created automatically.\n", "loc": ["services", "httpd", "logDir"], "readOnly": false, "type": "absolute path"}, "services.httpd.logFormat": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Selects the access log format written to log files.\n\nThe values `combined`, `common`, `referer`, and `agent` correspond to predefined Apache HTTPD log formats.\nSetting the value to `custom` enables the use of a user-defined format string specified via `customLogFormat`.\nThe value `none` disables access logging entirely.\n\nFurther details on Apache log formats are available at <https://httpd.apache.org/docs/2.4/logs.html>.\n", "example": {"_type": "literalExpression", "text": "\"custom\""}, "loc": ["services", "httpd", "logFormat"], "readOnly": false, "type": "one of \"combined\", \"common\", \"referer\", \"agent\", \"custom\", \"none\""}, "services.httpd.logLevel": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Controls the verbosity of the ErrorLog.\nSee <https://httpd.apache.org/docs/2.4/mod/core.html#loglevel> for more details.\n", "example": {"_type": "literalExpression", "text": "\"crit\""}, "loc": ["services", "httpd", "logLevel"], "readOnly": false, "type": "null or one of \"emerg\", \"alert\", \"crit\", \"error\", \"warn\", \"notice\", \"info\", \"debug\", \"trace1\", \"trace2\", \"trace3\", \"trace4\", \"trace5\", \"trace6\", \"trace7\", \"trace8\""}, "services.httpd.logPerVirtualHost": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, each virtual host gets its own\n{file}`access.log` and\n{file}`error.log`, namely suffixed by the\n{option}`hostName` of the virtual host.\n", "loc": ["services", "httpd", "logPerVirtualHost"], "readOnly": false, "type": "boolean"}, "services.httpd.maxClients": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "150"}, "description": "Maximum number of httpd processes (prefork)", "example": {"_type": "literalExpression", "text": "8"}, "loc": ["services", "httpd", "maxClients"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.httpd.maxRequestsPerChild": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited.\n", "example": {"_type": "literalExpression", "text": "500"}, "loc": ["services", "httpd", "maxRequestsPerChild"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.httpd.mpm": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"event\""}, "description": "Multi-processing module to be used by Apache. Available\nmodules are `prefork` (handles each\nrequest in a separate child process), `worker`\n(hybrid approach that starts a number of child processes\neach running a number of threads) and `event`\n(the default; a recent variant of `worker`\nthat handles persistent connections more efficiently).\n", "example": {"_type": "literalExpression", "text": "\"worker\""}, "loc": ["services", "httpd", "mpm"], "readOnly": false, "type": "one of \"event\", \"prefork\", \"worker\""}, "services.httpd.package": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.apacheHttpd"}, "description": "The apacheHttpd package to use.", "loc": ["services", "httpd", "package"], "readOnly": false, "type": "package"}, "services.httpd.phpOptions": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options appended to the PHP configuration file {file}`php.ini`.\n", "example": {"_type": "literalExpression", "text": "''\n  date.timezone = \"CET\"\n''"}, "loc": ["services", "httpd", "phpOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.httpd.phpPackage": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php"}, "description": "The php package to use.", "loc": ["services", "httpd", "phpPackage"], "readOnly": false, "type": "package"}, "services.httpd.sslCiphers": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"HIGH:!aNULL:!MD5:!EXP\""}, "description": "Cipher Suite available for negotiation in SSL proxy handshake.", "loc": ["services", "httpd", "sslCiphers"], "readOnly": false, "type": "string"}, "services.httpd.sslProtocols": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\""}, "description": "Allowed SSL/TLS protocol versions.", "example": {"_type": "literalExpression", "text": "\"All -SSLv2 -SSLv3\""}, "loc": ["services", "httpd", "sslProtocols"], "readOnly": false, "type": "string"}, "services.httpd.user": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"wwwrun\""}, "description": "User account under which httpd children processes run.\n\nIf you require the main httpd process to run as\n`root` add the following configuration:\n```\nsystemd.services.httpd.serviceConfig.User = lib.mkForce \"root\";\n```\n", "loc": ["services", "httpd", "user"], "readOnly": false, "type": "string"}, "services.httpd.virtualHosts": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  localhost = {\n    documentRoot = \"${package.out}/htdocs\";\n  };\n}\n"}, "description": "Specification of the virtual hosts served by Apache. Each\nelement should be an attribute set specifying the\nconfiguration of the virtual host.\n", "example": {"_type": "literalExpression", "text": "{\n  \"foo.example.com\" = {\n    forceSSL = true;\n    documentRoot = \"/var/www/foo.example.com\"\n  };\n  \"bar.example.com\" = {\n    addSSL = true;\n    documentRoot = \"/var/www/bar.example.com\";\n  };\n}\n"}, "loc": ["services", "httpd", "virtualHosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.httpd.virtualHosts.<name>.acmeRoot": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.httpd.virtualHosts.<name>.addSSL": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "addSSL"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.adminAddr": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.httpd.virtualHosts.<name>.documentRoot": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.httpd.virtualHosts.<name>.enableACME": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "enableACME"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.enableUserDir": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.httpd.virtualHosts.<name>.forceSSL": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.globalRedirect": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.httpd.virtualHosts.<name>.hostName": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "httpd", "virtualHosts", "<name>", "hostName"], "readOnly": false, "type": "string"}, "services.httpd.virtualHosts.<name>.http2": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "http2"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.listen": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.httpd.virtualHosts.<name>.listen.*.ip": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "httpd", "virtualHosts", "<name>", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.httpd.virtualHosts.<name>.listen.*.port": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "description": "Port to listen on", "loc": ["services", "httpd", "virtualHosts", "<name>", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.httpd.virtualHosts.<name>.listen.*.ssl": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "httpd", "virtualHosts", "<name>", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.listenAddresses": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.httpd.virtualHosts.<name>.locations": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.httpd.virtualHosts.<name>.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.httpd.virtualHosts.<name>.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.httpd.virtualHosts.<name>.locations.<name>.index": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.httpd.virtualHosts.<name>.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.httpd.virtualHosts.<name>.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.httpd.virtualHosts.<name>.logFormat": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "logFormat"], "readOnly": false, "type": "string"}, "services.httpd.virtualHosts.<name>.onlySSL": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.httpd.virtualHosts.<name>.robotsEntries": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.httpd.virtualHosts.<name>.servedDirs": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.httpd.virtualHosts.<name>.servedFiles": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.httpd.virtualHosts.<name>.serverAliases": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "httpd", "virtualHosts", "<name>", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.httpd.virtualHosts.<name>.sslServerCert": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.httpd.virtualHosts.<name>.sslServerChain": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.httpd.virtualHosts.<name>.sslServerKey": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "httpd", "virtualHosts", "<name>", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.httpd.virtualHosts.<name>.useACMEHost": {"declarations": ["nixos/modules/services/web-servers/apache-httpd/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "httpd", "virtualHosts", "<name>", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.https-dns-proxy.address": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address on which to listen", "loc": ["services", "https-dns-proxy", "address"], "readOnly": false, "type": "string"}, "services.https-dns-proxy.enable": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable https-dns-proxy daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "https-dns-proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.https-dns-proxy.extraArgs": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-v\"\n]"}, "description": "Additional arguments to pass to the process.", "loc": ["services", "https-dns-proxy", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.https-dns-proxy.port": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "default": {"_type": "literalExpression", "text": "5053"}, "description": "The port on which to listen", "loc": ["services", "https-dns-proxy", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.https-dns-proxy.preferIPv4": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "https_dns_proxy will by default use IPv6 and fail if it is not available.\nTo play it safe, we choose IPv4.\n", "loc": ["services", "https-dns-proxy", "preferIPv4"], "readOnly": false, "type": "boolean"}, "services.https-dns-proxy.provider.ips": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "description": "The custom provider IPs", "loc": ["services", "https-dns-proxy", "provider", "ips"], "readOnly": false, "type": "list of string"}, "services.https-dns-proxy.provider.kind": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"quad9\""}, "description": "The upstream provider to use or custom in case you do not trust any of\nthe predefined providers or just want to use your own.\n\nThe default is quad9 and there are privacy and security\ntrade-offs when using any upstream provider. Please consider that\nbefore using any of them.\n\nSupported providers: cloudflare, custom, google, opendns, quad9\n\nIf you pick the custom provider, you will need to provide the\nbootstrap IP addresses as well as the resolver https URL.\n", "loc": ["services", "https-dns-proxy", "provider", "kind"], "readOnly": false, "type": "one of \"cloudflare\", \"custom\", \"google\", \"opendns\", \"quad9\""}, "services.https-dns-proxy.provider.url": {"declarations": ["nixos/modules/services/networking/https-dns-proxy.nix"], "description": "The custom provider URL", "loc": ["services", "https-dns-proxy", "provider", "url"], "readOnly": false, "type": "string"}, "services.hydra.buildMachinesFiles": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "lib.optional (config.nix.buildMachines != []) \"/etc/nix/machines\""}, "description": "List of files containing build machines.", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/nix/machines\"\n  \"/var/lib/hydra/provisioner/machines\"\n]"}, "loc": ["services", "hydra", "buildMachinesFiles"], "readOnly": false, "type": "list of absolute path"}, "services.hydra.dbi": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "\"dbi:Pg:dbname=hydra;user=hydra;\""}, "description": "The DBI string for Hydra database connection.\n\nNOTE: Attempts to set `application_name` will be overridden by\n`hydra-TYPE` (where TYPE is e.g. `evaluator`, `queue-runner`,\netc.) in all hydra services to more easily distinguish where\nqueries are coming from.\n", "example": {"_type": "literalExpression", "text": "\"dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;\""}, "loc": ["services", "hydra", "dbi"], "readOnly": false, "type": "string"}, "services.hydra.debugServer": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the server in debug mode.", "loc": ["services", "hydra", "debugServer"], "readOnly": false, "type": "boolean"}, "services.hydra.enable": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run Hydra services.\n", "loc": ["services", "hydra", "enable"], "readOnly": false, "type": "boolean"}, "services.hydra.extraConfig": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "description": "Extra lines for the Hydra configuration.", "loc": ["services", "hydra", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.hydra.extraEnv": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for Hydra.", "loc": ["services", "hydra", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.hydra.gcRootsDir": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/var/nix/gcroots/hydra\""}, "description": "Directory that holds Hydra garbage collector roots.", "loc": ["services", "hydra", "gcRootsDir"], "readOnly": false, "type": "absolute path"}, "services.hydra.hydraURL": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "description": "The base URL for the Hydra webserver instance. Used for links in emails.\n", "loc": ["services", "hydra", "hydraURL"], "readOnly": false, "type": "string"}, "services.hydra.listenHost": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "The hostname or address to listen on or `*` to listen\non all interfaces.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "hydra", "listenHost"], "readOnly": false, "type": "string"}, "services.hydra.logo": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the logo of your Hydra instance.\n", "loc": ["services", "hydra", "logo"], "readOnly": false, "type": "null or absolute path"}, "services.hydra.maxServers": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "Maximum number of starman workers to spawn.", "loc": ["services", "hydra", "maxServers"], "readOnly": false, "type": "signed integer"}, "services.hydra.maxSpareServers": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Maximum number of spare starman workers to keep.", "loc": ["services", "hydra", "maxSpareServers"], "readOnly": false, "type": "signed integer"}, "services.hydra.minSpareServers": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Minimum number of spare starman workers to keep.", "loc": ["services", "hydra", "minSpareServers"], "readOnly": false, "type": "signed integer"}, "services.hydra.minimumDiskFree": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Threshold of minimum disk space (GiB) to determine if the queue runner should run or not.\n", "loc": ["services", "hydra", "minimumDiskFree"], "readOnly": false, "type": "signed integer"}, "services.hydra.minimumDiskFreeEvaluator": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Threshold of minimum disk space (GiB) to determine if the evaluator should run or not.\n", "loc": ["services", "hydra", "minimumDiskFreeEvaluator"], "readOnly": false, "type": "signed integer"}, "services.hydra.notificationSender": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "description": "Sender email address used for email notifications.\n", "loc": ["services", "hydra", "notificationSender"], "readOnly": false, "type": "string"}, "services.hydra.package": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hydra"}, "description": "The hydra package to use.", "loc": ["services", "hydra", "package"], "readOnly": false, "type": "package"}, "services.hydra.port": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "TCP port the web server should listen to.\n", "loc": ["services", "hydra", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.hydra.smtpHost": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname of the SMTP server to use to send email.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "hydra", "smtpHost"], "readOnly": false, "type": "null or string"}, "services.hydra.tracker": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Piece of HTML that is included on all pages.\n", "loc": ["services", "hydra", "tracker"], "readOnly": false, "type": "string"}, "services.hydra.useSubstitutes": {"declarations": ["nixos/modules/services/continuous-integration/hydra/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use binary caches for downloading store paths. Note that\nbinary substitutions trigger (a potentially large number of) additional\nHTTP requests that slow down the queue monitor thread significantly.\nAlso, this Hydra instance will serve those downloaded store paths to\nits users with its own signature attached as if it had built them\nitself, so don't enable this feature unless your active binary caches\nare absolute trustworthy.\n", "loc": ["services", "hydra", "useSubstitutes"], "readOnly": false, "type": "boolean"}, "services.hypridle.enable": {"declarations": ["nixos/modules/services/wayland/hypridle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hypridle, Hyprland's idle daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hypridle", "enable"], "readOnly": false, "type": "boolean"}, "services.hypridle.package": {"declarations": ["nixos/modules/services/wayland/hypridle.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hypridle"}, "description": "The hypridle package to use.", "loc": ["services", "hypridle", "package"], "readOnly": false, "type": "package"}, "services.i2p.enable": {"declarations": ["nixos/modules/services/networking/i2p.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable I2P router.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2p", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your external IP or hostname.\n", "loc": ["services", "i2pd", "address"], "readOnly": false, "type": "null or string"}, "services.i2pd.addressbook.defaulturl": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt\""}, "description": "AddressBook subscription URL for initial setup\n", "loc": ["services", "i2pd", "addressbook", "defaulturl"], "readOnly": false, "type": "string"}, "services.i2pd.addressbook.subscriptions": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://inr.i2p/export/alive-hosts.txt\"\n  \"http://i2p-projekt.i2p/hosts.txt\"\n  \"http://stats.i2p/cgi-bin/newhosts.txt\"\n]"}, "description": "AddressBook subscription URLs\n", "loc": ["services", "i2pd", "addressbook", "subscriptions"], "readOnly": false, "type": "list of string"}, "services.i2pd.bandwidth": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set a router bandwidth limit integer in KBps.\nIf not set, {command}`i2pd` defaults to 32KBps.\n", "loc": ["services", "i2pd", "bandwidth"], "readOnly": false, "type": "null or signed integer"}, "services.i2pd.dataDir": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alternative path to storage of i2pd data (RI, keys, peer profiles, ...)\n", "loc": ["services", "i2pd", "dataDir"], "readOnly": false, "type": "null or string"}, "services.i2pd.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables I2Pd as a running service upon activation.\nPlease read <https://i2pd.readthedocs.io/en/latest/> for further\nconfiguration help.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.enableIPv4": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable IPv4 connectivity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "enableIPv4"], "readOnly": false, "type": "boolean"}, "services.i2pd.enableIPv6": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IPv6 connectivity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "enableIPv6"], "readOnly": false, "type": "boolean"}, "services.i2pd.exploratory.inbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for exploratory tunnels.", "loc": ["services", "i2pd", "exploratory", "inbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.exploratory.inbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous exploratory tunnels.", "loc": ["services", "i2pd", "exploratory", "inbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.exploratory.outbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for exploratory tunnels.", "loc": ["services", "i2pd", "exploratory", "outbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.exploratory.outbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous exploratory tunnels.", "loc": ["services", "i2pd", "exploratory", "outbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.family": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a family the router belongs to.\n", "loc": ["services", "i2pd", "family"], "readOnly": false, "type": "null or string"}, "services.i2pd.floodfill": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes your router a floodfill, that means what other routers will\npublish and get LeaseSets and RouterInfos on your router.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "floodfill"], "readOnly": false, "type": "boolean"}, "services.i2pd.ifname": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Network interface to bind to.\n", "loc": ["services", "i2pd", "ifname"], "readOnly": false, "type": "null or string"}, "services.i2pd.ifname4": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4 interface to bind to.\n", "loc": ["services", "i2pd", "ifname4"], "readOnly": false, "type": "null or string"}, "services.i2pd.ifname6": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv6 interface to bind to.\n", "loc": ["services", "i2pd", "ifname6"], "readOnly": false, "type": "null or string"}, "services.i2pd.inTunnels": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Serve something on I2P network at port and delegate requests to address inPort.\n", "loc": ["services", "i2pd", "inTunnels"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.i2pd.inTunnels.<name>.accessList": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "I2P nodes that are allowed to connect to this service.", "loc": ["services", "i2pd", "inTunnels", "<name>", "accessList"], "readOnly": false, "type": "list of string"}, "services.i2pd.inTunnels.<name>.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for \u2039name\u203a endpoint.", "loc": ["services", "i2pd", "inTunnels", "<name>", "address"], "readOnly": false, "type": "string"}, "services.i2pd.inTunnels.<name>.crypto.tagsToSend": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "40"}, "description": "Number of ElGamal/AES tags to send.", "loc": ["services", "i2pd", "inTunnels", "<name>", "crypto", "tagsToSend"], "readOnly": false, "type": "signed integer"}, "services.i2pd.inTunnels.<name>.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable \u2039name\u203a.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "inTunnels", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.inTunnels.<name>.inPort": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Service port. Default to the tunnel's listen port.", "loc": ["services", "i2pd", "inTunnels", "<name>", "inPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.inTunnels.<name>.inbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "inTunnels", "<name>", "inbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.inTunnels.<name>.inbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "inTunnels", "<name>", "inbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.inTunnels.<name>.keys": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a-keys.dat\""}, "description": "Keyset used for tunnel identity.", "loc": ["services", "i2pd", "inTunnels", "<name>", "keys"], "readOnly": false, "type": "string"}, "services.i2pd.inTunnels.<name>.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "inTunnels", "<name>", "name"], "readOnly": false, "type": "string"}, "services.i2pd.inTunnels.<name>.outbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "inTunnels", "<name>", "outbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.inTunnels.<name>.outbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "inTunnels", "<name>", "outbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.inTunnels.<name>.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Bind port for \u2039name\u203a endpoint.", "loc": ["services", "i2pd", "inTunnels", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.inTunnels.<name>.type": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"server\""}, "description": "Tunnel type.", "loc": ["services", "i2pd", "inTunnels", "<name>", "type"], "readOnly": false, "type": "one of \"server\", \"http\", \"irc\", \"udpserver\""}, "services.i2pd.limits.coreSize": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum size of corefile in Kb (0 - use system limit).\n", "loc": ["services", "i2pd", "limits", "coreSize"], "readOnly": false, "type": "signed integer"}, "services.i2pd.limits.ntcpHard": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of active transit sessions.\n", "loc": ["services", "i2pd", "limits", "ntcpHard"], "readOnly": false, "type": "signed integer"}, "services.i2pd.limits.ntcpSoft": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Threshold to start probabalistic backoff with ntcp sessions (default: use system limit).\n", "loc": ["services", "i2pd", "limits", "ntcpSoft"], "readOnly": false, "type": "signed integer"}, "services.i2pd.limits.ntcpThreads": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Maximum number of threads used by NTCP DH worker.\n", "loc": ["services", "i2pd", "limits", "ntcpThreads"], "readOnly": false, "type": "signed integer"}, "services.i2pd.limits.openFiles": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of open files (0 - use system default).\n", "loc": ["services", "i2pd", "limits", "openFiles"], "readOnly": false, "type": "signed integer"}, "services.i2pd.limits.transittunnels": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "2500"}, "description": "Maximum number of active transit sessions.\n", "loc": ["services", "i2pd", "limits", "transittunnels"], "readOnly": false, "type": "signed integer"}, "services.i2pd.logCLFTime": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable full CLF-formatted date and time to log.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "logCLFTime"], "readOnly": false, "type": "boolean"}, "services.i2pd.logLevel": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"error\""}, "description": "The log level. {command}`i2pd` defaults to \"info\"\nbut that generates copious amounts of log messages.\n\nWe default to \"error\" which is similar to the default log\nlevel of {command}`tor`.\n", "loc": ["services", "i2pd", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.i2pd.nat": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable NAT bypass.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "nat"], "readOnly": false, "type": "boolean"}, "services.i2pd.netid": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "I2P overlay netid.\n", "loc": ["services", "i2pd", "netid"], "readOnly": false, "type": "signed integer"}, "services.i2pd.notransit": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Tells the router to not accept transit tunnels during startup.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "notransit"], "readOnly": false, "type": "boolean"}, "services.i2pd.ntcp": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable ntcp.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "ntcp"], "readOnly": false, "type": "boolean"}, "services.i2pd.ntcp2.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable NTCP2.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "ntcp2", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.ntcp2.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Port to listen for incoming NTCP2 connections (0=auto).\n", "loc": ["services", "i2pd", "ntcp2", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.ntcp2.published": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NTCP2 publication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "ntcp2", "published"], "readOnly": false, "type": "boolean"}, "services.i2pd.ntcpProxy": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Proxy URL for NTCP transport.\n", "loc": ["services", "i2pd", "ntcpProxy"], "readOnly": false, "type": "null or string"}, "services.i2pd.outTunnels": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Connect to someone as a client and establish a local accept endpoint\n", "loc": ["services", "i2pd", "outTunnels"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.i2pd.outTunnels.<name>.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for \u2039name\u203a endpoint.", "loc": ["services", "i2pd", "outTunnels", "<name>", "address"], "readOnly": false, "type": "string"}, "services.i2pd.outTunnels.<name>.crypto.tagsToSend": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "40"}, "description": "Number of ElGamal/AES tags to send.", "loc": ["services", "i2pd", "outTunnels", "<name>", "crypto", "tagsToSend"], "readOnly": false, "type": "signed integer"}, "services.i2pd.outTunnels.<name>.destination": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "description": "Remote endpoint, I2P hostname or b32.i2p address.", "loc": ["services", "i2pd", "outTunnels", "<name>", "destination"], "readOnly": false, "type": "string"}, "services.i2pd.outTunnels.<name>.destinationPort": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Connect to particular port at destination.", "loc": ["services", "i2pd", "outTunnels", "<name>", "destinationPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.outTunnels.<name>.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable \u2039name\u203a.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "outTunnels", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.outTunnels.<name>.inbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "outTunnels", "<name>", "inbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.outTunnels.<name>.inbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "outTunnels", "<name>", "inbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.outTunnels.<name>.keys": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a-keys.dat\""}, "description": "Keyset used for tunnel identity.", "loc": ["services", "i2pd", "outTunnels", "<name>", "keys"], "readOnly": false, "type": "string"}, "services.i2pd.outTunnels.<name>.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "outTunnels", "<name>", "name"], "readOnly": false, "type": "string"}, "services.i2pd.outTunnels.<name>.outbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "outTunnels", "<name>", "outbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.outTunnels.<name>.outbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous \u2039name\u203a tunnels.", "loc": ["services", "i2pd", "outTunnels", "<name>", "outbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.outTunnels.<name>.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Bind port for \u2039name\u203a endpoint.", "loc": ["services", "i2pd", "outTunnels", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.outTunnels.<name>.type": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"client\""}, "description": "Tunnel type.", "loc": ["services", "i2pd", "outTunnels", "<name>", "type"], "readOnly": false, "type": "one of \"client\", \"udpclient\""}, "services.i2pd.package": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.i2pd"}, "description": "The i2pd package to use.", "loc": ["services", "i2pd", "package"], "readOnly": false, "type": "package"}, "services.i2pd.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "I2P listen port. If no one is given the router will pick between 9111 and 30777.\n", "loc": ["services", "i2pd", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.precomputation.elgamal": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whenever to use precomputated tables for ElGamal.\n{command}`i2pd` defaults to `false`\nto save 64M of memory (and looses some performance).\n\nWe default to `true` as that is what most\nusers want anyway.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "precomputation", "elgamal"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.bob.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for bob endpoint.", "loc": ["services", "i2pd", "proto", "bob", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.bob.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bob.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "bob", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.bob.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"bob\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "bob", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.bob.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "2827"}, "description": "Bind port for bob endpoint.", "loc": ["services", "i2pd", "proto", "bob", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.http.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for http endpoint.", "loc": ["services", "i2pd", "proto", "http", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.http.auth": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable webconsole authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "http", "auth"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.http.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable http.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "http", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.http.hostname": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Expected hostname for WebUI.\n", "loc": ["services", "i2pd", "proto", "http", "hostname"], "readOnly": false, "type": "null or string"}, "services.i2pd.proto.http.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "http", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.http.pass": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"i2pd\""}, "description": "Password for webconsole access.\n", "loc": ["services", "i2pd", "proto", "http", "pass"], "readOnly": false, "type": "string"}, "services.i2pd.proto.http.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "7070"}, "description": "Bind port for http endpoint.", "loc": ["services", "i2pd", "proto", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.http.strictHeaders": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable strict host checking on WebUI.\n", "loc": ["services", "i2pd", "proto", "http", "strictHeaders"], "readOnly": false, "type": "null or boolean"}, "services.i2pd.proto.http.user": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"i2pd\""}, "description": "Username for webconsole access\n", "loc": ["services", "i2pd", "proto", "http", "user"], "readOnly": false, "type": "string"}, "services.i2pd.proto.httpProxy.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for httpproxy endpoint.", "loc": ["services", "i2pd", "proto", "httpProxy", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.httpProxy.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable httpproxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "httpProxy", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.httpProxy.inbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for httpproxy tunnels.", "loc": ["services", "i2pd", "proto", "httpProxy", "inbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.httpProxy.inbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous httpproxy tunnels.", "loc": ["services", "i2pd", "proto", "httpProxy", "inbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.httpProxy.keys": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"httpproxy-keys.dat\""}, "description": "File to persist HTTPPROXY keys.\n", "loc": ["services", "i2pd", "proto", "httpProxy", "keys"], "readOnly": false, "type": "null or string"}, "services.i2pd.proto.httpProxy.latency.max": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Max latency for tunnels.", "loc": ["services", "i2pd", "proto", "httpProxy", "latency", "max"], "readOnly": false, "type": "null or signed integer"}, "services.i2pd.proto.httpProxy.latency.min": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Min latency for tunnels.", "loc": ["services", "i2pd", "proto", "httpProxy", "latency", "min"], "readOnly": false, "type": "null or signed integer"}, "services.i2pd.proto.httpProxy.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"httpproxy\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "httpProxy", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.httpProxy.outbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for httpproxy tunnels.", "loc": ["services", "i2pd", "proto", "httpProxy", "outbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.httpProxy.outbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous httpproxy tunnels.", "loc": ["services", "i2pd", "proto", "httpProxy", "outbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.httpProxy.outproxy": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Upstream outproxy bind address.", "loc": ["services", "i2pd", "proto", "httpProxy", "outproxy"], "readOnly": false, "type": "null or string"}, "services.i2pd.proto.httpProxy.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "4444"}, "description": "Bind port for httpproxy endpoint.", "loc": ["services", "i2pd", "proto", "httpProxy", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.i2cp.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for i2cp endpoint.", "loc": ["services", "i2pd", "proto", "i2cp", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.i2cp.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable i2cp.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "i2cp", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.i2cp.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"i2cp\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "i2cp", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.i2cp.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "7654"}, "description": "Bind port for i2cp endpoint.", "loc": ["services", "i2pd", "proto", "i2cp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.i2pControl.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for i2pcontrol endpoint.", "loc": ["services", "i2pd", "proto", "i2pControl", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.i2pControl.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable i2pcontrol.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "i2pControl", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.i2pControl.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"i2pcontrol\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "i2pControl", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.i2pControl.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "7650"}, "description": "Bind port for i2pcontrol endpoint.", "loc": ["services", "i2pd", "proto", "i2pControl", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.sam.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for sam endpoint.", "loc": ["services", "i2pd", "proto", "sam", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.sam.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sam.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "sam", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.sam.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"sam\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "sam", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.sam.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "7656"}, "description": "Bind port for sam endpoint.", "loc": ["services", "i2pd", "proto", "sam", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.socksProxy.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for socksproxy endpoint.", "loc": ["services", "i2pd", "proto", "socksProxy", "address"], "readOnly": false, "type": "string"}, "services.i2pd.proto.socksProxy.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable socksproxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "socksProxy", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.socksProxy.inbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for socksproxy tunnels.", "loc": ["services", "i2pd", "proto", "socksProxy", "inbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.socksProxy.inbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous socksproxy tunnels.", "loc": ["services", "i2pd", "proto", "socksProxy", "inbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.socksProxy.keys": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"socksproxy-keys.dat\""}, "description": "File to persist SOCKSPROXY keys.\n", "loc": ["services", "i2pd", "proto", "socksProxy", "keys"], "readOnly": false, "type": "null or string"}, "services.i2pd.proto.socksProxy.latency.max": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Max latency for tunnels.", "loc": ["services", "i2pd", "proto", "socksProxy", "latency", "max"], "readOnly": false, "type": "null or signed integer"}, "services.i2pd.proto.socksProxy.latency.min": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Min latency for tunnels.", "loc": ["services", "i2pd", "proto", "socksProxy", "latency", "min"], "readOnly": false, "type": "null or signed integer"}, "services.i2pd.proto.socksProxy.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"socksproxy\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "proto", "socksProxy", "name"], "readOnly": false, "type": "string"}, "services.i2pd.proto.socksProxy.outbound.length": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Guaranteed minimum hops for socksproxy tunnels.", "loc": ["services", "i2pd", "proto", "socksProxy", "outbound", "length"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.socksProxy.outbound.quantity": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of simultaneous socksproxy tunnels.", "loc": ["services", "i2pd", "proto", "socksProxy", "outbound", "quantity"], "readOnly": false, "type": "signed integer"}, "services.i2pd.proto.socksProxy.outproxy": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Upstream outproxy bind address.", "loc": ["services", "i2pd", "proto", "socksProxy", "outproxy"], "readOnly": false, "type": "string"}, "services.i2pd.proto.socksProxy.outproxyEnable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SOCKS outproxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "proto", "socksProxy", "outproxyEnable"], "readOnly": false, "type": "boolean"}, "services.i2pd.proto.socksProxy.outproxyPort": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "4444"}, "description": "Upstream outproxy bind port.", "loc": ["services", "i2pd", "proto", "socksProxy", "outproxyPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.proto.socksProxy.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "4447"}, "description": "Bind port for socksproxy endpoint.", "loc": ["services", "i2pd", "proto", "socksProxy", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.reseed.file": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Full path to SU3 file to reseed from.\n", "loc": ["services", "i2pd", "reseed", "file"], "readOnly": false, "type": "null or string"}, "services.i2pd.reseed.floodfill": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to router info of floodfill to reseed from.\n", "loc": ["services", "i2pd", "reseed", "floodfill"], "readOnly": false, "type": "null or string"}, "services.i2pd.reseed.proxy": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL for reseed proxy, supports http/socks.\n", "loc": ["services", "i2pd", "reseed", "proxy"], "readOnly": false, "type": "null or string"}, "services.i2pd.reseed.urls": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Reseed URLs.\n", "loc": ["services", "i2pd", "reseed", "urls"], "readOnly": false, "type": "list of string"}, "services.i2pd.reseed.verify": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SU3 signature verification.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "reseed", "verify"], "readOnly": false, "type": "boolean"}, "services.i2pd.reseed.zipfile": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to local .zip file to reseed from.\n", "loc": ["services", "i2pd", "reseed", "zipfile"], "readOnly": false, "type": "null or string"}, "services.i2pd.share": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Limit of transit traffic from max bandwidth in percents.\n", "loc": ["services", "i2pd", "share"], "readOnly": false, "type": "signed integer"}, "services.i2pd.ssu": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable ssu.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "ssu"], "readOnly": false, "type": "boolean"}, "services.i2pd.ssu2.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable SSU2.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "ssu2", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.ssu2.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Port to listen for incoming SSU2 connections (0=auto).\n", "loc": ["services", "i2pd", "ssu2", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.ssu2.published": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSU2 publication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "ssu2", "published"], "readOnly": false, "type": "boolean"}, "services.i2pd.trust.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable explicit trust options.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "trust", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.trust.family": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Router Family to trust for first hops.\n", "loc": ["services", "i2pd", "trust", "family"], "readOnly": false, "type": "null or string"}, "services.i2pd.trust.hidden": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable router concealment.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "trust", "hidden"], "readOnly": false, "type": "boolean"}, "services.i2pd.trust.routers": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Only connect to the listed routers.\n", "loc": ["services", "i2pd", "trust", "routers"], "readOnly": false, "type": "list of string"}, "services.i2pd.upnp.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable UPnP service discovery.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "upnp", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.upnp.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"I2Pd\""}, "description": "Name i2pd appears in UPnP forwardings list.\n", "loc": ["services", "i2pd", "upnp", "name"], "readOnly": false, "type": "string"}, "services.i2pd.websocket.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address for websockets endpoint.", "loc": ["services", "i2pd", "websocket", "address"], "readOnly": false, "type": "string"}, "services.i2pd.websocket.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable websockets.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "websocket", "enable"], "readOnly": false, "type": "boolean"}, "services.i2pd.websocket.name": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "\"websockets\""}, "description": "The endpoint name.", "loc": ["services", "i2pd", "websocket", "name"], "readOnly": false, "type": "string"}, "services.i2pd.websocket.port": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "7666"}, "description": "Bind port for websockets endpoint.", "loc": ["services", "i2pd", "websocket", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.i2pd.yggdrasil.address": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your local yggdrasil address. Specify it if you want to bind your router to a\nparticular address.\n", "loc": ["services", "i2pd", "yggdrasil", "address"], "readOnly": false, "type": "null or string"}, "services.i2pd.yggdrasil.enable": {"declarations": ["nixos/modules/services/networking/i2pd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Yggdrasil.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "i2pd", "yggdrasil", "enable"], "readOnly": false, "type": "boolean"}, "services.icecast.admin.password": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "description": "Password used for all administration functions.", "loc": ["services", "icecast", "admin", "password"], "readOnly": false, "type": "string"}, "services.icecast.admin.user": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Username used for all administration functions.", "loc": ["services", "icecast", "admin", "user"], "readOnly": false, "type": "string"}, "services.icecast.enable": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Icecast server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icecast", "enable"], "readOnly": false, "type": "boolean"}, "services.icecast.extraConfig": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration added to {file}`icecast.xml` inside the `<icecast>` element.\n", "loc": ["services", "icecast", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.icecast.hostname": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "default": {"_type": "literalExpression", "text": "config.networking.domain"}, "description": "DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided.", "loc": ["services", "icecast", "hostname"], "readOnly": false, "type": "null or string"}, "services.icecast.listen.address": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "Address Icecast will listen on.", "loc": ["services", "icecast", "listen", "address"], "readOnly": false, "type": "string"}, "services.icecast.listen.port": {"declarations": ["nixos/modules/services/audio/icecast.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "TCP port that will be used to accept client connections.", "loc": ["services", "icecast", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.icecream.daemon.cacheLimit": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "256"}, "description": "Maximum size in Megabytes of cache used to store compile environments of compile clients.\n", "loc": ["services", "icecream", "daemon", "cacheLimit"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.icecream.daemon.enable": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Icecream Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icecream", "daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.icecream.daemon.extraArgs": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line parameters.", "example": {"_type": "literalExpression", "text": "[\n  \"-v\"\n]"}, "loc": ["services", "icecream", "daemon", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.icecream.daemon.hostname": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname of the daemon in the icecream infrastructure.\n\nUses the hostname retrieved via uname if set to null.\n", "loc": ["services", "icecream", "daemon", "hostname"], "readOnly": false, "type": "null or string"}, "services.icecream.daemon.maxProcesses": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of compile jobs started in parallel for this daemon.\n\nUses the number of CPUs if set to null.\n", "loc": ["services", "icecream", "daemon", "maxProcesses"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.icecream.daemon.netName": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "\"ICECREAM\""}, "description": "Network name to connect to. A scheduler with the same name needs to be running.\n", "loc": ["services", "icecream", "daemon", "netName"], "readOnly": false, "type": "string"}, "services.icecream.daemon.nice": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The level of niceness to use.\n", "loc": ["services", "icecream", "daemon", "nice"], "readOnly": false, "type": "integer between -20 and 19 (both inclusive)"}, "services.icecream.daemon.noRemote": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Prevent jobs from other nodes being scheduled on this daemon.\n", "loc": ["services", "icecream", "daemon", "noRemote"], "readOnly": false, "type": "boolean"}, "services.icecream.daemon.openBroadcast": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "description": "Whether to automatically open the firewall for scheduler discovery.\n", "loc": ["services", "icecream", "daemon", "openBroadcast"], "readOnly": false, "type": "boolean"}, "services.icecream.daemon.openFirewall": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "description": "Whether to automatically open receive port in the firewall.\n", "loc": ["services", "icecream", "daemon", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.icecream.daemon.package": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.icecream"}, "description": "The icecream package to use.", "loc": ["services", "icecream", "daemon", "package"], "readOnly": false, "type": "package"}, "services.icecream.daemon.schedulerHost": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Explicit scheduler hostname, useful in firewalled environments.\n\nUses scheduler autodiscovery via broadcast if set to null.\n", "loc": ["services", "icecream", "daemon", "schedulerHost"], "readOnly": false, "type": "null or string"}, "services.icecream.daemon.user": {"declarations": ["nixos/modules/services/networking/icecream/daemon.nix"], "default": {"_type": "literalExpression", "text": "\"icecc\""}, "description": "User to run the icecream daemon as. Set to root to enable receive of\nremote compile environments.\n", "loc": ["services", "icecream", "daemon", "user"], "readOnly": false, "type": "string"}, "services.icecream.scheduler.enable": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Icecream Scheduler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icecream", "scheduler", "enable"], "readOnly": false, "type": "boolean"}, "services.icecream.scheduler.extraArgs": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line parameters", "example": {"_type": "literalExpression", "text": "[\n  \"-v\"\n]"}, "loc": ["services", "icecream", "scheduler", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.icecream.scheduler.netName": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Network name for the icecream scheduler.\n\nUses the default ICECREAM if null.\n", "loc": ["services", "icecream", "scheduler", "netName"], "readOnly": false, "type": "null or string"}, "services.icecream.scheduler.openFirewall": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "description": "Whether to automatically open the daemon port in the firewall.\n", "loc": ["services", "icecream", "scheduler", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.icecream.scheduler.openTelnet": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the telnet TCP port on 8766.\n", "loc": ["services", "icecream", "scheduler", "openTelnet"], "readOnly": false, "type": "boolean"}, "services.icecream.scheduler.package": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "pkgs.icecream"}, "description": "The icecream package to use.", "loc": ["services", "icecream", "scheduler", "package"], "readOnly": false, "type": "package"}, "services.icecream.scheduler.persistentClientConnection": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to prevent clients from connecting to a better scheduler.\n", "loc": ["services", "icecream", "scheduler", "persistentClientConnection"], "readOnly": false, "type": "boolean"}, "services.icecream.scheduler.port": {"declarations": ["nixos/modules/services/networking/icecream/scheduler.nix"], "default": {"_type": "literalExpression", "text": "8765"}, "description": "Server port to listen for icecream daemon requests.\n", "loc": ["services", "icecream", "scheduler", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.icingaweb2.authentications": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "authentication.ini contents.\nWill automatically be converted to a .ini file.\n\nIf the value is null, no authentication.ini is created and you can\nmodify it manually (e.g. via the web interface).\n", "example": {"_type": "literalExpression", "text": "{\n  icingaweb = {\n    backend = \"db\";\n    resource = \"icingaweb_db\";\n  };\n}"}, "loc": ["services", "icingaweb2", "authentications"], "readOnly": false, "type": "null or (attribute set)"}, "services.icingaweb2.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the icingaweb2 web interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icingaweb2", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.generalConfig": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "config.ini contents.\nWill automatically be converted to a .ini file.\nIf you don't set global.module_path, the module will take care of it.\n\nIf the value is null, no config.ini is created and you can\nmodify it manually (e.g. via the web interface).\nNote that you need to update module_path manually.\n", "example": {"_type": "literalExpression", "text": "{\n  general = {\n    config_resource = \"icingaweb_db\";\n    showStacktraces = 1;\n  };\n  logging = {\n    level = \"CRITICAL\";\n    log = \"syslog\";\n  };\n}"}, "loc": ["services", "icingaweb2", "generalConfig"], "readOnly": false, "type": "null or (attribute set)"}, "services.icingaweb2.groupBackends": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "groups.ini contents.\nWill automatically be converted to a .ini file.\n\nIf the value is null, no groups.ini is created and you can\nmodify it manually (e.g. via the web interface).\n", "example": {"_type": "literalExpression", "text": "{\n  icingaweb = {\n    backend = \"db\";\n    resource = \"icingaweb_db\";\n  };\n}"}, "loc": ["services", "icingaweb2", "groupBackends"], "readOnly": false, "type": "null or (attribute set)"}, "services.icingaweb2.libraryPaths": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Libraries to add to the Icingaweb2 library path.\nThe name of the attribute is the name of the library, the value\nis the package to add.\n", "loc": ["services", "icingaweb2", "libraryPaths"], "readOnly": false, "type": "attribute set of package"}, "services.icingaweb2.modulePackages": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Name-package attrset of Icingaweb 2 modules packages to enable.\n\nIf you enable modules manually (e.g. via the web ui), they will not be touched.\n", "example": {"_type": "literalExpression", "text": "{\n  \"snow\" = icingaweb2Modules.theme-snow;\n}\n"}, "loc": ["services", "icingaweb2", "modulePackages"], "readOnly": false, "type": "attribute set of package"}, "services.icingaweb2.modules.doc.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the icingaweb2 doc module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icingaweb2", "modules", "doc", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.migrate.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the icingaweb2 migrate module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icingaweb2", "modules", "migrate", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.monitoring.backends": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "{\n  icinga = {\n    resource = \"icinga_ido\";\n  };\n}"}, "description": "Monitoring backends to define", "loc": ["services", "icingaweb2", "modules", "monitoring", "backends"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.icingaweb2.modules.monitoring.backends.<name>.disabled": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable this backend", "loc": ["services", "icingaweb2", "modules", "monitoring", "backends", "<name>", "disabled"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.monitoring.backends.<name>.resource": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "description": "Name of the IDO resource", "loc": ["services", "icingaweb2", "modules", "monitoring", "backends", "<name>", "resource"], "readOnly": false, "type": "string"}, "services.icingaweb2.modules.monitoring.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the icingaweb2 monitoring module.", "loc": ["services", "icingaweb2", "modules", "monitoring", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.monitoring.generalConfig.mutable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make config.ini of the monitoring module mutable (e.g. via the web interface).", "loc": ["services", "icingaweb2", "modules", "monitoring", "generalConfig", "mutable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.monitoring.generalConfig.protectedVars": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*pw*\"\n  \"*pass*\"\n  \"community\"\n]"}, "description": "List of string patterns for custom variables which should be excluded from user\u2019s view.", "loc": ["services", "icingaweb2", "modules", "monitoring", "generalConfig", "protectedVars"], "readOnly": false, "type": "list of string"}, "services.icingaweb2.modules.monitoring.mutableBackends": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make backends.ini of the monitoring module mutable (e.g. via the web interface).", "loc": ["services", "icingaweb2", "modules", "monitoring", "mutableBackends"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.monitoring.mutableTransports": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface).", "loc": ["services", "icingaweb2", "modules", "monitoring", "mutableTransports"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.monitoring.transports": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Command transports to define", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.icingaweb2.modules.monitoring.transports.<name>.host": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "description": "Host for the api or remote transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "host"], "readOnly": false, "type": "string"}, "services.icingaweb2.modules.monitoring.transports.<name>.instance": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Assign a icinga instance to this transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "instance"], "readOnly": false, "type": "null or string"}, "services.icingaweb2.modules.monitoring.transports.<name>.password": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "description": "Password for the api transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "password"], "readOnly": false, "type": "string"}, "services.icingaweb2.modules.monitoring.transports.<name>.path": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "description": "Path to the socket for local or remote transports", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "path"], "readOnly": false, "type": "string"}, "services.icingaweb2.modules.monitoring.transports.<name>.port": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port to connect to for the api or remote transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "port"], "readOnly": false, "type": "null or string"}, "services.icingaweb2.modules.monitoring.transports.<name>.resource": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "description": "SSH identity resource for the remote transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "resource"], "readOnly": false, "type": "string"}, "services.icingaweb2.modules.monitoring.transports.<name>.type": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "default": {"_type": "literalExpression", "text": "\"api\""}, "description": "Type of  this transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "type"], "readOnly": false, "type": "one of \"api\", \"local\", \"remote\""}, "services.icingaweb2.modules.monitoring.transports.<name>.username": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix"], "description": "Username for the api or remote transport", "loc": ["services", "icingaweb2", "modules", "monitoring", "transports", "<name>", "username"], "readOnly": false, "type": "string"}, "services.icingaweb2.modules.setup.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the icingaweb2 setup module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icingaweb2", "modules", "setup", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.test.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the icingaweb2 test module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icingaweb2", "modules", "test", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.modules.translation.enable": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the icingaweb2 translation module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "icingaweb2", "modules", "translation", "enable"], "readOnly": false, "type": "boolean"}, "services.icingaweb2.pool": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "\"icingaweb2\""}, "description": "Name of existing PHP-FPM pool that is used to run Icingaweb2.\nIf not specified, a pool will automatically created with default values.\n", "loc": ["services", "icingaweb2", "pool"], "readOnly": false, "type": "string"}, "services.icingaweb2.resources": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "resources.ini contents.\nWill automatically be converted to a .ini file.\n\nIf the value is null, no resources.ini is created and you can\nmodify it manually (e.g. via the web interface).\nNote that if you set passwords here, they will go into the nix store.\n", "example": {"_type": "literalExpression", "text": "{\n  icingaweb_db = {\n    db = \"mysql\";\n    dbname = \"icingaweb2\";\n    host = \"localhost\";\n    password = \"icingaweb2\";\n    type = \"db\";\n    username = \"icingaweb2\";\n  };\n}"}, "loc": ["services", "icingaweb2", "resources"], "readOnly": false, "type": "null or (attribute set)"}, "services.icingaweb2.roles": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "roles.ini contents.\nWill automatically be converted to a .ini file.\n\nIf the value is null, no roles.ini is created and you can\nmodify it manually (e.g. via the web interface).\n", "example": {"_type": "literalExpression", "text": "{\n  Administrators = {\n    permissions = \"*\";\n    users = \"admin\";\n  };\n}"}, "loc": ["services", "icingaweb2", "roles"], "readOnly": false, "type": "null or (attribute set)"}, "services.icingaweb2.timezone": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "\"UTC\""}, "description": "PHP-compliant timezone specification", "example": {"_type": "literalExpression", "text": "\"Europe/Berlin\""}, "loc": ["services", "icingaweb2", "timezone"], "readOnly": false, "type": "string"}, "services.icingaweb2.virtualHost": {"declarations": ["nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix"], "default": {"_type": "literalExpression", "text": "\"icingaweb2\""}, "description": "Name of the nginx virtualhost to use and setup. If null, no virtualhost is set up.\n", "loc": ["services", "icingaweb2", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.ifm.dataDir": {"declarations": ["nixos/modules/services/web-apps/ifm.nix"], "description": "Directory to serve throught the file managing service", "loc": ["services", "ifm", "dataDir"], "readOnly": false, "type": "string"}, "services.ifm.enable": {"declarations": ["nixos/modules/services/web-apps/ifm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Improved file manager, a single-file web-based filemanager\n\nLightweight and minimal, served using PHP's built-in server\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ifm", "enable"], "readOnly": false, "type": "boolean"}, "services.ifm.listenAddress": {"declarations": ["nixos/modules/services/web-apps/ifm.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address on which the service is listening", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "ifm", "listenAddress"], "readOnly": false, "type": "string"}, "services.ifm.port": {"declarations": ["nixos/modules/services/web-apps/ifm.nix"], "default": {"_type": "literalExpression", "text": "9090"}, "description": "Port on which to serve the IFM service", "loc": ["services", "ifm", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ifm.settings": {"declarations": ["nixos/modules/services/web-apps/ifm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of the IFM service.\n\nSee [the documentation](https://github.com/misterunknown/ifm/wiki/Configuration)\nfor available options and default values.\n", "example": {"_type": "literalExpression", "text": "{\n  IFM_GUI_SHOWPATH = 0;\n}"}, "loc": ["services", "ifm", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.ihaskell.enable": {"declarations": ["nixos/modules/services/misc/ihaskell.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Autostart an IHaskell notebook service.", "loc": ["services", "ihaskell", "enable"], "readOnly": false, "type": "boolean"}, "services.ihaskell.extraPackages": {"declarations": ["nixos/modules/services/misc/ihaskell.nix"], "default": {"_type": "literalExpression", "text": "haskellPackages: []"}, "description": "Extra packages available to ghc when running ihaskell. The\nvalue must be a function which receives the attrset defined\nin {var}`haskellPackages` as the sole argument.\n", "example": {"_type": "literalExpression", "text": "haskellPackages: [\n  haskellPackages.wreq\n  haskellPackages.lens\n]\n"}, "loc": ["services", "ihaskell", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.iio-niri.enable": {"declarations": ["nixos/modules/services/misc/iio-niri.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IIO-Niri.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "iio-niri", "enable"], "readOnly": false, "type": "boolean"}, "services.iio-niri.extraArgs": {"declarations": ["nixos/modules/services/misc/iio-niri.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to IIO-Niri.", "loc": ["services", "iio-niri", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.iio-niri.niriUnit": {"declarations": ["nixos/modules/services/misc/iio-niri.nix"], "default": {"_type": "literalExpression", "text": "\"niri.service\""}, "description": "The Niri **user** service unit to bind IIO-Niri's **user** service unit to.", "loc": ["services", "iio-niri", "niriUnit"], "readOnly": false, "type": "non-empty string"}, "services.iio-niri.package": {"declarations": ["nixos/modules/services/misc/iio-niri.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iio-niri"}, "description": "The iio-niri package to use.", "loc": ["services", "iio-niri", "package"], "readOnly": false, "type": "package"}, "services.illum.enable": {"declarations": ["nixos/modules/services/hardware/illum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable illum, a daemon for controlling screen brightness with brightness buttons.\n", "loc": ["services", "illum", "enable"], "readOnly": false, "type": "boolean"}, "services.imaginary.address": {"declarations": ["nixos/modules/services/networking/imaginary.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Bind address. Corresponds to the `-a` flag.\nSet to `\"\"` to bind to all addresses.\n", "example": {"_type": "literalExpression", "text": "\"[::1]\""}, "loc": ["services", "imaginary", "address"], "readOnly": false, "type": "string"}, "services.imaginary.enable": {"declarations": ["nixos/modules/services/networking/imaginary.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable imaginary image processing microservice.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "imaginary", "enable"], "readOnly": false, "type": "boolean"}, "services.imaginary.port": {"declarations": ["nixos/modules/services/networking/imaginary.nix"], "default": {"_type": "literalExpression", "text": "8088"}, "description": "Bind port. Corresponds to the `-p` flag.", "loc": ["services", "imaginary", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.imaginary.settings": {"declarations": ["nixos/modules/services/networking/imaginary.nix"], "description": "Command line arguments passed to the imaginary executable, stripped of\nthe prefix `-`. See upstream's\n[README](https://github.com/h2non/imaginary#command-line-usage) for all\noptions.\n", "loc": ["services", "imaginary", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or non-empty (list of string) or string)"}, "services.imaginary.settings.return-size": {"declarations": ["nixos/modules/services/networking/imaginary.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Return the image size in the HTTP headers.", "loc": ["services", "imaginary", "settings", "return-size"], "readOnly": false, "type": "boolean"}, "services.immich-kiosk.enable": {"declarations": ["nixos/modules/services/web-apps/immich-kiosk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Immich Kiosk slideshow service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich-kiosk", "enable"], "readOnly": false, "type": "boolean"}, "services.immich-kiosk.openFirewall": {"declarations": ["nixos/modules/services/web-apps/immich-kiosk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the immich-kiosk port.\n", "loc": ["services", "immich-kiosk", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.immich-kiosk.package": {"declarations": ["nixos/modules/services/web-apps/immich-kiosk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.immich-kiosk"}, "description": "The immich-kiosk package to use.", "loc": ["services", "immich-kiosk", "package"], "readOnly": false, "type": "package"}, "services.immich-kiosk.settings": {"declarations": ["nixos/modules/services/web-apps/immich-kiosk.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for immich-kiosk. See\n<https://docs.immichkiosk.app/configuration/>\nfor available options. Secret values can be loaded from files using\n`._secret = \"/path/to/secret\";`.\n", "example": {"_type": "literalExpression", "text": "{\n  immich_url = \"https://immich.example.com\";\n  immich_api_key._secret = \"/run/secrets/immich-kiosk-api-key\";\n  albums = [\n    \"4fa933cf-051f-4621-9ac7-8d06776c261c\"\n    \"6466548c-4995-4fb5-ab1f-f63cc9ff3e5f\"\n  ];\n  duration = 30;\n  layout = \"splitview\";\n  disable_ui = true;\n}\n"}, "loc": ["services", "immich-kiosk", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.immich-kiosk.settings.immich_url": {"declarations": ["nixos/modules/services/web-apps/immich-kiosk.nix"], "default": {"_type": "literalExpression", "text": "config.services.immich.settings.server.externalDomain"}, "description": "URL of the immich instance.\n", "loc": ["services", "immich-kiosk", "settings", "immich_url"], "readOnly": false, "type": "string"}, "services.immich-kiosk.settings.kiosk.port": {"declarations": ["nixos/modules/services/web-apps/immich-kiosk.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port on which immich-kiosk will listen.\n", "loc": ["services", "immich-kiosk", "settings", "kiosk", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.immich-public-proxy.enable": {"declarations": ["nixos/modules/services/web-apps/immich-public-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Immich Public Proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich-public-proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.immich-public-proxy.immichUrl": {"declarations": ["nixos/modules/services/web-apps/immich-public-proxy.nix"], "description": "URL of the Immich instance", "loc": ["services", "immich-public-proxy", "immichUrl"], "readOnly": false, "type": "string"}, "services.immich-public-proxy.openFirewall": {"declarations": ["nixos/modules/services/web-apps/immich-public-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the IPP port in the firewall", "loc": ["services", "immich-public-proxy", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.immich-public-proxy.package": {"declarations": ["nixos/modules/services/web-apps/immich-public-proxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.immich-public-proxy"}, "description": "The immich-public-proxy package to use.", "loc": ["services", "immich-public-proxy", "package"], "readOnly": false, "type": "package"}, "services.immich-public-proxy.port": {"declarations": ["nixos/modules/services/web-apps/immich-public-proxy.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port that IPP will listen on.", "loc": ["services", "immich-public-proxy", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.immich-public-proxy.settings": {"declarations": ["nixos/modules/services/web-apps/immich-public-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for IPP. See <https://github.com/alangrainger/immich-public-proxy/blob/main/README.md#additional-configuration> for options and defaults.\n", "loc": ["services", "immich-public-proxy", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.immich.accelerationDevices": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of device paths to hardware acceleration devices that immich should\nhave access to. This is useful when transcoding media files.\nThe special value `[ ]` will disallow all devices using `PrivateDevices`. `null` will give access to all devices.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/dri/renderD128\"\n]"}, "loc": ["services", "immich", "accelerationDevices"], "readOnly": false, "type": "null or (list of string)"}, "services.immich.database.createDB": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the automatic creation of the database for immich..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "database", "createDB"], "readOnly": false, "type": "boolean"}, "services.immich.database.enable": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the postgresql database for use with immich. See {option}`services.postgresql`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "database", "enable"], "readOnly": false, "type": "boolean"}, "services.immich.database.enableVectorChord": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the new VectorChord extension for full-text search in Postgres.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "database", "enableVectorChord"], "readOnly": false, "type": "boolean"}, "services.immich.database.enableVectors": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "lib.versionOlder config.system.stateVersion \"25.11\""}, "description": "Whether to enable pgvecto.rs in the database. You may disable this, if you have migrated to VectorChord and deleted the `vectors` schema..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "database", "enableVectors"], "readOnly": false, "type": "boolean"}, "services.immich.database.host": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "immich", "database", "host"], "readOnly": false, "type": "string"}, "services.immich.database.name": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"immich\""}, "description": "The name of the immich database.", "loc": ["services", "immich", "database", "name"], "readOnly": false, "type": "string"}, "services.immich.database.port": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Port of the postgresql server.", "loc": ["services", "immich", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.immich.database.user": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"immich\""}, "description": "The database user for immich.", "loc": ["services", "immich", "database", "user"], "readOnly": false, "type": "string"}, "services.immich.enable": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Immich.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "enable"], "readOnly": false, "type": "boolean"}, "services.immich.environment": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration environment variables. Refer to the [documentation](https://immich.app/docs/install/environment-variables) for options tagged with 'server', 'api' or 'microservices'.\n", "example": {"_type": "literalExpression", "text": "{\n  IMMICH_LOG_LEVEL = \"verbose\";\n}"}, "loc": ["services", "immich", "environment"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.immich.group": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"immich\""}, "description": "The group immich should run as.", "loc": ["services", "immich", "group"], "readOnly": false, "type": "string"}, "services.immich.host": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host that immich will listen on.", "loc": ["services", "immich", "host"], "readOnly": false, "type": "string"}, "services.immich.machine-learning.enable": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable immich's machine-learning functionality to detect faces and search for objects.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "machine-learning", "enable"], "readOnly": false, "type": "boolean"}, "services.immich.machine-learning.environment": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration environment variables. Refer to the [documentation](https://immich.app/docs/install/environment-variables) for options tagged with 'machine-learning'.\n", "example": {"_type": "literalExpression", "text": "{\n  MACHINE_LEARNING_MODEL_TTL = \"600\";\n}"}, "loc": ["services", "immich", "machine-learning", "environment"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.immich.mediaLocation": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/immich\""}, "description": "Directory used to store media files. If it is not the default, the directory has to be created manually such that the immich user is able to read and write to it.", "loc": ["services", "immich", "mediaLocation"], "readOnly": false, "type": "absolute path"}, "services.immich.openFirewall": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the immich port in the firewall", "loc": ["services", "immich", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.immich.package": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "pkgs.immich"}, "description": "The immich package to use.", "loc": ["services", "immich", "package"], "readOnly": false, "type": "package"}, "services.immich.port": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "2283"}, "description": "The port that immich will listen on.", "loc": ["services", "immich", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.immich.redis.enable": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable a redis cache for use with immich.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immich", "redis", "enable"], "readOnly": false, "type": "boolean"}, "services.immich.redis.host": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "config.services.redis.servers.immich.unixSocket"}, "description": "The host that redis will listen on.", "loc": ["services", "immich", "redis", "host"], "readOnly": false, "type": "string"}, "services.immich.redis.port": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The port that redis will listen on. Set to zero to disable TCP.", "loc": ["services", "immich", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.immich.secretsFile": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of a file with extra environment variables to be loaded from disk. This file is not added to the nix store, so it can be used to pass secrets to immich. Refer to the [documentation](https://immich.app/docs/install/environment-variables) for options.\n\nTo set a database password set this to a file containing:\n```\nDB_PASSWORD=<pass>\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/immich\""}, "loc": ["services", "immich", "secretsFile"], "readOnly": false, "type": "null or string"}, "services.immich.settings": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for Immich.\nSee <https://immich.app/docs/install/config-file/> or navigate to\n<https://my.immich.app/admin/system-settings> for\noptions and defaults.\nSetting it to `null` allows configuring Immich in the web interface.\nYou can load secret values from a file in this configuration by setting `somevalue._secret = \"/path/to/file\"` instead of setting `somevalue` directly.\n", "loc": ["services", "immich", "settings"], "readOnly": false, "type": "null or (open submodule of (JSON value))"}, "services.immich.settings.newVersionCheck.enabled": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Check for new versions.\nThis feature relies on periodic communication with github.com.\n", "loc": ["services", "immich", "settings", "newVersionCheck", "enabled"], "readOnly": false, "type": "boolean"}, "services.immich.settings.server.externalDomain": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Domain for publicly shared links, including `http(s)://`.", "loc": ["services", "immich", "settings", "server", "externalDomain"], "readOnly": false, "type": "string"}, "services.immich.user": {"declarations": ["nixos/modules/services/web-apps/immich.nix"], "default": {"_type": "literalExpression", "text": "\"immich\""}, "description": "The user immich should run as.", "loc": ["services", "immich", "user"], "readOnly": false, "type": "string"}, "services.immichframe.enable": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ImmichFrame.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "immichframe", "enable"], "readOnly": false, "type": "boolean"}, "services.immichframe.package": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "default": {"_type": "literalExpression", "text": "pkgs.immichframe"}, "description": "The immichframe package to use.", "loc": ["services", "immichframe", "package"], "readOnly": false, "type": "package"}, "services.immichframe.port": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port that ImmichFrame will listen on.", "loc": ["services", "immichframe", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.immichframe.settings": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ImmichFrame. See\n<https://immichframe.online/docs/getting-started/configuration> for\noptions and defaults.\n", "loc": ["services", "immichframe", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.immichframe.settings.Accounts": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "description": "Accounts configuration, multiple are permitted. See\n<https://immichframe.online/docs/getting-started/configuration>.\n", "loc": ["services", "immichframe", "settings", "Accounts"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.immichframe.settings.Accounts.*.ApiKey": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "API key to talk to the Immich server.\nWarning: it will be world-readable in /nix/store.\nConsider using {option}`ApiKeyFile` instead.\n\nSee\n<https://immichframe.online/docs/getting-started/configuration#api-key-permissions>\nfor details on what permissions this key needs.\n", "loc": ["services", "immichframe", "settings", "Accounts", "*", "ApiKey"], "readOnly": false, "type": "null or string"}, "services.immichframe.settings.Accounts.*.ApiKeyFile": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing an API key to talk to the Immich server.\n\nSee\n<https://immichframe.online/docs/getting-started/configuration#api-key-permissions>\nfor details on what permissions this key needs.\n", "loc": ["services", "immichframe", "settings", "Accounts", "*", "ApiKeyFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.immichframe.settings.Accounts.*.ImmichServerUrl": {"declarations": ["nixos/modules/services/web-apps/immichframe.nix"], "description": "The URL of your Immich server.", "example": {"_type": "literalExpression", "text": "\"http://photos.example.com\""}, "loc": ["services", "immichframe", "settings", "Accounts", "*", "ImmichServerUrl"], "readOnly": false, "type": "string"}, "services.inadyn.configFile": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration file for inadyn.\n\nSetting this will override all other configuration options.\n\nPassed to the inadyn service using LoadCredential.\n", "loc": ["services", "inadyn", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.inadyn.enable": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable synchronise your machine's IP address with a dynamic DNS provider using inadyn\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "inadyn", "enable"], "readOnly": false, "type": "boolean"}, "services.inadyn.group": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "\"inadyn\""}, "description": "Group account under which inadyn runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the inadyn service starts.\n:::\n", "loc": ["services", "inadyn", "group"], "readOnly": false, "type": "string"}, "services.inadyn.interval": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "\"*-*-* *:*:00\""}, "description": "How often to check the current IP.\nUses the format described in {manpage}`systemd.time(7)`\";\n", "loc": ["services", "inadyn", "interval"], "readOnly": false, "type": "string"}, "services.inadyn.logLevel": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Set inadyn's log level.", "loc": ["services", "inadyn", "logLevel"], "readOnly": false, "type": "one of \"none\", \"err\", \"warning\", \"info\", \"notice\", \"debug\""}, "services.inadyn.settings": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See `inadyn.conf (5)`", "loc": ["services", "inadyn", "settings"], "readOnly": false, "type": "open submodule of (attribute set)"}, "services.inadyn.settings.allow-ipv6": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "config.networking.enableIPv6"}, "description": "Whether to get IPv6 addresses from interfaces.", "loc": ["services", "inadyn", "settings", "allow-ipv6"], "readOnly": false, "type": "boolean"}, "services.inadyn.settings.custom": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for custom DNS providers.\n", "loc": ["services", "inadyn", "settings", "custom"], "readOnly": false, "type": "attribute set of (open submodule of (attribute set))"}, "services.inadyn.settings.custom.<name>.ddns-path": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "description": "DDNS server path.\n\nSee `inadnyn.conf (5)` for a list for format specifiers that can be used.\n", "example": {"_type": "literalExpression", "text": "\"/update?user=%u&password=%p&domain=%h&myip=%i\""}, "loc": ["services", "inadyn", "settings", "custom", "<name>", "ddns-path"], "readOnly": false, "type": "string"}, "services.inadyn.settings.custom.<name>.ddns-server": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "description": "DDNS server name.", "loc": ["services", "inadyn", "settings", "custom", "<name>", "ddns-server"], "readOnly": false, "type": "string"}, "services.inadyn.settings.custom.<name>.hostname": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "Hostname alias(es).", "example": {"_type": "literalExpression", "text": "\"your.cool-domain.com\""}, "loc": ["services", "inadyn", "settings", "custom", "<name>", "hostname"], "readOnly": false, "type": "string or list of string"}, "services.inadyn.settings.custom.<name>.include": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to include additional settings for this provider from.", "loc": ["services", "inadyn", "settings", "custom", "<name>", "include"], "readOnly": false, "type": "null or absolute path"}, "services.inadyn.settings.custom.<name>.password": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for this DDNS provider.\n\nWARNING: This will be world-readable in the nix store.\nTo store credentials securely, use the `include` or `configFile` options.\n", "loc": ["services", "inadyn", "settings", "custom", "<name>", "password"], "readOnly": false, "type": "null or string"}, "services.inadyn.settings.custom.<name>.ssl": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use HTTPS for this DDNS provider.", "loc": ["services", "inadyn", "settings", "custom", "<name>", "ssl"], "readOnly": false, "type": "boolean"}, "services.inadyn.settings.custom.<name>.username": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for this DDNS provider.", "loc": ["services", "inadyn", "settings", "custom", "<name>", "username"], "readOnly": false, "type": "null or string"}, "services.inadyn.settings.forced-update": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "2592000"}, "description": "Duration (in seconds) after which an update is forced.", "loc": ["services", "inadyn", "settings", "forced-update"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.inadyn.settings.provider": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for DDNS providers built-in to inadyn.\n\nFor a list of built-in providers, see `inadyn.conf (5)`.\n", "loc": ["services", "inadyn", "settings", "provider"], "readOnly": false, "type": "attribute set of (open submodule of (attribute set))"}, "services.inadyn.settings.provider.<name>.hostname": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "Hostname alias(es).", "example": {"_type": "literalExpression", "text": "\"your.cool-domain.com\""}, "loc": ["services", "inadyn", "settings", "provider", "<name>", "hostname"], "readOnly": false, "type": "string or list of string"}, "services.inadyn.settings.provider.<name>.include": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to include additional settings for this provider from.", "loc": ["services", "inadyn", "settings", "provider", "<name>", "include"], "readOnly": false, "type": "null or absolute path"}, "services.inadyn.settings.provider.<name>.password": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for this DDNS provider.\n\nWARNING: This will be world-readable in the nix store.\nTo store credentials securely, use the `include` or `configFile` options.\n", "loc": ["services", "inadyn", "settings", "provider", "<name>", "password"], "readOnly": false, "type": "null or string"}, "services.inadyn.settings.provider.<name>.ssl": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use HTTPS for this DDNS provider.", "loc": ["services", "inadyn", "settings", "provider", "<name>", "ssl"], "readOnly": false, "type": "boolean"}, "services.inadyn.settings.provider.<name>.username": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for this DDNS provider.", "loc": ["services", "inadyn", "settings", "provider", "<name>", "username"], "readOnly": false, "type": "null or string"}, "services.inadyn.user": {"declarations": ["nixos/modules/services/networking/inadyn.nix"], "default": {"_type": "literalExpression", "text": "\"inadyn\""}, "description": "User account under which inadyn runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the inadyn service starts.\n:::\n", "loc": ["services", "inadyn", "user"], "readOnly": false, "type": "string"}, "services.incron.allow": {"declarations": ["nixos/modules/services/monitoring/incron.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Users allowed to use incrontab.\n\nIf empty then no user will be allowed to have their own incrontab.\nIf `null` then will defer to {option}`deny`.\nIf both {option}`allow` and {option}`deny` are null\nthen all users will be allowed to have their own incrontab.\n", "loc": ["services", "incron", "allow"], "readOnly": false, "type": "null or (list of string)"}, "services.incron.deny": {"declarations": ["nixos/modules/services/monitoring/incron.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Users forbidden from using incrontab.", "loc": ["services", "incron", "deny"], "readOnly": false, "type": "null or (list of string)"}, "services.incron.enable": {"declarations": ["nixos/modules/services/monitoring/incron.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the incron daemon.\n\nNote that commands run under incrontab only support common Nix profiles for the {env}`PATH` provided variable.\n", "loc": ["services", "incron", "enable"], "readOnly": false, "type": "boolean"}, "services.incron.extraPackages": {"declarations": ["nixos/modules/services/monitoring/incron.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages available to the system incrontab.", "example": {"_type": "literalExpression", "text": "[ pkgs.rsync ]"}, "loc": ["services", "incron", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.incron.systab": {"declarations": ["nixos/modules/services/monitoring/incron.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The system incrontab contents.", "example": {"_type": "literalExpression", "text": "''\n  /var/mail IN_CLOSE_WRITE abc $@/$#\n  /tmp IN_ALL_EVENTS efg $@/$# $&\n''"}, "loc": ["services", "incron", "systab"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.infinoted.certificateChain": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Chain of CA-certificates to which our `certificateFile` is relative.\nOptional for TLS.\n", "loc": ["services", "infinoted", "certificateChain"], "readOnly": false, "type": "null or absolute path"}, "services.infinoted.certificateFile": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Server certificate to use for TLS\n", "loc": ["services", "infinoted", "certificateFile"], "readOnly": false, "type": "null or absolute path"}, "services.infinoted.enable": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable infinoted.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "infinoted", "enable"], "readOnly": false, "type": "boolean"}, "services.infinoted.extraConfig": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "''\n  [autosave]\n  interval=10\n''"}, "description": "Additional configuration to append to infinoted.conf\n", "loc": ["services", "infinoted", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.infinoted.group": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "\"infinoted\""}, "description": "What to call the primary group of the dedicated user under which infinoted is run\n", "loc": ["services", "infinoted", "group"], "readOnly": false, "type": "string"}, "services.infinoted.keyFile": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Private key to use for TLS\n", "loc": ["services", "infinoted", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.infinoted.package": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libinfinity"}, "description": "The libinfinity package to use.", "loc": ["services", "infinoted", "package"], "readOnly": false, "type": "package"}, "services.infinoted.passwordFile": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to read server-wide password from\n", "loc": ["services", "infinoted", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.infinoted.plugins": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"note-text\"\n  \"note-chat\"\n  \"logging\"\n  \"autosave\"\n]"}, "description": "Plugins to enable\n", "loc": ["services", "infinoted", "plugins"], "readOnly": false, "type": "list of string"}, "services.infinoted.port": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "6523"}, "description": "Port to listen on\n", "loc": ["services", "infinoted", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.infinoted.rootDirectory": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/infinoted/documents/\""}, "description": "Root of the directory structure to serve\n", "loc": ["services", "infinoted", "rootDirectory"], "readOnly": false, "type": "absolute path"}, "services.infinoted.securityPolicy": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "\"require-tls\""}, "description": "How strictly to enforce clients connection with TLS.\n", "loc": ["services", "infinoted", "securityPolicy"], "readOnly": false, "type": "one of \"no-tls\", \"allow-tls\", \"require-tls\""}, "services.infinoted.user": {"declarations": ["nixos/modules/services/editors/infinoted.nix"], "default": {"_type": "literalExpression", "text": "\"infinoted\""}, "description": "What to call the dedicated user under which infinoted is run\n", "loc": ["services", "infinoted", "user"], "readOnly": false, "type": "string"}, "services.influxdb.dataDir": {"declarations": ["nixos/modules/services/databases/influxdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/influxdb\""}, "description": "Data directory for influxd data files.", "loc": ["services", "influxdb", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.influxdb.enable": {"declarations": ["nixos/modules/services/databases/influxdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the influxdb server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "influxdb", "enable"], "readOnly": false, "type": "boolean"}, "services.influxdb.group": {"declarations": ["nixos/modules/services/databases/influxdb.nix"], "default": {"_type": "literalExpression", "text": "\"influxdb\""}, "description": "Group under which influxdb runs", "loc": ["services", "influxdb", "group"], "readOnly": false, "type": "string"}, "services.influxdb.package": {"declarations": ["nixos/modules/services/databases/influxdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.influxdb"}, "description": "The influxdb package to use.", "loc": ["services", "influxdb", "package"], "readOnly": false, "type": "package"}, "services.influxdb.settings": {"declarations": ["nixos/modules/services/databases/influxdb.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options for influxdb", "loc": ["services", "influxdb", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.influxdb.user": {"declarations": ["nixos/modules/services/databases/influxdb.nix"], "default": {"_type": "literalExpression", "text": "\"influxdb\""}, "description": "User account under which influxdb runs", "loc": ["services", "influxdb", "user"], "readOnly": false, "type": "string"}, "services.influxdb2.enable": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the influxdb2 server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "influxdb2", "enable"], "readOnly": false, "type": "boolean"}, "services.influxdb2.package": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.influxdb2"}, "description": "The influxdb2 package to use.", "loc": ["services", "influxdb2", "package"], "readOnly": false, "type": "package"}, "services.influxdb2.provision.enable": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable initial database setup and provisioning.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "influxdb2", "provision", "enable"], "readOnly": false, "type": "boolean"}, "services.influxdb2.provision.initialSetup.bucket": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "description": "Primary bucket name", "example": {"_type": "literalExpression", "text": "\"example\""}, "loc": ["services", "influxdb2", "provision", "initialSetup", "bucket"], "readOnly": false, "type": "string"}, "services.influxdb2.provision.initialSetup.organization": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "description": "Primary organization name", "example": {"_type": "literalExpression", "text": "\"main\""}, "loc": ["services", "influxdb2", "provision", "initialSetup", "organization"], "readOnly": false, "type": "string"}, "services.influxdb2.provision.initialSetup.passwordFile": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "description": "Password for primary user. Don't use a file from the nix store!", "loc": ["services", "influxdb2", "provision", "initialSetup", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.influxdb2.provision.initialSetup.retention": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The duration in seconds for which the bucket will retain data (0 is infinite).", "loc": ["services", "influxdb2", "provision", "initialSetup", "retention"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.influxdb2.provision.initialSetup.tokenFile": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "description": "API Token to set for the admin user. Don't use a file from the nix store!", "loc": ["services", "influxdb2", "provision", "initialSetup", "tokenFile"], "readOnly": false, "type": "absolute path"}, "services.influxdb2.provision.initialSetup.username": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Primary username", "loc": ["services", "influxdb2", "provision", "initialSetup", "username"], "readOnly": false, "type": "string"}, "services.influxdb2.provision.organizations": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Organizations to provision.", "example": {"_type": "literalExpression", "text": "{\n  myorg = {\n    description = \"My organization\";\n    buckets.mybucket = {\n      description = \"My bucket\";\n      retention = 31536000; # 1 year\n    };\n    auths.mytoken = {\n      readBuckets = [\"mybucket\"];\n      tokenFile = \"/run/secrets/mytoken\";\n    };\n  };\n}\n"}, "loc": ["services", "influxdb2", "provision", "organizations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.influxdb2.provision.organizations.<name>.auths": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "API tokens to provision for the user in this organization.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.allAccess": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Grants all permissions in the associated organization.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "allAccess"], "readOnly": false, "type": "boolean"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.description": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional description for the API token.\nNote that the actual token will always be created with a descriptionregardless\nof whether this is given or not. The name is always added plus a unique suffix\nto later identify the token to track whether it has already been created.\n", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "description"], "readOnly": false, "type": "null or string"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.id": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "\"<a hash derived from org and name>\""}, "description": "A unique identifier for this authentication token. Since influx doesn't store names for tokens, this will be hashed and appended to the description to identify the token.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "id"], "readOnly": true, "type": "string"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.operator": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Grants all permissions in all organizations.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "operator"], "readOnly": false, "type": "boolean"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.present": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this user is present or absent.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The organization's buckets which should be allowed to be read", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "readBuckets"], "readOnly": false, "type": "list of string"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The read permissions to include for this token. Access is usually granted only\nfor resources in the associated organization.\n\nAvailable permissions are `authorizations`, `buckets`, `dashboards`,\n`orgs`, `tasks`, `telegrafs`, `users`, `variables`, `secrets`, `labels`, `views`,\n`documents`, `notificationRules`, `notificationEndpoints`, `checks`, `dbrp`,\n`annotations`, `sources`, `scrapers`, `notebooks`, `remotes`, `replications`.\n\nRefer to `influx auth create --help` for a full list with descriptions.\n\n`buckets` grants read access to all associated buckets. Use `readBuckets` to define\nmore granular access permissions.\n", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "readPermissions"], "readOnly": false, "type": "list of (one of \"authorizations\", \"buckets\", \"dashboards\", \"orgs\", \"tasks\", \"telegrafs\", \"users\", \"variables\", \"secrets\", \"labels\", \"views\", \"documents\", \"notificationRules\", \"notificationEndpoints\", \"checks\", \"dbrp\", \"annotations\", \"sources\", \"scrapers\", \"notebooks\", \"remotes\", \"replications\")"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.tokenFile": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The token value. If not given, influx will automatically generate one.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "tokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.writeBuckets": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The organization's buckets which should be allowed to be written", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "writeBuckets"], "readOnly": false, "type": "list of string"}, "services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The read permissions to include for this token. Access is usually granted only\nfor resources in the associated organization.\n\nAvailable permissions are `authorizations`, `buckets`, `dashboards`,\n`orgs`, `tasks`, `telegrafs`, `users`, `variables`, `secrets`, `labels`, `views`,\n`documents`, `notificationRules`, `notificationEndpoints`, `checks`, `dbrp`,\n`annotations`, `sources`, `scrapers`, `notebooks`, `remotes`, `replications`.\n\nRefer to `influx auth create --help` for a full list with descriptions.\n\n`buckets` grants write access to all associated buckets. Use `writeBuckets` to define\nmore granular access permissions.\n", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "auths", "<name>", "writePermissions"], "readOnly": false, "type": "list of (one of \"authorizations\", \"buckets\", \"dashboards\", \"orgs\", \"tasks\", \"telegrafs\", \"users\", \"variables\", \"secrets\", \"labels\", \"views\", \"documents\", \"notificationRules\", \"notificationEndpoints\", \"checks\", \"dbrp\", \"annotations\", \"sources\", \"scrapers\", \"notebooks\", \"remotes\", \"replications\")"}, "services.influxdb2.provision.organizations.<name>.buckets": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Buckets to provision in this organization.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "buckets"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.influxdb2.provision.organizations.<name>.buckets.<name>.description": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional description for the bucket.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "buckets", "<name>", "description"], "readOnly": false, "type": "null or string"}, "services.influxdb2.provision.organizations.<name>.buckets.<name>.present": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this bucket is present or absent.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "buckets", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.influxdb2.provision.organizations.<name>.buckets.<name>.retention": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The duration in seconds for which the bucket will retain data (0 is infinite).", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "buckets", "<name>", "retention"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.influxdb2.provision.organizations.<name>.description": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional description for the organization.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "description"], "readOnly": false, "type": "null or string"}, "services.influxdb2.provision.organizations.<name>.present": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this organization is present or absent.", "loc": ["services", "influxdb2", "provision", "organizations", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.influxdb2.provision.users": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Users to provision.", "example": {"_type": "literalExpression", "text": "{\n  # admin = {}; /* The initialSetup.username will automatically be added. */\n  myuser.passwordFile = \"/run/secrets/myuser_password\";\n}\n"}, "loc": ["services", "influxdb2", "provision", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.influxdb2.provision.users.<name>.passwordFile": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for the user. If unset, the user will not be able to log in until a password is set by an operator! Don't use a file from the nix store!", "loc": ["services", "influxdb2", "provision", "users", "<name>", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.influxdb2.provision.users.<name>.present": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this user is present or absent.", "loc": ["services", "influxdb2", "provision", "users", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.influxdb2.settings": {"declarations": ["nixos/modules/services/databases/influxdb2.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "configuration options for influxdb2, see <https://docs.influxdata.com/influxdb/v2.0/reference/config-options> for details.", "loc": ["services", "influxdb2", "settings"], "readOnly": false, "type": "JSON value"}, "services.infnoise.enable": {"declarations": ["nixos/modules/services/security/infnoise.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Infinite Noise TRNG driver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "infnoise", "enable"], "readOnly": false, "type": "boolean"}, "services.infnoise.fillDevRandom": {"declarations": ["nixos/modules/services/security/infnoise.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run the infnoise driver as a daemon to refill /dev/random.\n\nIf disabled, you can use the `infnoise` command-line tool to\nmanually obtain randomness.\n", "loc": ["services", "infnoise", "fillDevRandom"], "readOnly": false, "type": "boolean"}, "services.input-remapper.enable": {"declarations": ["nixos/modules/services/misc/input-remapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable input-remapper, an easy to use tool to change the mapping of your input device buttons.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "input-remapper", "enable"], "readOnly": false, "type": "boolean"}, "services.input-remapper.enableUdevRules": {"declarations": ["nixos/modules/services/misc/input-remapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to <https://github.com/sezanzeb/input-remapper/issues/140>.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "input-remapper", "enableUdevRules"], "readOnly": false, "type": "boolean"}, "services.input-remapper.package": {"declarations": ["nixos/modules/services/misc/input-remapper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.input-remapper"}, "description": "The input-remapper package to use.", "loc": ["services", "input-remapper", "package"], "readOnly": false, "type": "package"}, "services.input-remapper.serviceWantedBy": {"declarations": ["nixos/modules/services/misc/input-remapper.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"graphical.target\"\n]"}, "description": "Specifies the WantedBy setting for the input-remapper service.", "example": {"_type": "literalExpression", "text": "[\n  \"multi-user.target\"\n]"}, "loc": ["services", "input-remapper", "serviceWantedBy"], "readOnly": false, "type": "list of string"}, "services.inputplumber.enable": {"declarations": ["nixos/modules/services/hardware/inputplumber.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable InputPlumber.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "inputplumber", "enable"], "readOnly": false, "type": "boolean"}, "services.inputplumber.package": {"declarations": ["nixos/modules/services/hardware/inputplumber.nix"], "default": {"_type": "literalExpression", "text": "pkgs.inputplumber"}, "description": "The inputplumber package to use.", "loc": ["services", "inputplumber", "package"], "readOnly": false, "type": "package"}, "services.inspircd.config": {"declarations": ["nixos/modules/services/networking/inspircd.nix"], "description": "Verbatim {file}`inspircd.conf` file.\nFor a list of options, consult the\n[InspIRCd documentation](https://docs.inspircd.org/3/configuration/), the\n[Module documentation](https://docs.inspircd.org/3/modules/)\nand the example configuration files distributed\nwith `pkgs.inspircd.doc`\n", "loc": ["services", "inspircd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.inspircd.enable": {"declarations": ["nixos/modules/services/networking/inspircd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable InspIRCd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "inspircd", "enable"], "readOnly": false, "type": "boolean"}, "services.inspircd.package": {"declarations": ["nixos/modules/services/networking/inspircd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.inspircd"}, "description": "The InspIRCd package to use. This is mainly useful\nto specify an overridden version of the\n`pkgs.inspircd` dervivation, for\nexample if you want to use a more minimal InspIRCd\ndistribution with less modules enabled or with\nmodules enabled which can't be distributed in binary\nform due to licensing issues.\n", "example": {"_type": "literalExpression", "text": "pkgs.inspircdMinimal"}, "loc": ["services", "inspircd", "package"], "readOnly": false, "type": "package"}, "services.interception-tools.enable": {"declarations": ["nixos/modules/services/hardware/interception-tools.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the interception tools service.", "loc": ["services", "interception-tools", "enable"], "readOnly": false, "type": "boolean"}, "services.interception-tools.plugins": {"declarations": ["nixos/modules/services/hardware/interception-tools.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.interception-tools-plugins.caps2esc ]"}, "description": "A list of interception tools plugins that will be made available to use\ninside the udevmon configuration.\n", "loc": ["services", "interception-tools", "plugins"], "readOnly": false, "type": "list of package"}, "services.interception-tools.udevmonConfig": {"declarations": ["nixos/modules/services/hardware/interception-tools.nix"], "default": {"_type": "literalExpression", "text": "''\n  - JOB: \"intercept -g $DEVNODE | caps2esc | uinput -d $DEVNODE\"\n    DEVICE:\n      EVENTS:\n        EV_KEY: [KEY_CAPSLOCK, KEY_ESC]\n''"}, "description": "String of udevmon YAML configuration, or path to a udevmon YAML\nconfiguration file.\n", "example": {"_type": "literalExpression", "text": "''\n  - JOB: \"intercept -g $DEVNODE | y2z | x2y | uinput -d $DEVNODE\"\n    DEVICE:\n      EVENTS:\n        EV_KEY: [KEY_X, KEY_Y]\n''"}, "loc": ["services", "interception-tools", "udevmonConfig"], "readOnly": false, "type": "string or absolute path"}, "services.intune.enable": {"declarations": ["nixos/modules/services/security/intune.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Microsoft Intune.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "intune", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious-router.address": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address on which invidious-router should listen on.\n", "loc": ["services", "invidious-router", "address"], "readOnly": false, "type": "string"}, "services.invidious-router.enable": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the invidious-router service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "invidious-router", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious-router.nginx.domain": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "description": "The domain on which invidious-router should be served.\n", "example": {"_type": "literalExpression", "text": "\"invidious-router.example.com\""}, "loc": ["services", "invidious-router", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.invidious-router.nginx.enable": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Automatic nginx proxy configuration\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "invidious-router", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious-router.nginx.extraDomains": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional domains to serve invidious-router on.\n", "loc": ["services", "invidious-router", "nginx", "extraDomains"], "readOnly": false, "type": "list of string"}, "services.invidious-router.package": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "pkgs.invidious-router"}, "description": "The invidious-router package to use.", "loc": ["services", "invidious-router", "package"], "readOnly": false, "type": "package"}, "services.invidious-router.port": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "8050"}, "description": "Port to bind to.\n", "loc": ["services", "invidious-router", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.invidious-router.settings": {"declarations": ["nixos/modules/services/misc/invidious-router.nix"], "default": {"_type": "literalExpression", "text": "{\n  api = {\n    allowed_regions = [\n      \"AT\"\n      \"DE\"\n      \"CH\"\n    ];\n    enabled = true;\n    filter_regions = true;\n    url = \"https://api.invidious.io/instances.json\";\n  };\n  app = {\n    enable_youtube_fallback = false;\n    listen = \"127.0.0.1:8050\";\n    reload_instance_list_interval = \"60s\";\n  };\n  healthcheck = {\n    allowed_status_codes = [\n      200\n    ];\n    filter_by_response_time = {\n      enabled = true;\n      qty_of_top_results = 3;\n    };\n    interval = \"10s\";\n    minimum_ratio = 0.2;\n    path = \"/\";\n    remove_no_ratio = true;\n    text_not_present = \"YouTube is currently trying to block Invidious instances\";\n    timeout = \"1s\";\n  };\n}"}, "description": "Configuration for invidious-router.\nCheck <https://gitlab.com/gaincoder/invidious-router#configuration>\nfor configuration options.\n", "loc": ["services", "invidious-router", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.invidious.address": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "if config.services.invidious.nginx.enable then \"127.0.0.1\" else \"0.0.0.0\""}, "description": "The IP address Invidious should bind to.\n", "loc": ["services", "invidious", "address"], "readOnly": false, "type": "string"}, "services.invidious.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database with PostgreSQL.\n", "loc": ["services", "invidious", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.invidious.database.host": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database host Invidious should use.\n\nIf `null`, the local unix socket is used. Otherwise\nTCP is used.\n", "loc": ["services", "invidious", "database", "host"], "readOnly": false, "type": "null or string"}, "services.invidious.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing the database password.\n", "loc": ["services", "invidious", "database", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.invidious.database.port": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "config.services.postgresql.settings.port"}, "description": "The port of the database Invidious should use.\n\nDefaults to the the default postgresql port.\n", "loc": ["services", "invidious", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.invidious.domain": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The FQDN Invidious is reachable on.\n\nThis is used to configure nginx and for building absolute URLs.\n", "loc": ["services", "invidious", "domain"], "readOnly": false, "type": "null or string"}, "services.invidious.enable": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Invidious.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "invidious", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious.extraSettingsFile": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file including Invidious settings.\n\nIt gets merged with the settings specified in {option}`services.invidious.settings`\nand can be used to store secrets like `hmac_key` outside of the nix store.\n", "loc": ["services", "invidious", "extraSettingsFile"], "readOnly": false, "type": "null or string"}, "services.invidious.hmacKeyFile": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A path to a file containing the `hmac_key`. If `null`, a key will be generated automatically on first\nstart.\n\nIf non-`null`, this option overrides any `hmac_key` specified in {option}`services.invidious.settings` or\nvia {option}`services.invidious.extraSettingsFile`.\n", "loc": ["services", "invidious", "hmacKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.invidious.http3-ytproxy.enable": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable http3-ytproxy for faster loading of images and video playback.\n\nIf {option}`services.invidious.nginx.enable` is used, nginx will be configured automatically. If not, you\nneed to configure a reverse proxy yourself according to\n<https://docs.invidious.io/improve-public-instance/#3-speed-up-video-playback-with-http3-ytproxy>.\n", "loc": ["services", "invidious", "http3-ytproxy", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious.http3-ytproxy.package": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "pkgs.http3-ytproxy"}, "description": "The http3-ytproxy package to use.", "loc": ["services", "invidious", "http3-ytproxy", "package"], "readOnly": false, "type": "package"}, "services.invidious.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure nginx as a reverse proxy for Invidious.\n\nIt serves it under the domain specified in {option}`services.invidious.settings.domain` with enabled TLS and ACME.\nFurther configuration can be done through {option}`services.nginx.virtualHosts.${config.services.invidious.settings.domain}.*`,\nwhich can also be used to disable AMCE and TLS.\n", "loc": ["services", "invidious", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious.package": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "pkgs.invidious"}, "description": "The invidious package to use.", "loc": ["services", "invidious", "package"], "readOnly": false, "type": "package"}, "services.invidious.port": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port Invidious should listen on.\n\nTo allow access from outside,\nyou can use either {option}`services.invidious.nginx`\nor add `config.services.invidious.port` to {option}`networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "invidious", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.invidious.serviceScale": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "How many invidious instances to run.\n\nSee <https://docs.invidious.io/improve-public-instance/#2-multiple-invidious-processes> for more details\non how this is intended to work. All instances beyond the first one have the options `channel_threads`\nand `feed_threads` set to 0 to avoid conflicts with multiple instances refreshing subscriptions. Instances\nwill be configured to bind to consecutive ports starting with {option}`services.invidious.port` for the\nfirst instance.\n", "loc": ["services", "invidious", "serviceScale"], "readOnly": false, "type": "signed integer"}, "services.invidious.settings": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The settings Invidious should use.\n\nSee [config.example.yml](https://github.com/iv-org/invidious/blob/master/config/config.example.yml) for a list of all possible options.\n", "loc": ["services", "invidious", "settings"], "readOnly": false, "type": "JSON value"}, "services.invidious.sig-helper.enable": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable and configure inv-sig-helper to emulate the youtube client's javascript. This is required\nto make certain videos playable.\n\nThis will download and run completely untrusted javascript from youtube! While this service is sandboxed,\nthis may still be an issue!\n", "loc": ["services", "invidious", "sig-helper", "enable"], "readOnly": false, "type": "boolean"}, "services.invidious.sig-helper.listenAddress": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:2999\""}, "description": "The IP address/port where inv-sig-helper should listen.\n", "loc": ["services", "invidious", "sig-helper", "listenAddress"], "readOnly": false, "type": "string"}, "services.invidious.sig-helper.package": {"declarations": ["nixos/modules/services/web-apps/invidious.nix"], "default": {"_type": "literalExpression", "text": "pkgs.inv-sig-helper"}, "description": "The inv-sig-helper package to use.", "loc": ["services", "invidious", "sig-helper", "package"], "readOnly": false, "type": "package"}, "services.invoiceplane": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "InvoicePlane configuration.", "loc": ["services", "invoiceplane"], "readOnly": false, "type": "submodule"}, "services.invoiceplane.sites": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more InvoicePlane sites to serve", "loc": ["services", "invoiceplane", "sites"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.invoiceplane.sites.<name>.cron.enable": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable cron service which periodically runs Invoiceplane tasks.\nRequires key taken from the administration page. Refer to\n<https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices>\non how to configure it.\n", "loc": ["services", "invoiceplane", "sites", "<name>", "cron", "enable"], "readOnly": false, "type": "boolean"}, "services.invoiceplane.sites.<name>.cron.key": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "description": "Cron key taken from the administration page.", "loc": ["services", "invoiceplane", "sites", "<name>", "cron", "key"], "readOnly": false, "type": "string"}, "services.invoiceplane.sites.<name>.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "invoiceplane", "sites", "<name>", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.invoiceplane.sites.<name>.database.host": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "invoiceplane", "sites", "<name>", "database", "host"], "readOnly": false, "type": "string"}, "services.invoiceplane.sites.<name>.database.name": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "\"invoiceplane\""}, "description": "Database name.", "loc": ["services", "invoiceplane", "sites", "<name>", "database", "name"], "readOnly": false, "type": "string"}, "services.invoiceplane.sites.<name>.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/invoiceplane-dbpassword\""}, "loc": ["services", "invoiceplane", "sites", "<name>", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.invoiceplane.sites.<name>.database.port": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "invoiceplane", "sites", "<name>", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.invoiceplane.sites.<name>.database.user": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "\"invoiceplane\""}, "description": "Database user.", "loc": ["services", "invoiceplane", "sites", "<name>", "database", "user"], "readOnly": false, "type": "string"}, "services.invoiceplane.sites.<name>.enable": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable InvoicePlane web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "invoiceplane", "sites", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.invoiceplane.sites.<name>.invoiceTemplates": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.\n\n::: {.note}\nThese templates need to be packaged before use, see example.\n:::\n", "example": {"_type": "literalExpression", "text": "let\n  # Let's package an example template\n  template-vtdirektmarketing = pkgs.stdenv.mkDerivation {\n    name = \"vtdirektmarketing\";\n    # Download the template from a public repository\n    src = pkgs.fetchgit {\n      url = \"https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git\";\n      sha256 = \"1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z\";\n    };\n    sourceRoot = \".\";\n    # Installing simply means copying template php file to the output directory\n    installPhase = \"\"\n      mkdir -p $out\n      cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/\n    \"\";\n  };\n# And then pass this package to the template list like this:\nin [ template-vtdirektmarketing ]\n"}, "loc": ["services", "invoiceplane", "sites", "<name>", "invoiceTemplates"], "readOnly": false, "type": "list of absolute path"}, "services.invoiceplane.sites.<name>.poolConfig": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "invoiceplane", "sites", "<name>", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.invoiceplane.sites.<name>.quoteTemplates": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of path(s) to respective template(s) which are copied from the 'quote_templates/pdf' directory.\n\n::: {.note}\nThese templates need to be packaged before use, see example.\n:::\n", "example": {"_type": "literalExpression", "text": "let\n  # Let's package an example template\n  template-vtdirektmarketing = pkgs.stdenv.mkDerivation {\n    name = \"vtdirektmarketing\";\n    # Download the template from a public repository\n    src = pkgs.fetchgit {\n      url = \"https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git\";\n      sha256 = \"1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z\";\n    };\n    sourceRoot = \".\";\n    # Installing simply means copying template php file to the output directory\n    installPhase = \"\"\n      mkdir -p $out\n      cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/\n    \"\";\n  };\n# And then pass this package to the template list like this:\nin [ template-vtdirektmarketing ]\n"}, "loc": ["services", "invoiceplane", "sites", "<name>", "quoteTemplates"], "readOnly": false, "type": "list of absolute path"}, "services.invoiceplane.sites.<name>.settings": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structural InvoicePlane configuration. Refer to\n<https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>\nfor details and supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  SETUP_COMPLETED = true;\n  DISABLE_SETUP = true;\n  IP_URL = \"https://invoice.example.com\";\n}\n"}, "loc": ["services", "invoiceplane", "sites", "<name>", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.invoiceplane.sites.<name>.stateDir": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/invoiceplane/\u2039name\u203a\""}, "description": "This directory is used for uploads of attachments and cache.\nThe directory passed here is automatically created and permissions\nadjusted as required.\n", "loc": ["services", "invoiceplane", "sites", "<name>", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.invoiceplane.webserver": {"declarations": ["nixos/modules/services/web-apps/invoiceplane.nix"], "default": {"_type": "literalExpression", "text": "\"caddy\""}, "description": "Which webserver to use for virtual host management.\n", "example": {"_type": "literalExpression", "text": "\"nginx\""}, "loc": ["services", "invoiceplane", "webserver"], "readOnly": false, "type": "one of \"caddy\", \"nginx\""}, "services.iodine.clients": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute of this option defines a systemd service that\nruns iodine. Many or none may be defined.\nThe name of each service is\n`iodine-\u00abname\u00bb`\nwhere \u00abname\u00bb is the name of the\ncorresponding attribute name.\n", "example": {"_type": "literalExpression", "text": "{\n  foo = {\n    server = \"tunnel.mdomain.com\";\n    relay = \"8.8.8.8\";\n    extraConfig = \"-v\";\n  }\n}\n"}, "loc": ["services", "iodine", "clients"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.iodine.clients.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional command line parameters", "example": {"_type": "literalExpression", "text": "\"-l 192.168.1.10 -p 23\""}, "loc": ["services", "iodine", "clients", "<name>", "extraConfig"], "readOnly": false, "type": "string"}, "services.iodine.clients.<name>.passwordFile": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to a file containing the password.", "loc": ["services", "iodine", "clients", "<name>", "passwordFile"], "readOnly": false, "type": "string"}, "services.iodine.clients.<name>.relay": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "DNS server to use as an intermediate relay to the iodined server", "example": {"_type": "literalExpression", "text": "\"8.8.8.8\""}, "loc": ["services", "iodine", "clients", "<name>", "relay"], "readOnly": false, "type": "string"}, "services.iodine.clients.<name>.server": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Hostname of server running iodined", "example": {"_type": "literalExpression", "text": "\"tunnel.mydomain.com\""}, "loc": ["services", "iodine", "clients", "<name>", "server"], "readOnly": false, "type": "string"}, "services.iodine.server.domain": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Domain or subdomain of which nameservers point to us", "example": {"_type": "literalExpression", "text": "\"tunnel.mydomain.com\""}, "loc": ["services", "iodine", "server", "domain"], "readOnly": false, "type": "string"}, "services.iodine.server.enable": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "enable iodined server", "loc": ["services", "iodine", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.iodine.server.extraConfig": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional command line parameters", "example": {"_type": "literalExpression", "text": "\"-l 192.168.1.10 -p 23\""}, "loc": ["services", "iodine", "server", "extraConfig"], "readOnly": false, "type": "string"}, "services.iodine.server.ip": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The assigned ip address or ip range", "example": {"_type": "literalExpression", "text": "\"172.16.10.1/24\""}, "loc": ["services", "iodine", "server", "ip"], "readOnly": false, "type": "string"}, "services.iodine.server.passwordFile": {"declarations": ["nixos/modules/services/networking/iodine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "File that contains password", "loc": ["services", "iodine", "server", "passwordFile"], "readOnly": false, "type": "string"}, "services.iperf3.affinity": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU affinity for the process.", "loc": ["services", "iperf3", "affinity"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.iperf3.authorizedUsersFile": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the configuration file containing authorized users credentials to run iperf tests.", "loc": ["services", "iperf3", "authorizedUsersFile"], "readOnly": false, "type": "null or absolute path"}, "services.iperf3.bind": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Bind to the specific interface associated with the given address.", "loc": ["services", "iperf3", "bind"], "readOnly": false, "type": "null or string"}, "services.iperf3.debug": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Emit debugging output.", "loc": ["services", "iperf3", "debug"], "readOnly": false, "type": "boolean"}, "services.iperf3.enable": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable iperf3 network throughput testing server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "iperf3", "enable"], "readOnly": false, "type": "boolean"}, "services.iperf3.extraFlags": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to iperf3(1).", "loc": ["services", "iperf3", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.iperf3.forceFlush": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force flushing output at every interval.", "loc": ["services", "iperf3", "forceFlush"], "readOnly": false, "type": "boolean"}, "services.iperf3.openFirewall": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for iperf3.", "loc": ["services", "iperf3", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.iperf3.package": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "pkgs.iperf3"}, "description": "The iperf3 package to use.", "loc": ["services", "iperf3", "package"], "readOnly": false, "type": "package"}, "services.iperf3.port": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "5201"}, "description": "Server port to listen on for iperf3 client requests.", "loc": ["services", "iperf3", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.iperf3.rsaPrivateKey": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.", "loc": ["services", "iperf3", "rsaPrivateKey"], "readOnly": false, "type": "null or absolute path"}, "services.iperf3.verbose": {"declarations": ["nixos/modules/services/networking/iperf3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Give more detailed output.", "loc": ["services", "iperf3", "verbose"], "readOnly": false, "type": "boolean"}, "services.ipfs-cluster.consensus": {"declarations": ["nixos/modules/services/network-filesystems/ipfs-cluster.nix"], "description": "Consensus protocol - 'raft' or 'crdt'. <https://cluster.ipfs.io/documentation/guides/consensus/>", "loc": ["services", "ipfs-cluster", "consensus"], "readOnly": false, "type": "one of \"raft\", \"crdt\""}, "services.ipfs-cluster.dataDir": {"declarations": ["nixos/modules/services/network-filesystems/ipfs-cluster.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ipfs-cluster\""}, "description": "The data dir for ipfs-cluster.", "loc": ["services", "ipfs-cluster", "dataDir"], "readOnly": false, "type": "string"}, "services.ipfs-cluster.enable": {"declarations": ["nixos/modules/services/network-filesystems/ipfs-cluster.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pinset orchestration for IPFS - requires ipfs daemon to be useful.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ipfs-cluster", "enable"], "readOnly": false, "type": "boolean"}, "services.ipfs-cluster.initPeers": {"declarations": ["nixos/modules/services/network-filesystems/ipfs-cluster.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Peer addresses to initialize with on first run.", "loc": ["services", "ipfs-cluster", "initPeers"], "readOnly": false, "type": "list of string"}, "services.ipfs-cluster.openSwarmPort": {"declarations": ["nixos/modules/services/network-filesystems/ipfs-cluster.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open swarm port, secured by the cluster secret. This does not expose the API or proxy. <https://cluster.ipfs.io/documentation/guides/security/>", "loc": ["services", "ipfs-cluster", "openSwarmPort"], "readOnly": false, "type": "boolean"}, "services.ipfs-cluster.secretFile": {"declarations": ["nixos/modules/services/network-filesystems/ipfs-cluster.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the cluster secret in the format of EnvironmentFile as described by\n{manpage}`systemd.exec(5)`. For example:\n<programlisting>\nCLUSTER_SECRET=<replaceable>...</replaceable>\n</programlisting>\n\nIf null, a new secret will be generated on first run and stored in the data directory.\nA secret in the correct format can also be generated by: `openssl rand -hex 32`\n", "loc": ["services", "ipfs-cluster", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.ipp-usb.enable": {"declarations": ["nixos/modules/services/printing/ipp-usb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ipp-usb", "enable"], "readOnly": false, "type": "boolean"}, "services.iptsd.config": {"declarations": ["nixos/modules/services/hardware/iptsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for IPTSD. See the\n[reference configuration](https://github.com/linux-surface/iptsd/blob/master/etc/iptsd.conf)\nfor available options and defaults.\n", "loc": ["services", "iptsd", "config"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.iptsd.config.Stylus.Disable": {"declarations": ["nixos/modules/services/hardware/iptsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disables the stylus. No stylus data will be processed.", "loc": ["services", "iptsd", "config", "Stylus", "Disable"], "readOnly": false, "type": "boolean"}, "services.iptsd.config.Touchscreen.DisableOnPalm": {"declarations": ["nixos/modules/services/hardware/iptsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Ignore all touchscreen inputs if a palm was registered on the display.", "loc": ["services", "iptsd", "config", "Touchscreen", "DisableOnPalm"], "readOnly": false, "type": "boolean"}, "services.iptsd.config.Touchscreen.DisableOnStylus": {"declarations": ["nixos/modules/services/hardware/iptsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Ignore all touchscreen inputs if a stylus is in proximity.", "loc": ["services", "iptsd", "config", "Touchscreen", "DisableOnStylus"], "readOnly": false, "type": "boolean"}, "services.iptsd.enable": {"declarations": ["nixos/modules/services/hardware/iptsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the userspace daemon for Intel Precise Touch & Stylus.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "iptsd", "enable"], "readOnly": false, "type": "boolean"}, "services.ircdHybrid.adminEmail": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "\"<bit-bucket@example.com>\""}, "description": "IRCD server administrator e-mail.\n", "example": {"_type": "literalExpression", "text": "\"<name@domain.tld>\""}, "loc": ["services", "ircdHybrid", "adminEmail"], "readOnly": false, "type": "string"}, "services.ircdHybrid.certificate": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IRCD server SSL certificate. There are some limitations - read manual.\n", "example": {"_type": "literalExpression", "text": "/root/certificates/irc.pem"}, "loc": ["services", "ircdHybrid", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.ircdHybrid.description": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "\"Hybrid-7 IRC server.\""}, "description": "IRCD server description.\n", "loc": ["services", "ircdHybrid", "description"], "readOnly": false, "type": "string"}, "services.ircdHybrid.enable": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IRCD.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ircdHybrid", "enable"], "readOnly": false, "type": "boolean"}, "services.ircdHybrid.extraIPs": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra IP's to bind.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "ircdHybrid", "extraIPs"], "readOnly": false, "type": "list of string"}, "services.ircdHybrid.extraPort": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "\"7117\""}, "description": "Extra port to avoid filtering.\n", "loc": ["services", "ircdHybrid", "extraPort"], "readOnly": false, "type": "string"}, "services.ircdHybrid.rsaKey": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IRCD server RSA key.\n", "example": {"_type": "literalExpression", "text": "/root/certificates/irc.key"}, "loc": ["services", "ircdHybrid", "rsaKey"], "readOnly": false, "type": "null or absolute path"}, "services.ircdHybrid.serverName": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "\"hades.arpa\""}, "description": "IRCD server name.\n", "loc": ["services", "ircdHybrid", "serverName"], "readOnly": false, "type": "string"}, "services.ircdHybrid.sid": {"declarations": ["nixos/modules/services/networking/ircd-hybrid/default.nix"], "default": {"_type": "literalExpression", "text": "\"0NL\""}, "description": "IRCD server unique ID in a net of servers.\n", "loc": ["services", "ircdHybrid", "sid"], "readOnly": false, "type": "string"}, "services.irkerd.enable": {"declarations": ["nixos/modules/services/misc/irkerd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable irker, an IRC notification daemon.", "loc": ["services", "irkerd", "enable"], "readOnly": false, "type": "boolean"}, "services.irkerd.listenAddress": {"declarations": ["nixos/modules/services/misc/irkerd.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Specifies the bind address on which the irker daemon listens.\nThe default is localhost.\n\nIrker authors strongly warn about the risks of running this on\na publicly accessible interface, so change this with caution.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "irkerd", "listenAddress"], "readOnly": false, "type": "string"}, "services.irkerd.nick": {"declarations": ["nixos/modules/services/misc/irkerd.nix"], "default": {"_type": "literalExpression", "text": "\"irker\""}, "description": "Nick to use for irker", "loc": ["services", "irkerd", "nick"], "readOnly": false, "type": "string"}, "services.irkerd.openPorts": {"declarations": ["nixos/modules/services/misc/irkerd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for irkerd", "loc": ["services", "irkerd", "openPorts"], "readOnly": false, "type": "boolean"}, "services.irqbalance.enable": {"declarations": ["nixos/modules/services/hardware/irqbalance.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable irqbalance daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "irqbalance", "enable"], "readOnly": false, "type": "boolean"}, "services.irqbalance.package": {"declarations": ["nixos/modules/services/hardware/irqbalance.nix"], "default": {"_type": "literalExpression", "text": "pkgs.irqbalance"}, "description": "The irqbalance package to use.", "loc": ["services", "irqbalance", "package"], "readOnly": false, "type": "package"}, "services.isso.enable": {"declarations": ["nixos/modules/services/web-apps/isso.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable isso, a commenting server similar to Disqus.\n\nNote: The application's author suppose to run isso behind a reverse proxy.\nThe embedded solution offered by NixOS is also only suitable for small installations\nbelow 20 requests per second\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "isso", "enable"], "readOnly": false, "type": "boolean"}, "services.isso.settings": {"declarations": ["nixos/modules/services/web-apps/isso.nix"], "description": "Configuration for `isso`.\n\nSee [Isso Server Configuration](https://posativ.org/isso/docs/configuration/server/)\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  general = {\n    host = \"http://localhost\";\n  };\n}\n"}, "loc": ["services", "isso", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.ivpn.enable": {"declarations": ["nixos/modules/services/networking/ivpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables iVPN daemon.\nThis sets {option}`networking.firewall.checkReversePath` to \"loose\", which might be undesirable for security.\n", "loc": ["services", "ivpn", "enable"], "readOnly": false, "type": "boolean"}, "services.jack.alsa.enable": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Route audio to/from generic ALSA-using applications using ALSA JACK PCM plugin.\n", "loc": ["services", "jack", "alsa", "enable"], "readOnly": false, "type": "boolean"}, "services.jack.alsa.support32Bit": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support sound for 32-bit ALSA applications on 64-bit system.\n", "loc": ["services", "jack", "alsa", "support32Bit"], "readOnly": false, "type": "boolean"}, "services.jack.jackd.enable": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable JACK Audio Connection Kit. You need to add yourself to the \"jackaudio\" group\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jack", "jackd", "enable"], "readOnly": false, "type": "boolean"}, "services.jack.jackd.extraOptions": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-dalsa\"\n]"}, "description": "Specifies startup command line arguments to pass to JACK server.\n", "example": {"_type": "literalExpression", "text": "[ \"-dalsa\" \"--device\" \"hw:1\" ];\n"}, "loc": ["services", "jack", "jackd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.jack.jackd.session": {"declarations": ["nixos/modules/services/audio/jack.nix"], "description": "Commands to run after JACK is started.\n", "loc": ["services", "jack", "jackd", "session"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jack.loopback.config": {"declarations": ["nixos/modules/services/audio/jack.nix"], "description": "ALSA config for loopback device.\n", "loc": ["services", "jack", "loopback", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jack.loopback.dmixConfig": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "For music production software that still doesn't support JACK natively you\nwould like to put buffer/period adjustments here\nto decrease dmix device latency.\n", "example": {"_type": "literalExpression", "text": "''\n  period_size 2048\n  periods 2\n''"}, "loc": ["services", "jack", "loopback", "dmixConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jack.loopback.enable": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create ALSA loopback device, instead of using PCM plugin. Has broader\napplication support (things like Steam will work), but may need fine-tuning\nfor concrete hardware.\n", "loc": ["services", "jack", "loopback", "enable"], "readOnly": false, "type": "boolean"}, "services.jack.loopback.index": {"declarations": ["nixos/modules/services/audio/jack.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Index of an ALSA loopback device.\n", "loc": ["services", "jack", "loopback", "index"], "readOnly": false, "type": "signed integer"}, "services.jack.loopback.session": {"declarations": ["nixos/modules/services/audio/jack.nix"], "description": "Additional commands to run to setup loopback device.\n", "loc": ["services", "jack", "loopback", "session"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jackett.dataDir": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jackett/.config/Jackett\""}, "description": "The directory where Jackett stores its data files.", "loc": ["services", "jackett", "dataDir"], "readOnly": false, "type": "string"}, "services.jackett.enable": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jackett, API support for your favorite torrent trackers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jackett", "enable"], "readOnly": false, "type": "boolean"}, "services.jackett.group": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "\"jackett\""}, "description": "Group under which Jackett runs.", "loc": ["services", "jackett", "group"], "readOnly": false, "type": "string"}, "services.jackett.openFirewall": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Jackett web interface.", "loc": ["services", "jackett", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.jackett.package": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jackett"}, "description": "The jackett package to use.", "loc": ["services", "jackett", "package"], "readOnly": false, "type": "package"}, "services.jackett.port": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "9117"}, "description": "Port serving the web interface\n", "loc": ["services", "jackett", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jackett.user": {"declarations": ["nixos/modules/services/misc/jackett.nix"], "default": {"_type": "literalExpression", "text": "\"jackett\""}, "description": "User account under which Jackett runs.", "loc": ["services", "jackett", "user"], "readOnly": false, "type": "string"}, "services.jboss.deployDir": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/var/nix/profiles/default/server/default/deploy/\""}, "description": "Location of the deployment files", "loc": ["services", "jboss", "deployDir"], "readOnly": false, "type": "string"}, "services.jboss.enable": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.", "loc": ["services", "jboss", "enable"], "readOnly": false, "type": "boolean"}, "services.jboss.libUrl": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "\"file:///nix/var/nix/profiles/default/server/default/lib\""}, "description": "Location where the shared library JARs are stored", "loc": ["services", "jboss", "libUrl"], "readOnly": false, "type": "string"}, "services.jboss.logDir": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/jboss\""}, "description": "Location of the logfile directory of JBoss", "loc": ["services", "jboss", "logDir"], "readOnly": false, "type": "string"}, "services.jboss.serverDir": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/jboss/server\""}, "description": "Location of the server instance files", "loc": ["services", "jboss", "serverDir"], "readOnly": false, "type": "string"}, "services.jboss.tempDir": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "\"/tmp\""}, "description": "Location where JBoss stores its temp files", "loc": ["services", "jboss", "tempDir"], "readOnly": false, "type": "string"}, "services.jboss.useJK": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use to connector to the Apache HTTP server", "loc": ["services", "jboss", "useJK"], "readOnly": false, "type": "boolean"}, "services.jboss.user": {"declarations": ["nixos/modules/services/web-servers/jboss/default.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "User account under which jboss runs.", "loc": ["services", "jboss", "user"], "readOnly": false, "type": "string"}, "services.jellyfin.cacheDir": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/jellyfin\""}, "description": "Directory containing the jellyfin server cache,\npassed with `--cachedir` see [#cache-directory](https://jellyfin.org/docs/general/administration/configuration/#cache-directory)\n", "loc": ["services", "jellyfin", "cacheDir"], "readOnly": false, "type": "absolute path"}, "services.jellyfin.configDir": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"${cfg.dataDir}/config\""}, "description": "Directory containing the server configuration files,\npassed with `--configdir` see [configuration-directory](https://jellyfin.org/docs/general/administration/configuration/#configuration-directory)\n", "loc": ["services", "jellyfin", "configDir"], "readOnly": false, "type": "absolute path"}, "services.jellyfin.dataDir": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jellyfin\""}, "description": "Base data directory,\npassed with `--datadir` see [#data-directory](https://jellyfin.org/docs/general/administration/configuration/#data-directory)\n", "loc": ["services", "jellyfin", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.jellyfin.enable": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jellyfin Media Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jellyfin", "enable"], "readOnly": false, "type": "boolean"}, "services.jellyfin.forceEncodingConfig": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to overwrite Jellyfin's `encoding.xml` configuration file on each service start.\n\nWhen enabled, the encoding configuration specified in {option}`services.jellyfin.transcoding`\nand {option}`services.jellyfin.hardwareAcceleration` will be applied on every service restart.\nA backup of the existing `encoding.xml` will be created at `encoding.xml.backup-$timestamp`.\n\n::: {.warning}\nEnabling this option means that any changes made to transcoding settings through\nJellyfin's web dashboard will be lost on the next service restart. The NixOS configuration\nbecomes the single source of truth for encoding settings.\n:::\n\nWhen disabled (the default), the encoding configuration is only written if no `encoding.xml`\nexists yet. This allows settings to be changed through Jellyfin's web dashboard and persist\nacross restarts, but means the NixOS configuration options will be ignored after the initial setup.\n", "loc": ["services", "jellyfin", "forceEncodingConfig"], "readOnly": false, "type": "boolean"}, "services.jellyfin.group": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"jellyfin\""}, "description": "Group under which jellyfin runs.", "loc": ["services", "jellyfin", "group"], "readOnly": false, "type": "string"}, "services.jellyfin.hardwareAcceleration.device": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the hardware acceleration device that Jellyfin should use.\nFor obscure configurations, additional devices can be added via\n{option}`systemd.services.jellyfin.serviceConfig.DeviceAllow`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/dri/renderD128\""}, "loc": ["services", "jellyfin", "hardwareAcceleration", "device"], "readOnly": false, "type": "null or absolute path"}, "services.jellyfin.hardwareAcceleration.enable": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hardware acceleration for video transcoding.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jellyfin", "hardwareAcceleration", "enable"], "readOnly": false, "type": "boolean"}, "services.jellyfin.hardwareAcceleration.type": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "The method of hardware acceleration. See [Hardware Acceleration](https://jellyfin.org/docs/general/post-install/transcoding/hardware-acceleration) for more details.\n", "loc": ["services", "jellyfin", "hardwareAcceleration", "type"], "readOnly": false, "type": "one of \"none\", \"amf\", \"qsv\", \"nvenc\", \"v4l2m2m\", \"vaapi\", \"rkmpp\""}, "services.jellyfin.logDir": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"${cfg.dataDir}/log\""}, "description": "Directory where the Jellyfin logs will be stored,\npassed with `--logdir` see [#log-directory](https://jellyfin.org/docs/general/administration/configuration/#log-directory)\n", "loc": ["services", "jellyfin", "logDir"], "readOnly": false, "type": "absolute path"}, "services.jellyfin.openFirewall": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the default ports in the firewall for the media server. The\nHTTP/HTTPS ports can be changed in the Web UI, so this option should\nonly be used if they are unchanged, see [Port Bindings](https://jellyfin.org/docs/general/networking/#port-bindings).\n", "loc": ["services", "jellyfin", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.jellyfin.package": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jellyfin"}, "description": "The jellyfin package to use.", "loc": ["services", "jellyfin", "package"], "readOnly": false, "type": "package"}, "services.jellyfin.transcoding.deleteSegments": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Delete transcoding segments when finished.\n", "loc": ["services", "jellyfin", "transcoding", "deleteSegments"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.enableHardwareEncoding": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware encoding for video transcoding.\n", "loc": ["services", "jellyfin", "transcoding", "enableHardwareEncoding"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.enableIntelLowPowerEncoding": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable low-power encoding mode for Intel Quick Sync Video.\nRequires i915 HuC firmware to be configured.\n", "loc": ["services", "jellyfin", "transcoding", "enableIntelLowPowerEncoding"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.enableSubtitleExtraction": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding. On some systems this can take a long time and cause video playback to stall during the extraction process. Disable this to have embedded subtitles burned in with video transcoding when they are not natively supported by the client device.\n", "loc": ["services", "jellyfin", "transcoding", "enableSubtitleExtraction"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.enableToneMapping": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable tone mapping when transcoding HDR content.\n", "loc": ["services", "jellyfin", "transcoding", "enableToneMapping"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.encodingPreset": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Encoder preset for transcoding.\nLower presets sacrifice quality for speed, higher presets optimize quality.\n", "loc": ["services", "jellyfin", "transcoding", "encodingPreset"], "readOnly": false, "type": "one of \"auto\", \"veryslow\", \"slower\", \"slow\", \"medium\", \"fast\", \"faster\", \"veryfast\", \"superfast\", \"ultrafast\""}, "services.jellyfin.transcoding.h264Crf": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "23"}, "description": "Constant Rate Factor (CRF) for H.264 encoding. Lower values result in better quality. Range: 0-51.\n", "loc": ["services", "jellyfin", "transcoding", "h264Crf"], "readOnly": false, "type": "integer between 0 and 51 (both inclusive)"}, "services.jellyfin.transcoding.h265Crf": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "28"}, "description": "Constant Rate Factor (CRF) for H.265 encoding. Lower values result in better quality. Range: 0-51.\n", "loc": ["services", "jellyfin", "transcoding", "h265Crf"], "readOnly": false, "type": "integer between 0 and 51 (both inclusive)"}, "services.jellyfin.transcoding.hardwareDecodingCodecs": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Which codecs to enable for hardware decoding.\n", "example": {"_type": "literalExpression", "text": "{\n  h264 = true;\n  vp9 = true;\n}"}, "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs"], "readOnly": false, "type": "submodule"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.av1": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for av1 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "av1"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.h264": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for h264 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "h264"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.hevc": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for hevc codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "hevc"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.hevc10bit": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for hevc10bit codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "hevc10bit"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.hevcRExt10bit": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for hevcRExt10bit codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "hevcRExt10bit"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.hevcRExt12bit": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for hevcRExt12bit codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "hevcRExt12bit"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.mpeg2": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for mpeg2 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "mpeg2"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.vc1": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for vc1 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "vc1"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.vp8": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for vp8 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "vp8"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareDecodingCodecs.vp9": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware decoding for vp9 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareDecodingCodecs", "vp9"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareEncodingCodecs": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Which codecs to enable for hardware encoding. h264 is always enabled.\n", "example": {"_type": "literalExpression", "text": "{\n  av1 = true;\n}"}, "loc": ["services", "jellyfin", "transcoding", "hardwareEncodingCodecs"], "readOnly": false, "type": "submodule"}, "services.jellyfin.transcoding.hardwareEncodingCodecs.av1": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware encoding for av1 codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareEncodingCodecs", "av1"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.hardwareEncodingCodecs.hevc": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable hardware encoding for hevc codec.", "loc": ["services", "jellyfin", "transcoding", "hardwareEncodingCodecs", "hevc"], "readOnly": false, "type": "boolean"}, "services.jellyfin.transcoding.maxConcurrentStreams": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of concurrent transcoding streams.\nSet to null for unlimited (limited by hardware capabilities).\n", "example": {"_type": "literalExpression", "text": "2"}, "loc": ["services", "jellyfin", "transcoding", "maxConcurrentStreams"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.jellyfin.transcoding.threadCount": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of threads to use when transcoding.\nSet to null to use automatic detection.\n", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "jellyfin", "transcoding", "threadCount"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.jellyfin.transcoding.throttleTranscoding": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When a transcode or remux gets far enough ahead from the current playback position, pause the process so it will consume fewer resources. This is most useful when watching without seeking often. Turn this off if you experience playback issues.\n", "loc": ["services", "jellyfin", "transcoding", "throttleTranscoding"], "readOnly": false, "type": "boolean"}, "services.jellyfin.user": {"declarations": ["nixos/modules/services/misc/jellyfin.nix"], "default": {"_type": "literalExpression", "text": "\"jellyfin\""}, "description": "User account under which Jellyfin runs.", "loc": ["services", "jellyfin", "user"], "readOnly": false, "type": "string"}, "services.jellyseerr.configDir": {"declarations": ["nixos/modules/services/misc/jellyseerr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jellyseerr/config\""}, "description": "Config data directory", "loc": ["services", "jellyseerr", "configDir"], "readOnly": false, "type": "absolute path"}, "services.jellyseerr.enable": {"declarations": ["nixos/modules/services/misc/jellyseerr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jellyseerr, a requests manager for Jellyfin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jellyseerr", "enable"], "readOnly": false, "type": "boolean"}, "services.jellyseerr.openFirewall": {"declarations": ["nixos/modules/services/misc/jellyseerr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in the firewall for the Jellyseerr web interface.", "loc": ["services", "jellyseerr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.jellyseerr.package": {"declarations": ["nixos/modules/services/misc/jellyseerr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jellyseerr"}, "description": "The jellyseerr package to use.", "loc": ["services", "jellyseerr", "package"], "readOnly": false, "type": "package"}, "services.jellyseerr.port": {"declarations": ["nixos/modules/services/misc/jellyseerr.nix"], "default": {"_type": "literalExpression", "text": "5055"}, "description": "The port which the Jellyseerr web UI should listen to.", "loc": ["services", "jellyseerr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jenkins.enable": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jenkins, a continuous integration server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jenkins", "enable"], "readOnly": false, "type": "boolean"}, "services.jenkins.environment": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to be passed to the jenkins process.\nAs a base environment, jenkins receives NIX_PATH from\n{option}`environment.sessionVariables`, NIX_REMOTE is set to\n\"daemon\" and JENKINS_HOME is set to the value of\n{option}`services.jenkins.home`.\nThis option has precedence and can be used to override those\nmentioned variables.\n", "loc": ["services", "jenkins", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.jenkins.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra groups that the \"jenkins\" user should be a part of.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wheel\"\n  \"dialout\"\n]"}, "loc": ["services", "jenkins", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.jenkins.extraJavaOptions": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass to the Java run time (as opposed to Jenkins).\n", "example": {"_type": "literalExpression", "text": "[\n  \"-Xmx80m\"\n]"}, "loc": ["services", "jenkins", "extraJavaOptions"], "readOnly": false, "type": "list of string"}, "services.jenkins.extraOptions": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass to Jenkins.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--debug=9\"\n]"}, "loc": ["services", "jenkins", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.jenkins.group": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "\"jenkins\""}, "description": "If the default user \"jenkins\" is configured then this is the primary\ngroup of that user.\n", "loc": ["services", "jenkins", "group"], "readOnly": false, "type": "string"}, "services.jenkins.home": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jenkins\""}, "description": "The path to use as JENKINS_HOME. If the default user \"jenkins\" is configured then\nthis is the home of the \"jenkins\" user.\n", "loc": ["services", "jenkins", "home"], "readOnly": false, "type": "absolute path"}, "services.jenkins.javaPackage": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk21"}, "description": "The jdk21 package to use.", "loc": ["services", "jenkins", "javaPackage"], "readOnly": false, "type": "package"}, "services.jenkins.jobBuilder.accessToken": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "User token in Jenkins used to reload config.\nWARNING: This token will be world readable in the Nix store. To keep\nit secret, use the {option}`accessTokenFile` option instead.\n", "loc": ["services", "jenkins", "jobBuilder", "accessToken"], "readOnly": false, "type": "string"}, "services.jenkins.jobBuilder.accessTokenFile": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.jenkins.home}/secrets/initialAdminPassword\""}, "description": "File containing the API token for the {option}`accessUser`\nuser.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jenkins-job-builder-access-token\""}, "loc": ["services", "jenkins", "jobBuilder", "accessTokenFile"], "readOnly": false, "type": "string"}, "services.jenkins.jobBuilder.accessUser": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "User id in Jenkins used to reload config.\n", "loc": ["services", "jenkins", "jobBuilder", "accessUser"], "readOnly": false, "type": "string"}, "services.jenkins.jobBuilder.enable": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Jenkins Job Builder (JJB) service. It\nallows defining jobs for Jenkins in a declarative manner.\n\nJobs managed through the Jenkins WebUI (or by other means) are left\nunchanged.\n\nNote that it really is declarative configuration; if you remove a\npreviously defined job, the corresponding job directory will be\ndeleted.\n\nPlease see the Jenkins Job Builder documentation for more info:\n<https://jenkins-job-builder.readthedocs.io/>\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jenkins", "jobBuilder", "enable"], "readOnly": false, "type": "boolean"}, "services.jenkins.jobBuilder.jsonJobs": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Job descriptions for Jenkins Job Builder in JSON format.\n", "example": {"_type": "literalExpression", "text": "[\n  ''\n    [ { \"job\":\n        { \"name\": \"jenkins-job-test-2\",\n          \"builders\": [ \"shell\": \"echo 'Hello world!'\" ]\n        }\n      }\n    ]\n  ''\n]\n"}, "loc": ["services", "jenkins", "jobBuilder", "jsonJobs"], "readOnly": false, "type": "list of string"}, "services.jenkins.jobBuilder.nixJobs": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Job descriptions for Jenkins Job Builder in Nix format.\n\nThis is a trivial wrapper around jsonJobs, using builtins.toJSON\nbehind the scene.\n", "example": {"_type": "literalExpression", "text": "[ { job =\n    { name = \"jenkins-job-test-3\";\n      builders = [\n        { shell = \"echo 'Hello world!'\"; }\n      ];\n    };\n  }\n]\n"}, "loc": ["services", "jenkins", "jobBuilder", "nixJobs"], "readOnly": false, "type": "list of (attribute set)"}, "services.jenkins.jobBuilder.yamlJobs": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/job-builder.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Job descriptions for Jenkins Job Builder in YAML format.\n", "example": {"_type": "literalExpression", "text": "''\n  - job:\n      name: jenkins-job-test-1\n      builders:\n        - shell: echo 'Hello world!'\n''"}, "loc": ["services", "jenkins", "jobBuilder", "yamlJobs"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jenkins.listenAddress": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Specifies the bind address on which the jenkins HTTP interface listens.\nThe default is the wildcard address.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "jenkins", "listenAddress"], "readOnly": false, "type": "string"}, "services.jenkins.package": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jenkins"}, "description": "The jenkins package to use.", "loc": ["services", "jenkins", "package"], "readOnly": false, "type": "package"}, "services.jenkins.packages": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.stdenv pkgs.git pkgs.jdk17 config.programs.ssh.package pkgs.nix ]"}, "description": "Packages to add to PATH for the jenkins process.\n", "loc": ["services", "jenkins", "packages"], "readOnly": false, "type": "list of package"}, "services.jenkins.plugins": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A set of plugins to activate. Note that this will completely\nremove and replace any previously installed plugins. If you\nhave manually-installed plugins that you want to keep while\nusing this module, set this option to\n`null`. You can generate this set with a\ntool such as `jenkinsPlugins2nix`.\n", "example": {"_type": "literalExpression", "text": "import path/to/jenkinsPlugins2nix-generated-plugins.nix { inherit (pkgs) fetchurl stdenv; }\n"}, "loc": ["services", "jenkins", "plugins"], "readOnly": false, "type": "null or (attribute set of package)"}, "services.jenkins.port": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Specifies port number on which the jenkins HTTP interface listens.\nThe default is 8080.\n", "loc": ["services", "jenkins", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jenkins.prefix": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specifies a urlPrefix to use with jenkins.\nIf the example /jenkins is given, the jenkins server will be\naccessible using localhost:8080/jenkins.\n", "example": {"_type": "literalExpression", "text": "\"/jenkins\""}, "loc": ["services", "jenkins", "prefix"], "readOnly": false, "type": "string"}, "services.jenkins.user": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "\"jenkins\""}, "description": "User the jenkins server should execute under.\n", "loc": ["services", "jenkins", "user"], "readOnly": false, "type": "string"}, "services.jenkins.withCLI": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to make the CLI available.\n\nMore info about the CLI available at\n[\nhttps://www.jenkins.io/doc/book/managing/cli](https://www.jenkins.io/doc/book/managing/cli) .\n", "loc": ["services", "jenkins", "withCLI"], "readOnly": false, "type": "boolean"}, "services.jenkinsSlave.enable": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/slave.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true the system will be configured to work as a jenkins slave.\nIf the system is also configured to work as a jenkins master then this has no effect.\nIn progress: Currently only assures the jenkins user is configured.\n", "loc": ["services", "jenkinsSlave", "enable"], "readOnly": false, "type": "boolean"}, "services.jenkinsSlave.group": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/slave.nix"], "default": {"_type": "literalExpression", "text": "\"jenkins\""}, "description": "If the default slave agent user \"jenkins\" is configured then this is\nthe primary group of that user.\n", "loc": ["services", "jenkinsSlave", "group"], "readOnly": false, "type": "string"}, "services.jenkinsSlave.home": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/slave.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jenkins\""}, "description": "The path to use as JENKINS_HOME. If the default user \"jenkins\" is configured then\nthis is the home of the \"jenkins\" user.\n", "loc": ["services", "jenkinsSlave", "home"], "readOnly": false, "type": "absolute path"}, "services.jenkinsSlave.javaPackage": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/slave.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk"}, "description": "The jdk package to use.", "loc": ["services", "jenkinsSlave", "javaPackage"], "readOnly": false, "type": "package"}, "services.jenkinsSlave.user": {"declarations": ["nixos/modules/services/continuous-integration/jenkins/slave.nix"], "default": {"_type": "literalExpression", "text": "\"jenkins\""}, "description": "User the jenkins slave agent should execute under.\n", "loc": ["services", "jenkinsSlave", "user"], "readOnly": false, "type": "string"}, "services.jibri.config": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Jibri configuration.\nSee <https://github.com/jitsi/jibri/blob/master/src/main/resources/reference.conf>\nfor default configuration with comments.\n", "loc": ["services", "jibri", "config"], "readOnly": false, "type": "HOCON value"}, "services.jibri.enable": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running {option}`services.jitsi-meet.enable`, so for most use cases it will be simpler to run {option}`services.jitsi-meet.jibri.enable`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jibri", "enable"], "readOnly": false, "type": "boolean"}, "services.jibri.finalizeScript": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.writeScript \"finalize_recording.sh\" ''''\n#!/bin/sh\n\nRECORDINGS_DIR=$1\n\necho \"This is a dummy finalize script\" > /tmp/finalize.out\necho \"The script was invoked with recordings directory $RECORDINGS_DIR.\" >> /tmp/finalize.out\necho \"You should put any finalize logic (renaming, uploading to a service\" >> /tmp/finalize.out\necho \"or storage provider, etc.) in this script\" >> /tmp/finalize.out\n\nexit 0\n'''';\n"}, "description": "This script runs when jibri finishes recording a video of a conference.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeScript \"finalize_recording.sh\" ''''\n#!/bin/sh\nRECORDINGS_DIR=$1\n${pkgs.rclone}/bin/rclone copy $RECORDINGS_DIR RCLONE_REMOTE:jibri-recordings/ -v --log-file=/var/log/jitsi/jibri/recording-upload.txt\nexit 0\n'''';\n"}, "loc": ["services", "jibri", "finalizeScript"], "readOnly": false, "type": "absolute path"}, "services.jibri.ignoreCert": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the flag \"--ignore-certificate-errors\" for the Chromium browser opened by Jibri.\nIntended for use in automated tests or anywhere else where using a verified cert for Jitsi-Meet is not possible.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jibri", "ignoreCert"], "readOnly": false, "type": "boolean"}, "services.jibri.xmppEnvironments": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "XMPP servers to connect to.\n", "example": {"_type": "literalExpression", "text": "\"jitsi-meet\" = {\n  xmppServerHosts = [ \"localhost\" ];\n  xmppDomain = config.services.jitsi-meet.hostName;\n\n  control.muc = {\n    domain = \"internal.${config.services.jitsi-meet.hostName}\";\n    roomName = \"JibriBrewery\";\n    nickname = \"jibri\";\n  };\n\n  control.login = {\n    domain = \"auth.${config.services.jitsi-meet.hostName}\";\n    username = \"jibri\";\n    passwordFile = \"/var/lib/jitsi-meet/jibri-auth-secret\";\n  };\n\n  call.login = {\n    domain = \"recorder.${config.services.jitsi-meet.hostName}\";\n    username = \"recorder\";\n    passwordFile = \"/var/lib/jitsi-meet/jibri-recorder-secret\";\n  };\n\n  usageTimeout = \"0\";\n  disableCertificateVerification = true;\n  stripFromRoomDomain = \"conference.\";\n};\n"}, "loc": ["services", "jibri", "xmppEnvironments"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.jibri.xmppEnvironments.<name>.call.login.domain": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "The domain part of the JID for the recorder.\n", "example": {"_type": "literalExpression", "text": "\"recorder.xmpp.example.org\""}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "call", "login", "domain"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.call.login.passwordFile": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "File containing the password for the user.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jibri-recorder-xmpp1\""}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "call", "login", "passwordFile"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.call.login.username": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "\"recorder\""}, "description": "User part of the JID for the recorder.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "call", "login", "username"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.control.login.domain": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "The domain part of the JID for this Jibri instance.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "control", "login", "domain"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.control.login.passwordFile": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "File containing the password for the user.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jibri-xmpp1\""}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "control", "login", "passwordFile"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.control.login.username": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "\"jvb\""}, "description": "User part of the JID.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "control", "login", "username"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.control.muc.domain": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "The domain part of the MUC to connect to for control.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "control", "muc", "domain"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.control.muc.nickname": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "\"jibri\""}, "description": "The nickname for this Jibri instance in the MUC.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "control", "muc", "nickname"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.control.muc.roomName": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "\"JibriBrewery\""}, "description": "The room name of the MUC to connect to for control.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "control", "muc", "roomName"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.disableCertificateVerification": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to skip validation of the server's certificate.\n", "loc": ["services", "jibri", "xmppEnvironments", "<name>", "disableCertificateVerification"], "readOnly": false, "type": "boolean"}, "services.jibri.xmppEnvironments.<name>.stripFromRoomDomain": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "The prefix to strip from the room's JID domain to derive the call URL.\n", "example": {"_type": "literalExpression", "text": "\"conference.\""}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "stripFromRoomDomain"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.usageTimeout": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "The duration that the Jibri session can be.\nA value of zero means indefinitely.\n", "example": {"_type": "literalExpression", "text": "\"1 hour\""}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "usageTimeout"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.xmppDomain": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "The base XMPP domain.\n", "example": {"_type": "literalExpression", "text": "\"xmpp.example.org\""}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "xmppDomain"], "readOnly": false, "type": "string"}, "services.jibri.xmppEnvironments.<name>.xmppServerHosts": {"declarations": ["nixos/modules/services/networking/jibri/default.nix"], "description": "Hostnames of the XMPP servers to connect to.\n", "example": {"_type": "literalExpression", "text": "[\n  \"xmpp.example.org\"\n]"}, "loc": ["services", "jibri", "xmppEnvironments", "<name>", "xmppServerHosts"], "readOnly": false, "type": "list of string"}, "services.jicofo.bridgeMuc": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "description": "JID of the internal MUC used to communicate with Videobridges.\n", "example": {"_type": "literalExpression", "text": "\"jvbbrewery@internal.meet.example.org\""}, "loc": ["services", "jicofo", "bridgeMuc"], "readOnly": false, "type": "string"}, "services.jicofo.componentPasswordFile": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "description": "Path to file containing component secret.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jicofo-component\""}, "loc": ["services", "jicofo", "componentPasswordFile"], "readOnly": false, "type": "string"}, "services.jicofo.config": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the {file}`jicofo.conf` configuration file.\n", "example": {"_type": "literalExpression", "text": "{\n  jicofo.bridge.max-bridge-participants = 42;\n}\n"}, "loc": ["services", "jicofo", "config"], "readOnly": false, "type": "HOCON value"}, "services.jicofo.enable": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jitsi Conference Focus - component of Jitsi Meet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jicofo", "enable"], "readOnly": false, "type": "boolean"}, "services.jicofo.userDomain": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "description": "Domain part of the JID for XMPP user connection.\n", "example": {"_type": "literalExpression", "text": "\"auth.meet.example.org\""}, "loc": ["services", "jicofo", "userDomain"], "readOnly": false, "type": "string"}, "services.jicofo.userName": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "default": {"_type": "literalExpression", "text": "\"focus\""}, "description": "User part of the JID for XMPP user connection.\n", "loc": ["services", "jicofo", "userName"], "readOnly": false, "type": "string"}, "services.jicofo.userPasswordFile": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "description": "Path to file containing password for XMPP user connection.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jicofo-user\""}, "loc": ["services", "jicofo", "userPasswordFile"], "readOnly": false, "type": "string"}, "services.jicofo.xmppDomain": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "description": "Domain name of the XMMP server to which to connect as a component.\n\nIf null, {option}`xmppHost` is used.\n", "example": {"_type": "literalExpression", "text": "\"meet.example.org\""}, "loc": ["services", "jicofo", "xmppDomain"], "readOnly": false, "type": "null or string"}, "services.jicofo.xmppHost": {"declarations": ["nixos/modules/services/networking/jicofo.nix"], "description": "Hostname of the XMPP server to connect to.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "jicofo", "xmppHost"], "readOnly": false, "type": "string"}, "services.jigasi.bridgeMuc": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "description": "JID of the internal MUC used to communicate with Videobridges.\n", "example": {"_type": "literalExpression", "text": "\"jigasibrewery@internal.meet.example.org\""}, "loc": ["services", "jigasi", "bridgeMuc"], "readOnly": false, "type": "string"}, "services.jigasi.componentPasswordFile": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "description": "Path to file containing component secret.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jigasi-component\""}, "loc": ["services", "jigasi", "componentPasswordFile"], "readOnly": false, "type": "string"}, "services.jigasi.config": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the <filename>sip-communicator.properties</filename> configuration file for jigasi.\n", "example": {"_type": "literalExpression", "text": "{\n  \"org.jitsi.jigasi.auth.URL\" = \"XMPP:jitsi-meet.example.com\";\n}\n"}, "loc": ["services", "jigasi", "config"], "readOnly": false, "type": "attribute set of string"}, "services.jigasi.defaultJvbRoomName": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name of the default JVB room that will be joined if no special header is included in SIP invite.\n", "example": {"_type": "literalExpression", "text": "\"siptest\""}, "loc": ["services", "jigasi", "defaultJvbRoomName"], "readOnly": false, "type": "string"}, "services.jigasi.enable": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jitsi Gateway to SIP - component of Jitsi Meet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jigasi", "enable"], "readOnly": false, "type": "boolean"}, "services.jigasi.environmentFile": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to the jigasi service,\nin which secret tokens can be specified securely by defining values for\n<literal>JIGASI_SIPUSER</literal>,\n<literal>JIGASI_SIPPWD</literal>,\n<literal>JIGASI_SIPSERVER</literal> and\n<literal>JIGASI_SIPPORT</literal>.\n", "loc": ["services", "jigasi", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.jigasi.userDomain": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "description": "Domain part of the JID for XMPP user connection.\n", "example": {"_type": "literalExpression", "text": "\"internal.meet.example.org\""}, "loc": ["services", "jigasi", "userDomain"], "readOnly": false, "type": "string"}, "services.jigasi.userName": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "default": {"_type": "literalExpression", "text": "\"callcontrol\""}, "description": "User part of the JID for XMPP user connection.\n", "loc": ["services", "jigasi", "userName"], "readOnly": false, "type": "string"}, "services.jigasi.userPasswordFile": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "description": "Path to file containing password for XMPP user connection.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jigasi-user\""}, "loc": ["services", "jigasi", "userPasswordFile"], "readOnly": false, "type": "string"}, "services.jigasi.xmppDomain": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "description": "Domain name of the XMMP server to which to connect as a component.\n\nIf null, <option>xmppHost</option> is used.\n", "example": {"_type": "literalExpression", "text": "\"meet.example.org\""}, "loc": ["services", "jigasi", "xmppDomain"], "readOnly": false, "type": "null or string"}, "services.jigasi.xmppHost": {"declarations": ["nixos/modules/services/networking/jigasi.nix"], "description": "Hostname of the XMPP server to connect to.\n", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "jigasi", "xmppHost"], "readOnly": false, "type": "string"}, "services.jitsi-meet.caddy.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable caddy reverse proxy to expose jitsi-meet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitsi-meet", "caddy", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.config": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Client-side web application settings that override the defaults in {file}`config.js`.\n\nSee <https://github.com/jitsi/jitsi-meet/blob/master/config.js> for default\nconfiguration with comments.\n", "example": {"_type": "literalExpression", "text": "{\n  enableWelcomePage = false;\n  defaultLang = \"fi\";\n}\n"}, "loc": ["services", "jitsi-meet", "config"], "readOnly": false, "type": "attribute set"}, "services.jitsi-meet.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jitsi Meet - Secure, Simple and Scalable Video Conferences.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitsi-meet", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.excalidraw.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Excalidraw collaboration backend for Jitsi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitsi-meet", "excalidraw", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.excalidraw.port": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "3002"}, "description": "The port which the Excalidraw backend for Jitsi should listen to.", "loc": ["services", "jitsi-meet", "excalidraw", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jitsi-meet.extraConfig": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Text to append to {file}`config.js` web application config file.\n\nCan be used to insert JavaScript logic to determine user's region in cascading bridges setup.\n", "loc": ["services", "jitsi-meet", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jitsi-meet.hostName": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "description": "FQDN of the Jitsi Meet instance.\n", "example": {"_type": "literalExpression", "text": "\"meet.example.org\""}, "loc": ["services", "jitsi-meet", "hostName"], "readOnly": false, "type": "string"}, "services.jitsi-meet.interfaceConfig": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Client-side web-app interface settings that override the defaults in {file}`interface_config.js`.\n\nSee <https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js> for\ndefault configuration with comments.\n", "example": {"_type": "literalExpression", "text": "{\n  SHOW_JITSI_WATERMARK = false;\n  SHOW_WATERMARK_FOR_GUESTS = false;\n}\n"}, "loc": ["services", "jitsi-meet", "interfaceConfig"], "readOnly": false, "type": "attribute set"}, "services.jitsi-meet.jibri.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a Jibri instance and configure it to connect to Prosody.\n\nAdditional configuration is possible with {option}`services.jibri`, and\n{option}`services.jibri.finalizeScript` is especially useful.\n", "loc": ["services", "jitsi-meet", "jibri", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.jicofo.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable JiCoFo instance and configure it to connect to Prosody.\n\nAdditional configuration is possible with {option}`services.jicofo`.\n", "loc": ["services", "jitsi-meet", "jicofo", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.jigasi.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable jigasi instance and configure it to connect to Prosody.\n\nAdditional configuration is possible with <option>services.jigasi</option>.\n", "loc": ["services", "jitsi-meet", "jigasi", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable nginx virtual host that will serve the javascript application and act as\na proxy for the XMPP server. Further nginx configuration can be done by adapting\n{option}`services.nginx.virtualHosts.<hostName>`.\nWhen this is enabled, ACME will be used to retrieve a TLS certificate by default. To disable\nthis, set the {option}`services.nginx.virtualHosts.<hostName>.enableACME` to\n`false` and if appropriate do the same for\n{option}`services.nginx.virtualHosts.<hostName>.forceSSL`.\n", "loc": ["services", "jitsi-meet", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.prosody.allowners_muc": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add module allowners, any user in chat is able to\nkick other. Usefull in jitsi-meet to kick ghosts.\n", "loc": ["services", "jitsi-meet", "prosody", "allowners_muc"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.prosody.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this\noff if you want to configure it manually.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "jitsi-meet", "prosody", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.prosody.lockdown": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable Prosody features not needed by Jitsi Meet.\n\nThe default Prosody configuration assumes that it will be used as a\ngeneral-purpose XMPP server rather than as a companion service for\nJitsi Meet. This option reconfigures Prosody to only listen on\nlocalhost without support for TLS termination, XMPP federation or\nthe file transfer proxy.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitsi-meet", "prosody", "lockdown"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.secureDomain.authentication": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "\"internal_hashed\""}, "description": "The authentication type to be used by jitsi", "loc": ["services", "jitsi-meet", "secureDomain", "authentication"], "readOnly": false, "type": "string"}, "services.jitsi-meet.secureDomain.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Authenticated room creation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitsi-meet", "secureDomain", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.videobridge.enable": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Jitsi Videobridge instance and configure it to connect to Prosody.\n\nAdditional configuration is possible with {option}`services.jitsi-videobridge`\n", "loc": ["services", "jitsi-meet", "videobridge", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-meet.videobridge.passwordFile": {"declarations": ["nixos/modules/services/web-apps/jitsi-meet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing password to the Prosody account for videobridge.\n\nIf `null`, a file with password will be generated automatically. Setting\nthis option is useful if you plan to connect additional videobridges to the XMPP server.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/videobridge\""}, "loc": ["services", "jitsi-meet", "videobridge", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.jitsi-videobridge.colibriRestApi": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the private rest API for the COLIBRI control interface.\nNeeded for monitoring jitsi, enabling scraping of the /colibri/stats endpoint.\n", "loc": ["services", "jitsi-videobridge", "colibriRestApi"], "readOnly": false, "type": "boolean"}, "services.jitsi-videobridge.config": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Videobridge configuration.\n\nSee <https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf>\nfor default configuration with comments.\n", "example": {"_type": "literalExpression", "text": "{\n  videobridge = {\n    ice.udp.port = 5000;\n    websockets = {\n      enabled = true;\n      server-id = \"jvb1\";\n    };\n  };\n}\n"}, "loc": ["services", "jitsi-videobridge", "config"], "readOnly": false, "type": "attribute set"}, "services.jitsi-videobridge.enable": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jitsi Videobridge, a WebRTC compatible video router.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitsi-videobridge", "enable"], "readOnly": false, "type": "boolean"}, "services.jitsi-videobridge.extraProperties": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional Java properties passed to jitsi-videobridge.\n", "loc": ["services", "jitsi-videobridge", "extraProperties"], "readOnly": false, "type": "attribute set of string"}, "services.jitsi-videobridge.nat.harvesterAddresses": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"stunserver.stunprotocol.org:3478\"\n  \"stun.framasoft.org:3478\"\n  \"meet-jit-si-turnrelay.jitsi.net:443\"\n]"}, "description": "Addresses of public STUN services to use to automatically find\nthe public and local addresses of this Jitsi-Videobridge instance\nwithout the need for manual configuration.\n\nThis option is ignored if {option}`services.jitsi-videobridge.nat.localAddress`\nand {option}`services.jitsi-videobridge.nat.publicAddress` are set.\n", "example": {"_type": "literalExpression", "text": "[ ]"}, "loc": ["services", "jitsi-videobridge", "nat", "harvesterAddresses"], "readOnly": false, "type": "list of string"}, "services.jitsi-videobridge.nat.localAddress": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Local address to assume when running behind NAT.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.42\""}, "loc": ["services", "jitsi-videobridge", "nat", "localAddress"], "readOnly": false, "type": "null or string"}, "services.jitsi-videobridge.nat.publicAddress": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Public address to assume when running behind NAT.\n", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "jitsi-videobridge", "nat", "publicAddress"], "readOnly": false, "type": "null or string"}, "services.jitsi-videobridge.openFirewall": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the videobridge.\n", "loc": ["services", "jitsi-videobridge", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.jitsi-videobridge.xmppConfigs": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "XMPP servers to connect to.\n\nSee <https://github.com/jitsi/jitsi-videobridge/blob/master/doc/muc.md> for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  \"localhost\" = {\n    hostName = \"localhost\";\n    userName = \"jvb\";\n    domain = \"auth.xmpp.example.org\";\n    passwordFile = \"/var/lib/jitsi-meet/videobridge-secret\";\n    mucJids = \"jvbbrewery@internal.xmpp.example.org\";\n  };\n}\n"}, "loc": ["services", "jitsi-videobridge", "xmppConfigs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to skip validation of the server's certificate.\n", "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "disableCertificateVerification"], "readOnly": false, "type": "boolean"}, "services.jitsi-videobridge.xmppConfigs.<name>.domain": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Domain part of JID of the XMPP user, if it is different from hostName.\n", "example": {"_type": "literalExpression", "text": "\"auth.xmpp.example.org\""}, "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "domain"], "readOnly": false, "type": "null or string"}, "services.jitsi-videobridge.xmppConfigs.<name>.hostName": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "description": "Hostname of the XMPP server to connect to. Name of the attribute set is used by default.\n", "example": {"_type": "literalExpression", "text": "\"xmpp.example.org\""}, "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "hostName"], "readOnly": false, "type": "string"}, "services.jitsi-videobridge.xmppConfigs.<name>.mucJids": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "description": "JID of the MUC to join. JiCoFo needs to be configured to join the same MUC.\n", "example": {"_type": "literalExpression", "text": "\"jvbbrewery@internal.xmpp.example.org\""}, "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "mucJids"], "readOnly": false, "type": "string"}, "services.jitsi-videobridge.xmppConfigs.<name>.mucNickname": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "description": "Videobridges use the same XMPP account and need to be distinguished by the\nnickname (aka resource part of the JID). By default, system hostname is used.\n", "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "mucNickname"], "readOnly": false, "type": "string"}, "services.jitsi-videobridge.xmppConfigs.<name>.passwordFile": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "description": "File containing the password for the user.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jitsi-videobridge-xmpp1\""}, "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "passwordFile"], "readOnly": false, "type": "string"}, "services.jitsi-videobridge.xmppConfigs.<name>.userName": {"declarations": ["nixos/modules/services/networking/jitsi-videobridge.nix"], "default": {"_type": "literalExpression", "text": "\"jvb\""}, "description": "User part of the JID.\n", "loc": ["services", "jitsi-videobridge", "xmppConfigs", "<name>", "userName"], "readOnly": false, "type": "string"}, "services.jitterentropy-rngd.enable": {"declarations": ["nixos/modules/services/security/jitterentropy-rngd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable jitterentropy-rngd service configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jitterentropy-rngd", "enable"], "readOnly": false, "type": "boolean"}, "services.jitterentropy-rngd.package": {"declarations": ["nixos/modules/services/security/jitterentropy-rngd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jitterentropy-rngd"}, "description": "The jitterentropy-rngd package to use.", "loc": ["services", "jitterentropy-rngd", "package"], "readOnly": false, "type": "package"}, "services.jmusicbot.enable": {"declarations": ["nixos/modules/services/audio/jmusicbot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable jmusicbot, a Discord music bot that's easy to set up and run yourself.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jmusicbot", "enable"], "readOnly": false, "type": "boolean"}, "services.jmusicbot.package": {"declarations": ["nixos/modules/services/audio/jmusicbot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jmusicbot"}, "description": "The jmusicbot package to use.", "loc": ["services", "jmusicbot", "package"], "readOnly": false, "type": "package"}, "services.jmusicbot.stateDir": {"declarations": ["nixos/modules/services/audio/jmusicbot.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jmusicbot/\""}, "description": "The directory where config.txt and serversettings.json is saved.\nIf left as the default value this directory will automatically be created before JMusicBot starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.\nUntouched by the value of this option config.txt needs to be placed manually into this directory.\n", "loc": ["services", "jmusicbot", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.jotta-cli.enable": {"declarations": ["nixos/modules/services/networking/jotta-cli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jottacloud Command-line Tool.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jotta-cli", "enable"], "readOnly": false, "type": "boolean"}, "services.jotta-cli.options": {"declarations": ["nixos/modules/services/networking/jotta-cli.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"stdoutlog\"\n  \"datadir\"\n  \"%h/.jottad/\"\n]"}, "description": "Command-line options passed to jottad.", "example": {"_type": "literalExpression", "text": "[ ]"}, "loc": ["services", "jotta-cli", "options"], "readOnly": false, "type": "list of string"}, "services.jotta-cli.package": {"declarations": ["nixos/modules/services/networking/jotta-cli.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jotta-cli"}, "description": "The jotta-cli package to use.", "loc": ["services", "jotta-cli", "package"], "readOnly": false, "type": "package"}, "services.journalbeat.enable": {"declarations": ["nixos/modules/services/logging/journalbeat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable journalbeat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "journalbeat", "enable"], "readOnly": false, "type": "boolean"}, "services.journalbeat.extraConfig": {"declarations": ["nixos/modules/services/logging/journalbeat.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any other configuration options you want to add", "loc": ["services", "journalbeat", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.journalbeat.name": {"declarations": ["nixos/modules/services/logging/journalbeat.nix"], "default": {"_type": "literalExpression", "text": "\"journalbeat\""}, "description": "Name of the beat", "loc": ["services", "journalbeat", "name"], "readOnly": false, "type": "string"}, "services.journalbeat.package": {"declarations": ["nixos/modules/services/logging/journalbeat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.journalbeat"}, "description": "The journalbeat package to use.", "loc": ["services", "journalbeat", "package"], "readOnly": false, "type": "package"}, "services.journalbeat.stateDir": {"declarations": ["nixos/modules/services/logging/journalbeat.nix"], "default": {"_type": "literalExpression", "text": "\"journalbeat\""}, "description": "Directory below `/var/lib/` to store journalbeat's\nown logs and other data. This directory will be created automatically\nusing systemd's StateDirectory mechanism.\n", "loc": ["services", "journalbeat", "stateDir"], "readOnly": false, "type": "string"}, "services.journalbeat.tags": {"declarations": ["nixos/modules/services/logging/journalbeat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Tags to place on the shipped log messages", "loc": ["services", "journalbeat", "tags"], "readOnly": false, "type": "list of string"}, "services.journald.audit": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "\"keep\""}, "description": "If enabled systemd-journald will turn on auditing on start-up.\nIf disabled it will turn it off. If unset it will neither enable nor disable it, leaving the previous state unchanged.\n\nNixOS defaults to leaving this unset as enabling audit without auditd running leads to spamming /dev/kmesg with random messages\nand if you enable auditd then auditd is responsible for turning auditing on.\n\nIf you want to have audit logs in journald and do not mind audit logs also ending up in /dev/kmesg you can set this option to true.\n\nIf you want to for some ununderstandable reason disable auditing if auditd enabled it then you can set this option to false.\nIt is of NixOS' opinion that setting this to false is definitely the wrong thing to do - but it's an option.\n", "loc": ["services", "journald", "audit"], "readOnly": false, "type": "boolean or value \"keep\" (singular enum)"}, "services.journald.console": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If non-empty, write log messages to the specified TTY device.", "loc": ["services", "journald", "console"], "readOnly": false, "type": "string"}, "services.journald.extraConfig": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config options for systemd-journald. See {manpage}`journald.conf(5)`\nfor available options.\n", "example": {"_type": "literalExpression", "text": "\"Storage=volatile\""}, "loc": ["services", "journald", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.journald.forwardToSyslog": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "services.rsyslogd.enable || services.syslog-ng.enable"}, "description": "Whether to forward log messages to syslog.\n", "loc": ["services", "journald", "forwardToSyslog"], "readOnly": false, "type": "boolean"}, "services.journald.gateway.cert": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file or `AF_UNIX` stream socket to read the server\ncertificate from.\n\nThe certificate must be in PEM format. This option switches\n`systemd-journal-gatewayd` into HTTPS mode and must be used together\nwith {option}`services.journald.gateway.key`.\n", "loc": ["services", "journald", "gateway", "cert"], "readOnly": false, "type": "null or string"}, "services.journald.gateway.enable": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP gateway to the journal.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "journald", "gateway", "enable"], "readOnly": false, "type": "boolean"}, "services.journald.gateway.key": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the path to a file or `AF_UNIX` stream socket to read the\nsecret server key corresponding to the certificate specified with\n{option}`services.journald.gateway.cert` from.\n\nThe key must be in PEM format.\n\nThis key should not be world-readable, and must be readably by the\n`systemd-journal-gateway` user.\n", "loc": ["services", "journald", "gateway", "key"], "readOnly": false, "type": "null or string"}, "services.journald.gateway.merge": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Serve entries interleaved from all available journals, including other\nmachines.\n\nThis has the same meaning as `--merge` option for\n{manpage}`journalctl(1)`.\n", "loc": ["services", "journald", "gateway", "merge"], "readOnly": false, "type": "boolean"}, "services.journald.gateway.port": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "19531"}, "description": "The port to listen to.\n", "loc": ["services", "journald", "gateway", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.journald.gateway.system": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Serve entries from system services and the kernel.\n\nThis has the same meaning as `--system` for {manpage}`journalctl(1)`.\n", "loc": ["services", "journald", "gateway", "system"], "readOnly": false, "type": "boolean"}, "services.journald.gateway.trust": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the path to a file or `AF_UNIX` stream socket to read a CA\ncertificate from.\n\nThe certificate must be in PEM format.\n\nSetting this option enforces client certificate checking.\n", "loc": ["services", "journald", "gateway", "trust"], "readOnly": false, "type": "null or string"}, "services.journald.gateway.user": {"declarations": ["nixos/modules/system/boot/systemd/journald-gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Serve entries from services for the current user.\n\nThis has the same meaning as `--user` for {manpage}`journalctl(1)`.\n", "loc": ["services", "journald", "gateway", "user"], "readOnly": false, "type": "boolean"}, "services.journald.rateLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "10000"}, "description": "Configures the rate limiting burst limit (number of messages per\ninterval) that is applied to all messages generated on the system.\nThis rate limiting is applied per-service, so that two services\nwhich log do not interfere with each other's limit.\n\nNote that the effective rate limit is multiplied by a factor derived\nfrom the available free disk space for the journal as described on\n{manpage}`journald.conf(5)`.\n\nNote that the total amount of logs stored is limited by journald settings\nsuch as `SystemMaxUse`, which defaults to 10% the file system size\n(capped at max 4GB), and `SystemKeepFree`, which defaults to 15% of the\nfile system size.\n\nIt is thus recommended to compute what period of time that you will be\nable to store logs for when an application logs at full burst rate.\nWith default settings for log lines that are 100 Bytes long, this can\namount to just a few hours.\n", "loc": ["services", "journald", "rateLimitBurst"], "readOnly": false, "type": "signed integer"}, "services.journald.rateLimitInterval": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Configures the rate limiting interval that is applied to all\nmessages generated on the system. This rate limiting is applied\nper-service, so that two services which log do not interfere with\neach other's limit. The value may be specified in the following\nunits: s, min, h, ms, us. To turn off any kind of rate limiting,\nset either value to 0.\n\nSee {option}`services.journald.rateLimitBurst` for important\nconsiderations when setting this value.\n", "loc": ["services", "journald", "rateLimitInterval"], "readOnly": false, "type": "string"}, "services.journald.remote.enable": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable receiving systemd journals from the network.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "journald", "remote", "enable"], "readOnly": false, "type": "boolean"}, "services.journald.remote.listen": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "\"https\""}, "description": "Which protocol to listen to.\n", "loc": ["services", "journald", "remote", "listen"], "readOnly": false, "type": "one of \"https\", \"http\""}, "services.journald.remote.output": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/journal/remote/\""}, "description": "The location of the output journal.\n\nIn case the output file is not specified, journal files will be created\nunderneath the selected directory. Files will be called\n{file}`remote-hostname.journal`, where the `hostname` part is the\nescaped hostname of the source endpoint of the connection, or the\nnumerical address if the hostname cannot be determined.\n", "loc": ["services", "journald", "remote", "output"], "readOnly": false, "type": "string"}, "services.journald.remote.port": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "19532"}, "description": "The port to listen to.\n\nNote that this option is used only if\n{option}`services.journald.upload.listen` is configured to be either\n\"https\" or \"http\".\n", "loc": ["services", "journald", "remote", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.journald.remote.settings": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration in the journal-remote configuration file. See\n{manpage}`journal-remote.conf(5)` for available options.\n", "loc": ["services", "journald", "remote", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.journald.remote.settings.Remote.Seal": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Periodically sign the data in the journal using Forward Secure\nSealing.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "journald", "remote", "settings", "Remote", "Seal"], "readOnly": false, "type": "boolean"}, "services.journald.remote.settings.Remote.ServerCertificateFile": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ssl/certs/journal-remote.pem\""}, "description": "A path to a SSL certificate file in PEM format.\n\nThis option can be used with `listen = \"https\"`. If the path\nrefers to an `AF_UNIX` stream socket in the file system a\nconnection is made to it and the certificate read from it.\n", "loc": ["services", "journald", "remote", "settings", "Remote", "ServerCertificateFile"], "readOnly": false, "type": "string"}, "services.journald.remote.settings.Remote.ServerKeyFile": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ssl/private/journal-remote.pem\""}, "description": "A path to a SSL secret key file in PEM format.\n\nNote that due to security reasons, `systemd-journal-remote` will\nrefuse files from the world-readable `/nix/store`. This file\nshould be readable by the \"\" user.\n\nThis option can be used with `listen = \"https\"`. If the path\nrefers to an `AF_UNIX` stream socket in the file system a\nconnection is made to it and the key read from it.\n", "loc": ["services", "journald", "remote", "settings", "Remote", "ServerKeyFile"], "readOnly": false, "type": "string"}, "services.journald.remote.settings.Remote.SplitMode": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "\"host\""}, "description": "With \"host\", a separate output file is used, based on the\nhostname of the other endpoint of a connection. With \"none\", only\none output journal file is used.\n", "example": {"_type": "literalExpression", "text": "\"none\""}, "loc": ["services", "journald", "remote", "settings", "Remote", "SplitMode"], "readOnly": false, "type": "one of \"host\", \"none\""}, "services.journald.remote.settings.Remote.TrustedCertificateFile": {"declarations": ["nixos/modules/system/boot/systemd/journald-remote.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ssl/ca/trusted.pem\""}, "description": "A path to a SSL CA certificate file in PEM format, or `all`.\n\nIf `all` is set, then client certificate checking will be\ndisabled.\n\nThis option can be used with `listen = \"https\"`. If the path\nrefers to an `AF_UNIX` stream socket in the file system a\nconnection is made to it and the certificate read from it.\n", "loc": ["services", "journald", "remote", "settings", "Remote", "TrustedCertificateFile"], "readOnly": false, "type": "string"}, "services.journald.storage": {"declarations": ["nixos/modules/system/boot/systemd/journald.nix"], "default": {"_type": "literalExpression", "text": "\"persistent\""}, "description": "Controls where to store journal data. See\n{manpage}`journald.conf(5)` for further information.\n", "loc": ["services", "journald", "storage"], "readOnly": false, "type": "one of \"persistent\", \"volatile\", \"auto\", \"none\""}, "services.journald.upload.enable": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uploading the systemd journal to a remote server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "journald", "upload", "enable"], "readOnly": false, "type": "boolean"}, "services.journald.upload.settings": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for journal-upload. See {manpage}`journal-upload.conf(5)`\nfor available options.\n", "loc": ["services", "journald", "upload", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.journald.upload.settings.Upload.NetworkTimeoutSec": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When network connectivity to the server is lost, this option\nconfigures the time to wait for the connectivity to get restored.\n\nIf the server is not reachable over the network for the\nconfigured time, `systemd-journal-upload` exits. Takes a value in\nseconds (or in other time units if suffixed with \"ms\", \"min\",\n\"h\", etc). For details, see {manpage}`systemd.time(5)`.\n", "example": {"_type": "literalExpression", "text": "\"1s\""}, "loc": ["services", "journald", "upload", "settings", "Upload", "NetworkTimeoutSec"], "readOnly": false, "type": "null or string"}, "services.journald.upload.settings.Upload.ServerCertificateFile": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSL CA certificate in PEM format.\n\nIn contrary to what the name suggests, this option configures the\nclient certificate sent to the remote journal server.\n", "example": {"_type": "literalExpression", "text": "./server-ca.pem"}, "loc": ["services", "journald", "upload", "settings", "Upload", "ServerCertificateFile"], "readOnly": false, "type": "null or string"}, "services.journald.upload.settings.Upload.ServerKeyFile": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSL key in PEM format.\n\nIn contrary to what the name suggests, this option configures the\nclient private key sent to the remote journal server.\n\nThis key should not be world-readable, and must be readably by\nthe `systemd-journal` group.\n", "example": {"_type": "literalExpression", "text": "./server-key.pem"}, "loc": ["services", "journald", "upload", "settings", "Upload", "ServerKeyFile"], "readOnly": false, "type": "null or string"}, "services.journald.upload.settings.Upload.TrustedCertificateFile": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSL CA certificate.\n\nThis certificate will be used to check the remote journal HTTPS\nserver certificate.\n", "example": {"_type": "literalExpression", "text": "./ca"}, "loc": ["services", "journald", "upload", "settings", "Upload", "TrustedCertificateFile"], "readOnly": false, "type": "null or string"}, "services.journald.upload.settings.Upload.URL": {"declarations": ["nixos/modules/system/boot/systemd/journald-upload.nix"], "description": "The URL to upload the journal entries to.\n\nSee the description of `--url=` option in\n{manpage}`systemd-journal-upload(8)` for the description of\npossible values.\n", "example": {"_type": "literalExpression", "text": "\"https://192.168.1.1\""}, "loc": ["services", "journald", "upload", "settings", "Upload", "URL"], "readOnly": false, "type": "string"}, "services.journaldriver.applicationCredentials": {"declarations": ["nixos/modules/services/logging/journaldriver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the service account private key (in JSON-format) used\nto forward log entries to Stackdriver Logging on non-GCP\ninstances.\n\nThis option is required on non-GCP machines, but should not be\nset on GCP instances.\n", "loc": ["services", "journaldriver", "applicationCredentials"], "readOnly": false, "type": "null or absolute path"}, "services.journaldriver.enable": {"declarations": ["nixos/modules/services/logging/journaldriver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable journaldriver to forward journald logs to\nStackdriver Logging.\n", "loc": ["services", "journaldriver", "enable"], "readOnly": false, "type": "boolean"}, "services.journaldriver.googleCloudProject": {"declarations": ["nixos/modules/services/logging/journaldriver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the name of the Google Cloud project to which to\nforward journald logs.\n\nThis option is required on non-GCP machines, but should not be\nset on GCP instances.\n", "loc": ["services", "journaldriver", "googleCloudProject"], "readOnly": false, "type": "null or string"}, "services.journaldriver.logLevel": {"declarations": ["nixos/modules/services/logging/journaldriver.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level at which journaldriver logs its own output.\n", "loc": ["services", "journaldriver", "logLevel"], "readOnly": false, "type": "string"}, "services.journaldriver.logName": {"declarations": ["nixos/modules/services/logging/journaldriver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the name of the target log in Stackdriver Logging.\nThis option can be set to, for example, the hostname of a\nmachine to improve the user experience in the logging\noverview.\n", "loc": ["services", "journaldriver", "logName"], "readOnly": false, "type": "null or string"}, "services.journaldriver.logStream": {"declarations": ["nixos/modules/services/logging/journaldriver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the name of the Stackdriver Logging log stream into\nwhich to write journald entries.\n\nThis option is required on non-GCP machines, but should not be\nset on GCP instances.\n", "loc": ["services", "journaldriver", "logStream"], "readOnly": false, "type": "null or string"}, "services.journalwatch.accuracy": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "\"10min\""}, "description": "The time window around the interval in which the journalwatch run will be scheduled.\n\nThe format is described in {manpage}`systemd.time(7)`.\n", "loc": ["services", "journalwatch", "accuracy"], "readOnly": false, "type": "string"}, "services.journalwatch.enable": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, periodically check the journal with journalwatch and report the results by mail.\n", "loc": ["services", "journalwatch", "enable"], "readOnly": false, "type": "boolean"}, "services.journalwatch.extraConfig": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the journalwatch/config configuration file.\nYou can add any commandline argument to the config, without the '--'.\nSee `journalwatch --help` for all arguments and their description.\n", "loc": ["services", "journalwatch", "extraConfig"], "readOnly": false, "type": "string"}, "services.journalwatch.filterBlocks": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    filters = ''\n      (Stopped|Stopping|Starting|Started) .*\n      (Created slice|Removed slice) user-\\d*\\.slice\\.\n      Received SIGRTMIN\\+24 from PID .*\n      (Reached target|Stopped target) .*\n      Startup finished in \\d*ms\\.\n    '';\n    match = \"SYSLOG_IDENTIFIER = systemd\";\n  }\n]"}, "description": "filterBlocks can be defined to blacklist journal messages which are not errors.\nEach block matches on a log entry field, and the filters in that block then are matched\nagainst all messages with a matching log entry field.\n\nAll messages whose PRIORITY is at least 6 (INFO) are processed by journalwatch.\nIf you don't specify any filterBlocks, PRIORITY is reduced to 5 (NOTICE) by default.\n\nAll regular expressions are extended Python regular expressions, for details\nsee: http://doc.pyschools.com/html/regex.html\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    filters = ''\n      New session [a-z]?\\d+ of user \\w+\\.\n      Removed session [a-z]?\\d+\\.\n    '';\n    match = \"_SYSTEMD_UNIT = systemd-logind.service\";\n  }\n  {\n    filters = ''\n      pam_unix\\(crond:session\\): session (opened|closed) for user \\w+\n      \\(\\w+\\) CMD .*\n    '';\n    match = \"SYSLOG_IDENTIFIER = /(CROND|crond)/\";\n  }\n]"}, "loc": ["services", "journalwatch", "filterBlocks"], "readOnly": false, "type": "list of (submodule)"}, "services.journalwatch.filterBlocks.*.filters": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "description": "The filters to apply on all messages which satisfy {option}`match`.\nAny of those messages that match any specified filter will be removed from journalwatch's output.\nEach filter is an extended Python regular expression.\nYou can specify multiple filters and separate them by newlines.\nLines starting with '#' are comments. Inline-comments are not permitted.\n", "example": {"_type": "literalExpression", "text": "''\n  (Stopped|Stopping|Starting|Started) .*\n  (Reached target|Stopped target) .*\n''"}, "loc": ["services", "journalwatch", "filterBlocks", "*", "filters"], "readOnly": false, "type": "string"}, "services.journalwatch.filterBlocks.*.match": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "description": "Syntax: `field = value`\nSpecifies the log entry `field` this block should apply to.\nIf the `field` of a message matches this `value`,\nthis patternBlock's {option}`filters` are applied.\nIf `value` starts and ends with a slash, it is interpreted as\nan extended python regular expression, if not, it's an exact match.\nThe journal fields are explained in {manpage}`systemd.journal-fields(7)`.\n", "example": {"_type": "literalExpression", "text": "\"SYSLOG_IDENTIFIER = systemd\""}, "loc": ["services", "journalwatch", "filterBlocks", "*", "match"], "readOnly": false, "type": "string"}, "services.journalwatch.interval": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "How often to run journalwatch.\n\nThe format is described in {manpage}`systemd.time(7)`.\n", "loc": ["services", "journalwatch", "interval"], "readOnly": false, "type": "string"}, "services.journalwatch.mailBinary": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "\"/run/wrappers/bin/sendmail\""}, "description": "Sendmail-compatible binary to be used to send the messages.\n", "loc": ["services", "journalwatch", "mailBinary"], "readOnly": false, "type": "absolute path"}, "services.journalwatch.mailFrom": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "\"journalwatch@${config.networking.hostName}\""}, "description": "Mail address to send journalwatch reports from.\n", "loc": ["services", "journalwatch", "mailFrom"], "readOnly": false, "type": "string"}, "services.journalwatch.mailTo": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mail address to send journalwatch reports to.\n", "loc": ["services", "journalwatch", "mailTo"], "readOnly": false, "type": "null or string"}, "services.journalwatch.package": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.journalwatch"}, "description": "The journalwatch package to use.", "loc": ["services", "journalwatch", "package"], "readOnly": false, "type": "package"}, "services.journalwatch.priority": {"declarations": ["nixos/modules/services/logging/journalwatch.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "Lowest priority of message to be considered.\nA value between 7 (\"debug\"), and 0 (\"emerg\"). Defaults to 6 (\"info\").\nIf you don't care about anything with \"info\" priority, you can reduce\nthis to e.g. 5 (\"notice\") to considerably reduce the amount of\nmessages without needing many {option}`filterBlocks`.\n", "loc": ["services", "journalwatch", "priority"], "readOnly": false, "type": "integer between 0 and 7 (both inclusive)"}, "services.joycond.enable": {"declarations": ["nixos/modules/services/hardware/joycond.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for Nintendo Pro Controllers and Joycons.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "joycond", "enable"], "readOnly": false, "type": "boolean"}, "services.joycond.package": {"declarations": ["nixos/modules/services/hardware/joycond.nix"], "default": {"_type": "literalExpression", "text": "pkgs.joycond"}, "description": "The joycond package to use.", "loc": ["services", "joycond", "package"], "readOnly": false, "type": "package"}, "services.jupyter.command": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"jupyter notebook\""}, "description": "Which command the service runs. Note that not all jupyter packages\nhave all commands, e.g. `jupyter lab` isn't present in the `notebook` package.\n", "example": {"_type": "literalExpression", "text": "\"jupyter lab\""}, "loc": ["services", "jupyter", "command"], "readOnly": false, "type": "string"}, "services.jupyter.enable": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jupyter development server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jupyter", "enable"], "readOnly": false, "type": "boolean"}, "services.jupyter.extraEnvironmentVariables": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to be set in the runtime context of jupyter notebook", "example": {"_type": "literalExpression", "text": "{\n  PLAYWRIGHT_BROWSERS_PATH = \"${pkgs.playwright-driver.browsers}\";\n  PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS = \"true\";\n}\n"}, "loc": ["services", "jupyter", "extraEnvironmentVariables"], "readOnly": false, "type": "attribute set of (null or (list of (signed integer or string or absolute path)) or signed integer or string or absolute path)"}, "services.jupyter.extraPackages": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to be available in the jupyter runtime environment", "example": {"_type": "literalExpression", "text": "[\n  pkgs.python3.pkgs.nbconvert\n  pkgs.python3.pkgs.playwright\n]\n"}, "loc": ["services", "jupyter", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.jupyter.group": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"jupyter\""}, "description": "Name of the group used to run the jupyter service.\nUse this if you want to create a group of users that are able to view the notebook directory's content.\n", "example": {"_type": "literalExpression", "text": "\"users\""}, "loc": ["services", "jupyter", "group"], "readOnly": false, "type": "string"}, "services.jupyter.ip": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "IP address Jupyter will be listening on.\n", "loc": ["services", "jupyter", "ip"], "readOnly": false, "type": "string"}, "services.jupyter.kernels": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Declarative kernel config.\n\nKernels can be declared in any language that supports and has the required\ndependencies to communicate with a jupyter server.\nIn python's case, it means that ipykernel package must always be included in\nthe list of packages of the targeted environment.\n", "example": {"_type": "literalExpression", "text": "{\n  python3 = let\n    env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [\n            ipykernel\n            pandas\n            scikit-learn\n          ]));\n  in {\n    displayName = \"Python 3 for machine learning\";\n    argv = [\n      \"${env.interpreter}\"\n      \"-m\"\n      \"ipykernel_launcher\"\n      \"-f\"\n      \"{connection_file}\"\n    ];\n    language = \"python\";\n    logo32 = \"${env.sitePackages}/ipykernel/resources/logo-32x32.png\";\n    logo64 = \"${env.sitePackages}/ipykernel/resources/logo-64x64.png\";\n    extraPaths = {\n      \"cool.txt\" = pkgs.writeText \"cool\" \"cool content\";\n    };\n  };\n}\n"}, "loc": ["services", "jupyter", "kernels"], "readOnly": false, "type": "null or (attribute set of (open submodule of (JSON value)))"}, "services.jupyter.kernels.<name>.argv": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "description": "Command and arguments to start the kernel.\n", "example": {"_type": "literalExpression", "text": "[\n  \"{customEnv.interpreter}\"\n  \"-m\"\n  \"ipykernel_launcher\"\n  \"-f\"\n  \"{connection_file}\"\n]"}, "loc": ["services", "jupyter", "kernels", "<name>", "argv"], "readOnly": false, "type": "list of string"}, "services.jupyter.kernels.<name>.displayName": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name that will be shown to the user.\n", "example": {"_type": "literalExpression", "text": "\"Python 3\"\n\"Python 3 for Data Science\"\n"}, "loc": ["services", "jupyter", "kernels", "<name>", "displayName"], "readOnly": false, "type": "string"}, "services.jupyter.kernels.<name>.env": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the kernel.\n", "example": {"_type": "literalExpression", "text": "{\n  OMP_NUM_THREADS = \"1\";\n}"}, "loc": ["services", "jupyter", "kernels", "<name>", "env"], "readOnly": false, "type": "attribute set of string"}, "services.jupyter.kernels.<name>.extraPaths": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra paths to link in kernel directory\n", "example": {"_type": "literalExpression", "text": "\"{ examples = ${env.sitePack}/IRkernel/kernelspec/kernel.js\"; }"}, "loc": ["services", "jupyter", "kernels", "<name>", "extraPaths"], "readOnly": false, "type": "attribute set of absolute path"}, "services.jupyter.kernels.<name>.language": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "description": "Language of the environment. Typically the name of the binary.\n", "example": {"_type": "literalExpression", "text": "\"python\""}, "loc": ["services", "jupyter", "kernels", "<name>", "language"], "readOnly": false, "type": "string"}, "services.jupyter.kernels.<name>.logo32": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to 32x32 logo png.\n", "example": {"_type": "literalExpression", "text": "\"${env.sitePackages}/ipykernel/resources/logo-32x32.png\""}, "loc": ["services", "jupyter", "kernels", "<name>", "logo32"], "readOnly": false, "type": "null or absolute path"}, "services.jupyter.kernels.<name>.logo64": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to 64x64 logo png.\n", "example": {"_type": "literalExpression", "text": "\"${env.sitePackages}/ipykernel/resources/logo-64x64.png\""}, "loc": ["services", "jupyter", "kernels", "<name>", "logo64"], "readOnly": false, "type": "null or absolute path"}, "services.jupyter.notebookConfig": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Raw jupyter config.\nPlease use the password configuration option to set a password instead of passing it in here.\n", "loc": ["services", "jupyter", "notebookConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jupyter.notebookDir": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"~/\""}, "description": "Root directory for notebooks.\n", "loc": ["services", "jupyter", "notebookDir"], "readOnly": false, "type": "string"}, "services.jupyter.package": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3.pkgs.jupyter"}, "description": "The jupyter package to use.", "loc": ["services", "jupyter", "package"], "readOnly": false, "type": "package"}, "services.jupyter.password": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "description": "Password to use with notebook.\nCan be generated following: <https://jupyter-server.readthedocs.io/en/stable/operators/public-server.html#preparing-a-hashed-password>\n", "example": {"_type": "literalExpression", "text": "\"argon2:$argon2id$v=19$m=10240,t=10,p=8$48hF+vTUuy1LB83/GzNhUg$J1nx4jPWD7PwOJHs5OtDW8pjYK2s0c1R3rYGbSIKB54\""}, "loc": ["services", "jupyter", "password"], "readOnly": false, "type": "string"}, "services.jupyter.port": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "8888"}, "description": "Port number Jupyter will be listening on.\n", "loc": ["services", "jupyter", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jupyter.user": {"declarations": ["nixos/modules/services/development/jupyter/default.nix"], "default": {"_type": "literalExpression", "text": "\"jupyter\""}, "description": "Name of the user used to run the jupyter service.\nFor security reason, jupyter should really not be run as root.\nIf not set (jupyter), the service will create a jupyter user with appropriate settings.\n", "example": {"_type": "literalExpression", "text": "\"aborsu\""}, "loc": ["services", "jupyter", "user"], "readOnly": false, "type": "string"}, "services.jupyterhub.authentication": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "\"jupyterhub.auth.PAMAuthenticator\""}, "description": "Jupyterhub authentication to use\n\nThere are many authenticators available including: oauth, pam,\nldap, kerberos, etc.\n", "loc": ["services", "jupyterhub", "authentication"], "readOnly": false, "type": "string"}, "services.jupyterhub.enable": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jupyterhub development server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jupyterhub", "enable"], "readOnly": false, "type": "boolean"}, "services.jupyterhub.extraConfig": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents appended to the jupyterhub configuration\n\nJupyterhub configuration is a normal python file using\nTraitlets. <https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html>. The\nbase configuration of this module was designed to have sane\ndefaults for configuration but you can override anything since\nthis is a python file.\n", "example": {"_type": "literalExpression", "text": "''\n  c.SystemdSpawner.mem_limit = '8G'\n  c.SystemdSpawner.cpu_limit = 2.0\n''"}, "loc": ["services", "jupyterhub", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jupyterhub.host": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Bind IP JupyterHub will be listening on\n", "loc": ["services", "jupyterhub", "host"], "readOnly": false, "type": "string"}, "services.jupyterhub.jupyterhubEnv": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3.withPackages (p: with p; [\n  jupyterhub\n  jupyterhub-systemdspawner\n])\n"}, "description": "Python environment to run jupyterhub\n\nCustomizing will affect the packages available in the hub and\nproxy. This will allow packages to be available for the\nextraConfig that you may need. This will not normally need to\nbe changed.\n", "loc": ["services", "jupyterhub", "jupyterhubEnv"], "readOnly": false, "type": "package"}, "services.jupyterhub.jupyterlabEnv": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3.withPackages (p: with p; [\n  jupyterhub\n  jupyterlab\n])\n"}, "description": "Python environment to run jupyterlab\n\nCustomizing will affect the packages available in the\njupyterlab server and the default kernel provided. This is the\nway to customize the jupyterlab extensions and jupyter\nnotebook extensions. This will not normally need to\nbe changed.\n", "loc": ["services", "jupyterhub", "jupyterlabEnv"], "readOnly": false, "type": "package"}, "services.jupyterhub.kernels": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Declarative kernel config\n\nKernels can be declared in any language that supports and has\nthe required dependencies to communicate with a jupyter server.\nIn python's case, it means that ipykernel package must always be\nincluded in the list of packages of the targeted environment.\n", "example": {"_type": "literalExpression", "text": "{\n  python3 = let\n    env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [\n            ipykernel\n            pandas\n            scikit-learn\n          ]));\n  in {\n    displayName = \"Python 3 for machine learning\";\n    argv = [\n      \"${env.interpreter}\"\n      \"-m\"\n      \"ipykernel_launcher\"\n      \"-f\"\n      \"{connection_file}\"\n    ];\n    language = \"python\";\n    logo32 = \"${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png\";\n    logo64 = \"${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png\";\n  };\n}\n"}, "loc": ["services", "jupyterhub", "kernels"], "readOnly": false, "type": "null or (attribute set of (open submodule of (JSON value)))"}, "services.jupyterhub.kernels.<name>.argv": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "description": "Command and arguments to start the kernel.\n", "example": {"_type": "literalExpression", "text": "[\n  \"{customEnv.interpreter}\"\n  \"-m\"\n  \"ipykernel_launcher\"\n  \"-f\"\n  \"{connection_file}\"\n]"}, "loc": ["services", "jupyterhub", "kernels", "<name>", "argv"], "readOnly": false, "type": "list of string"}, "services.jupyterhub.kernels.<name>.displayName": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name that will be shown to the user.\n", "example": {"_type": "literalExpression", "text": "\"Python 3\"\n\"Python 3 for Data Science\"\n"}, "loc": ["services", "jupyterhub", "kernels", "<name>", "displayName"], "readOnly": false, "type": "string"}, "services.jupyterhub.kernels.<name>.env": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the kernel.\n", "example": {"_type": "literalExpression", "text": "{\n  OMP_NUM_THREADS = \"1\";\n}"}, "loc": ["services", "jupyterhub", "kernels", "<name>", "env"], "readOnly": false, "type": "attribute set of string"}, "services.jupyterhub.kernels.<name>.extraPaths": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra paths to link in kernel directory\n", "example": {"_type": "literalExpression", "text": "\"{ examples = ${env.sitePack}/IRkernel/kernelspec/kernel.js\"; }"}, "loc": ["services", "jupyterhub", "kernels", "<name>", "extraPaths"], "readOnly": false, "type": "attribute set of absolute path"}, "services.jupyterhub.kernels.<name>.language": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "description": "Language of the environment. Typically the name of the binary.\n", "example": {"_type": "literalExpression", "text": "\"python\""}, "loc": ["services", "jupyterhub", "kernels", "<name>", "language"], "readOnly": false, "type": "string"}, "services.jupyterhub.kernels.<name>.logo32": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to 32x32 logo png.\n", "example": {"_type": "literalExpression", "text": "\"${env.sitePackages}/ipykernel/resources/logo-32x32.png\""}, "loc": ["services", "jupyterhub", "kernels", "<name>", "logo32"], "readOnly": false, "type": "null or absolute path"}, "services.jupyterhub.kernels.<name>.logo64": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to 64x64 logo png.\n", "example": {"_type": "literalExpression", "text": "\"${env.sitePackages}/ipykernel/resources/logo-64x64.png\""}, "loc": ["services", "jupyterhub", "kernels", "<name>", "logo64"], "readOnly": false, "type": "null or absolute path"}, "services.jupyterhub.port": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port number Jupyterhub will be listening on\n", "loc": ["services", "jupyterhub", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jupyterhub.spawner": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "\"systemdspawner.SystemdSpawner\""}, "description": "Jupyterhub spawner to use\n\nThere are many spawners available including: local process,\nsystemd, docker, kubernetes, yarn, batch, etc.\n", "loc": ["services", "jupyterhub", "spawner"], "readOnly": false, "type": "string"}, "services.jupyterhub.stateDirectory": {"declarations": ["nixos/modules/services/development/jupyterhub/default.nix"], "default": {"_type": "literalExpression", "text": "\"jupyterhub\""}, "description": "Directory for jupyterhub state (token + database)\n", "loc": ["services", "jupyterhub", "stateDirectory"], "readOnly": false, "type": "string"}, "services.kanata.enable": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kanata, a tool to improve keyboard comfort and usability with advanced customization.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanata", "enable"], "readOnly": false, "type": "boolean"}, "services.kanata.keyboards": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Keyboard configurations.", "loc": ["services", "kanata", "keyboards"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kanata.keyboards.<name>.config": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "description": "Configuration other than `defcfg`.\n\nSee [the upstream documentation](https://github.com/jtroo/kanata/blob/main/docs/config.adoc) and [example config files](https://github.com/jtroo/kanata/tree/main/cfg_samples) for more information.\n", "example": {"_type": "literalExpression", "text": "''\n  (defsrc\n    caps)\n  \n  (deflayermap (default-layer)\n    ;; tap caps lock as caps lock, hold caps lock as left control\n    caps (tap-hold 100 100 caps lctl))\n''"}, "loc": ["services", "kanata", "keyboards", "<name>", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kanata.keyboards.<name>.configFile": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "\"A config file generated by values from other kanata module options.\""}, "description": "The config file.\n\nBy default, it is generated by values from other kanata\nmodule options.\n\nYou can also set it to your own full config file which\noverrides all other kanata module options.  See [the upstream documentation](https://github.com/jtroo/kanata/blob/main/docs/config.adoc) and [example config files](https://github.com/jtroo/kanata/tree/main/cfg_samples) for more information.\n", "loc": ["services", "kanata", "keyboards", "<name>", "configFile"], "readOnly": false, "type": "absolute path"}, "services.kanata.keyboards.<name>.devices": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to keyboard devices.\n\nAn empty list, the default value, lets kanata detect which\ninput devices are keyboards and intercept them all.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/input/by-id/usb-0000_0000-event-kbd\"\n]"}, "loc": ["services", "kanata", "keyboards", "<name>", "devices"], "readOnly": false, "type": "list of string"}, "services.kanata.keyboards.<name>.extraArgs": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments passed to kanata.", "loc": ["services", "kanata", "keyboards", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.kanata.keyboards.<name>.extraDefCfg": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration of `defcfg` other than `linux-dev` (generated\nfrom the devices option) and\n`linux-continue-if-no-devs-found` (hardcoded to be yes).\n\nSee [the upstream documentation](https://github.com/jtroo/kanata/blob/main/docs/config.adoc) and [example config files](https://github.com/jtroo/kanata/tree/main/cfg_samples) for more information.\n", "example": {"_type": "literalExpression", "text": "\"danger-enable-cmd yes\""}, "loc": ["services", "kanata", "keyboards", "<name>", "extraDefCfg"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kanata.keyboards.<name>.port": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port to run the TCP server on. `null` will not run the server.\n", "example": {"_type": "literalExpression", "text": "6666"}, "loc": ["services", "kanata", "keyboards", "<name>", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kanata.package": {"declarations": ["nixos/modules/services/hardware/kanata.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kanata"}, "description": "The kanata package to use. ::: {.note}\nIf {option}`danger-enable-cmd` is enabled in any of the keyboards, the\n`kanata-with-cmd` package should be used.\n:::\n", "example": {"_type": "literalExpression", "text": "pkgs.kanata-with-cmd"}, "loc": ["services", "kanata", "package"], "readOnly": false, "type": "package"}, "services.kanboard.dataDir": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kanboard\""}, "description": "Default data folder for Kanboard.", "example": {"_type": "literalExpression", "text": "\"/mnt/kanboard\""}, "loc": ["services", "kanboard", "dataDir"], "readOnly": false, "type": "string"}, "services.kanboard.domain": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"kanboard\""}, "description": "FQDN for the Kanboard instance.", "example": {"_type": "literalExpression", "text": "\"kanboard.example.org\""}, "loc": ["services", "kanboard", "domain"], "readOnly": false, "type": "string"}, "services.kanboard.enable": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kanboard.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanboard", "enable"], "readOnly": false, "type": "boolean"}, "services.kanboard.group": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"kanboard\""}, "description": "Group under which Kanboard runs.", "loc": ["services", "kanboard", "group"], "readOnly": false, "type": "string"}, "services.kanboard.nginx": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "With this option, you can customize an NGINX virtual host which already\nhas sensible defaults for Kanboard. Set to `{ }` if you do not need any\ncustomization for the virtual host. If enabled, then by default, the\n{option}`serverName` is `${domain}`. If this is set to null (the\ndefault), no NGINX virtual host will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  enableACME = true;\n  forceSSL = true;\n}\n"}, "loc": ["services", "kanboard", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.kanboard.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "kanboard", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "kanboard", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "kanboard", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "kanboard", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.kanboard.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "kanboard", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanboard.nginx.default": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "kanboard", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "kanboard", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "kanboard", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kanboard.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "kanboard", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "kanboard", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "kanboard", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "kanboard", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "kanboard", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "kanboard", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "kanboard", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.kanboard.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "description": "Listen address.", "loc": ["services", "kanboard", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.kanboard.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "kanboard", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.kanboard.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "kanboard", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kanboard.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "kanboard", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "kanboard", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "kanboard", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.kanboard.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "kanboard", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kanboard.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.kanboard.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.kanboard.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "kanboard", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanboard.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "kanboard", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kanboard.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "kanboard", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.kanboard.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "kanboard", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.kanboard.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "kanboard", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "kanboard", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.kanboard.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.kanboard.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "kanboard", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "kanboard", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "kanboard", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "kanboard", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.kanboard.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "kanboard", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "kanboard", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.kanboard.nginx.root": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "kanboard", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.kanboard.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "kanboard", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.kanboard.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "kanboard", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.kanboard.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "kanboard", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.kanboard.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "kanboard", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.kanboard.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "kanboard", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.kanboard.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "kanboard", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.kanboard.package": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kanboard"}, "description": "The kanboard package to use.", "loc": ["services", "kanboard", "package"], "readOnly": false, "type": "package"}, "services.kanboard.phpfpm.settings": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for kanboard's PHPFPM pool.\n", "loc": ["services", "kanboard", "phpfpm", "settings"], "readOnly": false, "type": "attribute set of (signed integer or string or boolean)"}, "services.kanboard.settings": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Customize the default settings, refer to <https://github.com/kanboard/kanboard/blob/main/config.default.php>\nfor details on supported values.\n", "loc": ["services", "kanboard", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.kanboard.user": {"declarations": ["nixos/modules/services/web-apps/kanboard.nix"], "default": {"_type": "literalExpression", "text": "\"kanboard\""}, "description": "User under which Kanboard runs.", "loc": ["services", "kanboard", "user"], "readOnly": false, "type": "string"}, "services.kapacitor.alerta.enable": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kapacitor alerta integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kapacitor", "alerta", "enable"], "readOnly": false, "type": "boolean"}, "services.kapacitor.alerta.environment": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"Production\""}, "description": "Default Alerta environment", "loc": ["services", "kapacitor", "alerta", "environment"], "readOnly": false, "type": "string"}, "services.kapacitor.alerta.origin": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"kapacitor\""}, "description": "Default origin of alert", "loc": ["services", "kapacitor", "alerta", "origin"], "readOnly": false, "type": "string"}, "services.kapacitor.alerta.token": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Default Alerta authentication token", "loc": ["services", "kapacitor", "alerta", "token"], "readOnly": false, "type": "string"}, "services.kapacitor.alerta.url": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:5000\""}, "description": "The URL to the Alerta REST API", "loc": ["services", "kapacitor", "alerta", "url"], "readOnly": false, "type": "string"}, "services.kapacitor.bind": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address to bind to. The default is to bind to all addresses", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "kapacitor", "bind"], "readOnly": false, "type": "string"}, "services.kapacitor.dataDir": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kapacitor\""}, "description": "Location where Kapacitor stores its state", "loc": ["services", "kapacitor", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.kapacitor.defaultDatabase.enable": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kapacitor.defaultDatabase.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kapacitor", "defaultDatabase", "enable"], "readOnly": false, "type": "boolean"}, "services.kapacitor.defaultDatabase.password": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "description": "The password to connect to the remote InfluxDB server", "loc": ["services", "kapacitor", "defaultDatabase", "password"], "readOnly": false, "type": "string"}, "services.kapacitor.defaultDatabase.url": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "description": "The URL to an InfluxDB server that serves as the default database", "example": {"_type": "literalExpression", "text": "\"http://localhost:8086\""}, "loc": ["services", "kapacitor", "defaultDatabase", "url"], "readOnly": false, "type": "string"}, "services.kapacitor.defaultDatabase.username": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "description": "The username to connect to the remote InfluxDB server", "loc": ["services", "kapacitor", "defaultDatabase", "username"], "readOnly": false, "type": "string"}, "services.kapacitor.enable": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kapacitor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kapacitor", "enable"], "readOnly": false, "type": "boolean"}, "services.kapacitor.extraConfig": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go into kapacitord.conf verbatim.", "loc": ["services", "kapacitor", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kapacitor.group": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"kapacitor\""}, "description": "Group under which Kapacitor runs", "loc": ["services", "kapacitor", "group"], "readOnly": false, "type": "string"}, "services.kapacitor.loadDirectory": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)", "loc": ["services", "kapacitor", "loadDirectory"], "readOnly": false, "type": "null or absolute path"}, "services.kapacitor.port": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "9092"}, "description": "Port of Kapacitor", "loc": ["services", "kapacitor", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kapacitor.taskSnapshotInterval": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"1m0s\""}, "description": "Specifies how often to snapshot the task state  (in InfluxDB time units)", "loc": ["services", "kapacitor", "taskSnapshotInterval"], "readOnly": false, "type": "string"}, "services.kapacitor.user": {"declarations": ["nixos/modules/services/monitoring/kapacitor.nix"], "default": {"_type": "literalExpression", "text": "\"kapacitor\""}, "description": "User account under which Kapacitor runs", "loc": ["services", "kapacitor", "user"], "readOnly": false, "type": "string"}, "services.karakeep.browser.enable": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the karakeep-browser service that runs a chromium instance in\nthe background with debugging ports exposed. This is necessary for\ncertain features like screenshots.\n", "loc": ["services", "karakeep", "browser", "enable"], "readOnly": false, "type": "boolean"}, "services.karakeep.browser.exe": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "${pkgs.chromium}/bin/chromium"}, "description": "The browser executable (must be Chrome-like).", "example": {"_type": "literalExpression", "text": "${pkgs.google-chrome}/bin/google-chrome-stable"}, "loc": ["services", "karakeep", "browser", "exe"], "readOnly": false, "type": "string"}, "services.karakeep.browser.port": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "9222"}, "description": "The port the browser should run on.", "loc": ["services", "karakeep", "browser", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.karakeep.enable": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable the Karakeep service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "karakeep", "enable"], "readOnly": false, "type": "boolean"}, "services.karakeep.environmentFile": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An optional path to an environment file that will be used in the web and workers\nservices. This is useful for loading private keys.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/karakeep/secrets.env\""}, "loc": ["services", "karakeep", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.karakeep.extraEnvironment": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to pass to Karakaeep. This is how most settings\ncan be configured. Changing DATA_DIR is possible but not supported.\n\nSee <https://docs.karakeep.app/configuration/environment-variables>\n", "example": {"_type": "literalExpression", "text": "{\n  PORT = \"1234\";\n  DISABLE_SIGNUPS = \"true\";\n  DISABLE_NEW_RELEASE_CHECK = \"true\";\n}\n"}, "loc": ["services", "karakeep", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.karakeep.meilisearch.enable": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Meilisearch and configure Karakeep to use it. Meilisearch is\nrequired for text search.\n", "loc": ["services", "karakeep", "meilisearch", "enable"], "readOnly": false, "type": "boolean"}, "services.karakeep.package": {"declarations": ["nixos/modules/services/web-apps/karakeep.nix"], "default": {"_type": "literalExpression", "text": "pkgs.karakeep"}, "description": "The karakeep package to use.", "loc": ["services", "karakeep", "package"], "readOnly": false, "type": "package"}, "services.karma.configFile": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "\"A configuration file generated from the provided nix attributes settings option.\""}, "description": "A YAML config file which can be used to configure karma instead of the nix-generated file.\n", "example": {"_type": "literalExpression", "text": "\"/etc/karma/karma.conf\""}, "loc": ["services", "karma", "configFile"], "readOnly": false, "type": "absolute path"}, "services.karma.enable": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Karma dashboard service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "karma", "enable"], "readOnly": false, "type": "boolean"}, "services.karma.environment": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to provide to karma.\n", "example": {"_type": "literalExpression", "text": "{\n  ALERTMANAGER_NAME = \"single\";\n  ALERTMANAGER_URI = \"https://alertmanager.example.com\";\n}"}, "loc": ["services", "karma", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.karma.extraOptions": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--alertmanager.timeout 10s\"\n]"}, "loc": ["services", "karma", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.karma.openFirewall": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall needed for karma to function.\n", "loc": ["services", "karma", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.karma.package": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "pkgs.karma"}, "description": "The karma package to use.", "loc": ["services", "karma", "package"], "readOnly": false, "type": "package"}, "services.karma.settings": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "{\n  listen = {\n    address = \"127.0.0.1\";\n  };\n}"}, "description": "Karma dashboard configuration as nix attributes.\n\nReference: <https://github.com/prymitive/karma/blob/main/docs/CONFIGURATION.md>\n", "example": {"_type": "literalExpression", "text": "{\n  alertmanager = {\n    interval = \"15s\";\n    servers = [\n      {\n        name = \"prod\";\n        uri = \"http://alertmanager.example.com\";\n      }\n    ];\n  };\n  listen = {\n    address = \"192.168.1.4\";\n    port = \"8000\";\n    prefix = \"/dashboard\";\n  };\n}"}, "loc": ["services", "karma", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.karma.settings.listen.address": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Hostname or IP to listen on.\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "karma", "settings", "listen", "address"], "readOnly": false, "type": "string"}, "services.karma.settings.listen.port": {"declarations": ["nixos/modules/services/monitoring/karma.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "HTTP port to listen on.\n", "example": {"_type": "literalExpression", "text": "8182"}, "loc": ["services", "karma", "settings", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kasmweb.datastorePath": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kasmweb\""}, "description": "The directory used to store all data for kasmweb.\n", "loc": ["services", "kasmweb", "datastorePath"], "readOnly": false, "type": "string"}, "services.kasmweb.defaultAdminPassword": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "default admin password to use.\n", "loc": ["services", "kasmweb", "defaultAdminPassword"], "readOnly": false, "type": "string"}, "services.kasmweb.defaultGuacToken": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "default guac token to use.\n", "loc": ["services", "kasmweb", "defaultGuacToken"], "readOnly": false, "type": "string"}, "services.kasmweb.defaultManagerToken": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "default manager token to use.\n", "loc": ["services", "kasmweb", "defaultManagerToken"], "readOnly": false, "type": "string"}, "services.kasmweb.defaultRegistrationToken": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "default registration token to use.\n", "loc": ["services", "kasmweb", "defaultRegistrationToken"], "readOnly": false, "type": "string"}, "services.kasmweb.defaultUserPassword": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "default user password to use.\n", "loc": ["services", "kasmweb", "defaultUserPassword"], "readOnly": false, "type": "string"}, "services.kasmweb.enable": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kasmweb.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kasmweb", "enable"], "readOnly": false, "type": "boolean"}, "services.kasmweb.listenAddress": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address on which kasmweb should listen.\n", "loc": ["services", "kasmweb", "listenAddress"], "readOnly": false, "type": "string"}, "services.kasmweb.listenPort": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "The port on which kasmweb should listen.\n", "loc": ["services", "kasmweb", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kasmweb.networkSubnet": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"172.20.0.0/16\""}, "description": "The network subnet to use for the containers.\n", "loc": ["services", "kasmweb", "networkSubnet"], "readOnly": false, "type": "string"}, "services.kasmweb.postgres.password": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "password to use for the postgres database.\n", "loc": ["services", "kasmweb", "postgres", "password"], "readOnly": false, "type": "string"}, "services.kasmweb.postgres.user": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "Username to use for the postgres database.\n", "loc": ["services", "kasmweb", "postgres", "user"], "readOnly": false, "type": "string"}, "services.kasmweb.redisPassword": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "\"kasmweb\""}, "description": "password to use for the redis cache.\n", "loc": ["services", "kasmweb", "redisPassword"], "readOnly": false, "type": "string"}, "services.kasmweb.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SSL certificate to be used for kasmweb.\n", "loc": ["services", "kasmweb", "sslCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.kasmweb.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/kasmweb/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SSL certificate's key to be used for kasmweb. Make sure to specify\nthis as a string and not a literal path, so that it is not accidentally\nincluded in your nixstore.\n", "loc": ["services", "kasmweb", "sslCertificateKey"], "readOnly": false, "type": "null or absolute path"}, "services.kavita.dataDir": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kavita\""}, "description": "The directory where Kavita stores its state.", "loc": ["services", "kavita", "dataDir"], "readOnly": false, "type": "string"}, "services.kavita.enable": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kavita reading server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kavita", "enable"], "readOnly": false, "type": "boolean"}, "services.kavita.package": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kavita"}, "description": "The kavita package to use.", "loc": ["services", "kavita", "package"], "readOnly": false, "type": "package"}, "services.kavita.settings": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Kavita configuration options, as configured in {file}`appsettings.json`.\n", "loc": ["services", "kavita", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.kavita.settings.IpAddresses": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0,::\""}, "description": "IP Addresses to bind to. The default is to bind to all IPv4 and IPv6 addresses.\n", "loc": ["services", "kavita", "settings", "IpAddresses"], "readOnly": false, "type": "strings concatenated with \",\""}, "services.kavita.settings.Port": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port to bind to.", "loc": ["services", "kavita", "settings", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kavita.tokenKeyFile": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "description": "A file containing the TokenKey, a secret with at 512+ bits.\nIt can be generated with `head -c 64 /dev/urandom | base64 --wrap=0`.\n", "loc": ["services", "kavita", "tokenKeyFile"], "readOnly": false, "type": "absolute path"}, "services.kavita.user": {"declarations": ["nixos/modules/services/web-apps/kavita.nix"], "default": {"_type": "literalExpression", "text": "\"kavita\""}, "description": "User account under which Kavita runs.", "loc": ["services", "kavita", "user"], "readOnly": false, "type": "string"}, "services.kbfs.enable": {"declarations": ["nixos/modules/services/network-filesystems/kbfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to mount the Keybase filesystem.", "loc": ["services", "kbfs", "enable"], "readOnly": false, "type": "boolean"}, "services.kbfs.enableRedirector": {"declarations": ["nixos/modules/services/network-filesystems/kbfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Keybase root redirector service, allowing\nany user to access KBFS files via `/keybase`,\nwhich will show different contents depending on the requester.\n", "loc": ["services", "kbfs", "enableRedirector"], "readOnly": false, "type": "boolean"}, "services.kbfs.extraFlags": {"declarations": ["nixos/modules/services/network-filesystems/kbfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional flags to pass to the Keybase filesystem on launch.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-label kbfs\"\n  \"-mount-type normal\"\n]"}, "loc": ["services", "kbfs", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.kbfs.mountPoint": {"declarations": ["nixos/modules/services/network-filesystems/kbfs.nix"], "default": {"_type": "literalExpression", "text": "\"%h/keybase\""}, "description": "Mountpoint for the Keybase filesystem.", "example": {"_type": "literalExpression", "text": "\"/keybase\""}, "loc": ["services", "kbfs", "mountPoint"], "readOnly": false, "type": "string"}, "services.keepalived.enable": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Keepalived.\n", "loc": ["services", "keepalived", "enable"], "readOnly": false, "type": "boolean"}, "services.keepalived.enableScriptSecurity": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.\n", "loc": ["services", "keepalived", "enableScriptSecurity"], "readOnly": false, "type": "boolean"}, "services.keepalived.extraConfig": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the configuration file.\n", "loc": ["services", "keepalived", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.keepalived.extraGlobalDefs": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the 'global_defs' block of the\nconfiguration file\n", "loc": ["services", "keepalived", "extraGlobalDefs"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.keepalived.openFirewall": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically allow VRRP and AH packets in the firewall.\n", "loc": ["services", "keepalived", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.keepalived.package": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.keepalived"}, "description": "The keepalived package to use.", "loc": ["services", "keepalived", "package"], "readOnly": false, "type": "package"}, "services.keepalived.secretFile": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment variables from this file will be interpolated into the\nfinal config file using envsubst with this syntax: `$ENVIRONMENT`\nor `${VARIABLE}`.\nThe file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/keepalived.env\""}, "loc": ["services", "keepalived", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.keepalived.snmp.enable": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the builtin AgentX subagent.\n", "loc": ["services", "keepalived", "snmp", "enable"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.enableChecker": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SNMP handling of checker element of KEEPALIVED MIB.\n", "loc": ["services", "keepalived", "snmp", "enableChecker"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.enableKeepalived": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SNMP handling of vrrp element of KEEPALIVED MIB.\n", "loc": ["services", "keepalived", "snmp", "enableKeepalived"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.enableRfc": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs.\n", "loc": ["services", "keepalived", "snmp", "enableRfc"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.enableRfcV2": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SNMP handling of RFC2787 VRRP MIB.\n", "loc": ["services", "keepalived", "snmp", "enableRfcV2"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.enableRfcV3": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SNMP handling of RFC6527 VRRP MIB.\n", "loc": ["services", "keepalived", "snmp", "enableRfcV3"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.enableTraps": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SNMP traps.\n", "loc": ["services", "keepalived", "snmp", "enableTraps"], "readOnly": false, "type": "boolean"}, "services.keepalived.snmp.socket": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Socket to use for connecting to SNMP master agent. If this value is\nset to null, keepalived's default will be used, which is\nunix:/var/agentx/master, unless using a network namespace, when the\ndefault is udp:localhost:705.\n", "loc": ["services", "keepalived", "snmp", "socket"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative vhost config", "loc": ["services", "keepalived", "vrrpInstances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.keepalived.vrrpInstances.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the vrrp_instance section.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.keepalived.vrrpInstances.<name>.interface": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "description": "Interface for inside_network, bound by vrrp.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "interface"], "readOnly": false, "type": "string"}, "services.keepalived.vrrpInstances.<name>.noPreempt": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "VRRP will normally preempt a lower priority machine when a higher\npriority machine comes online. \"nopreempt\" allows the lower priority\nmachine to maintain the master role, even when a higher priority machine\ncomes back online. NOTE: For this to work, the initial state of this\nentry must be BACKUP.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "noPreempt"], "readOnly": false, "type": "boolean"}, "services.keepalived.vrrpInstances.<name>.priority": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "For electing MASTER, highest priority wins. To be MASTER, make 50 more\nthan other machines.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.keepalived.vrrpInstances.<name>.state": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "\"BACKUP\""}, "description": "Initial state. As soon as the other machine(s) come up, an election will\nbe held and the machine with the highest \"priority\" will become MASTER.\nSo the entry here doesn't matter a whole lot.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "state"], "readOnly": false, "type": "one of \"MASTER\", \"BACKUP\""}, "services.keepalived.vrrpInstances.<name>.trackInterfaces": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of network interfaces to monitor for health tracking.", "example": {"_type": "literalExpression", "text": "[\n  \"eth0\"\n  \"eth1\"\n]"}, "loc": ["services", "keepalived", "vrrpInstances", "<name>", "trackInterfaces"], "readOnly": false, "type": "list of string"}, "services.keepalived.vrrpInstances.<name>.trackScripts": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of script names to invoke for health tracking.", "example": {"_type": "literalExpression", "text": "[\n  \"chk_cmd1\"\n  \"chk_cmd2\"\n]"}, "loc": ["services", "keepalived", "vrrpInstances", "<name>", "trackScripts"], "readOnly": false, "type": "list of string"}, "services.keepalived.vrrpInstances.<name>.unicastPeers": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Do not send VRRP adverts over VRRP multicast group. Instead it sends\nadverts to the following list of ip addresses using unicast design\nfashion. It can be cool to use VRRP FSM and features in a networking\nenvironment where multicast is not supported! IP Addresses specified can\nIPv4 as well as IPv6.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "unicastPeers"], "readOnly": false, "type": "list of string"}, "services.keepalived.vrrpInstances.<name>.unicastSrcIp": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default IP for binding vrrpd is the primary IP on interface. If you\nwant to hide location of vrrpd, use this IP as src_addr for unicast\nvrrp packets.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "unicastSrcIp"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances.<name>.useVmac": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use VRRP Virtual MAC.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "useVmac"], "readOnly": false, "type": "boolean"}, "services.keepalived.vrrpInstances.<name>.virtualIps": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Declarative vhost config", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualIps"], "readOnly": false, "type": "list of (submodule)"}, "services.keepalived.vrrpInstances.<name>.virtualIps.*.addr": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "description": "IP address, optionally with a netmask: IPADDR[/MASK]\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualIps", "*", "addr"], "readOnly": false, "type": "string"}, "services.keepalived.vrrpInstances.<name>.virtualIps.*.brd": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The broadcast address on the interface.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualIps", "*", "brd"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances.<name>.virtualIps.*.dev": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the device to add the address to.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualIps", "*", "dev"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances.<name>.virtualIps.*.label": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Each address may be tagged with a label string. In order to preserve\ncompatibility with Linux-2.0 net aliases, this string must coincide with\nthe name of the device or must be prefixed with the device name followed\nby colon.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualIps", "*", "label"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances.<name>.virtualIps.*.scope": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The scope of the area where this address is valid.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualIps", "*", "scope"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances.<name>.virtualRouterId": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "description": "Arbitrary unique number 1..255. Used to differentiate multiple instances\nof vrrpd running on the same NIC (and hence same socket).\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "virtualRouterId"], "readOnly": false, "type": "integer between 1 and 255 (both inclusive)"}, "services.keepalived.vrrpInstances.<name>.vmacInterface": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the vmac interface to use. keepalived will come up with a name\nif you don't specify one.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "vmacInterface"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpInstances.<name>.vmacXmitBase": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send/Recv VRRP messages from base interface instead of VMAC interface.\n", "loc": ["services", "keepalived", "vrrpInstances", "<name>", "vmacXmitBase"], "readOnly": false, "type": "boolean"}, "services.keepalived.vrrpScripts": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative vrrp script config", "loc": ["services", "keepalived", "vrrpScripts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.keepalived.vrrpScripts.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the vrrp_script section.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.keepalived.vrrpScripts.<name>.fall": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Required number of failures for KO transition.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "fall"], "readOnly": false, "type": "signed integer"}, "services.keepalived.vrrpScripts.<name>.group": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of group to run the script under. Defaults to user group.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "group"], "readOnly": false, "type": "null or string"}, "services.keepalived.vrrpScripts.<name>.interval": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Seconds between script invocations.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "interval"], "readOnly": false, "type": "signed integer"}, "services.keepalived.vrrpScripts.<name>.rise": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Required number of successes for OK transition.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "rise"], "readOnly": false, "type": "signed integer"}, "services.keepalived.vrrpScripts.<name>.script": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "description": "(Path of) Script command to execute followed by args, i.e. cmd [args]...", "example": {"_type": "literalExpression", "text": "\"${pkgs.curl} -f http://localhost:80\""}, "loc": ["services", "keepalived", "vrrpScripts", "<name>", "script"], "readOnly": false, "type": "string"}, "services.keepalived.vrrpScripts.<name>.timeout": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Seconds after which script is considered to have failed.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "timeout"], "readOnly": false, "type": "signed integer"}, "services.keepalived.vrrpScripts.<name>.user": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "\"keepalived_script\""}, "description": "Name of user to run the script under.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "user"], "readOnly": false, "type": "string"}, "services.keepalived.vrrpScripts.<name>.weight": {"declarations": ["nixos/modules/services/networking/keepalived/default.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Following a failure, adjust the priority by this weight.", "loc": ["services", "keepalived", "vrrpScripts", "<name>", "weight"], "readOnly": false, "type": "signed integer"}, "services.kerberos_server.enable": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the kerberos authentication server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kerberos_server", "enable"], "readOnly": false, "type": "boolean"}, "services.kerberos_server.extraKDCArgs": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the KDC process. See {manpage}`kdc(8)`.\n", "loc": ["services", "kerberos_server", "extraKDCArgs"], "readOnly": false, "type": "list of string"}, "services.kerberos_server.settings": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the kerberos server of choice.\n\nSee the following documentation:\n- Heimdal: {manpage}`kdc.conf(5)`\n- MIT Kerberos: <https://web.mit.edu/kerberos/krb5-1.21/doc/admin/conf_files/kdc_conf.html>\n", "loc": ["services", "kerberos_server", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of ((list of attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean)) or attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean) or (list of (signed integer or string or boolean)) or signed integer or string or boolean)"}, "services.kerberos_server.settings.include": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to include in the Kerberos configuration.\n", "loc": ["services", "kerberos_server", "settings", "include"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "services.kerberos_server.settings.includedir": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories containing files to include in the Kerberos configuration.\n", "loc": ["services", "kerberos_server", "settings", "includedir"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "services.kerberos_server.settings.module": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Modules to obtain Kerberos configuration from.\n", "loc": ["services", "kerberos_server", "settings", "module"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "services.kerberos_server.settings.realms": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "description": "The realm(s) to serve keys for.\n", "loc": ["services", "kerberos_server", "settings", "realms"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of ((list of attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean)) or attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean) or (list of (signed integer or string or boolean)) or signed integer or string or boolean))"}, "services.kerberos_server.settings.realms.<name>.acl": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    access = \"all\";\n    principal = \"*/admin\";\n  }\n  {\n    access = \"all\";\n    principal = \"admin\";\n  }\n]"}, "description": "The privileges granted to a user.\n", "loc": ["services", "kerberos_server", "settings", "realms", "<name>", "acl"], "readOnly": false, "type": "list of (submodule)"}, "services.kerberos_server.settings.realms.<name>.acl.*.access": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "\"all\""}, "description": "The changes the principal is allowed to make.\n\n:::{.important}\nThe \"all\" permission does not imply the \"get-keys\" permission. This\nis consistent with the behavior of both MIT Kerberos and Heimdal.\n:::\n\n:::{.warning}\nValue \"all\" is allowed as a list member only if it appears alone\nor accompanied by \"get-keys\". Any other combination involving\n\"all\" will raise an exception.\n:::\n", "loc": ["services", "kerberos_server", "settings", "realms", "<name>", "acl", "*", "access"], "readOnly": false, "type": "(list of (one of \"all\", \"add\", \"cpw\", \"delete\", \"get-keys\", \"get\", \"list\", \"modify\")) or string convertible to it"}, "services.kerberos_server.settings.realms.<name>.acl.*.principal": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "description": "Which principal the rule applies to", "loc": ["services", "kerberos_server", "settings", "realms", "<name>", "acl", "*", "principal"], "readOnly": false, "type": "string"}, "services.kerberos_server.settings.realms.<name>.acl.*.target": {"declarations": ["nixos/modules/services/system/kerberos/default.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "The principals that 'access' applies to.", "loc": ["services", "kerberos_server", "settings", "realms", "<name>", "acl", "*", "target"], "readOnly": false, "type": "string"}, "services.keter.bundle.appName": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "\"myapp\""}, "description": "The name keter assigns to this bundle", "loc": ["services", "keter", "bundle", "appName"], "readOnly": false, "type": "string"}, "services.keter.bundle.domain": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "\"example.com\""}, "description": "The domain keter will bind to", "loc": ["services", "keter", "bundle", "domain"], "readOnly": false, "type": "string"}, "services.keter.bundle.executable": {"declarations": ["nixos/modules/services/web-servers/keter"], "description": "The executable to be run", "loc": ["services", "keter", "bundle", "executable"], "readOnly": false, "type": "absolute path"}, "services.keter.bundle.publicScript": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Allows loading of public environment variables,\nthese are emitted to the log so it shouldn't contain secrets.\n", "example": {"_type": "literalExpression", "text": "\"ADMIN_EMAIL=hi@example.com\""}, "loc": ["services", "keter", "bundle", "publicScript"], "readOnly": false, "type": "string"}, "services.keter.bundle.secretScript": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Allows loading of private environment variables", "example": {"_type": "literalExpression", "text": "\"MY_AWS_KEY=$(cat /run/keys/AWS_ACCESS_KEY_ID)\""}, "loc": ["services", "keter", "bundle", "secretScript"], "readOnly": false, "type": "string"}, "services.keter.enable": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable keter, a web app deployment manager.\nNote that this module only support loading of webapps:\nKeep an old app running and swap the ports when the new one is booted\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "keter", "enable"], "readOnly": false, "type": "boolean"}, "services.keter.globalKeterConfig": {"declarations": ["nixos/modules/services/web-servers/keter"], "description": "Global config for keter, see <https://github.com/snoyberg/keter/blob/master/etc/keter-config.yaml> for reference", "loc": ["services", "keter", "globalKeterConfig"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.keter.globalKeterConfig.ip-from-header": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "true"}, "description": "You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather then it being localhost (due to reverse proxying)", "loc": ["services", "keter", "globalKeterConfig", "ip-from-header"], "readOnly": false, "type": "boolean"}, "services.keter.globalKeterConfig.listeners": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "[\n  {\n    host = \"*\";\n    port = 6981;\n  }\n]"}, "description": "You want that ip-from-header in\nthe nginx setup case.\nIt allows nginx setting the original ip address rather\nthen it being localhost (due to reverse proxying).\nHowever if you configure keter to accept connections\ndirectly you may want to set this to false.", "loc": ["services", "keter", "globalKeterConfig", "listeners"], "readOnly": false, "type": "list of (submodule)"}, "services.keter.globalKeterConfig.listeners.*.host": {"declarations": ["nixos/modules/services/web-servers/keter"], "description": "host", "loc": ["services", "keter", "globalKeterConfig", "listeners", "*", "host"], "readOnly": false, "type": "string"}, "services.keter.globalKeterConfig.listeners.*.port": {"declarations": ["nixos/modules/services/web-servers/keter"], "description": "port", "loc": ["services", "keter", "globalKeterConfig", "listeners", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.keter.globalKeterConfig.rotate-logs": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "false"}, "description": "emits keter logs and it's applications to stderr.\nwhich allows journald to capture them.\nSet to true to let keter put the logs in files\n(useful on non systemd systems, this is the old approach\nwhere keter handled log management)", "loc": ["services", "keter", "globalKeterConfig", "rotate-logs"], "readOnly": false, "type": "boolean"}, "services.keter.package": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "pkgs.haskellPackages.keter"}, "description": "The keter package to use.", "loc": ["services", "keter", "package"], "readOnly": false, "type": "package"}, "services.keter.root": {"declarations": ["nixos/modules/services/web-servers/keter"], "default": {"_type": "literalExpression", "text": "\"/var/lib/keter\""}, "description": "Mutable state folder for keter", "loc": ["services", "keter", "root"], "readOnly": false, "type": "string"}, "services.keybase.enable": {"declarations": ["nixos/modules/services/networking/keybase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to start the Keybase service.", "loc": ["services", "keybase", "enable"], "readOnly": false, "type": "boolean"}, "services.keycloak.database.caCert": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SSL / TLS CA certificate that verifies the identity of the\ndatabase server.\n\nRequired when PostgreSQL is used and SSL is turned on.\n\nFor MySQL, if left at `null`, the default\nJava keystore is used, which should suffice if the server\ncertificate is issued by an official CA.\n", "loc": ["services", "keycloak", "database", "caCert"], "readOnly": false, "type": "null or absolute path"}, "services.keycloak.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a database should be automatically created on the\nlocal host. Set this to false if you plan on provisioning a\nlocal database yourself. This has no effect if\nservices.keycloak.database.host is customized.\n", "loc": ["services", "keycloak", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.keycloak.database.host": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname of the database to connect to.\n\nFor PostgreSQL, this can also be a path to a Unix socket\ndirectory (e.g., `/run/postgresql`) to use peer authentication.\nThis requires adding `junixsocket-common` and `junixsocket-native-common`\nto [](#opt-services.keycloak.plugins).\n", "loc": ["services", "keycloak", "database", "host"], "readOnly": false, "type": "string"}, "services.keycloak.database.name": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "\"keycloak\""}, "description": "Database name to use when connecting to an external or\nmanually provisioned database; has no effect when a local\ndatabase is automatically provisioned.\n\nTo use this with a local database, set [](#opt-services.keycloak.database.createLocally) to\n`false` and create the database and user\nmanually.\n", "loc": ["services", "keycloak", "database", "name"], "readOnly": false, "type": "string"}, "services.keycloak.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the database password.\n\nNot required when using Unix socket authentication (peer auth)\nby setting `host` to a socket path like `/run/postgresql`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/db_password\""}, "loc": ["services", "keycloak", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.keycloak.database.port": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalMD", "text": "default port of selected database"}, "description": "Port of the database to connect to.\n", "loc": ["services", "keycloak", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.keycloak.database.type": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql\""}, "description": "The type of database Keycloak should connect to.\n", "example": {"_type": "literalExpression", "text": "\"mariadb\""}, "loc": ["services", "keycloak", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"mariadb\", \"postgresql\""}, "services.keycloak.database.useSSL": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "config.services.keycloak.database.host != \"localhost\" && !lib.hasPrefix \"/\" config.services.keycloak.database.host"}, "description": "Whether the database connection should be secured by SSL / TLS.\n\nDefaults to `false` for localhost and Unix socket connections.\n", "loc": ["services", "keycloak", "database", "useSSL"], "readOnly": false, "type": "boolean"}, "services.keycloak.database.username": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "\"keycloak\""}, "description": "Username to use when connecting to an external or manually\nprovisioned database; has no effect when a local database is\nautomatically provisioned.\n\nTo use this with a local database, set [](#opt-services.keycloak.database.createLocally) to\n`false` and create the database and user\nmanually.\n", "loc": ["services", "keycloak", "database", "username"], "readOnly": false, "type": "string"}, "services.keycloak.enable": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Keycloak identity and access management\nserver.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "keycloak", "enable"], "readOnly": false, "type": "boolean"}, "services.keycloak.initialAdminPassword": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Initial password set for the temporary `admin` user.\nThe password is not stored safely and should be changed\nimmediately in the admin panel.\n\nSee [Admin bootstrap and recovery](https://www.keycloak.org/server/bootstrap-admin-recovery) for details.\n", "loc": ["services", "keycloak", "initialAdminPassword"], "readOnly": false, "type": "null or string"}, "services.keycloak.package": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "pkgs.keycloak"}, "description": "The keycloak package to use.", "loc": ["services", "keycloak", "package"], "readOnly": false, "type": "package"}, "services.keycloak.plugins": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keycloak plugin jar, ear files or derivations containing\nthem. Packaged plugins are available through\n`pkgs.keycloak.plugins`.\n", "loc": ["services", "keycloak", "plugins"], "readOnly": false, "type": "list of absolute path"}, "services.keycloak.realmFiles": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Realm files that the server is going to import during startup.\nIf a realm already exists in the server, the import operation is\nskipped. Importing the master realm is not supported. All files are\nexpected to be in `json` format. See the\n[documentation](https://www.keycloak.org/server/importExport) for\nfurther information.\n", "example": {"_type": "literalExpression", "text": "[\n  ./some/realm.json\n  ./another/realm.json\n]\n"}, "loc": ["services", "keycloak", "realmFiles"], "readOnly": false, "type": "list of absolute path"}, "services.keycloak.settings": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "description": "Configuration options corresponding to parameters set in\n{file}`conf/keycloak.conf`.\n\nMost available options are documented at <https://www.keycloak.org/server/all-config>.\n\nOptions containing secret data should be set to an attribute\nset containing the attribute `_secret` - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting\n{file}`conf/keycloak.conf` file, the\n`https-key-store-password` key will be set\nto the contents of the\n{file}`/run/keys/store_password` file.\n", "example": {"_type": "literalExpression", "text": "{\n  hostname = \"keycloak.example.com\";\n  https-key-store-file = \"/path/to/file\";\n  https-key-store-password = { _secret = \"/run/keys/store_password\"; };\n}\n"}, "loc": ["services", "keycloak", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or signed integer or boolean or attribute set of absolute path)"}, "services.keycloak.settings.hostname": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "description": "The hostname part of the public URL used as base for\nall frontend requests.\n\nSee <https://www.keycloak.org/server/hostname>\nfor more information about hostname configuration.\n", "example": {"_type": "literalExpression", "text": "\"keycloak.example.com\""}, "loc": ["services", "keycloak", "settings", "hostname"], "readOnly": false, "type": "null or string"}, "services.keycloak.settings.hostname-backchannel-dynamic": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables dynamic resolving of backchannel URLs,\nincluding hostname, scheme, port and context path.\n\nSee <https://www.keycloak.org/server/hostname>\nfor more information about hostname configuration.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "keycloak", "settings", "hostname-backchannel-dynamic"], "readOnly": false, "type": "boolean"}, "services.keycloak.settings.http-host": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "On which address Keycloak should accept new connections.\n", "example": {"_type": "literalExpression", "text": "\"::1\""}, "loc": ["services", "keycloak", "settings", "http-host"], "readOnly": false, "type": "string"}, "services.keycloak.settings.http-port": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "On which port Keycloak should listen for new HTTP connections.\n", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "keycloak", "settings", "http-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.keycloak.settings.http-relative-path": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "The path relative to `/` for serving\nresources.\n\n::: {.note}\nIn versions of Keycloak using Wildfly (&lt;17),\nthis defaulted to `/auth`. If\nupgrading from the Wildfly version of Keycloak,\ni.e. a NixOS version before 22.05, you'll likely\nwant to set this to `/auth` to\nkeep compatibility with your clients.\n\nSee <https://www.keycloak.org/migration/migrating-to-quarkus>\nfor more information on migrating from Wildfly to Quarkus.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/auth\""}, "loc": ["services", "keycloak", "settings", "http-relative-path"], "readOnly": false, "type": "string"}, "services.keycloak.settings.https-port": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "On which port Keycloak should listen for new HTTPS connections.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "keycloak", "settings", "https-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.keycloak.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a PEM formatted certificate to use for TLS/SSL\nconnections.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/ssl_cert\""}, "loc": ["services", "keycloak", "sslCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.keycloak.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a PEM formatted private key to use for TLS/SSL\nconnections.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/ssl_key\""}, "loc": ["services", "keycloak", "sslCertificateKey"], "readOnly": false, "type": "null or absolute path"}, "services.keycloak.themes": {"declarations": ["nixos/modules/services/web-apps/keycloak.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional theme packages for Keycloak. Each theme is linked into\nsubdirectory with a corresponding attribute name.\n\nTheme packages consist of several subdirectories which provide\ndifferent theme types: for example, `account`,\n`login` etc. After adding a theme to this option you\ncan select it by its name in Keycloak administration console.\n", "loc": ["services", "keycloak", "themes"], "readOnly": false, "type": "attribute set of package"}, "services.keyd.enable": {"declarations": ["nixos/modules/services/hardware/keyd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable keyd, a key remapping daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "keyd", "enable"], "readOnly": false, "type": "boolean"}, "services.keyd.keyboards": {"declarations": ["nixos/modules/services/hardware/keyd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for one or more device IDs. Corresponding files in the /etc/keyd/ directory are created according to the name of the keys (like `default` or `externalKeyboard`).\n", "example": {"_type": "literalExpression", "text": "{\n  default = {\n    ids = [ \"*\" ];\n    settings = {\n      main = {\n        capslock = \"overload(control, esc)\";\n      };\n    };\n  };\n  externalKeyboard = {\n    ids = [ \"1ea7:0907\" ];\n    settings = {\n      main = {\n        esc = capslock;\n      };\n    };\n  };\n}\n"}, "loc": ["services", "keyd", "keyboards"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.keyd.keyboards.<name>.extraConfig": {"declarations": ["nixos/modules/services/hardware/keyd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration that is appended to the end of the file.\n**Do not** write `ids` section here, use a separate option for it.\nYou can use this option to define compound layers that must always be defined after the layer they are comprised.\n", "example": {"_type": "literalExpression", "text": "''\n  [control+shift]\n  h = left\n''"}, "loc": ["services", "keyd", "keyboards", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.keyd.keyboards.<name>.ids": {"declarations": ["nixos/modules/services/hardware/keyd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Device identifiers, as shown by {manpage}`keyd(1)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"*\"\n  \"-0123:0456\"\n]"}, "loc": ["services", "keyd", "keyboards", "<name>", "ids"], "readOnly": false, "type": "list of string"}, "services.keyd.keyboards.<name>.settings": {"declarations": ["nixos/modules/services/hardware/keyd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration, except `ids` section, that is written to {file}`/etc/keyd/<keyboard>.conf`.\nAppropriate names can be used to write non-alpha keys, for example \"equal\" instead of \"=\" sign (see <https://github.com/NixOS/nixpkgs/issues/236622>).\nSee <https://github.com/rvaiya/keyd> how to configure.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    capslock = \"overload(control, esc)\";\n    rightalt = \"layer(rightalt)\";\n  };\n  rightalt = {\n    h = \"left\";\n    j = \"down\";\n    k = \"up\";\n    l = \"right\";\n  };\n}"}, "loc": ["services", "keyd", "keyboards", "<name>", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.keyd.package": {"declarations": ["nixos/modules/services/hardware/keyd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.keyd"}, "description": "The keyd package to use.", "loc": ["services", "keyd", "package"], "readOnly": false, "type": "package"}, "services.kimai.sites": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more Kimai sites to serve", "loc": ["services", "kimai", "sites"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kimai.sites.<name>.database.charset": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "\"utf8mb4\""}, "description": "Database charset.", "loc": ["services", "kimai", "sites", "<name>", "database", "charset"], "readOnly": false, "type": "string"}, "services.kimai.sites.<name>.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "kimai", "sites", "<name>", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.kimai.sites.<name>.database.host": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "kimai", "sites", "<name>", "database", "host"], "readOnly": false, "type": "string"}, "services.kimai.sites.<name>.database.name": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "\"kimai\""}, "description": "Database name.", "loc": ["services", "kimai", "sites", "<name>", "database", "name"], "readOnly": false, "type": "string"}, "services.kimai.sites.<name>.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/kimai-dbpassword\""}, "loc": ["services", "kimai", "sites", "<name>", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.kimai.sites.<name>.database.port": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "kimai", "sites", "<name>", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kimai.sites.<name>.database.serverVersion": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MySQL *exact* version string. Not used if `createdLocally` is set,\nbut must be set otherwise. See\n<https://www.kimai.org/documentation/installation.html#column-table_name-in-where-clause-is-ambiguous>\nfor how to set this value, especially if you're using MariaDB.\n", "loc": ["services", "kimai", "sites", "<name>", "database", "serverVersion"], "readOnly": false, "type": "null or string"}, "services.kimai.sites.<name>.database.socket": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "loc": ["services", "kimai", "sites", "<name>", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.kimai.sites.<name>.database.user": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "\"kimai\""}, "description": "Database user.", "loc": ["services", "kimai", "sites", "<name>", "database", "user"], "readOnly": false, "type": "string"}, "services.kimai.sites.<name>.environmentFile": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Securely pass environment variabels to Kimai. This can be used to\nset other environement variables such as MAILER_URL.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/kimai.env\""}, "loc": ["services", "kimai", "sites", "<name>", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.kimai.sites.<name>.package": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kimai"}, "description": "The kimai package to use.", "loc": ["services", "kimai", "sites", "<name>", "package"], "readOnly": false, "type": "package"}, "services.kimai.sites.<name>.poolConfig": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the Kimai PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "kimai", "sites", "<name>", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.kimai.sites.<name>.settings": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structural Kimai's local.yaml configuration.\nRefer to <https://www.kimai.org/documentation/local-yaml.html#localyaml>\nfor details.\n", "example": {"_type": "literalExpression", "text": "{\n  kimai = {\n    timesheet = {\n      rounding = {\n        default = {\n          begin = 15;\n          end = 15;\n        };\n      };\n    };\n  };\n}\n"}, "loc": ["services", "kimai", "sites", "<name>", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.kimai.webserver": {"declarations": ["nixos/modules/services/web-apps/kimai.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "The webserver to configure for the PHP frontend.\n\nAt the moment, only `nginx` is supported. PRs are welcome for support\nfor other web servers.\n", "loc": ["services", "kimai", "webserver"], "readOnly": false, "type": "value \"nginx\" (singular enum)"}, "services.kismet.dataDir": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kismet\""}, "description": "The Kismet data directory.", "loc": ["services", "kismet", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.kismet.enable": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kismet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kismet", "enable"], "readOnly": false, "type": "boolean"}, "services.kismet.extraConfig": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Literal Kismet config lines appended to the site config.\nNote that `services.kismet.settings` allows you to define\nall options here using Nix attribute sets.\n", "example": {"_type": "literalExpression", "text": "''\n  # Looks like the following in `services.kismet.settings`:\n  # wepkey = [ \"00:DE:AD:C0:DE:00\" \"FEEDFACE42\" ];\n  wepkey=00:DE:AD:C0:DE:00,FEEDFACE42\n''"}, "loc": ["services", "kismet", "extraConfig"], "readOnly": false, "type": "string"}, "services.kismet.group": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"kismet\""}, "description": "The group to run Kismet as.", "loc": ["services", "kismet", "group"], "readOnly": false, "type": "string"}, "services.kismet.httpd.address": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address to listen on. Note that this cannot be a hostname or Kismet will not start.", "loc": ["services", "kismet", "httpd", "address"], "readOnly": false, "type": "string"}, "services.kismet.httpd.enable": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "True to enable the HTTP server.", "loc": ["services", "kismet", "httpd", "enable"], "readOnly": false, "type": "boolean"}, "services.kismet.httpd.port": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "2501"}, "description": "The port to listen on.", "loc": ["services", "kismet", "httpd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kismet.logTypes": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"kismet\"\n]"}, "description": "The log types.", "loc": ["services", "kismet", "logTypes"], "readOnly": false, "type": "list of string"}, "services.kismet.package": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kismet"}, "description": "The kismet package to use.", "loc": ["services", "kismet", "package"], "readOnly": false, "type": "package"}, "services.kismet.serverDescription": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"NixOS Kismet server\""}, "description": "The description of the server.", "loc": ["services", "kismet", "serverDescription"], "readOnly": false, "type": "string"}, "services.kismet.serverName": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"Kismet\""}, "description": "The name of the server.", "loc": ["services", "kismet", "serverName"], "readOnly": false, "type": "string"}, "services.kismet.settings": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for Kismet. See:\nhttps://www.kismetwireless.net/docs/readme/configuring/configfiles/\n", "example": {"_type": "literalExpression", "text": "{\n  /* Examples for atoms */\n  # dot11_link_bssts=false\n  dot11_link_bssts = false; # Boolean\n\n  # dot11_related_bss_window=10000000\n  dot11_related_bss_window = 10000000; # Integer\n\n  # devicefound=00:11:22:33:44:55\n  devicefound = \"00:11:22:33:44:55\"; # String\n\n  # log_types+=wiglecsv\n  log_types' = \"wiglecsv\";\n\n  /* Examples for lists of atoms */\n  # wepkey=00:DE:AD:C0:DE:00,FEEDFACE42\n  wepkey = [ \"00:DE:AD:C0:DE:00\" \"FEEDFACE42\" ];\n\n  # alert=ADHOCCONFLICT,5/min,1/sec\n  # alert=ADVCRYPTCHANGE,5/min,1/sec\n  alert = [\n    [ \"ADHOCCONFLICT\"  \"5/min\" \"1/sec\" ]\n    [ \"ADVCRYPTCHANGE\" \"5/min\" \"1/sec\" ]\n  ];\n\n  /* Examples for sets of atoms */\n  # source=wlan0:name=ath11k\n  source.wlan0 = { name = \"ath11k\"; };\n\n  /* Examples with colon-suffixed headers */\n  # gps=gpsd:host=localhost,port=2947\n  gps.gpsd = {\n    host = \"localhost\";\n    port = 2947;\n  };\n\n  # apspoof=Foo1:ssid=Bar1,validmacs=\"00:11:22:33:44:55,aa:bb:cc:dd:ee:ff\"\n  # apspoof=Foo1:ssid=Bar2,validmacs=\"01:12:23:34:45:56,ab:bc:cd:de:ef:f0\"\n  # apspoof=Foo2:ssid=Baz1,validmacs=\"11:22:33:44:55:66,bb:cc:dd:ee:ff:00\"\n  apspoof.Foo1 = [\n    { ssid = \"Bar1\"; validmacs = [ \"00:11:22:33:44:55\" \"aa:bb:cc:dd:ee:ff\" ]; }\n    { ssid = \"Bar2\"; validmacs = [ \"01:12:23:34:45:56\" \"ab:bc:cd:de:ef:f0\" ]; }\n  ];\n\n  # because Foo1 is a list, Foo2 needs to be as well\n  apspoof.Foo2 = [\n    {\n      ssid = \"Bar2\";\n      validmacs = [ \"00:11:22:33:44:55\" \"aa:bb:cc:dd:ee:ff\" ];\n    };\n  ];\n}\n"}, "loc": ["services", "kismet", "settings"], "readOnly": false, "type": "Kismet config stanza"}, "services.kismet.user": {"declarations": ["nixos/modules/services/networking/kismet.nix"], "default": {"_type": "literalExpression", "text": "\"kismet\""}, "description": "The user to run Kismet as.", "loc": ["services", "kismet", "user"], "readOnly": false, "type": "string"}, "services.klipper.apiSocket": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "\"/run/klipper/api\""}, "description": "Path of the API socket to create.", "loc": ["services", "klipper", "apiSocket"], "readOnly": false, "type": "null or absolute path"}, "services.klipper.configDir": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/klipper\""}, "description": "Path to Klipper config file.", "loc": ["services", "klipper", "configDir"], "readOnly": false, "type": "absolute path"}, "services.klipper.configFile": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to default Klipper config.", "loc": ["services", "klipper", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.klipper.enable": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Klipper, the 3D printer firmware.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "klipper", "enable"], "readOnly": false, "type": "boolean"}, "services.klipper.extraSettings": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to append to the generated Klipper configuration.", "loc": ["services", "klipper", "extraSettings"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.klipper.firmwares": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Firmwares Klipper should manage", "example": {"_type": "literalExpression", "text": "{\n  mcu = {\n    configFile = {\n      _type = \"literalExpression\";\n      text = \"./klipper-firmware.cfg\";\n    };\n    enable = true;\n    enableKlipperFlash = true;\n    serial = \"/dev/serial/by-id/usb-Klipper_123ABCDEF\";\n  };\n}"}, "loc": ["services", "klipper", "firmwares"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.klipper.firmwares.<name>.configFile": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "description": "Path to firmware config which is generated using `klipper-genconf`", "loc": ["services", "klipper", "firmwares", "<name>", "configFile"], "readOnly": false, "type": "absolute path"}, "services.klipper.firmwares.<name>.enable": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable building of firmware for manual flashing\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "klipper", "firmwares", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.klipper.firmwares.<name>.enableKlipperFlash": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable flashings scripts for firmware. This will add `klipper-flash-$mcu` scripts to your environment which can be called to flash the firmware.\nPlease check the configs at [klipper](https://github.com/Klipper3d/klipper/tree/master/config) whether your board supports flashing via `make flash`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "klipper", "firmwares", "<name>", "enableKlipperFlash"], "readOnly": false, "type": "boolean"}, "services.klipper.firmwares.<name>.klipperFlashPackage": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "description": "Path to the built klipper-flash package.", "loc": ["services", "klipper", "firmwares", "<name>", "klipperFlashPackage"], "readOnly": true, "type": "null or package"}, "services.klipper.firmwares.<name>.package": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "description": "Path to the built firmware package.", "loc": ["services", "klipper", "firmwares", "<name>", "package"], "readOnly": true, "type": "null or package"}, "services.klipper.firmwares.<name>.serial": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "config.services.klipper.settings.<name>.serial"}, "description": "Path to serial port this printer is connected to. Derived from `service.klipper.settings` by default.", "loc": ["services", "klipper", "firmwares", "<name>", "serial"], "readOnly": false, "type": "null or absolute path"}, "services.klipper.group": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group account under which Klipper runs.\n\nIf null is specified (default), a temporary user will be created by systemd.\n", "loc": ["services", "klipper", "group"], "readOnly": false, "type": "null or string"}, "services.klipper.inputTTY": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "\"/run/klipper/tty\""}, "description": "Path of the virtual printer symlink to create.", "loc": ["services", "klipper", "inputTTY"], "readOnly": false, "type": "absolute path"}, "services.klipper.logFile": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the file Klipper should log to.\nIf `null`, it logs to stdout, which is not recommended by upstream.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/klipper/klipper.log\""}, "loc": ["services", "klipper", "logFile"], "readOnly": false, "type": "null or absolute path"}, "services.klipper.mutableConfig": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to manage the config outside of NixOS.\n\nIt will still be initialized with the defined NixOS config if the file doesn't already exist.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "klipper", "mutableConfig"], "readOnly": false, "type": "boolean"}, "services.klipper.octoprintIntegration": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allows Octoprint to control Klipper.", "loc": ["services", "klipper", "octoprintIntegration"], "readOnly": false, "type": "boolean"}, "services.klipper.package": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.klipper"}, "description": "The klipper package to use.", "loc": ["services", "klipper", "package"], "readOnly": false, "type": "package"}, "services.klipper.settings": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for Klipper. See the [documentation](https://www.klipper3d.org/Overview.html#configuration-and-tuning-guides)\nfor supported values.\n", "loc": ["services", "klipper", "settings"], "readOnly": false, "type": "null or (attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them))"}, "services.klipper.user": {"declarations": ["nixos/modules/services/misc/klipper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User account under which Klipper runs.\n\nIf null is specified (default), a temporary user will be created by systemd.\n", "loc": ["services", "klipper", "user"], "readOnly": false, "type": "null or string"}, "services.kmonad.enable": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable KMonad: an advanced keyboard manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmonad", "enable"], "readOnly": false, "type": "boolean"}, "services.kmonad.extraArgs": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to KMonad.", "example": {"_type": "literalExpression", "text": "[\n  \"--log-level\"\n  \"debug\"\n]"}, "loc": ["services", "kmonad", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.kmonad.keyboards": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Keyboard configuration.", "loc": ["services", "kmonad", "keyboards"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kmonad.keyboards.<name>.config": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "description": "Keyboard configuration.", "loc": ["services", "kmonad", "keyboards", "<name>", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kmonad.keyboards.<name>.defcfg.allowCommands": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable keys to run shell commands.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmonad", "keyboards", "<name>", "defcfg", "allowCommands"], "readOnly": false, "type": "boolean"}, "services.kmonad.keyboards.<name>.defcfg.compose.delay": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The delay (in milliseconds) between compose key sequences.", "loc": ["services", "kmonad", "keyboards", "<name>", "defcfg", "compose", "delay"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.kmonad.keyboards.<name>.defcfg.compose.key": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "\"ralt\""}, "description": "The (optional) compose key to use.", "loc": ["services", "kmonad", "keyboards", "<name>", "defcfg", "compose", "key"], "readOnly": false, "type": "null or string"}, "services.kmonad.keyboards.<name>.defcfg.enable": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic generation of the defcfg block.\n\nWhen this option is set to true, the config option for\nthis keyboard should not include a defcfg block\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmonad", "keyboards", "<name>", "defcfg", "enable"], "readOnly": false, "type": "boolean"}, "services.kmonad.keyboards.<name>.defcfg.fallthrough": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable re-emitting unhandled key events.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmonad", "keyboards", "<name>", "defcfg", "fallthrough"], "readOnly": false, "type": "boolean"}, "services.kmonad.keyboards.<name>.device": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "description": "Path to the keyboard's device file.", "example": {"_type": "literalExpression", "text": "\"/dev/input/by-id/some-dev\""}, "loc": ["services", "kmonad", "keyboards", "<name>", "device"], "readOnly": false, "type": "absolute path"}, "services.kmonad.keyboards.<name>.enableHardening": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable systemd hardening.\n\n::: {.note}\nIf KMonad is used to execute shell commands, hardening may make some of them fail.\n:::\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "kmonad", "keyboards", "<name>", "enableHardening"], "readOnly": false, "type": "boolean"}, "services.kmonad.keyboards.<name>.extraGroups": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra permission groups to attach to the KMonad instance for\nthis keyboard.\n\nSince KMonad runs as an unprivileged user, it may sometimes\nneed extra permissions in order to read the keyboard device\nfile.  If your keyboard's device file isn't in the input\ngroup, you'll need to list its group in this option.\n", "loc": ["services", "kmonad", "keyboards", "<name>", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.kmonad.keyboards.<name>.name": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Keyboard name.", "example": {"_type": "literalExpression", "text": "\"laptop-internal\""}, "loc": ["services", "kmonad", "keyboards", "<name>", "name"], "readOnly": false, "type": "string"}, "services.kmonad.package": {"declarations": ["nixos/modules/services/hardware/kmonad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kmonad"}, "description": "The KMonad package to use.", "loc": ["services", "kmonad", "package"], "readOnly": false, "type": "package"}, "services.kmscon.autologinUser": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username of the account that will be automatically logged in at the console.\nIf unspecified, a login prompt is shown as usual.\n", "loc": ["services", "kmscon", "autologinUser"], "readOnly": false, "type": "null or string"}, "services.kmscon.enable": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kmscon as the virtual console instead of gettys.\nkmscon is a kms/dri-based userspace virtual terminal implementation.\nIt supports a richer feature set than the standard linux console VT,\nincluding full unicode support, and when the video card supports drm\nshould be much faster\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmscon", "enable"], "readOnly": false, "type": "boolean"}, "services.kmscon.extraConfig": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents of the kmscon.conf file.", "example": {"_type": "literalExpression", "text": "\"font-size=14\""}, "loc": ["services", "kmscon", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kmscon.extraOptions": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra flags to pass to kmscon.", "example": {"_type": "literalExpression", "text": "\"--term xterm-256color\""}, "loc": ["services", "kmscon", "extraOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.kmscon.fonts": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fonts used by kmscon, in order of priority.", "example": {"_type": "literalExpression", "text": "[ { name = \"Source Code Pro\"; package = pkgs.source-code-pro; } ]"}, "loc": ["services", "kmscon", "fonts"], "readOnly": false, "type": "null or (non-empty (list of (submodule)))"}, "services.kmscon.fonts.*.name": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "description": "Font name, as used by fontconfig.", "loc": ["services", "kmscon", "fonts", "*", "name"], "readOnly": false, "type": "string"}, "services.kmscon.fonts.*.package": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "description": "Package providing the font.", "loc": ["services", "kmscon", "fonts", "*", "package"], "readOnly": false, "type": "package"}, "services.kmscon.hwRender": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable 3D hardware acceleration to render the console.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmscon", "hwRender"], "readOnly": false, "type": "boolean"}, "services.kmscon.package": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kmscon"}, "description": "The kmscon package to use.", "loc": ["services", "kmscon", "package"], "readOnly": false, "type": "package"}, "services.kmscon.useXkbConfig": {"declarations": ["nixos/modules/services/ttys/kmscon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure keymap from xserver keyboard settings.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kmscon", "useXkbConfig"], "readOnly": false, "type": "boolean"}, "services.knot-resolver.enable": {"declarations": ["nixos/modules/services/networking/knot-resolver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable knot-resolver (version 6) domain name server.\nDNSSEC validation is turned on by default.\nIf you want to use knot-resolver 5, please use services.kresd.\n", "loc": ["services", "knot-resolver", "enable"], "readOnly": false, "type": "boolean"}, "services.knot-resolver.managerPackage": {"declarations": ["nixos/modules/services/networking/knot-resolver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.knot-resolver-manager_6"}, "description": "The knot-resolver-manager_6 package to use.", "example": {"_type": "literalExpression", "text": "pkgs.knot-resolver-manager_6.override { extraFeatures = true; }"}, "loc": ["services", "knot-resolver", "managerPackage"], "readOnly": false, "type": "package"}, "services.knot-resolver.settings": {"declarations": ["nixos/modules/services/networking/knot-resolver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Nix-based (RFC 42) configuration for Knot Resolver.\nFor configuration reference (described as YAML) see\n<https://www.knot-resolver.cz/documentation/latest/config-overview.html>\n", "loc": ["services", "knot-resolver", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.knot-resolver.settings.network.listen": {"declarations": ["nixos/modules/services/networking/knot-resolver.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    interface = [ \"127.0.0.1\" ];\n    kind = \"dns\";\n    freebind = false;\n  }\n]\n++ lib.optionals config.networking.enableIPv6 [\n  {\n    interface = [ \"::1\" ];\n    kind = \"dns\";\n    freebind = false;\n  }\n ];\n"}, "description": "List of interfaces to listen to and its configuration.", "loc": ["services", "knot-resolver", "settings", "network", "listen"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.knot-resolver.settings.workers": {"declarations": ["nixos/modules/services/networking/knot-resolver.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The number of running kresd (Knot Resolver daemon) workers. If set to 'auto', it is equal to number of CPUs available.\n", "loc": ["services", "knot-resolver", "settings", "workers"], "readOnly": false, "type": "value \"auto\" (singular enum) or (unsigned integer, meaning >=0)"}, "services.knot.checkConfig": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "''\n  Disabled when the config uses `keyFiles` or `enableXDP`.\n''"}, "description": "Toggles the configuration test at build time. It runs in a\nsandbox, and therefore cannot be used in all scenarios.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "knot", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.knot.enable": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Knot authoritative-only DNS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "knot", "enable"], "readOnly": false, "type": "boolean"}, "services.knot.enableXDP": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "''\n  Enabled when the `xdp.listen` setting is configured through `settings`.\n''"}, "description": "Extends the systemd unit with permissions to allow for the use of\nthe eXpress Data Path (XDP).\n\n::: {.note}\n  Make sure to read up on functional [limitations](https://www.knot-dns.cz/docs/latest/singlehtml/index.html#mode-xdp-limitations)\n  when running in XDP mode.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "knot", "enableXDP"], "readOnly": false, "type": "boolean"}, "services.knot.extraArgs": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional command line parameters for knotd\n", "loc": ["services", "knot", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.knot.keyFiles": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing additional configuration\nto be included using the include directive. This option\nallows to include configuration like TSIG keys without\nexposing them to the nix store readable to any process.\nNote that using this option will also disable configuration\nchecks at build time.\n", "loc": ["services", "knot", "keyFiles"], "readOnly": false, "type": "list of absolute path"}, "services.knot.package": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.knot-dns"}, "description": "The knot-dns package to use.", "loc": ["services", "knot", "package"], "readOnly": false, "type": "package"}, "services.knot.settings": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration as nix values.\n", "loc": ["services", "knot", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.knot.settingsFile": {"declarations": ["nixos/modules/services/networking/knot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "As alternative to ``settings``, you can provide whole configuration\ndirectly in the almost-YAML format of Knot DNS.\nYou might want to utilize ``pkgs.writeText \"knot.conf\" \"longConfigString\"`` for this.\n", "loc": ["services", "knot", "settingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.komga.enable": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Komga, a free and open source comics/mangas media server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "komga", "enable"], "readOnly": false, "type": "boolean"}, "services.komga.group": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "default": {"_type": "literalExpression", "text": "\"komga\""}, "description": "Group under which Komga runs.", "loc": ["services", "komga", "group"], "readOnly": false, "type": "string"}, "services.komga.openFirewall": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.komga.settings.server.port`.", "loc": ["services", "komga", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.komga.settings": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "description": "Komga configuration.\n\nSee [documentation](https://komga.org/docs/installation/configuration).\n", "loc": ["services", "komga", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.komga.settings.server.port": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port that Komga will listen on.", "loc": ["services", "komga", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.komga.stateDir": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/komga\""}, "description": "State and configuration directory Komga will use.", "loc": ["services", "komga", "stateDir"], "readOnly": false, "type": "string"}, "services.komga.user": {"declarations": ["nixos/modules/services/web-apps/komga.nix"], "default": {"_type": "literalExpression", "text": "\"komga\""}, "description": "User account under which Komga runs.", "loc": ["services", "komga", "user"], "readOnly": false, "type": "string"}, "services.komodo-periphery.allowedIps": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "IP addresses or subnets allowed to call the periphery API. Empty list allows all.", "example": {"_type": "literalExpression", "text": "[\n  \"::ffff:12.34.56.78\"\n  \"10.0.10.0/24\"\n]"}, "loc": ["services", "komodo-periphery", "allowedIps"], "readOnly": false, "type": "list of string"}, "services.komodo-periphery.bindIp": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "IP address to bind to.", "loc": ["services", "komodo-periphery", "bindIp"], "readOnly": false, "type": "string"}, "services.komodo-periphery.configFile": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the periphery configuration file. If null, a configuration file will be generated from the module options.", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"periphery.toml\" ''\n  port = 8120\n  bind_ip = \"[::]\"\n  ssl_enabled = true\n  [logging]\n  level = \"info\"\n''\n"}, "loc": ["services", "komodo-periphery", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.komodo-periphery.containerStatsPollingRate": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"30-sec\""}, "description": "Container stats polling interval.", "example": {"_type": "literalExpression", "text": "\"1-min\""}, "loc": ["services", "komodo-periphery", "containerStatsPollingRate"], "readOnly": false, "type": "string"}, "services.komodo-periphery.disableContainerExec": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable remote container shell access through Periphery.", "loc": ["services", "komodo-periphery", "disableContainerExec"], "readOnly": false, "type": "boolean"}, "services.komodo-periphery.disableTerminals": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable remote shell access through Periphery.", "loc": ["services", "komodo-periphery", "disableTerminals"], "readOnly": false, "type": "boolean"}, "services.komodo-periphery.enable": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Periphery, a multi-server Docker and Git deployment agent by Komodo.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "komodo-periphery", "enable"], "readOnly": false, "type": "boolean"}, "services.komodo-periphery.environment": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the service.", "example": {"_type": "literalExpression", "text": "{\n  DOCKER_HOST = \"unix:///var/run/docker.sock\";\n  RUST_LOG = \"komodo=debug\";\n}"}, "loc": ["services", "komodo-periphery", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.komodo-periphery.environmentFile": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file for additional configuration via environment variables.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/komodo-periphery.env\""}, "loc": ["services", "komodo-periphery", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.komodo-periphery.excludeDiskMounts": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Exclude these mount paths from disk reporting.", "example": {"_type": "literalExpression", "text": "[\n  \"/tmp\"\n  \"/boot\"\n]"}, "loc": ["services", "komodo-periphery", "excludeDiskMounts"], "readOnly": false, "type": "list of string"}, "services.komodo-periphery.extraSettings": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra settings to add to the generated TOML config.", "example": {"_type": "literalExpression", "text": "{\n  secrets = {\n    GITHUB_TOKEN = \"ghp_xxxx\";\n  };\n}"}, "loc": ["services", "komodo-periphery", "extraSettings"], "readOnly": false, "type": "TOML value"}, "services.komodo-periphery.group": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"komodo-periphery\""}, "description": "Group under which the Periphery agent runs.", "loc": ["services", "komodo-periphery", "group"], "readOnly": false, "type": "string"}, "services.komodo-periphery.includeDiskMounts": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Only include these mount paths in disk reporting.", "example": {"_type": "literalExpression", "text": "[\n  \"/mnt/data\"\n  \"/mnt/backup\"\n]"}, "loc": ["services", "komodo-periphery", "includeDiskMounts"], "readOnly": false, "type": "list of string"}, "services.komodo-periphery.legacyComposeCli": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use `docker-compose` instead of `docker compose`.", "loc": ["services", "komodo-periphery", "legacyComposeCli"], "readOnly": false, "type": "boolean"}, "services.komodo-periphery.logging.level": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Logging verbosity level.", "loc": ["services", "komodo-periphery", "logging", "level"], "readOnly": false, "type": "one of \"off\", \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.komodo-periphery.logging.otlpEndpoint": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "OpenTelemetry OTLP endpoint for traces.", "example": {"_type": "literalExpression", "text": "\"http://localhost:4317\""}, "loc": ["services", "komodo-periphery", "logging", "otlpEndpoint"], "readOnly": false, "type": "string"}, "services.komodo-periphery.logging.stdio": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"standard\""}, "description": "Logging format for stdout/stderr.", "loc": ["services", "komodo-periphery", "logging", "stdio"], "readOnly": false, "type": "one of \"standard\", \"json\", \"none\""}, "services.komodo-periphery.package": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "pkgs.komodo"}, "description": "The komodo package to use.", "loc": ["services", "komodo-periphery", "package"], "readOnly": false, "type": "package"}, "services.komodo-periphery.passkeys": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Passkeys required to access the periphery API.\nWARNING: These will be stored in the Nix store in plain text!\n", "example": {"_type": "literalExpression", "text": "[\n  \"your-secure-passkey\"\n]"}, "loc": ["services", "komodo-periphery", "passkeys"], "readOnly": false, "type": "list of string"}, "services.komodo-periphery.port": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "8120"}, "description": "Port for the Periphery agent to listen on.", "loc": ["services", "komodo-periphery", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.komodo-periphery.rootDirectory": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/komodo-periphery\""}, "description": "Root directory for Komodo Periphery data.", "loc": ["services", "komodo-periphery", "rootDirectory"], "readOnly": false, "type": "absolute path"}, "services.komodo-periphery.ssl.certFile": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.komodo-periphery.rootDirectory}/ssl/cert.pem\""}, "description": "Path to SSL certificate file.", "loc": ["services", "komodo-periphery", "ssl", "certFile"], "readOnly": false, "type": "absolute path"}, "services.komodo-periphery.ssl.enable": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable SSL/TLS support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "komodo-periphery", "ssl", "enable"], "readOnly": false, "type": "boolean"}, "services.komodo-periphery.ssl.keyFile": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.komodo-periphery.rootDirectory}/ssl/key.pem\""}, "description": "Path to SSL key file.", "loc": ["services", "komodo-periphery", "ssl", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.komodo-periphery.statsPollingRate": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"5-sec\""}, "description": "System stats polling interval.", "example": {"_type": "literalExpression", "text": "\"10-sec\""}, "loc": ["services", "komodo-periphery", "statsPollingRate"], "readOnly": false, "type": "string"}, "services.komodo-periphery.user": {"declarations": ["nixos/modules/services/admin/komodo-periphery.nix"], "default": {"_type": "literalExpression", "text": "\"komodo-periphery\""}, "description": "User under which the Periphery agent runs.", "loc": ["services", "komodo-periphery", "user"], "readOnly": false, "type": "string"}, "services.kresd.enable": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable knot-resolver (version 5) domain name server.\nDNSSEC validation is turned on by default.\nYou can run `kresd-cli 1` and give commands interactively to kresd@1.service.\nIf you want to user knot-resolver 6, please use services.knot-resolver.\n", "loc": ["services", "kresd", "enable"], "readOnly": false, "type": "boolean"}, "services.kresd.extraConfig": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to the generated configuration file.\nSee upstream documentation <https://www.knot-resolver.cz/documentation/stable/config-overview.html> for more details.\n", "loc": ["services", "kresd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.kresd.instances": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The number of instances to start.  They will be called kresd@{1,2,...}.service.\nKnot Resolver uses no threads, so this is the way to scale.\nYou can dynamically start/stop them at will, so this is just system default.\n", "loc": ["services", "kresd", "instances"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.kresd.listenDoH": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484).\nFor detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"198.51.100.1:443\"\n  \"[2001:db8::1]:443\"\n  \"443\"\n]"}, "loc": ["services", "kresd", "listenDoH"], "readOnly": false, "type": "list of string"}, "services.kresd.listenPlain": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"[::1]:53\"\n  \"127.0.0.1:53\"\n]"}, "description": "What addresses and ports the server should listen on.\nFor detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"53\"\n]"}, "loc": ["services", "kresd", "listenPlain"], "readOnly": false, "type": "list of string"}, "services.kresd.listenTLS": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858).\nFor detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"198.51.100.1:853\"\n  \"[2001:db8::1]:853\"\n  \"853\"\n]"}, "loc": ["services", "kresd", "listenTLS"], "readOnly": false, "type": "list of string"}, "services.kresd.package": {"declarations": ["nixos/modules/services/networking/kresd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.knot-resolver_5"}, "description": "The knot-resolver_5 package to use.", "example": {"_type": "literalExpression", "text": "knot-resolver_5.override { extraFeatures = true; }"}, "loc": ["services", "kresd", "package"], "readOnly": false, "type": "package"}, "services.kthxbye.alertmanager.timeout": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"1m0s\""}, "description": "Alertmanager request timeout duration in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.\n", "example": {"_type": "literalExpression", "text": "\"30s\""}, "loc": ["services", "kthxbye", "alertmanager", "timeout"], "readOnly": false, "type": "string"}, "services.kthxbye.alertmanager.uri": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:9093\""}, "description": "Alertmanager URI to use.\n", "example": {"_type": "literalExpression", "text": "\"https://alertmanager.example.com\""}, "loc": ["services", "kthxbye", "alertmanager", "uri"], "readOnly": false, "type": "string"}, "services.kthxbye.enable": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kthxbye alert acknowledgement management daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kthxbye", "enable"], "readOnly": false, "type": "boolean"}, "services.kthxbye.extendBy": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"15m0s\""}, "description": "Extend silences by adding DURATION seconds.\n\nDURATION should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.\n", "example": {"_type": "literalExpression", "text": "\"6h0m0s\""}, "loc": ["services", "kthxbye", "extendBy"], "readOnly": false, "type": "string"}, "services.kthxbye.extendIfExpiringIn": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"5m0s\""}, "description": "Extend silences that are about to expire in the next DURATION seconds.\n\nDURATION should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.\n", "example": {"_type": "literalExpression", "text": "\"1m0s\""}, "loc": ["services", "kthxbye", "extendIfExpiringIn"], "readOnly": false, "type": "string"}, "services.kthxbye.extendWithPrefix": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"ACK!\""}, "description": "Extend silences with comment starting with PREFIX string.\n", "example": {"_type": "literalExpression", "text": "\"!perma-silence\""}, "loc": ["services", "kthxbye", "extendWithPrefix"], "readOnly": false, "type": "string"}, "services.kthxbye.extraOptions": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options.\n\nDocumentation can be found [here](https://github.com/prymitive/kthxbye/blob/main/README.md).\n", "example": {"_type": "literalExpression", "text": "[\n  \"-extend-with-prefix 'ACK!'\"\n];\n"}, "loc": ["services", "kthxbye", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.kthxbye.interval": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"45s\""}, "description": "Silence check interval duration in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.\n", "example": {"_type": "literalExpression", "text": "\"30s\""}, "loc": ["services", "kthxbye", "interval"], "readOnly": false, "type": "string"}, "services.kthxbye.listenAddress": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address to listen on for HTTP requests.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "kthxbye", "listenAddress"], "readOnly": false, "type": "string"}, "services.kthxbye.logJSON": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Format logged messages as JSON.\n", "loc": ["services", "kthxbye", "logJSON"], "readOnly": false, "type": "boolean"}, "services.kthxbye.maxDuration": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum duration of a silence, it won't be extended anymore after reaching it.\n\nDuration should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format.\n", "example": {"_type": "literalExpression", "text": "\"30d\""}, "loc": ["services", "kthxbye", "maxDuration"], "readOnly": false, "type": "null or string"}, "services.kthxbye.openFirewall": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall needed for the daemon to function.\n", "loc": ["services", "kthxbye", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.kthxbye.package": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kthxbye"}, "description": "The kthxbye package to use.", "loc": ["services", "kthxbye", "package"], "readOnly": false, "type": "package"}, "services.kthxbye.port": {"declarations": ["nixos/modules/services/monitoring/kthxbye.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port to listen on for HTTP requests.\n", "loc": ["services", "kthxbye", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kubo.autoMigrate": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether Kubo should try to migrate its filesystem repository automatically.", "loc": ["services", "kubo", "autoMigrate"], "readOnly": false, "type": "boolean"}, "services.kubo.autoMount": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether Kubo should try to mount /ipfs, /ipns and /mfs at startup.", "loc": ["services", "kubo", "autoMount"], "readOnly": false, "type": "boolean"}, "services.kubo.dataDir": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "if lib.versionAtLeast config.system.stateVersion \"17.09\"\nthen \"/var/lib/ipfs\"\nelse \"/var/lib/ipfs/.ipfs\"\n"}, "description": "The data dir for Kubo", "loc": ["services", "kubo", "dataDir"], "readOnly": false, "type": "string"}, "services.kubo.defaultMode": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"online\""}, "description": "systemd service that is enabled by default", "loc": ["services", "kubo", "defaultMode"], "readOnly": false, "type": "one of \"online\", \"offline\", \"norouting\""}, "services.kubo.emptyRepo": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, the repo will be initialized with help files", "loc": ["services", "kubo", "emptyRepo"], "readOnly": false, "type": "boolean"}, "services.kubo.enable": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Interplanetary File System (WARNING: may cause severe network degradation).\nNOTE: after enabling this option and rebuilding your system, you need to log out\nand back in for the `IPFS_PATH` environment variable to be present in your shell.\nUntil you do that, the CLI tools won't be able to talk to the daemon by default\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubo", "enable"], "readOnly": false, "type": "boolean"}, "services.kubo.enableGC": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic garbage collection", "loc": ["services", "kubo", "enableGC"], "readOnly": false, "type": "boolean"}, "services.kubo.extraFlags": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the Kubo daemon", "loc": ["services", "kubo", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.kubo.group": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"ipfs\""}, "description": "Group under which the Kubo daemon runs", "loc": ["services", "kubo", "group"], "readOnly": false, "type": "string"}, "services.kubo.localDiscovery": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable local discovery for the Kubo daemon.\n          This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this.\n", "loc": ["services", "kubo", "localDiscovery"], "readOnly": false, "type": "boolean"}, "services.kubo.package": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kubo"}, "description": "The kubo package to use.", "loc": ["services", "kubo", "package"], "readOnly": false, "type": "package"}, "services.kubo.serviceFdlimit": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it", "example": {"_type": "literalExpression", "text": "65536"}, "loc": ["services", "kubo", "serviceFdlimit"], "readOnly": false, "type": "null or signed integer"}, "services.kubo.settings": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset of daemon configuration.\nSee [https://github.com/ipfs/kubo/blob/master/docs/config.md](https://github.com/ipfs/kubo/blob/master/docs/config.md) for reference.\nYou can't set `Identity` or `Pinning`.\n", "example": {"_type": "literalExpression", "text": "{\n  Bootstrap = [\n    \"/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu\"\n    \"/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm\"\n  ];\n  Datastore = {\n    StorageMax = \"100GB\";\n  };\n  Discovery = {\n    MDNS = {\n      Enabled = false;\n    };\n  };\n  Swarm = {\n    AddrFilters = null;\n  };\n}"}, "loc": ["services", "kubo", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.kubo.settings.Addresses.API": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on.\nIn addition to the multiaddrs listed here, the daemon will also listen on a Unix domain socket.\nTo allow the ipfs CLI tools to communicate with the daemon over that socket,\nadd your user to the correct group, e.g. `users.users.alice.extraGroups = [ config.services.kubo.group ];`\n", "loc": ["services", "kubo", "settings", "Addresses", "API"], "readOnly": false, "type": "string or list of string"}, "services.kubo.settings.Addresses.Gateway": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"/ip4/127.0.0.1/tcp/8080\""}, "description": "Where the IPFS Gateway can be reached", "loc": ["services", "kubo", "settings", "Addresses", "Gateway"], "readOnly": false, "type": "string or list of string"}, "services.kubo.settings.Addresses.Swarm": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/ip4/0.0.0.0/tcp/4001\"\n  \"/ip6/::/tcp/4001\"\n  \"/ip4/0.0.0.0/udp/4001/quic-v1\"\n  \"/ip4/0.0.0.0/udp/4001/quic-v1/webtransport\"\n  \"/ip4/0.0.0.0/udp/4001/webrtc-direct\"\n  \"/ip6/::/udp/4001/quic-v1\"\n  \"/ip6/::/udp/4001/quic-v1/webtransport\"\n  \"/ip6/::/udp/4001/webrtc-direct\"\n]"}, "description": "Where Kubo listens for incoming p2p connections", "loc": ["services", "kubo", "settings", "Addresses", "Swarm"], "readOnly": false, "type": "list of string"}, "services.kubo.settings.Mounts.FuseAllowOther": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow all users to access the FUSE mount points", "loc": ["services", "kubo", "settings", "Mounts", "FuseAllowOther"], "readOnly": false, "type": "boolean"}, "services.kubo.settings.Mounts.IPFS": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"/ipfs\""}, "description": "Where to mount the IPFS namespace to", "loc": ["services", "kubo", "settings", "Mounts", "IPFS"], "readOnly": false, "type": "string"}, "services.kubo.settings.Mounts.IPNS": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"/ipns\""}, "description": "Where to mount the IPNS namespace to", "loc": ["services", "kubo", "settings", "Mounts", "IPNS"], "readOnly": false, "type": "string"}, "services.kubo.settings.Mounts.MFS": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"/mfs\""}, "description": "Where to mount the MFS namespace to", "loc": ["services", "kubo", "settings", "Mounts", "MFS"], "readOnly": false, "type": "string"}, "services.kubo.startWhenNeeded": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use socket activation to start Kubo when needed.", "loc": ["services", "kubo", "startWhenNeeded"], "readOnly": false, "type": "boolean"}, "services.kubo.user": {"declarations": ["nixos/modules/services/network-filesystems/kubo.nix"], "default": {"_type": "literalExpression", "text": "\"ipfs\""}, "description": "User under which the Kubo daemon runs", "loc": ["services", "kubo", "user"], "readOnly": false, "type": "string"}, "services.lact.enable": {"declarations": ["nixos/modules/services/hardware/lact.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LACT, a tool for monitoring, configuring and overclocking GPUs.\n\n::: {.note}\nIf you are on an AMD GPU, it is recommended to enable overdrive mode by using\n`hardware.amdgpu.overdrive.enable = true;` in your configuration.\nSee [LACT wiki](https://github.com/ilya-zlobintsev/LACT/wiki/Overclocking-(AMD)) for more information.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lact", "enable"], "readOnly": false, "type": "boolean"}, "services.lact.package": {"declarations": ["nixos/modules/services/hardware/lact.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lact"}, "description": "The lact package to use.", "loc": ["services", "lact", "package"], "readOnly": false, "type": "package"}, "services.lact.settings": {"declarations": ["nixos/modules/services/hardware/lact.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for LACT.\n\nThe easiest method of acquiring the settings is to delete\n{file}`/etc/lact/config.yaml`, enter your settings and look\nat the file.\n\n::: {.note}\nWhen `settings` is populated, the config file will be a symbolic link\nand thus LACT daemon will not be able to modify it through the GUI.\n:::\n", "loc": ["services", "lact", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.lambdabot.enable": {"declarations": ["nixos/modules/services/networking/lambdabot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Lambdabot IRC bot", "loc": ["services", "lambdabot", "enable"], "readOnly": false, "type": "boolean"}, "services.lambdabot.package": {"declarations": ["nixos/modules/services/networking/lambdabot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lambdabot"}, "description": "The lambdabot package to use.", "loc": ["services", "lambdabot", "package"], "readOnly": false, "type": "package"}, "services.lambdabot.script": {"declarations": ["nixos/modules/services/networking/lambdabot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Lambdabot script", "loc": ["services", "lambdabot", "script"], "readOnly": false, "type": "string"}, "services.languagetool.allowOrigin": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the Access-Control-Allow-Origin header in the HTTP response,\nused for direct (non-proxy) JavaScript-based access from browsers.\n`\"*\"` to allow access from all sites.\n", "example": {"_type": "literalExpression", "text": "\"https://my-website.org\""}, "loc": ["services", "languagetool", "allowOrigin"], "readOnly": false, "type": "null or string"}, "services.languagetool.enable": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the LanguageTool server, a multilingual spelling, style, and grammar checker that helps correct or paraphrase texts.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "languagetool", "enable"], "readOnly": false, "type": "boolean"}, "services.languagetool.jvmOptions": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for the JVM running languagetool.\nMore information can be found here: <https://docs.oracle.com/en/java/javase/19/docs/specs/man/java.html#standard-options-for-java>\n", "example": {"_type": "literalExpression", "text": "[\n  \"-Xmx512m\"\n]"}, "loc": ["services", "languagetool", "jvmOptions"], "readOnly": false, "type": "list of string"}, "services.languagetool.package": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "pkgs.languagetool"}, "description": "The languagetool package to use.", "loc": ["services", "languagetool", "package"], "readOnly": false, "type": "package"}, "services.languagetool.port": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Port on which LanguageTool listens.\n", "example": {"_type": "literalExpression", "text": "8081"}, "loc": ["services", "languagetool", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.languagetool.public": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable access from anywhere (rather than just localhost).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "languagetool", "public"], "readOnly": false, "type": "boolean"}, "services.languagetool.settings": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration file options for LanguageTool, see\n'languagetool-http-server --help'\nfor supported settings.\n", "loc": ["services", "languagetool", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, package, bool, int or float)"}, "services.languagetool.settings.cacheSize": {"declarations": ["nixos/modules/services/misc/languagetool.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Number of sentences cached.", "loc": ["services", "languagetool", "settings", "cacheSize"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.lanraragi.enable": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LANraragi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lanraragi", "enable"], "readOnly": false, "type": "boolean"}, "services.lanraragi.openFirewall": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for LANraragi's web interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lanraragi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.lanraragi.package": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lanraragi"}, "description": "The lanraragi package to use.", "loc": ["services", "lanraragi", "package"], "readOnly": false, "type": "package"}, "services.lanraragi.passwordFile": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password for LANraragi's admin interface.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/lanraragi-password\""}, "loc": ["services", "lanraragi", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.lanraragi.port": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port for LANraragi's web interface.", "loc": ["services", "lanraragi", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lanraragi.redis.passwordFile": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password for LANraragi's Redis server.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/redis-lanraragi-password\""}, "loc": ["services", "lanraragi", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.lanraragi.redis.port": {"declarations": ["nixos/modules/services/web-apps/lanraragi.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "Port for LANraragi's Redis server.", "loc": ["services", "lanraragi", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lavalink.address": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The network address to bind to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "lavalink", "address"], "readOnly": false, "type": "string"}, "services.lavalink.enable": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Lavalink.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lavalink", "enable"], "readOnly": false, "type": "boolean"}, "services.lavalink.enableHttp2": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTP/2 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lavalink", "enableHttp2"], "readOnly": false, "type": "boolean"}, "services.lavalink.environmentFile": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Add custom environment variables from a file.\nSee <https://lavalink.dev/configuration/index.html#example-environment-variables> for the full documentation.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/lavalink/passwordEnvFile\""}, "loc": ["services", "lavalink", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.lavalink.extraConfig": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration to write to {file}`application.yml`.\nSee <https://lavalink.dev/configuration/#example-applicationyml> for the full documentation.\n\nIndividual configuration parameters can be overwritten using environment variables.\nSee <https://lavalink.dev/configuration/#example-environment-variables> for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  lavalink.server = {\n    sources.twitch = true;\n\n    filters.volume = true;\n  };\n\n  logging.file.path = \"./logs/\";\n}\n"}, "loc": ["services", "lavalink", "extraConfig"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.lavalink.group": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "\"lavalink\""}, "description": "The group of the service.\n", "example": {"_type": "literalExpression", "text": "\"medias\""}, "loc": ["services", "lavalink", "group"], "readOnly": false, "type": "string"}, "services.lavalink.home": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lavalink\""}, "description": "The home directory for lavalink.\n", "example": {"_type": "literalExpression", "text": "\"/home/lavalink\""}, "loc": ["services", "lavalink", "home"], "readOnly": false, "type": "string"}, "services.lavalink.jvmArgs": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "\"-Xmx4G\""}, "description": "Set custom JVM arguments.\n", "example": {"_type": "literalExpression", "text": "\"-Djava.io.tmpdir=/var/lib/lavalink/tmp -Xmx6G\""}, "loc": ["services", "lavalink", "jvmArgs"], "readOnly": false, "type": "string"}, "services.lavalink.openFirewall": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to expose the port to the network.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lavalink", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.lavalink.package": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lavalink"}, "description": "The lavalink package to use.", "loc": ["services", "lavalink", "package"], "readOnly": false, "type": "package"}, "services.lavalink.password": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password for Lavalink's authentication in plain text.\n", "example": {"_type": "literalExpression", "text": "\"s3cRe!p4SsW0rD\""}, "loc": ["services", "lavalink", "password"], "readOnly": false, "type": "null or string"}, "services.lavalink.plugins": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of plugins for lavalink.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dependency = \"dev.lavalink.youtube:youtube-plugin:1.8.0\";\n    repository = \"https://maven.lavalink.dev/snapshots\";\n    hash = lib.fakeHash;\n    configName = \"youtube\";\n    extraConfig = {\n      enabled = true;\n      allowSearch = true;\n      allowDirectVideoIds = true;\n      allowDirectPlaylistIds = true;\n    };\n  }\n]\n"}, "loc": ["services", "lavalink", "plugins"], "readOnly": false, "type": "list of (submodule)"}, "services.lavalink.plugins.*.configName": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the plugin to use as the key for the plugin configuration.\n", "example": {"_type": "literalExpression", "text": "\"youtube\""}, "loc": ["services", "lavalink", "plugins", "*", "configName"], "readOnly": false, "type": "null or string"}, "services.lavalink.plugins.*.dependency": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "description": "The coordinates of the plugin.\n", "example": {"_type": "literalExpression", "text": "\"dev.lavalink.youtube:youtube-plugin:1.8.0\""}, "loc": ["services", "lavalink", "plugins", "*", "dependency"], "readOnly": false, "type": "string"}, "services.lavalink.plugins.*.extraConfig": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration for the plugin.\n\nThe {option}`services.lavalink.plugins.*.configName` option must be set.\n", "loc": ["services", "lavalink", "plugins", "*", "extraConfig"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.lavalink.plugins.*.hash": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "description": "The hash of the plugin.\n", "example": {"_type": "literalExpression", "text": "\"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\""}, "loc": ["services", "lavalink", "plugins", "*", "hash"], "readOnly": false, "type": "string"}, "services.lavalink.plugins.*.repository": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "\"https://maven.lavalink.dev/releases\""}, "description": "The plugin repository. Defaults to the lavalink releases repository.\n\nTo use the snapshots repository, use <https://maven.lavalink.dev/snapshots> instead\n", "example": {"_type": "literalExpression", "text": "\"https://maven.example.com/releases\""}, "loc": ["services", "lavalink", "plugins", "*", "repository"], "readOnly": false, "type": "string"}, "services.lavalink.port": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "2333"}, "description": "The port that Lavalink will use.\n", "example": {"_type": "literalExpression", "text": "4567"}, "loc": ["services", "lavalink", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lavalink.user": {"declarations": ["nixos/modules/services/audio/lavalink.nix"], "default": {"_type": "literalExpression", "text": "\"lavalink\""}, "description": "The user of the service.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["services", "lavalink", "user"], "readOnly": false, "type": "string"}, "services.leaps.address": {"declarations": ["nixos/modules/services/misc/leaps.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Hostname or IP-address to listen to. By default it will listen on all interfaces.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "leaps", "address"], "readOnly": false, "type": "string"}, "services.leaps.enable": {"declarations": ["nixos/modules/services/misc/leaps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable leaps, a pair programming service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "leaps", "enable"], "readOnly": false, "type": "boolean"}, "services.leaps.path": {"declarations": ["nixos/modules/services/misc/leaps.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Subdirectory used for reverse proxy setups", "loc": ["services", "leaps", "path"], "readOnly": false, "type": "absolute path"}, "services.leaps.port": {"declarations": ["nixos/modules/services/misc/leaps.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "A port where leaps listens for incoming http requests", "loc": ["services", "leaps", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.legit.enable": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable legit git web frontend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "legit", "enable"], "readOnly": false, "type": "boolean"}, "services.legit.group": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"legit\""}, "description": "Group account under which legit runs.", "loc": ["services", "legit", "group"], "readOnly": false, "type": "string"}, "services.legit.package": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.legit-web"}, "description": "The legit-web package to use.", "loc": ["services", "legit", "package"], "readOnly": false, "type": "package"}, "services.legit.settings": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The primary legit configuration. See the\n[sample configuration](https://github.com/icyphox/legit/blob/master/config.yaml)\nfor possible values.\n", "loc": ["services", "legit", "settings"], "readOnly": false, "type": "submodule"}, "services.legit.settings.dirs.static": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.legit-web}/lib/legit/static\""}, "description": "Directories where static files are located.", "loc": ["services", "legit", "settings", "dirs", "static"], "readOnly": false, "type": "absolute path"}, "services.legit.settings.dirs.templates": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.legit-web}/lib/legit/templates\""}, "description": "Directories where template files are located.", "loc": ["services", "legit", "settings", "dirs", "templates"], "readOnly": false, "type": "absolute path"}, "services.legit.settings.meta.description": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"git frontend\""}, "description": "Website description.", "loc": ["services", "legit", "settings", "meta", "description"], "readOnly": false, "type": "string"}, "services.legit.settings.meta.title": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"legit\""}, "description": "Website title.", "loc": ["services", "legit", "settings", "meta", "title"], "readOnly": false, "type": "string"}, "services.legit.settings.repo.ignore": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Repositories to ignore.", "loc": ["services", "legit", "settings", "repo", "ignore"], "readOnly": false, "type": "list of string"}, "services.legit.settings.repo.mainBranch": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"main\"\n  \"master\"\n]"}, "description": "Main branch to look for.", "loc": ["services", "legit", "settings", "repo", "mainBranch"], "readOnly": false, "type": "list of string"}, "services.legit.settings.repo.readme": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Readme files to look for.", "loc": ["services", "legit", "settings", "repo", "readme"], "readOnly": false, "type": "list of string"}, "services.legit.settings.repo.scanPath": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/legit\""}, "description": "Directory where legit will scan for repositories.", "loc": ["services", "legit", "settings", "repo", "scanPath"], "readOnly": false, "type": "absolute path"}, "services.legit.settings.server.host": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host address.", "loc": ["services", "legit", "settings", "server", "host"], "readOnly": false, "type": "string"}, "services.legit.settings.server.name": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Server name.", "loc": ["services", "legit", "settings", "server", "name"], "readOnly": false, "type": "string"}, "services.legit.settings.server.port": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "5555"}, "description": "Legit port.", "loc": ["services", "legit", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.legit.user": {"declarations": ["nixos/modules/services/networking/legit.nix"], "default": {"_type": "literalExpression", "text": "\"legit\""}, "description": "User account under which legit runs.", "loc": ["services", "legit", "user"], "readOnly": false, "type": "string"}, "services.lemmy.adminPasswordFile": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File which contains the value of `setup.admin_password`.", "loc": ["services", "lemmy", "adminPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.lemmy.caddy.enable": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exposing lemmy with the caddy reverse proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lemmy", "caddy", "enable"], "readOnly": false, "type": "boolean"}, "services.lemmy.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable creation of database on the instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lemmy", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.lemmy.database.uri": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The connection URI to use. Takes priority over the configuration file if set.", "loc": ["services", "lemmy", "database", "uri"], "readOnly": false, "type": "null or string"}, "services.lemmy.database.uriFile": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File which contains the database uri.", "loc": ["services", "lemmy", "database", "uriFile"], "readOnly": false, "type": "null or absolute path"}, "services.lemmy.enable": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lemmy a federated alternative to reddit in rust.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lemmy", "enable"], "readOnly": false, "type": "boolean"}, "services.lemmy.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exposing lemmy with the nginx reverse proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lemmy", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.lemmy.pictrsApiKeyFile": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File which contains the value of `pictrs.api_key`.", "loc": ["services", "lemmy", "pictrsApiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.lemmy.server.package": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lemmy-server"}, "description": "The lemmy-server package to use.", "loc": ["services", "lemmy", "server", "package"], "readOnly": false, "type": "package"}, "services.lemmy.settings": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Lemmy configuration", "loc": ["services", "lemmy", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.lemmy.settings.captcha.difficulty": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "\"medium\""}, "description": "The difficultly of the captcha to solve.", "loc": ["services", "lemmy", "settings", "captcha", "difficulty"], "readOnly": false, "type": "one of \"easy\", \"medium\", \"hard\""}, "services.lemmy.settings.captcha.enabled": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Captcha.", "loc": ["services", "lemmy", "settings", "captcha", "enabled"], "readOnly": false, "type": "boolean"}, "services.lemmy.settings.hostname": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The domain name of your instance (eg 'lemmy.ml').", "loc": ["services", "lemmy", "settings", "hostname"], "readOnly": false, "type": "string"}, "services.lemmy.settings.port": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "8536"}, "description": "Port where lemmy should listen for incoming requests.", "loc": ["services", "lemmy", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lemmy.smtpPasswordFile": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File which contains the value of `email.smtp_password`.", "loc": ["services", "lemmy", "smtpPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.lemmy.ui.package": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lemmy-ui"}, "description": "The lemmy-ui package to use.", "loc": ["services", "lemmy", "ui", "package"], "readOnly": false, "type": "package"}, "services.lemmy.ui.port": {"declarations": ["nixos/modules/services/web-apps/lemmy.nix"], "default": {"_type": "literalExpression", "text": "1234"}, "description": "Port where lemmy-ui should listen for incoming requests.", "loc": ["services", "lemmy", "ui", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.libeufin.bank.createLocalDatabase": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic creation of a local postgres database.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libeufin", "bank", "createLocalDatabase"], "readOnly": false, "type": "boolean"}, "services.libeufin.bank.debug": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libeufin", "bank", "debug"], "readOnly": false, "type": "boolean"}, "services.libeufin.bank.enable": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable libeufin core banking system and web interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libeufin", "bank", "enable"], "readOnly": false, "type": "boolean"}, "services.libeufin.bank.initialAccounts": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Accounts to enable before the bank service starts.\n\nThis is mainly needed for the nexus currency conversion\nsince the exchange's bank account is expected to be already\nregistered.\n\nDon't forget to change the account passwords afterwards.\n", "loc": ["services", "libeufin", "bank", "initialAccounts"], "readOnly": false, "type": "list of (attribute set)"}, "services.libeufin.bank.openFirewall": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall", "loc": ["services", "libeufin", "bank", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.libeufin.bank.package": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libeufin"}, "description": "The libeufin package to use.", "loc": ["services", "libeufin", "bank", "package"], "readOnly": false, "type": "package"}, "services.libeufin.bank.settings": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "description": "Configuration options for the libeufin bank system config file.\n\nFor a list of all possible options, please see the man page [`libeufin-bank.conf(5)`](https://docs.taler.net/manpages/libeufin-bank.conf.5.html)\n", "loc": ["services", "libeufin", "bank", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.libeufin.bank.settings.libeufin-bank.CURRENCY": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "description": "The currency under which the libeufin-bank should operate.\n\nThis defaults to the GNU taler module's currency for convenience\nbut if you run libeufin-bank separately from taler, you must set\nthis yourself.\n", "loc": ["services", "libeufin", "bank", "settings", "libeufin-bank", "CURRENCY"], "readOnly": false, "type": "string"}, "services.libeufin.bank.settings.libeufin-bank.PORT": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "8082"}, "description": "The port on which libeufin-bank should listen.\n", "loc": ["services", "libeufin", "bank", "settings", "libeufin-bank", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "default": {"_type": "literalExpression", "text": "\"https://exchange.demo.taler.net/\""}, "description": "Exchange that is suggested to wallets when withdrawing.\n\nNote that, in order for withdrawals to work, your libeufin-bank\nmust be able to communicate with and send money etc. to the bank\nat which the exchange used for withdrawals has its bank account.\n\nIf you also have your own bank and taler exchange network, you\nprobably want to set one of your exchange's url here instead of\nthe demo exchange.\n\nThis setting must always be set in order for the Android app to\nnot crash during the withdrawal process but the exchange to be\nused can always be changed in the app.\n", "loc": ["services", "libeufin", "bank", "settings", "libeufin-bank", "SUGGESTED_WITHDRAWAL_EXCHANGE"], "readOnly": false, "type": "string"}, "services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG": {"declarations": ["nixos/modules/services/finance/libeufin/bank.nix"], "description": "The database connection string for the libeufin-bank database.\n", "loc": ["services", "libeufin", "bank", "settings", "libeufin-bankdb-postgres", "CONFIG"], "readOnly": false, "type": "string"}, "services.libeufin.nexus.createLocalDatabase": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic creation of a local postgres database.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libeufin", "nexus", "createLocalDatabase"], "readOnly": false, "type": "boolean"}, "services.libeufin.nexus.debug": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libeufin", "nexus", "debug"], "readOnly": false, "type": "boolean"}, "services.libeufin.nexus.enable": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable libeufin core banking system and web interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libeufin", "nexus", "enable"], "readOnly": false, "type": "boolean"}, "services.libeufin.nexus.openFirewall": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall", "loc": ["services", "libeufin", "nexus", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.libeufin.nexus.package": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libeufin"}, "description": "The libeufin package to use.", "loc": ["services", "libeufin", "nexus", "package"], "readOnly": false, "type": "package"}, "services.libeufin.nexus.settings": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "Configuration options for the libeufin nexus config file.\n\nFor a list of all possible options, please see the man page [`libeufin-nexus.conf(5)`](https://docs.taler.net/manpages/libeufin-nexus.conf.5.html)\n", "loc": ["services", "libeufin", "nexus", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.libeufin.nexus.settings.libeufin-nexusdb-postgres.CONFIG": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "The database connection string for the libeufin-nexus database.\n", "loc": ["services", "libeufin", "nexus", "settings", "libeufin-nexusdb-postgres", "CONFIG"], "readOnly": false, "type": "string"}, "services.libeufin.nexus.settings.nexus-ebics.BANK_DIALECT": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "Name of the following combination: EBICS version and ISO20022\nrecommendations that Nexus would honor in the communication with the\nbank.\n\nCurrently only the \"postfinance\" or \"gls\" value is supported.\n", "example": {"_type": "literalExpression", "text": "\"postfinance\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "BANK_DIALECT"], "readOnly": false, "type": "one of \"postfinance\", \"gls\""}, "services.libeufin.nexus.settings.nexus-ebics.BANK_PUBLIC_KEYS_FILE": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/libeufin-nexus/bank-ebics-keys.json\""}, "description": "Filesystem location where Nexus should store the bank public keys.\n", "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "BANK_PUBLIC_KEYS_FILE"], "readOnly": false, "type": "absolute path"}, "services.libeufin.nexus.settings.nexus-ebics.BIC": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "BIC of the bank account that is associated with the EBICS subscriber.", "example": {"_type": "literalExpression", "text": "\"POFICHBEXXX\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "BIC"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.CLIENT_PRIVATE_KEYS_FILE": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/libeufin-nexus/client-ebics-keys.json\""}, "description": "Filesystem location where Nexus should store the subscriber private keys.\n", "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "CLIENT_PRIVATE_KEYS_FILE"], "readOnly": false, "type": "absolute path"}, "services.libeufin.nexus.settings.nexus-ebics.CURRENCY": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "Name of the fiat currency.", "example": {"_type": "literalExpression", "text": "\"CHF\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "CURRENCY"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.HOST_BASE_URL": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "URL of the EBICS server.", "example": {"_type": "literalExpression", "text": "\"https://ebics.postfinance.ch/ebics/ebics.aspx\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "HOST_BASE_URL"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.HOST_ID": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "Name of the EBICS host.", "example": {"_type": "literalExpression", "text": "\"PFEBICS\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "HOST_ID"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.IBAN": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "IBAN of the bank account that is associated with the EBICS subscriber.", "example": {"_type": "literalExpression", "text": "\"CH7789144474425692816\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "IBAN"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.NAME": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "Legal entity that is associated with the EBICS subscriber.", "example": {"_type": "literalExpression", "text": "\"John Smith S.A.\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "NAME"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.PARTNER_ID": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "Partner ID of the EBICS subscriber.\n\nThis value must be assigned by the bank after having activated a new EBICS subscriber.\n", "example": {"_type": "literalExpression", "text": "\"PFC00563\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "PARTNER_ID"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-ebics.USER_ID": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "description": "User ID of the EBICS subscriber.\n\nThis value must be assigned by the bank after having activated a new EBICS subscriber.\n", "example": {"_type": "literalExpression", "text": "\"PFC00563\""}, "loc": ["services", "libeufin", "nexus", "settings", "nexus-ebics", "USER_ID"], "readOnly": false, "type": "non-empty string"}, "services.libeufin.nexus.settings.nexus-httpd.PORT": {"declarations": ["nixos/modules/services/finance/libeufin/nexus.nix"], "default": {"_type": "literalExpression", "text": "8084"}, "description": "The port on which libeufin-bank should listen.\n", "loc": ["services", "libeufin", "nexus", "settings", "nexus-httpd", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.libeufin.settings": {"declarations": ["nixos/modules/services/finance/libeufin/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Global configuration options for the libeufin bank system config file.", "loc": ["services", "libeufin", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.libinput.enable": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.enable"}, "description": "Whether to enable libinput.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libinput", "enable"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.accelPointsFallback": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the points of the fallback acceleration function. The value must be a list of\nfloating point non-negative numbers. This only applies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "[\n  0.0\n  1.0\n  2.4\n  2.5\n]"}, "loc": ["services", "libinput", "mouse", "accelPointsFallback"], "readOnly": false, "type": "null or (list of (signed integer or floating point number))"}, "services.libinput.mouse.accelPointsMotion": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the points of the (pointer) motion acceleration function. The value must be a\nlist of floating point non-negative numbers. This only applies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "[\n  0.0\n  1.0\n  2.4\n  2.5\n]"}, "loc": ["services", "libinput", "mouse", "accelPointsMotion"], "readOnly": false, "type": "null or (list of (signed integer or floating point number))"}, "services.libinput.mouse.accelPointsScroll": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the points of the scroll acceleration function. The value must be a list of\nfloating point non-negative numbers. This only applies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "[\n  0.0\n  1.0\n  2.4\n  2.5\n]"}, "loc": ["services", "libinput", "mouse", "accelPointsScroll"], "readOnly": false, "type": "null or (list of (signed integer or floating point number))"}, "services.libinput.mouse.accelProfile": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"adaptive\""}, "description": "Sets the pointer acceleration profile to the given profile.\nPermitted values are `adaptive`, `flat`, `custom`.\nNot all devices support this option or all profiles.\nIf a profile is unsupported, the default profile for this is used.\n`flat`: Pointer motion is accelerated by a constant\n(device-specific) factor, depending on the current speed.\n`adaptive`: Pointer acceleration depends on the input speed.\nThis is the default profile for most devices.\n`custom`: Allows the user to define a custom acceleration function.\nTo define custom functions use the accelPoints<Fallback/Motion/Scroll>\nand accelStep<Fallback/Motion/Scroll> options.\n", "example": {"_type": "literalExpression", "text": "\"flat\""}, "loc": ["services", "libinput", "mouse", "accelProfile"], "readOnly": false, "type": "one of \"flat\", \"adaptive\", \"custom\""}, "services.libinput.mouse.accelSpeed": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).\nThis only applies to the flat or adaptive profile.\n", "example": {"_type": "literalExpression", "text": "\"-0.5\""}, "loc": ["services", "libinput", "mouse", "accelSpeed"], "readOnly": false, "type": "null or string"}, "services.libinput.mouse.accelStepFallback": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the step between the points of the fallback acceleration function. When a step of\n0.0 is provided, libinput's Fallback acceleration function is used. This only applies\nto the custom profile.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "libinput", "mouse", "accelStepFallback"], "readOnly": false, "type": "null or signed integer or floating point number"}, "services.libinput.mouse.accelStepMotion": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the step between the points of the (pointer) motion acceleration function. When a\nstep of 0.0 is provided, libinput's Fallback acceleration function is used. This only\napplies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "libinput", "mouse", "accelStepMotion"], "readOnly": false, "type": "null or signed integer or floating point number"}, "services.libinput.mouse.accelStepScroll": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the step between the points of the scroll acceleration function. When a step of\n0.0 is provided, libinput's Fallback acceleration function is used. This only applies\nto the custom profile.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "libinput", "mouse", "accelStepScroll"], "readOnly": false, "type": "null or signed integer or floating point number"}, "services.libinput.mouse.additionalOptions": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional options for libinput mouse driver. See\n{manpage}`libinput(4)`\nfor available options.\";\n", "example": {"_type": "literalExpression", "text": "''\n  Option \"DragLockButtons\" \"L1 B1 L2 B2\"\n''"}, "loc": ["services", "libinput", "mouse", "additionalOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.libinput.mouse.buttonMapping": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the logical button mapping for this device, see {manpage}`XSetPointerMapping(3)`. The string  must\nbe  a  space-separated  list  of  button mappings in the order of the logical buttons on the\ndevice, starting with button 1.  The default mapping is \"1 2 3 ... 32\". A mapping of 0 deac\u2010\ntivates the button. Multiple buttons can have the same mapping.  Invalid mapping strings are\ndiscarded and the default mapping is used for all buttons.  Buttons  not  specified  in  the\nuser's mapping use the default mapping. See section BUTTON MAPPING for more details.\n", "example": {"_type": "literalExpression", "text": "\"1 6 3 4 5 0 7\""}, "loc": ["services", "libinput", "mouse", "buttonMapping"], "readOnly": false, "type": "null or string"}, "services.libinput.mouse.calibrationMatrix": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string of 9 space-separated floating point numbers. Sets the calibration matrix to the\n3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).\n", "example": {"_type": "literalExpression", "text": "\"0.5 0 0 0 0.8 0.1 0 0 1\""}, "loc": ["services", "libinput", "mouse", "calibrationMatrix"], "readOnly": false, "type": "null or string"}, "services.libinput.mouse.clickMethod": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables a click method. Permitted values are `none`,\n`buttonareas`, `clickfinger`.\nNot all devices support all methods, if an option is unsupported,\nthe default click method for this device is used.\n", "example": {"_type": "literalExpression", "text": "\"buttonareas\""}, "loc": ["services", "libinput", "mouse", "clickMethod"], "readOnly": false, "type": "null or one of \"none\", \"buttonareas\", \"clickfinger\""}, "services.libinput.mouse.dev": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path for mouse device.  Set to `null` to apply to any\nauto-detected mouse.\n", "example": {"_type": "literalExpression", "text": "\"/dev/input/event0\""}, "loc": ["services", "libinput", "mouse", "dev"], "readOnly": false, "type": "null or string"}, "services.libinput.mouse.disableWhileTyping": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable input method while typing.\n", "loc": ["services", "libinput", "mouse", "disableWhileTyping"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.horizontalScrolling": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables horizontal scrolling. When disabled, this driver will discard any\nhorizontal scroll events from libinput. This does not disable horizontal scroll events\nfrom libinput; it merely discards the horizontal axis from any scroll events.\n", "loc": ["services", "libinput", "mouse", "horizontalScrolling"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.leftHanded": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables left-handed button orientation, i.e. swapping left and right buttons.", "loc": ["services", "libinput", "mouse", "leftHanded"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.middleEmulation": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables middle button emulation. When enabled, pressing the left and right buttons\nsimultaneously produces a middle mouse button click.\n", "loc": ["services", "libinput", "mouse", "middleEmulation"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.naturalScrolling": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables or disables natural scrolling behavior.", "loc": ["services", "libinput", "mouse", "naturalScrolling"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.scrollButton": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Designates a button as scroll button. If the ScrollMethod is button and the button is logically\nheld down, x/y axis movement is converted into scroll events.\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "libinput", "mouse", "scrollButton"], "readOnly": false, "type": "null or signed integer"}, "services.libinput.mouse.scrollMethod": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"twofinger\""}, "description": "Specify the scrolling method: `twofinger`, `edge`,\n`button`, or `none`\n", "example": {"_type": "literalExpression", "text": "\"edge\""}, "loc": ["services", "libinput", "mouse", "scrollMethod"], "readOnly": false, "type": "one of \"twofinger\", \"edge\", \"button\", \"none\""}, "services.libinput.mouse.sendEventsMode": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"enabled\""}, "description": "Sets the send events mode to `disabled`, `enabled`,\nor `disabled-on-external-mouse`\n", "example": {"_type": "literalExpression", "text": "\"disabled\""}, "loc": ["services", "libinput", "mouse", "sendEventsMode"], "readOnly": false, "type": "one of \"disabled\", \"enabled\", \"disabled-on-external-mouse\""}, "services.libinput.mouse.tapping": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables tap-to-click behavior.\n", "loc": ["services", "libinput", "mouse", "tapping"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.tappingButtonMap": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively.\n", "loc": ["services", "libinput", "mouse", "tappingButtonMap"], "readOnly": false, "type": "null or one of \"lrm\", \"lmr\""}, "services.libinput.mouse.tappingDragLock": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap-\nand-drag will not immediately release the button. If the finger is set down again within the\ntimeout, the dragging process continues.\n", "loc": ["services", "libinput", "mouse", "tappingDragLock"], "readOnly": false, "type": "boolean"}, "services.libinput.mouse.transformationMatrix": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string of 9 space-separated floating point numbers. Sets the transformation matrix to\nthe 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).\n", "example": {"_type": "literalExpression", "text": "\"0.5 0 0 0 0.8 0.1 0 0 1\""}, "loc": ["services", "libinput", "mouse", "transformationMatrix"], "readOnly": false, "type": "null or string"}, "services.libinput.touchpad.accelPointsFallback": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the points of the fallback acceleration function. The value must be a list of\nfloating point non-negative numbers. This only applies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "[\n  0.0\n  1.0\n  2.4\n  2.5\n]"}, "loc": ["services", "libinput", "touchpad", "accelPointsFallback"], "readOnly": false, "type": "null or (list of (signed integer or floating point number))"}, "services.libinput.touchpad.accelPointsMotion": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the points of the (pointer) motion acceleration function. The value must be a\nlist of floating point non-negative numbers. This only applies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "[\n  0.0\n  1.0\n  2.4\n  2.5\n]"}, "loc": ["services", "libinput", "touchpad", "accelPointsMotion"], "readOnly": false, "type": "null or (list of (signed integer or floating point number))"}, "services.libinput.touchpad.accelPointsScroll": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the points of the scroll acceleration function. The value must be a list of\nfloating point non-negative numbers. This only applies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "[\n  0.0\n  1.0\n  2.4\n  2.5\n]"}, "loc": ["services", "libinput", "touchpad", "accelPointsScroll"], "readOnly": false, "type": "null or (list of (signed integer or floating point number))"}, "services.libinput.touchpad.accelProfile": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"adaptive\""}, "description": "Sets the pointer acceleration profile to the given profile.\nPermitted values are `adaptive`, `flat`, `custom`.\nNot all devices support this option or all profiles.\nIf a profile is unsupported, the default profile for this is used.\n`flat`: Pointer motion is accelerated by a constant\n(device-specific) factor, depending on the current speed.\n`adaptive`: Pointer acceleration depends on the input speed.\nThis is the default profile for most devices.\n`custom`: Allows the user to define a custom acceleration function.\nTo define custom functions use the accelPoints<Fallback/Motion/Scroll>\nand accelStep<Fallback/Motion/Scroll> options.\n", "example": {"_type": "literalExpression", "text": "\"flat\""}, "loc": ["services", "libinput", "touchpad", "accelProfile"], "readOnly": false, "type": "one of \"flat\", \"adaptive\", \"custom\""}, "services.libinput.touchpad.accelSpeed": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).\nThis only applies to the flat or adaptive profile.\n", "example": {"_type": "literalExpression", "text": "\"-0.5\""}, "loc": ["services", "libinput", "touchpad", "accelSpeed"], "readOnly": false, "type": "null or string"}, "services.libinput.touchpad.accelStepFallback": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the step between the points of the fallback acceleration function. When a step of\n0.0 is provided, libinput's Fallback acceleration function is used. This only applies\nto the custom profile.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "libinput", "touchpad", "accelStepFallback"], "readOnly": false, "type": "null or signed integer or floating point number"}, "services.libinput.touchpad.accelStepMotion": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the step between the points of the (pointer) motion acceleration function. When a\nstep of 0.0 is provided, libinput's Fallback acceleration function is used. This only\napplies to the custom profile.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "libinput", "touchpad", "accelStepMotion"], "readOnly": false, "type": "null or signed integer or floating point number"}, "services.libinput.touchpad.accelStepScroll": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the step between the points of the scroll acceleration function. When a step of\n0.0 is provided, libinput's Fallback acceleration function is used. This only applies\nto the custom profile.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "libinput", "touchpad", "accelStepScroll"], "readOnly": false, "type": "null or signed integer or floating point number"}, "services.libinput.touchpad.additionalOptions": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional options for libinput touchpad driver. See\n{manpage}`libinput(4)`\nfor available options.\";\n", "example": {"_type": "literalExpression", "text": "''\n  Option \"DragLockButtons\" \"L1 B1 L2 B2\"\n''"}, "loc": ["services", "libinput", "touchpad", "additionalOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.libinput.touchpad.buttonMapping": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the logical button mapping for this device, see {manpage}`XSetPointerMapping(3)`. The string  must\nbe  a  space-separated  list  of  button mappings in the order of the logical buttons on the\ndevice, starting with button 1.  The default mapping is \"1 2 3 ... 32\". A mapping of 0 deac\u2010\ntivates the button. Multiple buttons can have the same mapping.  Invalid mapping strings are\ndiscarded and the default mapping is used for all buttons.  Buttons  not  specified  in  the\nuser's mapping use the default mapping. See section BUTTON MAPPING for more details.\n", "example": {"_type": "literalExpression", "text": "\"1 6 3 4 5 0 7\""}, "loc": ["services", "libinput", "touchpad", "buttonMapping"], "readOnly": false, "type": "null or string"}, "services.libinput.touchpad.calibrationMatrix": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string of 9 space-separated floating point numbers. Sets the calibration matrix to the\n3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).\n", "example": {"_type": "literalExpression", "text": "\"0.5 0 0 0 0.8 0.1 0 0 1\""}, "loc": ["services", "libinput", "touchpad", "calibrationMatrix"], "readOnly": false, "type": "null or string"}, "services.libinput.touchpad.clickMethod": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables a click method. Permitted values are `none`,\n`buttonareas`, `clickfinger`.\nNot all devices support all methods, if an option is unsupported,\nthe default click method for this device is used.\n", "example": {"_type": "literalExpression", "text": "\"buttonareas\""}, "loc": ["services", "libinput", "touchpad", "clickMethod"], "readOnly": false, "type": "null or one of \"none\", \"buttonareas\", \"clickfinger\""}, "services.libinput.touchpad.dev": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path for touchpad device.  Set to `null` to apply to any\nauto-detected touchpad.\n", "example": {"_type": "literalExpression", "text": "\"/dev/input/event0\""}, "loc": ["services", "libinput", "touchpad", "dev"], "readOnly": false, "type": "null or string"}, "services.libinput.touchpad.disableWhileTyping": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable input method while typing.\n", "loc": ["services", "libinput", "touchpad", "disableWhileTyping"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.horizontalScrolling": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables horizontal scrolling. When disabled, this driver will discard any\nhorizontal scroll events from libinput. This does not disable horizontal scroll events\nfrom libinput; it merely discards the horizontal axis from any scroll events.\n", "loc": ["services", "libinput", "touchpad", "horizontalScrolling"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.leftHanded": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables left-handed button orientation, i.e. swapping left and right buttons.", "loc": ["services", "libinput", "touchpad", "leftHanded"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.middleEmulation": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables middle button emulation. When enabled, pressing the left and right buttons\nsimultaneously produces a middle mouse button click.\n", "loc": ["services", "libinput", "touchpad", "middleEmulation"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.naturalScrolling": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables or disables natural scrolling behavior.", "loc": ["services", "libinput", "touchpad", "naturalScrolling"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.scrollButton": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Designates a button as scroll button. If the ScrollMethod is button and the button is logically\nheld down, x/y axis movement is converted into scroll events.\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "libinput", "touchpad", "scrollButton"], "readOnly": false, "type": "null or signed integer"}, "services.libinput.touchpad.scrollMethod": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"twofinger\""}, "description": "Specify the scrolling method: `twofinger`, `edge`,\n`button`, or `none`\n", "example": {"_type": "literalExpression", "text": "\"edge\""}, "loc": ["services", "libinput", "touchpad", "scrollMethod"], "readOnly": false, "type": "one of \"twofinger\", \"edge\", \"button\", \"none\""}, "services.libinput.touchpad.sendEventsMode": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "\"enabled\""}, "description": "Sets the send events mode to `disabled`, `enabled`,\nor `disabled-on-external-mouse`\n", "example": {"_type": "literalExpression", "text": "\"disabled\""}, "loc": ["services", "libinput", "touchpad", "sendEventsMode"], "readOnly": false, "type": "one of \"disabled\", \"enabled\", \"disabled-on-external-mouse\""}, "services.libinput.touchpad.tapping": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables tap-to-click behavior.\n", "loc": ["services", "libinput", "touchpad", "tapping"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.tappingButtonMap": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively.\n", "loc": ["services", "libinput", "touchpad", "tappingButtonMap"], "readOnly": false, "type": "null or one of \"lrm\", \"lmr\""}, "services.libinput.touchpad.tappingDragLock": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap-\nand-drag will not immediately release the button. If the finger is set down again within the\ntimeout, the dragging process continues.\n", "loc": ["services", "libinput", "touchpad", "tappingDragLock"], "readOnly": false, "type": "boolean"}, "services.libinput.touchpad.transformationMatrix": {"declarations": ["nixos/modules/services/hardware/libinput.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string of 9 space-separated floating point numbers. Sets the transformation matrix to\nthe 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).\n", "example": {"_type": "literalExpression", "text": "\"0.5 0 0 0 0.8 0.1 0 0 1\""}, "loc": ["services", "libinput", "touchpad", "transformationMatrix"], "readOnly": false, "type": "null or string"}, "services.librechat.credentials": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets.\nSee [LibreChat environment variables](https://www.librechat.ai/docs/configuration/dotenv).\nAlternatively you can use `services.librechat.credentialsFile` to define all the variables in a single file.\n", "example": {"_type": "literalExpression", "text": "{\n  CREDS_KEY = \"/run/secrets/creds_key\";\n}"}, "loc": ["services", "librechat", "credentials"], "readOnly": false, "type": "attribute set of absolute path"}, "services.librechat.credentialsFile": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Path to a file that contains environment variables.\nSee [LibreChat environment variables](https://www.librechat.ai/docs/configuration/dotenv).\n\nExample content of the file:\n```\nCREDS_KEY=6d6deb03cdfb27ea454f6b9ddd42494bdce4af25d50d8aee454ddce583690cc5\n```\n\nAlternatively you can use `services.librechat.credentials` to define the value of each variable in a separate file.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/librechat\""}, "loc": ["services", "librechat", "credentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.librechat.dataDir": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/librechat\""}, "description": "Absolute path for where the LibreChat server will use as its data directory to store logs, user uploads, and generated images.", "example": {"_type": "literalExpression", "text": "\"/persist/librechat\""}, "loc": ["services", "librechat", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.librechat.enable": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the LibreChat server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "librechat", "enable"], "readOnly": false, "type": "boolean"}, "services.librechat.enableLocalDB": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a local mongodb instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "librechat", "enableLocalDB"], "readOnly": false, "type": "boolean"}, "services.librechat.env": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "description": "Environment variables that will be set for the service.\nSee [LibreChat environment variables](https://www.librechat.ai/docs/configuration/dotenv).\n", "example": {"_type": "literalExpression", "text": "{\n  ALLOW_REGISTRATION = true;\n  CONSOLE_JSON_STRING_LENGTH = 255;\n  HOST = \"0.0.0.0\";\n  PORT = 2309;\n}"}, "loc": ["services", "librechat", "env"], "readOnly": false, "type": "open submodule of attribute set of (string or absolute path or (string or signed integer convertible to it) or (string or floating point number convertible to it) or (string or 16 bit unsigned integer; between 0 and 65535 (both inclusive) convertible to it) or (string or boolean convertible to it))"}, "services.librechat.env.PORT": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "3080"}, "description": "The value that will be passed to the PORT environment variable, telling LibreChat what to listen on.", "example": {"_type": "literalExpression", "text": "2309"}, "loc": ["services", "librechat", "env", "PORT"], "readOnly": false, "type": "string or 16 bit unsigned integer; between 0 and 65535 (both inclusive) convertible to it"}, "services.librechat.group": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "\"librechat\""}, "description": "The group to run the service as.", "example": {"_type": "literalExpression", "text": "\"users\""}, "loc": ["services", "librechat", "group"], "readOnly": false, "type": "string"}, "services.librechat.openFirewall": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the port in the firewall.\n", "loc": ["services", "librechat", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.librechat.package": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.librechat"}, "description": "The librechat package to use.", "loc": ["services", "librechat", "package"], "readOnly": false, "type": "package"}, "services.librechat.settings": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A free-form attribute set that will be written to librechat.yaml.\nSee the [LibreChat configuration options](https://www.librechat.ai/docs/configuration/librechat_yaml).\nYou can use environment variables by wrapping them in $\\{}. Take care to escape the \\$ character.\n", "example": {"_type": "literalExpression", "text": "{\n  cache = true;\n  endpoints = {\n    custom = [\n      {\n        apiKey = \"\\${OPENROUTER_KEY}\";\n        baseURL = \"https://openrouter.ai/api/v1\";\n        dropParams = [\n          \"stop\"\n        ];\n        modelDisplayLabel = \"OpenRouter\";\n        models = {\n          default = [\n            \"meta-llama/llama-3-70b-instruct\"\n          ];\n          fetch = true;\n        };\n        name = \"OpenRouter\";\n        titleConvo = true;\n        titleModule = \"meta-llama/llama-3-70b-instruct\";\n      }\n    ];\n  };\n  interface = {\n    privacyPolicy = {\n      externalUrl = \"https://librechat.ai/privacy-policy\";\n      openNewTab = true;\n    };\n  };\n  version = \"1.0.8\";\n}"}, "loc": ["services", "librechat", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.librechat.user": {"declarations": ["nixos/modules/services/web-apps/librechat.nix"], "default": {"_type": "literalExpression", "text": "\"librechat\""}, "description": "The user to run the service as.", "example": {"_type": "literalExpression", "text": "\"alice\""}, "loc": ["services", "librechat", "user"], "readOnly": false, "type": "string"}, "services.librenms.dataDir": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/librenms\""}, "description": "Path of the LibreNMS state directory.\n", "loc": ["services", "librenms", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.librenms.database.createLocally": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create a local database automatically.\n", "loc": ["services", "librenms", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.librenms.database.database": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"librenms\""}, "description": "Name of the database on the MySQL/MariaDB server.\n", "loc": ["services", "librenms", "database", "database"], "readOnly": false, "type": "string"}, "services.librenms.database.host": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname or IP of the MySQL/MariaDB server.\nIgnored if 'socket' is defined.\n", "loc": ["services", "librenms", "database", "host"], "readOnly": false, "type": "unspecified value"}, "services.librenms.database.passwordFile": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password for the user of the MySQL/MariaDB server.\nMust be readable for the LibreNMS user.\nIgnored if 'socket' is defined, mandatory otherwise.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/mysql.pass\""}, "loc": ["services", "librenms", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.database.port": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Port of the MySQL/MariaDB server.\nIgnored if 'socket' is defined.\n", "loc": ["services", "librenms", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.librenms.database.socket": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A unix socket to mysql, accessible by the librenms user.\nUseful when mysql is on the localhost.\n", "example": {"_type": "literalExpression", "text": "\"/run/mysqld/mysqld.sock\""}, "loc": ["services", "librenms", "database", "socket"], "readOnly": false, "type": "null or string"}, "services.librenms.database.username": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"librenms\""}, "description": "Name of the user on the MySQL/MariaDB server.\nIgnored if 'socket' is defined.\n", "loc": ["services", "librenms", "database", "username"], "readOnly": false, "type": "string"}, "services.librenms.distributedPoller.distributedBilling": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable distributed billing on this poller.\n\nNote: according to [the docs](https://docs.librenms.org/Extensions/Distributed-Poller/#discovery),\nbilling should only be calculated on a single node per poller group. You can disable billing on\nsome nodes with the `services.librenms.enableLocalBilling` option.\n", "loc": ["services", "librenms", "distributedPoller", "distributedBilling"], "readOnly": false, "type": "boolean"}, "services.librenms.distributedPoller.enable": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure this LibreNMS instance as a [distributed poller](https://docs.librenms.org/Extensions/Distributed-Poller/).\nThis will disable all web features and just configure the poller features.\nUse the `mysql` database of your main LibreNMS instance in the database settings.\n", "loc": ["services", "librenms", "distributedPoller", "enable"], "readOnly": false, "type": "boolean"}, "services.librenms.distributedPoller.group": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Group(s) of this poller.\n", "example": {"_type": "literalExpression", "text": "\"1,2\""}, "loc": ["services", "librenms", "distributedPoller", "group"], "readOnly": false, "type": "string"}, "services.librenms.distributedPoller.memcachedHost": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "description": "Hostname or IP of the `memcached` server.\n", "loc": ["services", "librenms", "distributedPoller", "memcachedHost"], "readOnly": false, "type": "string"}, "services.librenms.distributedPoller.memcachedPort": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "11211"}, "description": "Port of the `memcached` server.\n", "loc": ["services", "librenms", "distributedPoller", "memcachedPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.librenms.distributedPoller.name": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom name of this poller.\n", "loc": ["services", "librenms", "distributedPoller", "name"], "readOnly": false, "type": "null or string"}, "services.librenms.distributedPoller.rrdcachedHost": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "description": "Hostname or IP of the `rrdcached` server.\n", "loc": ["services", "librenms", "distributedPoller", "rrdcachedHost"], "readOnly": false, "type": "string"}, "services.librenms.distributedPoller.rrdcachedPort": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "42217"}, "description": "Port of the `memcached` server.\n", "loc": ["services", "librenms", "distributedPoller", "rrdcachedPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.librenms.enable": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LibreNMS network monitoring system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "librenms", "enable"], "readOnly": false, "type": "boolean"}, "services.librenms.enableLocalBilling": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable billing Cron-Jobs on the local instance. Enabled by default, but you may disable it\non some nodes within a distributed poller setup. See [the docs](https://docs.librenms.org/Extensions/Distributed-Poller/#discovery)\nfor more informations about billing with distributed pollers.\n", "loc": ["services", "librenms", "enableLocalBilling"], "readOnly": false, "type": "boolean"}, "services.librenms.enableOneMinutePolling": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the [1-Minute Polling](https://docs.librenms.org/Support/1-Minute-Polling/).\nChanging this option will automatically convert your existing rrd files.\n", "loc": ["services", "librenms", "enableOneMinutePolling"], "readOnly": false, "type": "boolean"}, "services.librenms.environmentFile": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing env-vars to be substituted into the final config. Useful for secrets.\nDoes not apply to settings defined in `extraConfig`.\n", "loc": ["services", "librenms", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.librenms.extraConfig": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Additional config for LibreNMS that will be appended to the `config.php`. See\n<https://github.com/librenms/librenms/blob/master/misc/config_definitions.json>\nfor possible options. Useful if you want to use PHP-Functions in your config.\n", "loc": ["services", "librenms", "extraConfig"], "readOnly": false, "type": "null or string"}, "services.librenms.finalPackage": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "package"}, "description": "The final package used by the module. This is the package that has all overrides.\n", "loc": ["services", "librenms", "finalPackage"], "readOnly": true, "type": "package"}, "services.librenms.group": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"librenms\""}, "description": "Name of the LibreNMS group.\n", "loc": ["services", "librenms", "group"], "readOnly": false, "type": "string"}, "services.librenms.hostname": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "The hostname to serve LibreNMS on.\n", "loc": ["services", "librenms", "hostname"], "readOnly": false, "type": "string"}, "services.librenms.logDir": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/librenms\""}, "description": "Path of the LibreNMS logging directory.\n", "loc": ["services", "librenms", "logDir"], "readOnly": false, "type": "absolute path"}, "services.librenms.nginx": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "With this option, you can customize the nginx virtualHost settings.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"librenms.${config.networking.domain}\"\n  ];\n  # To enable encryption and let let's encrypt take care of certificate\n  forceSSL = true;\n  enableACME = true;\n  # To set the LibreNMS virtualHost as the default virtualHost;\n  default = true;\n}\n"}, "loc": ["services", "librenms", "nginx"], "readOnly": false, "type": "submodule"}, "services.librenms.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "librenms", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.acmeRoot": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "librenms", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.addSSL": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "librenms", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.basicAuth": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "librenms", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.librenms.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "librenms", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.nginx.default": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "librenms", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.enableACME": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "librenms", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.extraConfig": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "librenms", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.librenms.nginx.forceSSL": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "librenms", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.globalRedirect": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "librenms", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.http2": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "librenms", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.http3": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "librenms", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.http3_hq": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "librenms", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.kTLS": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "librenms", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.listen": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "librenms", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.librenms.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "description": "Listen address.", "loc": ["services", "librenms", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.librenms.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "librenms", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.librenms.nginx.listen.*.port": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "librenms", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.librenms.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "librenms", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "librenms", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.listenAddresses": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "librenms", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.librenms.nginx.locations": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "librenms", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.librenms.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.librenms.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "librenms", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "librenms", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.librenms.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "librenms", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.librenms.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "librenms", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.librenms.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "librenms", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "librenms", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.librenms.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "librenms", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.onlySSL": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "librenms", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.quic": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "librenms", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.redirectCode": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "librenms", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.librenms.nginx.rejectSSL": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "librenms", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.reuseport": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "librenms", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.librenms.nginx.root": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "librenms", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.nginx.serverAliases": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "librenms", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.librenms.nginx.serverName": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "librenms", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.librenms.nginx.sslCertificate": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "librenms", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.librenms.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "librenms", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.librenms.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "librenms", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.librenms.nginx.useACMEHost": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "librenms", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.librenms.package": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "pkgs.librenms"}, "description": "The librenms package to use.", "loc": ["services", "librenms", "package"], "readOnly": false, "type": "package"}, "services.librenms.phpOptions": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"date.timezone\" = {\n    _type = \"literalExpression\";\n    text = \"config.time.timeZone\";\n  };\n  log_errors = \"on\";\n  memory_limit = {\n    _type = \"literalExpression\";\n    text = \"\\${toString cfg.settings.php_memory_limit}M\";\n  };\n  \"opcache.enable\" = {\n    _type = \"literalExpression\";\n    text = \"1\";\n  };\n  \"opcache.memory_consumption\" = {\n    _type = \"literalExpression\";\n    text = \"256\";\n  };\n  post_max_size = \"100M\";\n  upload_max_filesize = \"100M\";\n  zend_extension = {\n    _type = \"literalExpression\";\n    text = \"opcache\";\n  };\n}"}, "description": "Options for PHP's php.ini file for librenms.\n\nPlease note that this option is _additive_ on purpose while the\nattribute values inside the default are option defaults: that means that\n\n```nix\n{\n  services.librenms.phpOptions.\"opcache.enable\" = 1;\n}\n```\n\nwill override the `php.ini` option `opcache.enable` without discarding the rest of the defaults.\n\nOverriding all of `phpOptions` can be done like this:\n\n```nix\n{\n  services.librenms.phpOptions = lib.mkForce {\n    /* ... */\n  };\n}\n```\n", "loc": ["services", "librenms", "phpOptions"], "readOnly": false, "type": "attribute set of (string or signed integer)"}, "services.librenms.pollerThreads": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Amount of threads of the cron-poller.\n", "loc": ["services", "librenms", "pollerThreads"], "readOnly": false, "type": "signed integer"}, "services.librenms.poolConfig": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the LibreNMS PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "librenms", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.librenms.settings": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset of the LibreNMS configuration.\nSee <https://docs.librenms.org/Support/Configuration/> for reference.\nAll possible options are listed [here](https://github.com/librenms/librenms/blob/master/resources/definitions/config_definitions.json).\nSee <https://docs.librenms.org/Extensions/Authentication/> for setting other authentication methods.\n", "example": {"_type": "literalExpression", "text": "{\n  base_url = \"/librenms/\";\n  top_devices = true;\n  top_ports = false;\n}"}, "loc": ["services", "librenms", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.librenms.useDistributedPollers": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables [distributed pollers](https://docs.librenms.org/Extensions/Distributed-Poller/)\nfor this LibreNMS instance. This will enable a local `rrdcached` and `memcached` server.\n\nTo use this feature, make sure to configure your firewall that the distributed pollers\ncan reach the local `mysql`, `rrdcached` and `memcached` ports.\n", "loc": ["services", "librenms", "useDistributedPollers"], "readOnly": false, "type": "boolean"}, "services.librenms.user": {"declarations": ["nixos/modules/services/monitoring/librenms.nix"], "default": {"_type": "literalExpression", "text": "\"librenms\""}, "description": "Name of the LibreNMS user.\n", "loc": ["services", "librenms", "user"], "readOnly": false, "type": "string"}, "services.librespeed.domain": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If not `null`, this will add an entry to `services.librespeed.servers` and\nconfigure librespeed to use TLS.\n", "loc": ["services", "librespeed", "domain"], "readOnly": false, "type": "null or non-empty string"}, "services.librespeed.downloadIPDB": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "!(config.services.librespeed.secrets ? \"ipinfo_api_key\")"}, "description": "Whether to download the IP info database before starting librespeed.\nDisable this if you want to use the Go implementation.\n", "loc": ["services", "librespeed", "downloadIPDB"], "readOnly": false, "type": "boolean"}, "services.librespeed.enable": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LibreSpeed server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "librespeed", "enable"], "readOnly": false, "type": "boolean"}, "services.librespeed.frontend.contactEmail": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "description": "Email address listed in the privacy policy.", "loc": ["services", "librespeed", "frontend", "contactEmail"], "readOnly": false, "type": "string"}, "services.librespeed.frontend.enable": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the LibreSpeed frontend and adds a nginx virtual host if\nnot explicitly disabled and `services.librespeed.domain` is not `null`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "librespeed", "frontend", "enable"], "readOnly": false, "type": "boolean"}, "services.librespeed.frontend.pageTitle": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "\"LibreSpeed\""}, "description": "Title of the webpage.", "loc": ["services", "librespeed", "frontend", "pageTitle"], "readOnly": false, "type": "string"}, "services.librespeed.frontend.servers": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "description": "LibreSpeed servers that should appear in the server list.", "loc": ["services", "librespeed", "frontend", "servers"], "readOnly": false, "type": "list of (submodule)"}, "services.librespeed.frontend.servers.*.dlURL": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "\"backend/garbage\""}, "description": "URL path to download test on this server.\nAppend `.php` to the default value if the server uses the php implementation.\n", "loc": ["services", "librespeed", "frontend", "servers", "*", "dlURL"], "readOnly": false, "type": "non-empty string"}, "services.librespeed.frontend.servers.*.getIpURL": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "\"backend/getIP\""}, "description": "URL path to IP lookup on this server.\nAppend `.php` to the default value if the server uses the php implementation.\n", "loc": ["services", "librespeed", "frontend", "servers", "*", "getIpURL"], "readOnly": false, "type": "non-empty string"}, "services.librespeed.frontend.servers.*.name": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "description": "Name shown in the server list.", "loc": ["services", "librespeed", "frontend", "servers", "*", "name"], "readOnly": false, "type": "non-empty string"}, "services.librespeed.frontend.servers.*.pingURL": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "\"backend/empty\""}, "description": "URL path to latency/jitter test on this server.\nAppend `.php` to the default value if the server uses the php implementation.\n", "loc": ["services", "librespeed", "frontend", "servers", "*", "pingURL"], "readOnly": false, "type": "non-empty string"}, "services.librespeed.frontend.servers.*.server": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "description": "URL to the server. You may use `//` instead of `http://` or `https://`.", "loc": ["services", "librespeed", "frontend", "servers", "*", "server"], "readOnly": false, "type": "non-empty string"}, "services.librespeed.frontend.servers.*.ulURL": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "\"backend/empty\""}, "description": "URL path to upload test on this server.\nAppend `.php` to the default value if the server uses the php implementation.\n", "loc": ["services", "librespeed", "frontend", "servers", "*", "ulURL"], "readOnly": false, "type": "non-empty string"}, "services.librespeed.frontend.settings": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "{\n  telemetry_level = \"basic\";\n}"}, "description": "Override default settings of the speedtest web client.\nSee [speedtest_worker.js][link] for a list of possible values.\n\n[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39\n", "loc": ["services", "librespeed", "frontend", "settings"], "readOnly": false, "type": "null or (open submodule of attribute set of (boolean or signed integer or string or floating point number))"}, "services.librespeed.frontend.useNginx": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "config.services.librespeed.domain != null"}, "description": "Configure nginx for the LibreSpeed frontend.\nThis will only create a virtual host for the frontend and won't proxy all requests because\nthe reported upload and download speeds are inaccurate if proxied.\n", "loc": ["services", "librespeed", "frontend", "useNginx"], "readOnly": false, "type": "boolean"}, "services.librespeed.package": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.librespeed-rust"}, "description": "The librespeed-rust package to use.", "loc": ["services", "librespeed", "package"], "readOnly": false, "type": "package"}, "services.librespeed.secrets": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of filesystem paths.\nThe contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.\n", "loc": ["services", "librespeed", "secrets"], "readOnly": false, "type": "null or (attribute set of absolute path not in the Nix store)"}, "services.librespeed.settings": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "{\n  assets_path = if (config.services.librespeed.frontend.enable && !config.services.librespeed.frontend.useNginx) then\n    librespeedAssets\n  else\n    pkgs.writeTextDir \"index.html\" \"\";\n\n  bind_address = \"::\";\n  listen_port = 8989;\n  base_url = \"backend\";\n  worker_threads = \"auto\";\n\n  database_type = \"none\";\n  database_file = \"/var/lib/librespeed/speedtest.sqlite\";\n\n  # librespeed-rust will fail to start if the following config parameters are omitted.\n  ipinfo_api_key = \"\";\n  stats_password = \"\";\n\n  redact_ip_addresses = false;\n  result_image_theme = \"light\";\n\n  enable_tls = config.services.librespeed.tlsCertificate != null && config.services.librespeed.tlsKey != null;\n  tls_cert_file = lib.optionalString (config.services.librespeed.tlsCertificate != null) \"/run/credentials/librespeed.service/cert.pem\";\n  tls_key_file = lib.optionalString (config.services.librespeed.tlsKey != null) \"/run/credentials/librespeed.service/key.pem\";\n}\n"}, "description": "LibreSpeed configuration written as Nix expression.\nAll values set to `null` will be excluded from the evaluated config.\nThis is useful if you want to omit certain defaults when using a different LibreSpeed implementation.\n\nSee [github.com/librespeed](https://github.com/librespeed/speedtest-rust) for configuration help.\n", "loc": ["services", "librespeed", "settings"], "readOnly": false, "type": "null or (attribute set of (null or boolean or signed integer or string or package))"}, "services.librespeed.tlsCertificate": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "lib.optionalString (config.services.librespeed.useACMEHost != null) \"${config.security.acme.certs.${config.services.librespeed.useACMEHost}.directory}/cert.pem\""}, "description": "TLS certificate to use. Use together with `tlsKey`.", "loc": ["services", "librespeed", "tlsCertificate"], "readOnly": false, "type": "null or non-empty string"}, "services.librespeed.tlsKey": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "lib.optionalString (config.services.librespeed.useACMEHost != null) \"${config.security.acme.certs.${config.services.librespeed.useACMEHost}.directory}/key.pem\""}, "description": "TLS private key to use. Use together with `tlsCertificate`.", "loc": ["services", "librespeed", "tlsKey"], "readOnly": false, "type": "null or non-empty string"}, "services.librespeed.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/librespeed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use a certificate generated by the NixOS ACME module for the given host.\nNote that this will not generate a new certificate - you will need to do so with `security.acme.certs`.\n", "example": {"_type": "literalExpression", "text": "\"speed.example.com\""}, "loc": ["services", "librespeed", "useACMEHost"], "readOnly": false, "type": "null or non-empty string"}, "services.libreswan.configSetup": {"declarations": ["nixos/modules/services/networking/libreswan.nix"], "default": {"_type": "literalExpression", "text": "''\n  protostack=netkey\n  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10\n''"}, "description": "Options to go in the 'config setup' section of the Libreswan IPsec configuration", "example": {"_type": "literalExpression", "text": "''\n  secretsfile=/root/ipsec.secrets\n  protostack=netkey\n  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10\n''"}, "loc": ["services", "libreswan", "configSetup"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.libreswan.connections": {"declarations": ["nixos/modules/services/networking/libreswan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of connections to define for the Libreswan IPsec service", "example": {"_type": "literalExpression", "text": "{ myconnection = ''\n    auto=add\n    left=%defaultroute\n    leftid=@user\n\n    right=my.vpn.com\n\n    ikev2=no\n    ikelifetime=8h\n  '';\n}\n"}, "loc": ["services", "libreswan", "connections"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.libreswan.disableRedirects": {"declarations": ["nixos/modules/services/networking/libreswan.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to disable send and accept redirects for all network interfaces.\nSee the Libreswan [\nFAQ](https://libreswan.org/wiki/FAQ#Why_is_it_recommended_to_disable_send_redirects_in_.2Fproc.2Fsys.2Fnet_.3F) page for why this is recommended.\n", "loc": ["services", "libreswan", "disableRedirects"], "readOnly": false, "type": "boolean"}, "services.libreswan.enable": {"declarations": ["nixos/modules/services/networking/libreswan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Libreswan IPsec service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libreswan", "enable"], "readOnly": false, "type": "boolean"}, "services.libreswan.policies": {"declarations": ["nixos/modules/services/networking/libreswan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of policies to apply to the IPsec connections.\n\n::: {.note}\nThe policy name must match the one of connection it needs to apply to.\n:::\n", "example": {"_type": "literalExpression", "text": "{ private-or-clear = ''\n    # Attempt opportunistic IPsec for the entire Internet\n    0.0.0.0/0\n    ::/0\n  '';\n}\n"}, "loc": ["services", "libreswan", "policies"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.libretranslate.configureNginx": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure nginx as a reverse proxy for LibreTranslate.", "loc": ["services", "libretranslate", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.libretranslate.dataDir": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/libretranslate\""}, "description": "The data directory.", "example": {"_type": "literalExpression", "text": "\"/srv/data/libretranslate\""}, "loc": ["services", "libretranslate", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.libretranslate.disableWebUI": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the Web UI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libretranslate", "disableWebUI"], "readOnly": false, "type": "boolean"}, "services.libretranslate.domain": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The domain serving your LibreTranslate instance.\nRequired for configure nginx as a reverse proxy.\n", "example": {"_type": "literalExpression", "text": "\"libretranslate.example.com\""}, "loc": ["services", "libretranslate", "domain"], "readOnly": false, "type": "string"}, "services.libretranslate.enable": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LibreTranslate service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libretranslate", "enable"], "readOnly": false, "type": "boolean"}, "services.libretranslate.enableApiKeys": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the API keys database.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libretranslate", "enableApiKeys"], "readOnly": false, "type": "boolean"}, "services.libretranslate.extraArgs": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra arguments passed to the LibreTranslate.", "example": {"_type": "literalExpression", "text": "{\n  debug = true;\n  disable-files-translation = true;\n  url-prefix = \"translate\";\n}"}, "loc": ["services", "libretranslate", "extraArgs"], "readOnly": false, "type": "attribute set of (null or boolean or string or signed integer or list of (boolean or string or signed integer))"}, "services.libretranslate.group": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "\"libretranslate\""}, "description": "Group account under which libretranslate runs.", "loc": ["services", "libretranslate", "group"], "readOnly": false, "type": "string"}, "services.libretranslate.host": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address the application should listen on.", "loc": ["services", "libretranslate", "host"], "readOnly": false, "type": "string"}, "services.libretranslate.package": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libretranslate"}, "description": "The libretranslate package to use.", "loc": ["services", "libretranslate", "package"], "readOnly": false, "type": "package"}, "services.libretranslate.port": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "The the application should listen on.", "loc": ["services", "libretranslate", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.libretranslate.threads": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set number of threads.", "example": {"_type": "literalExpression", "text": "8"}, "loc": ["services", "libretranslate", "threads"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.libretranslate.updateModels": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Update language models at startup", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libretranslate", "updateModels"], "readOnly": false, "type": "boolean"}, "services.libretranslate.user": {"declarations": ["nixos/modules/services/web-apps/libretranslate.nix"], "default": {"_type": "literalExpression", "text": "\"libretranslate\""}, "description": "User account under which libretranslate runs.", "loc": ["services", "libretranslate", "user"], "readOnly": false, "type": "string"}, "services.libvirtd.autoSnapshot.calendar": {"declarations": ["nixos/modules/services/backup/libvirtd-autosnapshot.nix"], "default": {"_type": "literalExpression", "text": "\"04:15:00\""}, "description": "When to create snapshots (systemd calendar format).\nDefault is 4:15 AM.\n", "loc": ["services", "libvirtd", "autoSnapshot", "calendar"], "readOnly": false, "type": "string"}, "services.libvirtd.autoSnapshot.enable": {"declarations": ["nixos/modules/services/backup/libvirtd-autosnapshot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LibVirt VM snapshots.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "libvirtd", "autoSnapshot", "enable"], "readOnly": false, "type": "boolean"}, "services.libvirtd.autoSnapshot.keep": {"declarations": ["nixos/modules/services/backup/libvirtd-autosnapshot.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Default number of snapshots to keep for VMs that don't specify a keep value.", "loc": ["services", "libvirtd", "autoSnapshot", "keep"], "readOnly": false, "type": "signed integer"}, "services.libvirtd.autoSnapshot.prefix": {"declarations": ["nixos/modules/services/backup/libvirtd-autosnapshot.nix"], "default": {"_type": "literalExpression", "text": "\"autosnap\""}, "description": "Prefix for automatic snapshot names.\nThis is used to identify and manage automatic snapshots\nseparately from manual ones.\n", "loc": ["services", "libvirtd", "autoSnapshot", "prefix"], "readOnly": false, "type": "string"}, "services.libvirtd.autoSnapshot.snapshotType": {"declarations": ["nixos/modules/services/backup/libvirtd-autosnapshot.nix"], "default": {"_type": "literalExpression", "text": "\"internal\""}, "description": "Type of snapshot to create (internal or external).", "loc": ["services", "libvirtd", "autoSnapshot", "snapshotType"], "readOnly": false, "type": "one of \"internal\", \"external\""}, "services.libvirtd.autoSnapshot.vms": {"declarations": ["nixos/modules/services/backup/libvirtd-autosnapshot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified only the list of VMs will be snapshotted else all existing one. Each entry can be either:\n- A string (VM name, uses default settings)\n- An attribute set with VM configuration\n", "example": {"_type": "literalExpression", "text": "[\n  \"myvm1\"              # Uses defaults\n  {\n    name = \"myvm2\";\n    keep = 30;         # Override retention\n  }\n]\n"}, "loc": ["services", "libvirtd", "autoSnapshot", "vms"], "readOnly": false, "type": "null or (list of (string or (submodule)))"}, "services.lidarr.dataDir": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lidarr/.config/Lidarr\""}, "description": "The directory where Lidarr stores its data files.", "loc": ["services", "lidarr", "dataDir"], "readOnly": false, "type": "string"}, "services.lidarr.enable": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Lidarr, a Usenet/BitTorrent music downloader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lidarr", "enable"], "readOnly": false, "type": "boolean"}, "services.lidarr.environmentFiles": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment file to pass secret configuration values.\nEach line must follow the `LIDARR__SECTION__KEY=value` pattern.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n", "loc": ["services", "lidarr", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.lidarr.group": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "\"lidarr\""}, "description": "Group under which Lidarr runs.\n", "loc": ["services", "lidarr", "group"], "readOnly": false, "type": "string"}, "services.lidarr.openFirewall": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Lidarr\n", "loc": ["services", "lidarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.lidarr.package": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lidarr"}, "description": "The lidarr package to use.", "loc": ["services", "lidarr", "package"], "readOnly": false, "type": "package"}, "services.lidarr.settings": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n\nWARNING: this configuration is stored in the world-readable Nix store!\nFor secrets use [](#opt-services.lidarr.environmentFiles).\n", "example": {"_type": "literalExpression", "text": "{\n  update.mechanism = \"internal\";\n  server = {\n    urlbase = \"localhost\";\n    port = 8686;\n    bindaddress = \"*\";\n  };\n}\n"}, "loc": ["services", "lidarr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.lidarr.settings.log.analyticsEnabled": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send Anonymous Usage Data", "loc": ["services", "lidarr", "settings", "log", "analyticsEnabled"], "readOnly": false, "type": "boolean"}, "services.lidarr.settings.server.port": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "8686"}, "description": "Port Number", "loc": ["services", "lidarr", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lidarr.settings.update.automatically": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically download and install updates.", "loc": ["services", "lidarr", "settings", "update", "automatically"], "readOnly": false, "type": "boolean"}, "services.lidarr.settings.update.mechanism": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "which update mechanism to use", "loc": ["services", "lidarr", "settings", "update", "mechanism"], "readOnly": false, "type": "null or one of \"external\", \"builtIn\", \"script\""}, "services.lidarr.user": {"declarations": ["nixos/modules/services/misc/servarr/lidarr.nix"], "default": {"_type": "literalExpression", "text": "\"lidarr\""}, "description": "User account under which Lidarr runs.\n", "loc": ["services", "lidarr", "user"], "readOnly": false, "type": "string"}, "services.lifecycled.awsRegion": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The region used for accessing AWS services.\n", "loc": ["services", "lifecycled", "awsRegion"], "readOnly": false, "type": "null or string"}, "services.lifecycled.cloudwatchGroup": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Write logs to a specific Cloudwatch Logs group.\n", "loc": ["services", "lifecycled", "cloudwatchGroup"], "readOnly": false, "type": "null or string"}, "services.lifecycled.cloudwatchStream": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Write logs to a specific Cloudwatch Logs stream. Defaults to the instance ID.\n", "loc": ["services", "lifecycled", "cloudwatchStream"], "readOnly": false, "type": "null or string"}, "services.lifecycled.debug": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable debugging information.\n", "loc": ["services", "lifecycled", "debug"], "readOnly": false, "type": "boolean"}, "services.lifecycled.enable": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lifecycled, a daemon for responding to AWS AutoScaling Lifecycle Hooks.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lifecycled", "enable"], "readOnly": false, "type": "boolean"}, "services.lifecycled.handler": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "description": "The script to invoke to handle events.\n", "loc": ["services", "lifecycled", "handler"], "readOnly": false, "type": "absolute path"}, "services.lifecycled.instanceId": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The instance ID to listen for events for.\n", "loc": ["services", "lifecycled", "instanceId"], "readOnly": false, "type": "null or string"}, "services.lifecycled.json": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable JSON logging.\n", "loc": ["services", "lifecycled", "json"], "readOnly": false, "type": "boolean"}, "services.lifecycled.noSpot": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable the spot termination listener.\n", "loc": ["services", "lifecycled", "noSpot"], "readOnly": false, "type": "boolean"}, "services.lifecycled.queueCleaner.enable": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lifecycled-queue-cleaner.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lifecycled", "queueCleaner", "enable"], "readOnly": false, "type": "boolean"}, "services.lifecycled.queueCleaner.frequency": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "How often to trigger the queue cleaner.\n\nNOTE: This string should be a valid value for a systemd\ntimer's `OnCalendar` configuration. See\n{manpage}`systemd.timer(5)`\nfor more information.\n", "loc": ["services", "lifecycled", "queueCleaner", "frequency"], "readOnly": false, "type": "string"}, "services.lifecycled.queueCleaner.parallel": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "The number of parallel deletes to run.\n", "loc": ["services", "lifecycled", "queueCleaner", "parallel"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.lifecycled.snsTopic": {"declarations": ["nixos/modules/services/misc/lifecycled.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SNS topic that receives events.\n", "loc": ["services", "lifecycled", "snsTopic"], "readOnly": false, "type": "null or string"}, "services.lighthouse.beacon": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Beacon node", "loc": ["services", "lighthouse", "beacon"], "readOnly": false, "type": "submodule"}, "services.lighthouse.beacon.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Listen address of Beacon node.\n", "loc": ["services", "lighthouse", "beacon", "address"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.dataDir": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lighthouse-beacon\""}, "description": "Directory where data will be stored. Each chain will be stored under it's own specific subdirectory.\n", "loc": ["services", "lighthouse", "beacon", "dataDir"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.disableDepositContractSync": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Explicitly disables syncing of deposit logs from the execution node.\nThis overrides any previous option that depends on it.\nUseful if you intend to run a non-validating beacon node.\n", "loc": ["services", "lighthouse", "beacon", "disableDepositContractSync"], "readOnly": false, "type": "boolean"}, "services.lighthouse.beacon.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Lightouse Beacon node.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lighthouse", "beacon", "enable"], "readOnly": false, "type": "boolean"}, "services.lighthouse.beacon.execution.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address for the execution layer.\n", "loc": ["services", "lighthouse", "beacon", "execution", "address"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.execution.jwtPath": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path for the jwt secret required to connect to the execution layer.\n", "loc": ["services", "lighthouse", "beacon", "execution", "jwtPath"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.execution.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "8551"}, "description": "Port number the Beacon node will be listening on for the execution layer.\n", "loc": ["services", "lighthouse", "beacon", "execution", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lighthouse.beacon.extraArgs": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional arguments passed to the lighthouse beacon command.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "lighthouse", "beacon", "extraArgs"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.http.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Beacon node RPC service.\n", "loc": ["services", "lighthouse", "beacon", "http", "address"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.http.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Beacon node http api.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lighthouse", "beacon", "http", "enable"], "readOnly": false, "type": "boolean"}, "services.lighthouse.beacon.http.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "5052"}, "description": "Port number of Beacon node RPC service.\n", "loc": ["services", "lighthouse", "beacon", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lighthouse.beacon.metrics.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Beacon node metrics service.\n", "loc": ["services", "lighthouse", "beacon", "metrics", "address"], "readOnly": false, "type": "string"}, "services.lighthouse.beacon.metrics.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Beacon node prometheus metrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lighthouse", "beacon", "metrics", "enable"], "readOnly": false, "type": "boolean"}, "services.lighthouse.beacon.metrics.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "5054"}, "description": "Port number of Beacon node metrics service.\n", "loc": ["services", "lighthouse", "beacon", "metrics", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lighthouse.beacon.openFirewall": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the port in the firewall\n", "loc": ["services", "lighthouse", "beacon", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.lighthouse.beacon.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "Port number the Beacon node will be listening on.\n", "loc": ["services", "lighthouse", "beacon", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lighthouse.extraArgs": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional arguments passed to every lighthouse command.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "lighthouse", "extraArgs"], "readOnly": false, "type": "string"}, "services.lighthouse.network": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"mainnet\""}, "description": "The network to connect to. Mainnet is the default ethereum network.\n", "loc": ["services", "lighthouse", "network"], "readOnly": false, "type": "one of \"mainnet\", \"gnosis\", \"chiado\", \"sepolia\", \"holesky\""}, "services.lighthouse.package": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lighthouse"}, "description": "The lighthouse package to use.", "loc": ["services", "lighthouse", "package"], "readOnly": false, "type": "package"}, "services.lighthouse.validator": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Validator node", "loc": ["services", "lighthouse", "validator"], "readOnly": false, "type": "submodule"}, "services.lighthouse.validator.beaconNodes": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://localhost:5052\"\n]"}, "description": "Beacon nodes to connect to.\n", "loc": ["services", "lighthouse", "validator", "beaconNodes"], "readOnly": false, "type": "list of string"}, "services.lighthouse.validator.dataDir": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lighthouse-validator\""}, "description": "Directory where data will be stored. Each chain will be stored under it's own specific subdirectory.\n", "loc": ["services", "lighthouse", "validator", "dataDir"], "readOnly": false, "type": "string"}, "services.lighthouse.validator.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Lightouse Validator node.", "loc": ["services", "lighthouse", "validator", "enable"], "readOnly": false, "type": "boolean"}, "services.lighthouse.validator.extraArgs": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional arguments passed to the lighthouse validator command.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "lighthouse", "validator", "extraArgs"], "readOnly": false, "type": "string"}, "services.lighthouse.validator.metrics.address": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Validator node metrics service.\n", "loc": ["services", "lighthouse", "validator", "metrics", "address"], "readOnly": false, "type": "string"}, "services.lighthouse.validator.metrics.enable": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Validator node prometheus metrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lighthouse", "validator", "metrics", "enable"], "readOnly": false, "type": "boolean"}, "services.lighthouse.validator.metrics.port": {"declarations": ["nixos/modules/services/blockchain/ethereum/lighthouse.nix"], "default": {"_type": "literalExpression", "text": "5056"}, "description": "Port number of Validator node metrics service.\n", "loc": ["services", "lighthouse", "validator", "metrics", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lighttpd.cgit.configText": {"declarations": ["nixos/modules/services/web-servers/lighttpd/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim contents of the cgit runtime configuration file. Documentation\n(with cgitrc example file) is available in \"man cgitrc\". Or online:\n<http://git.zx2c4.com/cgit/tree/cgitrc.5.txt>\n", "example": {"_type": "literalExpression", "text": "''\n  source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py\n  about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh\n  cache-size=1000\n  scan-path=/srv/git\n''\n"}, "loc": ["services", "lighttpd", "cgit", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.lighttpd.cgit.enable": {"declarations": ["nixos/modules/services/web-servers/lighttpd/cgit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, enable cgit (fast web interface for git repositories) as a\nsub-service in lighttpd.\n", "loc": ["services", "lighttpd", "cgit", "enable"], "readOnly": false, "type": "boolean"}, "services.lighttpd.cgit.subdir": {"declarations": ["nixos/modules/services/web-servers/lighttpd/cgit.nix"], "default": {"_type": "literalExpression", "text": "\"cgit\""}, "description": "The subdirectory in which to serve cgit. The web application will be\naccessible at http://yourserver/${subdir}\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "lighttpd", "cgit", "subdir"], "readOnly": false, "type": "string"}, "services.lighttpd.collectd.collectionCgi": {"declarations": ["nixos/modules/services/web-servers/lighttpd/collectd.nix"], "default": {"_type": "literalMD", "text": "`config.services.collectd.package` configured for lighttpd\n"}, "description": "Path to collection.cgi script from (collectd sources)/contrib/collection.cgi\nThis option allows to use a customized version\n", "loc": ["services", "lighttpd", "collectd", "collectionCgi"], "readOnly": false, "type": "absolute path"}, "services.lighttpd.collectd.enable": {"declarations": ["nixos/modules/services/web-servers/lighttpd/collectd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable collectd subservice accessible at http://yourserver/collectd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lighttpd", "collectd", "enable"], "readOnly": false, "type": "boolean"}, "services.lighttpd.configText": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Overridable config file contents to use for lighttpd. By default, use\nthe contents automatically generated by NixOS.\n", "example": {"_type": "literalExpression", "text": "\"...verbatim config file contents...\""}, "loc": ["services", "lighttpd", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.lighttpd.document-root": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"/srv/www\""}, "description": "Document-root of the web server. Must be readable by the \"lighttpd\" user.\n", "loc": ["services", "lighttpd", "document-root"], "readOnly": false, "type": "absolute path"}, "services.lighttpd.enable": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the lighttpd web server.\n", "loc": ["services", "lighttpd", "enable"], "readOnly": false, "type": "boolean"}, "services.lighttpd.enableModules": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of lighttpd modules to enable. Sub-services take care of\nenabling modules as needed, so this option is mainly for when you\nwant to add custom stuff to\n{option}`services.lighttpd.extraConfig` that depends on a\ncertain module.\n", "example": {"_type": "literalExpression", "text": "[\n  \"mod_cgi\"\n  \"mod_status\"\n]"}, "loc": ["services", "lighttpd", "enableModules"], "readOnly": false, "type": "list of string"}, "services.lighttpd.enableUpstreamMimeTypes": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to include the list of mime types bundled with lighttpd\n(upstream). If you disable this, no mime types will be added by\nNixOS and you will have to add your own mime types in\n{option}`services.lighttpd.extraConfig`.\n", "loc": ["services", "lighttpd", "enableUpstreamMimeTypes"], "readOnly": false, "type": "boolean"}, "services.lighttpd.extraConfig": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These configuration lines will be appended to the generated lighttpd\nconfig file. Note that this mechanism does not work when the manual\n{option}`configText` option is used.\n", "loc": ["services", "lighttpd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.lighttpd.gitweb.enable": {"declarations": ["nixos/modules/services/web-servers/lighttpd/gitweb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb\n", "loc": ["services", "lighttpd", "gitweb", "enable"], "readOnly": false, "type": "boolean"}, "services.lighttpd.mod_status": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Show server status overview at /server-status, statistics at\n/server-statistics and list of loaded modules at /server-config.\n", "loc": ["services", "lighttpd", "mod_status"], "readOnly": false, "type": "boolean"}, "services.lighttpd.mod_userdir": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, requests in the form /~user/page.html are rewritten to take\nthe file public_html/page.html from the home directory of the user.\n", "loc": ["services", "lighttpd", "mod_userdir"], "readOnly": false, "type": "boolean"}, "services.lighttpd.package": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lighttpd"}, "description": "The lighttpd package to use.", "loc": ["services", "lighttpd", "package"], "readOnly": false, "type": "package"}, "services.lighttpd.port": {"declarations": ["nixos/modules/services/web-servers/lighttpd/default.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "TCP port number for lighttpd to bind to.\n", "loc": ["services", "lighttpd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.limesurvey.config": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LimeSurvey configuration. Refer to\n<https://manual.limesurvey.org/Optional_settings>\nfor details on supported values.\n", "loc": ["services", "limesurvey", "config"], "readOnly": false, "type": "limesurvey config type (str, int, bool or attribute set thereof)"}, "services.limesurvey.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.\nThis currently only applies if database type \"mysql\" is selected.\n", "loc": ["services", "limesurvey", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.limesurvey.database.dbEngine": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"InnoDB\""}, "description": "Database storage engine to use.", "loc": ["services", "limesurvey", "database", "dbEngine"], "readOnly": false, "type": "one of \"MyISAM\", \"InnoDB\""}, "services.limesurvey.database.host": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "limesurvey", "database", "host"], "readOnly": false, "type": "string"}, "services.limesurvey.database.name": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"limesurvey\""}, "description": "Database name.", "loc": ["services", "limesurvey", "database", "name"], "readOnly": false, "type": "string"}, "services.limesurvey.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/limesurvey-dbpassword\""}, "loc": ["services", "limesurvey", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.database.port": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "limesurvey", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.limesurvey.database.socket": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "loc": ["services", "limesurvey", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.database.type": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"pgsql\""}, "loc": ["services", "limesurvey", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"pgsql\", \"odbc\", \"mssql\""}, "services.limesurvey.database.user": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"limesurvey\""}, "description": "Database user.", "loc": ["services", "limesurvey", "database", "user"], "readOnly": false, "type": "string"}, "services.limesurvey.enable": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Limesurvey web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "limesurvey", "enable"], "readOnly": false, "type": "boolean"}, "services.limesurvey.encryptionKeyFile": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "32-byte key used to encrypt variables in the database.\n\nNote: It should be string not a store path in order to prevent the password from being world readable\n", "loc": ["services", "limesurvey", "encryptionKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.encryptionNonceFile": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "24-byte used to encrypt variables in the database.\n\nNote: It should be string not a store path in order to prevent the password from being world readable\n", "loc": ["services", "limesurvey", "encryptionNonceFile"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.httpd.virtualHost": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Apache configuration can be done by adapting `services.httpd.virtualHosts.<name>`.\nSee [](#opt-services.httpd.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{\n  hostName = \"survey.example.org\";\n  adminAddr = \"webmaster@example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "limesurvey", "httpd", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.limesurvey.httpd.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.limesurvey.httpd.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.limesurvey.httpd.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.httpd.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.limesurvey.httpd.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.limesurvey.httpd.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "limesurvey", "httpd", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.limesurvey.httpd.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.limesurvey.httpd.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "limesurvey", "httpd", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.limesurvey.httpd.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Port to listen on", "loc": ["services", "limesurvey", "httpd", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.limesurvey.httpd.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "limesurvey", "httpd", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.limesurvey.httpd.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.limesurvey.httpd.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.httpd.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.limesurvey.httpd.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.limesurvey.httpd.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.limesurvey.httpd.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.limesurvey.httpd.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.limesurvey.httpd.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.httpd.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.limesurvey.httpd.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.limesurvey.httpd.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.limesurvey.httpd.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.limesurvey.httpd.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.limesurvey.httpd.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.httpd.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "limesurvey", "httpd", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.limesurvey.httpd.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "limesurvey", "httpd", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{\n  serverName = \"survey.example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "limesurvey", "nginx", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.limesurvey.nginx.virtualHost.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.basicAuth": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.limesurvey.nginx.virtualHost.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.nginx.virtualHost.default": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "default"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.limesurvey.nginx.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.http3": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "http3"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.http3_hq": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.kTLS": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "kTLS"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.limesurvey.nginx.virtualHost.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Listen address.", "loc": ["services", "limesurvey", "nginx", "virtualHost", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.limesurvey.nginx.virtualHost.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.limesurvey.nginx.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.limesurvey.nginx.virtualHost.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "limesurvey", "nginx", "virtualHost", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "limesurvey", "nginx", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.limesurvey.nginx.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.limesurvey.nginx.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.nginx.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.limesurvey.nginx.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.limesurvey.nginx.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.limesurvey.nginx.virtualHost.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.nginx.virtualHost.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.quic": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "quic"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.redirectCode": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.limesurvey.nginx.virtualHost.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.reuseport": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "reuseport"], "readOnly": false, "type": "boolean"}, "services.limesurvey.nginx.virtualHost.root": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "root"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.nginx.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.limesurvey.nginx.virtualHost.serverName": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "serverName"], "readOnly": false, "type": "null or string"}, "services.limesurvey.nginx.virtualHost.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.limesurvey.nginx.virtualHost.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.limesurvey.nginx.virtualHost.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "limesurvey", "nginx", "virtualHost", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.limesurvey.nginx.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "limesurvey", "nginx", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.limesurvey.package": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "pkgs.limesurvey"}, "description": "The limesurvey package to use.", "loc": ["services", "limesurvey", "package"], "readOnly": false, "type": "package"}, "services.limesurvey.poolConfig": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the LimeSurvey PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "limesurvey", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.limesurvey.webserver": {"declarations": ["nixos/modules/services/web-apps/limesurvey.nix"], "default": {"_type": "literalExpression", "text": "\"httpd\""}, "description": "Webserver to configure for reverse-proxying limesurvey.\n", "example": {"_type": "literalExpression", "text": "\"nginx\""}, "loc": ["services", "limesurvey", "webserver"], "readOnly": false, "type": "one of \"httpd\", \"nginx\""}, "services.linkwarden.cacheLocation": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/linkwarden\""}, "description": "Directory used as cache. If it is not the default, the directory has to be created manually such that the linkwarden user is able to read and write to it.", "loc": ["services", "linkwarden", "cacheLocation"], "readOnly": false, "type": "absolute path"}, "services.linkwarden.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the automatic creation of the database for Linkwarden..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "linkwarden", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.linkwarden.database.host": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path.", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "linkwarden", "database", "host"], "readOnly": false, "type": "string"}, "services.linkwarden.database.name": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"linkwarden\""}, "description": "The name of the Linkwarden database.", "loc": ["services", "linkwarden", "database", "name"], "readOnly": false, "type": "string"}, "services.linkwarden.database.port": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Port of the postgresql server.", "loc": ["services", "linkwarden", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.linkwarden.database.user": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"linkwarden\""}, "description": "The database user for Linkwarden.", "loc": ["services", "linkwarden", "database", "user"], "readOnly": false, "type": "string"}, "services.linkwarden.enable": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Linkwarden.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "linkwarden", "enable"], "readOnly": false, "type": "boolean"}, "services.linkwarden.enableRegistration": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable registration for new users.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "linkwarden", "enableRegistration"], "readOnly": false, "type": "boolean"}, "services.linkwarden.environment": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration environment variables. Refer to the [documentation](https://docs.linkwarden.app/self-hosting/environment-variables) for options.\n", "example": {"_type": "literalExpression", "text": "{\n  PAGINATION_TAKE_COUNT = \"50\";\n}"}, "loc": ["services", "linkwarden", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.linkwarden.environmentFile": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of a file with extra environment variables to be loaded from disk.\nThis file is not added to the nix store, so it can be used to pass secrets to linkwarden.\nRefer to the [documentation](https://docs.linkwarden.app/self-hosting/environment-variables) for options.\n\nLinkwarden needs at least a nextauth secret. To set a database password use POSTGRES_PASSWORD:\n```\nNEXTAUTH_SECRET=<secret>\nPOSTGRES_PASSWORD=<pass>\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/linkwarden\""}, "loc": ["services", "linkwarden", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.linkwarden.group": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"linkwarden\""}, "description": "The group Linkwarden should run as.", "loc": ["services", "linkwarden", "group"], "readOnly": false, "type": "string"}, "services.linkwarden.host": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host that Linkwarden will listen on.", "loc": ["services", "linkwarden", "host"], "readOnly": false, "type": "string"}, "services.linkwarden.openFirewall": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the Linkwarden port in the firewall", "loc": ["services", "linkwarden", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.linkwarden.package": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linkwarden"}, "description": "The linkwarden package to use.", "loc": ["services", "linkwarden", "package"], "readOnly": false, "type": "package"}, "services.linkwarden.port": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port that Linkwarden will listen on.", "loc": ["services", "linkwarden", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.linkwarden.secretFiles": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set containing paths to files to add to the environment of linkwarden.\nThe files are not added to the nix store, so they can be used to pass secrets to linkwarden.\nRefer to the [documentation](https://docs.linkwarden.app/self-hosting/environment-variables) for options.\n\nLinkwarden needs at least a nextauth secret. To set a database password use POSTGRES_PASSWORD:\n```\nNEXTAUTH_SECRET=<secret>\nPOSTGRES_PASSWORD=<pass>\n```\n", "example": {"_type": "literalExpression", "text": "{\n  NEXTAUTH_SECRET = \"/run/secrets/linkwarden_secret\";\n  POSTGRES_PASSWORD = \"/run/secrets/linkwarden_postgres_passwd\";\n}"}, "loc": ["services", "linkwarden", "secretFiles"], "readOnly": false, "type": "attribute set of (null or string)"}, "services.linkwarden.storageLocation": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/linkwarden\""}, "description": "Directory used to store media files. If it is not the default, the directory has to be created manually such that the linkwarden user is able to read and write to it.", "loc": ["services", "linkwarden", "storageLocation"], "readOnly": false, "type": "absolute path"}, "services.linkwarden.user": {"declarations": ["nixos/modules/services/web-apps/linkwarden.nix"], "default": {"_type": "literalExpression", "text": "\"linkwarden\""}, "description": "The user Linkwarden should run as.", "loc": ["services", "linkwarden", "user"], "readOnly": false, "type": "string"}, "services.linux-enable-ir-emitter.device": {"declarations": ["nixos/modules/services/misc/linux-enable-ir-emitter.nix"], "default": {"_type": "literalExpression", "text": "\"video2\""}, "description": "IR camera device to depend on. For example, for `/dev/video2`\nthe value would be `video2`. Find this with the command\n{command}`realpath /dev/v4l/by-path/<generated-driver-name>`.\n", "loc": ["services", "linux-enable-ir-emitter", "device"], "readOnly": false, "type": "string"}, "services.linux-enable-ir-emitter.enable": {"declarations": ["nixos/modules/services/misc/linux-enable-ir-emitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IR emitter hardware. Designed to be used with the\nHowdy facial authentication. After enabling the service, configure\nthe emitter with `sudo linux-enable-ir-emitter configure`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "linux-enable-ir-emitter", "enable"], "readOnly": false, "type": "boolean"}, "services.linux-enable-ir-emitter.package": {"declarations": ["nixos/modules/services/misc/linux-enable-ir-emitter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linux-enable-ir-emitter"}, "description": "Package to use for the Linux Enable IR Emitter service.\n", "loc": ["services", "linux-enable-ir-emitter", "package"], "readOnly": false, "type": "package"}, "services.linyaps.boxPackage": {"declarations": ["nixos/modules/services/desktops/linyaps.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linyaps-box"}, "description": "The linyaps-box package to use.", "loc": ["services", "linyaps", "boxPackage"], "readOnly": false, "type": "package"}, "services.linyaps.enable": {"declarations": ["nixos/modules/services/desktops/linyaps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable linyaps, a cross-distribution package manager with sandboxed apps and shared runtime.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "linyaps", "enable"], "readOnly": false, "type": "boolean"}, "services.linyaps.package": {"declarations": ["nixos/modules/services/desktops/linyaps.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linyaps"}, "description": "The linyaps package to use.", "loc": ["services", "linyaps", "package"], "readOnly": false, "type": "package"}, "services.linyaps.webStoreInstallerPackage": {"declarations": ["nixos/modules/services/desktops/linyaps.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linyaps-web-store-installer"}, "description": "The linyaps-web-store-installer package to use.", "loc": ["services", "linyaps", "webStoreInstallerPackage"], "readOnly": false, "type": "package"}, "services.liquidsoap.streams": {"declarations": ["nixos/modules/services/audio/liquidsoap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of Liquidsoap streams to start,\none systemd service per stream.\n", "example": {"_type": "literalExpression", "text": "{\n  myStream1 = \"/etc/liquidsoap/myStream1.liq\";\n  myStream2 = ./myStream2.liq;\n  myStream3 = \"out(playlist(\\\"/srv/music/\\\"))\";\n}\n"}, "loc": ["services", "liquidsoap", "streams"], "readOnly": false, "type": "attribute set of (absolute path or string)"}, "services.lirc.configs": {"declarations": ["nixos/modules/services/hardware/lirc.nix"], "description": "Configurations for lircd to load, see man:lircd.conf(5) for details ({file}`lircd.conf`)", "loc": ["services", "lirc", "configs"], "readOnly": false, "type": "list of strings concatenated with \"\\n\""}, "services.lirc.enable": {"declarations": ["nixos/modules/services/hardware/lirc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the LIRC daemon, to receive and send infrared signals.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lirc", "enable"], "readOnly": false, "type": "boolean"}, "services.lirc.extraArguments": {"declarations": ["nixos/modules/services/hardware/lirc.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to lircd.", "loc": ["services", "lirc", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.lirc.options": {"declarations": ["nixos/modules/services/hardware/lirc.nix"], "description": "LIRC default options described in man:lircd(8) ({file}`lirc_options.conf`)", "example": {"_type": "literalExpression", "text": "''\n  [lircd]\n  nodaemon = False\n''"}, "loc": ["services", "lirc", "options"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.listmonk.database.createLocally": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create the PostgreSQL database and database user locally.", "loc": ["services", "listmonk", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.listmonk.database.mutableSettings": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Database settings will be reset to the value set in this module if this is not enabled.\nEnable this if you want to persist changes you have done in the application.\n", "loc": ["services", "listmonk", "database", "mutableSettings"], "readOnly": false, "type": "boolean"}, "services.listmonk.database.settings": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Dynamic settings in the PostgreSQL database, set by a SQL script, see <https://github.com/knadh/listmonk/blob/master/schema.sql#L177-L230> for details.", "loc": ["services", "listmonk", "database", "settings"], "readOnly": false, "type": "null or (open submodule of attribute set of ((list of string) or list of attribute set of anything or string or signed integer or boolean))"}, "services.listmonk.database.settings.\"app.notify_emails\"": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Administrator emails for system notifications", "loc": ["services", "listmonk", "database", "settings", "app.notify_emails"], "readOnly": false, "type": "list of string"}, "services.listmonk.database.settings.\"bounce.mailboxes\"": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of bounce mailboxes", "loc": ["services", "listmonk", "database", "settings", "bounce.mailboxes"], "readOnly": false, "type": "list of (open submodule of list of attribute set of anything)"}, "services.listmonk.database.settings.\"privacy.domain_blocklist\"": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "E-mail addresses with these domains are disallowed from subscribing.", "loc": ["services", "listmonk", "database", "settings", "privacy.domain_blocklist"], "readOnly": false, "type": "list of string"}, "services.listmonk.database.settings.\"privacy.exportable\"": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"profile\"\n  \"subscriptions\"\n  \"campaign_views\"\n  \"link_clicks\"\n]"}, "description": "List of fields which can be exported through an automatic export request", "loc": ["services", "listmonk", "database", "settings", "privacy.exportable"], "readOnly": false, "type": "list of string"}, "services.listmonk.database.settings.messengers": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of messengers, see: <https://github.com/knadh/listmonk/blob/master/models/settings.go#L64-L74> for options.", "loc": ["services", "listmonk", "database", "settings", "messengers"], "readOnly": false, "type": "list of string"}, "services.listmonk.database.settings.smtp": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "description": "List of outgoing SMTP servers", "loc": ["services", "listmonk", "database", "settings", "smtp"], "readOnly": false, "type": "list of (open submodule of attribute set of anything)"}, "services.listmonk.database.settings.smtp.*.enabled": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable this SMTP server for listmonk.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "listmonk", "database", "settings", "smtp", "*", "enabled"], "readOnly": false, "type": "boolean"}, "services.listmonk.database.settings.smtp.*.host": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "description": "Hostname for the SMTP server", "loc": ["services", "listmonk", "database", "settings", "smtp", "*", "host"], "readOnly": false, "type": "string"}, "services.listmonk.database.settings.smtp.*.max_conns": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Maximum number of simultaneous connections, defaults to 1", "loc": ["services", "listmonk", "database", "settings", "smtp", "*", "max_conns"], "readOnly": false, "type": "signed integer"}, "services.listmonk.database.settings.smtp.*.port": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "description": "Port for the SMTP server", "loc": ["services", "listmonk", "database", "settings", "smtp", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.listmonk.database.settings.smtp.*.tls_type": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "description": "Type of TLS authentication with the SMTP server", "loc": ["services", "listmonk", "database", "settings", "smtp", "*", "tls_type"], "readOnly": false, "type": "one of \"none\", \"STARTTLS\", \"TLS\""}, "services.listmonk.enable": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Listmonk, this module assumes a reverse proxy to be set.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "listmonk", "enable"], "readOnly": false, "type": "boolean"}, "services.listmonk.package": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.listmonk"}, "description": "The listmonk package to use.", "loc": ["services", "listmonk", "package"], "readOnly": false, "type": "package"}, "services.listmonk.secretFile": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing secrets as environment variables. See <https://listmonk.app/docs/configuration/#environment-variables> for details on supported values.", "loc": ["services", "listmonk", "secretFile"], "readOnly": false, "type": "null or string"}, "services.listmonk.settings": {"declarations": ["nixos/modules/services/mail/listmonk.nix"], "description": "Static settings set in the config.toml, see <https://github.com/knadh/listmonk/blob/master/config.toml.sample> for details.\nYou can set secrets using the secretFile option with environment variables following <https://listmonk.app/docs/configuration/#environment-variables>.\n", "loc": ["services", "listmonk", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.litellm.enable": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LiteLLM server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "litellm", "enable"], "readOnly": false, "type": "boolean"}, "services.litellm.environment": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "{\n  ANONYMIZED_TELEMETRY = \"False\";\n  DO_NOT_TRACK = \"True\";\n  SCARF_NO_ANALYTICS = \"True\";\n}"}, "description": "Extra environment variables for LiteLLM.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    NO_DOCS=\"True\";\n  }\n''"}, "loc": ["services", "litellm", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.litellm.environmentFile": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/liteLLMSecrets\""}, "loc": ["services", "litellm", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.litellm.host": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address which the LiteLLM server HTTP interface listens to.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "litellm", "host"], "readOnly": false, "type": "string"}, "services.litellm.openFirewall": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for LiteLLM.\nThis adds `services.litellm.port` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "litellm", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.litellm.package": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.litellm"}, "description": "The litellm package to use.", "loc": ["services", "litellm", "package"], "readOnly": false, "type": "package"}, "services.litellm.port": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Which port the LiteLLM server listens to.\n", "example": {"_type": "literalExpression", "text": "11111"}, "loc": ["services", "litellm", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.litellm.settings": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for LiteLLM.\nSee <https://docs.litellm.ai/docs/proxy/configs> for more.\n", "loc": ["services", "litellm", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.litellm.settings.environment_variables": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to pass to the Lite\n", "loc": ["services", "litellm", "settings", "environment_variables"], "readOnly": false, "type": "YAML 1.1 value"}, "services.litellm.settings.general_settings": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LiteLLM Server settings\n", "loc": ["services", "litellm", "settings", "general_settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.litellm.settings.litellm_settings": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LiteLLM Module settings\n", "loc": ["services", "litellm", "settings", "litellm_settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.litellm.settings.model_list": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of supported models on the server, with model-specific configs.\n", "loc": ["services", "litellm", "settings", "model_list"], "readOnly": false, "type": "YAML 1.1 value"}, "services.litellm.settings.router_settings": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LiteLLM Router settings\n", "loc": ["services", "litellm", "settings", "router_settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.litellm.stateDir": {"declarations": ["nixos/modules/services/misc/litellm.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/litellm\""}, "description": "State directory of LiteLLM.", "example": {"_type": "literalExpression", "text": "\"/home/foo\""}, "loc": ["services", "litellm", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.litestream.enable": {"declarations": ["nixos/modules/services/network-filesystems/litestream/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable litestream.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "litestream", "enable"], "readOnly": false, "type": "boolean"}, "services.litestream.environmentFile": {"declarations": ["nixos/modules/services/network-filesystems/litestream/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the\nworld-readable Nix store, by specifying placeholder variables as\nthe option value in Nix and setting these variables accordingly in the\nenvironment file.\n\nBy default, Litestream will perform environment variable expansion\nwithin the config file before reading it. Any references to $VAR or\n${VAR} formatted variables will be replaced with their environment\nvariable values. If no value is set then it will be replaced with an\nempty string.\n\n```\n  # Content of the environment file\n  LITESTREAM_ACCESS_KEY_ID=AKIAxxxxxxxxxxxxxxxx\n  LITESTREAM_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxx\n```\n\nNote that this file needs to be available on the host on which\nthis exporter is running.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/litestream\""}, "loc": ["services", "litestream", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.litestream.package": {"declarations": ["nixos/modules/services/network-filesystems/litestream/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.litestream"}, "description": "The litestream package to use.", "loc": ["services", "litestream", "package"], "readOnly": false, "type": "package"}, "services.litestream.settings": {"declarations": ["nixos/modules/services/network-filesystems/litestream/default.nix"], "description": "See the [documentation](https://litestream.io/reference/config/).\n", "example": {"_type": "literalExpression", "text": "{\n  dbs = [\n    {\n      path = \"/var/lib/db1\";\n      replicas = [\n        {\n          url = \"s3://mybkt.litestream.io/db1\";\n        }\n      ];\n    }\n  ];\n}"}, "loc": ["services", "litestream", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.livebook.enableUserService": {"declarations": ["nixos/modules/services/development/livebook.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a user service for Livebook.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "livebook", "enableUserService"], "readOnly": false, "type": "boolean"}, "services.livebook.environment": {"declarations": ["nixos/modules/services/development/livebook.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set.\n\nLivebook is configured through the use of environment variables. The\navailable configuration options can be found in the [Livebook\ndocumentation](https://hexdocs.pm/livebook/readme.html#environment-variables).\n\nNote that all environment variables set through this configuration\nparameter will be readable by anyone with access to the host\nmachine. Therefore, sensitive information like {env}`LIVEBOOK_PASSWORD`\nor {env}`LIVEBOOK_COOKIE` should never be set using this configuration\noption, but should instead use\n[](#opt-services.livebook.environmentFile). See the documentation for\nthat option for more information.\n\nAny environment variables specified in the\n[](#opt-services.livebook.environmentFile) will supersede environment\nvariables specified in this option.\n", "example": {"_type": "literalExpression", "text": "{\n  LIVEBOOK_PORT = 8080;\n}\n"}, "loc": ["services", "livebook", "environment"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or string)"}, "services.livebook.environmentFile": {"declarations": ["nixos/modules/services/development/livebook.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Additional environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the\npassword needed to access the livebook site) or {env}`LIVEBOOK_COOKIE`\n(which is used to specify the\n[cookie](https://www.erlang.org/doc/reference_manual/distributed.html#security)\nused to connect to the running Elixir system) may be passed to the\nservice without making them readable to everyone with access to\nsystemctl by using this configuration parameter.\n\nNote that this file needs to be available on the host on which\n`livebook` is running.\n\nFor security purposes, this file should contain at least\n{env}`LIVEBOOK_PASSWORD` or {env}`LIVEBOOK_TOKEN_ENABLED=false`.\n\nSee the [Livebook\ndocumentation](https://hexdocs.pm/livebook/readme.html#environment-variables)\nand the [](#opt-services.livebook.environment) configuration parameter\nfor further options.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/livebook.env\""}, "loc": ["services", "livebook", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.livebook.extraPackages": {"declarations": ["nixos/modules/services/development/livebook.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to make available to the Livebook service.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ gcc gnumake ]"}, "loc": ["services", "livebook", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.livebook.package": {"declarations": ["nixos/modules/services/development/livebook.nix"], "default": {"_type": "literalExpression", "text": "pkgs.livebook"}, "description": "The livebook package to use.", "loc": ["services", "livebook", "package"], "readOnly": false, "type": "package"}, "services.livekit.enable": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the livekit server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "livekit", "enable"], "readOnly": false, "type": "boolean"}, "services.livekit.ingress.enable": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the livekit ingress service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "livekit", "ingress", "enable"], "readOnly": false, "type": "boolean"}, "services.livekit.ingress.environmentFile": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.\n\nUse this to specify `LIVEKIT_API_KEY` and `LIVEKIT_API_SECRET`.\n", "loc": ["services", "livekit", "ingress", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.livekit.ingress.openFirewall.rtc": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open WebRTC ports in the firewall.", "loc": ["services", "livekit", "ingress", "openFirewall", "rtc"], "readOnly": false, "type": "boolean"}, "services.livekit.ingress.openFirewall.rtmp": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open RTMP port in the firewall.", "loc": ["services", "livekit", "ingress", "openFirewall", "rtmp"], "readOnly": false, "type": "boolean"}, "services.livekit.ingress.openFirewall.whip": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open WHIP port in the firewall.", "loc": ["services", "livekit", "ingress", "openFirewall", "whip"], "readOnly": false, "type": "boolean"}, "services.livekit.ingress.package": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "pkgs.livekit-ingress"}, "description": "The livekit-ingress package to use.", "loc": ["services", "livekit", "ingress", "package"], "readOnly": false, "type": "package"}, "services.livekit.ingress.settings": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LiveKit Ingress configuration.\n\nSee <https://github.com/livekit/ingress?tab=readme-ov-file#config> for possible options.\n", "example": {"_type": "literalExpression", "text": "{\n  cpu_cost = {\n    rtmp_cpu_cost = 3.0;\n    whip_cpu_cost = 1.0;\n  };\n  prometheus_port = 9039;\n}"}, "loc": ["services", "livekit", "ingress", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.livekit.ingress.settings.redis.address": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "\"Host and port of the local livekit redis instance, if enabled, or null\""}, "description": "Address or hostname and port for redis connection", "example": {"_type": "literalExpression", "text": "\"redis.example.com:6379\""}, "loc": ["services", "livekit", "ingress", "settings", "redis", "address"], "readOnly": false, "type": "null or string"}, "services.livekit.ingress.settings.rtc_config.port_range_end": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "51000"}, "description": "End of UDP port range for WebRTC", "loc": ["services", "livekit", "ingress", "settings", "rtc_config", "port_range_end"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.ingress.settings.rtc_config.port_range_start": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "50000"}, "description": "Start of UDP port range for WebRTC", "loc": ["services", "livekit", "ingress", "settings", "rtc_config", "port_range_start"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.ingress.settings.rtc_config.use_external_ip": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When set to true, attempts to discover the host's public IP via STUN.\nThis is useful for cloud environments such as AWS & Google where hosts have an internal IP that maps to an external one.\n", "loc": ["services", "livekit", "ingress", "settings", "rtc_config", "use_external_ip"], "readOnly": false, "type": "boolean"}, "services.livekit.ingress.settings.rtmp_port": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "1935"}, "description": "TCP port for RTMP connections", "loc": ["services", "livekit", "ingress", "settings", "rtmp_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.ingress.settings.whip_port": {"declarations": ["nixos/modules/services/networking/livekit-ingress.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "TCP port for WHIP connections", "loc": ["services", "livekit", "ingress", "settings", "whip_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.keyFile": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "description": "LiveKit key file holding one or multiple application secrets. Use `livekit-server generate-keys` to generate a random key name and secret.\n\nThe file should have the format `<keyname>: <secret>`.\nExample:\n`lk-jwt-service: f6lQGaHtM5HfgZjIcec3cOCRfiDqIine4CpZZnqdT5cE`\n\nIndividual key/secret pairs need to be passed to clients to connect to this instance.\n", "loc": ["services", "livekit", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.livekit.openFirewall": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens port range for LiveKit on the firewall.", "loc": ["services", "livekit", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.livekit.package": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.livekit"}, "description": "The livekit package to use.", "loc": ["services", "livekit", "package"], "readOnly": false, "type": "package"}, "services.livekit.redis.createLocally": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "\"true if any other Livekit component is enabled locally else false\""}, "description": "Whether to set up a local redis instance.", "loc": ["services", "livekit", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.livekit.redis.host": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1 if config.services.livekit.redis.createLocally else null\""}, "description": "Address to bind local redis instance to.\n", "loc": ["services", "livekit", "redis", "host"], "readOnly": false, "type": "null or string"}, "services.livekit.redis.port": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port to bind local redis instance to.\n", "loc": ["services", "livekit", "redis", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.settings": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "LiveKit configuration file expressed in nix.\n\nFor an example configuration, see <https://docs.livekit.io/home/self-hosting/deployment/#configuration>.\nFor all possible values, see <https://github.com/livekit/livekit/blob/master/config-sample.yaml>.\n", "loc": ["services", "livekit", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.livekit.settings.port": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "7880"}, "description": "Main TCP port for RoomService and RTC endpoint.", "loc": ["services", "livekit", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.settings.redis.address": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "Local Redis host/port when a local ingress component is enabled else null"}, "description": "Host and port used to connect to a redis instance.", "example": {"_type": "literalExpression", "text": "\"redis.example.com:6379\""}, "loc": ["services", "livekit", "settings", "redis", "address"], "readOnly": false, "type": "null or string"}, "services.livekit.settings.rtc.port_range_end": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "51000"}, "description": "End of UDP port range for WebRTC", "loc": ["services", "livekit", "settings", "rtc", "port_range_end"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.settings.rtc.port_range_start": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "50000"}, "description": "Start of UDP port range for WebRTC", "loc": ["services", "livekit", "settings", "rtc", "port_range_start"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.livekit.settings.rtc.use_external_ip": {"declarations": ["nixos/modules/services/networking/livekit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When set to true, attempts to discover the host's public IP via STUN.\nThis is useful for cloud environments such as AWS & Google where hosts have an internal IP that maps to an external one.\n", "loc": ["services", "livekit", "settings", "rtc", "use_external_ip"], "readOnly": false, "type": "boolean"}, "services.lk-jwt-service.enable": {"declarations": ["nixos/modules/services/matrix/lk-jwt-service.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lk-jwt-service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lk-jwt-service", "enable"], "readOnly": false, "type": "boolean"}, "services.lk-jwt-service.keyFile": {"declarations": ["nixos/modules/services/matrix/lk-jwt-service.nix"], "description": "Path to a file containing the credential mapping (`<keyname>: <secret>`) to access LiveKit.\n\nExample:\n`lk-jwt-service: f6lQGaHtM5HfgZjIcec3cOCRfiDqIine4CpZZnqdT5cE`\n\nFor more information, see <https://github.com/element-hq/lk-jwt-service#configuration>.\n", "loc": ["services", "lk-jwt-service", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.lk-jwt-service.livekitUrl": {"declarations": ["nixos/modules/services/matrix/lk-jwt-service.nix"], "description": "The public websocket URL for livekit.\nThe proto needs to be either  `wss://` (recommended) or `ws://` (insecure).\n", "example": {"_type": "literalExpression", "text": "\"wss://example.com/livekit/sfu\""}, "loc": ["services", "lk-jwt-service", "livekitUrl"], "readOnly": false, "type": "string matching the pattern ^wss?://.*"}, "services.lk-jwt-service.package": {"declarations": ["nixos/modules/services/matrix/lk-jwt-service.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lk-jwt-service"}, "description": "The lk-jwt-service package to use.", "loc": ["services", "lk-jwt-service", "package"], "readOnly": false, "type": "package"}, "services.lk-jwt-service.port": {"declarations": ["nixos/modules/services/matrix/lk-jwt-service.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port that lk-jwt-service should listen on.", "loc": ["services", "lk-jwt-service", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.llama-cpp.enable": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LLaMA C++ server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "llama-cpp", "enable"], "readOnly": false, "type": "boolean"}, "services.llama-cpp.extraFlags": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to llama-cpp-server.", "example": {"_type": "literalExpression", "text": "[\n  \"-c\"\n  \"4096\"\n  \"-ngl\"\n  \"32\"\n  \"--numa\"\n  \"numactl\"\n]"}, "loc": ["services", "llama-cpp", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.llama-cpp.host": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP address the LLaMA C++ server listens on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "llama-cpp", "host"], "readOnly": false, "type": "string"}, "services.llama-cpp.model": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Model path.", "example": {"_type": "literalExpression", "text": "\"/models/mistral-instruct-7b/ggml-model-q4_0.gguf\""}, "loc": ["services", "llama-cpp", "model"], "readOnly": false, "type": "null or absolute path"}, "services.llama-cpp.modelsDir": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Models directory.", "example": {"_type": "literalExpression", "text": "\"/models/\""}, "loc": ["services", "llama-cpp", "modelsDir"], "readOnly": false, "type": "null or absolute path"}, "services.llama-cpp.modelsPreset": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Models preset configuration as a Nix attribute set.\nThis is converted to an INI file and passed to llama-server via --model-preset.\nSee llama-server documentation for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  \"Qwen3-Coder-Next\" = {\n    hf-repo = \"unsloth/Qwen3-Coder-Next-GGUF\";\n    hf-file = \"Qwen3-Coder-Next-UD-Q4_K_XL.gguf\";\n    alias = \"unsloth/Qwen3-Coder-Next\";\n    fit = \"on\";\n    seed = \"3407\";\n    temp = \"1.0\";\n    top-p = \"0.95\";\n    min-p = \"0.01\";\n    top-k = \"40\";\n    jinja = \"on\";\n  };\n}\n"}, "loc": ["services", "llama-cpp", "modelsPreset"], "readOnly": false, "type": "null or (attribute set of (attribute set))"}, "services.llama-cpp.openFirewall": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for LLaMA C++ server.", "loc": ["services", "llama-cpp", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.llama-cpp.package": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.llama-cpp"}, "description": "The llama-cpp package to use.", "loc": ["services", "llama-cpp", "package"], "readOnly": false, "type": "package"}, "services.llama-cpp.port": {"declarations": ["nixos/modules/services/misc/llama-cpp.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Listen port for LLaMA C++ server.", "loc": ["services", "llama-cpp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.llama-swap.enable": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the llama-swap service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "llama-swap", "enable"], "readOnly": false, "type": "boolean"}, "services.llama-swap.listenAddress": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address that llama-swap listens on.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "llama-swap", "listenAddress"], "readOnly": false, "type": "string"}, "services.llama-swap.openFirewall": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for llama-swap.\nThis adds {option}`port` to [](#opt-networking.firewall.allowedTCPPorts).\n", "loc": ["services", "llama-swap", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.llama-swap.package": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.llama-swap"}, "description": "The llama-swap package to use.", "loc": ["services", "llama-swap", "package"], "readOnly": false, "type": "package"}, "services.llama-swap.port": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port that llama-swap listens on.\n", "example": {"_type": "literalExpression", "text": "11343"}, "loc": ["services", "llama-swap", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.llama-swap.settings": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "description": "llama-swap configuration. Refer to the [llama-swap example configuration](https://github.com/mostlygeek/llama-swap/blob/main/config.example.yaml)\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "let\n  llama-cpp = pkgs.llama-cpp.override { rocmSupport = true; };\n  llama-server = lib.getExe' llama-cpp \"llama-server\";\nin\n{\n  healthCheckTimeout = 60;\n  models = {\n    \"some-model\" = {\n      cmd = \"${llama-server} --port ${PORT} -m /var/lib/llama-cpp/models/some-model.gguf -ngl 0 --no-webui\";\n      aliases = [\n        \"the-best\"\n      ];\n    };\n    \"other-model\" = {\n      proxy = \"http://127.0.0.1:5555\";\n      cmd = \"${llama-server} --port 5555 -m /var/lib/llama-cpp/models/other-model.gguf -ngl 0 -c 4096 -np 4 --no-webui\";\n      concurrencyLimit = 4;\n    };\n  };\n};\n"}, "loc": ["services", "llama-swap", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.llama-swap.tls.certFile": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS certificate file. This certificate will be offered to,\nand may be verified by, clients.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/cert.pem\""}, "loc": ["services", "llama-swap", "tls", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.llama-swap.tls.enable": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TLS encryption.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "llama-swap", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.llama-swap.tls.keyFile": {"declarations": ["nixos/modules/services/networking/llama-swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS private key file. This key will be used to decrypt,\ndata received from clients.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/key.pem\""}, "loc": ["services", "llama-swap", "tls", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.lldap.database.createLocally": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "lldap", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.lldap.database.type": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"postgresql\""}, "loc": ["services", "lldap", "database", "type"], "readOnly": false, "type": "one of \"mariadb\", \"postgresql\", \"sqlite\""}, "services.lldap.enable": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lldap, a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lldap", "enable"], "readOnly": false, "type": "boolean"}, "services.lldap.environment": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to the service.\nAny config option name prefixed with `LLDAP_` takes priority over the one in the configuration file.\n", "example": {"_type": "literalExpression", "text": "{\n  LLDAP_JWT_SECRET_FILE = \"/run/lldap/jwt_secret\";\n  LLDAP_LDAP_USER_PASS_FILE = \"/run/lldap/user_password\";\n}"}, "loc": ["services", "lldap", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.lldap.environmentFile": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.\n", "loc": ["services", "lldap", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.lldap.package": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lldap"}, "description": "The lldap package to use.", "loc": ["services", "lldap", "package"], "readOnly": false, "type": "package"}, "services.lldap.settings": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings written directly to the {file}`lldap_config.toml` file.\nRefer to <https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml> for supported values.\n", "loc": ["services", "lldap", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.lldap.settings.database_url": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "if config.services.lldap.database.createLocally\nthen\n  if cfg.database.type == \"sqlite\"\n  then \"sqlite://./users.db?mode=rwc\"\n  else if cfg.database.type == \"postgresql\"\n  then \"postgresql:///lldap?host=/run/postgresql\"\n  else if cfg.database.type == \"mariadb\"\n  then \"mysql://lldap@localhost/lldap?socket=/run/mysqld/mysqld.sock\"\nelse null\n"}, "description": "Database URL.", "example": {"_type": "literalExpression", "text": "\"postgres://postgres-user:password@postgres-server/my-database\""}, "loc": ["services", "lldap", "settings", "database_url"], "readOnly": false, "type": "null or string"}, "services.lldap.settings.force_ldap_user_pass_reset": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force reset of the admin password.\n\nSet this setting to `\"always\"` to update the admin password when `ldap_user_pass_file` changes.\nSetting to `\"always\"` also means any password update in the UI will be overwritten next time the service restarts.\n\nThe difference between `true` and `\"always\"` is the former is intended for a one time fix\nwhile the latter is intended for a declarative workflow. In practice, the result\nis the same: the password gets reset. The only practical difference is the former\noutputs a warning message while the latter outputs an info message.\n", "loc": ["services", "lldap", "settings", "force_ldap_user_pass_reset"], "readOnly": false, "type": "boolean or value \"always\" (singular enum)"}, "services.lldap.settings.http_host": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "The host address that the HTTP server will be bound to.", "loc": ["services", "lldap", "settings", "http_host"], "readOnly": false, "type": "string"}, "services.lldap.settings.http_port": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "17170"}, "description": "The port on which to have the HTTP server, for user login and administration.", "loc": ["services", "lldap", "settings", "http_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lldap.settings.http_url": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost\""}, "description": "The public URL of the server, for password reset links.", "loc": ["services", "lldap", "settings", "http_url"], "readOnly": false, "type": "string"}, "services.lldap.settings.jwt_secret_file": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the JWT secret.\n", "loc": ["services", "lldap", "settings", "jwt_secret_file"], "readOnly": false, "type": "null or string"}, "services.lldap.settings.ldap_base_dn": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "description": "Base DN for LDAP.", "example": {"_type": "literalExpression", "text": "\"dc=example,dc=com\""}, "loc": ["services", "lldap", "settings", "ldap_base_dn"], "readOnly": false, "type": "string"}, "services.lldap.settings.ldap_host": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "The host address that the LDAP server will be bound to.", "loc": ["services", "lldap", "settings", "ldap_host"], "readOnly": false, "type": "string"}, "services.lldap.settings.ldap_port": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "3890"}, "description": "The port on which to have the LDAP server.", "loc": ["services", "lldap", "settings", "ldap_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lldap.settings.ldap_user_dn": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "\"admin\""}, "description": "Admin username", "loc": ["services", "lldap", "settings", "ldap_user_dn"], "readOnly": false, "type": "string"}, "services.lldap.settings.ldap_user_email": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "\"admin@example.com\""}, "description": "Admin email.", "loc": ["services", "lldap", "settings", "ldap_user_email"], "readOnly": false, "type": "string"}, "services.lldap.settings.ldap_user_pass": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for default admin password.\n\nUnsecure: Use `ldap_user_pass_file` settings instead.\n", "loc": ["services", "lldap", "settings", "ldap_user_pass"], "readOnly": false, "type": "null or string"}, "services.lldap.settings.ldap_user_pass_file": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the default admin password.\n\nIf you want to update the default admin password through this setting,\nyou must set `force_ldap_user_pass_reset` to `true`.\nOtherwise changing this setting will have no effect\nunless this is the very first time LLDAP is started and its database is still empty.\n", "loc": ["services", "lldap", "settings", "ldap_user_pass_file"], "readOnly": false, "type": "null or string"}, "services.lldap.silenceForceUserPassResetWarning": {"declarations": ["nixos/modules/services/databases/lldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable warning when the admin password is set declaratively with the `ldap_user_pass_file` setting\nbut the `force_ldap_user_pass_reset` is set to `false`.\n\nThis can lead to the admin password to drift from the one given declaratively.\nIf that is okay for you and you want to silence the warning, set this option to `true`.\n", "loc": ["services", "lldap", "silenceForceUserPassResetWarning"], "readOnly": false, "type": "boolean"}, "services.lldpd.enable": {"declarations": ["nixos/modules/services/networking/lldpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Link Layer Discovery Protocol Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lldpd", "enable"], "readOnly": false, "type": "boolean"}, "services.lldpd.extraArgs": {"declarations": ["nixos/modules/services/networking/lldpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of command line parameters for lldpd", "example": {"_type": "literalExpression", "text": "[\n  \"-c\"\n  \"-k\"\n  \"-I eth0\"\n]"}, "loc": ["services", "lldpd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.local-content-share.enable": {"declarations": ["nixos/modules/services/misc/local-content-share.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Local-Content-Share.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "local-content-share", "enable"], "readOnly": false, "type": "boolean"}, "services.local-content-share.listenAddress": {"declarations": ["nixos/modules/services/misc/local-content-share.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address on which the service will be available.\n\nThe service will listen on all interfaces if set to an empty string.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "local-content-share", "listenAddress"], "readOnly": false, "type": "string"}, "services.local-content-share.openFirewall": {"declarations": ["nixos/modules/services/misc/local-content-share.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the specified port in the firewall", "loc": ["services", "local-content-share", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.local-content-share.package": {"declarations": ["nixos/modules/services/misc/local-content-share.nix"], "default": {"_type": "literalExpression", "text": "pkgs.local-content-share"}, "description": "The local-content-share package to use.", "loc": ["services", "local-content-share", "package"], "readOnly": false, "type": "package"}, "services.local-content-share.port": {"declarations": ["nixos/modules/services/misc/local-content-share.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port on which the service will be available", "loc": ["services", "local-content-share", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.localtimed.enable": {"declarations": ["nixos/modules/services/system/localtimed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable `localtimed`, a simple daemon for keeping the\nsystem timezone up-to-date based on the current location. It uses\ngeoclue2 to determine the current location.\n\nTo avoid silent overriding by the service, if you have explicitly set a\ntimezone, either remove it or ensure that it is set with a lower priority\nthan the default value using `lib.mkDefault` or `lib.mkOverride`. This is\nto make the choice deliberate. An error will be presented otherwise.\n", "loc": ["services", "localtimed", "enable"], "readOnly": false, "type": "boolean"}, "services.localtimed.geoclue2Package": {"declarations": ["nixos/modules/services/system/localtimed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.geoclue2-with-demo-agent"}, "description": "The Geoclue2 package to use.", "loc": ["services", "localtimed", "geoclue2Package"], "readOnly": false, "type": "package"}, "services.localtimed.package": {"declarations": ["nixos/modules/services/system/localtimed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.localtime"}, "description": "The localtime package to use.", "loc": ["services", "localtimed", "package"], "readOnly": false, "type": "package"}, "services.locate.enable": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, NixOS will periodically update the database of\nfiles used by the {command}`locate` command.\n", "loc": ["services", "locate", "enable"], "readOnly": false, "type": "boolean"}, "services.locate.extraFlags": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to {command}`updatedb`.\n", "loc": ["services", "locate", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.locate.interval": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "\"02:15\""}, "description": "Update the locate database at this interval. Updates by\ndefault at 2:15 AM every day.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n\nTo disable automatic updates, set to `\"never\"`\nand run {command}`updatedb` manually.\n", "example": {"_type": "literalExpression", "text": "\"hourly\""}, "loc": ["services", "locate", "interval"], "readOnly": false, "type": "string"}, "services.locate.output": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/locatedb\""}, "description": "The database file to build.\n", "loc": ["services", "locate", "output"], "readOnly": false, "type": "absolute path"}, "services.locate.package": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.plocate"}, "description": "The plocate package to use.", "example": {"_type": "literalExpression", "text": "mlocate"}, "loc": ["services", "locate", "package"], "readOnly": false, "type": "package"}, "services.locate.pruneBindMounts": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether not to index bind mounts\n", "loc": ["services", "locate", "pruneBindMounts"], "readOnly": false, "type": "boolean"}, "services.locate.pruneFS": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"afs\"\n  \"anon_inodefs\"\n  \"auto\"\n  \"autofs\"\n  \"bdev\"\n  \"binfmt\"\n  \"binfmt_misc\"\n  \"ceph\"\n  \"cgroup\"\n  \"cgroup2\"\n  \"cifs\"\n  \"coda\"\n  \"configfs\"\n  \"cramfs\"\n  \"cpuset\"\n  \"curlftpfs\"\n  \"debugfs\"\n  \"devfs\"\n  \"devpts\"\n  \"devtmpfs\"\n  \"eventpollfs\"\n  \"exofs\"\n  \"futexfs\"\n  \"ftpfs\"\n  \"fuse\"\n  \"fusectl\"\n  \"fusesmb\"\n  \"fuse.ceph\"\n  \"fuse.glusterfs\"\n  \"fuse.gvfsd-fuse\"\n  \"fuse.mfs\"\n  \"fuse.rclone\"\n  \"fuse.rozofs\"\n  \"fuse.sshfs\"\n  \"gfs\"\n  \"gfs2\"\n  \"hostfs\"\n  \"hugetlbfs\"\n  \"inotifyfs\"\n  \"iso9660\"\n  \"jffs2\"\n  \"lustre\"\n  \"lustre_lite\"\n  \"misc\"\n  \"mfs\"\n  \"mqueue\"\n  \"ncpfs\"\n  \"nfs\"\n  \"NFS\"\n  \"nfs4\"\n  \"nfsd\"\n  \"nnpfs\"\n  \"ocfs\"\n  \"ocfs2\"\n  \"pipefs\"\n  \"proc\"\n  \"ramfs\"\n  \"rpc_pipefs\"\n  \"securityfs\"\n  \"selinuxfs\"\n  \"sfs\"\n  \"shfs\"\n  \"smbfs\"\n  \"sockfs\"\n  \"spufs\"\n  \"sshfs\"\n  \"subfs\"\n  \"supermount\"\n  \"sysfs\"\n  \"tmpfs\"\n  \"tracefs\"\n  \"ubifs\"\n  \"udev\"\n  \"udf\"\n  \"usbfs\"\n  \"vboxsf\"\n  \"vperfctrfs\"\n]"}, "description": "Which filesystem types to exclude from indexing\n", "loc": ["services", "locate", "pruneFS"], "readOnly": false, "type": "list of string"}, "services.locate.pruneNames": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalMD", "text": "`[ \".bzr\" \".cache\" \".git\" \".hg\" \".svn\" ]`, if\nsupported by the locate implementation (i.e. mlocate or plocate).\n"}, "description": "Directory components which should exclude paths containing them from indexing\n", "loc": ["services", "locate", "pruneNames"], "readOnly": false, "type": "list of string"}, "services.locate.prunePaths": {"declarations": ["nixos/modules/misc/locate.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/tmp\"\n  \"/var/tmp\"\n  \"/var/cache\"\n  \"/var/lock\"\n  \"/var/run\"\n  \"/var/spool\"\n  \"/nix/store\"\n  \"/nix/var/log/nix\"\n]"}, "description": "Which paths to exclude from indexing\n", "loc": ["services", "locate", "prunePaths"], "readOnly": false, "type": "list of absolute path"}, "services.logcheck.config": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"FQDN=1\""}, "description": "Config options that you would like in logcheck.conf.\n", "loc": ["services", "logcheck", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.logcheck.enable": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable logcheck cron job, to mail anomalies in the system logfiles to the administrator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "logcheck", "enable"], "readOnly": false, "type": "boolean"}, "services.logcheck.extraGroups": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra groups for the logcheck user, for example to be able to use sendmail,\nor to access certain log files.\n", "example": {"_type": "literalExpression", "text": "[\n  \"postdrop\"\n  \"mongodb\"\n]"}, "loc": ["services", "logcheck", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.logcheck.extraRulesDirs": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories with extra rules.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/logcheck\"\n]"}, "loc": ["services", "logcheck", "extraRulesDirs"], "readOnly": false, "type": "list of absolute path"}, "services.logcheck.files": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/var/log/messages\"\n]"}, "description": "Which log files to check.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/log/messages\"\n  \"/var/log/mail\"\n]"}, "loc": ["services", "logcheck", "files"], "readOnly": false, "type": "list of absolute path"}, "services.logcheck.ignore": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines extra ignore rules.\n", "loc": ["services", "logcheck", "ignore"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.logcheck.ignore.<name>.level": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"server\""}, "description": "Set the logcheck level.\n", "loc": ["services", "logcheck", "ignore", "<name>", "level"], "readOnly": false, "type": "one of \"workstation\", \"server\", \"paranoid\""}, "services.logcheck.ignore.<name>.regex": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Regex specifying which log lines to ignore.\n", "loc": ["services", "logcheck", "ignore", "<name>", "regex"], "readOnly": false, "type": "string"}, "services.logcheck.ignoreCron": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines extra ignore rules for cronjobs.\n", "loc": ["services", "logcheck", "ignoreCron"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.logcheck.ignoreCron.<name>.cmdline": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.\n", "loc": ["services", "logcheck", "ignoreCron", "<name>", "cmdline"], "readOnly": false, "type": "string"}, "services.logcheck.ignoreCron.<name>.timeArgs": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "\"min hr dom mon dow\" crontab time args, to auto-create a cronjob too.\nLeave at null to not do this and just add a logcheck ignore rule.\n", "example": {"_type": "literalExpression", "text": "\"02 06 * * *\""}, "loc": ["services", "logcheck", "ignoreCron", "<name>", "timeArgs"], "readOnly": false, "type": "null or string"}, "services.logcheck.ignoreCron.<name>.user": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "User that runs the cronjob.\n", "loc": ["services", "logcheck", "ignoreCron", "<name>", "user"], "readOnly": false, "type": "string"}, "services.logcheck.level": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"server\""}, "description": "Set the logcheck level. Either \"workstation\", \"server\", or \"paranoid\".\n", "loc": ["services", "logcheck", "level"], "readOnly": false, "type": "string"}, "services.logcheck.mailTo": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Email address to send reports to.\n", "example": {"_type": "literalExpression", "text": "\"you@domain.com\""}, "loc": ["services", "logcheck", "mailTo"], "readOnly": false, "type": "string"}, "services.logcheck.timeOfDay": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "Time of day to run logcheck. A logcheck will be scheduled at xx:02 each day.\nLeave default (*) to run every hour. Of course when nothing special was logged,\nlogcheck will be silent.\n", "example": {"_type": "literalExpression", "text": "\"6\""}, "loc": ["services", "logcheck", "timeOfDay"], "readOnly": false, "type": "string"}, "services.logcheck.user": {"declarations": ["nixos/modules/services/logging/logcheck.nix"], "default": {"_type": "literalExpression", "text": "\"logcheck\""}, "description": "Username for the logcheck user.\n", "loc": ["services", "logcheck", "user"], "readOnly": false, "type": "string"}, "services.logind.settings.Login": {"declarations": ["nixos/modules/system/boot/systemd/logind.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings option for systemd-logind.\nSee {manpage}`logind.conf(5)` for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  HandleLidSwitch = \"ignore\";\n  KillUserProcesses = false;\n}"}, "loc": ["services", "logind", "settings", "Login"], "readOnly": false, "type": "open submodule of attribute set of (systemd option)"}, "services.logind.settings.Login.KillUserProcesses": {"declarations": ["nixos/modules/system/boot/systemd/logind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies whether the processes of a user should be killed\nwhen the user logs out.  If true, the scope unit corresponding\nto the session and all processes inside that scope will be\nterminated.  If false, the scope is \"abandoned\"\n(see {manpage}`systemd.scope(5)`),\nand processes are not killed.\n\nSee {manpage}`logind.conf(5)` for more details.\n\nDefaulted to false in nixpkgs because many tools that rely on\npersistent user processes\u2014like `tmux`, `screen`, `mosh`, `VNC`,\n`nohup`, and more \u2014 would break by the systemd-default behavior.\n", "loc": ["services", "logind", "settings", "Login", "KillUserProcesses"], "readOnly": false, "type": "boolean"}, "services.logkeys.device": {"declarations": ["nixos/modules/services/misc/logkeys.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use the given device as keyboard input event device instead of /dev/input/eventX default.", "example": {"_type": "literalExpression", "text": "\"/dev/input/event15\""}, "loc": ["services", "logkeys", "device"], "readOnly": false, "type": "null or string"}, "services.logkeys.enable": {"declarations": ["nixos/modules/services/misc/logkeys.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable logkeys, a keylogger service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "logkeys", "enable"], "readOnly": false, "type": "boolean"}, "services.logmein-hamachi.enable": {"declarations": ["nixos/modules/services/networking/logmein-hamachi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LogMeIn Hamachi, a proprietary\n(closed source) commercial VPN software.\n", "loc": ["services", "logmein-hamachi", "enable"], "readOnly": false, "type": "boolean"}, "services.logrotate.allowNetworking": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable network access for logrotate.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "logrotate", "allowNetworking"], "readOnly": false, "type": "boolean"}, "services.logrotate.checkConfig": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the config should be checked at build time.\n\nSome options are not checkable at build time because of the build sandbox:\nfor example, the test does not know about existing files and system users are\nnot known.\nThese limitations mean we must adjust the file for tests (missingok is forced\nand users are replaced by dummy users), so tests are complemented by a\nlogrotate-checkconf service that is enabled by default.\nThis extra check can be disabled by disabling it at the systemd level with the\n{option}`systemd.services.logrotate-checkconf.enable` option.\n\nConversely there are still things that might make this check fail incorrectly\n(e.g. a file path where we don't have access to intermediate directories):\nin this case you can disable the failing check with this option.\n", "loc": ["services", "logrotate", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.logrotate.configFile": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "''\n  A configuration file automatically generated by NixOS.\n''"}, "description": "Override the configuration file used by logrotate. By default,\nNixOS generates one automatically from [](#opt-services.logrotate.settings).\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"logrotate.conf\" ''\n  missingok\n  \"/var/log/*.log\" {\n    rotate 4\n    weekly\n  }\n'';\n"}, "loc": ["services", "logrotate", "configFile"], "readOnly": false, "type": "absolute path"}, "services.logrotate.enable": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "cfg.settings != {}"}, "description": "Whether to enable the logrotate systemd service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "logrotate", "enable"], "readOnly": false, "type": "boolean"}, "services.logrotate.extraArgs": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass on logrotate invocation", "loc": ["services", "logrotate", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.logrotate.settings": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "logrotate freeform settings: each attribute here will define its own section,\nordered by {option}`services.logrotate.settings.<name>.priority`,\nwhich can either define files to rotate with their settings\nor settings common to all further files settings.\nAll attribute names not explicitly defined as sub-options here are passed through\nas logrotate config directives,\nrefer to <https://linux.die.net/man/8/logrotate> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  # global options\n  header = {\n    dateext = true;\n  };\n  # example custom files\n  \"/var/log/mylog.log\" = {\n    frequency = \"daily\";\n    rotate = 3;\n  };\n  \"multiple paths\" = {\n     files = [\n      \"/var/log/first*.log\"\n      \"/var/log/second.log\"\n    ];\n  };\n  # specify custom order of sections\n  \"/var/log/myservice/*.log\" = {\n    # ensure lower priority\n    priority = 110;\n    postrotate = ''\n      systemctl reload myservice\n    '';\n  };\n};\n"}, "loc": ["services", "logrotate", "settings"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (null or signed integer or boolean or string))"}, "services.logrotate.settings.<name>.enable": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable setting individual kill switch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "logrotate", "settings", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.logrotate.settings.<name>.files": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "''\n  The attrset name if not specified\n''"}, "description": "Single or list of files for which rules are defined.\nThe files are quoted with double-quotes in logrotate configuration,\nso globs and spaces are supported.\nNote this setting is ignored if globals is true.\n", "loc": ["services", "logrotate", "settings", "<name>", "files"], "readOnly": false, "type": "string or list of string"}, "services.logrotate.settings.<name>.frequency": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How often to rotate the logs. Defaults to previously set global setting,\nwhich itself defaults to weekly.\n", "loc": ["services", "logrotate", "settings", "<name>", "frequency"], "readOnly": false, "type": "null or string"}, "services.logrotate.settings.<name>.global": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this setting is a global option or not: set to have these\nsettings apply to all files settings with a higher priority.\n", "loc": ["services", "logrotate", "settings", "<name>", "global"], "readOnly": false, "type": "boolean"}, "services.logrotate.settings.<name>.priority": {"declarations": ["nixos/modules/services/logging/logrotate.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this logrotate block in relation to the others. The semantics are\nthe same as with `lib.mkOrder`. Smaller values are inserted first.\n", "loc": ["services", "logrotate", "settings", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.logstash.dataDir": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/logstash\""}, "description": "A path to directory writable by logstash that it uses to store data.\nPlugins will also have access to this path.\n", "loc": ["services", "logstash", "dataDir"], "readOnly": false, "type": "string"}, "services.logstash.enable": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable logstash.", "loc": ["services", "logstash", "enable"], "readOnly": false, "type": "boolean"}, "services.logstash.extraJvmOptions": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra JVM options, one per line (jvm.options format).", "example": {"_type": "literalExpression", "text": "''\n  -Xms2g\n  -Xmx2g\n''"}, "loc": ["services", "logstash", "extraJvmOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.logstash.extraSettings": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra Logstash settings in YAML format.", "example": {"_type": "literalExpression", "text": "''\n  pipeline:\n    batch:\n      size: 125\n      delay: 5\n''"}, "loc": ["services", "logstash", "extraSettings"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.logstash.filterConfig": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "logstash filter configuration.", "example": {"_type": "literalExpression", "text": "''\n  if [type] == \"syslog\" {\n    # Keep only relevant systemd fields\n    # https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html\n    prune {\n      whitelist_names => [\n        \"type\", \"@timestamp\", \"@version\",\n        \"MESSAGE\", \"PRIORITY\", \"SYSLOG_FACILITY\"\n      ]\n    }\n  }\n''"}, "loc": ["services", "logstash", "filterConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.logstash.filterWorkers": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The quantity of filter workers to run.", "loc": ["services", "logstash", "filterWorkers"], "readOnly": false, "type": "signed integer"}, "services.logstash.inputConfig": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"generator { }\""}, "description": "Logstash input configuration.", "example": {"_type": "literalExpression", "text": "''\n  # Read from journal\n  pipe {\n    command => \"${config.systemd.package}/bin/journalctl -f -o json\"\n    type => \"syslog\" codec => json {}\n  }\n''\n"}, "loc": ["services", "logstash", "inputConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.logstash.listenAddress": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address on which to start webserver.", "loc": ["services", "logstash", "listenAddress"], "readOnly": false, "type": "string"}, "services.logstash.logLevel": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"warn\""}, "description": "Logging verbosity level.", "loc": ["services", "logstash", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.logstash.outputConfig": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"stdout { codec => rubydebug }\""}, "description": "Logstash output configuration.", "example": {"_type": "literalExpression", "text": "''\n  redis { host => [\"localhost\"] data_type => \"list\" key => \"logstash\" codec => json }\n  elasticsearch { }\n''"}, "loc": ["services", "logstash", "outputConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.logstash.package": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "pkgs.logstash"}, "description": "The logstash package to use.", "loc": ["services", "logstash", "package"], "readOnly": false, "type": "package"}, "services.logstash.plugins": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The paths to find other logstash plugins in.", "example": {"_type": "literalExpression", "text": "[ pkgs.logstash-contrib ]"}, "loc": ["services", "logstash", "plugins"], "readOnly": false, "type": "list of absolute path"}, "services.logstash.port": {"declarations": ["nixos/modules/services/logging/logstash.nix"], "default": {"_type": "literalExpression", "text": "\"9292\""}, "description": "Port on which to start webserver.", "loc": ["services", "logstash", "port"], "readOnly": false, "type": "string"}, "services.loki.configFile": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a configuration file that Loki should use.\n\nCannot be specified together with {option}`services.loki.configuration`.\n", "loc": ["services", "loki", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.loki.configuration": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify the configuration for Loki in Nix.\n\nSee [documentation of Grafana Loki](https://grafana.com/docs/loki/latest/configure/) for all available options.\n\nCannot be specified together with {option}`services.loki.configFile`.\n", "loc": ["services", "loki", "configuration"], "readOnly": false, "type": "JSON value"}, "services.loki.dataDir": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/loki\""}, "description": "Specify the data directory for Loki.\n", "loc": ["services", "loki", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.loki.enable": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Grafana Loki.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "loki", "enable"], "readOnly": false, "type": "boolean"}, "services.loki.extraFlags": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify a list of additional command line flags,\nwhich get escaped and are then passed to Loki.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--server.http-listen-port=3101\"\n]"}, "loc": ["services", "loki", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.loki.group": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "\"loki\""}, "description": "Group under which the Loki service runs.\n", "loc": ["services", "loki", "group"], "readOnly": false, "type": "string"}, "services.loki.package": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "pkgs.grafana-loki"}, "description": "The grafana-loki package to use.", "loc": ["services", "loki", "package"], "readOnly": false, "type": "package"}, "services.loki.user": {"declarations": ["nixos/modules/services/monitoring/loki.nix"], "default": {"_type": "literalExpression", "text": "\"loki\""}, "description": "User under which the Loki service runs.\n", "loc": ["services", "loki", "user"], "readOnly": false, "type": "string"}, "services.lokinet.enable": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Lokinet daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lokinet", "enable"], "readOnly": false, "type": "boolean"}, "services.lokinet.package": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lokinet"}, "description": "The lokinet package to use.", "loc": ["services", "lokinet", "package"], "readOnly": false, "type": "package"}, "services.lokinet.settings": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Lokinet.\nCurrently, the best way to view the available settings is by\ngenerating a config file using `lokinet -g`.\n", "example": {"_type": "literalExpression", "text": "{\n  dns = {\n    bind = \"127.3.2.1\";\n    upstream = [ \"1.1.1.1\" \"8.8.8.8\" ];\n  };\n\n  network.exit-node = [ \"example.loki\" \"example2.loki\" ];\n}\n"}, "loc": ["services", "lokinet", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.lokinet.settings.dns.bind": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "\"127.3.2.1\""}, "description": "Address to bind to for handling DNS requests.", "loc": ["services", "lokinet", "settings", "dns", "bind"], "readOnly": false, "type": "string"}, "services.lokinet.settings.dns.upstream": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"9.9.9.10\"\n]"}, "description": "Upstream resolver(s) to use as fallback for non-loki addresses.\nMultiple values accepted.\n", "example": {"_type": "literalExpression", "text": "[\n  \"1.1.1.1\"\n  \"8.8.8.8\"\n]"}, "loc": ["services", "lokinet", "settings", "dns", "upstream"], "readOnly": false, "type": "list of string"}, "services.lokinet.settings.network.exit": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to act as an exit node. Beware that this\nincreases demand on the server and may pose liability concerns.\nEnable at your own risk.\n", "loc": ["services", "lokinet", "settings", "network", "exit"], "readOnly": false, "type": "boolean"}, "services.lokinet.settings.network.exit-node": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a `.loki` address and an optional ip range to use as an exit broker.\nSee <http://probably.loki/wiki/index.php?title=Exit_Nodes> for\na list of exit nodes.\n", "example": {"_type": "literalExpression", "text": "''\n  exit-node = [ \"example.loki\" ];              # maps all exit traffic to example.loki\n  exit-node = [ \"example.loki:100.0.0.0/24\" ]; # maps 100.0.0.0/24 to example.loki\n''"}, "loc": ["services", "lokinet", "settings", "network", "exit-node"], "readOnly": false, "type": "null or (list of string)"}, "services.lokinet.settings.network.keyfile": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The private key to persist address with. If not specified the address will be ephemeral.\nThis keyfile is generated automatically if the specified file doesn't exist.\n", "example": {"_type": "literalExpression", "text": "\"snappkey.private\""}, "loc": ["services", "lokinet", "settings", "network", "keyfile"], "readOnly": false, "type": "null or string"}, "services.lokinet.useLocally": {"declarations": ["nixos/modules/services/networking/lokinet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use Lokinet locally.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lokinet", "useLocally"], "readOnly": false, "type": "boolean"}, "services.longview.apacheStatusUrl": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The Apache status page URL. If provided, Longview will\ngather statistics from this location. This requires Apache\nmod_status to be loaded and enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1/server-status\""}, "loc": ["services", "longview", "apacheStatusUrl"], "readOnly": false, "type": "string"}, "services.longview.apiKey": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Longview API key. To get this, look in Longview settings which\nare found at <https://manager.linode.com/longview/>.\n\nWarning: this secret is stored in the world-readable Nix store!\nUse {option}`apiKeyFile` instead.\n", "example": {"_type": "literalExpression", "text": "\"01234567-89AB-CDEF-0123456789ABCDEF\""}, "loc": ["services", "longview", "apiKey"], "readOnly": false, "type": "string"}, "services.longview.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the Longview API key.\nTo get this, look in Longview settings which\nare found at <https://manager.linode.com/longview/>.\n\n{option}`apiKeyFile` takes precedence over {option}`apiKey`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/longview-api-key\""}, "loc": ["services", "longview", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.longview.enable": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, system metrics will be sent to Linode LongView.\n", "loc": ["services", "longview", "enable"], "readOnly": false, "type": "boolean"}, "services.longview.mysqlPassword": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The password corresponding to {option}`mysqlUser`.\nWarning: this is stored in cleartext in the Nix store!\nUse {option}`mysqlPasswordFile` instead.\n", "loc": ["services", "longview", "mysqlPassword"], "readOnly": false, "type": "string"}, "services.longview.mysqlPasswordFile": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to {option}`mysqlUser`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/dbpassword\""}, "loc": ["services", "longview", "mysqlPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.longview.mysqlUser": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The user for connecting to the MySQL database. If provided,\nLongview will connect to MySQL and collect statistics about\nqueries, etc. This user does not need to have been granted\nany extra privileges.\n", "loc": ["services", "longview", "mysqlUser"], "readOnly": false, "type": "string"}, "services.longview.nginxStatusUrl": {"declarations": ["nixos/modules/services/monitoring/longview.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The Nginx status page URL. Longview will gather statistics\nfrom this URL. This requires the Nginx stub_status module to\nbe enabled and configured at the given location.\n", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1/nginx_status\""}, "loc": ["services", "longview", "nginxStatusUrl"], "readOnly": false, "type": "string"}, "services.lorri.enable": {"declarations": ["nixos/modules/services/development/lorri.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the daemon for `lorri`, a nix-shell replacement for project\ndevelopment. The socket-activated daemon starts on the first request\nissued by the `lorri` command.\n", "loc": ["services", "lorri", "enable"], "readOnly": false, "type": "boolean"}, "services.lorri.package": {"declarations": ["nixos/modules/services/development/lorri.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lorri"}, "description": "The lorri package to use.", "loc": ["services", "lorri", "package"], "readOnly": false, "type": "package"}, "services.lubelogger.dataDir": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "\"lubelogger\""}, "description": "Path to LubeLogger config and metadata inside of `/var/lib/`.", "loc": ["services", "lubelogger", "dataDir"], "readOnly": false, "type": "string"}, "services.lubelogger.enable": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LubeLogger, a self-hosted, open-source, web-based vehicle maintenance and fuel milage tracker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lubelogger", "enable"], "readOnly": false, "type": "boolean"}, "services.lubelogger.environmentFile": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing extra LubeLogger config options in the systemd `EnvironmentFile` format.\nRefer to the [documentation] for supported options.\n\n[documentation]: https://docs.lubelogger.com/Advanced/Environment%20Variables\n\nThis can be used to pass secrets to LubeLogger without putting them in the Nix store.\n\nFor example, to set an SMTP password, point `environmentFile` at a file containing:\n```\nMailConfig__Password=<pass>\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/lubelogger\""}, "loc": ["services", "lubelogger", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.lubelogger.group": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "\"lubelogger\""}, "description": "Group under which LubeLogger runs.", "loc": ["services", "lubelogger", "group"], "readOnly": false, "type": "string"}, "services.lubelogger.openFirewall": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the LubeLogger web interface.", "loc": ["services", "lubelogger", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.lubelogger.package": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lubelogger"}, "description": "The lubelogger package to use.", "loc": ["services", "lubelogger", "package"], "readOnly": false, "type": "package"}, "services.lubelogger.port": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "The TCP port LubeLogger will listen on.", "loc": ["services", "lubelogger", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lubelogger.settings": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for LubeLogger, see <https://docs.lubelogger.com/Environment%20Variables> for supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  LUBELOGGER_ALLOWED_FILE_EXTENSIONS = \"\";\n  LUBELOGGER_LOGO_URL = \"\";\n}"}, "loc": ["services", "lubelogger", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.lubelogger.user": {"declarations": ["nixos/modules/services/web-apps/lubelogger.nix"], "default": {"_type": "literalExpression", "text": "\"lubelogger\""}, "description": "User account under which LubeLogger runs.", "loc": ["services", "lubelogger", "user"], "readOnly": false, "type": "string"}, "services.lvm.boot.thin.enable": {"declarations": ["nixos/modules/tasks/lvm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for booting from ThinLVs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lvm", "boot", "thin", "enable"], "readOnly": false, "type": "boolean"}, "services.lvm.boot.vdo.enable": {"declarations": ["nixos/modules/tasks/lvm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for booting from VDOLVs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lvm", "boot", "vdo", "enable"], "readOnly": false, "type": "boolean"}, "services.lvm.dmeventd.enable": {"declarations": ["nixos/modules/tasks/lvm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the LVM dmevent daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lvm", "dmeventd", "enable"], "readOnly": false, "type": "boolean"}, "services.lvm.enable": {"declarations": ["nixos/modules/tasks/lvm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable lvm2.\n\n:::{.note}\nThe lvm2 package contains device-mapper udev rules and without those tools like cryptsetup do not fully function!\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lvm", "enable"], "readOnly": false, "type": "boolean"}, "services.lxd-image-server.enable": {"declarations": ["nixos/modules/services/networking/lxd-image-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lxd-image-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lxd-image-server", "enable"], "readOnly": false, "type": "boolean"}, "services.lxd-image-server.group": {"declarations": ["nixos/modules/services/networking/lxd-image-server.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Group assigned to the user and the webroot directory.", "example": {"_type": "literalExpression", "text": "\"www-data\""}, "loc": ["services", "lxd-image-server", "group"], "readOnly": false, "type": "string"}, "services.lxd-image-server.nginx.domain": {"declarations": ["nixos/modules/services/networking/lxd-image-server.nix"], "description": "Domain to use for nginx virtual host.", "example": {"_type": "literalExpression", "text": "\"images.example.org\""}, "loc": ["services", "lxd-image-server", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.lxd-image-server.nginx.enable": {"declarations": ["nixos/modules/services/networking/lxd-image-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lxd-image-server", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.lxd-image-server.settings": {"declarations": ["nixos/modules/services/networking/lxd-image-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for lxd-image-server.\n\nExample see <https://github.com/Avature/lxd-image-server/blob/master/config.toml>.\n", "loc": ["services", "lxd-image-server", "settings"], "readOnly": false, "type": "TOML value"}, "services.mackerel-agent.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "description": "Path to file containing the Mackerel API key. The file should contain a\nsingle line of the following form:\n\n`apikey = \"EXAMPLE_API_KEY\"`\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/mackerel-api-key\""}, "loc": ["services", "mackerel-agent", "apiKeyFile"], "readOnly": false, "type": "absolute path"}, "services.mackerel-agent.autoRetirement": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable retiring the host upon OS shutdown\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mackerel-agent", "autoRetirement"], "readOnly": false, "type": "boolean"}, "services.mackerel-agent.enable": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mackerel.io agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mackerel-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.mackerel-agent.runAsRoot": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable running as root.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mackerel-agent", "runAsRoot"], "readOnly": false, "type": "boolean"}, "services.mackerel-agent.settings": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for mackerel-agent.conf.\n\nDocumentation:\n<https://mackerel.io/docs/entry/spec/agent>\n", "example": {"_type": "literalExpression", "text": "{\n  silent = false;\n  verbose = false;\n}"}, "loc": ["services", "mackerel-agent", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.mackerel-agent.settings.diagnostic": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable collecting memory usage for the agent itself.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mackerel-agent", "settings", "diagnostic"], "readOnly": false, "type": "boolean"}, "services.mackerel-agent.settings.host_status.on_start": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "\"working\""}, "description": "Host status after agent startup.", "loc": ["services", "mackerel-agent", "settings", "host_status", "on_start"], "readOnly": false, "type": "one of \"working\", \"standby\", \"maintenance\", \"poweroff\""}, "services.mackerel-agent.settings.host_status.on_stop": {"declarations": ["nixos/modules/services/monitoring/mackerel-agent.nix"], "default": {"_type": "literalExpression", "text": "\"poweroff\""}, "description": "Host status after agent shutdown.", "loc": ["services", "mackerel-agent", "settings", "host_status", "on_stop"], "readOnly": false, "type": "one of \"working\", \"standby\", \"maintenance\", \"poweroff\""}, "services.maddy.config": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "''\n  # Minimal configuration with TLS disabled, adapted from upstream example\n  # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf\n  # Do not use this in production!\n  \n  auth.pass_table local_authdb {\n    table sql_table {\n      driver sqlite3\n      dsn credentials.db\n      table_name passwords\n    }\n  }\n  \n  storage.imapsql local_mailboxes {\n    driver sqlite3\n    dsn imapsql.db\n  }\n  \n  table.chain local_rewrites {\n    optional_step regexp \"(.+)\\+(.+)@(.+)\" \"$1@$3\"\n    optional_step static {\n      entry postmaster postmaster@$(primary_domain)\n    }\n    optional_step file /etc/maddy/aliases\n  }\n  \n  msgpipeline local_routing {\n    destination postmaster $(local_domains) {\n      modify {\n        replace_rcpt &local_rewrites\n      }\n      deliver_to &local_mailboxes\n    }\n    default_destination {\n      reject 550 5.1.1 \"User doesn't exist\"\n    }\n  }\n  \n  smtp tcp://0.0.0.0:25 {\n    limits {\n      all rate 20 1s\n      all concurrency 10\n    }\n    dmarc yes\n    check {\n      require_mx_record\n      dkim\n      spf\n    }\n    source $(local_domains) {\n      reject 501 5.1.8 \"Use Submission for outgoing SMTP\"\n    }\n    default_source {\n      destination postmaster $(local_domains) {\n        deliver_to &local_routing\n      }\n      default_destination {\n        reject 550 5.1.1 \"User doesn't exist\"\n      }\n    }\n  }\n  \n  submission tcp://0.0.0.0:587 {\n    limits {\n      all rate 50 1s\n    }\n    auth &local_authdb\n    source $(local_domains) {\n      check {\n          authorize_sender {\n              prepare_email &local_rewrites\n              user_to_email identity\n          }\n      }\n      destination postmaster $(local_domains) {\n          deliver_to &local_routing\n      }\n      default_destination {\n          modify {\n              dkim $(primary_domain) $(local_domains) default\n          }\n          deliver_to &remote_queue\n      }\n    }\n    default_source {\n      reject 501 5.1.8 \"Non-local sender domain\"\n    }\n  }\n  \n  target.remote outbound_delivery {\n    limits {\n      destination rate 20 1s\n      destination concurrency 10\n    }\n    mx_auth {\n      dane\n      mtasts {\n        cache fs\n        fs_dir mtasts_cache/\n      }\n      local_policy {\n          min_tls_level encrypted\n          min_mx_level none\n      }\n    }\n  }\n  \n  target.queue remote_queue {\n    target &outbound_delivery\n    autogenerated_msg_domain $(primary_domain)\n    bounce {\n      destination postmaster $(local_domains) {\n        deliver_to &local_routing\n      }\n      default_destination {\n          reject 550 5.0.0 \"Refusing to send DSNs to non-local addresses\"\n      }\n    }\n  }\n  \n  imap tcp://0.0.0.0:143 {\n    auth &local_authdb\n    storage &local_mailboxes\n  }\n''"}, "description": "Server configuration, see\n[https://maddy.email](https://maddy.email) for\nmore information. The default configuration of this module will setup\nminimal Maddy instance for mail transfer without TLS encryption.\n\n::: {.note}\nThis should not be used in a production environment.\n:::\n", "loc": ["services", "maddy", "config"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.maddy.enable": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Maddy, a free an open source mail server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "maddy", "enable"], "readOnly": false, "type": "boolean"}, "services.maddy.ensureAccounts": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IMAP accounts which get automatically created. Note that for\na complete setup, user credentials for these accounts are required\nand can be created using the `ensureCredentials` option.\nThis option does not delete accounts which are not (anymore) listed.\n", "example": {"_type": "literalExpression", "text": "[\n  \"user1@localhost\"\n  \"user2@localhost\"\n]"}, "loc": ["services", "maddy", "ensureAccounts"], "readOnly": false, "type": "list of string"}, "services.maddy.ensureCredentials": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List of user accounts which get automatically created if they don't\nexist yet. Note that for a complete setup, corresponding mail boxes\nhave to get created using the `ensureAccounts` option.\nThis option does not delete accounts which are not (anymore) listed.\n", "example": {"_type": "literalExpression", "text": "{\n  \"user1@localhost\" = {\n    passwordFile = /secrets/user1-localhost;\n  };\n  \"user2@localhost\" = {\n    passwordFile = /secrets/user2-localhost;\n  };\n}"}, "loc": ["services", "maddy", "ensureCredentials"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.maddy.ensureCredentials.<name>.passwordFile": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the path to a file containing the\nclear text password for the user.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["services", "maddy", "ensureCredentials", "<name>", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.maddy.group": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "\"maddy\""}, "description": "Group account under which maddy runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise the sysadmin is responsible for\nensuring the group exists before the maddy service starts.\n:::\n", "loc": ["services", "maddy", "group"], "readOnly": false, "type": "string"}, "services.maddy.hostname": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname to use. It should be FQDN.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "maddy", "hostname"], "readOnly": false, "type": "string"}, "services.maddy.localDomains": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"$(primary_domain)\"\n]"}, "description": "Define list of allowed domains.\n", "example": {"_type": "literalExpression", "text": "[\n  \"$(primary_domain)\"\n  \"example.com\"\n  \"other.example.com\"\n]"}, "loc": ["services", "maddy", "localDomains"], "readOnly": false, "type": "list of string"}, "services.maddy.openFirewall": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the configured incoming and outgoing mail server ports.\n", "loc": ["services", "maddy", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.maddy.package": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.maddy"}, "description": "The maddy package to use.", "loc": ["services", "maddy", "package"], "readOnly": false, "type": "package"}, "services.maddy.primaryDomain": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Primary MX domain to use. It should be FQDN.\n", "example": {"_type": "literalExpression", "text": "\"mail.example.com\""}, "loc": ["services", "maddy", "primaryDomain"], "readOnly": false, "type": "string"}, "services.maddy.secrets": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing the various secrets. Should be in the format\nexpected by systemd's `EnvironmentFile` directory. Secrets can be\nreferenced in the format `{env:VAR}`.\n", "loc": ["services", "maddy", "secrets"], "readOnly": false, "type": "list of absolute path"}, "services.maddy.tls.certificates": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of attribute sets containing paths to TLS certificates and\nkeys. Maddy will use SNI if multiple pairs are selected.\n", "example": {"_type": "literalExpression", "text": "[{\n  keyPath = \"/etc/ssl/mx1.example.org.key\";\n  certPath = \"/etc/ssl/mx1.example.org.crt\";\n}]\n"}, "loc": ["services", "maddy", "tls", "certificates"], "readOnly": false, "type": "list of (submodule)"}, "services.maddy.tls.certificates.*.certPath": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "description": "Path to the certificate used for TLS.\n", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/mx1.example.org.crt\""}, "loc": ["services", "maddy", "tls", "certificates", "*", "certPath"], "readOnly": false, "type": "absolute path"}, "services.maddy.tls.certificates.*.keyPath": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "description": "Path to the private key used for TLS.\n", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/mx1.example.org.key\""}, "loc": ["services", "maddy", "tls", "certificates", "*", "keyPath"], "readOnly": false, "type": "absolute path"}, "services.maddy.tls.extraConfig": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments for the specified certificate loader.\n\nIn case the `tls` loader is set, the defaults are considered secure\nand there is no need to change anything in most cases.\nFor available options see [upstream manual](https://maddy.email/reference/tls/).\n\nFor ACME configuration, see [following page](https://maddy.email/reference/tls-acme).\n", "loc": ["services", "maddy", "tls", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.maddy.tls.loader": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "\"off\""}, "description": "TLS certificates are obtained by modules called \"certificate\nloaders\".\n\nThe `file` loader module reads certificates from files specified by\nthe `certificates` option.\n\nAlternatively the `acme` module can be used to automatically obtain\ncertificates using the ACME protocol.\n\nModule configuration is done via the `tls.extraConfig` option.\n\nSecrets such as API keys or passwords should not be supplied in\nplaintext. Instead the `secrets` option can be used to read secrets\nat runtime as environment variables. Secrets can be referenced with\n`{env:VAR}`.\n", "loc": ["services", "maddy", "tls", "loader"], "readOnly": false, "type": "null or one of \"off\", \"file\", \"acme\""}, "services.maddy.user": {"declarations": ["nixos/modules/services/mail/maddy.nix"], "default": {"_type": "literalExpression", "text": "\"maddy\""}, "description": "User account under which maddy runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise the sysadmin is responsible for\nensuring the user exists before the maddy service starts.\n:::\n", "loc": ["services", "maddy", "user"], "readOnly": false, "type": "string"}, "services.magic-wormhole-mailbox-server.enable": {"declarations": ["nixos/modules/services/networking/magic-wormhole-mailbox-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Magic Wormhole Mailbox Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "magic-wormhole-mailbox-server", "enable"], "readOnly": false, "type": "boolean"}, "services.magnetico.crawler.address": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to be used for indexing DHT nodes.\n", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "magnetico", "crawler", "address"], "readOnly": false, "type": "string"}, "services.magnetico.crawler.extraOptions": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to magneticod.\n", "loc": ["services", "magnetico", "crawler", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.magnetico.crawler.maxLeeches": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "200"}, "description": "Maximum number of simultaneous leeches.\n", "loc": ["services", "magnetico", "crawler", "maxLeeches"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.magnetico.crawler.maxNeighbors": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Maximum number of simultaneous neighbors of an indexer.\nBe careful changing this number: high values can very\neasily cause your network to be congested or even crash\nyour router.\n", "loc": ["services", "magnetico", "crawler", "maxNeighbors"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.magnetico.crawler.port": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Port to be used for indexing DHT nodes.\nThis port should be added to\n{option}`networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "magnetico", "crawler", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.magnetico.enable": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Magnetico, Bittorrent DHT crawler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "magnetico", "enable"], "readOnly": false, "type": "boolean"}, "services.magnetico.web.address": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address the web interface will listen to.\n", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "magnetico", "web", "address"], "readOnly": false, "type": "string"}, "services.magnetico.web.credentials": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The credentials to access the web interface, in case authentication is\nenabled, in the format `username:hash`. If unset no\nauthentication will be required.\n\nUsernames must start with a lowercase ([a-z]) ASCII character, might\ncontain non-consecutive underscores except at the end, and consists of\nsmall-case a-z characters and digits 0-9.  The\n{command}`htpasswd` tool from the `apacheHttpd`\npackage may be used to generate the hash:\n{command}`htpasswd -bnBC 12 username password`\n\n::: {.warning}\nThe hashes will be stored world-readable in the nix store.\nConsider using the `credentialsFile` option if you\ndon't want this.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  myuser = \"$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG\";\n}\n"}, "loc": ["services", "magnetico", "web", "credentials"], "readOnly": false, "type": "attribute set of string"}, "services.magnetico.web.credentialsFile": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the file holding the credentials to access the web\ninterface. If unset no authentication will be required.\n\nThe file must contain user names and password hashes in the format\n`username:hash`, one for each line.  Usernames must\nstart with a lowecase ([a-z]) ASCII character, might contain\nnon-consecutive underscores except at the end, and consists of\nsmall-case a-z characters and digits 0-9.\nThe {command}`htpasswd` tool from the `apacheHttpd`\npackage may be used to generate the hash:\n{command}`htpasswd -bnBC 12 username password`\n", "loc": ["services", "magnetico", "web", "credentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.magnetico.web.extraOptions": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to magneticow.\n", "loc": ["services", "magnetico", "web", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.magnetico.web.port": {"declarations": ["nixos/modules/services/torrent/magnetico.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port the web interface will listen to.\n", "loc": ["services", "magnetico", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mail.sendmailSetuidWrapper.capabilities": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A comma-separated list of capability clauses to be given to the\nwrapper program. The format for capability clauses is described in the\n\u201cTEXTUAL REPRESENTATION\u201d section of the {manpage}`cap_from_text(3)`\nmanual page. For a list of capabilities supported by the system, check\nthe {manpage}`capabilities(7)` manual page.\n\n::: {.note}\n`cap_setpcap`, which is required for the wrapper\nprogram to be able to raise caps into the Ambient set is NOT raised\nto the Ambient set so that the real program cannot modify its own\ncapabilities!! This may be too restrictive for cases in which the\nreal program needs cap_setpcap but it at least leans on the side\nsecurity paranoid vs. too relaxed.\n:::\n", "loc": ["services", "mail", "sendmailSetuidWrapper", "capabilities"], "readOnly": false, "type": "strings concatenated with \",\""}, "services.mail.sendmailSetuidWrapper.enable": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the wrapper.", "loc": ["services", "mail", "sendmailSetuidWrapper", "enable"], "readOnly": false, "type": "boolean"}, "services.mail.sendmailSetuidWrapper.group": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "description": "The group of the wrapper program.", "loc": ["services", "mail", "sendmailSetuidWrapper", "group"], "readOnly": false, "type": "string"}, "services.mail.sendmailSetuidWrapper.owner": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "description": "The owner of the wrapper program.", "loc": ["services", "mail", "sendmailSetuidWrapper", "owner"], "readOnly": false, "type": "string"}, "services.mail.sendmailSetuidWrapper.permissions": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"u+rx,g+x,o+x\""}, "description": "The permissions of the wrapper program. The format is that of a\nsymbolic or numeric file mode understood by {command}`chmod`.\n", "example": {"_type": "literalExpression", "text": "\"a+rx\""}, "loc": ["services", "mail", "sendmailSetuidWrapper", "permissions"], "readOnly": false, "type": "file mode string"}, "services.mail.sendmailSetuidWrapper.program": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the wrapper program. Defaults to the attribute name.\n", "loc": ["services", "mail", "sendmailSetuidWrapper", "program"], "readOnly": false, "type": "null or string"}, "services.mail.sendmailSetuidWrapper.setgid": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add the setgid bit the wrapper program.", "loc": ["services", "mail", "sendmailSetuidWrapper", "setgid"], "readOnly": false, "type": "boolean"}, "services.mail.sendmailSetuidWrapper.setuid": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add the setuid bit the wrapper program.", "loc": ["services", "mail", "sendmailSetuidWrapper", "setuid"], "readOnly": false, "type": "boolean"}, "services.mail.sendmailSetuidWrapper.source": {"declarations": ["nixos/modules/security/wrappers/default.nix"], "description": "The absolute path to the program to be wrapped.", "loc": ["services", "mail", "sendmailSetuidWrapper", "source"], "readOnly": false, "type": "absolute path"}, "services.mailcatcher.enable": {"declarations": ["nixos/modules/services/mail/mailcatcher.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MailCatcher, an SMTP server and web interface to locally test outbound emails.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mailcatcher", "enable"], "readOnly": false, "type": "boolean"}, "services.mailcatcher.http.ip": {"declarations": ["nixos/modules/services/mail/mailcatcher.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The ip address of the http server.", "loc": ["services", "mailcatcher", "http", "ip"], "readOnly": false, "type": "string"}, "services.mailcatcher.http.path": {"declarations": ["nixos/modules/services/mail/mailcatcher.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Prefix to all HTTP paths.", "example": {"_type": "literalExpression", "text": "\"/mailcatcher\""}, "loc": ["services", "mailcatcher", "http", "path"], "readOnly": false, "type": "null or string"}, "services.mailcatcher.http.port": {"declarations": ["nixos/modules/services/mail/mailcatcher.nix"], "default": {"_type": "literalExpression", "text": "1080"}, "description": "The port address of the http server.", "loc": ["services", "mailcatcher", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mailcatcher.smtp.ip": {"declarations": ["nixos/modules/services/mail/mailcatcher.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The ip address of the smtp server.", "loc": ["services", "mailcatcher", "smtp", "ip"], "readOnly": false, "type": "string"}, "services.mailcatcher.smtp.port": {"declarations": ["nixos/modules/services/mail/mailcatcher.nix"], "default": {"_type": "literalExpression", "text": "1025"}, "description": "The port address of the smtp server.", "loc": ["services", "mailcatcher", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mailhog.apiPort": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "8025"}, "description": "Port on which the API endpoint will listen.", "loc": ["services", "mailhog", "apiPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mailhog.enable": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MailHog, web and API based SMTP testing.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mailhog", "enable"], "readOnly": false, "type": "boolean"}, "services.mailhog.extraArgs": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional arguments to pass to the MailHog process.", "loc": ["services", "mailhog", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.mailhog.setSendmail": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable set the system sendmail to mailhogs's.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mailhog", "setSendmail"], "readOnly": false, "type": "boolean"}, "services.mailhog.smtpPort": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "1025"}, "description": "Port on which the SMTP endpoint will listen.", "loc": ["services", "mailhog", "smtpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mailhog.storage": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "\"memory\""}, "description": "Store mails on disk or in memory.", "loc": ["services", "mailhog", "storage"], "readOnly": false, "type": "one of \"maildir\", \"memory\""}, "services.mailhog.uiPort": {"declarations": ["nixos/modules/services/mail/mailhog.nix"], "default": {"_type": "literalExpression", "text": "8025"}, "description": "Port on which the HTTP UI will listen.", "loc": ["services", "mailhog", "uiPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mailman.enable": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Mailman on this host. Requires an active MTA on the host (e.g. Postfix).", "loc": ["services", "mailman", "enable"], "readOnly": false, "type": "boolean"}, "services.mailman.enablePostfix": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Postfix integration. Requires an active Postfix installation.\n\nIf you want to use another MTA, set this option to false and configure\nsettings in services.mailman.settings.mta.\n\nRefer to the Mailman manual for more info.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "mailman", "enablePostfix"], "readOnly": false, "type": "boolean"}, "services.mailman.hyperkitty.baseUrl": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:18507/archives/\""}, "description": "Where can Mailman connect to Hyperkitty's internal API, preferably on\nlocalhost?\n", "loc": ["services", "mailman", "hyperkitty", "baseUrl"], "readOnly": false, "type": "string"}, "services.mailman.hyperkitty.enable": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Hyperkitty archiver for Mailman.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mailman", "hyperkitty", "enable"], "readOnly": false, "type": "boolean"}, "services.mailman.ldap.attrMap.email": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"mail\""}, "description": "LDAP-attribute that corresponds to the `email`-attribute in mailman.\n", "loc": ["services", "mailman", "ldap", "attrMap", "email"], "readOnly": false, "type": "string"}, "services.mailman.ldap.attrMap.firstName": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"givenName\""}, "description": "LDAP-attribute that corresponds to the `firstName`-attribute in mailman.\n", "loc": ["services", "mailman", "ldap", "attrMap", "firstName"], "readOnly": false, "type": "string"}, "services.mailman.ldap.attrMap.lastName": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"sn\""}, "description": "LDAP-attribute that corresponds to the `lastName`-attribute in mailman.\n", "loc": ["services", "mailman", "ldap", "attrMap", "lastName"], "readOnly": false, "type": "string"}, "services.mailman.ldap.attrMap.username": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"uid\""}, "description": "LDAP-attribute that corresponds to the `username`-attribute in mailman.\n", "loc": ["services", "mailman", "ldap", "attrMap", "username"], "readOnly": false, "type": "string"}, "services.mailman.ldap.bindDn": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Service account to bind against.\n", "example": {"_type": "literalExpression", "text": "\"cn=root,dc=nixos,dc=org\""}, "loc": ["services", "mailman", "ldap", "bindDn"], "readOnly": false, "type": "string"}, "services.mailman.ldap.bindPasswordFile": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Path to the file containing the bind password of the service account\ndefined by [](#opt-services.mailman.ldap.bindDn).\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/ldap-bind\""}, "loc": ["services", "mailman", "ldap", "bindPasswordFile"], "readOnly": false, "type": "string"}, "services.mailman.ldap.enable": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LDAP auth.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mailman", "ldap", "enable"], "readOnly": false, "type": "boolean"}, "services.mailman.ldap.groupSearch.ou": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Organizational unit to look up a group.\n", "example": {"_type": "literalExpression", "text": "\"ou=groups,dc=nixos,dc=org\""}, "loc": ["services", "mailman", "ldap", "groupSearch", "ou"], "readOnly": false, "type": "string"}, "services.mailman.ldap.groupSearch.query": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Query to find a group associated to a user in the LDAP database.\n", "example": {"_type": "literalExpression", "text": "\"(objectClass=groupOfNames)\""}, "loc": ["services", "mailman", "ldap", "groupSearch", "query"], "readOnly": false, "type": "string"}, "services.mailman.ldap.groupSearch.type": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"posixGroup\""}, "description": "Type of group to perform a group search against.\n", "loc": ["services", "mailman", "ldap", "groupSearch", "type"], "readOnly": false, "type": "one of \"posixGroup\", \"groupOfNames\", \"memberDNGroup\", \"nestedMemberDNGroup\", \"nestedGroupOfNames\", \"groupOfUniqueNames\", \"nestedGroupOfUniqueNames\", \"activeDirectoryGroup\", \"nestedActiveDirectoryGroup\", \"organizationalRoleGroup\", \"nestedOrganizationalRoleGroup\""}, "services.mailman.ldap.serverUri": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "LDAP host to connect against.\n", "example": {"_type": "literalExpression", "text": "\"ldaps://ldap.host\""}, "loc": ["services", "mailman", "ldap", "serverUri"], "readOnly": false, "type": "string"}, "services.mailman.ldap.superUserGroup": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group where a user must be a member of to gain superuser rights.\n", "example": {"_type": "literalExpression", "text": "\"cn=admin,ou=groups,dc=nixos,dc=org\""}, "loc": ["services", "mailman", "ldap", "superUserGroup"], "readOnly": false, "type": "null or string"}, "services.mailman.ldap.userSearch.ou": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Organizational unit to look up a user.\n", "example": {"_type": "literalExpression", "text": "\"ou=users,dc=nixos,dc=org\""}, "loc": ["services", "mailman", "ldap", "userSearch", "ou"], "readOnly": false, "type": "string"}, "services.mailman.ldap.userSearch.query": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Query to find a user in the LDAP database.\n", "example": {"_type": "literalExpression", "text": "\"(&(objectClass=inetOrgPerson)(|(uid=%(user)s)(mail=%(user)s)))\""}, "loc": ["services", "mailman", "ldap", "userSearch", "query"], "readOnly": false, "type": "string"}, "services.mailman.packageSet": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mailmanPackages"}, "description": "The mailmanPackages package to use.", "loc": ["services", "mailman", "packageSet"], "readOnly": false, "type": "attribute set"}, "services.mailman.restApiPassFile": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the value for `MAILMAN_REST_API_PASS`.\n", "loc": ["services", "mailman", "restApiPassFile"], "readOnly": false, "type": "null or string"}, "services.mailman.serve.enable": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic nginx and uwsgi setup for mailman-web.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mailman", "serve", "enable"], "readOnly": false, "type": "boolean"}, "services.mailman.serve.uwsgiSettings": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to merge into uwsgi config.\n", "example": {"_type": "literalExpression", "text": "{\n  uwsgi = {\n    buffer-size = 8192;\n  };\n}"}, "loc": ["services", "mailman", "serve", "uwsgiSettings"], "readOnly": false, "type": "JSON value"}, "services.mailman.serve.virtualRoot": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Path to mount the mailman-web django application on.\n", "example": {"_type": "literalExpression", "text": "/lists"}, "loc": ["services", "mailman", "serve", "virtualRoot"], "readOnly": false, "type": "string"}, "services.mailman.settings": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for mailman.cfg", "loc": ["services", "mailman", "settings"], "readOnly": false, "type": "attribute set of attribute set of string"}, "services.mailman.siteOwner": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "description": "Certain messages that must be delivered to a human, but which can't\nbe delivered to a list owner (e.g. a bounce from a list owner), will\nbe sent to this address. It should point to a human.\n", "example": {"_type": "literalExpression", "text": "\"postmaster@example.org\""}, "loc": ["services", "mailman", "siteOwner"], "readOnly": false, "type": "string"}, "services.mailman.webHosts": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of hostnames and/or IP addresses from which the Mailman Web\nUI will accept requests. By default, \"localhost\" and \"127.0.0.1\" are\nenabled. All additional names under which your web server accepts\nrequests for the UI must be listed here or incoming requests will be\nrejected.\n", "loc": ["services", "mailman", "webHosts"], "readOnly": false, "type": "list of string"}, "services.mailman.webSettings": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Overrides for the default mailman-web Django settings.\n", "loc": ["services", "mailman", "webSettings"], "readOnly": false, "type": "attribute set"}, "services.mailman.webUser": {"declarations": ["nixos/modules/services/mail/mailman.nix"], "default": {"_type": "literalExpression", "text": "\"mailman-web\""}, "description": "User to run mailman-web as\n", "loc": ["services", "mailman", "webUser"], "readOnly": false, "type": "string"}, "services.mailpit.instances": {"declarations": ["nixos/modules/services/mail/mailpit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configure mailpit instances. The attribute-set values are\nCLI flags passed to the `mailpit` CLI.\n\nSee [upstream docs](https://mailpit.axllent.org/docs/configuration/runtime-options/)\nfor all available options.\n", "loc": ["services", "mailpit", "instances"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (string or signed integer or boolean))"}, "services.mailpit.instances.<name>.database": {"declarations": ["nixos/modules/services/mail/mailpit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the local database filename to store persistent data.\nIf `null`, a temporary file will be created that will be removed when the application stops.\nIt's recommended to specify a relative path. The database will be written into the service's\nstate directory then.\n", "example": {"_type": "literalExpression", "text": "\"mailpit.db\""}, "loc": ["services", "mailpit", "instances", "<name>", "database"], "readOnly": false, "type": "null or string"}, "services.mailpit.instances.<name>.listen": {"declarations": ["nixos/modules/services/mail/mailpit.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8025\""}, "description": "HTTP bind interface and port for UI.\n", "loc": ["services", "mailpit", "instances", "<name>", "listen"], "readOnly": false, "type": "string"}, "services.mailpit.instances.<name>.max": {"declarations": ["nixos/modules/services/mail/mailpit.nix"], "default": {"_type": "literalExpression", "text": "500"}, "description": "Maximum number of emails to keep. If the number is exceeded, old emails\nwill be deleted.\n\nSet to `0` to never prune old emails.\n", "loc": ["services", "mailpit", "instances", "<name>", "max"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.mailpit.instances.<name>.smtp": {"declarations": ["nixos/modules/services/mail/mailpit.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:1025\""}, "description": "SMTP bind interface and port.\n", "loc": ["services", "mailpit", "instances", "<name>", "smtp"], "readOnly": false, "type": "string"}, "services.mainsail.enable": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a modern and responsive user interface for Klipper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mainsail", "enable"], "readOnly": false, "type": "boolean"}, "services.mainsail.hostName": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname to serve mainsail on", "loc": ["services", "mainsail", "hostName"], "readOnly": false, "type": "string"}, "services.mainsail.nginx": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the nginx virtual host of mainsail.", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [ \"mainsail.${config.networking.domain}\" ];\n}\n"}, "loc": ["services", "mainsail", "nginx"], "readOnly": false, "type": "submodule"}, "services.mainsail.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "mainsail", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "mainsail", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "mainsail", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "mainsail", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.mainsail.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "mainsail", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.mainsail.nginx.default": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "mainsail", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "mainsail", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "mainsail", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mainsail.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "mainsail", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "mainsail", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "mainsail", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "mainsail", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "mainsail", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "mainsail", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "mainsail", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.mainsail.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "description": "Listen address.", "loc": ["services", "mainsail", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.mainsail.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "mainsail", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.mainsail.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "mainsail", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mainsail.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "mainsail", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "mainsail", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "mainsail", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.mainsail.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "mainsail", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mainsail.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.mainsail.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.mainsail.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "mainsail", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.mainsail.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "mainsail", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mainsail.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "mainsail", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.mainsail.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "mainsail", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.mainsail.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "mainsail", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "mainsail", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.mainsail.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.mainsail.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "mainsail", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "mainsail", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "mainsail", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "mainsail", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.mainsail.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "mainsail", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "mainsail", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.mainsail.nginx.root": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "mainsail", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.mainsail.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "mainsail", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.mainsail.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "mainsail", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.mainsail.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "mainsail", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.mainsail.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "mainsail", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.mainsail.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "mainsail", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.mainsail.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "mainsail", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.mainsail.package": {"declarations": ["nixos/modules/services/web-apps/mainsail.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mainsail"}, "description": "The mainsail package to use.", "loc": ["services", "mainsail", "package"], "readOnly": false, "type": "package"}, "services.malcontent.enable": {"declarations": ["nixos/modules/services/desktops/malcontent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Malcontent, parental control support for applications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "malcontent", "enable"], "readOnly": false, "type": "boolean"}, "services.mame.emuAddr": {"declarations": ["nixos/modules/services/misc/mame.nix"], "description": "IP address of the guest system. The same you set inside guest OS under\nMAME. Should be on the same subnet as {option}`services.mame.hostAddr`.\n", "example": {"_type": "literalExpression", "text": "\"192.168.31.155\""}, "loc": ["services", "mame", "emuAddr"], "readOnly": false, "type": "string"}, "services.mame.enable": {"declarations": ["nixos/modules/services/misc/mame.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to setup TUN/TAP Ethernet interface for MAME emulator.\n", "loc": ["services", "mame", "enable"], "readOnly": false, "type": "boolean"}, "services.mame.hostAddr": {"declarations": ["nixos/modules/services/misc/mame.nix"], "description": "IP address of the host system. Usually an address of the main network\nadapter or the adapter through which you get an internet connection.\n", "example": {"_type": "literalExpression", "text": "\"192.168.31.156\""}, "loc": ["services", "mame", "hostAddr"], "readOnly": false, "type": "string"}, "services.mame.user": {"declarations": ["nixos/modules/services/misc/mame.nix"], "description": "User from which you run MAME binary.\n", "loc": ["services", "mame", "user"], "readOnly": false, "type": "string"}, "services.manticore.enable": {"declarations": ["nixos/modules/services/search/manticore.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Manticoresearch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "manticore", "enable"], "readOnly": false, "type": "boolean"}, "services.manticore.settings": {"declarations": ["nixos/modules/services/search/manticore.nix"], "default": {"_type": "literalExpression", "text": "{\n  searchd = {\n    data_dir = \"/var/lib/manticore\";\n    listen = [\n      \"127.0.0.1:9312\"\n      \"127.0.0.1:9306:mysql\"\n      \"127.0.0.1:9308:http\"\n    ];\n    log = \"/var/log/manticore/searchd.log\";\n    pid_file = \"/run/manticore/searchd.pid\";\n    query_log = \"/var/log/manticore/query.log\";\n  };\n}"}, "description": "Configuration for Manticoresearch. See\n<https://manual.manticoresearch.com/Server%20settings>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  searchd = {\n      listen = [\n        \"127.0.0.1:9312\"\n        \"127.0.0.1:9306:mysql\"\n        \"127.0.0.1:9308:http\"\n      ];\n      log = \"/var/log/manticore/searchd.log\";\n      query_log = \"/var/log/manticore/query.log\";\n      pid_file = \"/run/manticore/searchd.pid\";\n      data_dir = \"/var/lib/manticore\";\n  };\n}\n"}, "loc": ["services", "manticore", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.marytts.basePath": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/marytts\""}, "description": "The base path in which MaryTTS runs.\n", "loc": ["services", "marytts", "basePath"], "readOnly": false, "type": "absolute path"}, "services.marytts.enable": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MaryTTS.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "marytts", "enable"], "readOnly": false, "type": "boolean"}, "services.marytts.openFirewall": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the port in the firewall for MaryTTS.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "marytts", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.marytts.package": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "pkgs.marytts"}, "description": "The marytts package to use.", "loc": ["services", "marytts", "package"], "readOnly": false, "type": "package"}, "services.marytts.port": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "59125"}, "description": "Port to bind the MaryTTS server to.\n", "loc": ["services", "marytts", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.marytts.settings": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for MaryTTS.\n\nSee the [default settings](https://github.com/marytts/marytts/blob/master/marytts-runtime/conf/marybase.config)\nfor a list of possible keys.\n", "loc": ["services", "marytts", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, package, bool, int or float)"}, "services.marytts.userDictionaries": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to the user dictionary files for MaryTTS.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.writeTextFile {\n    name = \"userdict-en_US\";\n    destination = \"/userdict-en_US.txt\";\n    text = ''\n      Nixpkgs | n I k s - ' p { - k @ - dZ @ s\n    '';\n  })\n]\n"}, "loc": ["services", "marytts", "userDictionaries"], "readOnly": false, "type": "list of absolute path"}, "services.marytts.voices": {"declarations": ["nixos/modules/services/audio/marytts.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to the JAR files that contain additional voices for MaryTTS.\n\nVoices are automatically detected by MaryTTS, so there is no need to alter\nyour config to make use of new voices.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.fetchzip {\n    url = \"https://github.com/marytts/voice-bits1-hsmm/releases/download/v5.2/voice-bits1-hsmm-5.2.zip\";\n    hash = \"sha256-1nK+qZxjumMev7z5lgKr660NCKH5FDwvZ9sw/YYYeaA=\";\n  })\n]\n"}, "loc": ["services", "marytts", "voices"], "readOnly": false, "type": "list of absolute path"}, "services.mastodon.activeRecordEncryptionDeterministicKeyFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/active-record-encryption-deterministic-key\""}, "description": "This key must be set to enable the Active Record Encryption feature within\nRails that Mastodon uses to encrypt and decrypt some database attributes.\nA new Active Record keys can be generated by running:\n\n`nix build -f '<nixpkgs>' mastodon; cd result; RAILS_ENV=production ./bin/rails db:encryption:init`\n\nIf this file does not exist, it will be created with a new Active Record\nkeys.\n", "loc": ["services", "mastodon", "activeRecordEncryptionDeterministicKeyFile"], "readOnly": false, "type": "string"}, "services.mastodon.activeRecordEncryptionKeyDerivationSaltFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/active-record-encryption-key-derivation-salt\""}, "description": "This key must be set to enable the Active Record Encryption feature within\nRails that Mastodon uses to encrypt and decrypt some database attributes.\nA new Active Record keys can be generated by running:\n\n`nix build -f '<nixpkgs>' mastodon; cd result; RAILS_ENV=production ./bin/rails db:encryption:init`\n\nIf this file does not exist, it will be created with a new Active Record\nkeys.\n", "loc": ["services", "mastodon", "activeRecordEncryptionKeyDerivationSaltFile"], "readOnly": false, "type": "string"}, "services.mastodon.activeRecordEncryptionPrimaryKeyFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/active-record-encryption-primary-key\""}, "description": "This key must be set to enable the Active Record Encryption feature within\nRails that Mastodon uses to encrypt and decrypt some database attributes.\nA new Active Record keys can be generated by running:\n\n`nix build -f '<nixpkgs>' mastodon; cd result; RAILS_ENV=production ./bin/rails db:encryption:init`\n\nIf this file does not exist, it will be created with a new Active Record\nkeys.\n", "loc": ["services", "mastodon", "activeRecordEncryptionPrimaryKeyFile"], "readOnly": false, "type": "string"}, "services.mastodon.automaticMigrations": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Do automatic database migrations.\n", "loc": ["services", "mastodon", "automaticMigrations"], "readOnly": false, "type": "boolean"}, "services.mastodon.configureNginx": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure nginx as a reverse proxy for mastodon.\nNote that this makes some assumptions on your setup, and sets settings that will\naffect other virtualHosts running on your nginx instance, if any.\nAlternatively you can configure a reverse-proxy of your choice to serve these paths:\n\n`/ -> ${pkgs.mastodon}/public`\n\n`/ -> 127.0.0.1:{{ webPort }} `(If there was no file in the directory above.)\n\n`/system/ -> /var/lib/mastodon/public-system/`\n\n`/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}`\n\nMake sure that websockets are forwarded properly. You might want to set up caching\nof some requests. Take a look at mastodon's provided nginx configuration at\n`https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf`.\n", "loc": ["services", "mastodon", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.mastodon.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure local PostgreSQL database server for Mastodon.", "loc": ["services", "mastodon", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.mastodon.database.host": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Database host address or unix socket.", "example": {"_type": "literalExpression", "text": "\"192.168.23.42\""}, "loc": ["services", "mastodon", "database", "host"], "readOnly": false, "type": "string"}, "services.mastodon.database.name": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"mastodon\""}, "description": "Database name.", "loc": ["services", "mastodon", "database", "name"], "readOnly": false, "type": "string"}, "services.mastodon.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/db-password\""}, "loc": ["services", "mastodon", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mastodon.database.port": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "if config.services.mastodon.database.createLocally\nthen null\nelse 5432\n"}, "description": "Database host port.", "loc": ["services", "mastodon", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mastodon.database.user": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"mastodon\""}, "description": "Database user.", "loc": ["services", "mastodon", "database", "user"], "readOnly": false, "type": "string"}, "services.mastodon.elasticsearch.host": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Elasticsearch host.\nIf it is not null, Elasticsearch full text search will be enabled.\n", "loc": ["services", "mastodon", "elasticsearch", "host"], "readOnly": false, "type": "null or string"}, "services.mastodon.elasticsearch.passwordFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing password for optionally authenticating with Elasticsearch.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/elasticsearch-password\""}, "loc": ["services", "mastodon", "elasticsearch", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mastodon.elasticsearch.port": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "9200"}, "description": "Elasticsearch port.", "loc": ["services", "mastodon", "elasticsearch", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mastodon.elasticsearch.prefix": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If provided, adds a prefix to indexes in Elasticsearch. This allows to use the same\nElasticsearch cluster between different projects or Mastodon servers.\n", "example": {"_type": "literalExpression", "text": "\"mastodon\""}, "loc": ["services", "mastodon", "elasticsearch", "prefix"], "readOnly": false, "type": "null or string"}, "services.mastodon.elasticsearch.preset": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"single_node_cluster\""}, "description": "It controls the ElasticSearch indices configuration (number of shards and replica).\n", "example": {"_type": "literalExpression", "text": "\"large_cluster\""}, "loc": ["services", "mastodon", "elasticsearch", "preset"], "readOnly": false, "type": "one of \"single_node_cluster\", \"small_cluster\", \"large_cluster\""}, "services.mastodon.elasticsearch.user": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Used for optionally authenticating with Elasticsearch.", "example": {"_type": "literalExpression", "text": "\"elasticsearch-mastodon\""}, "loc": ["services", "mastodon", "elasticsearch", "user"], "readOnly": false, "type": "null or string"}, "services.mastodon.enable": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mastodon, a federated social network server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mastodon", "enable"], "readOnly": false, "type": "boolean"}, "services.mastodon.enableUnixSocket": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Instead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket. This variable\nis process-specific, e.g. you need different values for every process, and it works for both web (Puma)\nprocesses and streaming API (Node.js) processes.\n", "loc": ["services", "mastodon", "enableUnixSocket"], "readOnly": false, "type": "boolean"}, "services.mastodon.extraConfig": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to all mastodon services.\n", "loc": ["services", "mastodon", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.mastodon.extraEnvFiles": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra environment files to pass to all mastodon services. Useful for passing down environmental secrets.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/etc/mastodon/s3config.env\"\n]"}, "loc": ["services", "mastodon", "extraEnvFiles"], "readOnly": false, "type": "list of absolute path"}, "services.mastodon.group": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"mastodon\""}, "description": "Group under which mastodon runs.\n", "loc": ["services", "mastodon", "group"], "readOnly": false, "type": "string"}, "services.mastodon.localDomain": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "description": "The domain serving your Mastodon instance.", "example": {"_type": "literalExpression", "text": "\"social.example.org\""}, "loc": ["services", "mastodon", "localDomain"], "readOnly": false, "type": "string"}, "services.mastodon.mediaAutoRemove.enable": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically remove remote media attachments and preview cards older than the configured amount of days.\n\nRecommended in <https://docs.joinmastodon.org/admin/setup/>.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "mastodon", "mediaAutoRemove", "enable"], "readOnly": false, "type": "boolean"}, "services.mastodon.mediaAutoRemove.olderThanDays": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "How old remote media needs to be in order to be removed.\n", "example": {"_type": "literalExpression", "text": "14"}, "loc": ["services", "mastodon", "mediaAutoRemove", "olderThanDays"], "readOnly": false, "type": "signed integer"}, "services.mastodon.mediaAutoRemove.startAt": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "How often to remove remote media.\n\nThe format is described in {manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"hourly\""}, "loc": ["services", "mastodon", "mediaAutoRemove", "startAt"], "readOnly": false, "type": "string"}, "services.mastodon.package": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mastodon"}, "description": "The mastodon package to use.", "loc": ["services", "mastodon", "package"], "readOnly": false, "type": "package"}, "services.mastodon.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure local Redis server for Mastodon.", "loc": ["services", "mastodon", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.mastodon.redis.enableUnixSocket": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use Unix socket", "loc": ["services", "mastodon", "redis", "enableUnixSocket"], "readOnly": false, "type": "boolean"}, "services.mastodon.redis.host": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "if config.services.mastodon.redis.createLocally && !config.services.mastodon.redis.enableUnixSocket then \"127.0.0.1\" else null\n"}, "description": "Redis host.", "loc": ["services", "mastodon", "redis", "host"], "readOnly": false, "type": "null or string"}, "services.mastodon.redis.passwordFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password for Redis database.", "example": {"_type": "literalExpression", "text": "\"/run/keys/mastodon-redis-password\""}, "loc": ["services", "mastodon", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mastodon.redis.port": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "if config.services.mastodon.redis.createLocally && !config.services.mastodon.redis.enableUnixSocket then 31637 else null\n"}, "description": "Redis port.", "loc": ["services", "mastodon", "redis", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mastodon.secretKeyBaseFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/secret-key-base\""}, "description": "Path to file containing the secret key base.\nA new secret key base can be generated by running:\n\n`nix build -f '<nixpkgs>' mastodon; cd result; bin/bundle exec rails secret`\n\nIf this file does not exist, it will be created with a new secret key base.\n", "loc": ["services", "mastodon", "secretKeyBaseFile"], "readOnly": false, "type": "string"}, "services.mastodon.sidekiqPort": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "55002"}, "description": "TCP port used by the mastodon-sidekiq service.", "loc": ["services", "mastodon", "sidekiqPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mastodon.sidekiqProcesses": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "{\n  all = {\n    jobClasses = [ ];\n    threads = null;\n  };\n}"}, "description": "How many Sidekiq processes should be used to handle background jobs, and which job classes they handle. *Read the [upstream documentation](https://docs.joinmastodon.org/admin/scaling/#sidekiq) before configuring this!*", "example": {"_type": "literalExpression", "text": "{\n  all = {\n    jobClasses = [ ];\n    threads = null;\n  };\n  default = {\n    jobClasses = [\n      \"default\"\n    ];\n    threads = 10;\n  };\n  ingress = {\n    jobClasses = [\n      \"ingress\"\n    ];\n    threads = 5;\n  };\n  push-pull = {\n    jobClasses = [\n      \"push\"\n      \"pull\"\n    ];\n    threads = 5;\n  };\n}"}, "loc": ["services", "mastodon", "sidekiqProcesses"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mastodon.sidekiqProcesses.<name>.jobClasses": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "description": "If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class. If left empty, this process will handle the 'scheduler' class.*", "loc": ["services", "mastodon", "sidekiqProcesses", "<name>", "jobClasses"], "readOnly": false, "type": "list of (one of \"default\", \"fasp\", \"push\", \"pull\", \"mailers\", \"scheduler\", \"ingress\")"}, "services.mastodon.sidekiqProcesses.<name>.threads": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "description": "Number of threads this process should use for executing jobs. If null, the configured `sidekiqThreads` are used.", "loc": ["services", "mastodon", "sidekiqProcesses", "<name>", "threads"], "readOnly": false, "type": "null or signed integer"}, "services.mastodon.sidekiqThreads": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "Worker threads used by the mastodon-sidekiq-all service. If `sidekiqProcesses` is configured and any processes specify null `threads`, this value is used.", "loc": ["services", "mastodon", "sidekiqThreads"], "readOnly": false, "type": "signed integer"}, "services.mastodon.smtp.authenticate": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Authenticate with the SMTP server using username and password.", "loc": ["services", "mastodon", "smtp", "authenticate"], "readOnly": false, "type": "boolean"}, "services.mastodon.smtp.createLocally": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure local Postfix SMTP server for Mastodon.", "loc": ["services", "mastodon", "smtp", "createLocally"], "readOnly": false, "type": "boolean"}, "services.mastodon.smtp.fromAddress": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "description": "\"From\" address used when sending Emails to users.", "loc": ["services", "mastodon", "smtp", "fromAddress"], "readOnly": false, "type": "string"}, "services.mastodon.smtp.host": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "SMTP host used when sending emails to users.", "loc": ["services", "mastodon", "smtp", "host"], "readOnly": false, "type": "string"}, "services.mastodon.smtp.passwordFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing the SMTP password.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/smtp-password\""}, "loc": ["services", "mastodon", "smtp", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mastodon.smtp.port": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "SMTP port used when sending emails to users.", "loc": ["services", "mastodon", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mastodon.smtp.user": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP login name.", "example": {"_type": "literalExpression", "text": "\"mastodon@example.com\""}, "loc": ["services", "mastodon", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.mastodon.streamingProcesses": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "description": "Number of processes used by the mastodon-streaming service.\nPlease define this explicitly, recommended is the amount of your CPU cores minus one.\n", "example": {"_type": "literalExpression", "text": "3"}, "loc": ["services", "mastodon", "streamingProcesses"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.mastodon.trustedProxy": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process,\notherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be\nbad because IP addresses are used for important rate limits and security functions.\n", "loc": ["services", "mastodon", "trustedProxy"], "readOnly": false, "type": "string"}, "services.mastodon.user": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"mastodon\""}, "description": "User under which mastodon runs. If it is set to \"mastodon\",\nthat user will be created, otherwise it should be set to the\nname of a user created elsewhere.\nIn both cases, the `mastodon` package will be added to the user's package set\nand a tootctl wrapper to system packages that switches to the configured account\nand load the right environment.\n", "loc": ["services", "mastodon", "user"], "readOnly": false, "type": "string"}, "services.mastodon.vapidPrivateKeyFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/vapid-private-key\""}, "description": "Path to file containing the private key used for Web Push\nVoluntary Application Server Identification.  A new keypair can\nbe generated by running:\n\n`nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys`\n\nIf this file does not exist, it will be created with a new\nprivate key.\n", "loc": ["services", "mastodon", "vapidPrivateKeyFile"], "readOnly": false, "type": "string"}, "services.mastodon.vapidPublicKeyFile": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mastodon/secrets/vapid-public-key\""}, "description": "Path to file containing the public key used for Web Push\nVoluntary Application Server Identification.  A new keypair can\nbe generated by running:\n\n`nix build -f '<nixpkgs>' mastodon; cd result; RAILS_ENV=production bin/rake webpush:generate_keys`\n\nIf {option}`mastodon.vapidPrivateKeyFile`does not\nexist, it and this file will be created with a new keypair.\n", "loc": ["services", "mastodon", "vapidPublicKeyFile"], "readOnly": false, "type": "string"}, "services.mastodon.webPort": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "55001"}, "description": "TCP port used by the mastodon-web service.", "loc": ["services", "mastodon", "webPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mastodon.webProcesses": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Processes used by the mastodon-web service.", "loc": ["services", "mastodon", "webProcesses"], "readOnly": false, "type": "signed integer"}, "services.mastodon.webThreads": {"declarations": ["nixos/modules/services/web-apps/mastodon.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Threads per process used by the mastodon-web service.", "loc": ["services", "mastodon", "webThreads"], "readOnly": false, "type": "signed integer"}, "services.matomo.enable": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Matomo web analytics with php-fpm backend.\nEither the nginx option or the webServerUser option is mandatory.\n", "loc": ["services", "matomo", "enable"], "readOnly": false, "type": "boolean"}, "services.matomo.hostname": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "\"matomo.${config.networking.fqdnOrHostName}\"\n"}, "description": "URL of the host, without https prefix. You may want to change it if you\nrun Matomo on a different URL than matomo.yourdomain.\n", "example": {"_type": "literalExpression", "text": "\"matomo.yourdomain.org\""}, "loc": ["services", "matomo", "hostname"], "readOnly": false, "type": "string"}, "services.matomo.nginx": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo.\nEither this option or the webServerUser option is mandatory.\nSet this to {} to just enable the virtualHost if you don't need any customization.\nIf enabled, then by default, the {option}`serverName` is\n`${user}.${config.networking.hostName}.${config.networking.domain}`,\nSSL is active, and certificates are acquired via ACME.\nIf this is set to null (the default), no nginx virtualHost will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"matomo.${config.networking.domain}\"\n    \"stats.${config.networking.domain}\"\n  ];\n  enableACME = false;\n}\n"}, "loc": ["services", "matomo", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.matomo.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "matomo", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "matomo", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "matomo", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "matomo", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.matomo.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "matomo", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.matomo.nginx.default": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "matomo", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "matomo", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "matomo", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.matomo.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "matomo", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "matomo", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "matomo", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "matomo", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "matomo", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "matomo", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "matomo", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.matomo.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "description": "Listen address.", "loc": ["services", "matomo", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.matomo.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "matomo", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.matomo.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "matomo", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matomo.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "matomo", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "matomo", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "matomo", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.matomo.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "matomo", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.matomo.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.matomo.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.matomo.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "matomo", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.matomo.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "matomo", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.matomo.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "matomo", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.matomo.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "matomo", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.matomo.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "matomo", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "matomo", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.matomo.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.matomo.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "matomo", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "matomo", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "matomo", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "matomo", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.matomo.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "matomo", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "matomo", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.matomo.nginx.root": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "matomo", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.matomo.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "matomo", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.matomo.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "matomo", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.matomo.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "matomo", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.matomo.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "matomo", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.matomo.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "matomo", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.matomo.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "matomo", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.matomo.package": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matomo"}, "description": "The matomo package to use.", "loc": ["services", "matomo", "package"], "readOnly": false, "type": "package"}, "services.matomo.periodicArchiveProcessing": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable periodic archive processing, which generates aggregated reports from the visits.\n\nThis means that you can safely disable browser triggers for Matomo archiving,\nand safely enable to delete old visitor logs.\nBefore deleting visitor logs,\nmake sure though that you run `systemctl start matomo-archive-processing.service`\nat least once without errors if you have already collected data before.\n", "loc": ["services", "matomo", "periodicArchiveProcessing"], "readOnly": false, "type": "boolean"}, "services.matomo.webServerUser": {"declarations": ["nixos/modules/services/web-apps/matomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the web server user that forwards requests to {option}`services.phpfpm.pools.<name>.socket` the fastcgi socket for Matomo if the nginx\noption is not used. Either this option or the nginx option is mandatory.\nIf you want to use another webserver than nginx, you need to set this to that server's user\nand pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket.\n", "example": {"_type": "literalExpression", "text": "\"lighttpd\""}, "loc": ["services", "matomo", "webServerUser"], "readOnly": false, "type": "null or string"}, "services.matrix-alertmanager.enable": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable matrix-alertmanager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-alertmanager", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-alertmanager.homeserverUrl": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "URL of the Matrix homeserver to use.", "example": {"_type": "literalExpression", "text": "\"https://matrix.example.com\""}, "loc": ["services", "matrix-alertmanager", "homeserverUrl"], "readOnly": false, "type": "string"}, "services.matrix-alertmanager.matrixRooms": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "Combination of Alertmanager receiver(s) and rooms for the bot to join.\nEach Alertmanager receiver can be mapped to post to a matrix room.\n\nNote, you must use a room ID and not a room alias/name. Room IDs start\nwith a \"!\".\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    receivers = [\n      \"receiver1\"\n      \"receiver2\"\n    ];\n    roomId = \"!roomid@example.com\";\n  }\n  {\n    receivers = [\n      \"receiver3\"\n    ];\n    roomId = \"!differentroomid@example.com\";\n  }\n]"}, "loc": ["services", "matrix-alertmanager", "matrixRooms"], "readOnly": false, "type": "list of (submodule)"}, "services.matrix-alertmanager.matrixRooms.*.receivers": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "List of receivers for this room", "loc": ["services", "matrix-alertmanager", "matrixRooms", "*", "receivers"], "readOnly": false, "type": "list of string"}, "services.matrix-alertmanager.matrixRooms.*.roomId": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "Matrix room ID", "loc": ["services", "matrix-alertmanager", "matrixRooms", "*", "roomId"], "readOnly": false, "type": "string"}, "services.matrix-alertmanager.matrixUser": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "Matrix user to use for the bot.", "example": {"_type": "literalExpression", "text": "\"@alertmanageruser:example.com\""}, "loc": ["services", "matrix-alertmanager", "matrixUser"], "readOnly": false, "type": "string"}, "services.matrix-alertmanager.mention": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes the bot mention @room when posting an alert", "loc": ["services", "matrix-alertmanager", "mention"], "readOnly": false, "type": "boolean"}, "services.matrix-alertmanager.package": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matrix-alertmanager"}, "description": "The matrix-alertmanager package to use.", "loc": ["services", "matrix-alertmanager", "package"], "readOnly": false, "type": "package"}, "services.matrix-alertmanager.port": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port that matrix-alertmanager listens on.", "loc": ["services", "matrix-alertmanager", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-alertmanager.secretFile": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "File that contains a secret for the Alertmanager webhook.", "loc": ["services", "matrix-alertmanager", "secretFile"], "readOnly": false, "type": "absolute path not in the Nix store"}, "services.matrix-alertmanager.tokenFile": {"declarations": ["nixos/modules/services/matrix/matrix-alertmanager.nix"], "description": "File that contains a valid Matrix token for the Matrix user.", "loc": ["services", "matrix-alertmanager", "tokenFile"], "readOnly": false, "type": "absolute path not in the Nix store"}, "services.matrix-appservice-discord.enable": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a bridge between Matrix and Discord.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-appservice-discord", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-appservice-discord.environmentFile": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to the matrix-appservice-discord service,\nin which secret tokens can be specified securely by defining values for\n`APPSERVICE_DISCORD_AUTH_CLIENT_I_D` and\n`APPSERVICE_DISCORD_AUTH_BOT_TOKEN`.\n", "loc": ["services", "matrix-appservice-discord", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.matrix-appservice-discord.localpart": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The user_id localpart to assign to the AS.\n", "loc": ["services", "matrix-appservice-discord", "localpart"], "readOnly": false, "type": "null or string"}, "services.matrix-appservice-discord.package": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matrix-appservice-discord"}, "description": "The matrix-appservice-discord package to use.", "loc": ["services", "matrix-appservice-discord", "package"], "readOnly": false, "type": "package"}, "services.matrix-appservice-discord.port": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "9005"}, "description": "Port number on which the bridge should listen for internal communication with the Matrix homeserver.\n", "loc": ["services", "matrix-appservice-discord", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-appservice-discord.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit\n"}, "description": "List of Systemd services to require and wait for when starting the application service,\nsuch as the Matrix homeserver if it's running on the same host.\n", "loc": ["services", "matrix-appservice-discord", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.matrix-appservice-discord.settings": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "{\n  auth = {\n    botToken = \"\";\n    clientID = \"\";\n  };\n  database = {\n    filename = \"/var/lib/matrix-appservice-discord/discord.db\";\n  };\n}"}, "description": "{file}`config.yaml` configuration as a Nix attribute set.\n\nConfiguration options should match those described in\n[config.sample.yaml](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/config/config.sample.yaml).\n\n{option}`config.bridge.domain` and {option}`config.bridge.homeserverUrl`\nshould be set to match the public host name of the Matrix homeserver for webhooks and avatars to work.\n\nSecret tokens should be specified using {option}`environmentFile`\ninstead of this world-readable attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  bridge = {\n    domain = \"public-domain.tld\";\n    homeserverUrl = \"http://public-domain.tld:8008\";\n  };\n}\n"}, "loc": ["services", "matrix-appservice-discord", "settings"], "readOnly": false, "type": "attribute set"}, "services.matrix-appservice-discord.url": {"declarations": ["nixos/modules/services/matrix/appservice-discord.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:${toString config.services.matrix-appservice-discord.port}\""}, "description": "The URL where the application service is listening for HS requests.\n", "loc": ["services", "matrix-appservice-discord", "url"], "readOnly": false, "type": "string"}, "services.matrix-conduit.enable": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable matrix-conduit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-conduit", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-conduit.extraEnvironment": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra Environment variables to pass to the conduit server.", "example": {"_type": "literalExpression", "text": "{\n  RUST_BACKTRACE = \"yes\";\n}"}, "loc": ["services", "matrix-conduit", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.matrix-conduit.package": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matrix-conduit"}, "description": "The matrix-conduit package to use.", "loc": ["services", "matrix-conduit", "package"], "readOnly": false, "type": "package"}, "services.matrix-conduit.secretFile": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5).\nSome variables that can be considered secrets are:\n\n- CONDUIT_JWT_SECRET:\n  The secret used to enable JWT login. Without it a 400 error will be returned.\n\n- CONDUIT_TURN_SECRET:\n  The TURN secret\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/matrix-conduit.env\""}, "loc": ["services", "matrix-conduit", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.matrix-conduit.settings": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Generates the conduit.toml configuration file. Refer to\n<https://docs.conduit.rs/configuration.html>\nfor details on supported values.\nNote that database_path can not be edited because the service's reliance on systemd StateDir.\nFor secrets use the `secretFile` option instead.\n", "loc": ["services", "matrix-conduit", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.matrix-conduit.settings.global.address": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "\"::1\""}, "description": "Address to listen on for connections by the reverse proxy/tls terminator.", "loc": ["services", "matrix-conduit", "settings", "global", "address"], "readOnly": false, "type": "string"}, "services.matrix-conduit.settings.global.allow_check_for_updates": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow Conduit to automatically contact\n<https://conduit.rs> hourly to check for important Conduit news.\n\nDisabled by default because nixpkgs handles updates.\n", "loc": ["services", "matrix-conduit", "settings", "global", "allow_check_for_updates"], "readOnly": false, "type": "boolean"}, "services.matrix-conduit.settings.global.allow_encryption": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.", "loc": ["services", "matrix-conduit", "settings", "global", "allow_encryption"], "readOnly": false, "type": "boolean"}, "services.matrix-conduit.settings.global.allow_federation": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this server federates with other servers.\n", "loc": ["services", "matrix-conduit", "settings", "global", "allow_federation"], "readOnly": false, "type": "boolean"}, "services.matrix-conduit.settings.global.allow_registration": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether new users can register on this server.", "loc": ["services", "matrix-conduit", "settings", "global", "allow_registration"], "readOnly": false, "type": "boolean"}, "services.matrix-conduit.settings.global.database_backend": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "The database backend for the service. Switching it on an existing\ninstance will require manual migration of data.\n", "example": {"_type": "literalExpression", "text": "\"rocksdb\""}, "loc": ["services", "matrix-conduit", "settings", "global", "database_backend"], "readOnly": false, "type": "one of \"sqlite\", \"rocksdb\""}, "services.matrix-conduit.settings.global.database_path": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-conduit/\""}, "description": "Path to the conduit database, the directory where conduit will save its data.\nNote that due to using the DynamicUser feature of systemd, this value should not be changed\nand is set to be read only.\n", "loc": ["services", "matrix-conduit", "settings", "global", "database_path"], "readOnly": true, "type": "string"}, "services.matrix-conduit.settings.global.max_request_size": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "20000000"}, "description": "Max request size in bytes. Don't forget to also change it in the proxy.", "loc": ["services", "matrix-conduit", "settings", "global", "max_request_size"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.matrix-conduit.settings.global.port": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "6167"}, "description": "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port", "loc": ["services", "matrix-conduit", "settings", "global", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-conduit.settings.global.server_name": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "description": "The server_name is the name of this server. It is used as a suffix for user # and room ids.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "matrix-conduit", "settings", "global", "server_name"], "readOnly": false, "type": "string"}, "services.matrix-conduit.settings.global.trusted_servers": {"declarations": ["nixos/modules/services/matrix/conduit.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"matrix.org\"\n]"}, "description": "Servers trusted with signing server keys.", "loc": ["services", "matrix-conduit", "settings", "global", "trusted_servers"], "readOnly": false, "type": "list of string"}, "services.matrix-continuwuity.admin.enable": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "config.services.matrix-continuwuity.enable"}, "description": "Add conduwuit command to PATH for administration", "loc": ["services", "matrix-continuwuity", "admin", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-continuwuity.enable": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable continuwuity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-continuwuity", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-continuwuity.extraEnvironment": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra Environment variables to pass to the continuwuity server.", "example": {"_type": "literalExpression", "text": "{\n  RUST_BACKTRACE = \"yes\";\n}"}, "loc": ["services", "matrix-continuwuity", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.matrix-continuwuity.group": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "\"continuwuity\""}, "description": "The group {command}`continuwuity` is run as.\n", "loc": ["services", "matrix-continuwuity", "group"], "readOnly": false, "type": "non-empty string"}, "services.matrix-continuwuity.package": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matrix-continuwuity"}, "description": "The matrix-continuwuity package to use.", "loc": ["services", "matrix-continuwuity", "package"], "readOnly": false, "type": "package"}, "services.matrix-continuwuity.settings": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Generates the continuwuity.toml configuration file. Refer to\n<https://continuwuity.org/configuration.html>\nfor details on supported values.\n", "loc": ["services", "matrix-continuwuity", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.matrix-continuwuity.settings.global.address": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator.\nIf set to `null`, continuwuity will listen on IPv4 and IPv6 localhost.\nMust be `null` if `unix_socket_path` is set.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "loc": ["services", "matrix-continuwuity", "settings", "global", "address"], "readOnly": false, "type": "null or (list of non-empty string)"}, "services.matrix-continuwuity.settings.global.allow_announcements_check": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, continuwuity will send a simple GET request periodically to\n<https://continuwuity.org/.well-known/continuwuity/announcements> for any new announcements made.\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "allow_announcements_check"], "readOnly": false, "type": "boolean"}, "services.matrix-continuwuity.settings.global.allow_encryption": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.", "loc": ["services", "matrix-continuwuity", "settings", "global", "allow_encryption"], "readOnly": false, "type": "boolean"}, "services.matrix-continuwuity.settings.global.allow_federation": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this server federates with other servers.\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "allow_federation"], "readOnly": false, "type": "boolean"}, "services.matrix-continuwuity.settings.global.allow_registration": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether new users can register on this server.\n\nRegistration with token requires `registration_token` or `registration_token_file` to be set.\n\nIf set to true without a token configured, and\n`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`\nis set to true, users can freely register.\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "allow_registration"], "readOnly": false, "type": "boolean"}, "services.matrix-continuwuity.settings.global.database_path": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/continuwuity/\""}, "description": "Path to the continuwuity database, the directory where continuwuity will save its data.\nNote that database_path cannot be edited because of the service's reliance on systemd StateDir.\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "database_path"], "readOnly": true, "type": "absolute path"}, "services.matrix-continuwuity.settings.global.max_request_size": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "20000000"}, "description": "Max request size in bytes. Don't forget to also change it in the proxy.", "loc": ["services", "matrix-continuwuity", "settings", "global", "max_request_size"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.matrix-continuwuity.settings.global.port": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "[\n  6167\n]"}, "description": "The port(s) continuwuity will be running on.\nYou need to set up a reverse proxy in your web server (e.g. apache or nginx),\nso all requests to /_matrix on port 443 and 8448 will be forwarded to the continuwuity\ninstance running on this port.\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "port"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-continuwuity.settings.global.server_name": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "description": "The server_name is the name of this server. It is used as a suffix for user and room ids.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "matrix-continuwuity", "settings", "global", "server_name"], "readOnly": false, "type": "non-empty string"}, "services.matrix-continuwuity.settings.global.trusted_servers": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"matrix.org\"\n]"}, "description": "Servers listed here will be used to gather public keys of other servers\n(notary trusted key servers).\n\nCurrently, continuwuity doesn't support inbound batched key requests, so\nthis list should only contain other Synapse servers.\n\nExample: `[ \"matrix.org\" \"constellatory.net\" \"tchncs.de\" ]`\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "trusted_servers"], "readOnly": false, "type": "list of non-empty string"}, "services.matrix-continuwuity.settings.global.unix_socket_path": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen on a UNIX socket at the specified path. If listening on a UNIX socket,\nlistening on an address will be disabled. The `address` option must be set to\n`null` (the default value). The option {option}`services.continuwuity.group` must\nbe set to a group your reverse proxy is part of.\n\nThis will automatically add a system user \"continuwuity\" to your system if\n{option}`services.continuwuity.user` is left at the default, and a \"continuwuity\"\ngroup if {option}`services.continuwuity.group` is left at the default.\n", "loc": ["services", "matrix-continuwuity", "settings", "global", "unix_socket_path"], "readOnly": false, "type": "null or absolute path"}, "services.matrix-continuwuity.settings.global.unix_socket_perms": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "660"}, "description": "The default permissions (in octal) to create the UNIX socket with.", "loc": ["services", "matrix-continuwuity", "settings", "global", "unix_socket_perms"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.matrix-continuwuity.user": {"declarations": ["nixos/modules/services/matrix/continuwuity.nix"], "default": {"_type": "literalExpression", "text": "\"continuwuity\""}, "description": "The user {command}`continuwuity` is run as.\n", "loc": ["services", "matrix-continuwuity", "user"], "readOnly": false, "type": "non-empty string"}, "services.matrix-hookshot.enable": {"declarations": ["nixos/modules/services/matrix/hookshot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable matrix-hookshot, a bridge between Matrix and project management services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-hookshot", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-hookshot.package": {"declarations": ["nixos/modules/services/matrix/hookshot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matrix-hookshot"}, "description": "The matrix-hookshot package to use.", "loc": ["services", "matrix-hookshot", "package"], "readOnly": false, "type": "package"}, "services.matrix-hookshot.registrationFile": {"declarations": ["nixos/modules/services/matrix/hookshot.nix"], "description": "Appservice registration file.\nAs it contains secret tokens, you may not want to add this to the publicly readable Nix store.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"matrix-hookshot-registration\" \\'\\'\n  id: matrix-hookshot\n  as_token: aaaaaaaaaa\n  hs_token: aaaaaaaaaa\n  namespaces:\n    rooms: []\n    users:\n      - regex: \"@_webhooks_.*:foobar\"\n        exclusive: true\n\n  sender_localpart: hookshot\n  url: \"http://localhost:9993\"\n  rate_limited: false\n  \\'\\'\n"}, "loc": ["services", "matrix-hookshot", "registrationFile"], "readOnly": false, "type": "absolute path"}, "services.matrix-hookshot.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/hookshot.nix"], "default": {"_type": "literalExpression", "text": "lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit\n"}, "description": "List of Systemd services to require and wait for when starting the application service,\nsuch as the Matrix homeserver if it's running on the same host.\n", "loc": ["services", "matrix-hookshot", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.matrix-hookshot.settings": {"declarations": ["nixos/modules/services/matrix/hookshot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "{file}`config.yml` configuration as a Nix attribute set.\n\nFor details please see the [documentation](https://matrix-org.github.io/matrix-hookshot/latest/setup/sample-configuration.html).\n", "example": {"_type": "literalExpression", "text": "{\n  bridge = {\n    bindAddress = \"127.0.0.1\";\n    domain = \"example.com\";\n    mediaUrl = \"https://example.com\";\n    port = 9993;\n    url = \"http://localhost:8008\";\n  };\n  listeners = [\n    {\n      bindAddress = \"0.0.0.0\";\n      port = 9000;\n      resources = [\n        \"webhooks\"\n      ];\n    }\n    {\n      bindAddress = \"localhost\";\n      port = 9001;\n      resources = [\n        \"metrics\"\n        \"provisioning\"\n      ];\n    }\n  ];\n}"}, "loc": ["services", "matrix-hookshot", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.matrix-hookshot.settings.passFile": {"declarations": ["nixos/modules/services/matrix/hookshot.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-hookshot/passkey.pem\""}, "description": "A passkey used to encrypt tokens stored inside the bridge.\nFile will be generated if not found.\n", "loc": ["services", "matrix-hookshot", "settings", "passFile"], "readOnly": false, "type": "absolute path"}, "services.matrix-tuwunel.enable": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tuwunel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-tuwunel", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-tuwunel.extraEnvironment": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra Environment variables to pass to the tuwunel server.", "example": {"_type": "literalExpression", "text": "{\n  RUST_BACKTRACE = \"yes\";\n}"}, "loc": ["services", "matrix-tuwunel", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.matrix-tuwunel.group": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "\"tuwunel\""}, "description": "The group {command}`tuwunel` is run as.  If left as the default, the group will\nautomatically be created by the service.\n", "example": {"_type": "literalExpression", "text": "\"conduit\""}, "loc": ["services", "matrix-tuwunel", "group"], "readOnly": false, "type": "non-empty string"}, "services.matrix-tuwunel.package": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matrix-tuwunel"}, "description": "The matrix-tuwunel package to use.", "loc": ["services", "matrix-tuwunel", "package"], "readOnly": false, "type": "package"}, "services.matrix-tuwunel.settings": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Generates the tuwunel.toml configuration file. Refer to\n<https://matrix-construct.github.io/tuwunel/configuration.html>\nfor details on supported values.\n", "loc": ["services", "matrix-tuwunel", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.matrix-tuwunel.settings.global.address": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator.\nIf set to `null`, tuwunel will listen on IPv4 and IPv6 localhost.\nMust be `null` if `unix_socket_path` is set.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "loc": ["services", "matrix-tuwunel", "settings", "global", "address"], "readOnly": false, "type": "null or (list of non-empty string)"}, "services.matrix-tuwunel.settings.global.allow_encryption": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.", "loc": ["services", "matrix-tuwunel", "settings", "global", "allow_encryption"], "readOnly": false, "type": "boolean"}, "services.matrix-tuwunel.settings.global.allow_federation": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this server federates with other servers.\n", "loc": ["services", "matrix-tuwunel", "settings", "global", "allow_federation"], "readOnly": false, "type": "boolean"}, "services.matrix-tuwunel.settings.global.allow_registration": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether new users can register on this server.\n\nRegistration with token requires `registration_token` or `registration_token_file` to be set.\n\nIf set to true without a token configured, and\n`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`\nis set to true, users can freely register.\n", "loc": ["services", "matrix-tuwunel", "settings", "global", "allow_registration"], "readOnly": false, "type": "boolean"}, "services.matrix-tuwunel.settings.global.max_request_size": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "20000000"}, "description": "Max request size in bytes. Don't forget to also change it in the proxy.", "loc": ["services", "matrix-tuwunel", "settings", "global", "max_request_size"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.matrix-tuwunel.settings.global.port": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "[\n  6167\n]"}, "description": "The port(s) tuwunel will be running on.\nYou need to set up a reverse proxy in your web server (e.g. apache or nginx),\nso all requests to /_matrix on port 443 and 8448 will be forwarded to the tuwunel\ninstance running on this port.\n", "loc": ["services", "matrix-tuwunel", "settings", "global", "port"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-tuwunel.settings.global.server_name": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "description": "The server_name is the name of this server. It is used as a suffix for user and room ids.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "matrix-tuwunel", "settings", "global", "server_name"], "readOnly": false, "type": "non-empty string"}, "services.matrix-tuwunel.settings.global.trusted_servers": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"matrix.org\"\n]"}, "description": "Servers listed here will be used to gather public keys of other servers\n(notary trusted key servers).\n\nCurrently, tuwunel doesn't support inbound batched key requests, so\nthis list should only contain other Synapse servers.\n\nExample: `[ \"matrix.org\" \"constellatory.net\" \"tchncs.de\" ]`\n", "loc": ["services", "matrix-tuwunel", "settings", "global", "trusted_servers"], "readOnly": false, "type": "list of non-empty string"}, "services.matrix-tuwunel.settings.global.unix_socket_path": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen on a UNIX socket at the specified path. If listening on a UNIX socket,\nlistening on an address will be disabled. The `address` option must be set to\n`null` (the default value). The option {option}`services.tuwunel.group` must\nbe set to a group your reverse proxy is part of.\n", "loc": ["services", "matrix-tuwunel", "settings", "global", "unix_socket_path"], "readOnly": false, "type": "null or absolute path"}, "services.matrix-tuwunel.settings.global.unix_socket_perms": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "660"}, "description": "The default permissions (in octal) to create the UNIX socket with.", "loc": ["services", "matrix-tuwunel", "settings", "global", "unix_socket_perms"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.matrix-tuwunel.stateDirectory": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "\"tuwunel\""}, "description": "The name of the directory under /var/lib/ where the database will be stored.\n\nNote that `stateDirectory` cannot be changed once created because of the service's reliance on\nsystemd `StateDirectory`.\n", "example": {"_type": "literalExpression", "text": "\"matrix-conduit\""}, "loc": ["services", "matrix-tuwunel", "stateDirectory"], "readOnly": false, "type": "non-empty string"}, "services.matrix-tuwunel.user": {"declarations": ["nixos/modules/services/matrix/tuwunel.nix"], "default": {"_type": "literalExpression", "text": "\"tuwunel\""}, "description": "The user {command}`tuwunel` is run as.  If left as the default, the user will\nautomatically be created by the service.\n", "example": {"_type": "literalExpression", "text": "\"conduit\""}, "loc": ["services", "matrix-tuwunel", "user"], "readOnly": false, "type": "non-empty string"}, "services.matter-server.enable": {"declarations": ["nixos/modules/services/home-automation/matter-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Matter-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matter-server", "enable"], "readOnly": false, "type": "boolean"}, "services.matter-server.extraArgs": {"declarations": ["nixos/modules/services/home-automation/matter-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the matter-server executable.\nSee <https://github.com/home-assistant-libs/python-matter-server?tab=readme-ov-file#running-the-development-server> for options.\n", "loc": ["services", "matter-server", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.matter-server.logLevel": {"declarations": ["nixos/modules/services/home-automation/matter-server.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Verbosity of logs from the matter-server", "loc": ["services", "matter-server", "logLevel"], "readOnly": false, "type": "one of \"critical\", \"error\", \"warning\", \"info\", \"debug\""}, "services.matter-server.openFirewall": {"declarations": ["nixos/modules/services/home-automation/matter-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the port in the firewall.", "loc": ["services", "matter-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.matter-server.package": {"declarations": ["nixos/modules/services/home-automation/matter-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python-matter-server"}, "description": "The python-matter-server package to use.", "loc": ["services", "matter-server", "package"], "readOnly": false, "type": "package"}, "services.matter-server.port": {"declarations": ["nixos/modules/services/home-automation/matter-server.nix"], "default": {"_type": "literalExpression", "text": "5580"}, "description": "Port to expose the matter-server service on.", "loc": ["services", "matter-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matterbridge.configFile": {"declarations": ["nixos/modules/services/networking/matterbridge.nix"], "description": "WARNING: THIS IS INSECURE, as your password will end up in\n{file}`/nix/store`, thus publicly readable. Use\n`services.matterbridge.configPath` instead.\n\nThe matterbridge configuration file in the TOML file format.\n", "example": {"_type": "literalExpression", "text": "''\n  # WARNING: as this file contains credentials, do not use this option!\n  # It is kept only for backwards compatibility, and would cause your\n  # credentials to be in the nix-store, thus with the world-readable\n  # permission bits.\n  # Use services.matterbridge.configPath instead.\n  \n  [irc]\n      [irc.libera]\n      Server=\"irc.libera.chat:6667\"\n      Nick=\"matterbot\"\n  \n  [mattermost]\n      [mattermost.work]\n       # Do not prefix it with http:// or https://\n       Server=\"yourmattermostserver.domain\"\n       Team=\"yourteam\"\n       Login=\"yourlogin\"\n       Password=\"yourpass\"\n       PrefixMessagesWithNick=true\n  \n  [[gateway]]\n  name=\"gateway1\"\n  enable=true\n      [[gateway.inout]]\n      account=\"irc.libera\"\n      channel=\"#testing\"\n  \n      [[gateway.inout]]\n      account=\"mattermost.work\"\n      channel=\"off-topic\"\n''"}, "loc": ["services", "matterbridge", "configFile"], "readOnly": false, "type": "string"}, "services.matterbridge.configPath": {"declarations": ["nixos/modules/services/networking/matterbridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the matterbridge configuration file.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/matterbridge.toml\""}, "loc": ["services", "matterbridge", "configPath"], "readOnly": false, "type": "null or string"}, "services.matterbridge.enable": {"declarations": ["nixos/modules/services/networking/matterbridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Matterbridge chat platform bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matterbridge", "enable"], "readOnly": false, "type": "boolean"}, "services.matterbridge.group": {"declarations": ["nixos/modules/services/networking/matterbridge.nix"], "default": {"_type": "literalExpression", "text": "\"matterbridge\""}, "description": "Group which runs the matterbridge service.\n", "loc": ["services", "matterbridge", "group"], "readOnly": false, "type": "string"}, "services.matterbridge.package": {"declarations": ["nixos/modules/services/networking/matterbridge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matterbridge"}, "description": "The matterbridge package to use.", "loc": ["services", "matterbridge", "package"], "readOnly": false, "type": "package"}, "services.matterbridge.user": {"declarations": ["nixos/modules/services/networking/matterbridge.nix"], "default": {"_type": "literalExpression", "text": "\"matterbridge\""}, "description": "User which runs the matterbridge service.\n", "loc": ["services", "matterbridge", "user"], "readOnly": false, "type": "string"}, "services.mattermost.configDir": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  if versionAtLeast config.system.stateVersion \"25.05\" then\n    \"/etc/mattermost\"\n  else\n    \"''${config.services.mattermost.dataDir}/config\";\n''"}, "description": "Mattermost config directory.\n", "loc": ["services", "mattermost", "configDir"], "readOnly": false, "type": "absolute path"}, "services.mattermost.dataDir": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mattermost\""}, "description": "Mattermost working directory.\n", "loc": ["services", "mattermost", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mattermost.database.create": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create a local PostgreSQL or MySQL database for Mattermost automatically.\n", "loc": ["services", "mattermost", "database", "create"], "readOnly": false, "type": "boolean"}, "services.mattermost.database.driver": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"postgres\""}, "description": "The database driver to use (Postgres or MySQL).\n", "loc": ["services", "mattermost", "database", "driver"], "readOnly": false, "type": "one of \"postgres\", \"mysql\""}, "services.mattermost.database.extraConnectionOptions": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  if config.mattermost.database.driver == \"postgres\" then\n    {\n      sslmode = \"disable\";\n      connect_timeout = 60;\n    }\n  else if config.mattermost.database.driver == \"mysql\" then\n    {\n      charset = \"utf8mb4\";\n      writeTimeout = \"60s\";\n      readTimeout = \"60s\";\n    }\n  else\n    throw \"Invalid database driver\";\n''"}, "description": "Extra options that are placed in the connection URI's query parameters.\n", "loc": ["services", "mattermost", "database", "extraConnectionOptions"], "readOnly": false, "type": "attribute set of (signed integer or string)"}, "services.mattermost.database.fromEnvironment": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use services.mattermost.environmentFile to configure the database instead of writing the database URI\nto the Nix store. Useful if you use password authentication with peerAuth set to false.\n", "loc": ["services", "mattermost", "database", "fromEnvironment"], "readOnly": false, "type": "boolean"}, "services.mattermost.database.host": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host to use for the database. Can also be set to a path if you'd like to connect\nto a socket using a username and password.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "mattermost", "database", "host"], "readOnly": false, "type": "string"}, "services.mattermost.database.name": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"mattermost\""}, "description": "Local Mattermost database name.\n", "loc": ["services", "mattermost", "database", "name"], "readOnly": false, "type": "string"}, "services.mattermost.database.password": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"mmpgsecret\""}, "description": "Password for local Mattermost database user. If set and peerAuth is not true,\nwill cause a warning nagging you to use environmentFile instead since it will\nend up in the Nix store.\n", "loc": ["services", "mattermost", "database", "password"], "readOnly": false, "type": "string"}, "services.mattermost.database.peerAuth": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  versionAtLeast config.system.stateVersion \"25.05\" && config.services.mattermost.database.host == \"localhost\"\n''"}, "description": "If set, will use peer auth instead of connecting to a Postgres server.\nUse services.mattermost.database.socketPath to configure the socket path.\n", "loc": ["services", "mattermost", "database", "peerAuth"], "readOnly": false, "type": "boolean"}, "services.mattermost.database.port": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  if config.services.mattermost.database.type == \"postgres\" then 5432 else 3306\n''"}, "description": "Port to use for the database.\n", "example": {"_type": "literalExpression", "text": "3306"}, "loc": ["services", "mattermost", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mattermost.database.socketPath": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  if config.services.mattermost.database.driver == \"postgres\" then \"/run/postgresql\" else \"/run/mysqld/mysqld.sock\";\n''"}, "description": "The database (Postgres or MySQL) socket path.\n", "loc": ["services", "mattermost", "database", "socketPath"], "readOnly": false, "type": "absolute path"}, "services.mattermost.database.user": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"mattermost\""}, "description": "Local Mattermost database username.\n", "loc": ["services", "mattermost", "database", "user"], "readOnly": false, "type": "string"}, "services.mattermost.enable": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mattermost chat server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mattermost", "enable"], "readOnly": false, "type": "boolean"}, "services.mattermost.environment": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to export to the Mattermost process\nfrom the systemd unit configuration.\n", "example": {"_type": "literalExpression", "text": "{\n  MM_SERVICESETTINGS_SITEURL = \"http://example.com\";\n}"}, "loc": ["services", "mattermost", "environment"], "readOnly": false, "type": "attribute set of (signed integer or string)"}, "services.mattermost.environmentFile": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file (see {manpage}`systemd.exec(5)`\n\"EnvironmentFile=\" section for the syntax) which sets config options\nfor mattermost (see [the Mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)).\n\nSettings defined in the environment file will overwrite settings\nset via Nix or via the {option}`services.mattermost.extraConfig`\noption.\n\nUseful for setting config options without their value ending up in the\n(world-readable) Nix store, e.g. for a database password.\n", "loc": ["services", "mattermost", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mattermost.group": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"mattermost\""}, "description": "Group which runs the Mattermost service.\n", "loc": ["services", "mattermost", "group"], "readOnly": false, "type": "string"}, "services.mattermost.host": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host or address that this Mattermost instance listens on.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "mattermost", "host"], "readOnly": false, "type": "string"}, "services.mattermost.logDir": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  if versionAtLeast config.system.stateVersion \"25.05\" then \"/var/log/mattermost\"\n  else \"''${config.services.mattermost.dataDir}/logs\";\n''"}, "description": "Mattermost log directory.\n", "loc": ["services", "mattermost", "logDir"], "readOnly": false, "type": "absolute path"}, "services.mattermost.matterircd.enable": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mattermost IRC bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mattermost", "matterircd", "enable"], "readOnly": false, "type": "boolean"}, "services.mattermost.matterircd.package": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "pkgs.matterircd"}, "description": "The matterircd package to use.", "loc": ["services", "mattermost", "matterircd", "package"], "readOnly": false, "type": "package"}, "services.mattermost.matterircd.parameters": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Set commandline parameters to pass to matterircd. See\n<https://github.com/42wim/matterircd#usage> for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-mmserver chat.example.com\"\n  \"-bind [::]:6667\"\n]"}, "loc": ["services", "mattermost", "matterircd", "parameters"], "readOnly": false, "type": "list of string"}, "services.mattermost.mutableConfig": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the Mattermost config.json is writeable by Mattermost.\n\nMost of the settings can be edited in the system console of\nMattermost if this option is enabled. A template config using\nthe options specified in services.mattermost will be generated\nbut won't be overwritten on changes or rebuilds.\n\nIf this option is disabled, persistent changes in the system\nconsole won't be possible (the default). If a config.json is\npresent, it will be overwritten at service start!\n", "loc": ["services", "mattermost", "mutableConfig"], "readOnly": false, "type": "boolean"}, "services.mattermost.package": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mattermost"}, "description": "The mattermost package to use.", "loc": ["services", "mattermost", "package"], "readOnly": false, "type": "package"}, "services.mattermost.plugins": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugins to add to the configuration. Overrides any installed if non-null.\nThis is a list of paths to .tar.gz files or derivations evaluating to\n.tar.gz files. You can use `mattermost.buildPlugin` to build plugins;\nsee the NixOS documentation for more details.\n", "example": {"_type": "literalExpression", "text": "\"[ ./com.github.moussetc.mattermost.plugin.giphy-2.0.0.tar.gz ]\""}, "loc": ["services", "mattermost", "plugins"], "readOnly": false, "type": "list of (absolute path or package)"}, "services.mattermost.pluginsBundle": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  All entries in {config}`services.mattermost.plugins`, repacked\n''"}, "description": "Derivation building to a directory of plugin tarballs.\nThis overrides {option}`services.mattermost.plugins` if provided.\n", "loc": ["services", "mattermost", "pluginsBundle"], "readOnly": false, "type": "null or package"}, "services.mattermost.port": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "8065"}, "description": "Port for Mattermost server to listen on.\n", "loc": ["services", "mattermost", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mattermost.preferNixConfig": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "''\n  versionAtLeast config.system.stateVersion \"25.05\";\n''"}, "description": "If both mutableConfig and this option are set, the Nix configuration\nwill take precedence over any settings configured in the server\nconsole.\n", "loc": ["services", "mattermost", "preferNixConfig"], "readOnly": false, "type": "boolean"}, "services.mattermost.settings": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration options as Nix attribute set in config.json schema.\n", "loc": ["services", "mattermost", "settings"], "readOnly": false, "type": "JSON value"}, "services.mattermost.siteName": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"Mattermost\""}, "description": "Name of this Mattermost site.", "loc": ["services", "mattermost", "siteName"], "readOnly": false, "type": "string"}, "services.mattermost.siteUrl": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "description": "URL this Mattermost instance is reachable under, without trailing slash.\n", "example": {"_type": "literalExpression", "text": "\"https://chat.example.com\""}, "loc": ["services", "mattermost", "siteUrl"], "readOnly": false, "type": "string"}, "services.mattermost.socket.enable": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mattermost control socket.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mattermost", "socket", "enable"], "readOnly": false, "type": "boolean"}, "services.mattermost.socket.export": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Export socket control to system environment variables.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mattermost", "socket", "export"], "readOnly": false, "type": "boolean"}, "services.mattermost.socket.path": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"\\${config.mattermost.dataDir}/mattermost.sock\""}, "description": "Default location for the Mattermost control socket used by `mmctl`.\n", "loc": ["services", "mattermost", "socket", "path"], "readOnly": false, "type": "absolute path"}, "services.mattermost.telemetry.enableDiagnostics": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "True if we should enable sending diagnostic data. This reaches out to Mattermost's servers:\nhttps://docs.mattermost.com/manage/telemetry.html#error-and-diagnostics-reporting-feature\n", "loc": ["services", "mattermost", "telemetry", "enableDiagnostics"], "readOnly": false, "type": "boolean"}, "services.mattermost.telemetry.enableSecurityAlerts": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "True if we should enable security update checking. This reaches out to Mattermost's servers:\nhttps://docs.mattermost.com/manage/telemetry.html#security-update-check-feature\n", "loc": ["services", "mattermost", "telemetry", "enableSecurityAlerts"], "readOnly": false, "type": "boolean"}, "services.mattermost.user": {"declarations": ["nixos/modules/services/web-apps/mattermost.nix"], "default": {"_type": "literalExpression", "text": "\"mattermost\""}, "description": "User which runs the Mattermost service.\n", "loc": ["services", "mattermost", "user"], "readOnly": false, "type": "string"}, "services.maubot.configMutable": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether maubot should write updated config into `extraConfigFile`. **This will make your Nix module settings have no effect besides the initial config, as extraConfigFile takes precedence over NixOS settings!**\n", "loc": ["services", "maubot", "configMutable"], "readOnly": false, "type": "boolean"}, "services.maubot.dataDir": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/maubot\""}, "description": "The directory where maubot stores its stateful data.\n", "loc": ["services", "maubot", "dataDir"], "readOnly": false, "type": "string"}, "services.maubot.enable": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable maubot.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "maubot", "enable"], "readOnly": false, "type": "boolean"}, "services.maubot.extraConfigFile": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.maubot.dataDir}/config.yaml\""}, "description": "A file for storing secrets. You can pass homeserver registration keys here.\nIf it already exists, **it must contain `server.unshared_secret`** which is used for signing API keys.\nIf `configMutable` is not set to true, **maubot user must have write access to this file**.\n", "loc": ["services", "maubot", "extraConfigFile"], "readOnly": false, "type": "string"}, "services.maubot.package": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "pkgs.maubot"}, "description": "The maubot package to use.", "loc": ["services", "maubot", "package"], "readOnly": false, "type": "package"}, "services.maubot.plugins": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional maubot plugins to make available.\n", "example": {"_type": "literalExpression", "text": "with config.services.maubot.package.plugins; [\n  xyz.maubot.reactbot\n  xyz.maubot.rss\n];\n"}, "loc": ["services", "maubot", "plugins"], "readOnly": false, "type": "list of package"}, "services.maubot.pythonPackages": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional Python packages to make available for maubot.\n", "example": {"_type": "literalExpression", "text": "with pkgs.python3Packages; [\n  aiohttp\n];\n"}, "loc": ["services", "maubot", "pythonPackages"], "readOnly": false, "type": "list of package"}, "services.maubot.settings": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "YAML settings for maubot. See the\n[example configuration](https://github.com/maubot/maubot/blob/master/maubot/example-config.yaml)\nfor more info.\n\nSecrets should be passed in by using `extraConfigFile`.\n", "loc": ["services", "maubot", "settings"], "readOnly": false, "type": "submodule"}, "services.maubot.settings.admins": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{\n  root = \"\";\n}"}, "description": "List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password\nto prevent normal login. Root is a special user that can't have a password and will always exist.\n", "loc": ["services", "maubot", "settings", "admins"], "readOnly": false, "type": "attribute set of string"}, "services.maubot.settings.api_features": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{\n  client = true;\n  client_auth = true;\n  client_proxy = true;\n  dev_open = true;\n  instance = true;\n  instance_database = true;\n  log = true;\n  login = true;\n  plugin = true;\n  plugin_upload = true;\n}"}, "description": "API feature switches.\n", "loc": ["services", "maubot", "settings", "api_features"], "readOnly": false, "type": "attribute set of boolean"}, "services.maubot.settings.crypto_database": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "Separate database URL for the crypto database. By default, the regular database is also used for crypto.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://username:password@hostname/dbname\""}, "loc": ["services", "maubot", "settings", "crypto_database"], "readOnly": false, "type": "string"}, "services.maubot.settings.database": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:maubot.db\""}, "description": "The full URI to the database. SQLite and Postgres are fully supported.\nOther DBMSes supported by SQLAlchemy may or may not work.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://username:password@hostname/dbname\""}, "loc": ["services", "maubot", "settings", "database"], "readOnly": false, "type": "string"}, "services.maubot.settings.database_opts": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional arguments for asyncpg.create_pool() or sqlite3.connect()\n", "loc": ["services", "maubot", "settings", "database_opts"], "readOnly": false, "type": "attribute set"}, "services.maubot.settings.homeservers": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"matrix.org\" = {\n    url = \"https://matrix-client.matrix.org\";\n  };\n}"}, "description": "Known homeservers. This is required for the `mbc auth` command and also allows more convenient access from the management UI.\nIf you want to specify registration secrets, pass this via extraConfigFile instead.\n", "loc": ["services", "maubot", "settings", "homeservers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.maubot.settings.homeservers.<name>.url": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "description": "Client-server API URL\n", "loc": ["services", "maubot", "settings", "homeservers", "<name>", "url"], "readOnly": false, "type": "string"}, "services.maubot.settings.logging": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{\n  formatters = {\n    colored = {\n      \"()\" = \"maubot.lib.color_log.ColorFormatter\";\n      format = \"[%(asctime)s] [%(levelname)s@%(name)s] %(message)s\";\n    };\n    normal = {\n      format = \"[%(asctime)s] [%(levelname)s@%(name)s] %(message)s\";\n    };\n  };\n  handlers = {\n    console = {\n      class = \"logging.StreamHandler\";\n      formatter = \"colored\";\n    };\n    file = {\n      backupCount = 10;\n      class = \"logging.handlers.RotatingFileHandler\";\n      filename = \"./maubot.log\";\n      formatter = \"normal\";\n      maxBytes = 10485760;\n    };\n  };\n  loggers = {\n    aiohttp = {\n      level = \"INFO\";\n    };\n    mau = {\n      level = \"DEBUG\";\n    };\n    maubot = {\n      level = \"DEBUG\";\n    };\n  };\n  root = {\n    handlers = [\n      \"file\"\n      \"console\"\n    ];\n    level = \"DEBUG\";\n  };\n  version = 1;\n}"}, "description": "Python logging configuration. See [section 16.7.2 of the Python\ndocumentation](https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema)\nfor more info.\n", "loc": ["services", "maubot", "settings", "logging"], "readOnly": false, "type": "attribute set"}, "services.maubot.settings.plugin_databases": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Plugin database settings", "loc": ["services", "maubot", "settings", "plugin_databases"], "readOnly": false, "type": "submodule"}, "services.maubot.settings.plugin_databases.postgres": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "if isPostgresql config.services.maubot.settings.database then \"default\" else null"}, "description": "The connection URL for plugin database. See [example config](https://github.com/maubot/maubot/blob/master/maubot/example-config.yaml) for exact format.\n", "loc": ["services", "maubot", "settings", "plugin_databases", "postgres"], "readOnly": false, "type": "null or string"}, "services.maubot.settings.plugin_databases.postgres_max_conns_per_plugin": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Maximum number of connections per plugin instance.\n", "loc": ["services", "maubot", "settings", "plugin_databases", "postgres_max_conns_per_plugin"], "readOnly": false, "type": "null or signed integer"}, "services.maubot.settings.plugin_databases.postgres_opts": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Overrides for the default database_opts when using a non-default postgres connection URL.\n", "loc": ["services", "maubot", "settings", "plugin_databases", "postgres_opts"], "readOnly": false, "type": "attribute set"}, "services.maubot.settings.plugin_databases.sqlite": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.maubot.dataDir}/plugins\""}, "description": "The directory where SQLite plugin databases should be stored.\n", "loc": ["services", "maubot", "settings", "plugin_databases", "sqlite"], "readOnly": false, "type": "string"}, "services.maubot.settings.plugin_directories": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Plugin directory paths", "loc": ["services", "maubot", "settings", "plugin_directories"], "readOnly": false, "type": "submodule"}, "services.maubot.settings.plugin_directories.load": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "[ \"${config.services.maubot.dataDir}/plugins\" ]"}, "description": "The directories from which plugins should be loaded. Duplicate plugin IDs will be moved to the trash.\n", "loc": ["services", "maubot", "settings", "plugin_directories", "load"], "readOnly": false, "type": "list of string"}, "services.maubot.settings.plugin_directories.trash": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.maubot.dataDir}/trash\""}, "description": "The directory where old plugin versions and conflicting plugins should be moved. Set to null to delete files immediately.\n", "loc": ["services", "maubot", "settings", "plugin_directories", "trash"], "readOnly": false, "type": "null or string"}, "services.maubot.settings.plugin_directories.upload": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.maubot.dataDir}/plugins\""}, "description": "The directory where uploaded new plugins should be stored.\n", "loc": ["services", "maubot", "settings", "plugin_directories", "upload"], "readOnly": false, "type": "string"}, "services.maubot.settings.server": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Listener config", "loc": ["services", "maubot", "settings", "server"], "readOnly": false, "type": "submodule"}, "services.maubot.settings.server.hostname": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP to listen on\n", "loc": ["services", "maubot", "settings", "server", "hostname"], "readOnly": false, "type": "string"}, "services.maubot.settings.server.override_resource_path": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override path from where to load UI resources.\n", "loc": ["services", "maubot", "settings", "server", "override_resource_path"], "readOnly": false, "type": "null or string"}, "services.maubot.settings.server.plugin_base_path": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.maubot.settings.server.ui_base_path}/plugin/\"\n"}, "description": "The base path for plugin endpoints. The instance ID will be appended directly.\n", "loc": ["services", "maubot", "settings", "server", "plugin_base_path"], "readOnly": false, "type": "string"}, "services.maubot.settings.server.port": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "29316"}, "description": "The port to listen on\n", "loc": ["services", "maubot", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.maubot.settings.server.public_url": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"http://${config.services.maubot.settings.server.hostname}:${toString config.services.maubot.settings.server.port}\""}, "description": "Public base URL where the server is visible.\n", "loc": ["services", "maubot", "settings", "server", "public_url"], "readOnly": false, "type": "string"}, "services.maubot.settings.server.ui_base_path": {"declarations": ["nixos/modules/services/matrix/maubot.nix"], "default": {"_type": "literalExpression", "text": "\"/_matrix/maubot\""}, "description": "The base path for the UI.\n", "loc": ["services", "maubot", "settings", "server", "ui_base_path"], "readOnly": false, "type": "string"}, "services.mautrix-discord.dataDir": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mautrix-discord\""}, "description": "Directory to store the bridge's configuration and database files.\nThis directory will be created if it does not exist.\n", "loc": ["services", "mautrix-discord", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mautrix-discord.enable": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mautrix-Discord, a Matrix-Discord puppeting/relay-bot bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mautrix-discord", "enable"], "readOnly": false, "type": "boolean"}, "services.mautrix-discord.environmentFile": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to substitute when copying the configuration\nout of Nix store to the `services.mautrix-discord.dataDir`.\nCan be used for storing the secrets without making them available in the Nix store.\nFor example, you can set `services.mautrix-discord.settings.appservice.as_token = \"$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN\"`\nand then specify `MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN=\"{token}\"` in the environment file.\nThis value will get substituted into the configuration file as a token.\n", "loc": ["services", "mautrix-discord", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mautrix-discord.package": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mautrix-discord"}, "description": "The mautrix-discord package to use.", "loc": ["services", "mautrix-discord", "package"], "readOnly": false, "type": "package"}, "services.mautrix-discord.registerToSynapse": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "config.services.matrix-synapse.enable"}, "description": "Whether to add the bridge's app service registration file to\n`services.matrix-synapse.settings.app_service_config_files`.\n", "loc": ["services", "mautrix-discord", "registerToSynapse"], "readOnly": false, "type": "boolean"}, "services.mautrix-discord.registrationServiceUnit": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "\"mautrix-discord-registration.service\""}, "description": "The registration service that generates the registration file.\nSystemd unit (a service or a target) for other services to depend on if they\nneed to be started after mautrix-discord registration service.\nThis option is useful as the actual parent unit for all matrix-synapse processes\nchanges when configuring workers.\n", "loc": ["services", "mautrix-discord", "registrationServiceUnit"], "readOnly": true, "type": "string"}, "services.mautrix-discord.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "''\n  [ cfg.registrationServiceUnit ] ++\n  (lib.lists.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) ++\n  (lib.lists.optional config.services.matrix-conduit.enable \"matrix-conduit.service\") ++\n  (lib.lists.optional config.services.dendrite.enable \"dendrite.service\");\n''"}, "description": "List of Systemd services to require and wait for when starting the application service.\n", "loc": ["services", "mautrix-discord", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.mautrix-discord.serviceUnit": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "\"mautrix-discord.service\""}, "description": "The systemd unit (a service or a target) for other services to depend on if they\nneed to be started after matrix-synapse.\nThis option is useful as the actual parent unit for all matrix-synapse processes\nchanges when configuring workers.\n", "loc": ["services", "mautrix-discord", "serviceUnit"], "readOnly": true, "type": "string"}, "services.mautrix-discord.settings": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "{file}`config.yaml` configuration as a Nix attribute set.\nConfiguration options should match those described in\n[example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml).\n", "example": {"_type": "literalExpression", "text": "{\n  homeserver = {\n    address = \"http://localhost:8008\";\n    domain = \"public-domain.tld\";\n  };\n\n  appservice.public = {\n    prefix = \"/public\";\n    external = \"https://public-appservice-address/public\";\n  };\n\n  bridge.permissions = {\n    \"example.com\" = \"user\";\n    \"@admin:example.com\" = \"admin\";\n  };\n}\n"}, "loc": ["services", "mautrix-discord", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.mautrix-discord.settings.appservice": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "{\n  address = \"http://localhost:29334\";\n  hostname = \"0.0.0.0\";\n  port = 29334;\n  database = {\n    type = \"sqlite3\";\n    uri = \"file:${config.services.mautrix-discord.dataDir}/mautrix-discord.db?_txlock=immediate\";\n    max_open_conns = 20;\n    max_idle_conns = 2;\n    max_conn_idle_time = null;\n    max_conn_lifetime = null;\n  };\n  id = \"discord\";\n  bot = {\n    username = \"discordbot\";\n    displayname = \"Discord bridge bot\";\n    avatar = \"mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC\";\n  };\n  ephemeral_events = true;\n  async_transactions = false;\n  as_token = \"This value is generated when generating the registration\";\n  hs_token = \"This value is generated when generating the registration\";\n}\n"}, "description": "Appservice configuration.\nSee [example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml)\nfor more information.\n", "loc": ["services", "mautrix-discord", "settings", "appservice"], "readOnly": false, "type": "attribute set"}, "services.mautrix-discord.settings.bridge": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "{\n  animated_sticker = {\n    args = {\n      fps = 25;\n      height = 320;\n      width = 320;\n    };\n    target = \"webp\";\n  };\n  autojoin_thread_on_open = true;\n  avatar_proxy_key = \"generate\";\n  backfill = {\n    forward_limits = {\n      initial = {\n        channel = 0;\n        dm = 0;\n        thread = 0;\n      };\n      max_guild_members = -1;\n      missed = {\n        channel = 0;\n        dm = 0;\n        thread = 0;\n      };\n    };\n  };\n  cache_media = \"unencrypted\";\n  channel_name_template = \"{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}\";\n  command_prefix = \"!discord\";\n  custom_emoji_reactions = true;\n  delete_guild_on_leave = true;\n  delete_portal_on_channel_delete = false;\n  delivery_receipts = false;\n  direct_media = {\n    allow_proxy = true;\n    enabled = false;\n    server_key = \"generate\";\n  };\n  displayname_template = \"{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}}\";\n  double_puppet_allow_discovery = false;\n  double_puppet_server_map = { };\n  embed_fields_as_tables = true;\n  enable_webhook_avatars = false;\n  encryption = {\n    allow = false;\n    allow_key_sharing = false;\n    appservice = false;\n    default = false;\n    delete_keys = {\n      delete_fully_used_on_decrypt = false;\n      delete_on_device_delete = false;\n      delete_outbound_on_ack = false;\n      delete_outdated_inbound = false;\n      delete_prev_on_new_session = false;\n      dont_store_outbound = false;\n      periodically_delete_expired = false;\n      ratchet_on_decrypt = false;\n    };\n    msc4190 = false;\n    plaintext_mentions = false;\n    require = false;\n    rotation = {\n      disable_device_change_key_rotation = false;\n      enable_custom = false;\n      messages = 100;\n      milliseconds = 604800000;\n    };\n    verification_levels = {\n      receive = \"unverified\";\n      send = \"unverified\";\n      share = \"cross-signed-tofu\";\n    };\n  };\n  federate_rooms = true;\n  guild_name_template = \"{{.Name}}\";\n  login_shared_secret_map = { };\n  management_room_text = {\n    additional_help = \"\";\n    welcome = \"Hello, I'm a Discord bridge bot.\";\n    welcome_connected = \"Use `help` for help.\";\n    welcome_unconnected = \"Use `help` for help or `login` to log in.\";\n  };\n  message_error_notices = true;\n  message_status_events = false;\n  mute_channels_on_create = false;\n  permissions = {\n    \"*\" = \"relay\";\n  };\n  portal_message_buffer = 128;\n  prefix_webhook_messages = true;\n  private_chat_portal_meta = \"default\";\n  provisioning = {\n    debug_endpoints = false;\n    prefix = \"/_matrix/provision\";\n    shared_secret = \"generate\";\n  };\n  public_address = null;\n  resend_bridge_info = false;\n  restricted_rooms = true;\n  startup_private_channel_create_limit = 5;\n  sync_direct_chat_list = false;\n  use_discord_cdn_upload = true;\n  username_template = \"discord_{{.}}\";\n}"}, "description": "Bridge configuration.\nSee [example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml)\nfor more information.\n", "loc": ["services", "mautrix-discord", "settings", "bridge"], "readOnly": false, "type": "attribute set"}, "services.mautrix-discord.settings.homeserver": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "{\n  async_media = false;\n  message_send_checkpoint_endpoint = null;\n  ping_interval_seconds = 0;\n  software = \"standard\";\n  status_endpoint = null;\n  websocket = false;\n}"}, "description": "fullDataDiration.\n                See [example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml)\n                for more information.\n", "loc": ["services", "mautrix-discord", "settings", "homeserver"], "readOnly": false, "type": "attribute set"}, "services.mautrix-discord.settings.logging": {"declarations": ["nixos/modules/services/matrix/mautrix-discord.nix"], "default": {"_type": "literalExpression", "text": "{\n  min_level = \"info\";\n  writers = [\n    {\n      format = \"pretty-colored\";\n      time_format = \" \";\n      type = \"stdout\";\n    }\n  ];\n}"}, "description": "Logging configuration.\nSee [example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml)\nfor more information.\n", "loc": ["services", "mautrix-discord", "settings", "logging"], "readOnly": false, "type": "attribute set"}, "services.mautrix-meta.instances": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "description": "Configuration of multiple `mautrix-meta` instances.\n`services.mautrix-meta.instances.facebook` and `services.mautrix-meta.instances.instagram`\ncome preconfigured with network.mode, appservice.id, bot username, display name and avatar.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    facebook = {\n      enable = true;\n      settings = {\n        homeserver.domain = \"example.com\";\n      };\n    };\n  \n    instagram = {\n      enable = true;\n      settings = {\n        homeserver.domain = \"example.com\";\n      };\n    };\n  \n    messenger = {\n      enable = true;\n      settings = {\n        network.mode = \"messenger\";\n        homeserver.domain = \"example.com\";\n        appservice = {\n          id = \"messenger\";\n          bot = {\n            username = \"messengerbot\";\n            displayname = \"Messenger bridge bot\";\n            avatar = \"mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak\";\n          };\n        };\n      };\n    };\n  }\n''"}, "loc": ["services", "mautrix-meta", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mautrix-meta.instances.<name>.dataDir": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "\"mautrix-meta-\u2039name\u203a\""}, "description": "Path to the directory with database, registration, and other data for the bridge service.\nThis path is relative to `/var/lib`, it cannot start with `../` (it cannot be outside of `/var/lib`).\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "dataDir"], "readOnly": false, "type": "string"}, "services.mautrix-meta.instances.<name>.enable": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mautrix-meta", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.mautrix-meta.instances.<name>.environmentFile": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to substitute when copying the configuration\nout of Nix store to the `services.mautrix-meta.dataDir`.\n\nCan be used for storing the secrets without making them available in the Nix store.\n\nFor example, you can set `services.mautrix-meta.settings.appservice.as_token = \"$MAUTRIX_META_APPSERVICE_AS_TOKEN\"`\nand then specify `MAUTRIX_META_APPSERVICE_AS_TOKEN=\"{token}\"` in the environment file.\nThis value will get substituted into the configuration file as as token.\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mautrix-meta.instances.<name>.registerToSynapse": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add registration file to `services.matrix-synapse.settings.app_service_config_files` and\nmake Synapse wait for registration service.\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "registerToSynapse"], "readOnly": false, "type": "boolean"}, "services.mautrix-meta.instances.<name>.registrationFile": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "description": "Path to the yaml registration file of the appservice.\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "registrationFile"], "readOnly": true, "type": "absolute path"}, "services.mautrix-meta.instances.<name>.registrationServiceUnit": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "description": "The registration service that generates the registration file.\n\nSystemd unit (a service or a target) for other services to depend on if they\nneed to be started after mautrix-meta registration service.\n\nThis option is useful as the actual parent unit for all matrix-synapse processes\nchanges when configuring workers.\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "registrationServiceUnit"], "readOnly": true, "type": "string"}, "services.mautrix-meta.instances.<name>.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "''\n  [ config.registrationServiceUnit ] ++\n  (lib.lists.optional upperConfig.services.matrix-synapse.enable upperConfig.services.matrix-synapse.serviceUnit) ++\n  (lib.lists.optional upperConfig.services.matrix-conduit.enable \"matrix-conduit.service\") ++\n  (lib.lists.optional upperConfig.services.dendrite.enable \"dendrite.service\");\n''"}, "description": "List of Systemd services to require and wait for when starting the application service.\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.mautrix-meta.instances.<name>.serviceUnit": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "description": "The systemd unit (a service or a target) for other services to depend on if they\nneed to be started after matrix-synapse.\n\nThis option is useful as the actual parent unit for all matrix-synapse processes\nchanges when configuring workers.\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "serviceUnit"], "readOnly": true, "type": "string"}, "services.mautrix-meta.instances.<name>.settings": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    homeserver = {\n      software = \"standard\";\n      address = \"https://''${config.settings.homeserver.domain}\";\n    };\n  \n    appservice = {\n      database = {\n        type = \"sqlite3-fk-wal\";\n        uri = \"file:''${fullDataDir config}/mautrix-meta.db?_txlock=immediate\";\n      };\n  \n      hostname = \"localhost\";\n      port = 29319;\n      address = \"http://''${config.settings.appservice.hostname}:''${toString config.settings.appservice.port}\";\n    };\n  \n    bridge = {\n      # Require encryption by default to make the bridge more secure\n      encryption = {\n        allow = true;\n        default = true;\n        require = true;\n  \n        # Recommended options from mautrix documentation\n        # for optimal security.\n        delete_keys = {\n          dont_store_outbound = true;\n          ratchet_on_decrypt = true;\n          delete_fully_used_on_decrypt = true;\n          delete_prev_on_new_session = true;\n          delete_on_device_delete = true;\n          periodically_delete_expired = true;\n          delete_outdated_inbound = true;\n        };\n  \n        verification_levels = {\n          receive = \"cross-signed-tofu\";\n          send = \"cross-signed-tofu\";\n          share = \"cross-signed-tofu\";\n        };\n      };\n    };\n  \n    logging = {\n      min_level = \"info\";\n      writers = lib.singleton {\n        type = \"stdout\";\n        format = \"pretty-colored\";\n        time_format = \" \";\n      };\n    };\n  };\n''"}, "description": "{file}`config.yaml` configuration as a Nix attribute set.\nConfiguration options should match those described in\n[example-config.yaml](https://github.com/mautrix/meta/blob/main/example-config.yaml).\n\nSecret tokens should be specified using {option}`environmentFile`\ninstead\n", "loc": ["services", "mautrix-meta", "instances", "<name>", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.mautrix-meta.package": {"declarations": ["nixos/modules/services/matrix/mautrix-meta.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mautrix-meta"}, "description": "The mautrix-meta package to use.", "loc": ["services", "mautrix-meta", "package"], "readOnly": false, "type": "package"}, "services.mautrix-telegram.enable": {"declarations": ["nixos/modules/services/matrix/mautrix-telegram.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mautrix-telegram", "enable"], "readOnly": false, "type": "boolean"}, "services.mautrix-telegram.environmentFile": {"declarations": ["nixos/modules/services/matrix/mautrix-telegram.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to the mautrix-telegram service,\nin which secret tokens can be specified securely by defining values for e.g.\n`MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN`,\n`MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN`,\n`MAUTRIX_TELEGRAM_TELEGRAM_API_ID`,\n`MAUTRIX_TELEGRAM_TELEGRAM_API_HASH` and optionally\n`MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN`.\n\nThese environment variables can also be used to set other options by\nreplacing hierarchy levels by `.`, converting the name to uppercase\nand prepending `MAUTRIX_TELEGRAM_`.\nFor example, the first value above maps to\n{option}`settings.appservice.as_token`.\n\nThe environment variable values can be prefixed with `json::` to have\nthem be parsed as JSON. For example, `login_shared_secret_map` can be\nset as follows:\n`MAUTRIX_TELEGRAM_BRIDGE_LOGIN_SHARED_SECRET_MAP=json::{\"example.com\":\"secret\"}`.\n", "loc": ["services", "mautrix-telegram", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mautrix-telegram.package": {"declarations": ["nixos/modules/services/matrix/mautrix-telegram.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mautrix-telegram"}, "description": "The mautrix-telegram package to use.", "loc": ["services", "mautrix-telegram", "package"], "readOnly": false, "type": "package"}, "services.mautrix-telegram.registerToSynapse": {"declarations": ["nixos/modules/services/matrix/mautrix-telegram.nix"], "default": {"_type": "literalExpression", "text": "config.services.matrix-synapse.enable"}, "description": "Whether to add the bridge's app service registration file to\n`services.matrix-synapse.settings.app_service_config_files`.\n", "loc": ["services", "mautrix-telegram", "registerToSynapse"], "readOnly": false, "type": "boolean"}, "services.mautrix-telegram.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/mautrix-telegram.nix"], "default": {"_type": "literalExpression", "text": "lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit\n"}, "description": "List of Systemd services to require and wait for when starting the application service.\n", "loc": ["services", "mautrix-telegram", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.mautrix-telegram.settings": {"declarations": ["nixos/modules/services/matrix/mautrix-telegram.nix"], "default": {"_type": "literalExpression", "text": "{\n  appservice = {\n    address = \"http://localhost:8080\";\n    database = \"sqlite:////var/lib/mautrix-telegram/mautrix-telegram.db\";\n    database_opts = { };\n    hostname = \"0.0.0.0\";\n    port = 8080;\n  };\n  bridge = {\n    double_puppet_server_map = { };\n    login_shared_secret_map = { };\n    permissions = {\n      \"*\" = \"relaybot\";\n    };\n    relaybot = {\n      whitelist = [ ];\n    };\n  };\n  homeserver = {\n    software = \"standard\";\n  };\n  logging = {\n    formatters = {\n      precise = {\n        format = \"[%(levelname)s@%(name)s] %(message)s\";\n      };\n    };\n    handlers = {\n      console = {\n        class = \"logging.StreamHandler\";\n        formatter = \"precise\";\n      };\n    };\n    loggers = {\n      aiohttp = {\n        level = \"WARNING\";\n      };\n      mau = {\n        level = \"INFO\";\n      };\n      telethon = {\n        level = \"INFO\";\n      };\n    };\n    root = {\n      handlers = [\n        \"console\"\n      ];\n      level = \"INFO\";\n    };\n    version = 1;\n  };\n}"}, "description": "{file}`config.yaml` configuration as a Nix attribute set.\nConfiguration options should match those described in\n[example-config.yaml](https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml).\n\nSecret tokens should be specified using {option}`environmentFile`\ninstead of this world-readable attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  homeserver = {\n    address = \"http://localhost:8008\";\n    domain = \"public-domain.tld\";\n  };\n\n  appservice.public = {\n    prefix = \"/public\";\n    external = \"https://public-appservice-address/public\";\n  };\n\n  bridge.permissions = {\n    \"example.com\" = \"full\";\n    \"@admin:example.com\" = \"admin\";\n  };\n  telegram = {\n    connection.use_ipv6 = true;\n  };\n}\n"}, "loc": ["services", "mautrix-telegram", "settings"], "readOnly": false, "type": "JSON value"}, "services.mbpfan.aggressive": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If true, favors higher default fan speeds.", "loc": ["services", "mbpfan", "aggressive"], "readOnly": false, "type": "boolean"}, "services.mbpfan.enable": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mbpfan, fan controller daemon for Apple Macs and MacBooks.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mbpfan", "enable"], "readOnly": false, "type": "boolean"}, "services.mbpfan.package": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mbpfan"}, "description": "The mbpfan package to use.", "loc": ["services", "mbpfan", "package"], "readOnly": false, "type": "package"}, "services.mbpfan.settings": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "INI configuration for Mbpfan.", "loc": ["services", "mbpfan", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.mbpfan.settings.general.high_temp": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "58"}, "description": "If temperature is above this, fan speed will gradually increase.", "loc": ["services", "mbpfan", "settings", "general", "high_temp"], "readOnly": false, "type": "signed integer"}, "services.mbpfan.settings.general.low_temp": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "55"}, "description": "If temperature is below this, fans will run at minimum speed.", "loc": ["services", "mbpfan", "settings", "general", "low_temp"], "readOnly": false, "type": "signed integer"}, "services.mbpfan.settings.general.max_temp": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "78"}, "description": "If temperature is above this, fans will run at maximum speed.", "loc": ["services", "mbpfan", "settings", "general", "max_temp"], "readOnly": false, "type": "signed integer"}, "services.mbpfan.settings.general.polling_interval": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The polling interval.", "loc": ["services", "mbpfan", "settings", "general", "polling_interval"], "readOnly": false, "type": "signed integer"}, "services.mbpfan.verbose": {"declarations": ["nixos/modules/services/misc/mbpfan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, sets the log level to verbose.", "loc": ["services", "mbpfan", "verbose"], "readOnly": false, "type": "boolean"}, "services.mchprs.dataDir": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mchprs\""}, "description": "Directory to store MCHPRS database and other state/data files.\n", "loc": ["services", "mchprs", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mchprs.declarativeSettings": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use a declarative configuration for MCHPRS.\n", "loc": ["services", "mchprs", "declarativeSettings"], "readOnly": false, "type": "boolean"}, "services.mchprs.declarativeWhitelist": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use a declarative whitelist.\nThe options {option}`services.mchprs.whitelist.list`\nwill be applied if and only if set to `true`.\n", "loc": ["services", "mchprs", "declarativeWhitelist"], "readOnly": false, "type": "boolean"}, "services.mchprs.enable": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MCHPRS, a Minecraft server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mchprs", "enable"], "readOnly": false, "type": "boolean"}, "services.mchprs.maxRuntime": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "\"infinity\""}, "description": "Automatically restart the server after\n{option}`services.mchprs.maxRuntime`.\nThe {manpage}`systemd.time(7)` time span format is described here:\n<https://www.freedesktop.org/software/systemd/man/systemd.time.html#Parsing%20Time%20Spans>.\nIf `null`, then the server is not restarted automatically.\n", "example": {"_type": "literalExpression", "text": "\"7d\""}, "loc": ["services", "mchprs", "maxRuntime"], "readOnly": false, "type": "string"}, "services.mchprs.openFirewall": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the server.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.mchprs.package": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mchprs"}, "description": "The mchprs package to use.", "loc": ["services", "mchprs", "package"], "readOnly": false, "type": "package"}, "services.mchprs.settings": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for MCHPRS via {file}`Config.toml`.\nSee <https://github.com/MCHPR/MCHPRS/blob/master/README.md> for documentation.\n", "loc": ["services", "mchprs", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.mchprs.settings.address": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address for the server.\nPlease use enclosing square brackets when using ipv6.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "address"], "readOnly": false, "type": "string"}, "services.mchprs.settings.auto_redpiler": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use redpiler automatically.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "auto_redpiler"], "readOnly": false, "type": "boolean"}, "services.mchprs.settings.block_in_hitbox": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow placing blocks inside of players\n(hitbox logic is simplified).\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "block_in_hitbox"], "readOnly": false, "type": "boolean"}, "services.mchprs.settings.bungeecord": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable compatibility with\n[BungeeCord](https://github.com/SpigotMC/BungeeCord).\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "bungeecord"], "readOnly": false, "type": "boolean"}, "services.mchprs.settings.chat_format": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "\"<{username}> {message}\""}, "description": "How to format chat message interpolating `username`\nand `message` with curly braces.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "chat_format"], "readOnly": false, "type": "string"}, "services.mchprs.settings.max_players": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "99999"}, "description": "Maximum number of simultaneous players.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "max_players"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.mchprs.settings.motd": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "\"Minecraft High Performance Redstone Server\""}, "description": "Message of the day.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "motd"], "readOnly": false, "type": "string"}, "services.mchprs.settings.port": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "25565"}, "description": "Port for the server.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mchprs.settings.schemati": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Mimic the verification and directory layout used by the\nOpen Redstone Engineers\n[Schemati plugin](https://github.com/OpenRedstoneEngineers/Schemati).\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "schemati"], "readOnly": false, "type": "boolean"}, "services.mchprs.settings.view_distance": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Maximal distance (in chunks) between players and loaded chunks.\nOnly has effect when\n{option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "settings", "view_distance"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.mchprs.whitelist.enable": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not the whitelist (in {file}`whitelist.json`) shoud be enabled.\nOnly has effect when {option}`services.mchprs.declarativeSettings` is `true`.\n", "loc": ["services", "mchprs", "whitelist", "enable"], "readOnly": false, "type": "boolean"}, "services.mchprs.whitelist.list": {"declarations": ["nixos/modules/services/games/mchprs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Whitelisted players, only has an effect when\n{option}`services.mchprs.declarativeWhitelist` is\n`true` and the whitelist is enabled\nvia {option}`services.mchprs.whitelist.enable`.\nThis is a mapping from Minecraft usernames to UUIDs.\nYou can use <https://mcuuid.net/> to get a\nMinecraft UUID for a username.\n", "example": {"_type": "literalExpression", "text": "{\n  username1 = \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\";\n  username2 = \"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy\";\n};\n"}, "loc": ["services", "mchprs", "whitelist", "list"], "readOnly": false, "type": "attribute set of Minecraft UUID"}, "services.mealie.credentialsFile": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD`\nor sensitive LDAP options.\n\nExpects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/mealie-credentials.env\""}, "loc": ["services", "mealie", "credentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.mealie.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local PostgreSQL database server for Mealie.\n", "loc": ["services", "mealie", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.mealie.enable": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mealie, a recipe manager and meal planner.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mealie", "enable"], "readOnly": false, "type": "boolean"}, "services.mealie.extraOptions": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies extra command line arguments to pass to mealie (Gunicorn).\n", "example": {"_type": "literalExpression", "text": "[\n  \"--log-level\"\n  \"debug\"\n]"}, "loc": ["services", "mealie", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.mealie.listenAddress": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address on which the service should listen.", "loc": ["services", "mealie", "listenAddress"], "readOnly": false, "type": "string"}, "services.mealie.package": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mealie"}, "description": "The mealie package to use.", "loc": ["services", "mealie", "package"], "readOnly": false, "type": "package"}, "services.mealie.port": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "Port on which to serve the Mealie service.", "loc": ["services", "mealie", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mealie.settings": {"declarations": ["nixos/modules/services/web-apps/mealie.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of the Mealie service.\n\nSee [the mealie documentation](https://nightly.mealie.io/documentation/getting-started/installation/backend-config/) for available options and default values.\n", "example": {"_type": "literalExpression", "text": "{\n  ALLOW_SIGNUP = \"false\";\n}"}, "loc": ["services", "mealie", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.mediagoblin.createDatabaseLocally": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure a local postgres database and connect to it.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "mediagoblin", "createDatabaseLocally"], "readOnly": false, "type": "boolean"}, "services.mediagoblin.domain": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "description": "Domain under which mediagoblin will be served.", "example": {"_type": "literalExpression", "text": "\"mediagoblin.example.com\""}, "loc": ["services", "mediagoblin", "domain"], "readOnly": false, "type": "string"}, "services.mediagoblin.enable": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MediaGoblin.\n\nAfter the initial deployment, make sure to add an admin account:\n```\nmediagoblin-gmg adduser --username admin --email admin@example.com\nmediagoblin-gmg makeadmin admin\n```\n", "loc": ["services", "mediagoblin", "enable"], "readOnly": false, "type": "boolean"}, "services.mediagoblin.package": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mediagoblin"}, "description": "The mediagoblin package to use.", "loc": ["services", "mediagoblin", "package"], "readOnly": false, "type": "package"}, "services.mediagoblin.paste.port": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "6543"}, "description": "Port under which paste will listen.", "loc": ["services", "mediagoblin", "paste", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mediagoblin.paste.settings": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings which are written into `paste.ini`.", "loc": ["services", "mediagoblin", "paste", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.mediagoblin.pluginPackages": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugins to add to the environment of MediaGoblin. They still need to be enabled in the config.", "loc": ["services", "mediagoblin", "pluginPackages"], "readOnly": false, "type": "list of package"}, "services.mediagoblin.settings": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings which are written into `mediagoblin.ini`.", "loc": ["services", "mediagoblin", "settings"], "readOnly": false, "type": "open submodule of anything"}, "services.mediagoblin.settings.mediagoblin.allow_registration": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable user self registration. This is generally not recommend due to spammers.\nSee [upstream FAQ](https://docs.mediagoblin.org/en/stable/siteadmin/production-deployments.html#should-i-keep-open-registration-enabled).\n", "loc": ["services", "mediagoblin", "settings", "mediagoblin", "allow_registration"], "readOnly": false, "type": "boolean"}, "services.mediagoblin.settings.mediagoblin.email_debug_mode": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disable email debug mode to start sending outgoing mails.\nThis requires configuring SMTP settings,\nsee the [upstream docs](https://docs.mediagoblin.org/en/stable/siteadmin/configuration.html#enabling-email-notifications)\nfor details.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "mediagoblin", "settings", "mediagoblin", "email_debug_mode"], "readOnly": false, "type": "boolean"}, "services.mediagoblin.settings.mediagoblin.email_sender_address": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "description": "Email address which notices are sent from.", "example": {"_type": "literalExpression", "text": "\"noreply@example.org\""}, "loc": ["services", "mediagoblin", "settings", "mediagoblin", "email_sender_address"], "readOnly": false, "type": "string"}, "services.mediagoblin.settings.mediagoblin.plugins": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    \"mediagoblin.plugins.geolocation\" = { };\n    \"mediagoblin.plugins.processing_info\" = { };\n    \"mediagoblin.plugins.basic_auth\" = { };\n    \"mediagoblin.media_types.image\" = { };\n  }\n''"}, "description": "Plugins to enable. See [upstream docs](https://docs.mediagoblin.org/en/stable/siteadmin/plugins.html) for details.\nExtra dependencies are automatically enabled.\n", "loc": ["services", "mediagoblin", "settings", "mediagoblin", "plugins"], "readOnly": false, "type": "unspecified value"}, "services.mediagoblin.settings.mediagoblin.sql_engine": {"declarations": ["nixos/modules/services/web-apps/mediagoblin.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:///var/lib/mediagoblin/mediagoblin.db\""}, "description": "Database to use.", "example": {"_type": "literalExpression", "text": "\"postgresql:///mediagoblin\""}, "loc": ["services", "mediagoblin", "settings", "mediagoblin", "sql_engine"], "readOnly": false, "type": "string"}, "services.mediamtx.allowVideoAccess": {"declarations": ["nixos/modules/services/video/mediamtx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable access to video devices like cameras on the system\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mediamtx", "allowVideoAccess"], "readOnly": false, "type": "boolean"}, "services.mediamtx.enable": {"declarations": ["nixos/modules/services/video/mediamtx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MediaMTX.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mediamtx", "enable"], "readOnly": false, "type": "boolean"}, "services.mediamtx.env": {"declarations": ["nixos/modules/services/video/mediamtx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for MediaMTX", "example": {"_type": "literalExpression", "text": "{\n  MTX_CONFKEY = \"mykey\";\n}"}, "loc": ["services", "mediamtx", "env"], "readOnly": false, "type": "attribute set of anything"}, "services.mediamtx.package": {"declarations": ["nixos/modules/services/video/mediamtx.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mediamtx"}, "description": "The mediamtx package to use.", "loc": ["services", "mediamtx", "package"], "readOnly": false, "type": "package"}, "services.mediamtx.settings": {"declarations": ["nixos/modules/services/video/mediamtx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for MediaMTX. Refer to the defaults at\n<https://github.com/bluenviron/mediamtx/blob/main/mediamtx.yml>.\n", "example": {"_type": "literalExpression", "text": "{\n  paths = {\n    cam = {\n      runOnInit = \"\\${lib.getExe pkgs.ffmpeg} -f v4l2 -i /dev/video0 -f rtsp rtsp://localhost:$RTSP_PORT/$RTSP_PATH\";\n      runOnInitRestart = true;\n    };\n  };\n}"}, "loc": ["services", "mediamtx", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.mediatomb.customCfg": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow the service to create and use its own config file inside the `dataDir` as\nconfigured by {option}`services.mediatomb.dataDir`.\nDeactivated by default, the service then runs with the configuration generated from this module.\nOtherwise, when enabled, no service configuration is generated. Gerbera/Mediatomb then starts using\nconfig.xml within the configured `dataDir`. It's up to the user to make a correct\nconfiguration file.\n", "loc": ["services", "mediatomb", "customCfg"], "readOnly": false, "type": "boolean"}, "services.mediatomb.dataDir": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/${config.services.mediatomb.package.pname}\""}, "description": "The directory where Gerbera/Mediatomb stores its state, data, etc.\n", "loc": ["services", "mediatomb", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mediatomb.dsmSupport": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable D-Link DSM 320 specific tweaks.\nWARNING: incompatible with ps3 support.\n", "loc": ["services", "mediatomb", "dsmSupport"], "readOnly": false, "type": "boolean"}, "services.mediatomb.enable": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Gerbera/Mediatomb DLNA server.\n", "loc": ["services", "mediatomb", "enable"], "readOnly": false, "type": "boolean"}, "services.mediatomb.group": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "\"mediatomb\""}, "description": "Group account under which the service runs.", "loc": ["services", "mediatomb", "group"], "readOnly": false, "type": "string"}, "services.mediatomb.interface": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A specific interface to bind to.\n", "loc": ["services", "mediatomb", "interface"], "readOnly": false, "type": "string"}, "services.mediatomb.mediaDirectories": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Declare media directories to index.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    hidden-files = false;\n    path = \"/data/pictures\";\n    recursive = false;\n  }\n  {\n    hidden-files = false;\n    path = \"/data/audio\";\n    recursive = true;\n  }\n]"}, "loc": ["services", "mediatomb", "mediaDirectories"], "readOnly": false, "type": "list of (submodule)"}, "services.mediatomb.mediaDirectories.*.hidden-files": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to index the hidden files or not.", "loc": ["services", "mediatomb", "mediaDirectories", "*", "hidden-files"], "readOnly": false, "type": "boolean"}, "services.mediatomb.mediaDirectories.*.path": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "description": "Absolute directory path to the media directory to index.\n", "loc": ["services", "mediatomb", "mediaDirectories", "*", "path"], "readOnly": false, "type": "string"}, "services.mediatomb.mediaDirectories.*.recursive": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the indexation must take place recursively or not.", "loc": ["services", "mediatomb", "mediaDirectories", "*", "recursive"], "readOnly": false, "type": "boolean"}, "services.mediatomb.openFirewall": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If false (the default), this is up to the user to declare the firewall rules.\nIf true, this opens port 1900 (tcp and udp) and the port specified by\n{option}`sercvices.mediatomb.port`.\n\nIf the option {option}`services.mediatomb.interface` is set,\nthe firewall rules opened are dedicated to that interface. Otherwise,\nthose rules are opened globally.\n", "loc": ["services", "mediatomb", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.mediatomb.package": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gerbera"}, "description": "The gerbera package to use.", "loc": ["services", "mediatomb", "package"], "readOnly": false, "type": "package"}, "services.mediatomb.pcDirectoryHide": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to list the top-level directory or not (from upnp client standpoint).\n", "loc": ["services", "mediatomb", "pcDirectoryHide"], "readOnly": false, "type": "boolean"}, "services.mediatomb.port": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "49152"}, "description": "The network port to listen on.\n", "loc": ["services", "mediatomb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mediatomb.ps3Support": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ps3 specific tweaks.\nWARNING: incompatible with DSM 320 support.\n", "loc": ["services", "mediatomb", "ps3Support"], "readOnly": false, "type": "boolean"}, "services.mediatomb.serverName": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "\"Gerbera (Mediatomb)\""}, "description": "How to identify the server on the network.\n", "loc": ["services", "mediatomb", "serverName"], "readOnly": false, "type": "string"}, "services.mediatomb.tg100Support": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Telegent TG100 specific tweaks.\n", "loc": ["services", "mediatomb", "tg100Support"], "readOnly": false, "type": "boolean"}, "services.mediatomb.transcoding": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable transcoding.\n", "loc": ["services", "mediatomb", "transcoding"], "readOnly": false, "type": "boolean"}, "services.mediatomb.user": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "\"mediatomb\""}, "description": "User account under which the service runs.", "loc": ["services", "mediatomb", "user"], "readOnly": false, "type": "string"}, "services.mediatomb.uuid": {"declarations": ["nixos/modules/services/misc/mediatomb.nix"], "default": {"_type": "literalExpression", "text": "\"fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687\""}, "description": "A unique (on your network) to identify the server by.\n", "loc": ["services", "mediatomb", "uuid"], "readOnly": false, "type": "string"}, "services.mediawiki.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.\nThis currently only applies if database type \"mysql\" or \"postgres\" is selected.\n", "loc": ["services", "mediawiki", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.mediawiki.database.host": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "mediawiki", "database", "host"], "readOnly": false, "type": "string"}, "services.mediawiki.database.name": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"mediawiki\""}, "description": "Database name.", "loc": ["services", "mediawiki", "database", "name"], "readOnly": false, "type": "string"}, "services.mediawiki.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/mediawiki-dbpassword\""}, "loc": ["services", "mediawiki", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mediawiki.database.port": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "mediawiki", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mediawiki.database.socket": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "loc": ["services", "mediawiki", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.mediawiki.database.tablePrefix": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If you only have access to a single database and wish to install more than\none version of MediaWiki, or have other applications that also use the\ndatabase, you can give the table names a unique prefix to stop any naming\nconflicts or confusion.\nSee <https://www.mediawiki.org/wiki/Manual:$wgDBprefix>.\n", "loc": ["services", "mediawiki", "database", "tablePrefix"], "readOnly": false, "type": "null or string"}, "services.mediawiki.database.type": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers.", "loc": ["services", "mediawiki", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"postgres\", \"mssql\", \"oracle\""}, "services.mediawiki.database.user": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"mediawiki\""}, "description": "Database user.", "loc": ["services", "mediawiki", "database", "user"], "readOnly": false, "type": "string"}, "services.mediawiki.enable": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MediaWiki.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mediawiki", "enable"], "readOnly": false, "type": "boolean"}, "services.mediawiki.extensions": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of paths whose content is copied to the {file}`extensions`\nsubdirectory of the MediaWiki installation and enabled in configuration.\n\nUse `null` instead of path to enable extensions that are part of MediaWiki.\n", "example": {"_type": "literalExpression", "text": "{\n  Matomo = pkgs.fetchzip {\n    url = \"https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz\";\n    sha256 = \"0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b\";\n  };\n  ParserFunctions = null;\n}\n"}, "loc": ["services", "mediawiki", "extensions"], "readOnly": false, "type": "attribute set of (null or absolute path)"}, "services.mediawiki.extraConfig": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional text to be appended to MediaWiki's\nLocalSettings.php configuration file. For configuration\nsettings, see <https://www.mediawiki.org/wiki/Manual:Configuration_settings>.\n", "example": {"_type": "literalExpression", "text": "''\n  $wgEnableEmail = false;\n''"}, "loc": ["services", "mediawiki", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mediawiki.finalPackage": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "pkg"}, "description": "The final package used by the module. This is the package that will have extensions and skins installed.\n", "loc": ["services", "mediawiki", "finalPackage"], "readOnly": true, "type": "package"}, "services.mediawiki.httpd.virtualHost": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "description": "Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`.\nSee [](#opt-services.httpd.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{\n  hostName = \"mediawiki.example.org\";\n  adminAddr = \"webmaster@example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "mediawiki", "httpd", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.mediawiki.httpd.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.mediawiki.httpd.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.mediawiki.httpd.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.mediawiki.httpd.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mediawiki.httpd.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.mediawiki.httpd.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "mediawiki", "httpd", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.mediawiki.httpd.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.mediawiki.httpd.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "mediawiki", "httpd", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.mediawiki.httpd.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "description": "Port to listen on", "loc": ["services", "mediawiki", "httpd", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mediawiki.httpd.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "mediawiki", "httpd", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.mediawiki.httpd.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mediawiki.httpd.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.mediawiki.httpd.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mediawiki.httpd.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.mediawiki.httpd.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.mediawiki.httpd.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.mediawiki.httpd.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.mediawiki.httpd.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mediawiki.httpd.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.mediawiki.httpd.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.mediawiki.httpd.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.mediawiki.httpd.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.mediawiki.httpd.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.mediawiki.httpd.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "mediawiki", "httpd", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.mediawiki.httpd.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "mediawiki", "httpd", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.mediawiki.name": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"MediaWiki\""}, "description": "Name of the wiki.", "example": {"_type": "literalExpression", "text": "\"Foobar Wiki\""}, "loc": ["services", "mediawiki", "name"], "readOnly": false, "type": "string"}, "services.mediawiki.nginx.hostName": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The hostname to use for the nginx virtual host.\nThis is used to generate the nginx configuration.\n", "example": {"_type": "literalExpression", "text": "wiki.example.com"}, "loc": ["services", "mediawiki", "nginx", "hostName"], "readOnly": false, "type": "string"}, "services.mediawiki.package": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mediawiki"}, "description": "The mediawiki package to use.", "loc": ["services", "mediawiki", "package"], "readOnly": false, "type": "package"}, "services.mediawiki.passwordFile": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "description": "A file containing the initial password for the administrator account \"admin\".\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/mediawiki-password\""}, "loc": ["services", "mediawiki", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.mediawiki.passwordSender": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "if cfg.webserver == \"apache\" then\n  if cfg.httpd.virtualHost.adminAddr != null then\n    cfg.httpd.virtualHost.adminAddr\n  else\n    config.services.httpd.adminAddr else \"root@localhost\"\n"}, "description": "Contact address for password reset.", "loc": ["services", "mediawiki", "passwordSender"], "readOnly": false, "type": "string"}, "services.mediawiki.path": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ diffutils imagemagick ]"}, "description": "Extra packages to add to the PATH of phpfpm-pool.", "example": {"_type": "literalExpression", "text": "with pkgs; [ librsvg ]"}, "loc": ["services", "mediawiki", "path"], "readOnly": false, "type": "list of package"}, "services.mediawiki.phpPackage": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php"}, "description": "The php package to use.", "loc": ["services", "mediawiki", "phpPackage"], "readOnly": false, "type": "package"}, "services.mediawiki.poolConfig": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the MediaWiki PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "mediawiki", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.mediawiki.skins": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of paths whose content is copied to the {file}`skins`\nsubdirectory of the MediaWiki installation in addition to the default skins.\n", "loc": ["services", "mediawiki", "skins"], "readOnly": false, "type": "attribute set of absolute path"}, "services.mediawiki.uploadsDir": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mediawiki/uploads\""}, "description": "This directory is used for uploads of pictures. The directory passed here is automatically\ncreated and permissions adjusted as required.\n", "loc": ["services", "mediawiki", "uploadsDir"], "readOnly": false, "type": "null or absolute path"}, "services.mediawiki.url": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "''\n  if \"mediawiki uses ssl\" then \"{\"https\" else \"http\"}://''${cfg.hostName}\" else \"http://localhost\";\n''"}, "description": "URL of the wiki.", "example": {"_type": "literalExpression", "text": "\"https://wiki.example.org\""}, "loc": ["services", "mediawiki", "url"], "readOnly": false, "type": "string"}, "services.mediawiki.webserver": {"declarations": ["nixos/modules/services/web-apps/mediawiki.nix"], "default": {"_type": "literalExpression", "text": "\"apache\""}, "description": "Webserver to use.", "loc": ["services", "mediawiki", "webserver"], "readOnly": false, "type": "one of \"apache\", \"none\", \"nginx\""}, "services.meilisearch.enable": {"declarations": ["nixos/modules/services/search/meilisearch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Meilisearch - a RESTful search API.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "meilisearch", "enable"], "readOnly": false, "type": "boolean"}, "services.meilisearch.listenAddress": {"declarations": ["nixos/modules/services/search/meilisearch.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The IP address that Meilisearch will listen on.\n\nIt can also be a hostname like \"localhost\". If it resolves to an IPv4 and IPv6 address, Meilisearch will listen on both.\n", "loc": ["services", "meilisearch", "listenAddress"], "readOnly": false, "type": "string"}, "services.meilisearch.listenPort": {"declarations": ["nixos/modules/services/search/meilisearch.nix"], "default": {"_type": "literalExpression", "text": "7700"}, "description": "The port that Meilisearch will listen on.\n", "loc": ["services", "meilisearch", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.meilisearch.masterKeyFile": {"declarations": ["nixos/modules/services/search/meilisearch.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file which contains the master key.\nBy doing so, all routes will be protected and will require a key to be accessed.\nIf no master key is provided, all routes can be accessed without requiring any key.\n", "loc": ["services", "meilisearch", "masterKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.meilisearch.package": {"declarations": ["nixos/modules/services/search/meilisearch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.meilisearch"}, "description": "The meilisearch package to use. Use this if you require specific features to be enabled. The default package has no features.\n", "loc": ["services", "meilisearch", "package"], "readOnly": false, "type": "package"}, "services.meilisearch.settings": {"declarations": ["nixos/modules/services/search/meilisearch.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration settings for Meilisearch.\nLook at the documentation for available options:\nhttps://github.com/meilisearch/meilisearch/blob/main/config.toml\nhttps://www.meilisearch.com/docs/learn/self_hosted/configure_meilisearch_at_launch#all-instance-options\n", "loc": ["services", "meilisearch", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.memcached.enable": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Memcached.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "memcached", "enable"], "readOnly": false, "type": "boolean"}, "services.memcached.enableUnixSocket": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Unix Domain Socket at /run/memcached/memcached.sock instead of listening on an IP address and port. The `listen` and `port` options are ignored.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "memcached", "enableUnixSocket"], "readOnly": false, "type": "boolean"}, "services.memcached.extraOptions": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra options that will be added as a suffix when running memcached.", "loc": ["services", "memcached", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.memcached.listen": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP address to bind to.", "loc": ["services", "memcached", "listen"], "readOnly": false, "type": "string"}, "services.memcached.maxConnections": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "The maximum number of simultaneous connections.", "loc": ["services", "memcached", "maxConnections"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.memcached.maxMemory": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "64"}, "description": "The maximum amount of memory to use for storage, in MiB (1024\u00d71024 bytes).", "loc": ["services", "memcached", "maxMemory"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.memcached.port": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "11211"}, "description": "The port to bind to.", "loc": ["services", "memcached", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.memcached.user": {"declarations": ["nixos/modules/services/databases/memcached.nix"], "default": {"_type": "literalExpression", "text": "\"memcached\""}, "description": "The user to run Memcached as", "loc": ["services", "memcached", "user"], "readOnly": false, "type": "string"}, "services.meme-bingo-web.address": {"declarations": ["nixos/modules/services/web-apps/meme-bingo-web.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address the webserver will bind to.\n", "example": {"_type": "literalExpression", "text": "\"::\""}, "loc": ["services", "meme-bingo-web", "address"], "readOnly": false, "type": "string"}, "services.meme-bingo-web.baseUrl": {"declarations": ["nixos/modules/services/web-apps/meme-bingo-web.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:41678/\""}, "description": "URL to be used for the HTML \\<base\\> element on all HTML routes.\n", "example": {"_type": "literalExpression", "text": "\"https://bingo.example.com/\""}, "loc": ["services", "meme-bingo-web", "baseUrl"], "readOnly": false, "type": "string"}, "services.meme-bingo-web.enable": {"declarations": ["nixos/modules/services/web-apps/meme-bingo-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a web app for the meme bingo, rendered entirely on the web server and made interactive with forms.\n\nNote: The application's author suppose to run meme-bingo-web behind a reverse proxy for SSL and HTTP/3\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "meme-bingo-web", "enable"], "readOnly": false, "type": "boolean"}, "services.meme-bingo-web.openFirewall": {"declarations": ["nixos/modules/services/web-apps/meme-bingo-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Opens the specified port in the firewall.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "meme-bingo-web", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.meme-bingo-web.package": {"declarations": ["nixos/modules/services/web-apps/meme-bingo-web.nix"], "default": {"_type": "literalExpression", "text": "pkgs.meme-bingo-web"}, "description": "The meme-bingo-web package to use.", "loc": ["services", "meme-bingo-web", "package"], "readOnly": false, "type": "package"}, "services.meme-bingo-web.port": {"declarations": ["nixos/modules/services/web-apps/meme-bingo-web.nix"], "default": {"_type": "literalExpression", "text": "41678"}, "description": "Port to be used for the web server.\n", "example": {"_type": "literalExpression", "text": "21035"}, "loc": ["services", "meme-bingo-web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.memos.dataDir": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/memos/\""}, "description": "Specifies the directory where Memos will store its data.\n\n::: {.note}\nIt will be automatically created with the permissions of [{option}`services.memos.user`](#opt-services.memos.user) and [{option}`services.memos.group`](#opt-services.memos.group).\n:::\n", "loc": ["services", "memos", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.memos.enable": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Memos note-taking.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "memos", "enable"], "readOnly": false, "type": "boolean"}, "services.memos.environmentFile": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalMD", "text": "generated from {option}`services.memos.settings`\n"}, "description": "The environment file to use when starting Memos.\n\n::: {.note}\nBy default, generated from [](opt-services.memos.settings).\n:::\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/memos/memos.env\""}, "loc": ["services", "memos", "environmentFile"], "readOnly": false, "type": "absolute path"}, "services.memos.group": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "\"memos\""}, "description": "The group to run Memos as.\n\n::: {.note}\nIf changing the default value, **you** are responsible of creating the corresponding group with [{option}`users.groups`](#opt-users.groups).\n:::\n", "loc": ["services", "memos", "group"], "readOnly": false, "type": "string"}, "services.memos.openFirewall": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "memos", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.memos.package": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "pkgs.memos"}, "description": "The Memos package to use.", "loc": ["services", "memos", "package"], "readOnly": false, "type": "package"}, "services.memos.settings": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "{\n  MEMOS_MODE = \"prod\";\n  MEMOS_ADDR = \"127.0.0.1\";\n  MEMOS_PORT = \"5230\";\n  MEMOS_DATA = config.services.memos.dataDir;\n  MEMOS_DRIVER = \"sqlite\";\n  MEMOS_INSTANCE_URL = \"http://localhost:5230\";\n}\n"}, "description": "The environment variables to configure Memos.\n\n::: {.note}\nAt time of writing, there is no clear documentation about possible values.\nIt's possible to convert CLI flags into these variables.\nExample : CLI flag \"--unix-sock\" converts to {env}`MEMOS_UNIX_SOCK`.\n:::\n", "loc": ["services", "memos", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string))"}, "services.memos.user": {"declarations": ["nixos/modules/services/misc/memos.nix"], "default": {"_type": "literalExpression", "text": "\"memos\""}, "description": "The user to run Memos as.\n\n::: {.note}\nIf changing the default value, **you** are responsible of creating the corresponding user with [{option}`users.users`](#opt-users.users).\n:::\n", "loc": ["services", "memos", "user"], "readOnly": false, "type": "string"}, "services.merecat.enable": {"declarations": ["nixos/modules/services/web-servers/merecat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Merecat HTTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "merecat", "enable"], "readOnly": false, "type": "boolean"}, "services.merecat.settings": {"declarations": ["nixos/modules/services/web-servers/merecat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Merecat configuration. Refer to {manpage}`merecat(8)` for details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  directory = \"/srv/www\";\n  hostname = \"localhost\";\n  port = 8080;\n  virtual-host = true;\n}"}, "loc": ["services", "merecat", "settings"], "readOnly": false, "type": "attribute set of (atom (null, bool, int, float or string))"}, "services.meshcentral.enable": {"declarations": ["nixos/modules/services/admin/meshcentral.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MeshCentral computer management server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "meshcentral", "enable"], "readOnly": false, "type": "boolean"}, "services.meshcentral.package": {"declarations": ["nixos/modules/services/admin/meshcentral.nix"], "default": {"_type": "literalExpression", "text": "pkgs.meshcentral"}, "description": "The meshcentral package to use.", "loc": ["services", "meshcentral", "package"], "readOnly": false, "type": "package"}, "services.meshcentral.settings": {"declarations": ["nixos/modules/services/admin/meshcentral.nix"], "description": "Settings for MeshCentral. Refer to upstream documentation for details:\n\n- [JSON Schema definition](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json)\n- [simple sample configuration](https://github.com/Ylianst/MeshCentral/blob/master/sample-config.json)\n- [complex sample configuration](https://github.com/Ylianst/MeshCentral/blob/master/sample-config-advanced.json)\n- [Old homepage with documentation link](https://www.meshcommander.com/meshcentral2)\n", "example": {"_type": "literalExpression", "text": "{\n  domains = {\n    \"\" = {\n      certUrl = \"https://meshcentral.example.com/\";\n    };\n  };\n  settings = {\n    Cert = \"meshcentral.example.com\";\n    Port = 4430;\n    TlsOffload = \"10.0.0.2,fd42::2\";\n    WANonly = true;\n  };\n}"}, "loc": ["services", "meshcentral", "settings"], "readOnly": false, "type": "open submodule of attribute set of (JSON value)"}, "services.meshtasticd.dataDir": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/meshtasticd\""}, "description": "The data directory.\n", "loc": ["services", "meshtasticd", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.meshtasticd.enable": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Meshtastic daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "meshtasticd", "enable"], "readOnly": false, "type": "boolean"}, "services.meshtasticd.group": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "default": {"_type": "literalExpression", "text": "\"meshtasticd\""}, "description": "Group meshtasticd runs as.", "loc": ["services", "meshtasticd", "group"], "readOnly": false, "type": "string"}, "services.meshtasticd.package": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.meshtasticd"}, "description": "The meshtasticd package to use.", "loc": ["services", "meshtasticd", "package"], "readOnly": false, "type": "package"}, "services.meshtasticd.port": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "default": {"_type": "literalExpression", "text": "4403"}, "description": "Port to listen on", "loc": ["services", "meshtasticd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.meshtasticd.settings": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "description": "The Meshtastic configuration file.\n\nAn example of configuration can be found at <https://github.com/meshtastic/firmware/blob/develop/bin/config-dist.yaml>\n", "example": {"_type": "literalExpression", "text": "Lora = {\n  Module = \"auto\";\n};\nWebserver = {\n  Port = 9443;\n  RootPath = pkgs.meshtastic-web;\n};\nGeneral = {\n  MaxNodes = 200;\n  MaxMessageQueue = 100;\n  MACAddressSource = \"eth0\";\n};\n"}, "loc": ["services", "meshtasticd", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.meshtasticd.user": {"declarations": ["nixos/modules/services/networking/meshtasticd.nix"], "default": {"_type": "literalExpression", "text": "\"meshtasticd\""}, "description": "User meshtasticd runs as.", "loc": ["services", "meshtasticd", "user"], "readOnly": false, "type": "string"}, "services.metabase.enable": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Metabase service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "metabase", "enable"], "readOnly": false, "type": "boolean"}, "services.metabase.listen.ip": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address that Metabase should listen on.\n", "loc": ["services", "metabase", "listen", "ip"], "readOnly": false, "type": "string"}, "services.metabase.listen.port": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Listen port for Metabase.\n", "loc": ["services", "metabase", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.metabase.openFirewall": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Metabase.\n", "loc": ["services", "metabase", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.metabase.package": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "pkgs.metabase"}, "description": "The metabase package to use.", "loc": ["services", "metabase", "package"], "readOnly": false, "type": "package"}, "services.metabase.ssl.enable": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.\n", "loc": ["services", "metabase", "ssl", "enable"], "readOnly": false, "type": "boolean"}, "services.metabase.ssl.keystore": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/metabase/metabase.jks\""}, "description": "[Java KeyStore](https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores) file containing the certificates.\n", "example": {"_type": "literalExpression", "text": "\"/etc/secrets/keystore.jks\""}, "loc": ["services", "metabase", "ssl", "keystore"], "readOnly": false, "type": "null or absolute path"}, "services.metabase.ssl.port": {"declarations": ["nixos/modules/services/misc/metabase.nix"], "default": {"_type": "literalExpression", "text": "8443"}, "description": "Listen port over SSL (https) for Metabase.\n", "loc": ["services", "metabase", "ssl", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.metricbeat.enable": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable metricbeat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "metricbeat", "enable"], "readOnly": false, "type": "boolean"}, "services.metricbeat.modules": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Metricbeat modules are responsible for reading metrics from the various sources.\n\nThis is like `services.metricbeat.settings.metricbeat.modules`,\nbut structured as an attribute set. This has the benefit that multiple\nNixOS modules can contribute settings to a single metricbeat module.\n\nA module can be specified multiple times by choosing a different `<name>`\nfor each, but setting [](#opt-services.metricbeat.modules._name_.module) to the same value.\n\nSee <https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  system = {\n    core = {\n      metrics = [\n        \"percentages\"\n      ];\n    };\n    cpu = {\n      metrics = [\n        \"percentages\"\n        \"normalized_percentages\"\n      ];\n    };\n    enabled = true;\n    metricsets = [\n      \"cpu\"\n      \"load\"\n      \"memory\"\n      \"network\"\n      \"process\"\n      \"process_summary\"\n      \"uptime\"\n      \"socket_summary\"\n    ];\n    period = \"10s\";\n    processes = [\n      \".*\"\n    ];\n  };\n}"}, "loc": ["services", "metricbeat", "modules"], "readOnly": false, "type": "attribute set of (open submodule of (YAML 1.1 value))"}, "services.metricbeat.modules.<name>.module": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the module.\n\nLook for the value after `module:` on the individual\nmodule pages linked from <https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html>.\n", "loc": ["services", "metricbeat", "modules", "<name>", "module"], "readOnly": false, "type": "string"}, "services.metricbeat.package": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.metricbeat"}, "description": "The metricbeat package to use.", "example": {"_type": "literalExpression", "text": "metricbeat7"}, "loc": ["services", "metricbeat", "package"], "readOnly": false, "type": "package"}, "services.metricbeat.settings": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for metricbeat. See <https://www.elastic.co/guide/en/beats/metricbeat/current/configuring-howto-metricbeat.html> for supported values.\n", "loc": ["services", "metricbeat", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.metricbeat.settings.name": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name of the beat. Defaults to the hostname.\nSee <https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_name>.\n", "loc": ["services", "metricbeat", "settings", "name"], "readOnly": false, "type": "string"}, "services.metricbeat.settings.tags": {"declarations": ["nixos/modules/services/monitoring/metricbeat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Tags to place on the shipped metrics.\nSee <https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_tags_2>.\n", "loc": ["services", "metricbeat", "settings", "tags"], "readOnly": false, "type": "list of string"}, "services.microbin.dataDir": {"declarations": ["nixos/modules/services/web-apps/microbin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/microbin\""}, "description": "Default data folder for MicroBin.", "loc": ["services", "microbin", "dataDir"], "readOnly": false, "type": "string"}, "services.microbin.enable": {"declarations": ["nixos/modules/services/web-apps/microbin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MicroBin is a super tiny, feature rich, configurable paste bin web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "microbin", "enable"], "readOnly": false, "type": "boolean"}, "services.microbin.package": {"declarations": ["nixos/modules/services/web-apps/microbin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.microbin"}, "description": "The microbin package to use.", "loc": ["services", "microbin", "package"], "readOnly": false, "type": "package"}, "services.microbin.passwordFile": {"declarations": ["nixos/modules/services/web-apps/microbin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing environment variables.\nUseful for passing down secrets.\nVariables that can be considered secrets are:\n - MICROBIN_BASIC_AUTH_USERNAME\n - MICROBIN_BASIC_AUTH_PASSWORD\n - MICROBIN_ADMIN_USERNAME\n - MICROBIN_ADMIN_PASSWORD\n - MICROBIN_UPLOADER_PASSWORD\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/microbin.env\""}, "loc": ["services", "microbin", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.microbin.settings": {"declarations": ["nixos/modules/services/web-apps/microbin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for MicroBin, see\n<https://microbin.eu/docs/installation-and-configuration/configuration/>\nfor supported values.\n\nFor secrets use passwordFile option instead.\n", "example": {"_type": "literalExpression", "text": "{\n  MICROBIN_HIDE_LOGO = false;\n  MICROBIN_PORT = 8080;\n}"}, "loc": ["services", "microbin", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string)"}, "services.microsocks.authOnce": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, once a specific ip address authed successfully with user/pass,\nit is added to a whitelist and may use the proxy without auth.\n", "loc": ["services", "microsocks", "authOnce"], "readOnly": false, "type": "boolean"}, "services.microsocks.authPasswordFile": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the password for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/microsocks-password\""}, "loc": ["services", "microsocks", "authPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.microsocks.authUsername": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional username to use for authentication.", "example": {"_type": "literalExpression", "text": "\"alice\""}, "loc": ["services", "microsocks", "authUsername"], "readOnly": false, "type": "null or string"}, "services.microsocks.disableLogging": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, microsocks will not log any messages to stdout/stderr.", "loc": ["services", "microsocks", "disableLogging"], "readOnly": false, "type": "boolean"}, "services.microsocks.enable": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tiny, portable SOCKS5 server with very moderate resource usage.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "microsocks", "enable"], "readOnly": false, "type": "boolean"}, "services.microsocks.execWrapper": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An optional command to prepend to the microsocks command (such as proxychains, or a VPN exclude command).\n", "example": {"_type": "literalExpression", "text": "''\n  ''${pkgs.mullvad-vpn}/bin/mullvad-exclude\n''"}, "loc": ["services", "microsocks", "execWrapper"], "readOnly": false, "type": "null or string"}, "services.microsocks.group": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "\"microsocks\""}, "description": "Group microsocks runs as.", "loc": ["services", "microsocks", "group"], "readOnly": false, "type": "string"}, "services.microsocks.ip": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP on which microsocks should listen. Defaults to 127.0.0.1 for\nsecurity reasons.\n", "loc": ["services", "microsocks", "ip"], "readOnly": false, "type": "string"}, "services.microsocks.outgoingBindIp": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies which ip outgoing connections are bound to", "loc": ["services", "microsocks", "outgoingBindIp"], "readOnly": false, "type": "null or string"}, "services.microsocks.package": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "pkgs.microsocks"}, "description": "The microsocks package to use.", "loc": ["services", "microsocks", "package"], "readOnly": false, "type": "package"}, "services.microsocks.port": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "1080"}, "description": "Port on which microsocks should listen.", "loc": ["services", "microsocks", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.microsocks.user": {"declarations": ["nixos/modules/services/networking/microsocks.nix"], "default": {"_type": "literalExpression", "text": "\"microsocks\""}, "description": "User microsocks runs as.", "loc": ["services", "microsocks", "user"], "readOnly": false, "type": "string"}, "services.mighttpd2.config": {"declarations": ["nixos/modules/services/web-servers/mighttpd2.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim config file to use\n(see <https://kazu-yamamoto.github.io/mighttpd2/config.html>)\n", "example": {"_type": "literalExpression", "text": "''\n  # Example configuration for Mighttpd 2\n  Port: 80\n  # IP address or \"*\"\n  Host: *\n  Debug_Mode: Yes # Yes or No\n  # If available, \"nobody\" is much more secure for User:.\n  User: root\n  # If available, \"nobody\" is much more secure for Group:.\n  Group: root\n  Pid_File: /run/mighty.pid\n  Logging: Yes # Yes or No\n  Log_File: /var/log/mighty # The directory must be writable by User:\n  Log_File_Size: 16777216 # bytes\n  Log_Backup_Number: 10\n  Index_File: index.html\n  Index_Cgi: index.cgi\n  Status_File_Dir: /usr/local/share/mighty/status\n  Connection_Timeout: 30 # seconds\n  Fd_Cache_Duration: 10 # seconds\n  # Server_Name: Mighttpd/3.x.y\n  Tls_Port: 443\n  Tls_Cert_File: cert.pem # should change this with an absolute path\n  # should change this with comma-separated absolute paths\n  Tls_Chain_Files: chain.pem\n  # Currently, Tls_Key_File must not be encrypted.\n  Tls_Key_File: privkey.pem # should change this with an absolute path\n  Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both\n''"}, "loc": ["services", "mighttpd2", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mighttpd2.cores": {"declarations": ["nixos/modules/services/web-servers/mighttpd2.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How many cores to use.\nIf null it will be determined automatically\n", "loc": ["services", "mighttpd2", "cores"], "readOnly": false, "type": "null or signed integer"}, "services.mighttpd2.enable": {"declarations": ["nixos/modules/services/web-servers/mighttpd2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mighttpd2 web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mighttpd2", "enable"], "readOnly": false, "type": "boolean"}, "services.mighttpd2.routing": {"declarations": ["nixos/modules/services/web-servers/mighttpd2.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim routing file to use\n(see <https://kazu-yamamoto.github.io/mighttpd2/config.html>)\n", "example": {"_type": "literalExpression", "text": "''\n  # Example routing for Mighttpd 2\n  \n  # Domain lists\n  [localhost www.example.com]\n  \n  # Entries are looked up in the specified order\n  # All paths must end with \"/\"\n  \n  # A path to CGI scripts should be specified with \"=>\"\n  /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/\n  \n  # A path to static files should be specified with \"->\"\n  /~alice/         -> /home/alice/public_html/\n  /cgi-bin/        => /export/cgi-bin/\n  \n  # Reverse proxy rules should be specified with \">>\"\n  # /path >> host:port/path2\n  # Either \"host\" or \":port\" can be committed, but not both.\n  /app/cal/        >> example.net/calendar/\n  # Yesod app in the same server\n  /app/wiki/       >> 127.0.0.1:3000/\n  \n  /                -> /export/www/\n''"}, "loc": ["services", "mighttpd2", "routing"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mihomo.configFile": {"declarations": ["nixos/modules/services/networking/mihomo.nix"], "description": "Configuration file to use.", "loc": ["services", "mihomo", "configFile"], "readOnly": false, "type": "absolute path"}, "services.mihomo.enable": {"declarations": ["nixos/modules/services/networking/mihomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mihomo, A rule-based proxy in Go.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mihomo", "enable"], "readOnly": false, "type": "boolean"}, "services.mihomo.extraOpts": {"declarations": ["nixos/modules/services/networking/mihomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra command line options to use.", "loc": ["services", "mihomo", "extraOpts"], "readOnly": false, "type": "null or string"}, "services.mihomo.package": {"declarations": ["nixos/modules/services/networking/mihomo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mihomo"}, "description": "The mihomo package to use.", "loc": ["services", "mihomo", "package"], "readOnly": false, "type": "package"}, "services.mihomo.tunMode": {"declarations": ["nixos/modules/services/networking/mihomo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable necessary permission for Mihomo's systemd service for TUN mode to function properly.\n\nKeep in mind, that you still need to enable TUN mode manually in Mihomo's configuration\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mihomo", "tunMode"], "readOnly": false, "type": "boolean"}, "services.mihomo.webui": {"declarations": ["nixos/modules/services/networking/mihomo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Local web interface to use.\n\nYou can also use the following website:\n- metacubexd:\n  - <https://d.metacubex.one>\n  - <https://metacubex.github.io/metacubexd>\n  - <https://metacubexd.pages.dev>\n- yacd:\n  - <https://yacd.haishan.me>\n- clash-dashboard:\n  - <https://clash.razord.top>\n", "example": {"_type": "literalExpression", "text": "pkgs.metacubexd"}, "loc": ["services", "mihomo", "webui"], "readOnly": false, "type": "null or absolute path"}, "services.mimir.configFile": {"declarations": ["nixos/modules/services/monitoring/mimir.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a configuration file that Mimir should use.\n", "loc": ["services", "mimir", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.mimir.configuration": {"declarations": ["nixos/modules/services/monitoring/mimir.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify the configuration for Mimir in Nix.\n", "loc": ["services", "mimir", "configuration"], "readOnly": false, "type": "JSON value"}, "services.mimir.enable": {"declarations": ["nixos/modules/services/monitoring/mimir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mimir.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mimir", "enable"], "readOnly": false, "type": "boolean"}, "services.mimir.extraFlags": {"declarations": ["nixos/modules/services/monitoring/mimir.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify a list of additional command line flags,\nwhich get escaped and are then passed to Mimir.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--config.expand-env=true\"\n]"}, "loc": ["services", "mimir", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.mimir.package": {"declarations": ["nixos/modules/services/monitoring/mimir.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mimir"}, "description": "The mimir package to use.", "loc": ["services", "mimir", "package"], "readOnly": false, "type": "package"}, "services.minecraft-server.dataDir": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/minecraft\""}, "description": "Directory to store Minecraft database and other state/data files.\n", "loc": ["services", "minecraft-server", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.minecraft-server.declarative": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use a declarative Minecraft server configuration.\nOnly if set to `true`, the options\n{option}`services.minecraft-server.whitelist` and\n{option}`services.minecraft-server.serverProperties` will be\napplied.\n", "loc": ["services", "minecraft-server", "declarative"], "readOnly": false, "type": "boolean"}, "services.minecraft-server.enable": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, start a Minecraft Server. The server\ndata will be loaded from and saved to\n{option}`services.minecraft-server.dataDir`.\n", "loc": ["services", "minecraft-server", "enable"], "readOnly": false, "type": "boolean"}, "services.minecraft-server.eula": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether you agree to [Mojangs EULA](https://www.minecraft.net/eula).\nThis option must be set to `true` to run Minecraft server.\n", "loc": ["services", "minecraft-server", "eula"], "readOnly": false, "type": "boolean"}, "services.minecraft-server.jvmOpts": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "\"-Xmx2048M -Xms2048M\""}, "description": "JVM options for the Minecraft server.", "example": {"_type": "literalExpression", "text": "\"-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10\""}, "loc": ["services", "minecraft-server", "jvmOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.minecraft-server.openFirewall": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the server.\n", "loc": ["services", "minecraft-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.minecraft-server.package": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.minecraft-server"}, "description": "The minecraft-server package to use.", "example": {"_type": "literalExpression", "text": "pkgs.minecraft-server_1_12_2"}, "loc": ["services", "minecraft-server", "package"], "readOnly": false, "type": "package"}, "services.minecraft-server.serverProperties": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Minecraft server properties for the server.properties file. Only has\nan effect when {option}`services.minecraft-server.declarative`\nis set to `true`. See\n<https://minecraft.wiki/w/Server.properties#Java_Edition>\nfor documentation on these values.\n", "example": {"_type": "literalExpression", "text": "{\n  server-port = 43000;\n  difficulty = 3;\n  gamemode = 1;\n  max-players = 5;\n  motd = \"NixOS Minecraft server!\";\n  white-list = true;\n  enable-rcon = true;\n  \"rcon.password\" = \"hunter2\";\n}\n"}, "loc": ["services", "minecraft-server", "serverProperties"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "services.minecraft-server.whitelist": {"declarations": ["nixos/modules/services/games/minecraft-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Whitelisted players, only has an effect when\n{option}`services.minecraft-server.declarative` is\n`true` and the whitelist is enabled\nvia {option}`services.minecraft-server.serverProperties` by\nsetting `white-list` to `true`.\nThis is a mapping from Minecraft usernames to UUIDs.\nYou can use <https://mcuuid.net/> to get a\nMinecraft UUID for a username.\n", "example": {"_type": "literalExpression", "text": "{\n  username1 = \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\";\n  username2 = \"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy\";\n};\n"}, "loc": ["services", "minecraft-server", "whitelist"], "readOnly": false, "type": "attribute set of Minecraft UUID"}, "services.minetest-server.config": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to add to the minetest config file.\n\nThis option is ignored if `configPath` is set.\n", "loc": ["services", "minetest-server", "config"], "readOnly": false, "type": "attribute set of anything"}, "services.minetest-server.configPath": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the config to use.\n\nIf set to null, the config of the running user will be used:\n`~/.minetest/minetest.conf`.\n", "loc": ["services", "minetest-server", "configPath"], "readOnly": false, "type": "null or absolute path"}, "services.minetest-server.enable": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, starts a Minetest Server.", "loc": ["services", "minetest-server", "enable"], "readOnly": false, "type": "boolean"}, "services.minetest-server.extraArgs": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line flags to pass to the minetest executable.\n", "loc": ["services", "minetest-server", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.minetest-server.gameId": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Id of the game to use. To list available games run\n`minetestserver --gameid list`.\n\nIf only one game exists, this option can be null.\n", "loc": ["services", "minetest-server", "gameId"], "readOnly": false, "type": "null or string"}, "services.minetest-server.logPath": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to logfile for logging.\n\nIf set to null, logging will be output to stdout which means\nall output will be caught by systemd.\n", "loc": ["services", "minetest-server", "logPath"], "readOnly": false, "type": "null or absolute path"}, "services.minetest-server.port": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to bind to.\n\nIf set to null, the default 30000 will be used.\n", "loc": ["services", "minetest-server", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.minetest-server.world": {"declarations": ["nixos/modules/services/games/minetest-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the world to use. To list available worlds run\n`minetestserver --world list`.\n\nIf only one world exists, this option can be null.\n", "loc": ["services", "minetest-server", "world"], "readOnly": false, "type": "null or absolute path"}, "services.minidlna.enable": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MiniDLNA, a simple DLNA server. Consider adding `openFirewall = true` into your config.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "minidlna", "enable"], "readOnly": false, "type": "boolean"}, "services.minidlna.openFirewall": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening HTTP (TCP) and SSDP (UDP) ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "minidlna", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.minidlna.package": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "pkgs.minidlna"}, "description": "The minidlna package to use.", "loc": ["services", "minidlna", "package"], "readOnly": false, "type": "package"}, "services.minidlna.settings": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for {manpage}`minidlna.conf(5)`.", "loc": ["services", "minidlna", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.minidlna.settings.db_dir": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/minidlna\""}, "description": "Specify the directory to store database and album art cache.", "example": {"_type": "literalExpression", "text": "\"/tmp/minidlna\""}, "loc": ["services", "minidlna", "settings", "db_dir"], "readOnly": false, "type": "absolute path"}, "services.minidlna.settings.enable_subtitles": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"yes\""}, "description": "Enable subtitle support on unknown clients.", "loc": ["services", "minidlna", "settings", "enable_subtitles"], "readOnly": false, "type": "one of \"yes\", \"no\""}, "services.minidlna.settings.enable_tivo": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Support for streaming .jpg and .mp3 files to a TiVo supporting HMO.", "loc": ["services", "minidlna", "settings", "enable_tivo"], "readOnly": false, "type": "one of \"yes\", \"no\""}, "services.minidlna.settings.friendly_name": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Name that the server presents to clients.", "example": {"_type": "literalExpression", "text": "\"rpi3\""}, "loc": ["services", "minidlna", "settings", "friendly_name"], "readOnly": false, "type": "string"}, "services.minidlna.settings.inotify": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Whether to enable inotify monitoring to automatically discover new files.", "loc": ["services", "minidlna", "settings", "inotify"], "readOnly": false, "type": "one of \"yes\", \"no\""}, "services.minidlna.settings.log_level": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"warn\""}, "description": "Defines the type of messages that should be logged and down to which level of importance.", "example": {"_type": "literalExpression", "text": "\"general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn\""}, "loc": ["services", "minidlna", "settings", "log_level"], "readOnly": false, "type": "string"}, "services.minidlna.settings.media_dir": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories to be scanned for media files.\nThe `A,` `V,` `P,` prefixes restrict a directory to audio, video or image files.\nThe directories must be accessible to the `minidlna` user account.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/data/media\"\n  \"V,/home/alice/video\"\n]"}, "loc": ["services", "minidlna", "settings", "media_dir"], "readOnly": false, "type": "list of string"}, "services.minidlna.settings.notify_interval": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "90000"}, "description": "The interval between announces (in seconds).\nInstead of waiting for announces, you should set `openFirewall` option to use SSDP discovery.\nLower values (e.g. 30 seconds) should be used if your network is blocking the SSDP multicast.\nSome relevant information can be found [here](https://sourceforge.net/p/minidlna/discussion/879957/thread/1389d197/).\n", "loc": ["services", "minidlna", "settings", "notify_interval"], "readOnly": false, "type": "signed integer"}, "services.minidlna.settings.port": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "8200"}, "description": "Port number for HTTP traffic (descriptions, SOAP, media transfer).", "loc": ["services", "minidlna", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.minidlna.settings.root_container": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"B\""}, "description": "Use a different container as the root of the directory tree presented to clients.", "example": {"_type": "literalExpression", "text": "\".\""}, "loc": ["services", "minidlna", "settings", "root_container"], "readOnly": false, "type": "string"}, "services.minidlna.settings.wide_links": {"declarations": ["nixos/modules/services/networking/minidlna.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Set this to yes to allow symlinks that point outside user-defined `media_dir`.", "loc": ["services", "minidlna", "settings", "wide_links"], "readOnly": false, "type": "one of \"yes\", \"no\""}, "services.miniflux.adminCredentialsFile": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the ADMIN_USERNAME and\nADMIN_PASSWORD (length >= 6) in the format of\nan EnvironmentFile=, as described by {manpage}`systemd.exec(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/miniflux-admin-credentials\""}, "loc": ["services", "miniflux", "adminCredentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.miniflux.config": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Miniflux, refer to\n<https://miniflux.app/docs/configuration.html>\nfor documentation on the supported values.\n", "loc": ["services", "miniflux", "config"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer)"}, "services.miniflux.config.CREATE_ADMIN": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create an admin user from environment variables.", "loc": ["services", "miniflux", "config", "CREATE_ADMIN"], "readOnly": false, "type": "signed integer or boolean convertible to it"}, "services.miniflux.config.DATABASE_URL": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "if createDatabaseLocally then \"user=miniflux host=/run/postgresql dbname=miniflux\" else null\n"}, "description": "Postgresql connection parameters.\nSee [lib/pq](https://pkg.go.dev/github.com/lib/pq#hdr-Connection_String_Parameters) for more details.\n", "loc": ["services", "miniflux", "config", "DATABASE_URL"], "readOnly": false, "type": "null or string"}, "services.miniflux.config.LISTEN_ADDR": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:8080\""}, "description": "Address to listen on. Use absolute path for a Unix socket.\nMultiple addresses can be specified, separated by commas.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8080, 127.0.0.1:8081\""}, "loc": ["services", "miniflux", "config", "LISTEN_ADDR"], "readOnly": false, "type": "string"}, "services.miniflux.config.RUN_MIGRATIONS": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Run database migrations.", "loc": ["services", "miniflux", "config", "RUN_MIGRATIONS"], "readOnly": false, "type": "signed integer or boolean convertible to it"}, "services.miniflux.config.WATCHDOG": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable or disable Systemd watchdog.", "loc": ["services", "miniflux", "config", "WATCHDOG"], "readOnly": false, "type": "signed integer or boolean convertible to it"}, "services.miniflux.createDatabaseLocally": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a PostgreSQL database should be automatically created and\nconfigured on the local host. If set to `false`, you need provision a\ndatabase yourself.\n", "loc": ["services", "miniflux", "createDatabaseLocally"], "readOnly": false, "type": "boolean"}, "services.miniflux.enable": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable miniflux.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "miniflux", "enable"], "readOnly": false, "type": "boolean"}, "services.miniflux.package": {"declarations": ["nixos/modules/services/web-apps/miniflux.nix"], "default": {"_type": "literalExpression", "text": "pkgs.miniflux"}, "description": "The miniflux package to use.", "loc": ["services", "miniflux", "package"], "readOnly": false, "type": "package"}, "services.minio.accessKey": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Access key of 5 to 20 characters in length that clients use to access the server.\nThis overrides the access key that is generated by minio on first startup and stored inside the\n`configDir` directory.\n", "loc": ["services", "minio", "accessKey"], "readOnly": false, "type": "string"}, "services.minio.browser": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable or disable access to web UI.", "loc": ["services", "minio", "browser"], "readOnly": false, "type": "boolean"}, "services.minio.certificatesDir": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/minio/certs\""}, "description": "The directory where TLS certificates are stored.", "loc": ["services", "minio", "certificatesDir"], "readOnly": false, "type": "absolute path"}, "services.minio.configDir": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/minio/config\""}, "description": "The config directory, for the access keys and other settings.", "loc": ["services", "minio", "configDir"], "readOnly": false, "type": "absolute path"}, "services.minio.consoleAddress": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\":9001\""}, "description": "IP address and port of the web UI (console).", "loc": ["services", "minio", "consoleAddress"], "readOnly": false, "type": "string"}, "services.minio.dataDir": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/var/lib/minio/data\"\n]"}, "description": "The list of data directories or nodes for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode.", "loc": ["services", "minio", "dataDir"], "readOnly": false, "type": "list of (absolute path or string)"}, "services.minio.enable": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Minio Object Storage.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "minio", "enable"], "readOnly": false, "type": "boolean"}, "services.minio.listenAddress": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\":9000\""}, "description": "IP address and port of the server.", "loc": ["services", "minio", "listenAddress"], "readOnly": false, "type": "string"}, "services.minio.package": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.minio"}, "description": "The minio package to use.", "loc": ["services", "minio", "package"], "readOnly": false, "type": "package"}, "services.minio.region": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\"us-east-1\""}, "description": "The physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region.\n", "loc": ["services", "minio", "region"], "readOnly": false, "type": "string"}, "services.minio.rootCredentialsFile": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the MINIO_ROOT_USER, default is \"minioadmin\", and\nMINIO_ROOT_PASSWORD (length >= 8), default is \"minioadmin\"; in the format of\nan EnvironmentFile=, as described by {manpage}`systemd.exec(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/minio-root-credentials\""}, "loc": ["services", "minio", "rootCredentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.minio.secretKey": {"declarations": ["nixos/modules/services/web-servers/minio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specify the Secret key of 8 to 40 characters in length that clients use to access the server.\nThis overrides the secret key that is generated by minio on first startup and stored inside the\n`configDir` directory.\n", "loc": ["services", "minio", "secretKey"], "readOnly": false, "type": "string"}, "services.miniupnpd.appendConfig": {"declarations": ["nixos/modules/services/networking/miniupnpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines appended to the MiniUPnP config.\n", "loc": ["services", "miniupnpd", "appendConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.miniupnpd.enable": {"declarations": ["nixos/modules/services/networking/miniupnpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MiniUPnP daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "miniupnpd", "enable"], "readOnly": false, "type": "boolean"}, "services.miniupnpd.externalInterface": {"declarations": ["nixos/modules/services/networking/miniupnpd.nix"], "description": "Name of the external interface.\n", "loc": ["services", "miniupnpd", "externalInterface"], "readOnly": false, "type": "string"}, "services.miniupnpd.internalIPs": {"declarations": ["nixos/modules/services/networking/miniupnpd.nix"], "description": "The IP address ranges to listen on.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.1.1/24\"\n  \"enp1s0\"\n]"}, "loc": ["services", "miniupnpd", "internalIPs"], "readOnly": false, "type": "list of string"}, "services.miniupnpd.natpmp": {"declarations": ["nixos/modules/services/networking/miniupnpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NAT-PMP support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "miniupnpd", "natpmp"], "readOnly": false, "type": "boolean"}, "services.miniupnpd.upnp": {"declarations": ["nixos/modules/services/networking/miniupnpd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable UPNP support.\n", "loc": ["services", "miniupnpd", "upnp"], "readOnly": false, "type": "boolean"}, "services.mirakurun.allowSmartCardAccess": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Install polkit rules to allow Mirakurun to access smart card readers\nwhich is commonly used along with tuner devices.\n", "loc": ["services", "mirakurun", "allowSmartCardAccess"], "readOnly": false, "type": "boolean"}, "services.mirakurun.channelSettings": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Options which are added to channels.yml. If none is specified, it\nwill automatically be generated at runtime.\n\nDocumentation:\n<https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"channel\";\n    types = \"GR\";\n    channel = \"0\";\n  }\n];\n"}, "loc": ["services", "mirakurun", "channelSettings"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.mirakurun.enable": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Mirakurun DVR Tuner Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mirakurun", "enable"], "readOnly": false, "type": "boolean"}, "services.mirakurun.openFirewall": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Mirakurun.\n\n::: {.warning}\nExposing Mirakurun to the open internet is generally advised\nagainst. Only use it inside a trusted local network, or\nconsider putting it behind a VPN if you want remote access.\n:::\n", "loc": ["services", "mirakurun", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.mirakurun.port": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "40772"}, "description": "Port to listen on. If `null`, it won't listen on\nany port.\n", "loc": ["services", "mirakurun", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mirakurun.serverSettings": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for server.yml.\n\nDocumentation:\n<https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md>\n", "example": {"_type": "literalExpression", "text": "{\n  highWaterMark = 25165824;\n  overflowTimeLimit = 30000;\n};\n"}, "loc": ["services", "mirakurun", "serverSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.mirakurun.tunerSettings": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Options which are added to tuners.yml. If none is specified, it will\nautomatically be generated at runtime.\n\nDocumentation:\n<https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"tuner-name\";\n    types = [ \"GR\" \"BS\" \"CS\" \"SKY\" ];\n    dvbDevicePath = \"/dev/dvb/adapterX/dvrX\";\n  }\n];\n"}, "loc": ["services", "mirakurun", "tunerSettings"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.mirakurun.unixSocket": {"declarations": ["nixos/modules/services/video/mirakurun.nix"], "default": {"_type": "literalExpression", "text": "\"/var/run/mirakurun/mirakurun.sock\""}, "description": "Path to unix socket to listen on. If `null`, it\nwon't listen on any unix sockets.\n", "loc": ["services", "mirakurun", "unixSocket"], "readOnly": false, "type": "null or absolute path"}, "services.miredo.bindAddress": {"declarations": ["nixos/modules/services/networking/miredo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Depending on the local firewall/NAT rules, you might need to force\nMiredo to use a fixed UDP port and or IPv4 address.\n", "loc": ["services", "miredo", "bindAddress"], "readOnly": false, "type": "null or string"}, "services.miredo.bindPort": {"declarations": ["nixos/modules/services/networking/miredo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Depending on the local firewall/NAT rules, you might need to force\nMiredo to use a fixed UDP port and or IPv4 address.\n", "loc": ["services", "miredo", "bindPort"], "readOnly": false, "type": "null or string"}, "services.miredo.enable": {"declarations": ["nixos/modules/services/networking/miredo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Miredo IPv6 tunneling service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "miredo", "enable"], "readOnly": false, "type": "boolean"}, "services.miredo.interfaceName": {"declarations": ["nixos/modules/services/networking/miredo.nix"], "default": {"_type": "literalExpression", "text": "\"teredo\""}, "description": "Name of the network tunneling interface.\n", "loc": ["services", "miredo", "interfaceName"], "readOnly": false, "type": "string"}, "services.miredo.package": {"declarations": ["nixos/modules/services/networking/miredo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.miredo"}, "description": "The miredo package to use.", "loc": ["services", "miredo", "package"], "readOnly": false, "type": "package"}, "services.miredo.serverAddress": {"declarations": ["nixos/modules/services/networking/miredo.nix"], "default": {"_type": "literalExpression", "text": "\"teredo.remlab.net\""}, "description": "The hostname or primary IPv4 address of the Teredo server.\nThis setting is required if Miredo runs as a Teredo client.\n\"teredo.remlab.net\" is an experimental service for testing only.\nPlease use another server for production and/or large scale deployments.\n", "loc": ["services", "miredo", "serverAddress"], "readOnly": false, "type": "string"}, "services.misskey.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create the PostgreSQL database locally. Sets `services.misskey.settings.db.{db,host,port,user,pass}`.", "loc": ["services", "misskey", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.misskey.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the database password. Sets `services.misskey.settings.db.pass`.", "loc": ["services", "misskey", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.enable": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable misskey.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "misskey", "enable"], "readOnly": false, "type": "boolean"}, "services.misskey.meilisearch.createLocally": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create and use a local Meilisearch instance. Sets `services.misskey.settings.meilisearch.{host,port,ssl}`.", "loc": ["services", "misskey", "meilisearch", "createLocally"], "readOnly": false, "type": "boolean"}, "services.misskey.meilisearch.keyFile": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the Meilisearch API key. Sets `services.misskey.settings.meilisearch.apiKey`.", "loc": ["services", "misskey", "meilisearch", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.package": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "pkgs.misskey"}, "description": "The misskey package to use.", "loc": ["services", "misskey", "package"], "readOnly": false, "type": "package"}, "services.misskey.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create and use a local Redis instance. Sets `services.misskey.settings.redis.host`.", "loc": ["services", "misskey", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.misskey.redis.passwordFile": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the Redis password. Sets `services.misskey.settings.redis.pass`.", "loc": ["services", "misskey", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.enable": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a HTTP reverse proxy for Misskey.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "misskey", "reverseProxy", "enable"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The fully qualified domain name to bind to. Sets `services.misskey.settings.url`.\n\nThis is required when using `services.misskey.reverseProxy.enable = true`.\n", "example": {"_type": "literalExpression", "text": "\"misskey.example.com\""}, "loc": ["services", "misskey", "reverseProxy", "host"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.ssl": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to enable SSL for the reverse proxy. Sets `services.misskey.settings.url`.\n\nThis is required when using `services.misskey.reverseProxy.enable = true`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "misskey", "reverseProxy", "ssl"], "readOnly": false, "type": "null or boolean"}, "services.misskey.reverseProxy.webserver": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "description": "The webserver to use as the reverse proxy.", "loc": ["services", "misskey", "reverseProxy", "webserver"], "readOnly": false, "type": "attribute-tagged union with choices: caddy, nginx"}, "services.misskey.reverseProxy.webserver.caddy": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the caddy virtual host of Misskey.\nSet to `{ }` to use the default configuration.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy"], "readOnly": false, "type": "submodule"}, "services.misskey.reverseProxy.webserver.caddy.extraConfig": {"declarations": [], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to this virtual host in the\nautomatically generated `Caddyfile`.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.misskey.reverseProxy.webserver.caddy.hostName": {"declarations": [], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy", "hostName"], "readOnly": false, "type": "string"}, "services.misskey.reverseProxy.webserver.caddy.listenAddresses": {"declarations": [], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of host interfaces to bind to for this virtual host.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.misskey.reverseProxy.webserver.caddy.logFormat": {"declarations": [], "default": {"_type": "literalExpression", "text": "''\n  output file ''${config.services.caddy.logDir}/access-''${hostName}.log\n''"}, "description": "Configuration for HTTP request logging (also known as access logs). See\n<https://caddyserver.com/docs/caddyfile/directives/log#log>\nfor details.\n", "example": {"_type": "literalExpression", "text": "mkForce ''\n  output discard\n'';\n"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy", "logFormat"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.misskey.reverseProxy.webserver.caddy.serverAliases": {"declarations": [], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.misskey.reverseProxy.webserver.caddy.useACMEHost": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is mostly useful if you use DNS challenges but Caddy does not\ncurrently support your provider.\n\n*Note that this option does not create any certificates, nor\ndoes it add subdomains to existing ones \u2013 you will need to create them\nmanually using [](#opt-security.acme.certs).*\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "caddy", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the nginx virtual host of Misskey.\nSet to `{ }` to use the default configuration.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx"], "readOnly": false, "type": "submodule"}, "services.misskey.reverseProxy.webserver.nginx.acmeFallbackHost": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.acmeRoot": {"declarations": [], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.addSSL": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.basicAuth": {"declarations": [], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.misskey.reverseProxy.webserver.nginx.basicAuthFile": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.webserver.nginx.default": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.enableACME": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.extraConfig": {"declarations": [], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.misskey.reverseProxy.webserver.nginx.forceSSL": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.globalRedirect": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.http2": {"declarations": [], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.http3": {"declarations": [], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.http3_hq": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.kTLS": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.listen": {"declarations": [], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.misskey.reverseProxy.webserver.nginx.listen.*.addr": {"declarations": [], "description": "Listen address.", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.misskey.reverseProxy.webserver.nginx.listen.*.extraParameters": {"declarations": [], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.misskey.reverseProxy.webserver.nginx.listen.*.port": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.reverseProxy.webserver.nginx.listen.*.proxyProtocol": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.listen.*.ssl": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.listenAddresses": {"declarations": [], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.misskey.reverseProxy.webserver.nginx.locations": {"declarations": [], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth": {"declarations": [], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.extraConfig": {"declarations": [], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams": {"declarations": [], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.index": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.priority": {"declarations": [], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyPass": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.recommendedProxySettings": {"declarations": [], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": [], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.return": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.root": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.locations.<name>.uwsgiPass": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.onlySSL": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.quic": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.redirectCode": {"declarations": [], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.misskey.reverseProxy.webserver.nginx.rejectSSL": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.reuseport": {"declarations": [], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.misskey.reverseProxy.webserver.nginx.root": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.webserver.nginx.serverAliases": {"declarations": [], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.misskey.reverseProxy.webserver.nginx.serverName": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.misskey.reverseProxy.webserver.nginx.sslCertificate": {"declarations": [], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.misskey.reverseProxy.webserver.nginx.sslCertificateKey": {"declarations": [], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.misskey.reverseProxy.webserver.nginx.sslTrustedCertificate": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.reverseProxy.webserver.nginx.useACMEHost": {"declarations": [], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "misskey", "reverseProxy", "webserver", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.misskey.settings": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "description": "Configuration for Misskey, see\n[`example.yml`](https://github.com/misskey-dev/misskey/blob/develop/.config/example.yml)\nfor all supported options.\n", "loc": ["services", "misskey", "settings"], "readOnly": false, "type": "open submodule of attribute set of (YAML 1.1 value)"}, "services.misskey.settings.chmodSocket": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The file access mode of the UNIX socket.", "example": {"_type": "literalExpression", "text": "\"777\""}, "loc": ["services", "misskey", "settings", "chmodSocket"], "readOnly": false, "type": "null or string"}, "services.misskey.settings.db": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Database settings.", "loc": ["services", "misskey", "settings", "db"], "readOnly": false, "type": "submodule"}, "services.misskey.settings.db.db": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"misskey\""}, "description": "The database name.", "loc": ["services", "misskey", "settings", "db", "db"], "readOnly": false, "type": "string"}, "services.misskey.settings.db.disableCache": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable caching queries.", "loc": ["services", "misskey", "settings", "db", "disableCache"], "readOnly": false, "type": "boolean"}, "services.misskey.settings.db.extra": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra connection options.", "example": {"_type": "literalExpression", "text": "{\n  ssl = true;\n}"}, "loc": ["services", "misskey", "settings", "db", "extra"], "readOnly": false, "type": "null or (attribute set of (YAML 1.1 value))"}, "services.misskey.settings.db.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"/var/run/postgresql\""}, "description": "The PostgreSQL host.", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "misskey", "settings", "db", "host"], "readOnly": false, "type": "string"}, "services.misskey.settings.db.pass": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password used for database authentication.", "loc": ["services", "misskey", "settings", "db", "pass"], "readOnly": false, "type": "null or string"}, "services.misskey.settings.db.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "The PostgreSQL port.", "loc": ["services", "misskey", "settings", "db", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.db.user": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"misskey\""}, "description": "The user used for database authentication.", "loc": ["services", "misskey", "settings", "db", "user"], "readOnly": false, "type": "string"}, "services.misskey.settings.id": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"aidx\""}, "description": "The ID generation method to use. Do not change after starting Misskey for the first time.", "loc": ["services", "misskey", "settings", "id"], "readOnly": false, "type": "one of \"aid\", \"aidx\", \"meid\", \"ulid\", \"objectid\""}, "services.misskey.settings.meilisearch": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Meilisearch connection options.", "loc": ["services", "misskey", "settings", "meilisearch"], "readOnly": false, "type": "null or (submodule)"}, "services.misskey.settings.meilisearch.apiKey": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Meilisearch API key.", "loc": ["services", "misskey", "settings", "meilisearch", "apiKey"], "readOnly": false, "type": "null or string"}, "services.misskey.settings.meilisearch.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The Meilisearch host.", "loc": ["services", "misskey", "settings", "meilisearch", "host"], "readOnly": false, "type": "string"}, "services.misskey.settings.meilisearch.index": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Meilisearch index to use.", "loc": ["services", "misskey", "settings", "meilisearch", "index"], "readOnly": false, "type": "null or string"}, "services.misskey.settings.meilisearch.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "7700"}, "description": "The Meilisearch port.", "loc": ["services", "misskey", "settings", "meilisearch", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.meilisearch.scope": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "The search scope.", "loc": ["services", "misskey", "settings", "meilisearch", "scope"], "readOnly": false, "type": "one of \"local\", \"global\""}, "services.misskey.settings.meilisearch.ssl": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to connect via SSL.", "loc": ["services", "misskey", "settings", "meilisearch", "ssl"], "readOnly": false, "type": "boolean"}, "services.misskey.settings.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port your Misskey server should listen on.", "loc": ["services", "misskey", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.redis": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "`ioredis` options. See [`README`](https://github.com/redis/ioredis?tab=readme-ov-file#connect-to-redis) for reference.", "loc": ["services", "misskey", "settings", "redis"], "readOnly": false, "type": "open submodule of attribute set of (YAML 1.1 value)"}, "services.misskey.settings.redis.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The Redis host.", "loc": ["services", "misskey", "settings", "redis", "host"], "readOnly": false, "type": "string"}, "services.misskey.settings.redis.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "The Redis port.", "loc": ["services", "misskey", "settings", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.redisForJobQueue": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "`ioredis` options for the job queue. See [`README`](https://github.com/redis/ioredis?tab=readme-ov-file#connect-to-redis) for reference.", "loc": ["services", "misskey", "settings", "redisForJobQueue"], "readOnly": false, "type": "null or (open submodule of attribute set of (YAML 1.1 value))"}, "services.misskey.settings.redisForJobQueue.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The Redis host.", "loc": ["services", "misskey", "settings", "redisForJobQueue", "host"], "readOnly": false, "type": "string"}, "services.misskey.settings.redisForJobQueue.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "The Redis port.", "loc": ["services", "misskey", "settings", "redisForJobQueue", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.redisForPubsub": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "`ioredis` options for pubsub. See [`README`](https://github.com/redis/ioredis?tab=readme-ov-file#connect-to-redis) for reference.", "loc": ["services", "misskey", "settings", "redisForPubsub"], "readOnly": false, "type": "null or (open submodule of attribute set of (YAML 1.1 value))"}, "services.misskey.settings.redisForPubsub.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The Redis host.", "loc": ["services", "misskey", "settings", "redisForPubsub", "host"], "readOnly": false, "type": "string"}, "services.misskey.settings.redisForPubsub.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "The Redis port.", "loc": ["services", "misskey", "settings", "redisForPubsub", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.redisForTimelines": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "`ioredis` options for timelines. See [`README`](https://github.com/redis/ioredis?tab=readme-ov-file#connect-to-redis) for reference.", "loc": ["services", "misskey", "settings", "redisForTimelines"], "readOnly": false, "type": "null or (open submodule of attribute set of (YAML 1.1 value))"}, "services.misskey.settings.redisForTimelines.host": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The Redis host.", "loc": ["services", "misskey", "settings", "redisForTimelines", "host"], "readOnly": false, "type": "string"}, "services.misskey.settings.redisForTimelines.port": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "The Redis port.", "loc": ["services", "misskey", "settings", "redisForTimelines", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.misskey.settings.socket": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The UNIX socket your Misskey server should listen on.", "example": {"_type": "literalExpression", "text": "\"/path/to/misskey.sock\""}, "loc": ["services", "misskey", "settings", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.misskey.settings.url": {"declarations": ["nixos/modules/services/web-apps/misskey.nix"], "description": "The final user-facing URL. Do not change after running Misskey for the first time.\n\nThis needs to match up with the configured reverse proxy and is automatically configured when using `services.misskey.reverseProxy`.\n", "example": {"_type": "literalExpression", "text": "\"https://example.tld/\""}, "loc": ["services", "misskey", "settings", "url"], "readOnly": false, "type": "string"}, "services.mjolnir.accessTokenFile": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the matrix access token for the `mjolnir` user.\n", "loc": ["services", "mjolnir", "accessTokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.mjolnir.dataPath": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mjolnir\""}, "description": "The directory the bot should store various bits of information in.\n", "loc": ["services", "mjolnir", "dataPath"], "readOnly": false, "type": "absolute path"}, "services.mjolnir.enable": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mjolnir, a moderation tool for Matrix.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mjolnir", "enable"], "readOnly": false, "type": "boolean"}, "services.mjolnir.homeserverUrl": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "\"https://matrix.org\""}, "description": "Where the homeserver is located (client-server URL).\n\nIf `pantalaimon.enable` is `true`, this option will become the homeserver to which `pantalaimon` connects.\nThe listen address of `pantalaimon` will then become the `homeserverUrl` of `mjolnir`.\n", "loc": ["services", "mjolnir", "homeserverUrl"], "readOnly": false, "type": "string"}, "services.mjolnir.managementRoom": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "\"#moderators:example.org\""}, "description": "The room ID where people can use the bot. The bot has no access controls, so\nanyone in this room can use the bot - secure your room!\nThis should be a room alias or room ID - not a matrix.to URL.\nNote: `mjolnir` is fairly verbose - expect a lot of messages from it.\n", "loc": ["services", "mjolnir", "managementRoom"], "readOnly": false, "type": "string"}, "services.mjolnir.pantalaimon": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "`pantalaimon` options (enables E2E Encryption support).\n\nThis will create a `pantalaimon` instance with the name \"mjolnir\".\n", "loc": ["services", "mjolnir", "pantalaimon"], "readOnly": false, "type": "submodule"}, "services.mjolnir.pantalaimon.enable": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ignoring the accessToken. If true, accessToken is ignored and the username/password below will be\nused instead. The access token of the bot will be stored in the dataPath\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mjolnir", "pantalaimon", "enable"], "readOnly": false, "type": "boolean"}, "services.mjolnir.pantalaimon.options": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "passthrough additional options to the `pantalaimon` service.\n", "loc": ["services", "mjolnir", "pantalaimon", "options"], "readOnly": false, "type": "submodule"}, "services.mjolnir.pantalaimon.options.dataPath": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pantalaimon-\u2039name\u203a\""}, "description": "The directory where `pantalaimon` should store its state such as the database file.\n", "loc": ["services", "mjolnir", "pantalaimon", "options", "dataPath"], "readOnly": false, "type": "absolute path"}, "services.mjolnir.pantalaimon.options.extraSettings": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options. See\n[pantalaimon(5)](https://github.com/matrix-org/pantalaimon/blob/master/docs/man/pantalaimon.5.md)\nfor available options.\n", "loc": ["services", "mjolnir", "pantalaimon", "options", "extraSettings"], "readOnly": false, "type": "attribute set"}, "services.mjolnir.pantalaimon.options.homeserver": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "description": "The URI of the homeserver that the `pantalaimon` proxy should\nforward requests to, without the matrix API path but including\nthe http(s) schema.\n", "example": {"_type": "literalExpression", "text": "\"https://matrix.org\""}, "loc": ["services", "mjolnir", "pantalaimon", "options", "homeserver"], "readOnly": false, "type": "string"}, "services.mjolnir.pantalaimon.options.listenAddress": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address where the daemon will listen to client connections\nfor this homeserver.\n", "loc": ["services", "mjolnir", "pantalaimon", "options", "listenAddress"], "readOnly": false, "type": "string"}, "services.mjolnir.pantalaimon.options.listenPort": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "8009"}, "description": "The port where the daemon will listen to client connections for\nthis homeserver. Note that the listen address/port combination\nneeds to be lib.unique between different homeservers.\n", "loc": ["services", "mjolnir", "pantalaimon", "options", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mjolnir.pantalaimon.options.logLevel": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "\"warning\""}, "description": "Set the log level of the daemon.\n", "loc": ["services", "mjolnir", "pantalaimon", "options", "logLevel"], "readOnly": false, "type": "one of \"info\", \"warning\", \"error\", \"debug\""}, "services.mjolnir.pantalaimon.options.ssl": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether or not SSL verification should be enabled for outgoing\nconnections to the homeserver.\n", "loc": ["services", "mjolnir", "pantalaimon", "options", "ssl"], "readOnly": false, "type": "boolean"}, "services.mjolnir.pantalaimon.passwordFile": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the matrix password for the `mjolnir` user.\n", "loc": ["services", "mjolnir", "pantalaimon", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mjolnir.pantalaimon.username": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "description": "The username to login with.", "loc": ["services", "mjolnir", "pantalaimon", "username"], "readOnly": false, "type": "string"}, "services.mjolnir.protectedRooms": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of rooms to protect (matrix.to URLs).\n", "example": {"_type": "literalExpression", "text": "[\n  \"https://matrix.to/#/#yourroom:example.org\"\n  \"https://matrix.to/#/#anotherroom:example.org\"\n]\n"}, "loc": ["services", "mjolnir", "protectedRooms"], "readOnly": false, "type": "list of string"}, "services.mjolnir.settings": {"declarations": ["nixos/modules/services/matrix/mjolnir.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings (see [mjolnir default config](https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml) for available settings). These settings will override settings made by the module config.\n", "example": {"_type": "literalExpression", "text": "{\n  autojoinOnlyIfManager = true;\n  automaticallyRedactForReasons = [ \"spam\" \"advertising\" ];\n}\n"}, "loc": ["services", "mjolnir", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.mjpg-streamer.enable": {"declarations": ["nixos/modules/services/networking/mjpg-streamer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mjpg-streamer webcam streamer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mjpg-streamer", "enable"], "readOnly": false, "type": "boolean"}, "services.mjpg-streamer.group": {"declarations": ["nixos/modules/services/networking/mjpg-streamer.nix"], "default": {"_type": "literalExpression", "text": "\"video\""}, "description": "mjpg-streamer group name.", "loc": ["services", "mjpg-streamer", "group"], "readOnly": false, "type": "string"}, "services.mjpg-streamer.inputPlugin": {"declarations": ["nixos/modules/services/networking/mjpg-streamer.nix"], "default": {"_type": "literalExpression", "text": "\"input_uvc.so\""}, "description": "Input plugin. See plugins documentation for more information.\n", "loc": ["services", "mjpg-streamer", "inputPlugin"], "readOnly": false, "type": "string"}, "services.mjpg-streamer.outputPlugin": {"declarations": ["nixos/modules/services/networking/mjpg-streamer.nix"], "default": {"_type": "literalExpression", "text": "\"output_http.so -w @www@ -n -p 5050\""}, "description": "Output plugin. `@www@` is substituted for default mjpg-streamer www directory.\nSee plugins documentation for more information.\n", "loc": ["services", "mjpg-streamer", "outputPlugin"], "readOnly": false, "type": "string"}, "services.mjpg-streamer.user": {"declarations": ["nixos/modules/services/networking/mjpg-streamer.nix"], "default": {"_type": "literalExpression", "text": "\"mjpg-streamer\""}, "description": "mjpg-streamer user name.", "loc": ["services", "mjpg-streamer", "user"], "readOnly": false, "type": "string"}, "services.mlmmj.enable": {"declarations": ["nixos/modules/services/mail/mlmmj.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable mlmmj", "loc": ["services", "mlmmj", "enable"], "readOnly": false, "type": "boolean"}, "services.mlmmj.group": {"declarations": ["nixos/modules/services/mail/mlmmj.nix"], "default": {"_type": "literalExpression", "text": "\"mlmmj\""}, "description": "mailinglist local group", "loc": ["services", "mlmmj", "group"], "readOnly": false, "type": "string"}, "services.mlmmj.listDomain": {"declarations": ["nixos/modules/services/mail/mlmmj.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Set the mailing list domain", "loc": ["services", "mlmmj", "listDomain"], "readOnly": false, "type": "string"}, "services.mlmmj.mailLists": {"declarations": ["nixos/modules/services/mail/mlmmj.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The collection of hosted maillists", "loc": ["services", "mlmmj", "mailLists"], "readOnly": false, "type": "list of string"}, "services.mlmmj.maintInterval": {"declarations": ["nixos/modules/services/mail/mlmmj.nix"], "default": {"_type": "literalExpression", "text": "\"20min\""}, "description": "Time interval between mlmmj-maintd runs, see\n{manpage}`systemd.time(7)` for format information.\n", "loc": ["services", "mlmmj", "maintInterval"], "readOnly": false, "type": "string"}, "services.mlmmj.user": {"declarations": ["nixos/modules/services/mail/mlmmj.nix"], "default": {"_type": "literalExpression", "text": "\"mlmmj\""}, "description": "mailinglist local user", "loc": ["services", "mlmmj", "user"], "readOnly": false, "type": "string"}, "services.mmsd.enable": {"declarations": ["nixos/modules/services/networking/mmsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Multimedia Messaging Service Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mmsd", "enable"], "readOnly": false, "type": "boolean"}, "services.mmsd.extraArgs": {"declarations": ["nixos/modules/services/networking/mmsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to `mmsd-tng`", "example": {"_type": "literalExpression", "text": "[\n  \"--debug\"\n]"}, "loc": ["services", "mmsd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.mobilizon.enable": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mobilizon federated organization and mobilization platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mobilizon", "enable"], "readOnly": false, "type": "boolean"}, "services.mobilizon.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether an Nginx virtual host should be\nset up to serve Mobilizon.\n", "loc": ["services", "mobilizon", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.mobilizon.package": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mobilizon"}, "description": "The mobilizon package to use.", "loc": ["services", "mobilizon", "package"], "readOnly": false, "type": "package"}, "services.mobilizon.settings": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Mobilizon Elixir documentation, see\n<https://docs.joinmobilizon.org/administration/configure/reference/>\nfor supported values.\n", "loc": ["services", "mobilizon", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (Elixir value)"}, "services.mobilizon.settings.\":mobilizon\".\":instance\".email_from": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "noreply@${settings.\":mobilizon\".\":instance\".hostname}\n"}, "description": "The email for the From: header in emails\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", ":instance", "email_from"], "readOnly": false, "type": "string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\":instance\".email_reply_to": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "${email_from}\n"}, "description": "The email for the Reply-To: header in emails\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", ":instance", "email_reply_to"], "readOnly": false, "type": "string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\":instance\".hostname": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "description": "Your instance's hostname\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", ":instance", "hostname"], "readOnly": false, "type": "string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\":instance\".name": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "description": "The fallback instance name if not configured into the admin UI\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", ":instance", "name"], "readOnly": false, "type": "string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Storage.Repo\".database": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "\"mobilizon_prod\""}, "description": "Name of the database\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Storage.Repo", "database"], "readOnly": false, "type": "null or string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Storage.Repo\".socket_dir": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Path to the postgres socket directory.\n\nSet this to null if you want to connect to a remote database.\n\nIf non-null, the local PostgreSQL server will be configured with\nthe configured database, permissions, and required extensions.\n\nIf connecting to a remote database, please follow the\ninstructions on how to setup your database:\n<https://docs.joinmobilizon.org/administration/install/release/#database-setup>\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Storage.Repo", "socket_dir"], "readOnly": false, "type": "null or string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Storage.Repo\".username": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "\"mobilizon\""}, "description": "User used to connect to the database\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Storage.Repo", "username"], "readOnly": false, "type": "null or string or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Web.Endpoint\".has_reverse_proxy": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether you use a reverse proxy\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Web.Endpoint", "has_reverse_proxy"], "readOnly": false, "type": "boolean or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Web.Endpoint\".http.ip": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "{\n  _elixirType = \"tuple\";\n  value = [\n    0\n    0\n    0\n    0\n    0\n    0\n    0\n    1\n  ];\n}"}, "description": "The IP address to listen on. Defaults to [::1] notated as a byte tuple.\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Web.Endpoint", "http", "ip"], "readOnly": false, "type": "(elixir tuple) or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Web.Endpoint\".http.port": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalExpression", "text": "4000"}, "description": "The port to run the server\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Web.Endpoint", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (raw elixir)"}, "services.mobilizon.settings.\":mobilizon\".\"Mobilizon.Web.Endpoint\".url.host": {"declarations": ["nixos/modules/services/web-apps/mobilizon.nix"], "default": {"_type": "literalMD", "text": "${settings.\":mobilizon\".\":instance\".hostname}\n"}, "description": "Your instance's hostname for generating URLs throughout the app\n", "loc": ["services", "mobilizon", "settings", ":mobilizon", "Mobilizon.Web.Endpoint", "url", "host"], "readOnly": false, "type": "string or (raw elixir)"}, "services.molly-brown.certPath": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "description": "Path to TLS certificate. An ACME certificate and key may be\nshared with an HTTP server, but only if molly-brown has\npermissions allowing it to read such keys.\n\nAs an example:\n```\nsystemd.services.molly-brown.serviceConfig.SupplementaryGroups =\n  [ config.security.acme.certs.\"example.com\".group ];\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/example.com/cert.pem\""}, "loc": ["services", "molly-brown", "certPath"], "readOnly": false, "type": "absolute path"}, "services.molly-brown.docBase": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "description": "Base directory for Gemini content.", "example": {"_type": "literalExpression", "text": "\"/var/lib/molly-brown\""}, "loc": ["services", "molly-brown", "docBase"], "readOnly": false, "type": "absolute path"}, "services.molly-brown.enable": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Molly-Brown Gemini server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "molly-brown", "enable"], "readOnly": false, "type": "boolean"}, "services.molly-brown.hostName": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "The hostname to respond to requests for. Requests for URLs with\nother hosts will result in a status 53 (PROXY REQUEST REFUSED)\nresponse.\n", "loc": ["services", "molly-brown", "hostName"], "readOnly": false, "type": "string"}, "services.molly-brown.keyPath": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "description": "Path to TLS key. See {option}`CertPath`.", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/example.com/key.pem\""}, "loc": ["services", "molly-brown", "keyPath"], "readOnly": false, "type": "absolute path"}, "services.molly-brown.port": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "default": {"_type": "literalExpression", "text": "1965"}, "description": "TCP port for molly-brown to bind to.\n", "loc": ["services", "molly-brown", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.molly-brown.settings": {"declarations": ["nixos/modules/services/web-servers/molly-brown.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "molly-brown configuration. Refer to\n<https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf>\nfor details on supported values.\n", "loc": ["services", "molly-brown", "settings"], "readOnly": false, "type": "TOML value"}, "services.mollysocket.enable": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [MollySocket](https://github.com/mollyim/mollysocket) for getting Signal\nnotifications via UnifiedPush\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mollysocket", "enable"], "readOnly": false, "type": "boolean"}, "services.mollysocket.environmentFile": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file (see {manpage}`systemd.exec(5)` \"EnvironmentFile=\"\nsection for the syntax) passed to the service. This option can be\nused to safely include secrets in the configuration.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/mollysocket\""}, "loc": ["services", "mollysocket", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mollysocket.logLevel": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Set the {env}`RUST_LOG` environment variable", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "mollysocket", "logLevel"], "readOnly": false, "type": "string"}, "services.mollysocket.settings": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for MollySocket. Available options are listed\n[here](https://github.com/mollyim/mollysocket#configuration).\n", "loc": ["services", "mollysocket", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.mollysocket.settings.allowed_endpoints": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "List of UnifiedPush servers", "example": {"_type": "literalExpression", "text": "[\n  \"https://ntfy.sh\"\n]"}, "loc": ["services", "mollysocket", "settings", "allowed_endpoints"], "readOnly": false, "type": "list of string"}, "services.mollysocket.settings.allowed_uuids": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "UUIDs of Signal accounts that may use this server", "example": {"_type": "literalExpression", "text": "[\n  \"abcdef-12345-tuxyz-67890\"\n]"}, "loc": ["services", "mollysocket", "settings", "allowed_uuids"], "readOnly": false, "type": "list of string"}, "services.mollysocket.settings.host": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listening address of the web server", "loc": ["services", "mollysocket", "settings", "host"], "readOnly": false, "type": "string"}, "services.mollysocket.settings.port": {"declarations": ["nixos/modules/services/misc/mollysocket.nix"], "default": {"_type": "literalExpression", "text": "8020"}, "description": "Listening port of the web server", "loc": ["services", "mollysocket", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.monado.defaultRuntime": {"declarations": ["nixos/modules/services/hardware/monado.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Monado as the default OpenXR runtime on the system.\n\nNote that applications can bypass this option by setting an active\nruntime in a writable XDG_CONFIG_DIRS location like `~/.config`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monado", "defaultRuntime"], "readOnly": false, "type": "boolean"}, "services.monado.enable": {"declarations": ["nixos/modules/services/hardware/monado.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Monado user service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monado", "enable"], "readOnly": false, "type": "boolean"}, "services.monado.forceDefaultRuntime": {"declarations": ["nixos/modules/services/hardware/monado.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ensure that Monado is the active runtime set for the current\nuser.\n\nThis replaces the file `XDG_CONFIG_HOME/openxr/1/active_runtime.json`\nwhen starting the service.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monado", "forceDefaultRuntime"], "readOnly": false, "type": "boolean"}, "services.monado.highPriority": {"declarations": ["nixos/modules/services/hardware/monado.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable high priority capability for monado-service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monado", "highPriority"], "readOnly": false, "type": "boolean"}, "services.monado.package": {"declarations": ["nixos/modules/services/hardware/monado.nix"], "default": {"_type": "literalExpression", "text": "pkgs.monado"}, "description": "The monado package to use.", "loc": ["services", "monado", "package"], "readOnly": false, "type": "package"}, "services.monero.banlist": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a text file containing IPs to block.\nUseful to prevent DDoS/deanonymization attacks.\n\n<https://github.com/monero-project/meta/issues/1124>\n", "example": {"_type": "literalExpression", "text": "builtins.fetchurl {\n  url = \"https://raw.githubusercontent.com/rblaine95/monero-banlist/c6eb9413ddc777e7072d822f49923df0b2a94d88/block.txt\";\n  hash = \"\";\n};\n"}, "loc": ["services", "monero", "banlist"], "readOnly": false, "type": "null or absolute path"}, "services.monero.dataDir": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/monero\""}, "description": "The directory where Monero stores its data files.\n", "loc": ["services", "monero", "dataDir"], "readOnly": false, "type": "string"}, "services.monero.enable": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Monero node daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monero", "enable"], "readOnly": false, "type": "boolean"}, "services.monero.environmentFile": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an EnvironmentFile for the monero service as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service by specifying placeholder variables in the Nix config\nand setting values in the environment file.\n\nExample:\n\n```\n# In environment file:\nMINING_ADDRESS=888tNkZrPN6JsEgekjMnABU4TBzc2Dt29EPAvkRxbANsAnjyPbb3iQ1YBRk1UXcdRsiKc9dhwMVgN5S9cQUiyoogDavup3H\n```\n\n```\n# Service config\nservices.monero.mining.address = \"$MINING_ADDRESS\";\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/monero/monerod.env\""}, "loc": ["services", "monero", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.monero.exclusiveNodes": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of peer IP addresses to connect to *only*.\nIf given the other peer options will be ignored.\n", "loc": ["services", "monero", "exclusiveNodes"], "readOnly": false, "type": "list of string"}, "services.monero.extraConfig": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to be added verbatim to monerod configuration.\n", "loc": ["services", "monero", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.monero.extraNodes": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional peer IP addresses to add to the local list.\n", "loc": ["services", "monero", "extraNodes"], "readOnly": false, "type": "list of string"}, "services.monero.limits.download": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "-1"}, "description": "Limit of the download rate in kB/s.\nSet to `-1` to leave unlimited.\n", "loc": ["services", "monero", "limits", "download"], "readOnly": false, "type": "signed integer"}, "services.monero.limits.syncSize": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of blocks to sync at once.\nSet to `0` for adaptive.\n", "loc": ["services", "monero", "limits", "syncSize"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.monero.limits.threads": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of threads used for a parallel job.\nSet to `0` to leave unlimited.\n", "loc": ["services", "monero", "limits", "threads"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.monero.limits.upload": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "-1"}, "description": "Limit of the upload rate in kB/s.\nSet to `-1` to leave unlimited.\n", "loc": ["services", "monero", "limits", "upload"], "readOnly": false, "type": "signed integer"}, "services.monero.mining.address": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Monero address where to send mining rewards.\n", "loc": ["services", "monero", "mining", "address"], "readOnly": false, "type": "string"}, "services.monero.mining.enable": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to mine monero.\n", "loc": ["services", "monero", "mining", "enable"], "readOnly": false, "type": "boolean"}, "services.monero.mining.threads": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of threads used for mining.\nSet to `0` to use all available.\n", "loc": ["services", "monero", "mining", "threads"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.monero.priorityNodes": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of peer IP addresses to connect to and\nattempt to keep the connection open.\n", "loc": ["services", "monero", "priorityNodes"], "readOnly": false, "type": "list of string"}, "services.monero.prune": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to prune the blockchain.\n<https://www.getmonero.org/resources/moneropedia/pruning.html>\n", "loc": ["services", "monero", "prune"], "readOnly": false, "type": "boolean"}, "services.monero.rpc.address": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP address the RPC server will bind to.\n", "loc": ["services", "monero", "rpc", "address"], "readOnly": false, "type": "string"}, "services.monero.rpc.password": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for RPC connections.\n", "loc": ["services", "monero", "rpc", "password"], "readOnly": false, "type": "null or string"}, "services.monero.rpc.port": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "18081"}, "description": "Port the RPC server will bind to.\n", "loc": ["services", "monero", "rpc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.monero.rpc.restricted": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to restrict RPC to view only commands.\n", "loc": ["services", "monero", "rpc", "restricted"], "readOnly": false, "type": "boolean"}, "services.monero.rpc.user": {"declarations": ["nixos/modules/services/networking/monero.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User name for RPC connections.\n", "loc": ["services", "monero", "rpc", "user"], "readOnly": false, "type": "null or string"}, "services.monetdb.dataDir": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/monetdb\""}, "description": "Data directory for the dbfarm.", "loc": ["services", "monetdb", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.monetdb.enable": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the MonetDB database server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monetdb", "enable"], "readOnly": false, "type": "boolean"}, "services.monetdb.group": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "\"monetdb\""}, "description": "Group under which MonetDB runs.", "loc": ["services", "monetdb", "group"], "readOnly": false, "type": "string"}, "services.monetdb.listenAddress": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "monetdb", "listenAddress"], "readOnly": false, "type": "string"}, "services.monetdb.package": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.monetdb"}, "description": "The monetdb package to use.", "loc": ["services", "monetdb", "package"], "readOnly": false, "type": "package"}, "services.monetdb.port": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "50000"}, "description": "Port to listen on.", "loc": ["services", "monetdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.monetdb.user": {"declarations": ["nixos/modules/services/databases/monetdb.nix"], "default": {"_type": "literalExpression", "text": "\"monetdb\""}, "description": "User account under which MonetDB runs.", "loc": ["services", "monetdb", "user"], "readOnly": false, "type": "string"}, "services.mongodb.bind_ip": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP to bind to", "loc": ["services", "mongodb", "bind_ip"], "readOnly": false, "type": "string"}, "services.mongodb.dbpath": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/mongodb\""}, "description": "Location where MongoDB stores its files", "loc": ["services", "mongodb", "dbpath"], "readOnly": false, "type": "string"}, "services.mongodb.enable": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the MongoDB server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mongodb", "enable"], "readOnly": false, "type": "boolean"}, "services.mongodb.enableAuth": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable client authentication. Creates a default superuser with username root!", "loc": ["services", "mongodb", "enableAuth"], "readOnly": false, "type": "boolean"}, "services.mongodb.extraConfig": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MongoDB extra configuration in YAML format", "example": {"_type": "literalExpression", "text": "''\n  storage.journal.enabled: false\n''"}, "loc": ["services", "mongodb", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.mongodb.initialRootPasswordFile": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the password for the root user if auth is enabled.", "loc": ["services", "mongodb", "initialRootPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mongodb.initialScript": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing MongoDB statements to execute on first startup.\n", "loc": ["services", "mongodb", "initialScript"], "readOnly": false, "type": "null or absolute path"}, "services.mongodb.mongoshPackage": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mongosh"}, "description": "The mongosh package to use.", "loc": ["services", "mongodb", "mongoshPackage"], "readOnly": false, "type": "package"}, "services.mongodb.package": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mongodb"}, "description": "The mongodb package to use.", "example": {"_type": "literalExpression", "text": "pkgs.mongodb-ce"}, "loc": ["services", "mongodb", "package"], "readOnly": false, "type": "package"}, "services.mongodb.pidFile": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "\"/run/mongodb.pid\""}, "description": "Location of MongoDB pid file", "loc": ["services", "mongodb", "pidFile"], "readOnly": false, "type": "string"}, "services.mongodb.quiet": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "quieter output", "loc": ["services", "mongodb", "quiet"], "readOnly": false, "type": "boolean"}, "services.mongodb.replSetName": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If this instance is part of a replica set, set its name here.\nOtherwise, leave empty to run as single node.\n", "loc": ["services", "mongodb", "replSetName"], "readOnly": false, "type": "string"}, "services.mongodb.user": {"declarations": ["nixos/modules/services/databases/mongodb.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb\""}, "description": "User account under which MongoDB runs", "loc": ["services", "mongodb", "user"], "readOnly": false, "type": "string"}, "services.monica.appKeyFile": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "description": "A file containing the Laravel APP_KEY - a 32 character long,\nbase64 encoded key used for encryption where needed. Can be\ngenerated with <code>head -c 32 /dev/urandom | base64</code>.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/monica-appkey\""}, "loc": ["services", "monica", "appKeyFile"], "readOnly": false, "type": "absolute path"}, "services.monica.appURL": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"http\\${lib.optionalString tlsEnabled \\\"s\\\"}://\\${cfg.hostname}\""}, "description": "The root URL that you want to host monica on. All URLs in monica will be generated using this value.\nIf you change this in the future you may need to run a command to update stored URLs in the database.\nCommand example: <code>php artisan monica:update-url https://old.example.com https://new.example.com</code>\n", "example": {"_type": "literalExpression", "text": "\"https://example.com\""}, "loc": ["services", "monica", "appURL"], "readOnly": false, "type": "string"}, "services.monica.config": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "monica configuration options to set in the\n<filename>.env</filename> file.\n\nRefer to <link xlink:href=\"https://github.com/monicahq/monica\"/>\nfor details on supported values.\n\nSettings containing secret data should be set to an attribute\nset containing the attribute <literal>_secret</literal> - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting <filename>.env</filename> file, the\n<literal>OIDC_CLIENT_SECRET</literal> key will be set to the\ncontents of the <filename>/run/keys/oidc_secret</filename>\nfile.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    ALLOWED_IFRAME_HOSTS = \"https://example.com\";\n    WKHTMLTOPDF = \"/home/user/bins/wkhtmltopdf\";\n    AUTH_METHOD = \"oidc\";\n    OIDC_NAME = \"MyLogin\";\n    OIDC_DISPLAY_NAME_CLAIMS = \"name\";\n    OIDC_CLIENT_ID = \"monica\";\n    OIDC_CLIENT_SECRET = {_secret = \"/run/keys/oidc_secret\"};\n    OIDC_ISSUER = \"https://keycloak.example.com/auth/realms/My%20Realm\";\n    OIDC_ISSUER_DISCOVER = true;\n  }\n''"}, "loc": ["services", "monica", "config"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))"}, "services.monica.dataDir": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/monica\""}, "description": "monica data directory", "loc": ["services", "monica", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.monica.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "monica", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.monica.database.host": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "monica", "database", "host"], "readOnly": false, "type": "string"}, "services.monica.database.name": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"monica\""}, "description": "Database name.", "loc": ["services", "monica", "database", "name"], "readOnly": false, "type": "string"}, "services.monica.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n<option>database.user</option>.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/monica-dbpassword\""}, "loc": ["services", "monica", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.monica.database.port": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "monica", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.monica.database.user": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "user"}, "description": "Database username.", "loc": ["services", "monica", "database", "user"], "readOnly": false, "type": "string"}, "services.monica.enable": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable monica.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monica", "enable"], "readOnly": false, "type": "boolean"}, "services.monica.group": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"monica\""}, "description": "Group monica runs as.", "loc": ["services", "monica", "group"], "readOnly": false, "type": "string"}, "services.monica.hostname": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdn"}, "description": "The hostname to serve monica on.\n", "example": {"_type": "literalExpression", "text": "\"monica.example.com\""}, "loc": ["services", "monica", "hostname"], "readOnly": false, "type": "string"}, "services.monica.mail.driver": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"smtp\""}, "description": "Mail driver to use.", "loc": ["services", "monica", "mail", "driver"], "readOnly": false, "type": "one of \"smtp\", \"sendmail\""}, "services.monica.mail.encryption": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP encryption mechanism to use.", "loc": ["services", "monica", "mail", "encryption"], "readOnly": false, "type": "null or value \"tls\" (singular enum)"}, "services.monica.mail.from": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"mail@monica.com\""}, "description": "Mail \"from\" email.", "loc": ["services", "monica", "mail", "from"], "readOnly": false, "type": "string"}, "services.monica.mail.fromName": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"monica\""}, "description": "Mail \"from\" name.", "loc": ["services", "monica", "mail", "fromName"], "readOnly": false, "type": "string"}, "services.monica.mail.host": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Mail host address.", "loc": ["services", "monica", "mail", "host"], "readOnly": false, "type": "string"}, "services.monica.mail.passwordFile": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n<option>mail.user</option>.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/monica-mailpassword\""}, "loc": ["services", "monica", "mail", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.monica.mail.port": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "1025"}, "description": "Mail host port.", "loc": ["services", "monica", "mail", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.monica.mail.user": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mail username.", "example": {"_type": "literalExpression", "text": "\"monica\""}, "loc": ["services", "monica", "mail", "user"], "readOnly": false, "type": "null or string"}, "services.monica.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"18M\""}, "description": "The maximum size for uploads (e.g. images).", "example": {"_type": "literalExpression", "text": "\"1G\""}, "loc": ["services", "monica", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.monica.nginx": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "With this option, you can customize the nginx virtualHost settings.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    serverAliases = [\n      \"monica.''${config.networking.domain}\"\n    ];\n    # To enable encryption and let let's encrypt take care of certificate\n    forceSSL = true;\n    enableACME = true;\n  }\n''"}, "loc": ["services", "monica", "nginx"], "readOnly": false, "type": "submodule"}, "services.monica.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "monica", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "monica", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "monica", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "monica", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.monica.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "monica", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.monica.nginx.default": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "monica", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "monica", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "monica", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.monica.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "monica", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "monica", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "monica", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "monica", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "monica", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "monica", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "monica", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.monica.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "description": "Listen address.", "loc": ["services", "monica", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.monica.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "monica", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.monica.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "monica", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.monica.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "monica", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "monica", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "monica", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.monica.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "monica", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.monica.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.monica.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "monica", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.monica.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "monica", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.monica.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "monica", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.monica.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "monica", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.monica.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "monica", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.monica.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monica", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "monica", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "monica", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.monica.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.monica.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "monica", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "monica", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "monica", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "monica", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.monica.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "monica", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "monica", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.monica.nginx.root": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "monica", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.monica.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "monica", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.monica.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "monica", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.monica.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "monica", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.monica.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "monica", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.monica.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "monica", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.monica.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "monica", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.monica.phpPackage": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php83"}, "description": "The php83 package to use.", "loc": ["services", "monica", "phpPackage"], "readOnly": false, "type": "package"}, "services.monica.poolConfig": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the monica PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "monica", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.monica.user": {"declarations": ["nixos/modules/services/web-apps/monica.nix"], "default": {"_type": "literalExpression", "text": "\"monica\""}, "description": "User monica runs as.", "loc": ["services", "monica", "user"], "readOnly": false, "type": "string"}, "services.monit.config": {"declarations": ["nixos/modules/services/monitoring/monit.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "monitrc content", "loc": ["services", "monit", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.monit.enable": {"declarations": ["nixos/modules/services/monitoring/monit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Monit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "monit", "enable"], "readOnly": false, "type": "boolean"}, "services.moodle.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "moodle", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.moodle.database.host": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "moodle", "database", "host"], "readOnly": false, "type": "string"}, "services.moodle.database.name": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"moodle\""}, "description": "Database name.", "loc": ["services", "moodle", "database", "name"], "readOnly": false, "type": "string"}, "services.moodle.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/moodle-dbpassword\""}, "loc": ["services", "moodle", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.moodle.database.port": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "moodle", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.moodle.database.socket": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "loc": ["services", "moodle", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.moodle.database.type": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "Database engine to use.", "loc": ["services", "moodle", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"pgsql\""}, "services.moodle.database.user": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"moodle\""}, "description": "Database user.", "loc": ["services", "moodle", "database", "user"], "readOnly": false, "type": "string"}, "services.moodle.enable": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Moodle web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moodle", "enable"], "readOnly": false, "type": "boolean"}, "services.moodle.extraConfig": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional text to be appended to the config.php\nconfiguration file. This is a PHP script. For configuration\ndetails, see <https://docs.moodle.org/37/en/Configuration_file>.\n", "example": {"_type": "literalExpression", "text": "''\n  $CFG->disableupdatenotifications = true;\n''"}, "loc": ["services", "moodle", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.moodle.initialPassword": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "description": "Specifies the initial password for the admin, i.e. the password assigned if the user does not already exist.\nThe password specified here is world-readable in the Nix store, so it should be changed promptly.\n", "example": {"_type": "literalExpression", "text": "\"correcthorsebatterystaple\""}, "loc": ["services", "moodle", "initialPassword"], "readOnly": false, "type": "string"}, "services.moodle.package": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "pkgs.moodle"}, "description": "The moodle package to use.", "loc": ["services", "moodle", "package"], "readOnly": false, "type": "package"}, "services.moodle.poolConfig": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the Moodle PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "moodle", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.moodle.virtualHost": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "description": "Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`.\nSee [](#opt-services.httpd.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{\n  hostName = \"moodle.example.org\";\n  adminAddr = \"webmaster@example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "moodle", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.moodle.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "moodle", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.moodle.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "moodle", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "moodle", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.moodle.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "moodle", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.moodle.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "moodle", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "moodle", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "moodle", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.moodle.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "moodle", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "moodle", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.moodle.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "moodle", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.moodle.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "moodle", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "moodle", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.moodle.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "moodle", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.moodle.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "description": "Port to listen on", "loc": ["services", "moodle", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.moodle.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "moodle", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "moodle", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.moodle.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "moodle", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.moodle.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "moodle", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.moodle.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "moodle", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.moodle.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "moodle", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.moodle.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "moodle", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.moodle.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "moodle", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.moodle.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "moodle", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.moodle.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "moodle", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.moodle.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "moodle", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.moodle.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "moodle", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.moodle.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "moodle", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.moodle.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "moodle", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.moodle.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "moodle", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.moodle.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "moodle", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.moodle.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "moodle", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.moodle.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/moodle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "moodle", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.moonraker.address": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP or host to listen on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "moonraker", "address"], "readOnly": false, "type": "string"}, "services.moonraker.allowSystemControl": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow Moonraker to perform system-level operations.\n\nMoonraker exposes APIs to perform system-level operations, such as\nreboot, shutdown, and management of systemd units. See the\n[documentation](https://moonraker.readthedocs.io/en/latest/web_api/#machine-commands)\nfor details on what clients are able to do.\n", "loc": ["services", "moonraker", "allowSystemControl"], "readOnly": false, "type": "boolean"}, "services.moonraker.analysis.enable": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Runtime analysis with klipper-estimator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moonraker", "analysis", "enable"], "readOnly": false, "type": "boolean"}, "services.moonraker.configDir": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Deprecated directory containing client-writable configuration files.\n\nClients will be able to edit files in this directory via the API. This directory must be writable.\n", "loc": ["services", "moonraker", "configDir"], "readOnly": false, "type": "null or absolute path"}, "services.moonraker.enable": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Moonraker, an API web server for Klipper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moonraker", "enable"], "readOnly": false, "type": "boolean"}, "services.moonraker.group": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "\"moonraker\""}, "description": "Group account under which Moonraker runs.", "loc": ["services", "moonraker", "group"], "readOnly": false, "type": "string"}, "services.moonraker.klipperSocket": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "config.services.klipper.apiSocket"}, "description": "Path to Klipper's API socket.", "loc": ["services", "moonraker", "klipperSocket"], "readOnly": false, "type": "absolute path"}, "services.moonraker.package": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.moonraker"}, "description": "The moonraker package to use.", "example": {"_type": "literalExpression", "text": "moonraker.override { useGpiod = true; }"}, "loc": ["services", "moonraker", "package"], "readOnly": false, "type": "null or package"}, "services.moonraker.port": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "7125"}, "description": "The port to listen on.", "loc": ["services", "moonraker", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.moonraker.settings": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Moonraker. See the [documentation](https://moonraker.readthedocs.io/en/latest/configuration/)\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  authorization = {\n    cors_domains = [\n      \"https://app.fluidd.xyz\"\n      \"https://my.mainsail.xyz\"\n    ];\n    trusted_clients = [\n      \"10.0.0.0/24\"\n    ];\n  };\n}"}, "loc": ["services", "moonraker", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.moonraker.stateDir": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/moonraker\""}, "description": "The directory containing the Moonraker databases.", "loc": ["services", "moonraker", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.moonraker.user": {"declarations": ["nixos/modules/services/misc/moonraker.nix"], "default": {"_type": "literalExpression", "text": "\"moonraker\""}, "description": "User account under which Moonraker runs.", "loc": ["services", "moonraker", "user"], "readOnly": false, "type": "string"}, "services.moosefs.cgiserver.enable": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MooseFS GUI server (mfsgui) for web interface.\nWarning: The GUI server interface should be properly secured from unauthorized access,\nas it provides full control over your MooseFS installation.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moosefs", "cgiserver", "enable"], "readOnly": false, "type": "boolean"}, "services.moosefs.cgiserver.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the web interface port.", "loc": ["services", "moosefs", "cgiserver", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.moosefs.cgiserver.settings": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "GUI server configuration options.", "loc": ["services", "moosefs", "cgiserver", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.moosefs.cgiserver.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mfs\""}, "description": "Directory for lock files.", "loc": ["services", "moosefs", "cgiserver", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.moosefs.cgiserver.settings.GUISERV_LISTEN_HOST": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP address to bind GUI server to (* means any).", "loc": ["services", "moosefs", "cgiserver", "settings", "GUISERV_LISTEN_HOST"], "readOnly": false, "type": "string"}, "services.moosefs.cgiserver.settings.GUISERV_LISTEN_PORT": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "9425"}, "description": "Port for GUI server to listen on.", "loc": ["services", "moosefs", "cgiserver", "settings", "GUISERV_LISTEN_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.moosefs.chunkserver.enable": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MooseFS chunkserver daemon that stores file data.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moosefs", "chunkserver", "enable"], "readOnly": false, "type": "boolean"}, "services.moosefs.chunkserver.hdds": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mount points used by chunkserver for data storage (see mfshdd.cfg).", "example": {"_type": "literalExpression", "text": "[\n  \"/mnt/hdd1\"\n  \"/mnt/hdd2\"\n]"}, "loc": ["services", "moosefs", "chunkserver", "hdds"], "readOnly": false, "type": "list of string"}, "services.moosefs.chunkserver.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open required firewall ports for chunkserver service.", "loc": ["services", "moosefs", "chunkserver", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.moosefs.chunkserver.settings": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "description": "Chunkserver configuration options (mfschunkserver.cfg).", "loc": ["services", "moosefs", "chunkserver", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.moosefs.chunkserver.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mfs\""}, "description": "Directory for lock files and other runtime data.", "loc": ["services", "moosefs", "chunkserver", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.moosefs.client.enable": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MooseFS client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moosefs", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.moosefs.master.autoInit": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically initialize the master's metadata directory on first run. Use with caution.", "loc": ["services", "moosefs", "master", "autoInit"], "readOnly": false, "type": "boolean"}, "services.moosefs.master.enable": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable MooseFS master daemon.\nThe master server coordinates all MooseFS operations and stores metadata.\n", "loc": ["services", "moosefs", "master", "enable"], "readOnly": false, "type": "boolean"}, "services.moosefs.master.exports": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Export definitions for MooseFS (see mfsexports.cfg).", "example": {"_type": "literalExpression", "text": "[\n  \"* / rw,alldirs,admin,maproot=0:0\"\n  \"* . rw\"\n]"}, "loc": ["services", "moosefs", "master", "exports"], "readOnly": false, "type": "list of string"}, "services.moosefs.master.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open required firewall ports for master service.", "loc": ["services", "moosefs", "master", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.moosefs.master.settings": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "description": "Master configuration options (mfsmaster.cfg).", "loc": ["services", "moosefs", "master", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.moosefs.master.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mfs\""}, "description": "Directory for storing master metadata.", "loc": ["services", "moosefs", "master", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.moosefs.masterHost": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP or DNS name of the MooseFS master server.", "loc": ["services", "moosefs", "masterHost"], "readOnly": false, "type": "string"}, "services.moosefs.metalogger.enable": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MooseFS metalogger daemon that maintains a backup copy of the master's metadata.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moosefs", "metalogger", "enable"], "readOnly": false, "type": "boolean"}, "services.moosefs.metalogger.settings": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "description": "Metalogger configuration options (mfsmetalogger.cfg).", "loc": ["services", "moosefs", "metalogger", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.moosefs.metalogger.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mfs\""}, "description": "Directory for storing metalogger data.", "loc": ["services", "moosefs", "metalogger", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.moosefs.runAsUser": {"declarations": ["nixos/modules/services/network-filesystems/moosefs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Run daemons as moosefs user instead of root for better security.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "moosefs", "runAsUser"], "readOnly": false, "type": "boolean"}, "services.mopidy.dataDir": {"declarations": ["nixos/modules/services/audio/mopidy.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mopidy\""}, "description": "The directory where Mopidy stores its state.\n", "loc": ["services", "mopidy", "dataDir"], "readOnly": false, "type": "string"}, "services.mopidy.enable": {"declarations": ["nixos/modules/services/audio/mopidy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mopidy, a music player daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mopidy", "enable"], "readOnly": false, "type": "boolean"}, "services.mopidy.extensionPackages": {"declarations": ["nixos/modules/services/audio/mopidy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mopidy extensions that should be loaded by the service.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.mopidy-spotify ]"}, "loc": ["services", "mopidy", "extensionPackages"], "readOnly": false, "type": "list of package"}, "services.mopidy.extraConfigFiles": {"declarations": ["nixos/modules/services/audio/mopidy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra config file read by Mopidy when the service starts.\nLater files in the list overrides earlier configuration.\n", "loc": ["services", "mopidy", "extraConfigFiles"], "readOnly": false, "type": "list of string"}, "services.mopidy.settings": {"declarations": ["nixos/modules/services/audio/mopidy.nix"], "description": "The configuration that Mopidy should use.\nSee the upstream documentation <https://docs.mopidy.com/stable/config/> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  mpd = {\n    enabled = true;\n    hostname = \"::\";\n  };\n}"}, "loc": ["services", "mopidy", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.mosquitto.bridges": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Bridges to build to other MQTT brokers.\n", "loc": ["services", "mosquitto", "bridges"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mosquitto.bridges.<name>.addresses": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Remote endpoints for the bridge.\n", "loc": ["services", "mosquitto", "bridges", "<name>", "addresses"], "readOnly": false, "type": "list of (submodule)"}, "services.mosquitto.bridges.<name>.addresses.*.address": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "description": "Address of the remote MQTT broker.\n", "loc": ["services", "mosquitto", "bridges", "<name>", "addresses", "*", "address"], "readOnly": false, "type": "single-line string"}, "services.mosquitto.bridges.<name>.addresses.*.port": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "1883"}, "description": "Port of the remote MQTT broker.\n", "loc": ["services", "mosquitto", "bridges", "<name>", "addresses", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mosquitto.bridges.<name>.settings": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings for this bridge.\n", "loc": ["services", "mosquitto", "bridges", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, path, bool, or integer)"}, "services.mosquitto.bridges.<name>.topics": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Topic patterns to be shared between the two brokers.\nRefer to the [\nmosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) for details on the format.\n", "example": {"_type": "literalExpression", "text": "[\n  \"# both 2 local/topic/ remote/topic/\"\n]"}, "loc": ["services", "mosquitto", "bridges", "<name>", "topics"], "readOnly": false, "type": "list of single-line string"}, "services.mosquitto.dataDir": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mosquitto\""}, "description": "The data directory.\n", "loc": ["services", "mosquitto", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mosquitto.enable": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the MQTT Mosquitto broker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mosquitto", "enable"], "readOnly": false, "type": "boolean"}, "services.mosquitto.includeDirs": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories to be scanned for further config files to include.\nDirectories will processed in the order given,\n`*.conf` files in the directory will be\nread in case-sensitive alphabetical order.\n", "loc": ["services", "mosquitto", "includeDirs"], "readOnly": false, "type": "list of absolute path"}, "services.mosquitto.listeners": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listeners to configure on this broker.\n", "loc": ["services", "mosquitto", "listeners"], "readOnly": false, "type": "list of (submodule)"}, "services.mosquitto.listeners.*.acl": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional ACL items to prepend to the generated ACL file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"pattern read #\"\n  \"topic readwrite anon/report/#\"\n]"}, "loc": ["services", "mosquitto", "listeners", "*", "acl"], "readOnly": false, "type": "list of single-line string"}, "services.mosquitto.listeners.*.address": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address to listen on. Listen on `0.0.0.0`/`::`\nwhen unset.\n", "loc": ["services", "mosquitto", "listeners", "*", "address"], "readOnly": false, "type": "null or single-line string"}, "services.mosquitto.listeners.*.authPlugins": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Authentication plugin to attach to this listener.\nRefer to the [mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html)\nfor details on authentication plugins.\n", "loc": ["services", "mosquitto", "listeners", "*", "authPlugins"], "readOnly": false, "type": "list of (submodule)"}, "services.mosquitto.listeners.*.authPlugins.*.denySpecialChars": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically disallow all clients using `#`\nor `+` in their name/id.\n", "loc": ["services", "mosquitto", "listeners", "*", "authPlugins", "*", "denySpecialChars"], "readOnly": false, "type": "boolean"}, "services.mosquitto.listeners.*.authPlugins.*.options": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the auth plugin. Each key turns into a `auth_opt_*`\n line in the config.\n", "loc": ["services", "mosquitto", "listeners", "*", "authPlugins", "*", "options"], "readOnly": false, "type": "attribute set of (string, path, bool, or integer)"}, "services.mosquitto.listeners.*.authPlugins.*.plugin": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "description": "Plugin path to load, should be a `.so` file.\n", "loc": ["services", "mosquitto", "listeners", "*", "authPlugins", "*", "plugin"], "readOnly": false, "type": "absolute path"}, "services.mosquitto.listeners.*.omitPasswordAuth": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Omits password checking, allowing anyone to log in with any user name unless\nother mandatory authentication methods (eg TLS client certificates) are configured.\n", "loc": ["services", "mosquitto", "listeners", "*", "omitPasswordAuth"], "readOnly": false, "type": "boolean"}, "services.mosquitto.listeners.*.port": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "1883"}, "description": "Port to listen on. Must be set to 0 to listen on a unix domain socket.\n", "loc": ["services", "mosquitto", "listeners", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mosquitto.listeners.*.settings": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings for this listener.\n", "loc": ["services", "mosquitto", "listeners", "*", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, path, bool, or integer)"}, "services.mosquitto.listeners.*.users": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of users and their passwords and ACLs.\n", "example": {"_type": "literalExpression", "text": "{\n  john = {\n    acl = [\n      \"readwrite john/#\"\n    ];\n    password = \"123456\";\n  };\n}"}, "loc": ["services", "mosquitto", "listeners", "*", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mosquitto.listeners.*.users.<name>.acl": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Control client access to topics on the broker.\n", "example": {"_type": "literalExpression", "text": "[\n  \"read A/B\"\n  \"readwrite A/#\"\n]"}, "loc": ["services", "mosquitto", "listeners", "*", "users", "<name>", "acl"], "readOnly": false, "type": "list of single-line string"}, "services.mosquitto.listeners.*.users.<name>.hashedPassword": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the hashed password for the MQTT User.\nTo generate hashed password install the `mosquitto`\npackage and use `mosquitto_passwd`, then extract\nthe second field (after the `:`) from the generated\nfile.\n", "loc": ["services", "mosquitto", "listeners", "*", "users", "<name>", "hashedPassword"], "readOnly": false, "type": "null or single-line string"}, "services.mosquitto.listeners.*.users.<name>.hashedPasswordFile": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the path to a file containing the\nhashed password for the MQTT user.\nTo generate hashed password install the `mosquitto`\npackage and use `mosquitto_passwd`, then remove the\n`username:` prefix from the generated file.\nThe file is securely passed to mosquitto by\nleveraging systemd credentials. No special\npermissions need to be set on this file.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["services", "mosquitto", "listeners", "*", "users", "<name>", "hashedPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mosquitto.listeners.*.users.<name>.password": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the (clear text) password for the MQTT User.\n", "loc": ["services", "mosquitto", "listeners", "*", "users", "<name>", "password"], "readOnly": false, "type": "null or single-line string"}, "services.mosquitto.listeners.*.users.<name>.passwordFile": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the path to a file containing the\nclear text password for the MQTT user.\nThe file is securely passed to mosquitto by\nleveraging systemd credentials. No special\npermissions need to be set on this file.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["services", "mosquitto", "listeners", "*", "users", "<name>", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.mosquitto.logDest": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"stderr\"\n]"}, "description": "Destinations to send log messages to.\n", "loc": ["services", "mosquitto", "logDest"], "readOnly": false, "type": "list of (absolute path or one of \"stdout\", \"stderr\", \"syslog\", \"topic\", \"dlt\")"}, "services.mosquitto.logType": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Types of messages to log.\n", "loc": ["services", "mosquitto", "logType"], "readOnly": false, "type": "list of (one of \"debug\", \"error\", \"warning\", \"notice\", \"information\", \"subscribe\", \"unsubscribe\", \"websockets\", \"none\", \"all\")"}, "services.mosquitto.package": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mosquitto"}, "description": "The mosquitto package to use.", "loc": ["services", "mosquitto", "package"], "readOnly": false, "type": "package"}, "services.mosquitto.persistence": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable persistent storage of subscriptions and messages.\n", "loc": ["services", "mosquitto", "persistence"], "readOnly": false, "type": "boolean"}, "services.mosquitto.settings": {"declarations": ["nixos/modules/services/networking/mosquitto.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Global configuration options for the mosquitto broker.\n", "loc": ["services", "mosquitto", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string, path, bool, or integer)"}, "services.movim.dataDir": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/movim\""}, "description": "State directory of the `movim` user which holds the application\u2019s state & data.", "loc": ["services", "movim", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.movim.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "local database using UNIX socket authentication", "loc": ["services", "movim", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.movim.database.name": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"movim\""}, "description": "Database name.", "loc": ["services", "movim", "database", "name"], "readOnly": false, "type": "non-empty string"}, "services.movim.database.type": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"mariadb\""}, "loc": ["services", "movim", "database", "type"], "readOnly": false, "type": "one of \"mariadb\", \"postgresql\""}, "services.movim.database.user": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"movim\""}, "description": "Database username.", "loc": ["services", "movim", "database", "user"], "readOnly": false, "type": "non-empty string"}, "services.movim.debug": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Debugging logs.", "loc": ["services", "movim", "debug"], "readOnly": false, "type": "boolean"}, "services.movim.domain": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "Fully-qualified domain name (FQDN) for the Movim instance.", "loc": ["services", "movim", "domain"], "readOnly": false, "type": "non-empty string"}, "services.movim.enable": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a Movim instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "movim", "enable"], "readOnly": false, "type": "boolean"}, "services.movim.group": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"movim\""}, "description": "Group running Movim service", "loc": ["services", "movim", "group"], "readOnly": false, "type": "non-empty string"}, "services.movim.h2o": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an H2O virtual host which already\nhas sensible defaults for Movim. Set to `{ }` if you do not need any\ncustomization to the virtual host. If enabled, then by default, the\n{option}`serverName` is `${domain}`, If this is set to `null` (the\ndefault), no H2O `hosts` will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"pics.${config.movim.domain}\"\n  ];\n  acme.enable = true;\n  tls.policy = \"force\";\n}\n"}, "loc": ["services", "movim", "h2o"], "readOnly": false, "type": "null or (submodule)"}, "services.movim.h2o.acme": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ACME options for virtual host.", "loc": ["services", "movim", "h2o", "acme"], "readOnly": false, "type": "null or (submodule)"}, "services.movim.h2o.acme.enable": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let\u2019s Encrypt to sign a certificate for this\nvirtual host. Alternatively, an existing host can be used thru\n{option}`acme.useHost`.\n", "loc": ["services", "movim", "h2o", "acme", "enable"], "readOnly": false, "type": "boolean"}, "services.movim.h2o.acme.root": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don\u2019t put\ncerts or keys in here. Set to `null` to inherit from\nconfig.security.acme.\n", "loc": ["services", "movim", "h2o", "acme", "root"], "readOnly": false, "type": "null or absolute path"}, "services.movim.h2o.acme.useHost": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An existing Let\u2019s Encrypt certificate to use for this virtual\nhost. This is useful if you have many subdomains and want to\navoid hitting the [rate\nlimit](https://letsencrypt.org/docs/rate-limits). Alternately,\nyou can generate a certificate through {option}`acme.enable`.\nNote that this option neither creates any certificates nor does\nit add subdomains to existing ones\u2009\u2014\u2009you will need to create\nthem manually using [](#opt-security.acme.certs).\n", "loc": ["services", "movim", "h2o", "acme", "useHost"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.h2o.host": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the host address for this virtual host. If unset, the default is to\nlisten on all network interfaces.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "movim", "h2o", "host"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.h2o.http": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP options for virtual host", "loc": ["services", "movim", "h2o", "http"], "readOnly": false, "type": "null or (submodule)"}, "services.movim.h2o.http.port": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "config.services.h2o.defaultHTTPListenPort\n"}, "description": "Override the default HTTP port for this virtual host.\n", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "movim", "h2o", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.movim.h2o.serverAliases": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host\nconfiguration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "movim", "h2o", "serverAliases"], "readOnly": false, "type": "list of non-empty string"}, "services.movim.h2o.serverName": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Server name to be used for this virtual host. Defaults to attribute\nname in hosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "movim", "h2o", "serverName"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.h2o.settings": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset to be transformed into YAML for host config. Note that the HTTP\n/ TLS configurations will override these config values. See\n<https://h2o.examp1e.net/configure/base_directives.html#hosts>.\n", "loc": ["services", "movim", "h2o", "settings"], "readOnly": false, "type": "attribute set"}, "services.movim.h2o.tls": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS options for virtual host", "loc": ["services", "movim", "h2o", "tls"], "readOnly": false, "type": "null or (submodule)"}, "services.movim.h2o.tls.extraSettings": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional TLS/SSL-related configuration options. See\n<https://h2o.examp1e.net/configure/base_directives.html#listen-ssl>.\n", "example": {"_type": "literalExpression", "text": "{\n  minimum-version = \"TLSv1.3\";\n}\n"}, "loc": ["services", "movim", "h2o", "tls", "extraSettings"], "readOnly": false, "type": "attribute set"}, "services.movim.h2o.tls.identity": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Key / certificate pairs for the virtual host.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    key-file = \"/path/to/rsa.key\";\n    certificate-file = \"/path/to/rsa.crt\";\n  }\n  {\n    key-file = \"/path/to/ecdsa.key\";\n    certificate-file = \"/path/to/ecdsa.crt\";\n  }\n]\n"}, "loc": ["services", "movim", "h2o", "tls", "identity"], "readOnly": false, "type": "list of (submodule)"}, "services.movim.h2o.tls.identity.*.certificate-file": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "Path to certificate file. See\n<https://h2o.examp1e.net/configure/base_directives.html#certificate-file>.\n", "loc": ["services", "movim", "h2o", "tls", "identity", "*", "certificate-file"], "readOnly": false, "type": "absolute path"}, "services.movim.h2o.tls.identity.*.key-file": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "Path to key file. See\n<https://h2o.examp1e.net/configure/base_directives.html#key-file>.\n", "loc": ["services", "movim", "h2o", "tls", "identity", "*", "key-file"], "readOnly": false, "type": "absolute path"}, "services.movim.h2o.tls.policy": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "`add` will additionally listen for TLS connections. `only` will\ndisable   TLS connections. `force` will redirect non-TLS traffic\nto the TLS connection.\n", "example": {"_type": "literalExpression", "text": "\"force\""}, "loc": ["services", "movim", "h2o", "tls", "policy"], "readOnly": false, "type": "one of \"add\", \"only\", \"force\""}, "services.movim.h2o.tls.port": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "config.services.h2o.defaultTLSListenPort\n"}, "description": "Override the default TLS port for this virtual host.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "movim", "h2o", "tls", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.movim.h2o.tls.quic": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables HTTP/3 over QUIC on the UDP port for TLS. The attrset\nprovides fine-turning for QUIC behavior, but can be empty. See\n<https://h2o.examp1e.net/configure/http3_directives.html#quic-attributes>.\n", "example": {"_type": "literalExpression", "text": "{\n  amp-limit = 2;\n  handshake-timeout-rtt-multiplier = 300;\n  retry = \"ON\";\n}\n"}, "loc": ["services", "movim", "h2o", "tls", "quic"], "readOnly": false, "type": "null or (attribute set)"}, "services.movim.h2o.tls.recommendations": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default, H2O, without prejudice, will use as many TLS versions &\ncipher suites as it & the TLS library (OpenSSL) can support. The user is\nexpected to hone settings for the security of their server. Setting some\nconstraints is recommended, & if unsure about what TLS settings to use,\nthis option gives curated TLS settings recommendations from Mozilla\u2019s\n\u2018SSL Configuration Generator\u2019 project (see\n<https://ssl-config.mozilla.org>) or read more at Mozilla\u2019s Wiki (see\n<https://wiki.mozilla.org/Security/Server_Side_TLS>).\n\nmodern\n: Services with clients that support TLS 1.3 & don\u2019t need backward\n  compatibility\n\nintermediate\n: General-purpose servers with a variety of clients, recommended for\n  almost all systems\n\nold\n: Compatible with a number of very old clients, & should be used only as\n  a last resort\n\nThe default for all virtual hosts can be set with\nservices.h2o.defaultTLSRecommendations, but this value can be overridden\non a per-host basis using services.h2o.hosts.<name>.tls.recommmendations.\nThe settings will also be overidden by manual values set with\nservices.settings.h2o.hosts.<name>.tls.extraSettings.\n\nNOTE: older/weaker ciphers might require overriding the OpenSSL version\nof H2O (such as `openssl_legacy`). This can be done with\nsevices.settings.h2o.package.\n", "example": {"_type": "literalExpression", "text": "\"intermediate\""}, "loc": ["services", "movim", "h2o", "tls", "recommendations"], "readOnly": false, "type": "null or one of \"modern\", \"intermediate\", \"old\""}, "services.movim.h2o.tls.redirectCode": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` & `forceSSL`. Possible\nusecases include temporary (302, 307) redirects, keeping the\nrequest method & body (307, 308), or explicitly resetting the\nmethod to GET (303). See\n<https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "movim", "h2o", "tls", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.movim.logDir": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/movim\""}, "description": "Log directory of the `movim` user which holds the application\u2019s logs.", "loc": ["services", "movim", "logDir"], "readOnly": false, "type": "absolute path"}, "services.movim.minifyStaticFiles": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Do minification on public static files which reduces the size of\nassets\u200a\u2014\u200asaving data for the server & users as well as offering a\nperformance improvement. This adds typing for the `minifyStaticFiles`\nattribute for the Movim package which *will* override any existing\noverride value. The default `true` will enable minification for all\nsupported asset types with sane defaults.\n", "example": {"_type": "literalExpression", "text": "{\n  script.enable = false;\n  style = {\n    enable = true;\n    target = \"> 0.5%, last 2 versions, Firefox ESR, not dead\";\n  };\n  svg.enable = true;\n}\n"}, "loc": ["services", "movim", "minifyStaticFiles"], "readOnly": false, "type": "boolean or (submodule)"}, "services.movim.nginx": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an Nginx virtual host which\nalready has sensible defaults for Movim. Set to `{ }` if you do not\nneed any customization to the virtual host. If enabled, then by\ndefault, the {option}`serverName` is `${domain}`, If this is set to\n`null` (the default), no Nginx `virtualHost` will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"pics.${config.movim.domain}\"\n  ];\n  enableACME = true;\n  forceHttps = true;\n}\n"}, "loc": ["services", "movim", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.movim.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "movim", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "movim", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "movim", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "movim", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.movim.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "movim", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.movim.nginx.default": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "movim", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "movim", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "movim", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.movim.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "movim", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "movim", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "movim", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "movim", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "movim", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "movim", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "movim", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.movim.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "Listen address.", "loc": ["services", "movim", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.movim.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "movim", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.movim.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "movim", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.movim.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "movim", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "movim", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "movim", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.movim.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "movim", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.movim.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.movim.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "movim", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.movim.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "movim", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.movim.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "movim", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.movim.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "movim", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.movim.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "movim", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.movim.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "movim", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "movim", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "movim", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.movim.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.movim.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "movim", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "movim", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "movim", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "movim", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.movim.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "movim", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "movim", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.movim.nginx.root": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "movim", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.movim.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "movim", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.movim.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "movim", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.movim.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "movim", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.movim.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "movim", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.movim.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "movim", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.movim.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "movim", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.movim.package": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.movim"}, "description": "The movim package to use.", "loc": ["services", "movim", "package"], "readOnly": false, "type": "package"}, "services.movim.phpCfg": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{\n  error_reporting = \"E_ALL & ~E_DEPRECATED & ~E_STRICT\";\n  \"opcache.enable_cli\" = 1;\n  \"opcache.fast_shutdown\" = 1;\n  \"opcache.interned_strings_buffer\" = 8;\n  \"opcache.max_accelerated_files\" = 6144;\n  \"opcache.memory_consumption\" = 128;\n  \"opcache.revalidate_freq\" = 2;\n  output_buffering = 0;\n}"}, "description": "Extra PHP INI options such as `memory_limit`, `max_execution_time`, etc.", "loc": ["services", "movim", "phpCfg"], "readOnly": false, "type": "attribute set of (signed integer or string or boolean)"}, "services.movim.phpPackage": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php"}, "description": "The php package to use.", "loc": ["services", "movim", "phpPackage"], "readOnly": false, "type": "package"}, "services.movim.podConfig": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Pod configuration (values from `php daemon.php config --help`).\nNote that these values will now be disabled in the admin panel.\n", "loc": ["services", "movim", "podConfig"], "readOnly": false, "type": "submodule"}, "services.movim.podConfig.chatonly": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable all the social feature (Communities, Blog\u2026) and keep only the chat ones", "loc": ["services", "movim", "podConfig", "chatonly"], "readOnly": false, "type": "null or boolean"}, "services.movim.podConfig.description": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "General description of the instance", "loc": ["services", "movim", "podConfig", "description"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.podConfig.disableregistration": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Remove the XMPP registration flow and buttons from the interface", "loc": ["services", "movim", "podConfig", "disableregistration"], "readOnly": false, "type": "null or boolean"}, "services.movim.podConfig.info": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Content of the info box on the login page", "loc": ["services", "movim", "podConfig", "info"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.podConfig.locale": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The server main locale", "loc": ["services", "movim", "podConfig", "locale"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.podConfig.loglevel": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The server loglevel", "loc": ["services", "movim", "podConfig", "loglevel"], "readOnly": false, "type": "null or integer between 0 and 3 (both inclusive)"}, "services.movim.podConfig.restrictsuggestions": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only suggest chatrooms, Communities and other contents that are available on the user XMPP server and related services", "loc": ["services", "movim", "podConfig", "restrictsuggestions"], "readOnly": false, "type": "null or boolean"}, "services.movim.podConfig.timezone": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The server timezone", "loc": ["services", "movim", "podConfig", "timezone"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.podConfig.xmppdescription": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default XMPP server description", "loc": ["services", "movim", "podConfig", "xmppdescription"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.podConfig.xmppdomain": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default XMPP server domain", "loc": ["services", "movim", "podConfig", "xmppdomain"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.podConfig.xmppwhitelist": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The allowlisted XMPP servers", "loc": ["services", "movim", "podConfig", "xmppwhitelist"], "readOnly": false, "type": "null or non-empty string"}, "services.movim.poolConfig": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for Movim\u2019s PHP-FPM pool.", "loc": ["services", "movim", "poolConfig"], "readOnly": false, "type": "attribute set of (signed integer or string or boolean)"}, "services.movim.port": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Movim daemon port.", "loc": ["services", "movim", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.movim.precompressStaticFiles": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{\n  brotli = {\n    enable = true;\n  };\n  gzip = {\n    enable = false;\n  };\n}"}, "description": "Aggressively precompress static files", "loc": ["services", "movim", "precompressStaticFiles"], "readOnly": false, "type": "submodule"}, "services.movim.precompressStaticFiles.brotli.compressionLevel": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "11"}, "description": "Brotli compression level", "loc": ["services", "movim", "precompressStaticFiles", "brotli", "compressionLevel"], "readOnly": false, "type": "integer between 0 and 11 (both inclusive)"}, "services.movim.precompressStaticFiles.brotli.enable": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Brotli precompression.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "movim", "precompressStaticFiles", "brotli", "enable"], "readOnly": false, "type": "boolean"}, "services.movim.precompressStaticFiles.brotli.package": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.brotli"}, "description": "The brotli package to use.", "loc": ["services", "movim", "precompressStaticFiles", "brotli", "package"], "readOnly": false, "type": "package"}, "services.movim.precompressStaticFiles.gzip.compressionLevel": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "9"}, "description": "Gzip compression level", "loc": ["services", "movim", "precompressStaticFiles", "gzip", "compressionLevel"], "readOnly": false, "type": "integer between 1 and 9 (both inclusive)"}, "services.movim.precompressStaticFiles.gzip.enable": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gzip precompression.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "movim", "precompressStaticFiles", "gzip", "enable"], "readOnly": false, "type": "boolean"}, "services.movim.precompressStaticFiles.gzip.package": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gzip"}, "description": "The gzip package to use.", "loc": ["services", "movim", "precompressStaticFiles", "gzip", "package"], "readOnly": false, "type": "package"}, "services.movim.runtimeDir": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"/run/movim\""}, "description": "Runtime directory of the `movim` user which holds the application\u2019s caches & temporary files.", "loc": ["services", "movim", "runtimeDir"], "readOnly": false, "type": "absolute path"}, "services.movim.secretFile": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The secret file to be sourced for the .env settings.", "loc": ["services", "movim", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.movim.settings": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": ".env settings for Movim. Secrets should use `secretFile` option instead. `null`s will be culled.", "loc": ["services", "movim", "settings"], "readOnly": false, "type": "attribute set of (null or signed integer or string or boolean)"}, "services.movim.user": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "\"movim\""}, "description": "User running Movim service", "loc": ["services", "movim", "user"], "readOnly": false, "type": "non-empty string"}, "services.movim.verbose": {"declarations": ["nixos/modules/services/web-apps/movim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Verbose logs.", "loc": ["services", "movim", "verbose"], "readOnly": false, "type": "boolean"}, "services.mozillavpn.enable": {"declarations": ["nixos/modules/services/networking/mozillavpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mozilla VPN daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mozillavpn", "enable"], "readOnly": false, "type": "boolean"}, "services.mpd.credentials": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Credentials and permissions for accessing the mpd server.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    passwordFile = \"/var/lib/secrets/mpd_readonly_password\";\n    permissions = [\n      \"read\"\n    ];\n  }\n  {\n    passwordFile = \"/var/lib/secrets/mpd_admin_password\";\n    permissions = [\n      \"read\"\n      \"add\"\n      \"player\"\n      \"control\"\n      \"admin\"\n    ];\n  }\n]"}, "loc": ["services", "mpd", "credentials"], "readOnly": false, "type": "list of (submodule)"}, "services.mpd.credentials.*.passwordFile": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "description": "Path to file containing the password.\n", "loc": ["services", "mpd", "credentials", "*", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.mpd.credentials.*.permissions": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"read\"\n]"}, "description": "List of permissions that are granted with this password.\nPermissions can be \"read\", \"add\", \"player\", \"control\", \"admin\".\n", "loc": ["services", "mpd", "credentials", "*", "permissions"], "readOnly": false, "type": "list of (one of \"read\", \"add\", \"player\", \"control\", \"admin\")"}, "services.mpd.dataDir": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mpd\""}, "description": "The directory where MPD stores its state, tag cache, playlists etc. If\nleft as the default value this directory will automatically be created\nbefore the MPD server starts, otherwise the sysadmin is responsible for\nensuring the directory exists with appropriate ownership and permissions.\n", "loc": ["services", "mpd", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mpd.enable": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MPD, the music player daemon.\n", "loc": ["services", "mpd", "enable"], "readOnly": false, "type": "boolean"}, "services.mpd.fluidsynth": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, add fluidsynth soundfont `decoder` block.\n", "loc": ["services", "mpd", "fluidsynth"], "readOnly": false, "type": "boolean"}, "services.mpd.group": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"mpd\""}, "description": "Group account under which MPD runs.", "loc": ["services", "mpd", "group"], "readOnly": false, "type": "string"}, "services.mpd.openFirewall": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Open ports in the firewall for mpd. If `null` (default), you might\nget a warning asking you to set it explicitly to `true` or `false`,\ndepending upon the value of `services.mpd.settings.bind_to_address`.\n", "loc": ["services", "mpd", "openFirewall"], "readOnly": false, "type": "null or boolean"}, "services.mpd.settings": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for MPD. MPD supports key-value like blocks for settings\nlike `audio_output` and `neighbor`. Some of these blocks can be\nspecified multiple times, so the following configuration:\n\n```txt\naudio_output {\n    device \"iec958:CARD=Intel,DEV=0\"\n    mixer_control \"PCM\"\n    name \"My specific ALSA output\"\n    type \"alsa\"\n}\naudio_output {\n    mixer_type \"null\"\n    name \"ALSA Null\"\n    type \"alsa\"\n}\naudio_output {\n    name \"The Pulse\"\n    type \"pulse\"\n}\n```\n\nCan be inserted with:\n\n```nix\naudio_output = [\n  {\n    type = \"alsa\";\n    name = \"My specific ALSA output\";\n    device = \"iec958:CARD=Intel,DEV=0\";\n    mixer_control = \"PCM\";\n  }\n  {\n    type = \"alsa\";\n    name = \"ALSA Null\";\n    mixer_type = \"null\";\n  }\n  {\n    type = \"pulse\";\n    name = \"The Pulse\";\n  }\n];\n```\n", "loc": ["services", "mpd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean or absolute path or list of attribute set of (string or signed integer or boolean or absolute path))"}, "services.mpd.settings.bind_to_address": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address for the daemon to listen on.\nUse `any` to listen on all addresses.\n", "example": {"_type": "literalExpression", "text": "\"any\""}, "loc": ["services", "mpd", "settings", "bind_to_address"], "readOnly": false, "type": "string"}, "services.mpd.settings.db_file": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"${dataDir}/tag_cache\""}, "description": "The path to MPD's database.\n", "loc": ["services", "mpd", "settings", "db_file"], "readOnly": false, "type": "null or absolute path"}, "services.mpd.settings.music_directory": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"${dataDir}/music\""}, "description": "The directory or URI where MPD reads music from. If left\nas the default value this directory will automatically be created before\nthe MPD server starts, otherwise the sysadmin is responsible for ensuring\nthe directory exists with appropriate ownership and permissions.\n", "loc": ["services", "mpd", "settings", "music_directory"], "readOnly": false, "type": "absolute path or string matching the pattern ([a-z]+)://.+"}, "services.mpd.settings.playlist_directory": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"${dataDir}/playlists\""}, "description": "The directory where MPD stores playlists. If left as the default value\nthis directory will automatically be created before the MPD server starts,\notherwise the sysadmin is responsible for ensuring the directory exists\nwith appropriate ownership and permissions.\n", "loc": ["services", "mpd", "settings", "playlist_directory"], "readOnly": false, "type": "absolute path"}, "services.mpd.settings.port": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "6600"}, "description": "This setting is the TCP port that is desired for the daemon to get assigned\nto.\n", "loc": ["services", "mpd", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mpd.startWhenNeeded": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, {command}`mpd` is socket-activated; that\nis, instead of having it permanently running as a daemon,\nsystemd will start it on the first incoming connection.\n", "loc": ["services", "mpd", "startWhenNeeded"], "readOnly": false, "type": "boolean"}, "services.mpd.user": {"declarations": ["nixos/modules/services/audio/mpd.nix"], "default": {"_type": "literalExpression", "text": "\"mpd\""}, "description": "User account under which MPD runs.", "loc": ["services", "mpd", "user"], "readOnly": false, "type": "string"}, "services.mpdscribble.enable": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mpdscribble, an MPD client which submits info about tracks being played to Last.fm (formerly AudioScrobbler).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mpdscribble", "enable"], "readOnly": false, "type": "boolean"}, "services.mpdscribble.endpoints": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Endpoints to scrobble to.\nIf the endpoint is one of \"jamendo\", \"last.fm\", \"libre.fm\", \"listenbrainz\" the url is set automatically.\n", "example": {"_type": "literalExpression", "text": "{\n  \"last.fm\" = {\n    passwordFile = \"/run/secrets/lastfm_password\";\n    username = \"foo\";\n  };\n}"}, "loc": ["services", "mpdscribble", "endpoints"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.mpdscribble.endpoints.<name>.passwordFile": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "description": "File containing the password, either as MD5SUM or cleartext.", "loc": ["services", "mpdscribble", "endpoints", "<name>", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.mpdscribble.endpoints.<name>.url": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The url endpoint where the scrobble API is listening.", "loc": ["services", "mpdscribble", "endpoints", "<name>", "url"], "readOnly": false, "type": "string"}, "services.mpdscribble.endpoints.<name>.username": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "description": "Username for the scrobble service.\n", "loc": ["services", "mpdscribble", "endpoints", "<name>", "username"], "readOnly": false, "type": "string"}, "services.mpdscribble.host": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "if config.services.mpd.settings.bind_to_address != \"any\"\nthen config.services.mpd.settings.bind_to_address\nelse \"localhost\"\n"}, "description": "Host for the mpdscribble daemon to search for a mpd daemon on.\n", "loc": ["services", "mpdscribble", "host"], "readOnly": false, "type": "string"}, "services.mpdscribble.journalInterval": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "How often should mpdscribble save the journal file? [seconds]\n", "example": {"_type": "literalExpression", "text": "60"}, "loc": ["services", "mpdscribble", "journalInterval"], "readOnly": false, "type": "signed integer"}, "services.mpdscribble.passwordFile": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalMD", "text": "The first password file with read access configured for MPD when using a local instance,\notherwise `null`.\n"}, "description": "File containing the password for the mpd daemon.\nIf there is a local mpd configured using {option}`services.mpd.credentials`\nthe default is automatically set to a matching passwordFile of the local mpd.\n", "loc": ["services", "mpdscribble", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.mpdscribble.port": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "config.services.mpd.settings.port"}, "description": "Port for the mpdscribble daemon to search for a mpd daemon on.\n", "loc": ["services", "mpdscribble", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mpdscribble.proxy": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP proxy URL.\n", "loc": ["services", "mpdscribble", "proxy"], "readOnly": false, "type": "null or string"}, "services.mpdscribble.verbose": {"declarations": ["nixos/modules/services/audio/mpdscribble.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Log level for the mpdscribble daemon.\n", "loc": ["services", "mpdscribble", "verbose"], "readOnly": false, "type": "signed integer"}, "services.mptcpd.enable": {"declarations": ["nixos/modules/services/networking/mptcpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Multipath TCP path management daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mptcpd", "enable"], "readOnly": false, "type": "boolean"}, "services.mptcpd.package": {"declarations": ["nixos/modules/services/networking/mptcpd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mptcpd"}, "description": "The mptcpd package to use.", "loc": ["services", "mptcpd", "package"], "readOnly": false, "type": "package"}, "services.mqtt2influxdb.enable": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BigClown MQTT to InfluxDB bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mqtt2influxdb", "enable"], "readOnly": false, "type": "boolean"}, "services.mqtt2influxdb.environmentFiles": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load as environment file. Environment variables from this file\nwill be interpolated into the config file using envsubst with this\nsyntax: `$ENVIRONMENT` or `${VARIABLE}`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/keys/mqtt2influxdb.env\"\n]"}, "loc": ["services", "mqtt2influxdb", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.mqtt2influxdb.influxdb.database": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "description": "Name of the InfluxDB database.", "loc": ["services", "mqtt2influxdb", "influxdb", "database"], "readOnly": false, "type": "string"}, "services.mqtt2influxdb.influxdb.host": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host where InfluxDB server is running.", "loc": ["services", "mqtt2influxdb", "influxdb", "host"], "readOnly": false, "type": "string"}, "services.mqtt2influxdb.influxdb.password": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for InfluxDB login.\n\nIt is highly suggested to use here replacement through\nenvironmentFiles as otherwise the password is put world readable to\nthe store.\n", "loc": ["services", "mqtt2influxdb", "influxdb", "password"], "readOnly": false, "type": "null or string"}, "services.mqtt2influxdb.influxdb.port": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "8086"}, "description": "InfluxDB server port", "loc": ["services", "mqtt2influxdb", "influxdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mqtt2influxdb.influxdb.ssl": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use SSL to connect to the InfluxDB server.", "loc": ["services", "mqtt2influxdb", "influxdb", "ssl"], "readOnly": false, "type": "boolean"}, "services.mqtt2influxdb.influxdb.username": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for InfluxDB login.", "loc": ["services", "mqtt2influxdb", "influxdb", "username"], "readOnly": false, "type": "null or string"}, "services.mqtt2influxdb.influxdb.verify_ssl": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Verify SSL certificate when connecting to the InfluxDB server.", "loc": ["services", "mqtt2influxdb", "influxdb", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.mqtt2influxdb.mqtt.cafile": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certification Authority file for MQTT", "loc": ["services", "mqtt2influxdb", "mqtt", "cafile"], "readOnly": false, "type": "null or absolute path"}, "services.mqtt2influxdb.mqtt.certfile": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for MQTT", "loc": ["services", "mqtt2influxdb", "mqtt", "certfile"], "readOnly": false, "type": "null or absolute path"}, "services.mqtt2influxdb.mqtt.host": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host where MQTT server is running.", "loc": ["services", "mqtt2influxdb", "mqtt", "host"], "readOnly": false, "type": "string"}, "services.mqtt2influxdb.mqtt.keyfile": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for MQTT", "loc": ["services", "mqtt2influxdb", "mqtt", "keyfile"], "readOnly": false, "type": "null or absolute path"}, "services.mqtt2influxdb.mqtt.password": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MQTT password.\n\nIt is highly suggested to use here replacement through\nenvironmentFiles as otherwise the password is put world readable to\nthe store.\n", "loc": ["services", "mqtt2influxdb", "mqtt", "password"], "readOnly": false, "type": "null or string"}, "services.mqtt2influxdb.mqtt.port": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "1883"}, "description": "MQTT server port.", "loc": ["services", "mqtt2influxdb", "mqtt", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mqtt2influxdb.mqtt.username": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username used to connect to the MQTT server.", "loc": ["services", "mqtt2influxdb", "mqtt", "username"], "readOnly": false, "type": "null or string"}, "services.mqtt2influxdb.package": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3Packages.mqtt2influxdb"}, "description": "The mqtt2influxdb package to use.", "loc": ["services", "mqtt2influxdb", "package"], "readOnly": false, "type": "package"}, "services.mqtt2influxdb.points": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"temperature\";\n    tags = {\n      channel = \"$.topic[3]\";\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/thermometer/+/temperature\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"relative-humidity\";\n    tags = {\n      channel = \"$.topic[3]\";\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/hygrometer/+/relative-humidity\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"illuminance\";\n    tags = {\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/lux-meter/0:0/illuminance\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"pressure\";\n    tags = {\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/barometer/0:0/pressure\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"co2\";\n    tags = {\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/co2-meter/-/concentration\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"voltage\";\n    tags = {\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/battery/+/voltage\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"button\";\n    tags = {\n      channel = \"$.topic[3]\";\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/push-button/+/event-count\";\n  }\n  {\n    fields = {\n      value = \"$.payload\";\n    };\n    measurement = \"tvoc\";\n    tags = {\n      id = \"$.topic[1]\";\n    };\n    topic = \"node/+/voc-lp-sensor/0:0/tvoc\";\n  }\n]"}, "description": "Points to bridge from MQTT to InfluxDB.", "loc": ["services", "mqtt2influxdb", "points"], "readOnly": false, "type": "list of (submodule)"}, "services.mqtt2influxdb.points.*.fields": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "description": "Field selector.", "loc": ["services", "mqtt2influxdb", "points", "*", "fields"], "readOnly": false, "type": "submodule"}, "services.mqtt2influxdb.points.*.fields.type": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Type to be picked up", "loc": ["services", "mqtt2influxdb", "points", "*", "fields", "type"], "readOnly": false, "type": "null or string"}, "services.mqtt2influxdb.points.*.fields.value": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "\"$.payload\""}, "description": "Value to be picked up", "loc": ["services", "mqtt2influxdb", "points", "*", "fields", "value"], "readOnly": false, "type": "string"}, "services.mqtt2influxdb.points.*.measurement": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "description": "Name of the measurement", "loc": ["services", "mqtt2influxdb", "points", "*", "measurement"], "readOnly": false, "type": "string"}, "services.mqtt2influxdb.points.*.tags": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Tags applied", "loc": ["services", "mqtt2influxdb", "points", "*", "tags"], "readOnly": false, "type": "attribute set of string"}, "services.mqtt2influxdb.points.*.topic": {"declarations": ["nixos/modules/services/misc/mqtt2influxdb.nix"], "description": "MQTT topic to subscribe to.", "loc": ["services", "mqtt2influxdb", "points", "*", "topic"], "readOnly": false, "type": "string"}, "services.mstpd.enable": {"declarations": ["nixos/modules/services/networking/mstpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the multiple spanning tree protocol daemon.\n", "loc": ["services", "mstpd", "enable"], "readOnly": false, "type": "boolean"}, "services.mtprotoproxy.adTag": {"declarations": ["nixos/modules/services/networking/mtprotoproxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tag for advertising that can be obtained from @MTProxybot.\n", "example": {"_type": "literalExpression", "text": "\"3c09c680b76ee91a4c25ad51f742267d\""}, "loc": ["services", "mtprotoproxy", "adTag"], "readOnly": false, "type": "null or string"}, "services.mtprotoproxy.enable": {"declarations": ["nixos/modules/services/networking/mtprotoproxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mtprotoproxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mtprotoproxy", "enable"], "readOnly": false, "type": "boolean"}, "services.mtprotoproxy.extraConfig": {"declarations": ["nixos/modules/services/networking/mtprotoproxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options for mtprotoproxy.\n", "example": {"_type": "literalExpression", "text": "{\n  STATS_PRINT_PERIOD = 600;\n}"}, "loc": ["services", "mtprotoproxy", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.mtprotoproxy.port": {"declarations": ["nixos/modules/services/networking/mtprotoproxy.nix"], "default": {"_type": "literalExpression", "text": "3256"}, "description": "TCP port to accept mtproto connections on.\n", "loc": ["services", "mtprotoproxy", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mtprotoproxy.secureOnly": {"declarations": ["nixos/modules/services/networking/mtprotoproxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Don't allow users to connect in non-secure mode (without random padding).\n", "loc": ["services", "mtprotoproxy", "secureOnly"], "readOnly": false, "type": "boolean"}, "services.mtprotoproxy.users": {"declarations": ["nixos/modules/services/networking/mtprotoproxy.nix"], "description": "Allowed users and their secrets. A secret is a 32 characters long hex string.\n", "example": {"_type": "literalExpression", "text": "{\n  tg = \"00000000000000000000000000000000\";\n  tg2 = \"0123456789abcdef0123456789abcdef\";\n}"}, "loc": ["services", "mtprotoproxy", "users"], "readOnly": false, "type": "attribute set of string"}, "services.mtr-exporter.address": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address for MTR exporter.", "loc": ["services", "mtr-exporter", "address"], "readOnly": false, "type": "string"}, "services.mtr-exporter.enable": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a Prometheus exporter for MTR.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mtr-exporter", "enable"], "readOnly": false, "type": "boolean"}, "services.mtr-exporter.extraFlags": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options to pass to MTR exporter.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-flag.deprecatedMetrics\"\n]"}, "loc": ["services", "mtr-exporter", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.mtr-exporter.jobs": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "description": "List of MTR jobs. Will be added to /etc/mtr-exporter.conf", "loc": ["services", "mtr-exporter", "jobs"], "readOnly": false, "type": "non-empty (list of (submodule))"}, "services.mtr-exporter.jobs.*.address": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "description": "Target address for MTR client.", "example": {"_type": "literalExpression", "text": "\"host.example.org:1234\""}, "loc": ["services", "mtr-exporter", "jobs", "*", "address"], "readOnly": false, "type": "string"}, "services.mtr-exporter.jobs.*.flags": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional flags to pass to MTR.", "example": {"_type": "literalExpression", "text": "[\n  \"-G1\"\n]"}, "loc": ["services", "mtr-exporter", "jobs", "*", "flags"], "readOnly": false, "type": "list of string"}, "services.mtr-exporter.jobs.*.name": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "description": "Name of ICMP pinging job.", "loc": ["services", "mtr-exporter", "jobs", "*", "name"], "readOnly": false, "type": "string"}, "services.mtr-exporter.jobs.*.schedule": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "\"@every 60s\""}, "description": "Schedule of MTR checks. Also accepts Cron format.", "example": {"_type": "literalExpression", "text": "\"@hourly\""}, "loc": ["services", "mtr-exporter", "jobs", "*", "schedule"], "readOnly": false, "type": "string"}, "services.mtr-exporter.mtrPackage": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mtr"}, "description": "The mtr package to use.", "loc": ["services", "mtr-exporter", "mtrPackage"], "readOnly": false, "type": "package"}, "services.mtr-exporter.package": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mtr-exporter"}, "description": "The mtr-exporter package to use.", "loc": ["services", "mtr-exporter", "package"], "readOnly": false, "type": "package"}, "services.mtr-exporter.port": {"declarations": ["nixos/modules/services/networking/mtr-exporter.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Listen port for MTR exporter.", "loc": ["services", "mtr-exporter", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mullvad-vpn.enable": {"declarations": ["nixos/modules/services/networking/mullvad-vpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables Mullvad VPN daemon.\n", "loc": ["services", "mullvad-vpn", "enable"], "readOnly": false, "type": "boolean"}, "services.mullvad-vpn.enableEarlyBootBlocking": {"declarations": ["nixos/modules/services/networking/mullvad-vpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option activates an additional oneshot systemd service to ensure that the mullvad daemon\nwill start and block traffic before any network configuration will be applied.\nThis matches what upstream Mullvad distributes for their supported distros, but is disabled by\ndefault in NixOS as it may conflict with non-Mullvad network configuration.\n", "loc": ["services", "mullvad-vpn", "enableEarlyBootBlocking"], "readOnly": false, "type": "boolean"}, "services.mullvad-vpn.enableExcludeWrapper": {"declarations": ["nixos/modules/services/networking/mullvad-vpn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "This option activates the wrapper that allows the use of mullvad-exclude.\nMight have minor security impact, so consider disabling if you do not use the feature.\n", "loc": ["services", "mullvad-vpn", "enableExcludeWrapper"], "readOnly": false, "type": "boolean"}, "services.mullvad-vpn.package": {"declarations": ["nixos/modules/services/networking/mullvad-vpn.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mullvad"}, "description": "The mullvad package to use. `pkgs.mullvad` only provides the CLI tool, `pkgs.mullvad-vpn` provides both the CLI and the GUI.\n", "example": {"_type": "literalExpression", "text": "mullvad-vpn"}, "loc": ["services", "mullvad-vpn", "package"], "readOnly": false, "type": "package"}, "services.multipath.blacklist": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This section defines which devices should be excluded from the\nmultipath topology discovery.\n", "loc": ["services", "multipath", "blacklist"], "readOnly": false, "type": "null or string"}, "services.multipath.blacklist_exceptions": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This section defines which devices should be included in the\nmultipath topology discovery, despite being listed in the\nblacklist section.\n", "loc": ["services", "multipath", "blacklist_exceptions"], "readOnly": false, "type": "null or string"}, "services.multipath.defaults": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This section defines default values for attributes which are used\nwhenever no values are given in the appropriate device or multipath\nsections.\n", "loc": ["services", "multipath", "defaults"], "readOnly": false, "type": "null or string"}, "services.multipath.devices": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option allows you to define arrays for use in multipath\ngroups.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    vendor = \"\\\"COMPELNT\\\"\";\n    product = \"\\\"Compellent Vol\\\"\";\n    path_checker = \"tur\";\n    no_path_retry = \"queue\";\n    max_sectors_kb = 256;\n  }, ...\n]\n"}, "loc": ["services", "multipath", "devices"], "readOnly": false, "type": "list of (submodule)"}, "services.multipath.devices.*.alias_prefix": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The user_friendly_names prefix to use for this device type, instead of the default mpath", "loc": ["services", "multipath", "devices", "*", "alias_prefix"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.all_tg_pt": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the 'all targets ports' flag when registering keys with mpathpersist", "loc": ["services", "multipath", "devices", "*", "all_tg_pt"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.deferred_remove": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to \"yes\", multipathd will do a deferred remove instead of a\nregular remove when the last path device has been deleted. This means\nthat if the multipath device is still in use, it will be freed when\nthe last user closes it. If path is added to the multipath device\nbefore the last user closes it, the deferred remove will be canceled.\n", "loc": ["services", "multipath", "devices", "*", "deferred_remove"], "readOnly": false, "type": "null or one of \"yes\", \"no\""}, "services.multipath.devices.*.delay_wait_checks": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option is deprecated, and mapped to san_path_err_recovery_time", "loc": ["services", "multipath", "devices", "*", "delay_wait_checks"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.delay_watch_checks": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option is deprecated, and mapped to san_path_err_forget_rate", "loc": ["services", "multipath", "devices", "*", "delay_watch_checks"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.detect_checker": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to \"yes\", multipath will try to detect if the device supports\nSCSI-3 ALUA. If so, the device will automatically use the tur checker.\nIf set to \"no\", the checker will be selected as usual.\n", "loc": ["services", "multipath", "devices", "*", "detect_checker"], "readOnly": false, "type": "null or one of \"yes\", \"no\""}, "services.multipath.devices.*.detect_prio": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to \"yes\", multipath will try to detect if the device supports\nSCSI-3 ALUA. If so, the device will automatically use the sysfs\nprioritizer if the required sysf attributes access_state and\npreferred_path are supported, or the alua prioritizer if not. If set\nto \"no\", the prioritizer will be selected as usual.\n", "loc": ["services", "multipath", "devices", "*", "detect_prio"], "readOnly": false, "type": "null or one of \"yes\", \"no\""}, "services.multipath.devices.*.dev_loss_tmo": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the number of seconds the SCSI layer will wait after a problem has\nbeen detected on a FC remote port before removing it from the system. This\ncan be set to \"infinity\" which sets it to the max value of 2147483647\nseconds, or 68 years. It will be automatically adjusted to the overall\nretry interval no_path_retry * polling_interval\nif a number of retries is given with no_path_retry and the\noverall retry interval is longer than the specified dev_loss_tmo value.\nThe Linux kernel will cap this value to 600 if fast_io_fail_tmo\nis not set.\n", "loc": ["services", "multipath", "devices", "*", "dev_loss_tmo"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.failback": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tell multipathd how to manage path group failback. Quote integers as strings", "loc": ["services", "multipath", "devices", "*", "failback"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.fast_io_fail_tmo": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the number of seconds the SCSI layer will wait after a problem has been\ndetected on a FC remote port before failing I/O to devices on that remote port.\nThis should be smaller than dev_loss_tmo. Setting this to \"off\" will disable\nthe timeout. Quote integers as strings.\n", "loc": ["services", "multipath", "devices", "*", "fast_io_fail_tmo"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.features": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify any device-mapper features to be used", "loc": ["services", "multipath", "devices", "*", "features"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.flush_on_last_del": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to \"yes\" multipathd will disable queueing when the last path to a\ndevice has been deleted.\n", "loc": ["services", "multipath", "devices", "*", "flush_on_last_del"], "readOnly": false, "type": "null or one of \"yes\", \"no\""}, "services.multipath.devices.*.getuid_callout": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "(Superseded by uid_attribute) The default program and args to callout\nto obtain a unique path identifier. Should be specified with an absolute path.\n", "loc": ["services", "multipath", "devices", "*", "getuid_callout"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.ghost_delay": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd", "loc": ["services", "multipath", "devices", "*", "ghost_delay"], "readOnly": false, "type": "null or signed integer"}, "services.multipath.devices.*.hardware_handler": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The hardware handler to use for this device type", "loc": ["services", "multipath", "devices", "*", "hardware_handler"], "readOnly": false, "type": "null or one of \"emc\", \"rdac\", \"hp_sw\", \"alua\", \"ana\""}, "services.multipath.devices.*.marginal_path_double_failed_time": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "One of the four parameters of supporting path check based on accounting IO error such as intermittent error", "loc": ["services", "multipath", "devices", "*", "marginal_path_double_failed_time"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.marginal_path_err_rate_threshold": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The error rate threshold as a permillage (1/1000)", "loc": ["services", "multipath", "devices", "*", "marginal_path_err_rate_threshold"], "readOnly": false, "type": "null or signed integer"}, "services.multipath.devices.*.marginal_path_err_recheck_gap_time": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "One of the four parameters of supporting path check based on accounting IO error such as intermittent error", "loc": ["services", "multipath", "devices", "*", "marginal_path_err_recheck_gap_time"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.marginal_path_err_sample_time": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "One of the four parameters of supporting path check based on accounting IO error such as intermittent error", "loc": ["services", "multipath", "devices", "*", "marginal_path_err_sample_time"], "readOnly": false, "type": "null or signed integer"}, "services.multipath.devices.*.max_sectors_kb": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value", "loc": ["services", "multipath", "devices", "*", "max_sectors_kb"], "readOnly": false, "type": "null or signed integer"}, "services.multipath.devices.*.no_path_retry": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify what to do when all paths are down. Quote integers as strings", "loc": ["services", "multipath", "devices", "*", "no_path_retry"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.path_checker": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "\"tur\""}, "description": "The default method used to determine the paths state", "loc": ["services", "multipath", "devices", "*", "path_checker"], "readOnly": false, "type": "one of \"readsector0\", \"tur\", \"emc_clariion\", \"hp_sw\", \"rdac\", \"directio\", \"cciss_tur\", \"none\""}, "services.multipath.devices.*.path_grouping_policy": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default path grouping policy to apply to unspecified multipaths", "loc": ["services", "multipath", "devices", "*", "path_grouping_policy"], "readOnly": false, "type": "null or one of \"failover\", \"multibus\", \"group_by_serial\", \"group_by_prio\", \"group_by_node_name\""}, "services.multipath.devices.*.path_selector": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default path selector algorithm to use; they are offered by the kernel multipath target", "loc": ["services", "multipath", "devices", "*", "path_selector"], "readOnly": false, "type": "null or one of \"\"round-robin 0\"\", \"\"queue-length 0\"\", \"\"service-time 0\"\", \"\"historical-service-time 0\"\""}, "services.multipath.devices.*.prio": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the path priority routine", "loc": ["services", "multipath", "devices", "*", "prio"], "readOnly": false, "type": "null or one of \"none\", \"const\", \"sysfs\", \"emc\", \"alua\", \"ontap\", \"rdac\", \"hp_sw\", \"hds\", \"random\", \"weightedpath\", \"path_latency\", \"ana\", \"datacore\", \"iet\""}, "services.multipath.devices.*.prio_args": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Arguments to pass to to the prio function", "loc": ["services", "multipath", "devices", "*", "prio_args"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.product": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "description": "Regular expression to match the product name", "example": {"_type": "literalExpression", "text": "\"Compellent Vol\""}, "loc": ["services", "multipath", "devices", "*", "product"], "readOnly": false, "type": "string"}, "services.multipath.devices.*.product_blacklist": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Products with the given vendor matching this string are blacklisted", "loc": ["services", "multipath", "devices", "*", "product_blacklist"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.revision": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Regular expression to match the product revision", "loc": ["services", "multipath", "devices", "*", "revision"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.rr_min_io": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of I/O requests to route to a path before switching to the next in the\nsame path group. This is only for Block I/O (BIO) based multipath and\nonly apply to round-robin path_selector.\n", "loc": ["services", "multipath", "devices", "*", "rr_min_io"], "readOnly": false, "type": "null or signed integer"}, "services.multipath.devices.*.rr_min_io_rq": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of I/O requests to route to a path before switching to the next in the\nsame path group. This is only for Request based multipath and\nonly apply to round-robin path_selector.\n", "loc": ["services", "multipath", "devices", "*", "rr_min_io_rq"], "readOnly": false, "type": "null or signed integer"}, "services.multipath.devices.*.rr_weight": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to priorities the multipath configurator will assign path weights\nas \"path prio * rr_min_io\".\n", "loc": ["services", "multipath", "devices", "*", "rr_weight"], "readOnly": false, "type": "null or one of \"priorities\", \"uniform\""}, "services.multipath.devices.*.san_path_err_forget_rate": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to a value greater than 0, multipathd will check whether the path\nfailures has exceeded the san_path_err_threshold within this many checks\ni.e san_path_err_forget_rate. If so we will not reinstante the path till\nsan_path_err_recovery_time.\n", "loc": ["services", "multipath", "devices", "*", "san_path_err_forget_rate"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.san_path_err_recovery_time": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to a value greater than 0, multipathd will make sure that when\npath failures has exceeded the san_path_err_threshold within\nsan_path_err_forget_rate then the path will be placed in failed state\nfor san_path_err_recovery_time duration. Once san_path_err_recovery_time\nhas timeout we will reinstante the failed path. san_path_err_recovery_time\nvalue should be in secs.\n", "loc": ["services", "multipath", "devices", "*", "san_path_err_recovery_time"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.san_path_err_threshold": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to a value greater than 0, multipathd will watch paths and check\nhow many times a path has been failed due to errors.If the number of\nfailures on a particular path is greater then the san_path_err_threshold,\nthen the path will not reinstate till san_path_err_recovery_time. These\npath failures should occur within a san_path_err_forget_rate checks, if\nnot we will consider the path is good enough to reinstantate.\n", "loc": ["services", "multipath", "devices", "*", "san_path_err_threshold"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.skip_kpartx": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to yes, kpartx will not automatically create partitions on the device", "loc": ["services", "multipath", "devices", "*", "skip_kpartx"], "readOnly": false, "type": "null or one of \"yes\", \"no\""}, "services.multipath.devices.*.uid_attribute": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The udev attribute providing a unique path identifier (WWID)", "loc": ["services", "multipath", "devices", "*", "uid_attribute"], "readOnly": false, "type": "null or string"}, "services.multipath.devices.*.user_friendly_names": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set to \"yes\", using the bindings file /etc/multipath/bindings\nto assign a persistent and unique alias to the multipath, in the\nform of mpath. If set to \"no\" use the WWID as the alias. In either\ncase this be will be overridden by any specific aliases in the\nmultipaths section.\n", "loc": ["services", "multipath", "devices", "*", "user_friendly_names"], "readOnly": false, "type": "null or one of \"yes\", \"no\""}, "services.multipath.devices.*.vendor": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "description": "Regular expression to match the vendor name", "example": {"_type": "literalExpression", "text": "\"COMPELNT\""}, "loc": ["services", "multipath", "devices", "*", "vendor"], "readOnly": false, "type": "string"}, "services.multipath.devices.*.vpd_vendor": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The vendor specific vpd page information, using the vpd page abbreviation", "loc": ["services", "multipath", "devices", "*", "vpd_vendor"], "readOnly": false, "type": "null or string"}, "services.multipath.enable": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the device mapper multipath (DM-MP) daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "multipath", "enable"], "readOnly": false, "type": "boolean"}, "services.multipath.extraConfig": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Lines to append to default multipath.conf", "loc": ["services", "multipath", "extraConfig"], "readOnly": false, "type": "null or string"}, "services.multipath.extraConfigFile": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Append an additional file's contents to /etc/multipath.conf", "loc": ["services", "multipath", "extraConfigFile"], "readOnly": false, "type": "null or string"}, "services.multipath.overrides": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This section defines values for attributes that should override the\ndevice-specific settings for all devices.\n", "loc": ["services", "multipath", "overrides"], "readOnly": false, "type": "null or string"}, "services.multipath.package": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "pkgs.multipath-tools"}, "description": "The multipath-tools package to use.", "loc": ["services", "multipath", "package"], "readOnly": false, "type": "package"}, "services.multipath.pathGroups": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "description": "This option allows you to define multipath groups as described\nin http://christophe.varoqui.free.fr/usage.html.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    wwid = \"360080e500043b35c0123456789abcdef\";\n    alias = 10001234;\n    array = \"bigarray.example.com\";\n    fsType = \"zfs\"; # optional\n    options = \"ro\"; # optional\n  }, ...\n]\n"}, "loc": ["services", "multipath", "pathGroups"], "readOnly": false, "type": "list of (submodule)"}, "services.multipath.pathGroups.*.alias": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "description": "The name of the multipath device", "example": {"_type": "literalExpression", "text": "1001234"}, "loc": ["services", "multipath", "pathGroups", "*", "alias"], "readOnly": false, "type": "signed integer"}, "services.multipath.pathGroups.*.array": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The DNS name of the storage array", "example": {"_type": "literalExpression", "text": "\"bigarray.example.com\""}, "loc": ["services", "multipath", "pathGroups", "*", "array"], "readOnly": false, "type": "string"}, "services.multipath.pathGroups.*.fsType": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Type of the filesystem", "example": {"_type": "literalExpression", "text": "\"zfs\""}, "loc": ["services", "multipath", "pathGroups", "*", "fsType"], "readOnly": false, "type": "null or string"}, "services.multipath.pathGroups.*.options": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Options used to mount the file system", "example": {"_type": "literalExpression", "text": "\"ro\""}, "loc": ["services", "multipath", "pathGroups", "*", "options"], "readOnly": false, "type": "null or string"}, "services.multipath.pathGroups.*.wwid": {"declarations": ["nixos/modules/services/networking/multipath.nix"], "description": "The identifier for the multipath device", "example": {"_type": "literalExpression", "text": "\"360080e500043b35c0123456789abcdef\""}, "loc": ["services", "multipath", "pathGroups", "*", "wwid"], "readOnly": false, "type": "string (with check: hexadecimal string)"}, "services.munge.enable": {"declarations": ["nixos/modules/services/security/munge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable munge service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "munge", "enable"], "readOnly": false, "type": "boolean"}, "services.munge.password": {"declarations": ["nixos/modules/services/security/munge.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/munge/munge.key\""}, "description": "The path to a daemon's secret key.\n", "loc": ["services", "munge", "password"], "readOnly": false, "type": "absolute path"}, "services.munin-cron.enable": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable munin-cron. Takes care of all heavy lifting to collect data from\nnodes and draws graphs to html. Runs munin-update, munin-limits,\nmunin-graphs and munin-html in that order.\n\nHTML output is in {file}`/var/www/munin/`, configure your\nfavourite webserver to serve static files.\n", "loc": ["services", "munin-cron", "enable"], "readOnly": false, "type": "boolean"}, "services.munin-cron.extraCSS": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Custom styling for the HTML that munin-cron generates. This will be\nappended to the CSS files used by munin-cron and will thus take\nprecedence over the builtin styles.\n", "example": {"_type": "literalExpression", "text": "''\n  /* A simple dark theme. */\n  html, body { background: #222222; }\n  #header, #footer { background: #333333; }\n  img.i, img.iwarn, img.icrit, img.iunkn {\n    filter: invert(100%) hue-rotate(-30deg);\n  }\n''"}, "loc": ["services", "munin-cron", "extraCSS"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.munin-cron.extraGlobalConfig": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "{file}`munin.conf` extra global configuration.\nSee <https://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>.\nUseful to setup notifications, see\n<https://guide.munin-monitoring.org/en/latest/tutorial/alert.html>\n", "example": {"_type": "literalExpression", "text": "''\n  contact.email.command mail -s \"Munin notification for ''${var:host}\" someone@example.com\n''"}, "loc": ["services", "munin-cron", "extraGlobalConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.munin-cron.hosts": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Definitions of hosts of nodes to collect data from. Needs at least one\nhost for cron to succeed. See\n<https://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>\n", "example": {"_type": "literalExpression", "text": "''\n  [${config.networking.hostName}]\n  address localhost\n''\n"}, "loc": ["services", "munin-cron", "hosts"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.munin-node.disabledPlugins": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"munin_stats\"\n]"}, "description": "Munin plugins to disable, even if\n`munin-node-configure --suggest` tries to enable\nthem. To disable a wildcard plugin, use an actual wildcard, as in\nthe example.\n\nmunin_stats is disabled by default as it tries to read\n`/var/log/munin/munin-update.log` for timing\ninformation, and the NixOS build of Munin does not write this file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"diskstats\"\n  \"zfs_usage_*\"\n]"}, "loc": ["services", "munin-node", "disabledPlugins"], "readOnly": false, "type": "list of string"}, "services.munin-node.enable": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Munin Node agent. Munin node listens on 0.0.0.0 and\nby default accepts connections only from 127.0.0.1 for security reasons.\n\nSee <https://guide.munin-monitoring.org/en/latest/architecture/index.html>.\n", "loc": ["services", "munin-node", "enable"], "readOnly": false, "type": "boolean"}, "services.munin-node.extraAutoPlugins": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional Munin plugins to autoconfigure, using\n`munin-node-configure --suggest`. These should be\nthe actual paths to the plugin files (or directories containing them),\nnot just their names.\n\nIf you want to manually enable individual plugins instead, use\n{option}`services.munin-node.extraPlugins`.\n\nNote that only plugins that have the 'autoconfig' capability will do\nanything if listed here, since plugins that cannot autoconfigure\nwon't be automatically enabled by\n`munin-node-configure`.\n\nPlugins will be copied into the Nix store, and it will attempt to\nmodify them to run properly by fixing hardcoded references to\n`/bin`, `/usr/bin`,\n`/sbin`, and `/usr/sbin`.\n", "example": {"_type": "literalExpression", "text": "[\n  /src/munin-contrib/plugins/zfs\n  /src/munin-contrib/plugins/ssh\n];\n"}, "loc": ["services", "munin-node", "extraAutoPlugins"], "readOnly": false, "type": "list of absolute path"}, "services.munin-node.extraConfig": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "{file}`munin-node.conf` extra configuration. See\n<https://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html>\n", "loc": ["services", "munin-node", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.munin-node.extraPluginConfig": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "{file}`plugin-conf.d` extra plugin configuration. See\n<https://guide.munin-monitoring.org/en/latest/plugin/use.html>\n", "example": {"_type": "literalExpression", "text": "''\n  [fail2ban_*]\n  user root\n''"}, "loc": ["services", "munin-node", "extraPluginConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.munin-node.extraPlugins": {"declarations": ["nixos/modules/services/monitoring/munin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional Munin plugins to activate. Keys are the name of the plugin\nsymlink, values are the path to the underlying plugin script. You\ncan use the same plugin script multiple times (e.g. for wildcard\nplugins).\n\nNote that these plugins do not participate in autoconfiguration. If\nyou want to autoconfigure additional plugins, use\n{option}`services.munin-node.extraAutoPlugins`.\n\nPlugins enabled in this manner take precedence over autoconfigured\nplugins.\n\nPlugins will be copied into the Nix store, and it will attempt to\nmodify them to run properly by fixing hardcoded references to\n`/bin`, `/usr/bin`,\n`/sbin`, and `/usr/sbin`.\n", "example": {"_type": "literalExpression", "text": "{\n  zfs_usage_bigpool = /src/munin-contrib/plugins/zfs/zfs_usage_;\n  zfs_usage_smallpool = /src/munin-contrib/plugins/zfs/zfs_usage_;\n  zfs_list = /src/munin-contrib/plugins/zfs/zfs_list;\n};\n"}, "loc": ["services", "munin-node", "extraPlugins"], "readOnly": false, "type": "attribute set of absolute path"}, "services.murmur.allowHtml": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow HTML in client messages, comments, and channel\ndescriptions.\n", "loc": ["services", "murmur", "allowHtml"], "readOnly": false, "type": "boolean"}, "services.murmur.autobanAttempts": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Number of attempts a client is allowed to make in\n`autobanTimeframe` seconds, before being\nbanned for `autobanTime`.\n", "loc": ["services", "murmur", "autobanAttempts"], "readOnly": false, "type": "signed integer"}, "services.murmur.autobanTime": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "The amount of time an IP ban lasts (in seconds).", "loc": ["services", "murmur", "autobanTime"], "readOnly": false, "type": "signed integer"}, "services.murmur.autobanTimeframe": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "Timeframe in which a client can connect without being banned\nfor repeated attempts (in seconds).\n", "loc": ["services", "murmur", "autobanTimeframe"], "readOnly": false, "type": "signed integer"}, "services.murmur.bandwidth": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "72000"}, "description": "Maximum bandwidth (in bits per second) that clients may send\nspeech at.\n", "loc": ["services", "murmur", "bandwidth"], "readOnly": false, "type": "signed integer"}, "services.murmur.bonjour": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Mumble servers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "murmur", "bonjour"], "readOnly": false, "type": "boolean"}, "services.murmur.clientCertRequired": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable requiring clients to authenticate via certificates.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "murmur", "clientCertRequired"], "readOnly": false, "type": "boolean"}, "services.murmur.dbus": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable D-Bus remote control. Set to the bus you want Murmur to connect to.", "loc": ["services", "murmur", "dbus"], "readOnly": false, "type": "one of <null>, \"session\", \"system\""}, "services.murmur.enable": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mumble server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "murmur", "enable"], "readOnly": false, "type": "boolean"}, "services.murmur.environmentFile": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the world-readable\nNix store, by specifying placeholder variables as the option value in Nix and\nsetting these variables accordingly in the environment file.\n\n```\n  # snippet of murmur-related config\n  services.murmur.password = \"$MURMURD_PASSWORD\";\n```\n\n```\n  # content of the environment file\n  MURMURD_PASSWORD=verysecretpassword\n```\n\nNote that this file needs to be available on the host on which\n`murmur` is running.\n", "example": {"_type": "literalExpression", "text": "\"${config.services.murmur.stateDir}/murmurd.env\""}, "loc": ["services", "murmur", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.murmur.extraConfig": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to put into murmur.ini.", "loc": ["services", "murmur", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.murmur.group": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"murmur\""}, "description": "The name of an existing group to use to run the service.\nIf not specified, the default group will be created.\n", "loc": ["services", "murmur", "group"], "readOnly": false, "type": "string"}, "services.murmur.hostName": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Host to bind to. Defaults binding on all addresses.", "loc": ["services", "murmur", "hostName"], "readOnly": false, "type": "string"}, "services.murmur.imgMsgLength": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "131072"}, "description": "Max length of image messages. Set 0 for no limit.", "loc": ["services", "murmur", "imgMsgLength"], "readOnly": false, "type": "signed integer"}, "services.murmur.logDays": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "31"}, "description": "How long to store RPC logs for in the database. Set 0 to\nkeep logs forever, or -1 to disable DB logging.\n", "loc": ["services", "murmur", "logDays"], "readOnly": false, "type": "signed integer"}, "services.murmur.logToFile": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable logging to a file instead of journald, which is stored in /var/log/murmur.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "murmur", "logToFile"], "readOnly": false, "type": "boolean"}, "services.murmur.openFirewall": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening ports in the firewall for the Mumble server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "murmur", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.murmur.package": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "pkgs.murmur"}, "description": "The murmur package to use.", "loc": ["services", "murmur", "package"], "readOnly": false, "type": "package"}, "services.murmur.password": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Required password to join server, if specified.", "loc": ["services", "murmur", "password"], "readOnly": false, "type": "string"}, "services.murmur.port": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "64738"}, "description": "Ports to bind to (UDP and TCP).", "loc": ["services", "murmur", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.murmur.registerHostname": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "DNS hostname where your server can be reached. This is only\nneeded if you want your server to be accessed by its\nhostname and not IP - but the name *must* resolve on the\ninternet properly.\n", "loc": ["services", "murmur", "registerHostname"], "readOnly": false, "type": "string"}, "services.murmur.registerName": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Public server registration name, and also the name of the\nRoot channel. Even if you don't publicly register your\nserver, you probably still want to set this.\n", "loc": ["services", "murmur", "registerName"], "readOnly": false, "type": "string"}, "services.murmur.registerPassword": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Public server registry password, used authenticate your\nserver to the registry to prevent impersonation; required for\nsubsequent registry updates.\n", "loc": ["services", "murmur", "registerPassword"], "readOnly": false, "type": "string"}, "services.murmur.registerUrl": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL website for your server.", "loc": ["services", "murmur", "registerUrl"], "readOnly": false, "type": "string"}, "services.murmur.sendVersion": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Send Murmur version in UDP response.", "loc": ["services", "murmur", "sendVersion"], "readOnly": false, "type": "boolean"}, "services.murmur.sslCa": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your SSL CA certificate.", "loc": ["services", "murmur", "sslCa"], "readOnly": false, "type": "null or absolute path"}, "services.murmur.sslCert": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your SSL certificate.", "loc": ["services", "murmur", "sslCert"], "readOnly": false, "type": "null or absolute path"}, "services.murmur.sslKey": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your SSL key.", "loc": ["services", "murmur", "sslKey"], "readOnly": false, "type": "null or absolute path"}, "services.murmur.stateDir": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/murmur\""}, "description": "Directory to store data for the server.\n", "loc": ["services", "murmur", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.murmur.textMsgLength": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Max length of text messages. Set 0 for no limit.", "loc": ["services", "murmur", "textMsgLength"], "readOnly": false, "type": "signed integer"}, "services.murmur.user": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"murmur\""}, "description": "The name of an existing user to use to run the service.\nIf not specified, the default user will be created.\n", "loc": ["services", "murmur", "user"], "readOnly": false, "type": "string"}, "services.murmur.users": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum number of concurrent clients allowed.", "loc": ["services", "murmur", "users"], "readOnly": false, "type": "signed integer"}, "services.murmur.welcometext": {"declarations": ["nixos/modules/services/networking/murmur.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Welcome message for connected clients.", "loc": ["services", "murmur", "welcometext"], "readOnly": false, "type": "string"}, "services.mycelium.addHostedPublicNodes": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Adds the hosted peers from <https://github.com/threefoldtech/mycelium#hosted-public-nodes>.\n", "loc": ["services", "mycelium", "addHostedPublicNodes"], "readOnly": false, "type": "boolean"}, "services.mycelium.enable": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mycelium network.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mycelium", "enable"], "readOnly": false, "type": "boolean"}, "services.mycelium.extraArgs": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to mycelium.\n\nSee `mycelium --help` for all available options.\n", "loc": ["services", "mycelium", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.mycelium.keyFile": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional path to a file containing the mycelium key material.\nIf unset, the location `/var/lib/mycelium/key.bin` will be used.\nIf no key exist at this location, it will be generated on startup.\n", "loc": ["services", "mycelium", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.mycelium.openFirewall": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the firewall for mycelium", "loc": ["services", "mycelium", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.mycelium.package": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mycelium"}, "description": "The mycelium package to use.", "loc": ["services", "mycelium", "package"], "readOnly": false, "type": "package"}, "services.mycelium.peers": {"declarations": ["nixos/modules/services/networking/mycelium.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of peers to connect to, in the formats:\n - `quic://[2001:0db8::1]:9651`\n - `quic://192.0.2.1:9651`\n - `tcp://[2001:0db8::1]:9651`\n - `tcp://192.0.2.1:9651`\n\nIf addHostedPublicNodes is set to true, the hosted public nodes will also be added.\n", "loc": ["services", "mycelium", "peers"], "readOnly": false, "type": "list of string"}, "services.mympd.enable": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MyMPD server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mympd", "enable"], "readOnly": false, "type": "boolean"}, "services.mympd.extraGroups": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional groups for the systemd service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"music\"\n]"}, "loc": ["services", "mympd", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.mympd.openFirewall": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports needed for the functionality of the program.\n", "loc": ["services", "mympd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.mympd.package": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mympd"}, "description": "The mympd package to use.", "loc": ["services", "mympd", "package"], "readOnly": false, "type": "package"}, "services.mympd.settings": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "description": "Manages the configuration files declaratively. For all the configuration\noptions, see <https://jcorporation.github.io/myMPD/020-configuration/configuration-files>.\n\nEach key represents the \"File\" column from the upstream configuration table, and the\nvalue is the content of that file.\n", "loc": ["services", "mympd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or boolean or signed integer)"}, "services.mympd.settings.http_port": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "description": "The HTTP port where mympd's web interface will be available.\n\nThe HTTPS/SSL port can be configured via {option}`config`.\n", "example": {"_type": "literalExpression", "text": "\"8080\""}, "loc": ["services", "mympd", "settings", "http_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mympd.settings.ssl": {"declarations": ["nixos/modules/services/audio/mympd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable listening on the SSL port.\n\nRefer to <https://jcorporation.github.io/myMPD/020-configuration/configuration-files#ssl-options>\nfor more information.\n", "loc": ["services", "mympd", "settings", "ssl"], "readOnly": false, "type": "boolean"}, "services.mysql.configFile": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "''\n  A configuration file automatically generated by NixOS.\n''"}, "description": "Override the configuration file used by MySQL. By default,\nNixOS generates one automatically from {option}`services.mysql.settings`.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"my.cnf\" ''\n  [mysqld]\n  datadir = /var/lib/mysql\n  bind-address = 127.0.0.1\n  port = 3336\n\n  !includedir /etc/mysql/conf.d/\n'';\n"}, "loc": ["services", "mysql", "configFile"], "readOnly": false, "type": "absolute path"}, "services.mysql.dataDir": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/mysql\""}, "description": "The data directory for MySQL.\n\n::: {.note}\nIf left as the default value of `/var/lib/mysql` this directory will automatically be created before the MySQL\nserver starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/mysql\""}, "loc": ["services", "mysql", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.mysql.enable": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MySQL server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mysql", "enable"], "readOnly": false, "type": "boolean"}, "services.mysql.ensureDatabases": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ensures that the specified databases exist.\nThis option will never delete existing databases, especially not when the value of this\noption is changed. This means that databases created once through this option or\notherwise have to be removed manually.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nextcloud\"\n  \"matomo\"\n]"}, "loc": ["services", "mysql", "ensureDatabases"], "readOnly": false, "type": "list of string"}, "services.mysql.ensureUsers": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ensures that the specified users exist and have at least the ensured permissions.\nThe MySQL users will be identified using Unix socket authentication. This authenticates the Unix user with the\nsame name only, and that without the need for a password.\nThis option will never delete existing users or remove permissions, especially not when the value of this\noption is changed. This means that users created and permissions assigned once through this option or\notherwise have to be removed manually.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"nextcloud\";\n    ensurePermissions = {\n      \"nextcloud.*\" = \"ALL PRIVILEGES\";\n    };\n  }\n  {\n    name = \"backup\";\n    ensurePermissions = {\n      \"*.*\" = \"SELECT, LOCK TABLES\";\n    };\n  }\n]\n"}, "loc": ["services", "mysql", "ensureUsers"], "readOnly": false, "type": "list of (submodule)"}, "services.mysql.ensureUsers.*.ensurePermissions": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Permissions to ensure for the user, specified as attribute set.\nThe attribute names specify the database and tables to grant the permissions for,\nseparated by a dot. You may use wildcards here.\nThe attribute values specfiy the permissions to grant.\nYou may specify one or multiple comma-separated SQL privileges here.\n\nFor more information on how to specify the target\nand on which privileges exist, see the\n[GRANT syntax](https://mariadb.com/kb/en/library/grant/).\nThe attributes are used as `GRANT ${attrName} ON ${attrValue}`.\n", "example": {"_type": "literalExpression", "text": "{\n  \"database.*\" = \"ALL PRIVILEGES\";\n  \"*.*\" = \"SELECT, LOCK TABLES\";\n}\n"}, "loc": ["services", "mysql", "ensureUsers", "*", "ensurePermissions"], "readOnly": false, "type": "attribute set of string"}, "services.mysql.ensureUsers.*.name": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "Name of the user to ensure.\n", "loc": ["services", "mysql", "ensureUsers", "*", "name"], "readOnly": false, "type": "string"}, "services.mysql.galeraCluster.clusterAddress": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "if (config.services.mysql.galeraCluster.nodeAddresses == [ ]) then\n  \"\"\nelse\n  \"gcomm://${builtins.concatStringsSep \\\",\\\" config.services.mysql.galeraCluster.nodeAddresses}\"\n  + lib.optionalString (config.services.mysql.galeraCluster.clusterPassword != \"\")\n    \"?gmcast.seg=1:${config.services.mysql.galeraCluster.clusterPassword}\"\n"}, "description": "Full Galera cluster connection string. If nodeAddresses is set, this will be auto-generated, but you can override it with a custom value. Format is typically 'gcomm://node1,node2,node3' with optional parameters.", "example": {"_type": "literalExpression", "text": "\"gcomm://10.0.0.10,10.0.0.20,10.0.0.30?gmcast.seg=1:SomePassword\""}, "loc": ["services", "mysql", "galeraCluster", "clusterAddress"], "readOnly": false, "type": "string"}, "services.mysql.galeraCluster.clusterPassword": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Optional password for securing cluster communications. If provided, it will be used in the clusterAddress for authentication between nodes.", "example": {"_type": "literalExpression", "text": "\"SomePassword\""}, "loc": ["services", "mysql", "galeraCluster", "clusterPassword"], "readOnly": false, "type": "string"}, "services.mysql.galeraCluster.enable": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MariaDB Galera Cluster.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mysql", "galeraCluster", "enable"], "readOnly": false, "type": "boolean"}, "services.mysql.galeraCluster.localAddress": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "config.services.mysql.galeraCluster.localName"}, "description": "IP address or hostname of this node that will be used for cluster communication. Must be reachable by all other nodes.", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "mysql", "galeraCluster", "localAddress"], "readOnly": false, "type": "string"}, "services.mysql.galeraCluster.localName": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "The unique name that identifies this particular node within the cluster. Each node must have a different name.", "example": {"_type": "literalExpression", "text": "\"node1\""}, "loc": ["services", "mysql", "galeraCluster", "localName"], "readOnly": false, "type": "string"}, "services.mysql.galeraCluster.name": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"galera\""}, "description": "The logical name of the Galera cluster. All nodes in the same cluster must use the same name.", "loc": ["services", "mysql", "galeraCluster", "name"], "readOnly": false, "type": "string"}, "services.mysql.galeraCluster.nodeAddresses": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "IP addresses or hostnames of all nodes in the cluster, including this node. This is used to construct the default clusterAddress connection string.", "example": {"_type": "literalExpression", "text": "[\"10.0.0.10\" \"10.0.0.20\" \"10.0.0.30\"]"}, "loc": ["services", "mysql", "galeraCluster", "nodeAddresses"], "readOnly": false, "type": "list of string"}, "services.mysql.galeraCluster.package": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mariadb-galera"}, "description": "The MariaDB Galera package that provides the shared library 'libgalera_smm.so' required for cluster functionality.", "loc": ["services", "mysql", "galeraCluster", "package"], "readOnly": false, "type": "package"}, "services.mysql.galeraCluster.sstMethod": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"rsync\""}, "description": "Method for the initial state transfer (wsrep_sst_method) when a node joins the cluster. Be aware that rsync needs SSH keys to be generated and authorized on all nodes!", "example": {"_type": "literalExpression", "text": "\"mariabackup\""}, "loc": ["services", "mysql", "galeraCluster", "sstMethod"], "readOnly": false, "type": "one of \"rsync\", \"mariabackup\""}, "services.mysql.group": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "Group account under which MySQL runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the MySQL service starts.\n:::\n", "loc": ["services", "mysql", "group"], "readOnly": false, "type": "string"}, "services.mysql.initialDatabases": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of database names and their initial schemas that should be used to create databases on the first startup\nof MySQL. The schema attribute is optional: If not specified, an empty database is created.\n", "example": {"_type": "literalExpression", "text": "[\n  { name = \"foodatabase\"; schema = ./foodatabase.sql; }\n  { name = \"bardatabase\"; }\n]\n"}, "loc": ["services", "mysql", "initialDatabases"], "readOnly": false, "type": "list of (submodule)"}, "services.mysql.initialDatabases.*.name": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "The name of the database to create.\n", "loc": ["services", "mysql", "initialDatabases", "*", "name"], "readOnly": false, "type": "string"}, "services.mysql.initialDatabases.*.schema": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The initial schema of the database; if null (the default),\nan empty database is created.\n", "loc": ["services", "mysql", "initialDatabases", "*", "schema"], "readOnly": false, "type": "null or absolute path"}, "services.mysql.initialScript": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database.", "loc": ["services", "mysql", "initialScript"], "readOnly": false, "type": "null or absolute path"}, "services.mysql.package": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "Which MySQL derivation to use. MariaDB packages are supported too.\n", "example": {"_type": "literalExpression", "text": "pkgs.mariadb"}, "loc": ["services", "mysql", "package"], "readOnly": false, "type": "package"}, "services.mysql.replication.masterHost": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "Hostname of the MySQL master server.", "loc": ["services", "mysql", "replication", "masterHost"], "readOnly": false, "type": "string"}, "services.mysql.replication.masterPassword": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "Password of the MySQL replication user.", "loc": ["services", "mysql", "replication", "masterPassword"], "readOnly": false, "type": "string"}, "services.mysql.replication.masterPort": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Port number on which the MySQL master server runs.", "loc": ["services", "mysql", "replication", "masterPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.mysql.replication.masterUser": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "Username of the MySQL replication user.", "loc": ["services", "mysql", "replication", "masterUser"], "readOnly": false, "type": "string"}, "services.mysql.replication.role": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Role of the MySQL server instance.", "loc": ["services", "mysql", "replication", "role"], "readOnly": false, "type": "one of \"master\", \"slave\", \"none\""}, "services.mysql.replication.serverId": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Id of the MySQL server instance. This number must be unique for each instance.", "loc": ["services", "mysql", "replication", "serverId"], "readOnly": false, "type": "signed integer"}, "services.mysql.replication.slaveHost": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "description": "Hostname of the MySQL slave server.", "loc": ["services", "mysql", "replication", "slaveHost"], "readOnly": false, "type": "string"}, "services.mysql.settings": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "MySQL configuration. Refer to\n<https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html>,\n<https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html>,\nand <https://mariadb.com/kb/en/server-system-variables/>\nfor details on supported values.\n\n::: {.note}\nMySQL configuration options such as `--quick` should be treated as\nboolean options and provided values such as `true`, `false`,\n`1`, or `0`. See the provided example below.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  mysqld = {\n    key_buffer_size = \"6G\";\n    table_cache = 1600;\n    log-error = \"/var/log/mysql_err.log\";\n    plugin-load-add = [ \"server_audit\" \"ed25519=auth_ed25519\" ];\n  };\n  mysqldump = {\n    quick = true;\n    max_allowed_packet = \"16M\";\n  };\n}\n"}, "loc": ["services", "mysql", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.mysql.user": {"declarations": ["nixos/modules/services/databases/mysql.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "User account under which MySQL runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the MySQL service starts.\n:::\n", "loc": ["services", "mysql", "user"], "readOnly": false, "type": "string"}, "services.mysqlBackup.calendar": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"01:15:00\""}, "description": "Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).\n", "loc": ["services", "mysqlBackup", "calendar"], "readOnly": false, "type": "string"}, "services.mysqlBackup.compressionAlg": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"gzip\""}, "description": "Compression algorithm to use for database dumps.\n", "loc": ["services", "mysqlBackup", "compressionAlg"], "readOnly": false, "type": "one of \"gzip\", \"xz\", \"zstd\""}, "services.mysqlBackup.compressionLevel": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Compression level to use for gzip, xz or zstd.\n- For gzip: 1-9\n- For xz: 0-9\n- For zstd: 1-19\n\n:::{.note}\nIf compression level is also specified in gzipOptions, the gzipOptions value will be overwritten\n:::\n", "loc": ["services", "mysqlBackup", "compressionLevel"], "readOnly": false, "type": "null or signed integer"}, "services.mysqlBackup.databases": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of database names to dump.\n", "loc": ["services", "mysqlBackup", "databases"], "readOnly": false, "type": "list of string"}, "services.mysqlBackup.enable": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MySQL backups.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mysqlBackup", "enable"], "readOnly": false, "type": "boolean"}, "services.mysqlBackup.gzipOptions": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"--no-name --rsyncable\""}, "description": "Command line options to use when invoking `gzip`.\nOnly used when compression is set to \"gzip\".\nIf compression level is specified both here and in compressionLevel, the compressionLevel value will take precedence.\n", "loc": ["services", "mysqlBackup", "gzipOptions"], "readOnly": false, "type": "string"}, "services.mysqlBackup.location": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"/var/backup/mysql\""}, "description": "Location to put the compressed MySQL database dumps.\n", "loc": ["services", "mysqlBackup", "location"], "readOnly": false, "type": "absolute path"}, "services.mysqlBackup.singleTransaction": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create database dump in a single transaction.\nCan be either a boolean for all databases or a list of database names.\n", "loc": ["services", "mysqlBackup", "singleTransaction"], "readOnly": false, "type": "boolean or list of string"}, "services.mysqlBackup.user": {"declarations": ["nixos/modules/services/backup/mysql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"mysqlbackup\""}, "description": "User to be used to perform backup.\n", "loc": ["services", "mysqlBackup", "user"], "readOnly": false, "type": "string"}, "services.n8n.customNodes": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of custom n8n community node packages to load.\nEach package is expected to be an npm package with an `n8n.nodes` entry in its `package.json`.\nThe packages are made available to n8n via the `N8N_CUSTOM_EXTENSIONS` environment variable.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.n8n-nodes-carbonejs ]"}, "loc": ["services", "n8n", "customNodes"], "readOnly": false, "type": "list of package"}, "services.n8n.enable": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable n8n server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "n8n", "enable"], "readOnly": false, "type": "boolean"}, "services.n8n.environment": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to pass to the n8n service.\nSee <https://docs.n8n.io/hosting/configuration/environment-variables/> for available options.\n\nEnvironment variables ending with `_FILE` are automatically handled as secrets:\nthey are loaded via systemd credentials for secure access with `DynamicUser=true`.\n\nThis can be useful to pass secrets via tools like `agenix` or `sops-nix`.\n", "example": {"_type": "literalExpression", "text": "{\n  N8N_ENCRYPTION_KEY_FILE = \"/run/n8n/encryption_key\";\n  DB_POSTGRESDB_PASSWORD_FILE = \"/run/n8n/db_postgresdb_password\";\n  WEBHOOK_URL = \"https://n8n.example.com\";\n}\n"}, "loc": ["services", "n8n", "environment"], "readOnly": false, "type": "open submodule of attribute set of (string or (string or signed integer convertible to it) or (string or boolean convertible to it))"}, "services.n8n.environment.GENERIC_TIMEZONE": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "config.time.timeZone"}, "description": "The n8n instance timezone. Important for schedule nodes (such as Cron).\n", "loc": ["services", "n8n", "environment", "GENERIC_TIMEZONE"], "readOnly": false, "type": "null or string"}, "services.n8n.environment.N8N_DIAGNOSTICS_ENABLED": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to share selected, anonymous telemetry with n8n.\nNote that if you set this to false, you can't enable Ask AI in the Code node.\n", "loc": ["services", "n8n", "environment", "N8N_DIAGNOSTICS_ENABLED"], "readOnly": false, "type": "string or boolean convertible to it"}, "services.n8n.environment.N8N_PORT": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "5678"}, "description": "The HTTP port n8n runs on.", "loc": ["services", "n8n", "environment", "N8N_PORT"], "readOnly": false, "type": "string or 16 bit unsigned integer; between 0 and 65535 (both inclusive) convertible to it"}, "services.n8n.environment.N8N_RUNNERS_AUTH_TOKEN_FILE": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the shared authentication token\nused between the n8n server (task broker) and the task runners.\n\nThis option is required when {option}`services.n8n.taskRunners.enable` is true.\nThe file should be readable by the service and not stored in the Nix store.\nUse tools like `agenix` or `sops-nix` to manage this secret.\n", "loc": ["services", "n8n", "environment", "N8N_RUNNERS_AUTH_TOKEN_FILE"], "readOnly": false, "type": "null or absolute path"}, "services.n8n.environment.N8N_RUNNERS_BROKER_LISTEN_ADDRESS": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address the task broker listens on.\n", "loc": ["services", "n8n", "environment", "N8N_RUNNERS_BROKER_LISTEN_ADDRESS"], "readOnly": false, "type": "string"}, "services.n8n.environment.N8N_RUNNERS_BROKER_PORT": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "5679"}, "description": "Port the task broker listens on for task runner connections.\n", "loc": ["services", "n8n", "environment", "N8N_RUNNERS_BROKER_PORT"], "readOnly": false, "type": "string or 16 bit unsigned integer; between 0 and 65535 (both inclusive) convertible to it"}, "services.n8n.environment.N8N_USER_FOLDER": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/n8n\""}, "description": "Provide the path where n8n will create the .n8n folder.\nThis directory stores user-specific data, such as database file and encryption key.\n", "loc": ["services", "n8n", "environment", "N8N_USER_FOLDER"], "readOnly": true, "type": "absolute path"}, "services.n8n.environment.N8N_VERSION_NOTIFICATIONS_ENABLED": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, n8n sends notifications of new versions and security updates.\n", "loc": ["services", "n8n", "environment", "N8N_VERSION_NOTIFICATIONS_ENABLED"], "readOnly": false, "type": "string or boolean convertible to it"}, "services.n8n.openFirewall": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the n8n web interface.", "loc": ["services", "n8n", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.n8n.package": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "pkgs.n8n"}, "description": "The n8n package to use.", "loc": ["services", "n8n", "package"], "readOnly": false, "type": "package"}, "services.n8n.taskRunners.enable": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable n8n task runners for sandboxed Code node execution.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "n8n", "taskRunners", "enable"], "readOnly": false, "type": "boolean"}, "services.n8n.taskRunners.environment": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for the task runner launcher and runners.\nThese are common to all runners and passed via `allowed-env` in the launcher config.\nSee <https://docs.n8n.io/hosting/configuration/environment-variables/task-runners/> for available options.\n\nEnvironment variables ending with `_FILE` are automatically handled as secrets:\nthey are loaded via systemd credentials for secure access with `DynamicUser=true`.\n\nNote: The authentication token should be set via {option}`services.n8n.environment.N8N_RUNNERS_AUTH_TOKEN_FILE`.\n", "example": {"_type": "literalExpression", "text": "{\n  N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT = 15;\n  N8N_RUNNERS_MAX_CONCURRENCY = 10;\n}\n"}, "loc": ["services", "n8n", "taskRunners", "environment"], "readOnly": false, "type": "open submodule of attribute set of (string or (string or signed integer convertible to it) or (string or boolean convertible to it))"}, "services.n8n.taskRunners.environment.N8N_RUNNERS_AUTH_TOKEN_FILE": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "config.services.n8n.environment.N8N_RUNNERS_AUTH_TOKEN_FILE"}, "description": "Path to the authentication token file for the task runner.\n", "loc": ["services", "n8n", "taskRunners", "environment", "N8N_RUNNERS_AUTH_TOKEN_FILE"], "readOnly": false, "type": "null or absolute path"}, "services.n8n.taskRunners.environment.N8N_RUNNERS_TASK_BROKER_URI": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "\"http://${config.services.n8n.environment.N8N_RUNNERS_BROKER_LISTEN_ADDRESS}:${config.services.n8n.environment.N8N_RUNNERS_BROKER_PORT}\""}, "description": "URI of the n8n task broker that the runner connects to.\n", "loc": ["services", "n8n", "taskRunners", "environment", "N8N_RUNNERS_TASK_BROKER_URI"], "readOnly": false, "type": "string"}, "services.n8n.taskRunners.launcherPackage": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "pkgs.n8n-task-runner-launcher"}, "description": "The n8n-task-runner-launcher package to use.", "loc": ["services", "n8n", "taskRunners", "launcherPackage"], "readOnly": false, "type": "package"}, "services.n8n.taskRunners.runners": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "{\n  javascript = {\n    enable = true;\n    command = lib.getExe' config.services.n8n.package \"n8n-task-runner\";\n    healthCheckPort = 5681;\n  };\n  python = {\n    enable = true;\n    command = lib.getExe' config.services.n8n.package \"n8n-task-runner-python\";\n    healthCheckPort = 5682;\n  };\n}\n"}, "description": "Configuration for individual task runners.", "loc": ["services", "n8n", "taskRunners", "runners"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.n8n.taskRunners.runners.<name>.args": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments to pass to the task runner.", "loc": ["services", "n8n", "taskRunners", "runners", "<name>", "args"], "readOnly": false, "type": "list of string"}, "services.n8n.taskRunners.runners.<name>.command": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "description": "Command to execute for this runner.", "loc": ["services", "n8n", "taskRunners", "runners", "<name>", "command"], "readOnly": false, "type": "string"}, "services.n8n.taskRunners.runners.<name>.enable": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the \u2039name\u203a task runner.\nOnly takes effect when {option}`services.n8n.taskRunners.enable` is true.\n", "loc": ["services", "n8n", "taskRunners", "runners", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.n8n.taskRunners.runners.<name>.environment": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables specific to this task runner.", "loc": ["services", "n8n", "taskRunners", "runners", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.n8n.taskRunners.runners.<name>.healthCheckPort": {"declarations": ["nixos/modules/services/misc/n8n.nix"], "description": "Port for the runner's health check server.", "loc": ["services", "n8n", "taskRunners", "runners", "<name>", "healthCheckPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nagios.cgiConfigFile": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "nagiosCGICfgFile"}, "description": "Derivation for the configuration file of Nagios CGI scripts\nthat can be used in web servers for running the Nagios web interface.\n", "loc": ["services", "nagios", "cgiConfigFile"], "readOnly": false, "type": "package"}, "services.nagios.enable": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [Nagios](https://www.nagios.org/) to monitor your system or network.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nagios", "enable"], "readOnly": false, "type": "boolean"}, "services.nagios.enableWebInterface": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Nagios web interface.  You should also\nenable Apache ({option}`services.httpd.enable`).\n", "loc": ["services", "nagios", "enableWebInterface"], "readOnly": false, "type": "boolean"}, "services.nagios.extraConfig": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration to add to /etc/nagios.cfg", "example": {"_type": "literalExpression", "text": "{\n  debug_file = \"/var/log/nagios/debug.log\";\n  debug_level = \"-1\";\n}"}, "loc": ["services", "nagios", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.nagios.mainConfigFile": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If non-null, overrides the main configuration file of Nagios.\n", "loc": ["services", "nagios", "mainConfigFile"], "readOnly": false, "type": "null or package"}, "services.nagios.objectDefs": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "description": "A list of Nagios object configuration files that must define\nthe hosts, host groups, services and contacts for the\nnetwork that you want Nagios to monitor.\n", "example": {"_type": "literalExpression", "text": "[ ./objects.cfg ]"}, "loc": ["services", "nagios", "objectDefs"], "readOnly": false, "type": "list of absolute path"}, "services.nagios.plugins": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "[pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]"}, "description": "Packages to be added to the Nagios {env}`PATH`.\nTypically used to add plugins, but can be anything.\n", "loc": ["services", "nagios", "plugins"], "readOnly": false, "type": "list of package"}, "services.nagios.validateConfig": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform"}, "description": "if true, the syntax of the nagios configuration file is checked at build time", "loc": ["services", "nagios", "validateConfig"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "description": "Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`.\nSee [](#opt-services.httpd.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{ hostName = \"example.org\";\n  adminAddr = \"webmaster@example.org\";\n  enableSSL = true;\n  sslServerCert = \"/var/lib/acme/example.org/full.pem\";\n  sslServerKey = \"/var/lib/acme/example.org/key.pem\";\n}\n"}, "loc": ["services", "nagios", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.nagios.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "nagios", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.nagios.virtualHost.addSSL": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "nagios", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "nagios", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.nagios.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "nagios", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.nagios.virtualHost.enableACME": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "nagios", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "nagios", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "nagios", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nagios.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "nagios", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "nagios", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.nagios.virtualHost.hostName": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "nagios", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.nagios.virtualHost.http2": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "nagios", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.listen": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "nagios", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.nagios.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "nagios", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.nagios.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "description": "Port to listen on", "loc": ["services", "nagios", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nagios.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "nagios", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "nagios", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.nagios.virtualHost.locations": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "nagios", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nagios.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "nagios", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.nagios.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "nagios", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nagios.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "nagios", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.nagios.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "nagios", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.nagios.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "nagios", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.nagios.virtualHost.logFormat": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "nagios", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.nagios.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "nagios", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.nagios.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "nagios", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nagios.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "nagios", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.nagios.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "nagios", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.nagios.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "nagios", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.nagios.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "nagios", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.nagios.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "nagios", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.nagios.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "nagios", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.nagios.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/monitoring/nagios.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "nagios", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.namecoind.enable": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable namecoind, Namecoin client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "namecoind", "enable"], "readOnly": false, "type": "boolean"}, "services.namecoind.extraNodes": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional peer IP addresses to connect to.\n", "loc": ["services", "namecoind", "extraNodes"], "readOnly": false, "type": "list of string"}, "services.namecoind.generate": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate (mine) Namecoins.\n", "loc": ["services", "namecoind", "generate"], "readOnly": false, "type": "boolean"}, "services.namecoind.rpc.address": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address the RPC server will bind to.\n", "loc": ["services", "namecoind", "rpc", "address"], "readOnly": false, "type": "string"}, "services.namecoind.rpc.allowFrom": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "description": "List of IP address ranges allowed to use the RPC API.\nWiledcards (*) can be user to specify a range.\n", "loc": ["services", "namecoind", "rpc", "allowFrom"], "readOnly": false, "type": "list of string"}, "services.namecoind.rpc.certificate": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for securing RPC connections.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/namecoind/server.cert\""}, "loc": ["services", "namecoind", "rpc", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.namecoind.rpc.key": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for securing RPC connections.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/namecoind/server.pem\""}, "loc": ["services", "namecoind", "rpc", "key"], "readOnly": false, "type": "null or absolute path"}, "services.namecoind.rpc.password": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for RPC connections.\n", "loc": ["services", "namecoind", "rpc", "password"], "readOnly": false, "type": "null or string"}, "services.namecoind.rpc.port": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "8332"}, "description": "Port the RPC server will bind to.\n", "loc": ["services", "namecoind", "rpc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.namecoind.rpc.user": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User name for RPC connections.\n", "loc": ["services", "namecoind", "rpc", "user"], "readOnly": false, "type": "null or string"}, "services.namecoind.trustedNodes": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of the only peer IP addresses to connect to. If specified\nno other connection will be made.\n", "loc": ["services", "namecoind", "trustedNodes"], "readOnly": false, "type": "list of string"}, "services.namecoind.wallet": {"declarations": ["nixos/modules/services/networking/namecoind.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/namecoind/wallet.dat\""}, "description": "Wallet file. The ownership of the file has to be\nnamecoin:namecoin, and the permissions must be 0640.\n", "loc": ["services", "namecoind", "wallet"], "readOnly": false, "type": "absolute path"}, "services.nar-serve.cacheURL": {"declarations": ["nixos/modules/services/networking/nar-serve.nix"], "default": {"_type": "literalExpression", "text": "\"https://cache.nixos.org/\""}, "description": "Binary cache URL to connect to.\n\nThe URL format is compatible with the nix remote url style, such as:\n- http://, https:// for binary caches via HTTP or HTTPS\n- s3:// for binary caches stored in Amazon S3\n- gs:// for binary caches stored in Google Cloud Storage\n", "loc": ["services", "nar-serve", "cacheURL"], "readOnly": false, "type": "string"}, "services.nar-serve.domain": {"declarations": ["nixos/modules/services/networking/nar-serve.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "When set, enables the feature of serving <nar-hash>.<domain>\non top of <domain>/nix/store/<nar-hash>-<pname>.\n\nUseful to preview static websites where paths are absolute.\n", "loc": ["services", "nar-serve", "domain"], "readOnly": false, "type": "string"}, "services.nar-serve.enable": {"declarations": ["nixos/modules/services/networking/nar-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving NAR file contents via HTTP.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nar-serve", "enable"], "readOnly": false, "type": "boolean"}, "services.nar-serve.package": {"declarations": ["nixos/modules/services/networking/nar-serve.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nar-serve"}, "description": "The nar-serve package to use.", "loc": ["services", "nar-serve", "package"], "readOnly": false, "type": "package"}, "services.nar-serve.port": {"declarations": ["nixos/modules/services/networking/nar-serve.nix"], "default": {"_type": "literalExpression", "text": "8383"}, "description": "Port number where nar-serve will listen on.\n", "loc": ["services", "nar-serve", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nats.dataDir": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/nats\""}, "description": "The NATS data directory. Only used if JetStream is enabled, for\nstoring stream metadata and messages.\n\nIf left as the default value this directory will automatically be\ncreated before the NATS server starts, otherwise the sysadmin is\nresponsible for ensuring the directory exists with appropriate\nownership and permissions.\n", "loc": ["services", "nats", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.nats.enable": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NATS messaging system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nats", "enable"], "readOnly": false, "type": "boolean"}, "services.nats.group": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "\"nats\""}, "description": "Group under which NATS runs.", "loc": ["services", "nats", "group"], "readOnly": false, "type": "string"}, "services.nats.jetstream": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable JetStream.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nats", "jetstream"], "readOnly": false, "type": "boolean"}, "services.nats.port": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "4222"}, "description": "Port on which to listen.\n", "loc": ["services", "nats", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nats.serverName": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "\"nats\""}, "description": "Name of the NATS server, must be unique if clustered.\n", "example": {"_type": "literalExpression", "text": "\"n1-c3\""}, "loc": ["services", "nats", "serverName"], "readOnly": false, "type": "string"}, "services.nats.settings": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative NATS configuration. See the\n[\nNATS documentation](https://docs.nats.io/nats-server/configuration) for a list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  jetstream = {\n    max_mem = \"1G\";\n    max_file = \"10G\";\n  };\n};\n"}, "loc": ["services", "nats", "settings"], "readOnly": false, "type": "JSON value"}, "services.nats.user": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "\"nats\""}, "description": "User account under which NATS runs.", "loc": ["services", "nats", "user"], "readOnly": false, "type": "string"}, "services.nats.validateConfig": {"declarations": ["nixos/modules/services/networking/nats.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If true, validate nats config at build time. When the config can't\nbe checked during build time, for example when it includes other\nfiles, disable this option.\n", "loc": ["services", "nats", "validateConfig"], "readOnly": false, "type": "boolean"}, "services.navidrome.enable": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Navidrome music server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "navidrome", "enable"], "readOnly": false, "type": "boolean"}, "services.navidrome.environmentFile": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file, used to set any secret ND_* environment variables.", "loc": ["services", "navidrome", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.navidrome.group": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "\"navidrome\""}, "description": "Group under which Navidrome runs.", "loc": ["services", "navidrome", "group"], "readOnly": false, "type": "string"}, "services.navidrome.openFirewall": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the TCP port in the firewall", "loc": ["services", "navidrome", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.navidrome.package": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "pkgs.navidrome"}, "description": "The navidrome package to use.", "loc": ["services", "navidrome", "package"], "readOnly": false, "type": "package"}, "services.navidrome.settings": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Navidrome, see <https://www.navidrome.org/docs/usage/configuration-options/> for supported values.", "example": {"_type": "literalExpression", "text": "{\n  MusicFolder = \"/mnt/music\";\n}"}, "loc": ["services", "navidrome", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.navidrome.settings.Address": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to run Navidrome on.", "loc": ["services", "navidrome", "settings", "Address"], "readOnly": false, "type": "string"}, "services.navidrome.settings.EnableInsightsCollector": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable anonymous usage data collection, see <https://www.navidrome.org/docs/getting-started/insights/> for details.", "loc": ["services", "navidrome", "settings", "EnableInsightsCollector"], "readOnly": false, "type": "boolean"}, "services.navidrome.settings.Port": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "4533"}, "description": "Port to run Navidrome on.", "loc": ["services", "navidrome", "settings", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.navidrome.user": {"declarations": ["nixos/modules/services/audio/navidrome.nix"], "default": {"_type": "literalExpression", "text": "\"navidrome\""}, "description": "User under which Navidrome runs.", "loc": ["services", "navidrome", "user"], "readOnly": false, "type": "string"}, "services.nbd.server.enable": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Network Block Device (nbd) server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nbd", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.nbd.server.exports": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Files or block devices to make available over the network.", "loc": ["services", "nbd", "server", "exports"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nbd.server.exports.<name>.allowAddresses": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPs and subnets that are authorized to connect for this device. If not specified, the server will allow all connections.", "example": {"_type": "literalExpression", "text": "[\n  \"10.10.0.0/24\"\n  \"127.0.0.1\"\n]"}, "loc": ["services", "nbd", "server", "exports", "<name>", "allowAddresses"], "readOnly": false, "type": "null or (list of string)"}, "services.nbd.server.exports.<name>.extraOptions": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "{\n  flush = true;\n  fua = true;\n}"}, "description": "Extra options for this export. See\n{manpage}`nbd-server(5)`.\n", "loc": ["services", "nbd", "server", "exports", "<name>", "extraOptions"], "readOnly": false, "type": "attribute set of (boolean or signed integer or floating point number or string)"}, "services.nbd.server.exports.<name>.path": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "description": "File or block device to export.", "example": {"_type": "literalExpression", "text": "\"/dev/sdb1\""}, "loc": ["services", "nbd", "server", "exports", "<name>", "path"], "readOnly": false, "type": "string"}, "services.nbd.server.extraOptions": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "{\n  allowlist = false;\n}"}, "description": "Extra options for the server. See\n{manpage}`nbd-server(5)`.\n", "loc": ["services", "nbd", "server", "extraOptions"], "readOnly": false, "type": "attribute set of (boolean or signed integer or floating point number or string)"}, "services.nbd.server.listenAddress": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address to listen on. If not specified, the server will listen on all interfaces.", "example": {"_type": "literalExpression", "text": "\"10.10.0.1\""}, "loc": ["services", "nbd", "server", "listenAddress"], "readOnly": false, "type": "null or string"}, "services.nbd.server.listenPort": {"declarations": ["nixos/modules/services/networking/nbd.nix"], "default": {"_type": "literalExpression", "text": "10809"}, "description": "Port to listen on. The port is NOT automatically opened in the firewall.", "loc": ["services", "nbd", "server", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ncdns.address": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"[::1]\""}, "description": "The IP address the ncdns resolver will bind to.  Leave this unchanged\nif you do not wish to directly expose the resolver.\n", "loc": ["services", "ncdns", "address"], "readOnly": false, "type": "string"}, "services.ncdns.dnssec.enable": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DNSSEC support in ncdns. This will generate KSK and ZSK keypairs\n(unless provided via the options\n{option}`services.ncdns.dnssec.publicKey`,\n{option}`services.ncdns.dnssec.privateKey` etc.) and add a trust\nanchor to recursive resolvers\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncdns", "dnssec", "enable"], "readOnly": false, "type": "boolean"}, "services.ncdns.dnssec.keys.private": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ncdns/bit.private\""}, "description": "Path to the file containing the KSK private key.\n", "loc": ["services", "ncdns", "dnssec", "keys", "private"], "readOnly": false, "type": "absolute path"}, "services.ncdns.dnssec.keys.public": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ncdns/bit.key\""}, "description": "Path to the file containing the KSK public key.\nThe key can be generated using the `dnssec-keygen`\ncommand, provided by the package `bind` as follows:\n```\n$ dnssec-keygen -a RSASHA256 -3 -b 2048 -f KSK bit\n```\n", "loc": ["services", "ncdns", "dnssec", "keys", "public"], "readOnly": false, "type": "absolute path"}, "services.ncdns.dnssec.keys.zonePrivate": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ncdns/bit-zone.private\""}, "description": "Path to the file containing the ZSK private key.\n", "loc": ["services", "ncdns", "dnssec", "keys", "zonePrivate"], "readOnly": false, "type": "absolute path"}, "services.ncdns.dnssec.keys.zonePublic": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ncdns/bit-zone.key\""}, "description": "Path to the file containing the ZSK public key.\nThe key can be generated using the `dnssec-keygen`\ncommand, provided by the package `bind` as follows:\n```\n$ dnssec-keygen -a RSASHA256 -3 -b 2048 bit\n```\n", "loc": ["services", "ncdns", "dnssec", "keys", "zonePublic"], "readOnly": false, "type": "absolute path"}, "services.ncdns.enable": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS.\nTo resolve .bit domains set `services.namecoind.enable = true;`\nand an RPC username/password\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncdns", "enable"], "readOnly": false, "type": "boolean"}, "services.ncdns.identity.address": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"127.127.127.127\""}, "description": "The IP address the hostname specified in\n{option}`services.ncdns.identity.hostname` should resolve to.\nIf you are only using ncdns locally you can ignore this.\n", "loc": ["services", "ncdns", "identity", "address"], "readOnly": false, "type": "string"}, "services.ncdns.identity.hostmaster": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "An email address for the SOA record at the bit zone.\nIf you are only using ncdns locally you can ignore this.\n", "example": {"_type": "literalExpression", "text": "\"root@example.com\""}, "loc": ["services", "ncdns", "identity", "hostmaster"], "readOnly": false, "type": "string"}, "services.ncdns.identity.hostname": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "The hostname of this ncdns instance, which defaults to the machine\nhostname. If specified, ncdns lists the hostname as an NS record at\nthe zone apex:\n```\nbit. IN NS ns1.example.com.\n```\nIf unset ncdns will generate an internal pseudo-hostname under the\nzone, which will resolve to the value of\n{option}`services.ncdns.identity.address`.\nIf you are only using ncdns locally you can ignore this.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "ncdns", "identity", "hostname"], "readOnly": false, "type": "string"}, "services.ncdns.port": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "5333"}, "description": "The port the ncdns resolver will bind to.\n", "loc": ["services", "ncdns", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ncdns.settings": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "ncdns settings. Use this option to configure ncds\nsettings not exposed in a NixOS option or to bypass one.\nSee the example ncdns.conf file at <https://github.com/namecoin/ncdns/blob/master/_doc/ncdns.conf.example>\nfor the available options.\n", "example": {"_type": "literalExpression", "text": "{ # enable webserver\n  ncdns.httplistenaddr = \":8202\";\n\n  # synchronize TLS certs\n  certstore.nss = true;\n  # note: all paths are relative to the config file\n  certstore.nsscertdir =  \"../../var/lib/ncdns\";\n  certstore.nssdbdir = \"../../home/alice/.pki/nssdb\";\n}\n"}, "loc": ["services", "ncdns", "settings"], "readOnly": false, "type": "TOML value"}, "services.ncps.analytics.reporting.enable": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable reporting anonymous usage statistics (DB type, Lock type, Total Size) to the project maintainers.\n", "loc": ["services", "ncps", "analytics", "reporting", "enable"], "readOnly": false, "type": "boolean"}, "services.ncps.analytics.reporting.samples": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable printing the analytics samples to stdout. This is useful for debugging and verification purposes only..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncps", "analytics", "reporting", "samples"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.allowDeleteVerb": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether to allow the DELETE verb to delete narinfo and nar files from\nthe cache.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncps", "cache", "allowDeleteVerb"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.allowPutVerb": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether to allow the PUT verb to push narinfo and nar files directly\nto the cache.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncps", "cache", "allowPutVerb"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.database.pool.maxIdleConns": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of idle connections in the pool (0 = use\ndatabase-specific defaults).\n", "loc": ["services", "ncps", "cache", "database", "pool", "maxIdleConns"], "readOnly": false, "type": "signed integer"}, "services.ncps.cache.database.pool.maxOpenConns": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of open connections to the database (0 = use\ndatabase-specific defaults).\n", "loc": ["services", "ncps", "cache", "database", "pool", "maxOpenConns"], "readOnly": false, "type": "signed integer"}, "services.ncps.cache.databaseURL": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:/var/lib/ncps/db/db.sqlite\""}, "description": "The URL of the database (currently only SQLite is supported)\n", "loc": ["services", "ncps", "cache", "databaseURL"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.databaseURLFile": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the URL of the database.\n", "loc": ["services", "ncps", "cache", "databaseURLFile"], "readOnly": false, "type": "null or absolute path"}, "services.ncps.cache.hostName": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "The hostname of the cache server. **This is used to generate the\nprivate key used for signing store paths (.narinfo)**\n", "loc": ["services", "ncps", "cache", "hostName"], "readOnly": false, "type": "string"}, "services.ncps.cache.lock.allowDegradedMode": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow falling back to local locks if Redis is unavailable (WARNING:\nbreaks HA guarantees).\n", "loc": ["services", "ncps", "cache", "lock", "allowDegradedMode"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.lock.backend": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "Lock backend to use: 'local' (single instance), 'redis'\n(distributed).\n", "loc": ["services", "ncps", "cache", "lock", "backend"], "readOnly": false, "type": "one of \"local\", \"redis\""}, "services.ncps.cache.lock.downloadTTL": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"5m0s\""}, "description": "TTL for download locks (per-hash locks).\n", "loc": ["services", "ncps", "cache", "lock", "downloadTTL"], "readOnly": false, "type": "string"}, "services.ncps.cache.lock.lruTTL": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"30m0s\""}, "description": "TTL for LRU lock (global exclusive lock).\n", "loc": ["services", "ncps", "cache", "lock", "lruTTL"], "readOnly": false, "type": "string"}, "services.ncps.cache.lock.redisKeyPrefix": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"ncps:lock:\""}, "description": "Prefix for all Redis lock keys (only used when Redis is\nconfigured).\n", "loc": ["services", "ncps", "cache", "lock", "redisKeyPrefix"], "readOnly": false, "type": "string"}, "services.ncps.cache.lock.retry.initialDelay": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"100ms\""}, "description": "Initial retry delay for distributed locks.\n", "loc": ["services", "ncps", "cache", "lock", "retry", "initialDelay"], "readOnly": false, "type": "string"}, "services.ncps.cache.lock.retry.jitter": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable jitter in retry delays to prevent thundering herd.\n", "loc": ["services", "ncps", "cache", "lock", "retry", "jitter"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.lock.retry.maxAttempts": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Maximum number of retry attempts for distributed locks.\n", "loc": ["services", "ncps", "cache", "lock", "retry", "maxAttempts"], "readOnly": false, "type": "signed integer"}, "services.ncps.cache.lock.retry.maxDelay": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"2s\""}, "description": "Maximum retry delay for distributed locks (exponential backoff\ncaps at this).\n", "loc": ["services", "ncps", "cache", "lock", "retry", "maxDelay"], "readOnly": false, "type": "string"}, "services.ncps.cache.lru.schedule": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The cron spec for cleaning the store to keep it under\nconfig.ncps.cache.maxSize. Refer to\nhttps://pkg.go.dev/github.com/robfig/cron/v3#hdr-Usage for\ndocumentation.\n", "example": {"_type": "literalExpression", "text": "\"0 2 * * *\""}, "loc": ["services", "ncps", "cache", "lru", "schedule"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.lru.scheduleTimeZone": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"Local\""}, "description": "The name of the timezone to use for the cron schedule. See\n<https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>\nfor a comprehensive list of possible values for this setting.\n", "example": {"_type": "literalExpression", "text": "\"America/Los_Angeles\""}, "loc": ["services", "ncps", "cache", "lru", "scheduleTimeZone"], "readOnly": false, "type": "string"}, "services.ncps.cache.maxSize": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum size of the store. It can be given with units such as\n5K, 10G etc. Supported units: B, K, M, G, T.\n", "example": {"_type": "literalExpression", "text": "\"100G\""}, "loc": ["services", "ncps", "cache", "maxSize"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.redis": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure Redis.\n", "loc": ["services", "ncps", "cache", "redis"], "readOnly": false, "type": "null or (submodule)"}, "services.ncps.cache.redis.addresses": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "A list of host:port for the Redis servers that are part of a cluster.\nTo use a single Redis instance, just set this to its single address.\n", "example": {"_type": "literalExpression", "text": "''\n  [\"redis0:6379\" \"redis1:6379\"]\n''"}, "loc": ["services", "ncps", "cache", "redis", "addresses"], "readOnly": false, "type": "list of string"}, "services.ncps.cache.redis.database": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Redis database number (0-15)\n", "loc": ["services", "ncps", "cache", "redis", "database"], "readOnly": false, "type": "signed integer"}, "services.ncps.cache.redis.password": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Redis password for authentication (for Redis ACL).\n", "loc": ["services", "ncps", "cache", "redis", "password"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.redis.passwordFile": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the redis password for authentication (for Redis ACL).\n", "loc": ["services", "ncps", "cache", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.ncps.cache.redis.poolSize": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Redis connection pool size.\n", "loc": ["services", "ncps", "cache", "redis", "poolSize"], "readOnly": false, "type": "signed integer"}, "services.ncps.cache.redis.useTLS": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use TLS for Redis connection.\n", "loc": ["services", "ncps", "cache", "redis", "useTLS"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.redis.username": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Redis username for authentication (for Redis ACL).\n", "loc": ["services", "ncps", "cache", "redis", "username"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.secretKeyPath": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to load the secretKey for signing narinfos. Leave this\nempty to automatically generate a private/public key.\n", "loc": ["services", "ncps", "cache", "secretKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.ncps.cache.signNarinfo": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to sign narInfo files or passthru as-is from upstream\n", "example": {"_type": "literalExpression", "text": "\"false\""}, "loc": ["services", "ncps", "cache", "signNarinfo"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.storage.local": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ncps\""}, "description": "The local directory for storing configuration and cached store\npaths. This is ignored if services.ncps.cache.storage.s3 is not\nnull.\n", "loc": ["services", "ncps", "cache", "storage", "local"], "readOnly": false, "type": "absolute path"}, "services.ncps.cache.storage.s3": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use S3 for storage instead of local storage.\n", "loc": ["services", "ncps", "cache", "storage", "s3"], "readOnly": false, "type": "null or (submodule)"}, "services.ncps.cache.storage.s3.accessKeyIdPath": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "The path to a file containing only the access-key-id.\n", "loc": ["services", "ncps", "cache", "storage", "s3", "accessKeyIdPath"], "readOnly": false, "type": "absolute path"}, "services.ncps.cache.storage.s3.bucket": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "The name of the S3 bucket.\n", "loc": ["services", "ncps", "cache", "storage", "s3", "bucket"], "readOnly": false, "type": "string"}, "services.ncps.cache.storage.s3.endpoint": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "S3-compatible endpoint URL with scheme.\n", "example": {"_type": "literalExpression", "text": "\"https://s3.amazonaws.com\""}, "loc": ["services", "ncps", "cache", "storage", "s3", "endpoint"], "readOnly": false, "type": "string"}, "services.ncps.cache.storage.s3.forcePathStyle": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force path-style S3 addressing (bucket/key vs key.bucket).\n", "loc": ["services", "ncps", "cache", "storage", "s3", "forcePathStyle"], "readOnly": false, "type": "boolean"}, "services.ncps.cache.storage.s3.region": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The S3 region.\n", "loc": ["services", "ncps", "cache", "storage", "s3", "region"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.storage.s3.secretAccessKeyPath": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "The path to a file containing only the secret-access-key.\n", "loc": ["services", "ncps", "cache", "storage", "s3", "secretAccessKeyPath"], "readOnly": false, "type": "absolute path"}, "services.ncps.cache.tempPath": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"/tmp\""}, "description": "The path to the temporary directory that is used by the cache to download NAR files\n", "loc": ["services", "ncps", "cache", "tempPath"], "readOnly": false, "type": "absolute path"}, "services.ncps.cache.upstream.dialerTimeout": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for establishing TCP connections to upstream caches (e.g., 3s, 5s, 10s).\n", "loc": ["services", "ncps", "cache", "upstream", "dialerTimeout"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.upstream.publicKeys": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of public keys of upstream caches in the format\n`host[-[0-9]*]:public-key`. This flag is used to verify the\nsignatures of store paths downloaded from upstream caches.\n", "example": {"_type": "literalExpression", "text": "[\n  \"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=\"\n]"}, "loc": ["services", "ncps", "cache", "upstream", "publicKeys"], "readOnly": false, "type": "list of string"}, "services.ncps.cache.upstream.responseHeaderTimeout": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for waiting for upstream server's response headers.\n", "example": {"_type": "literalExpression", "text": "\"5s\""}, "loc": ["services", "ncps", "cache", "upstream", "responseHeaderTimeout"], "readOnly": false, "type": "null or string"}, "services.ncps.cache.upstream.urls": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "description": "A list of URLs of upstream binary caches.\n", "example": {"_type": "literalExpression", "text": "[\n  \"https://cache.nixos.org\"\n]"}, "loc": ["services", "ncps", "cache", "upstream", "urls"], "readOnly": false, "type": "list of string"}, "services.ncps.enable": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ncps: Nix binary cache proxy service implemented in Go.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncps", "enable"], "readOnly": false, "type": "boolean"}, "services.ncps.logLevel": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Set the level for logging. Refer to\n<https://pkg.go.dev/github.com/rs/zerolog#readme-leveled-logging> for\nmore information.\n", "loc": ["services", "ncps", "logLevel"], "readOnly": false, "type": "one of \"trace\", \"debug\", \"info\", \"warn\", \"error\", \"fatal\", \"panic\""}, "services.ncps.netrcFile": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to netrc file for upstream authentication.\nWhen unspecified ncps will look for ``$HOME/.netrc`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nix/netrc\""}, "loc": ["services", "ncps", "netrcFile"], "readOnly": false, "type": "null or absolute path"}, "services.ncps.openTelemetry.enable": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable OpenTelemetry logs, metrics, and tracing.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncps", "openTelemetry", "enable"], "readOnly": false, "type": "boolean"}, "services.ncps.openTelemetry.grpcURL": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure OpenTelemetry gRPC URL. Missing or \"https\" scheme enables\nsecure gRPC, \"insecure\" otherwise. Omit to emit telemetry to\nstdout.\n", "loc": ["services", "ncps", "openTelemetry", "grpcURL"], "readOnly": false, "type": "null or string"}, "services.ncps.package": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ncps"}, "description": "The ncps package to use.", "loc": ["services", "ncps", "package"], "readOnly": false, "type": "package"}, "services.ncps.prometheus.enable": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable Prometheus metrics endpoint at /metrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ncps", "prometheus", "enable"], "readOnly": false, "type": "boolean"}, "services.ncps.server.addr": {"declarations": ["nixos/modules/services/networking/ncps.nix"], "default": {"_type": "literalExpression", "text": "\":8501\""}, "description": "The address and port the server listens on.\n", "loc": ["services", "ncps", "server", "addr"], "readOnly": false, "type": "string"}, "services.ndppd.configFile": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file.", "loc": ["services", "ndppd", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.ndppd.enable": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ndppd", "enable"], "readOnly": false, "type": "boolean"}, "services.ndppd.interface": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interface which is on link-level with router.\n(Legacy option, use services.ndppd.proxies.\\<interface\\>.rules.\\<network\\> instead)\n", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["services", "ndppd", "interface"], "readOnly": false, "type": "null or string"}, "services.ndppd.network": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Network that we proxy.\n(Legacy option, use services.ndppd.proxies.\\<interface\\>.rules.\\<network\\> instead)\n", "example": {"_type": "literalExpression", "text": "\"1111::/64\""}, "loc": ["services", "ndppd", "network"], "readOnly": false, "type": "null or string"}, "services.ndppd.proxies": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This sets up a listener, that will listen for any Neighbor Solicitation\nmessages, and respond to them according to a set of rules.\n", "example": {"_type": "literalExpression", "text": "{\n  eth0.rules.\"1111::/64\" = {};\n}\n"}, "loc": ["services", "ndppd", "proxies"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.ndppd.proxies.<name>.interface": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen for any Neighbor Solicitation messages on this interface,\nand respond to them according to a set of rules.\nDefaults to the name of the attrset.\n", "loc": ["services", "ndppd", "proxies", "<name>", "interface"], "readOnly": false, "type": "null or string"}, "services.ndppd.proxies.<name>.router": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Turns on or off the router flag for Neighbor Advertisement Messages.\n", "loc": ["services", "ndppd", "proxies", "<name>", "router"], "readOnly": false, "type": "boolean"}, "services.ndppd.proxies.<name>.rules": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This is a rule that the target address is to match against. If no netmask\nis provided, /128 is assumed. You may have several rule sections, and the\naddresses may or may not overlap.\n", "loc": ["services", "ndppd", "proxies", "<name>", "rules"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.ndppd.proxies.<name>.rules.<name>.interface": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interface to use when method is iface.", "loc": ["services", "ndppd", "proxies", "<name>", "rules", "<name>", "interface"], "readOnly": false, "type": "null or string"}, "services.ndppd.proxies.<name>.rules.<name>.method": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "static: Immediately answer any Neighbor Solicitation Messages\n  (if they match the IP rule).\niface: Forward the Neighbor Solicitation Message through the specified\n  interface and only respond if a matching Neighbor Advertisement\n  Message is received.\nauto: Same as iface, but instead of manually specifying the outgoing\n  interface, check for a matching route in /proc/net/ipv6_route.\n", "loc": ["services", "ndppd", "proxies", "<name>", "rules", "<name>", "method"], "readOnly": false, "type": "one of \"static\", \"iface\", \"auto\""}, "services.ndppd.proxies.<name>.rules.<name>.network": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This is the target address is to match against. If no netmask\nis provided, /128 is assumed. The addresses of several rules\nmay or may not overlap.\nDefaults to the name of the attrset.\n", "loc": ["services", "ndppd", "proxies", "<name>", "rules", "<name>", "network"], "readOnly": false, "type": "null or string"}, "services.ndppd.proxies.<name>.timeout": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "500"}, "description": "Controls how long to wait for a Neighbor Advertisement Message before\ninvalidating the entry, in milliseconds.\n", "loc": ["services", "ndppd", "proxies", "<name>", "timeout"], "readOnly": false, "type": "signed integer"}, "services.ndppd.proxies.<name>.ttl": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "30000"}, "description": "Controls how long a valid or invalid entry remains in the cache, in\nmilliseconds.\n", "loc": ["services", "ndppd", "proxies", "<name>", "ttl"], "readOnly": false, "type": "signed integer"}, "services.ndppd.routeTTL": {"declarations": ["nixos/modules/services/networking/ndppd.nix"], "default": {"_type": "literalExpression", "text": "30000"}, "description": "This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route,\nin milliseconds.\n", "loc": ["services", "ndppd", "routeTTL"], "readOnly": false, "type": "signed integer"}, "services.neard.enable": {"declarations": ["nixos/modules/services/desktops/neard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable neard, an NFC daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "neard", "enable"], "readOnly": false, "type": "boolean"}, "services.neard.settings": {"declarations": ["nixos/modules/services/desktops/neard.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Neard INI-style configuration file as a Nix attribute set.\n\nSee the upstream [configuration file](https://github.com/linux-nfc/neard/blob/master/src/main.conf).\n", "loc": ["services", "neard", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.neard.settings.General.ConstantPoll": {"declarations": ["nixos/modules/services/desktops/neard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable constant polling. Constant polling will automatically trigger a new\npolling loop whenever a tag or a device is no longer in the RF field.\n", "loc": ["services", "neard", "settings", "General", "ConstantPoll"], "readOnly": false, "type": "boolean"}, "services.neard.settings.General.DefaultPowered": {"declarations": ["nixos/modules/services/desktops/neard.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically turn an adapter on when being discovered.\n", "loc": ["services", "neard", "settings", "General", "DefaultPowered"], "readOnly": false, "type": "boolean"}, "services.neard.settings.General.ResetOnError": {"declarations": ["nixos/modules/services/desktops/neard.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Power cycle the adapter when getting a driver error from the kernel.\n", "loc": ["services", "neard", "settings", "General", "ResetOnError"], "readOnly": false, "type": "boolean"}, "services.nebula-lighthouse-service.enable": {"declarations": ["nixos/modules/services/networking/nebula-lighthouse-service.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nebula-lighthouse-service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nebula-lighthouse-service", "enable"], "readOnly": false, "type": "boolean"}, "services.nebula-lighthouse-service.settings": {"declarations": ["nixos/modules/services/networking/nebula-lighthouse-service.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for nebula-lighthouse-service.\n", "example": {"_type": "literalExpression", "text": "{\n  max-port = 65535;\n  min-port = 49152;\n  \"webserver.ip\" = \"127.0.0.1\";\n  \"webserver.port\" = 8080;\n}"}, "loc": ["services", "nebula-lighthouse-service", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.nebula-lighthouse-service.user": {"declarations": ["nixos/modules/services/networking/nebula-lighthouse-service.nix"], "default": {"_type": "literalExpression", "text": "\"nebula-lighthouse\""}, "description": "The user and group to run nebula-lighthouse-service as.\n", "example": {"_type": "literalExpression", "text": "\"nebula-lighthouse\""}, "loc": ["services", "nebula-lighthouse-service", "user"], "readOnly": false, "type": "string"}, "services.nebula.networks": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Nebula network definitions.", "loc": ["services", "nebula", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nebula.networks.<name>.ca": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "description": "Path to the certificate authority certificate.", "example": {"_type": "literalExpression", "text": "\"/etc/nebula/ca.crt\""}, "loc": ["services", "nebula", "networks", "<name>", "ca"], "readOnly": false, "type": "absolute path"}, "services.nebula.networks.<name>.cert": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "description": "Path to the host certificate.", "example": {"_type": "literalExpression", "text": "\"/etc/nebula/host.crt\""}, "loc": ["services", "nebula", "networks", "<name>", "cert"], "readOnly": false, "type": "absolute path"}, "services.nebula.networks.<name>.enable": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable or disable this network.", "loc": ["services", "nebula", "networks", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.nebula.networks.<name>.enableReload": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable automatic config reload on config change.\nThis setting is not enabled by default as nix cannot determine if the config change is reloadable.\nPlease refer to the [config reference](https://nebula.defined.net/docs/config/) for documentation on reloadable changes.\n", "loc": ["services", "nebula", "networks", "<name>", "enableReload"], "readOnly": false, "type": "boolean"}, "services.nebula.networks.<name>.firewall.inbound": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Firewall rules for inbound traffic.", "example": {"_type": "literalExpression", "text": "[\n  {\n    host = \"any\";\n    port = \"any\";\n    proto = \"any\";\n  }\n]"}, "loc": ["services", "nebula", "networks", "<name>", "firewall", "inbound"], "readOnly": false, "type": "list of (attribute set)"}, "services.nebula.networks.<name>.firewall.outbound": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Firewall rules for outbound traffic.", "example": {"_type": "literalExpression", "text": "[\n  {\n    host = \"any\";\n    port = \"any\";\n    proto = \"any\";\n  }\n]"}, "loc": ["services", "nebula", "networks", "<name>", "firewall", "outbound"], "readOnly": false, "type": "list of (attribute set)"}, "services.nebula.networks.<name>.isLighthouse": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this node is a lighthouse.", "loc": ["services", "nebula", "networks", "<name>", "isLighthouse"], "readOnly": false, "type": "boolean"}, "services.nebula.networks.<name>.isRelay": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this node is a relay.", "loc": ["services", "nebula", "networks", "<name>", "isRelay"], "readOnly": false, "type": "boolean"}, "services.nebula.networks.<name>.key": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "description": "Path or reference to the host key.", "example": {"_type": "literalExpression", "text": "\"/etc/nebula/host.key\""}, "loc": ["services", "nebula", "networks", "<name>", "key"], "readOnly": false, "type": "non-empty string or absolute path"}, "services.nebula.networks.<name>.lighthouse.dns.enable": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this lighthouse node should serve DNS.", "loc": ["services", "nebula", "networks", "<name>", "lighthouse", "dns", "enable"], "readOnly": false, "type": "boolean"}, "services.nebula.networks.<name>.lighthouse.dns.host": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "IP address on which nebula lighthouse should serve DNS.\n'localhost' is a good default to ensure the service does not listen on public interfaces;\nuse a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.\n", "loc": ["services", "nebula", "networks", "<name>", "lighthouse", "dns", "host"], "readOnly": false, "type": "string"}, "services.nebula.networks.<name>.lighthouse.dns.port": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "5353"}, "description": "UDP port number for lighthouse DNS server.", "loc": ["services", "nebula", "networks", "<name>", "lighthouse", "dns", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nebula.networks.<name>.lighthouses": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse\nnodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.100.1\"\n]"}, "loc": ["services", "nebula", "networks", "<name>", "lighthouses"], "readOnly": false, "type": "list of string"}, "services.nebula.networks.<name>.listen.host": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address to listen on.", "loc": ["services", "nebula", "networks", "<name>", "listen", "host"], "readOnly": false, "type": "string"}, "services.nebula.networks.<name>.listen.port": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "if (config.services.nebula.networks.${name}.isLighthouse ||\n    config.services.nebula.networks.${name}.isRelay) then\n  4242\nelse\n  0;\n"}, "description": "Port number to listen on.", "loc": ["services", "nebula", "networks", "<name>", "listen", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nebula.networks.<name>.package": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nebula"}, "description": "The nebula package to use.", "loc": ["services", "nebula", "networks", "<name>", "package"], "readOnly": false, "type": "package"}, "services.nebula.networks.<name>.relays": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IPs of relays that this node should allow traffic from.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.100.1\"\n]"}, "loc": ["services", "nebula", "networks", "<name>", "relays"], "readOnly": false, "type": "list of string"}, "services.nebula.networks.<name>.settings": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Nebula configuration. Refer to\n<https://github.com/slackhq/nebula/blob/master/examples/config.yml>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  lighthouse.interval = 15;\n}\n"}, "loc": ["services", "nebula", "networks", "<name>", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.nebula.networks.<name>.staticHostMap": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The static host map defines a set of hosts with fixed IP addresses on the internet (or any network).\nA host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel.\n", "example": {"_type": "literalExpression", "text": "{\n  \"192.168.100.1\" = [\n    \"100.64.22.11:4242\"\n  ];\n}"}, "loc": ["services", "nebula", "networks", "<name>", "staticHostMap"], "readOnly": false, "type": "attribute set of list of string"}, "services.nebula.networks.<name>.tun.device": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the tun device. Defaults to nebula.${networkName}.", "loc": ["services", "nebula", "networks", "<name>", "tun", "device"], "readOnly": false, "type": "null or string"}, "services.nebula.networks.<name>.tun.disable": {"declarations": ["nixos/modules/services/networking/nebula.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).\n", "loc": ["services", "nebula", "networks", "<name>", "tun", "disable"], "readOnly": false, "type": "boolean"}, "services.neo4j.bolt.advertisedAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "config.services.neo4j.bolt.listenAddress"}, "description": "Neo4j advertised address for BOLT traffic. The advertised address is\nexpressed in the format `<ip-address>:<port-number>`.\n", "loc": ["services", "neo4j", "bolt", "advertisedAddress"], "readOnly": false, "type": "string"}, "services.neo4j.bolt.enable": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the BOLT connector for Neo4j. Setting this option to\n`false` will stop Neo4j from listening for incoming\nconnections on the BOLT port (7687 by default).\n", "loc": ["services", "neo4j", "bolt", "enable"], "readOnly": false, "type": "boolean"}, "services.neo4j.bolt.listenAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\":7687\""}, "description": "Neo4j listen address for BOLT traffic. The listen address is\nexpressed in the format `<ip-address>:<port-number>`.\n", "loc": ["services", "neo4j", "bolt", "listenAddress"], "readOnly": false, "type": "string"}, "services.neo4j.bolt.sslPolicy": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"legacy\""}, "description": "Neo4j SSL policy for BOLT traffic.\n\nThe legacy policy is a special policy which is not defined in\nthe policy configuration section, but rather derives from\n{option}`directories.certificates` and\nassociated files (by default: {file}`neo4j.key` and\n{file}`neo4j.cert`). Its use will be deprecated.\n\nNote: This connector must be configured to support/require\nSSL/TLS for the legacy policy to actually be utilized. See\n{option}`bolt.tlsLevel`.\n", "loc": ["services", "neo4j", "bolt", "sslPolicy"], "readOnly": false, "type": "string"}, "services.neo4j.bolt.tlsLevel": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"OPTIONAL\""}, "description": "SSL/TSL requirement level for BOLT traffic.\n", "loc": ["services", "neo4j", "bolt", "tlsLevel"], "readOnly": false, "type": "one of \"REQUIRED\", \"OPTIONAL\", \"DISABLED\""}, "services.neo4j.constrainLoadCsv": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Sets the root directory for file URLs used with the Cypher\n`LOAD CSV` clause to be that defined by\n{option}`directories.imports`. It restricts\naccess to only those files within that directory and its\nsubdirectories.\n\nSetting this option to `false` introduces\npossible security problems.\n", "loc": ["services", "neo4j", "constrainLoadCsv"], "readOnly": false, "type": "boolean"}, "services.neo4j.defaultListenAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Default network interface to listen for incoming connections. To\nlisten for connections on all interfaces, use \"0.0.0.0\".\n\nSpecifies the default IP address and address part of connector\nspecific {option}`listenAddress` options. To bind specific\nconnectors to a specific network interfaces, specify the entire\n{option}`listenAddress` option for that connector.\n", "loc": ["services", "neo4j", "defaultListenAddress"], "readOnly": false, "type": "string"}, "services.neo4j.directories.certificates": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.directories.home}/certificates\""}, "description": "Directory for storing certificates to be used by Neo4j for\nTLS connections.\n\nWhen setting this directory to something other than its default,\nensure the directory's existence, and that read/write permissions are\ngiven to the Neo4j daemon user `neo4j`.\n\nNote that changing this directory from its default will prevent\nthe directory structure required for each SSL policy from being\nautomatically generated. A policy's directory structure as defined by\nits {option}`baseDirectory`,{option}`revokedDir` and\n{option}`trustedDir` must then be setup manually. The\nexistence of these directories is mandatory, as well as the presence\nof the certificate file and the private key. Ensure the correct\npermissions are set on these directories and files.\n", "loc": ["services", "neo4j", "directories", "certificates"], "readOnly": false, "type": "absolute path"}, "services.neo4j.directories.data": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.directories.home}/data\""}, "description": "Path of the data directory. You must not configure more than one\nNeo4j installation to use the same data directory.\n\nWhen setting this directory to something other than its default,\nensure the directory's existence, and that read/write permissions are\ngiven to the Neo4j daemon user `neo4j`.\n", "loc": ["services", "neo4j", "directories", "data"], "readOnly": false, "type": "absolute path"}, "services.neo4j.directories.home": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/neo4j\""}, "description": "Path of the Neo4j home directory. Other default directories are\nsubdirectories of this path. This directory will be created if\nnon-existent, and its ownership will be {command}`chown` to\nthe Neo4j daemon user `neo4j`.\n", "loc": ["services", "neo4j", "directories", "home"], "readOnly": false, "type": "absolute path"}, "services.neo4j.directories.imports": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.directories.home}/import\""}, "description": "The root directory for file URLs used with the Cypher\n`LOAD CSV` clause. Only meaningful when\n{option}`constrainLoadCvs` is set to\n`true`.\n\nWhen setting this directory to something other than its default,\nensure the directory's existence, and that read permission is\ngiven to the Neo4j daemon user `neo4j`.\n", "loc": ["services", "neo4j", "directories", "imports"], "readOnly": false, "type": "absolute path"}, "services.neo4j.directories.plugins": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.directories.home}/plugins\""}, "description": "Path of the database plugin directory. Compiled Java JAR files that\ncontain database procedures will be loaded if they are placed in\nthis directory.\n\nWhen setting this directory to something other than its default,\nensure the directory's existence, and that read permission is\ngiven to the Neo4j daemon user `neo4j`.\n", "loc": ["services", "neo4j", "directories", "plugins"], "readOnly": false, "type": "absolute path"}, "services.neo4j.enable": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Neo4j Community Edition.\n", "loc": ["services", "neo4j", "enable"], "readOnly": false, "type": "boolean"}, "services.neo4j.extraServerConfig": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for Neo4j Community server. Refer to the\n[complete reference](https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/)\nof Neo4j configuration settings.\n", "loc": ["services", "neo4j", "extraServerConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.neo4j.http.advertisedAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "config.services.neo4j.http.listenAddress"}, "description": "Neo4j advertised address for HTTP traffic. The advertised address is\nexpressed in the format `<ip-address>:<port-number>`.\n", "loc": ["services", "neo4j", "http", "advertisedAddress"], "readOnly": false, "type": "string"}, "services.neo4j.http.enable": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the HTTP connector for Neo4j. Setting this option to\n`false` will stop Neo4j from listening for incoming\nconnections on the HTTPS port (7474 by default).\n", "loc": ["services", "neo4j", "http", "enable"], "readOnly": false, "type": "boolean"}, "services.neo4j.http.listenAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\":7474\""}, "description": "Neo4j listen address for HTTP traffic. The listen address is\nexpressed in the format `<ip-address>:<port-number>`.\n", "loc": ["services", "neo4j", "http", "listenAddress"], "readOnly": false, "type": "string"}, "services.neo4j.https.advertisedAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "config.services.neo4j.https.listenAddress"}, "description": "Neo4j advertised address for HTTPS traffic. The advertised address is\nexpressed in the format `<ip-address>:<port-number>`.\n", "loc": ["services", "neo4j", "https", "advertisedAddress"], "readOnly": false, "type": "string"}, "services.neo4j.https.enable": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the HTTPS connector for Neo4j. Setting this option to\n`false` will stop Neo4j from listening for incoming\nconnections on the HTTPS port (7473 by default).\n", "loc": ["services", "neo4j", "https", "enable"], "readOnly": false, "type": "boolean"}, "services.neo4j.https.listenAddress": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\":7473\""}, "description": "Neo4j listen address for HTTPS traffic. The listen address is\nexpressed in the format `<ip-address>:<port-number>`.\n", "loc": ["services", "neo4j", "https", "listenAddress"], "readOnly": false, "type": "string"}, "services.neo4j.https.sslPolicy": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"legacy\""}, "description": "Neo4j SSL policy for HTTPS traffic.\n\nThe legacy policy is a special policy which is not defined in the\npolicy configuration section, but rather derives from\n{option}`directories.certificates` and\nassociated files (by default: {file}`neo4j.key` and\n{file}`neo4j.cert`). Its use will be deprecated.\n", "loc": ["services", "neo4j", "https", "sslPolicy"], "readOnly": false, "type": "string"}, "services.neo4j.package": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "pkgs.neo4j"}, "description": "The neo4j package to use.", "loc": ["services", "neo4j", "package"], "readOnly": false, "type": "package"}, "services.neo4j.readOnly": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only allow read operations from this Neo4j instance.\n", "loc": ["services", "neo4j", "readOnly"], "readOnly": false, "type": "boolean"}, "services.neo4j.shell.enable": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable a remote shell server which Neo4j Shell clients can log in to.\nOnly applicable to {command}`neo4j-shell`.\n", "loc": ["services", "neo4j", "shell", "enable"], "readOnly": false, "type": "boolean"}, "services.neo4j.ssl.policies": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines the SSL policies for use with Neo4j connectors. Each attribute\nof this set defines a policy, with the attribute name defining the name\nof the policy and its namespace. Refer to the operations manual section\non Neo4j's\n[SSL Framework](https://neo4j.com/docs/operations-manual/current/security/ssl-framework/)\nfor further details.\n", "loc": ["services", "neo4j", "ssl", "policies"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.neo4j.ssl.policies.<name>.allowKeyGeneration": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allows the generation of a private key and associated self-signed\ncertificate. Only performed when both objects cannot be found for\nthis policy. It is recommended to turn this off again after keys\nhave been generated.\n\nThe public certificate is required to be duplicated to the\ndirectory holding trusted certificates as defined by the\n{option}`trustedDir` option.\n\nKeys should in general be generated and distributed offline by a\ntrusted certificate authority and not by utilizing this mode.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "allowKeyGeneration"], "readOnly": false, "type": "boolean"}, "services.neo4j.ssl.policies.<name>.baseDirectory": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.directories.certificates}/${name}\""}, "description": "The mandatory base directory for cryptographic objects of this\npolicy. This path is only automatically generated when this\noption as well as {option}`directories.certificates` are\nleft at their default. Ensure read/write permissions are given\nto the Neo4j daemon user `neo4j`.\n\nIt is also possible to override each individual\nconfiguration with absolute paths. See the\n{option}`privateKey` and {option}`publicCertificate`\npolicy options.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "baseDirectory"], "readOnly": false, "type": "absolute path"}, "services.neo4j.ssl.policies.<name>.ciphers": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Restrict the allowed ciphers of this policy to those defined\nhere. The default ciphers are those of the JVM platform.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "ciphers"], "readOnly": false, "type": "null or (list of string)"}, "services.neo4j.ssl.policies.<name>.clientAuth": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"REQUIRE\""}, "description": "The client authentication stance for this policy.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "clientAuth"], "readOnly": false, "type": "one of \"NONE\", \"OPTIONAL\", \"REQUIRE\""}, "services.neo4j.ssl.policies.<name>.privateKey": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"private.key\""}, "description": "The name of private PKCS #8 key file for this policy to be found\nin the {option}`baseDirectory`, or the absolute path to\nthe key file. It is mandatory that a key can be found or generated.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "privateKey"], "readOnly": false, "type": "string"}, "services.neo4j.ssl.policies.<name>.publicCertificate": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"public.crt\""}, "description": "The name of public X.509 certificate (chain) file in PEM format\nfor this policy to be found in the {option}`baseDirectory`,\nor the absolute path to the certificate file. It is mandatory\nthat a certificate can be found or generated.\n\nThe public certificate is required to be duplicated to the\ndirectory holding trusted certificates as defined by the\n{option}`trustedDir` option.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "publicCertificate"], "readOnly": false, "type": "string"}, "services.neo4j.ssl.policies.<name>.revokedDir": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.ssl.policies.<name>.baseDirectory}/revoked\""}, "description": "Path to directory of CRLs (Certificate Revocation Lists) in\nPEM format. Must be an absolute path. The existence of this\ndirectory is mandatory and will need to be created manually when:\nsetting this option to something other than its default; setting\neither this policy's {option}`baseDirectory` or\n{option}`directories.certificates` to something other than\ntheir default. Ensure read/write permissions are given to the\nNeo4j daemon user `neo4j`.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "revokedDir"], "readOnly": false, "type": "absolute path"}, "services.neo4j.ssl.policies.<name>.tlsVersions": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"TLSv1.2\"\n]"}, "description": "Restrict the TLS protocol versions of this policy to those\ndefined here.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "tlsVersions"], "readOnly": false, "type": "list of string"}, "services.neo4j.ssl.policies.<name>.trustAll": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this policy trust all remote parties. Enabling this is not\nrecommended and the policy's trusted directory will be ignored.\nUse of this mode is discouraged. It would offer encryption but\nno security.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "trustAll"], "readOnly": false, "type": "boolean"}, "services.neo4j.ssl.policies.<name>.trustedDir": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.neo4j.ssl.policies.<name>.baseDirectory}/trusted\""}, "description": "Path to directory of X.509 certificates in PEM format for\ntrusted parties. Must be an absolute path. The existence of this\ndirectory is mandatory and will need to be created manually when:\nsetting this option to something other than its default; setting\neither this policy's {option}`baseDirectory` or\n{option}`directories.certificates` to something other than\ntheir default. Ensure read/write permissions are given to the\nNeo4j daemon user `neo4j`.\n\nThe public certificate as defined by\n{option}`publicCertificate` is required to be duplicated\nto this directory.\n", "loc": ["services", "neo4j", "ssl", "policies", "<name>", "trustedDir"], "readOnly": false, "type": "absolute path"}, "services.neo4j.workerCount": {"declarations": ["nixos/modules/services/databases/neo4j.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of Neo4j worker threads, where the default of\n`0` indicates a worker count equal to the number of\navailable processors.\n", "loc": ["services", "neo4j", "workerCount"], "readOnly": false, "type": "integer between 0 and 44738 (both inclusive)"}, "services.netatalk.enable": {"declarations": ["nixos/modules/services/network-filesystems/netatalk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Netatalk AFP fileserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netatalk", "enable"], "readOnly": false, "type": "boolean"}, "services.netatalk.extmap": {"declarations": ["nixos/modules/services/network-filesystems/netatalk.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "File name extension mappings.\nSee {manpage}`extmap.conf(5)`. for more information.\n", "loc": ["services", "netatalk", "extmap"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.netatalk.port": {"declarations": ["nixos/modules/services/network-filesystems/netatalk.nix"], "default": {"_type": "literalExpression", "text": "548"}, "description": "TCP port to be used for AFP.", "loc": ["services", "netatalk", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netatalk.settings": {"declarations": ["nixos/modules/services/network-filesystems/netatalk.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Netatalk. See\n{manpage}`afp.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "{\n  Global = {\n    \"uam list\" = \"uams_guest.so\";\n  };\n  Homes = {\n    \"basedir regex\" = \"/home\";\n    path = \"afp-data\";\n  };\n  example-volume = {\n    path = \"/srv/volume\";\n    \"read only\" = true;\n  };\n}"}, "loc": ["services", "netatalk", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.netbird.clients": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of NetBird client daemons, by default each one will:\n\n1. be manageable using dedicated tooling:\n  - `netbird-<name>` script,\n  - `NetBird - netbird-<name>` graphical interface when appropriate (see `ui.enable`),\n2. run as a `netbird-<name>.service`,\n3. listen for incoming remote connections on the port `51820` (`openFirewall` by default),\n4. manage the `netbird-<name>` wireguard interface,\n5. use the {file}`/var/lib/netbird-<name>/config.json` configuration file,\n6. override {file}`/var/lib/netbird-<name>/config.json` with values from {file}`/etc/netbird-<name>/config.d/*.json`,\n7. (`hardened`) be locally manageable by `netbird-<name>` system group,\n\nWith following caveats:\n\n- multiple daemons will interfere with each other's DNS resolution of `netbird.cloud`, but\n  should remain fully operational otherwise.\n  Setting up custom (non-conflicting) DNS zone is currently possible only when self-hosting.\n", "example": {"_type": "literalExpression", "text": "{\n  services.netbird.clients.wt0.port = 51820;\n  services.netbird.clients.personal.port = 51821;\n  services.netbird.clients.work1.port = 51822;\n}\n"}, "loc": ["services", "netbird", "clients"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.netbird.clients.<name>.autoStart": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Start the service with the system.\n\nAs of 2024-02-13 it is not possible to start a NetBird client daemon without immediately\nconnecting to the network, but it is [planned for a near future](https://github.com/netbirdio/netbird/projects/2#card-91718018).\n", "loc": ["services", "netbird", "clients", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "services.netbird.clients.<name>.bin.suffix": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "A system group name for this client instance.\n", "loc": ["services", "netbird", "clients", "<name>", "bin", "suffix"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.config": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "{\n  DisableAutoConnect = !client.autoStart;\n  WgIface = client.interface;\n  WgPort = client.port;\n} // optionalAttrs (client.dns-resolver.address != null) {\n  CustomDNSAddress = \"${client.dns-resolver.address}:${toString client.dns-resolver.port}\";\n}\n"}, "description": "Additional configuration that exists before the first start and\nlater overrides the existing values in {file}`config.json`.\n\nIt is mostly helpful to manage configuration ignored/not yet implemented\noutside of `netbird up` invocation.\n\nWARNING: this is not an upstream feature, it could break in the future\n(by having lower priority) after upstream implements an equivalent.\n\nIt is implemented as a `preStart` script which overrides {file}`config.json`\nwith content of {file}`/etc/netbird-\u2039name\u203a/config.d/*.json` files.\nThis option manages specifically {file}`50-nixos.json` file.\n\nConsult [the source code](https://github.com/netbirdio/netbird/blob/88747e3e0191abc64f1e8c7ecc65e5e50a1527fd/client/internal/config.go#L49-L82)\nor inspect existing file for a complete list of available configurations.\n", "loc": ["services", "netbird", "clients", "<name>", "config"], "readOnly": false, "type": "JSON value"}, "services.netbird.clients.<name>.dir.baseName": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A systemd service name to use (without `.service` suffix).\n", "loc": ["services", "netbird", "clients", "<name>", "dir", "baseName"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.dir.runtime": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"/var/run/netbird-\u2039name\u203a\""}, "description": "A runtime directory used by NetBird client.\n", "loc": ["services", "netbird", "clients", "<name>", "dir", "runtime"], "readOnly": false, "type": "absolute path"}, "services.netbird.clients.<name>.dir.state": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/netbird-\u2039name\u203a\""}, "description": "A state directory used by NetBird client to store {file}`config.json`, {file}`state.json` & {file}`resolv.conf`.\n", "loc": ["services", "netbird", "clients", "<name>", "dir", "state"], "readOnly": false, "type": "absolute path"}, "services.netbird.clients.<name>.dns-resolver.address": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An explicit address that NetBird will serve `*.netbird.cloud.` (usually) entries on.\n\nNetBird serves DNS on it's own (dynamic) client address by default.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.123\""}, "loc": ["services", "netbird", "clients", "<name>", "dns-resolver", "address"], "readOnly": false, "type": "null or string"}, "services.netbird.clients.<name>.dns-resolver.port": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "A port to serve DNS entries on when `dns-resolver.address` is enabled.\n", "loc": ["services", "netbird", "clients", "<name>", "dns-resolver", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.clients.<name>.environment": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "{\n  NB_STATE_DIR = client.dir.state;\n  NB_CONFIG = \"${client.dir.state}/config.json\";\n  NB_DAEMON_ADDR = \"unix://${client.dir.runtime}/sock\";\n  NB_INTERFACE_NAME = client.interface;\n  NB_LOG_FILE = mkOptionDefault \"console\";\n  NB_LOG_LEVEL = client.logLevel;\n  NB_SERVICE = client.service.name;\n  NB_WIREGUARD_PORT = toString client.port;\n} // optionalAttrs (client.dns-resolver.address != null) {\n  NB_DNS_RESOLVER_ADDRESS = \"${client.dns-resolver.address}:${toString client.dns-resolver.port}\";\n}\n"}, "description": "Environment for the netbird service, used to pass configuration options.\n", "loc": ["services", "netbird", "clients", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.netbird.clients.<name>.hardened": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Hardened service:\n- runs as a dedicated user with minimal set of permissions (see caveats),\n- restricts daemon configuration socket access to dedicated user group\n  (you can grant access to it with `users.users.\"<user>\".extraGroups = [ netbird-\u2039name\u203a ]`),\n\nEven though the local system resources access is restricted:\n- `CAP_NET_RAW`, `CAP_NET_ADMIN` and `CAP_BPF` still give unlimited network manipulation possibilites,\n- older kernels don't have `CAP_BPF` and use `CAP_SYS_ADMIN` instead,\n\nKnown security features that are not (yet) integrated into the module:\n- 2024-02-14: `rosenpass` is an experimental feature configurable solely\n  through `--enable-rosenpass` flag on the `netbird up` command,\n  see [the docs](https://docs.netbird.io/how-to/enable-post-quantum-cryptography)\n", "loc": ["services", "netbird", "clients", "<name>", "hardened"], "readOnly": false, "type": "boolean"}, "services.netbird.clients.<name>.interface": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"nb-\u2039name\u203a\""}, "description": "Name of the network interface managed by this client.\n", "loc": ["services", "netbird", "clients", "<name>", "interface"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.logLevel": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level of the NetBird daemon.", "loc": ["services", "netbird", "clients", "<name>", "logLevel"], "readOnly": false, "type": "one of \"panic\", \"fatal\", \"error\", \"warn\", \"warning\", \"info\", \"debug\", \"trace\""}, "services.netbird.clients.<name>.login.enable": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automated login for NetBird client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "clients", "<name>", "login", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.clients.<name>.login.setupKeyFile": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A Setup Key file path used for automated login of the machine.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/netbird-priv/setup-key\""}, "loc": ["services", "netbird", "clients", "<name>", "login", "setupKeyFile"], "readOnly": false, "type": "null or string"}, "services.netbird.clients.<name>.login.systemdDependencies": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional systemd dependencies required to succeed before the Setup Key file becomes available.\n", "example": {"_type": "literalExpression", "text": "[ \"sops-install-secrets.service\" ]\n"}, "loc": ["services", "netbird", "clients", "<name>", "login", "systemdDependencies"], "readOnly": false, "type": "list of string"}, "services.netbird.clients.<name>.name": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Primary name for use (as a suffix) in:\n- systemd service name,\n- hardened user name and group,\n- [systemd `*Directory=`](https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=) names,\n- desktop application identification,\n", "loc": ["services", "netbird", "clients", "<name>", "name"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.openFirewall": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens up firewall `port` for communication between NetBird peers directly over LAN or public IP,\nwithout using (internet-hosted) TURN servers as intermediaries.\n", "loc": ["services", "netbird", "clients", "<name>", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.netbird.clients.<name>.openInternalFirewall": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens up internal firewall ports for the NetBird's network interface.\n", "loc": ["services", "netbird", "clients", "<name>", "openInternalFirewall"], "readOnly": false, "type": "boolean"}, "services.netbird.clients.<name>.port": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "description": "Port the NetBird client listens on.\n", "example": {"_type": "literalExpression", "text": "51820"}, "loc": ["services", "netbird", "clients", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.clients.<name>.service.name": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A systemd service name to use (without `.service` suffix).\n", "loc": ["services", "netbird", "clients", "<name>", "service", "name"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.suffixedName": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A systemd service name to use (without `.service` suffix).\n", "loc": ["services", "netbird", "clients", "<name>", "suffixedName"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.ui.enable": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "client.ui.enable"}, "description": "Controls presence of `netbird-ui` wrapper for this NetBird client.\n", "loc": ["services", "netbird", "clients", "<name>", "ui", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.clients.<name>.user.group": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A system group name for this client instance.\n", "loc": ["services", "netbird", "clients", "<name>", "user", "group"], "readOnly": false, "type": "string"}, "services.netbird.clients.<name>.user.name": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A system user name for this client instance.\n", "loc": ["services", "netbird", "clients", "<name>", "user", "name"], "readOnly": false, "type": "string"}, "services.netbird.enable": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables backward-compatible NetBird client service.\n\nThis is strictly equivalent to:\n\n```nix\nservices.netbird.clients.default = {\n  port = 51820;\n  name = \"netbird\";\n  interface = \"wt0\";\n  hardened = false;\n};\n```\n", "loc": ["services", "netbird", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.package": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netbird"}, "description": "The netbird package to use.", "loc": ["services", "netbird", "package"], "readOnly": false, "type": "package"}, "services.netbird.server.coturn.domain": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "description": "The domain under which the coturn server runs.", "loc": ["services", "netbird", "server", "coturn", "domain"], "readOnly": false, "type": "string"}, "services.netbird.server.coturn.enable": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a Coturn server for Netbird, will also open the firewall on the configured range.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "coturn", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.server.coturn.openPorts": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "default": {"_type": "literalExpression", "text": "with config.services.coturn; [\n  listening-port\n  alt-listening-port\n  tls-listening-port\n  alt-tls-listening-port\n];\n"}, "description": "The list of ports used by coturn for listening to open in the firewall.\n", "loc": ["services", "netbird", "server", "coturn", "openPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.server.coturn.password": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password of the user used by netbird to connect to the coturn server.\nBe advised this will be world readable in the nix store.\n", "loc": ["services", "netbird", "server", "coturn", "password"], "readOnly": false, "type": "null or string"}, "services.netbird.server.coturn.passwordFile": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the password of the user used by netbird to connect to the coturn server.\n", "loc": ["services", "netbird", "server", "coturn", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.netbird.server.coturn.useAcmeCertificates": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use ACME certificates corresponding to the given domain for the server.\n", "loc": ["services", "netbird", "server", "coturn", "useAcmeCertificates"], "readOnly": false, "type": "boolean"}, "services.netbird.server.coturn.user": {"declarations": ["nixos/modules/services/networking/netbird/coturn.nix"], "default": {"_type": "literalExpression", "text": "\"netbird\""}, "description": "The username used by netbird to connect to the coturn server.\n", "loc": ["services", "netbird", "server", "coturn", "user"], "readOnly": false, "type": "string"}, "services.netbird.server.dashboard.domain": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The domain under which the dashboard runs.", "loc": ["services", "netbird", "server", "dashboard", "domain"], "readOnly": false, "type": "string"}, "services.netbird.server.dashboard.enable": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the static netbird dashboard frontend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "dashboard", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.server.dashboard.enableNginx": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nginx reverse-proxy to serve the dashboard.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "dashboard", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.netbird.server.dashboard.finalDrv": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "description": "The derivation containing the final templated dashboard.\n", "loc": ["services", "netbird", "server", "dashboard", "finalDrv"], "readOnly": true, "type": "package"}, "services.netbird.server.dashboard.managementServer": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "description": "The address of the management server, used for the API endpoints.", "loc": ["services", "netbird", "server", "dashboard", "managementServer"], "readOnly": false, "type": "string"}, "services.netbird.server.dashboard.package": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netbird-dashboard"}, "description": "The netbird-dashboard package to use.", "loc": ["services", "netbird", "server", "dashboard", "package"], "readOnly": false, "type": "package"}, "services.netbird.server.dashboard.settings": {"declarations": ["nixos/modules/services/networking/netbird/dashboard.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    AUTH_AUDIENCE = \"netbird\";\n    AUTH_CLIENT_ID = \"netbird\";\n    AUTH_SUPPORTED_SCOPES = \"openid profile email\";\n    NETBIRD_TOKEN_SOURCE = \"idToken\";\n    USE_AUTH0 = false;\n  }\n''"}, "description": "An attribute set that will be used to substitute variables when building the dashboard.\nAny values set here will be templated into the frontend and be public for anyone that can reach your website.\nThe exact values sadly aren't documented anywhere.\nA starting point when searching for valid values is this [script](https://github.com/netbirdio/dashboard/blob/main/docker/init_react_envs.sh)\nThe only mandatory value is 'AUTH_AUTHORITY' as we cannot set a default value here.\n", "loc": ["services", "netbird", "server", "dashboard", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or boolean)"}, "services.netbird.server.domain": {"declarations": ["nixos/modules/services/networking/netbird/server.nix"], "description": "The domain under which the netbird server runs.", "loc": ["services", "netbird", "server", "domain"], "readOnly": false, "type": "string"}, "services.netbird.server.enable": {"declarations": ["nixos/modules/services/networking/netbird/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Netbird Server stack, comprising the dashboard, management API and signal service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.server.enableNginx": {"declarations": ["nixos/modules/services/networking/netbird/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nginx reverse-proxy for the netbird server services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.netbird.server.management.disableAnonymousMetrics": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disables push of anonymous usage metrics to NetBird.", "loc": ["services", "netbird", "server", "management", "disableAnonymousMetrics"], "readOnly": false, "type": "boolean"}, "services.netbird.server.management.disableSingleAccountMode": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to true, disables single account mode.\nThe `singleAccountModeDomain` property will be ignored and every new user will have a separate NetBird account.\n", "loc": ["services", "netbird", "server", "management", "disableSingleAccountMode"], "readOnly": false, "type": "boolean"}, "services.netbird.server.management.dnsDomain": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "\"netbird.selfhosted\""}, "description": "Domain used for peer resolution.", "loc": ["services", "netbird", "server", "management", "dnsDomain"], "readOnly": false, "type": "string"}, "services.netbird.server.management.domain": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "description": "The domain under which the management API runs.", "loc": ["services", "netbird", "server", "management", "domain"], "readOnly": false, "type": "string"}, "services.netbird.server.management.enable": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Netbird Management Service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "management", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.server.management.enableNginx": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nginx reverse-proxy for the netbird management service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "management", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.netbird.server.management.extraOptions": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional options given to netbird-mgmt as commandline arguments.\n", "loc": ["services", "netbird", "server", "management", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.netbird.server.management.logLevel": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level of the netbird services.", "loc": ["services", "netbird", "server", "management", "logLevel"], "readOnly": false, "type": "one of \"ERROR\", \"WARN\", \"INFO\", \"DEBUG\""}, "services.netbird.server.management.metricsPort": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "9090"}, "description": "Internal port of the metrics server.", "loc": ["services", "netbird", "server", "management", "metricsPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.server.management.oidcConfigEndpoint": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "description": "The oidc discovery endpoint.", "example": {"_type": "literalExpression", "text": "\"https://example.eu.auth0.com/.well-known/openid-configuration\""}, "loc": ["services", "netbird", "server", "management", "oidcConfigEndpoint"], "readOnly": false, "type": "string"}, "services.netbird.server.management.package": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netbird-management"}, "description": "The netbird-management package to use.", "loc": ["services", "netbird", "server", "management", "package"], "readOnly": false, "type": "package"}, "services.netbird.server.management.port": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "8011"}, "description": "Internal port of the management server.", "loc": ["services", "netbird", "server", "management", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.server.management.settings": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "defaultSettings = {\n  Stuns = [\n    {\n      Proto = \"udp\";\n      URI = \"stun:${cfg.turnDomain}:3478\";\n      Username = \"\";\n      Password = null;\n    }\n  ];\n\n  TURNConfig = {\n    Turns = [\n      {\n        Proto = \"udp\";\n        URI = \"turn:${cfg.turnDomain}:3478\";\n        Username = \"netbird\";\n        Password = \"netbird\";\n      }\n    ];\n\n    CredentialsTTL = \"12h\";\n    Secret = \"not-secure-secret\";\n    TimeBasedCredentials = false;\n  };\n\n  Signal = {\n    Proto = \"https\";\n    URI = \"${cfg.domain}:443\";\n    Username = \"\";\n    Password = null;\n  };\n\n  ReverseProxy = {\n    TrustedHTTPProxies = [ ];\n    TrustedHTTPProxiesCount = 0;\n    TrustedPeers = [ \"0.0.0.0/0\" ];\n  };\n\n  Datadir = \"${stateDir}/data\";\n  DataStoreEncryptionKey = \"genEVP6j/Yp2EeVujm0zgqXrRos29dQkpvX0hHdEUlQ=\";\n  StoreConfig = { Engine = \"sqlite\"; };\n\n  HttpConfig = {\n    Address = \"127.0.0.1:${toString cfg.port}\";\n    IdpSignKeyRefreshEnabled = true;\n    OIDCConfigEndpoint = cfg.oidcConfigEndpoint;\n  };\n\n  IdpManagerConfig = {\n    ManagerType = \"none\";\n    ClientConfig = {\n      Issuer = \"\";\n      TokenEndpoint = \"\";\n      ClientID = \"netbird\";\n      ClientSecret = \"\";\n      GrantType = \"client_credentials\";\n    };\n\n    ExtraConfig = { };\n    Auth0ClientCredentials = null;\n    AzureClientCredentials = null;\n    KeycloakClientCredentials = null;\n    ZitadelClientCredentials = null;\n  };\n\n  DeviceAuthorizationFlow = {\n    Provider = \"none\";\n    ProviderConfig = {\n      Audience = \"netbird\";\n      Domain = null;\n      ClientID = \"netbird\";\n      TokenEndpoint = null;\n      DeviceAuthEndpoint = \"\";\n      Scope = \"openid profile email offline_access api\";\n      UseIDToken = false;\n    };\n  };\n\n  PKCEAuthorizationFlow = {\n    ProviderConfig = {\n      Audience = \"netbird\";\n      ClientID = \"netbird\";\n      ClientSecret = \"\";\n      AuthorizationEndpoint = \"\";\n      TokenEndpoint = \"\";\n      Scope = \"openid profile email offline_access api\";\n      RedirectURLs = \"http://localhost:53000\";\n      UseIDToken = false;\n    };\n  };\n};\n"}, "description": "Configuration of the netbird management server.\nOptions containing secret data should be set to an attribute set containing the attribute _secret\n- a string pointing to a file containing the value the option should be set to.\nSee the example to get a better picture of this: in the resulting management.json file,\nthe `DataStoreEncryptionKey` key will be set to the contents of the /run/agenix/netbird_mgmt-data_store_encryption_key file.\n", "example": {"_type": "literalExpression", "text": "{\n  DataStoreEncryptionKey = {\n    _secret = \"/run/agenix/netbird_mgmt-data_store_encryption_key\";\n  };\n}"}, "loc": ["services", "netbird", "server", "management", "settings"], "readOnly": false, "type": "JSON value"}, "services.netbird.server.management.singleAccountModeDomain": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "\"netbird.selfhosted\""}, "description": "Enables single account mode.\nThis means that all the users will be under the same account grouped by the specified domain.\nIf the installation has more than one account, the property is ineffective.\n", "loc": ["services", "netbird", "server", "management", "singleAccountModeDomain"], "readOnly": false, "type": "string"}, "services.netbird.server.management.turnDomain": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "description": "The domain of the TURN server to use.", "loc": ["services", "netbird", "server", "management", "turnDomain"], "readOnly": false, "type": "string"}, "services.netbird.server.management.turnPort": {"declarations": ["nixos/modules/services/networking/netbird/management.nix"], "default": {"_type": "literalExpression", "text": "3478"}, "description": "The port of the TURN server to use.\n", "loc": ["services", "netbird", "server", "management", "turnPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.server.signal.domain": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "description": "The domain name for the signal service.", "loc": ["services", "netbird", "server", "signal", "domain"], "readOnly": false, "type": "string"}, "services.netbird.server.signal.enable": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Netbird's Signal Service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "signal", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.server.signal.enableNginx": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nginx reverse-proxy for the netbird signal service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "server", "signal", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.netbird.server.signal.extraOptions": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional options given to netbird-signal as commandline arguments.\n", "loc": ["services", "netbird", "server", "signal", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.netbird.server.signal.logLevel": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level of the netbird signal service.", "loc": ["services", "netbird", "server", "signal", "logLevel"], "readOnly": false, "type": "one of \"ERROR\", \"WARN\", \"INFO\", \"DEBUG\""}, "services.netbird.server.signal.metricsPort": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "9091"}, "description": "Internal port of the metrics server.", "loc": ["services", "netbird", "server", "signal", "metricsPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.server.signal.package": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netbird-signal"}, "description": "The netbird-signal package to use.", "loc": ["services", "netbird", "server", "signal", "package"], "readOnly": false, "type": "package"}, "services.netbird.server.signal.port": {"declarations": ["nixos/modules/services/networking/netbird/signal.nix"], "default": {"_type": "literalExpression", "text": "8012"}, "description": "Internal port of the signal server.", "loc": ["services", "netbird", "server", "signal", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.tunnels": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "description": "Alias of {option}`services.netbird.clients`.", "loc": ["services", "netbird", "tunnels"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.netbird.tunnels.<name>.autoStart": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Start the service with the system.\n\nAs of 2024-02-13 it is not possible to start a NetBird client daemon without immediately\nconnecting to the network, but it is [planned for a near future](https://github.com/netbirdio/netbird/projects/2#card-91718018).\n", "loc": ["services", "netbird", "tunnels", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "services.netbird.tunnels.<name>.bin.suffix": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "A system group name for this client instance.\n", "loc": ["services", "netbird", "tunnels", "<name>", "bin", "suffix"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.config": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "{\n  DisableAutoConnect = !client.autoStart;\n  WgIface = client.interface;\n  WgPort = client.port;\n} // optionalAttrs (client.dns-resolver.address != null) {\n  CustomDNSAddress = \"${client.dns-resolver.address}:${toString client.dns-resolver.port}\";\n}\n"}, "description": "Additional configuration that exists before the first start and\nlater overrides the existing values in {file}`config.json`.\n\nIt is mostly helpful to manage configuration ignored/not yet implemented\noutside of `netbird up` invocation.\n\nWARNING: this is not an upstream feature, it could break in the future\n(by having lower priority) after upstream implements an equivalent.\n\nIt is implemented as a `preStart` script which overrides {file}`config.json`\nwith content of {file}`/etc/netbird-\u2039name\u203a/config.d/*.json` files.\nThis option manages specifically {file}`50-nixos.json` file.\n\nConsult [the source code](https://github.com/netbirdio/netbird/blob/88747e3e0191abc64f1e8c7ecc65e5e50a1527fd/client/internal/config.go#L49-L82)\nor inspect existing file for a complete list of available configurations.\n", "loc": ["services", "netbird", "tunnels", "<name>", "config"], "readOnly": false, "type": "JSON value"}, "services.netbird.tunnels.<name>.dir.baseName": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A systemd service name to use (without `.service` suffix).\n", "loc": ["services", "netbird", "tunnels", "<name>", "dir", "baseName"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.dir.runtime": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"/var/run/netbird-\u2039name\u203a\""}, "description": "A runtime directory used by NetBird client.\n", "loc": ["services", "netbird", "tunnels", "<name>", "dir", "runtime"], "readOnly": false, "type": "absolute path"}, "services.netbird.tunnels.<name>.dir.state": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/netbird-\u2039name\u203a\""}, "description": "A state directory used by NetBird client to store {file}`config.json`, {file}`state.json` & {file}`resolv.conf`.\n", "loc": ["services", "netbird", "tunnels", "<name>", "dir", "state"], "readOnly": false, "type": "absolute path"}, "services.netbird.tunnels.<name>.dns-resolver.address": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An explicit address that NetBird will serve `*.netbird.cloud.` (usually) entries on.\n\nNetBird serves DNS on it's own (dynamic) client address by default.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.123\""}, "loc": ["services", "netbird", "tunnels", "<name>", "dns-resolver", "address"], "readOnly": false, "type": "null or string"}, "services.netbird.tunnels.<name>.dns-resolver.port": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "A port to serve DNS entries on when `dns-resolver.address` is enabled.\n", "loc": ["services", "netbird", "tunnels", "<name>", "dns-resolver", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.tunnels.<name>.environment": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "{\n  NB_STATE_DIR = client.dir.state;\n  NB_CONFIG = \"${client.dir.state}/config.json\";\n  NB_DAEMON_ADDR = \"unix://${client.dir.runtime}/sock\";\n  NB_INTERFACE_NAME = client.interface;\n  NB_LOG_FILE = mkOptionDefault \"console\";\n  NB_LOG_LEVEL = client.logLevel;\n  NB_SERVICE = client.service.name;\n  NB_WIREGUARD_PORT = toString client.port;\n} // optionalAttrs (client.dns-resolver.address != null) {\n  NB_DNS_RESOLVER_ADDRESS = \"${client.dns-resolver.address}:${toString client.dns-resolver.port}\";\n}\n"}, "description": "Environment for the netbird service, used to pass configuration options.\n", "loc": ["services", "netbird", "tunnels", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.netbird.tunnels.<name>.hardened": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Hardened service:\n- runs as a dedicated user with minimal set of permissions (see caveats),\n- restricts daemon configuration socket access to dedicated user group\n  (you can grant access to it with `users.users.\"<user>\".extraGroups = [ netbird-\u2039name\u203a ]`),\n\nEven though the local system resources access is restricted:\n- `CAP_NET_RAW`, `CAP_NET_ADMIN` and `CAP_BPF` still give unlimited network manipulation possibilites,\n- older kernels don't have `CAP_BPF` and use `CAP_SYS_ADMIN` instead,\n\nKnown security features that are not (yet) integrated into the module:\n- 2024-02-14: `rosenpass` is an experimental feature configurable solely\n  through `--enable-rosenpass` flag on the `netbird up` command,\n  see [the docs](https://docs.netbird.io/how-to/enable-post-quantum-cryptography)\n", "loc": ["services", "netbird", "tunnels", "<name>", "hardened"], "readOnly": false, "type": "boolean"}, "services.netbird.tunnels.<name>.interface": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"nb-\u2039name\u203a\""}, "description": "Name of the network interface managed by this client.\n", "loc": ["services", "netbird", "tunnels", "<name>", "interface"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.logLevel": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level of the NetBird daemon.", "loc": ["services", "netbird", "tunnels", "<name>", "logLevel"], "readOnly": false, "type": "one of \"panic\", \"fatal\", \"error\", \"warn\", \"warning\", \"info\", \"debug\", \"trace\""}, "services.netbird.tunnels.<name>.login.enable": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automated login for NetBird client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netbird", "tunnels", "<name>", "login", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.tunnels.<name>.login.setupKeyFile": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A Setup Key file path used for automated login of the machine.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/netbird-priv/setup-key\""}, "loc": ["services", "netbird", "tunnels", "<name>", "login", "setupKeyFile"], "readOnly": false, "type": "null or string"}, "services.netbird.tunnels.<name>.login.systemdDependencies": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional systemd dependencies required to succeed before the Setup Key file becomes available.\n", "example": {"_type": "literalExpression", "text": "[ \"sops-install-secrets.service\" ]\n"}, "loc": ["services", "netbird", "tunnels", "<name>", "login", "systemdDependencies"], "readOnly": false, "type": "list of string"}, "services.netbird.tunnels.<name>.name": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Primary name for use (as a suffix) in:\n- systemd service name,\n- hardened user name and group,\n- [systemd `*Directory=`](https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=) names,\n- desktop application identification,\n", "loc": ["services", "netbird", "tunnels", "<name>", "name"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.openFirewall": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens up firewall `port` for communication between NetBird peers directly over LAN or public IP,\nwithout using (internet-hosted) TURN servers as intermediaries.\n", "loc": ["services", "netbird", "tunnels", "<name>", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.netbird.tunnels.<name>.openInternalFirewall": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Opens up internal firewall ports for the NetBird's network interface.\n", "loc": ["services", "netbird", "tunnels", "<name>", "openInternalFirewall"], "readOnly": false, "type": "boolean"}, "services.netbird.tunnels.<name>.port": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "description": "Port the NetBird client listens on.\n", "example": {"_type": "literalExpression", "text": "51820"}, "loc": ["services", "netbird", "tunnels", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbird.tunnels.<name>.service.name": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A systemd service name to use (without `.service` suffix).\n", "loc": ["services", "netbird", "tunnels", "<name>", "service", "name"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.suffixedName": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A systemd service name to use (without `.service` suffix).\n", "loc": ["services", "netbird", "tunnels", "<name>", "suffixedName"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.ui.enable": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "client.ui.enable"}, "description": "Controls presence of `netbird-ui` wrapper for this NetBird client.\n", "loc": ["services", "netbird", "tunnels", "<name>", "ui", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.tunnels.<name>.user.group": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A system group name for this client instance.\n", "loc": ["services", "netbird", "tunnels", "<name>", "user", "group"], "readOnly": false, "type": "string"}, "services.netbird.tunnels.<name>.user.name": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"netbird-\u2039name\u203a\""}, "description": "A system user name for this client instance.\n", "loc": ["services", "netbird", "tunnels", "<name>", "user", "name"], "readOnly": false, "type": "string"}, "services.netbird.ui.enable": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "config.services.displayManager.sessionPackages != [ ] || config.services.xserver.enable\n"}, "description": "Controls presence `netbird-ui` wrappers, defaults to presence of graphical sessions.\n", "loc": ["services", "netbird", "ui", "enable"], "readOnly": false, "type": "boolean"}, "services.netbird.ui.package": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netbird-ui"}, "description": "The netbird-ui package to use.", "loc": ["services", "netbird", "ui", "package"], "readOnly": false, "type": "package"}, "services.netbird.useRoutingFeatures": {"declarations": ["nixos/modules/services/networking/netbird.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Enables settings required for NetBird's routing features: Network Resources, Network Routes & Exit Nodes.\n\nWhen set to `client` or `both`, reverse path filtering will be set to loose instead of strict.\nWhen set to `server` or `both`, IP forwarding will be enabled.\n", "example": {"_type": "literalExpression", "text": "\"server\""}, "loc": ["services", "netbird", "useRoutingFeatures"], "readOnly": false, "type": "one of \"none\", \"client\", \"server\", \"both\""}, "services.netbox.dataDir": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/netbox\""}, "description": "Storage path of netbox.\n", "loc": ["services", "netbox", "dataDir"], "readOnly": false, "type": "string"}, "services.netbox.enable": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Netbox.\n\nThis module requires a reverse proxy that serves `/static` separately.\nSee this [example](https://github.com/netbox-community/netbox/blob/develop/contrib/nginx.conf/) on how to configure this.\n", "loc": ["services", "netbox", "enable"], "readOnly": false, "type": "boolean"}, "services.netbox.enableLdap": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable LDAP-Authentication for Netbox.\n\nThis requires a configuration file being pass through `ldapConfigPath`.\n", "loc": ["services", "netbox", "enableLdap"], "readOnly": false, "type": "boolean"}, "services.netbox.extraConfig": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to the `configuration.py`.\nSee the [documentation](https://docs.netbox.dev/en/stable/configuration/) for more possible options.\n", "loc": ["services", "netbox", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.netbox.gunicornArgs": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "extra args for gunicorn when serving netbox", "example": {"_type": "literalExpression", "text": "[\n  \"--workers\"\n  \"9\"\n]"}, "loc": ["services", "netbox", "gunicornArgs"], "readOnly": false, "type": "list of string"}, "services.netbox.keycloakClientSecret": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the keycloak client secret.\n", "loc": ["services", "netbox", "keycloakClientSecret"], "readOnly": false, "type": "null or absolute path"}, "services.netbox.ldapConfigPath": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.\nSee the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options.\n", "example": {"_type": "literalExpression", "text": "''\n  import ldap\n  from django_auth_ldap.config import LDAPSearch, PosixGroupType\n  \n  AUTH_LDAP_SERVER_URI = \"ldaps://ldap.example.com/\"\n  \n  AUTH_LDAP_USER_SEARCH = LDAPSearch(\n      \"ou=accounts,ou=posix,dc=example,dc=com\",\n      ldap.SCOPE_SUBTREE,\n      \"(uid=%(user)s)\",\n  )\n  \n  AUTH_LDAP_GROUP_SEARCH = LDAPSearch(\n      \"ou=groups,ou=posix,dc=example,dc=com\",\n      ldap.SCOPE_SUBTREE,\n      \"(objectClass=posixGroup)\",\n  )\n  AUTH_LDAP_GROUP_TYPE = PosixGroupType()\n  \n  # Mirror LDAP group assignments.\n  AUTH_LDAP_MIRROR_GROUPS = True\n  \n  # For more granular permissions, we can map LDAP groups to Django groups.\n  AUTH_LDAP_FIND_GROUP_PERMS = True\n''"}, "loc": ["services", "netbox", "ldapConfigPath"], "readOnly": false, "type": "absolute path"}, "services.netbox.listenAddress": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "\"[::1]\""}, "description": "Address the server will listen on.\nIgnored if `unixSocket` is set.\n", "loc": ["services", "netbox", "listenAddress"], "readOnly": false, "type": "string"}, "services.netbox.package": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "if lib.versionAtLeast config.system.stateVersion \"25.11\"\nthen pkgs.netbox_4_4\nelse pkgs.netbox_4_2;\n"}, "description": "NetBox package to use.\n", "loc": ["services", "netbox", "package"], "readOnly": false, "type": "package"}, "services.netbox.plugins": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "python3Packages: with python3Packages; [];\n"}, "description": "List of plugin packages to install.\n", "loc": ["services", "netbox", "plugins"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.netbox.port": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "8001"}, "description": "Port the server will listen on.\nIgnored if `unixSocket` is set.\n", "loc": ["services", "netbox", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.netbox.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "description": "Path to a file containing the secret key.\n", "loc": ["services", "netbox", "secretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.netbox.settings": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options to set in `configuration.py`.\nSee the [documentation](https://docs.netbox.dev/en/stable/configuration/) for more possible options.\n", "loc": ["services", "netbox", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Python value)"}, "services.netbox.settings.ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "A list of valid fully-qualified domain names (FQDNs) and/or IP\naddresses that can be used to reach the NetBox service.\n", "loc": ["services", "netbox", "settings", "ALLOWED_HOSTS"], "readOnly": false, "type": "list of string"}, "services.netbox.unixSocket": {"declarations": ["nixos/modules/services/web-apps/netbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable Unix Socket for the server to listen on.\n`listenAddress` and `port` will be ignored.\n", "example": {"_type": "literalExpression", "text": "\"/run/netbox/netbox.sock\""}, "loc": ["services", "netbox", "unixSocket"], "readOnly": false, "type": "null or string"}, "services.netclient.enable": {"declarations": ["nixos/modules/services/networking/netclient.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Netclient Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netclient", "enable"], "readOnly": false, "type": "boolean"}, "services.netclient.package": {"declarations": ["nixos/modules/services/networking/netclient.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netclient"}, "description": "The netclient package to use.", "loc": ["services", "netclient", "package"], "readOnly": false, "type": "package"}, "services.netdata.claimTokenFile": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, automatically registers the agent using the given claim token\nfile.\n", "loc": ["services", "netdata", "claimTokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.netdata.config": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "netdata.conf configuration as nix attributes. cannot be combined with configText.", "example": {"_type": "literalExpression", "text": "global = {\n  \"debug log\" = \"syslog\";\n  \"access log\" = \"syslog\";\n  \"error log\" = \"syslog\";\n};\n"}, "loc": ["services", "netdata", "config"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.netdata.configDir": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Complete netdata config directory except netdata.conf.\nThe default configuration is merged with changes\ndefined in this option.\nEach top-level attribute denotes a path in the configuration\ndirectory as in environment.etc.\nIts value is the absolute path and must be readable by netdata.\nCannot be combined with configText.\n", "example": {"_type": "literalExpression", "text": "\"health_alarm_notify.conf\" = pkgs.writeText \"health_alarm_notify.conf\" ''\n  sendmail=\"/path/to/sendmail\"\n'';\n\"health.d\" = \"/run/secrets/netdata/health.d\";\n"}, "loc": ["services", "netdata", "configDir"], "readOnly": false, "type": "attribute set of absolute path"}, "services.netdata.configText": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verbatim netdata.conf, cannot be combined with config.", "example": {"_type": "literalExpression", "text": "''\n  [global]\n  debug log = syslog\n  access log = syslog\n  error log = syslog\n''"}, "loc": ["services", "netdata", "configText"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.netdata.deadlineBeforeStopSec": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "In order to detect when netdata is misbehaving, we run a concurrent task pinging netdata (wait-for-netdata-up)\nin the systemd unit.\n\nIf after a while, this task does not succeed, we stop the unit and mark it as failed.\n\nYou can control this deadline in seconds with this option, it's useful to bump it\nif you have (1) a lot of data (2) doing upgrades (3) have low IOPS/throughput.\n", "loc": ["services", "netdata", "deadlineBeforeStopSec"], "readOnly": false, "type": "signed integer"}, "services.netdata.enable": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable netdata.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "netdata", "enable"], "readOnly": false, "type": "boolean"}, "services.netdata.enableAnalyticsReporting": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable reporting of anonymous usage statistics to Netdata Inc. via either\nGoogle Analytics (in versions prior to 1.29.4), or Netdata Inc.'s\nself-hosted PostHog (in versions 1.29.4 and later).\nSee: <https://learn.netdata.cloud/docs/agent/anonymous-statistics>\n", "loc": ["services", "netdata", "enableAnalyticsReporting"], "readOnly": false, "type": "boolean"}, "services.netdata.extraNdsudoPackages": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to `PATH` to make available to `ndsudo`.\n::: {.warning}\n`ndsudo` has SUID privileges, be careful what packages you list here.\n:::\n\n::: {.note}\n`cfg.package` must be built with `withNdsudo = true`\n:::\n", "example": {"_type": "literalExpression", "text": "''\n  [\n    pkgs.smartmontools\n    pkgs.nvme-cli\n  ]\n''"}, "loc": ["services", "netdata", "extraNdsudoPackages"], "readOnly": false, "type": "list of package"}, "services.netdata.extraPluginPaths": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra paths to add to the netdata global \"plugins directory\"\noption.  Useful for when you want to include your own\ncollection scripts.\n\nDetails about writing a custom netdata plugin are available at:\n<https://docs.netdata.cloud/collectors/plugins.d/>\n\nCannot be combined with configText.\n", "example": {"_type": "literalExpression", "text": "[ \"/path/to/plugins.d\" ]\n"}, "loc": ["services", "netdata", "extraPluginPaths"], "readOnly": false, "type": "list of absolute path"}, "services.netdata.group": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "\"netdata\""}, "description": "Group under which netdata runs.", "loc": ["services", "netdata", "group"], "readOnly": false, "type": "string"}, "services.netdata.package": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "pkgs.netdata"}, "description": "The netdata package to use.", "loc": ["services", "netdata", "package"], "readOnly": false, "type": "package"}, "services.netdata.python.enable": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable python-based plugins\n", "loc": ["services", "netdata", "python", "enable"], "readOnly": false, "type": "boolean"}, "services.netdata.python.extraPackages": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "ps: []"}, "description": "Extra python packages available at runtime\nto enable additional python plugins.\n", "example": {"_type": "literalExpression", "text": "ps: [\n  ps.psycopg2\n  ps.docker\n  ps.dnspython\n]\n"}, "loc": ["services", "netdata", "python", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.netdata.python.recommendedPythonPackages": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a set of recommended Python plugins\nby installing extra Python packages.\n", "loc": ["services", "netdata", "python", "recommendedPythonPackages"], "readOnly": false, "type": "boolean"}, "services.netdata.user": {"declarations": ["nixos/modules/services/monitoring/netdata.nix"], "default": {"_type": "literalExpression", "text": "\"netdata\""}, "description": "User account under which netdata runs.", "loc": ["services", "netdata", "user"], "readOnly": false, "type": "string"}, "services.networkaudiod.enable": {"declarations": ["nixos/modules/services/audio/networkaudiod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Networkaudiod (NAA).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "networkaudiod", "enable"], "readOnly": false, "type": "boolean"}, "services.networkd-dispatcher.enable": {"declarations": ["nixos/modules/services/networking/networkd-dispatcher.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Networkd-dispatcher service for systemd-networkd connection status\nchange. See [upstream instructions](https://gitlab.com/craftyguy/networkd-dispatcher)\nfor usage\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "networkd-dispatcher", "enable"], "readOnly": false, "type": "boolean"}, "services.networkd-dispatcher.extraArgs": {"declarations": ["nixos/modules/services/networking/networkd-dispatcher.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the networkd-dispatcher command.\n", "loc": ["services", "networkd-dispatcher", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.networkd-dispatcher.rules": {"declarations": ["nixos/modules/services/networking/networkd-dispatcher.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative configuration of networkd-dispatcher rules. See\n[upstream instructions](https://gitlab.com/craftyguy/networkd-dispatcher)\nfor an introduction and example scripts.\n", "example": {"_type": "literalExpression", "text": "{ \"restart-tor\" = {\n    onState = [\"routable\" \"off\"];\n    script = ''\n      #!${pkgs.runtimeShell}\n      if [[ $IFACE == \"wlan0\" && $AdministrativeState == \"configured\" ]]; then\n        echo \"Restarting Tor ...\"\n        systemctl restart tor\n      fi\n      exit 0\n    '';\n  };\n};\n"}, "loc": ["services", "networkd-dispatcher", "rules"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.networkd-dispatcher.rules.<name>.onState": {"declarations": ["nixos/modules/services/networking/networkd-dispatcher.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of names of the systemd-networkd operational states which\nshould trigger the script. See {manpage}`networkctl(1)`\nfor a description of the specific state type.\n", "loc": ["services", "networkd-dispatcher", "rules", "<name>", "onState"], "readOnly": false, "type": "list of (one of \"routable\", \"dormant\", \"no-carrier\", \"off\", \"carrier\", \"degraded\", \"configuring\", \"configured\", \"enslaved\")"}, "services.networkd-dispatcher.rules.<name>.script": {"declarations": ["nixos/modules/services/networking/networkd-dispatcher.nix"], "description": "Shell commands executed on specified operational states.\n", "loc": ["services", "networkd-dispatcher", "rules", "<name>", "script"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.networking.websockify.enable": {"declarations": ["nixos/modules/services/networking/websockify.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable websockify to forward websocket connections to TCP connections.", "loc": ["services", "networking", "websockify", "enable"], "readOnly": false, "type": "boolean"}, "services.networking.websockify.portMap": {"declarations": ["nixos/modules/services/networking/websockify.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Ports to map by default.", "loc": ["services", "networking", "websockify", "portMap"], "readOnly": false, "type": "attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.networking.websockify.sslCert": {"declarations": ["nixos/modules/services/networking/websockify.nix"], "description": "Path to the SSL certificate.", "loc": ["services", "networking", "websockify", "sslCert"], "readOnly": false, "type": "absolute path"}, "services.networking.websockify.sslKey": {"declarations": ["nixos/modules/services/networking/websockify.nix"], "default": {"_type": "literalExpression", "text": "config.services.networking.websockify.sslCert"}, "description": "Path to the SSL key.", "loc": ["services", "networking", "websockify", "sslKey"], "readOnly": false, "type": "absolute path"}, "services.newt.blueprint": {"declarations": ["nixos/modules/services/networking/newt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Blueprint for declarative settings, see [Newt Blueprint docs](https://docs.pangolin.net/manage/blueprints#blueprints) for more information.", "example": {"_type": "literalExpression", "text": "{\n  proxy-resources = {\n    jellyfin = {\n      auth = {\n        sso-enabled = true;\n      };\n      full-domain = \"jfn.example.com\";\n      name = \"Jellyfin\";\n      protocol = \"http\";\n      targets = [\n        {\n          hostname = \"localhost\";\n          method = \"http\";\n          port = 8096;\n        }\n      ];\n    };\n  };\n}"}, "loc": ["services", "newt", "blueprint"], "readOnly": false, "type": "YAML 1.1 value"}, "services.newt.enable": {"declarations": ["nixos/modules/services/networking/newt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Newt, user space tunnel client for Pangolin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "newt", "enable"], "readOnly": false, "type": "boolean"}, "services.newt.environmentFile": {"declarations": ["nixos/modules/services/networking/newt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing sensitive environment variables for Newt. See [Client credentials](https://docs.pangolin.net/manage/clients/credentials) for more information.\nThese will overwrite anything defined in the config.\nThe file should contain environment-variable assignments like:\nNEWT_ID=2ix2t8xk22ubpfy\nNEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2\n", "loc": ["services", "newt", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.newt.package": {"declarations": ["nixos/modules/services/networking/newt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fosrl-newt"}, "description": "The fosrl-newt package to use.", "loc": ["services", "newt", "package"], "readOnly": false, "type": "package"}, "services.newt.settings": {"declarations": ["nixos/modules/services/networking/newt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for Newt module, see [Newt CLI docs](https://github.com/fosrl/newt?tab=readme-ov-file#cli-args) for more information.", "example": {"_type": "literalExpression", "text": "{\n  endpoint = \"pangolin.example.com\";\n  id = \"8yfsghj438a20ol\";\n}"}, "loc": ["services", "newt", "settings"], "readOnly": false, "type": "value coercible to CLI argument"}, "services.nextcloud-spreed-signaling.backends": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A list of backends from which clients are allowed to connect from. The name of the attribute will be used as the\nbackend id.\n\nEach backend will have isolated rooms, i.e. clients connecting to room \"abc12345\" on backend 1 will be in a\ndifferent room than clients connected to a room with the same name on backend 2. Also sessions connected from\ndifferent backends will not be able to communicate with each other.\n", "example": {"_type": "literalExpression", "text": "{\n  nextcloud = {\n    secretFile = \"/run/secrets/nextcloud-secret\";\n    urls = [\n      \"https://cloud.example.com\"\n    ];\n  };\n}"}, "loc": ["services", "nextcloud-spreed-signaling", "backends"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nextcloud-spreed-signaling.backends.<name>.secretFile": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "description": "The path to the file containing the value for `backends.<name>.secret`.\n\nShared secret for requests from and to the backend servers.\n\nThis must be the same value as configured in the Nextloud Talk admin UI.\n\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/backends.<name>.secret\""}, "loc": ["services", "nextcloud-spreed-signaling", "backends", "<name>", "secretFile"], "readOnly": false, "type": "absolute path"}, "services.nextcloud-spreed-signaling.backends.<name>.urls": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "description": "List of URLs of the Nextcloud instance", "loc": ["services", "nextcloud-spreed-signaling", "backends", "<name>", "urls"], "readOnly": false, "type": "list of string"}, "services.nextcloud-spreed-signaling.configureNginx": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set up and configure an nginx virtual host according to upstream's recommendations.\n\nThe virtualHost domain must be specified under `config.services.nextcloud-spreed-signaling.hostName` if this is enabled.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud-spreed-signaling", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.nextcloud-spreed-signaling.enable": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Spreed standalone signaling server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud-spreed-signaling", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud-spreed-signaling.group": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud-spreed-signaling\""}, "description": "Group under which to run the Spreed signaling server.", "loc": ["services", "nextcloud-spreed-signaling", "group"], "readOnly": false, "type": "string"}, "services.nextcloud-spreed-signaling.hostName": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The host name to bind the nginx virtual host to, if\n`config.services.nextcloud-spreed-signaling.configureNginx` is set to `true`.\n", "example": {"_type": "literalExpression", "text": "\"talk.mydomain.org\""}, "loc": ["services", "nextcloud-spreed-signaling", "hostName"], "readOnly": false, "type": "null or string"}, "services.nextcloud-spreed-signaling.package": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nextcloud-spreed-signaling"}, "description": "The nextcloud-spreed-signaling package to use.", "loc": ["services", "nextcloud-spreed-signaling", "package"], "readOnly": false, "type": "package"}, "services.nextcloud-spreed-signaling.settings": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative configuration. Refer to\n<https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in> for a list of available\noptions.\n", "loc": ["services", "nextcloud-spreed-signaling", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.nextcloud-spreed-signaling.settings.app.debug": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to \"true\" to install pprof debug handlers. Access will only be possible from IPs allowed through\nIPs declared in `config.services.nextcloud-spreed-signaling.settings.stats.allowed_ips`.\n\nSee \"https://golang.org/pkg/net/http/pprof/\" for further information.\n", "loc": ["services", "nextcloud-spreed-signaling", "settings", "app", "debug"], "readOnly": false, "type": "boolean"}, "services.nextcloud-spreed-signaling.settings.backend.allowall": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow any hostname as backend endpoint. This is insecure and not advised.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "backend", "allowall"], "readOnly": false, "type": "boolean"}, "services.nextcloud-spreed-signaling.settings.backend.backendtype": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "\"static\""}, "description": "Type of backend configuration.\nDefaults to \"static\".\n\nPossible values:\n- static: A comma-separated list of backends is given in the \"backends\" option (derived from\n  `config.services.nextcloud-spreed-signaling.backends`)\n- etcd: Backends are retrieved from an etcd cluster.\n", "loc": ["services", "nextcloud-spreed-signaling", "settings", "backend", "backendtype"], "readOnly": false, "type": "one of \"static\", \"etcd\""}, "services.nextcloud-spreed-signaling.settings.backend.connectionsperhost": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Maximum number of concurrent backend connections per host", "example": {"_type": "literalExpression", "text": "12"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "backend", "connectionsperhost"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.nextcloud-spreed-signaling.settings.backend.timeout": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Timeout in seconds for requests to the backend", "example": {"_type": "literalExpression", "text": "30"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "backend", "timeout"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.nextcloud-spreed-signaling.settings.clients.internalsecretFile": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "description": "The path to the file containing the value for `clients.internalsecret`.\n\nShared secret for connections from internal clients.\nThis must be the same value as configured in the respective internal services.\n\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/clients.internalsecret\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "clients", "internalsecretFile"], "readOnly": false, "type": "absolute path"}, "services.nextcloud-spreed-signaling.settings.etcd.endpoints": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of static etcd endpoints to connect to.", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1:2379\"\n]"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "etcd", "endpoints"], "readOnly": false, "type": "list of string"}, "services.nextcloud-spreed-signaling.settings.grpc.listen": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP and port to listen on for GRPC requests. Leave `null` to disable the listener.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:9090\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "grpc", "listen"], "readOnly": false, "type": "null or string"}, "services.nextcloud-spreed-signaling.settings.grpc.targets": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "For target type `static`: List of GRPC targets to connect to for clustering mode.", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.0.1:9090\"\n]"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "grpc", "targets"], "readOnly": false, "type": "list of string"}, "services.nextcloud-spreed-signaling.settings.http.listen": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP and port to listen on for HTTP requests, in the format of `ip:port`.\n\nIf set to `null`, will not spawn a HTTP listener at all.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8080\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "http", "listen"], "readOnly": false, "type": "null or string"}, "services.nextcloud-spreed-signaling.settings.https.certificate": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the certificate used for the HTTPS listener. Must be set if `config.services.nextcloud-spreed-signaling.settings.https.listen`\nis not `null`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nginx/ssl/server.crt\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "https", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.nextcloud-spreed-signaling.settings.https.key": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the private key used for the HTTPS listener. Must be set if `config.services.nextcloud-spreed-signaling.settings.https.listen`\nis not `null`.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nginx/ssl/server.key\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "https", "key"], "readOnly": false, "type": "null or absolute path"}, "services.nextcloud-spreed-signaling.settings.https.listen": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP and port to listen on for HTTPS requests, in the format of `ip:port`.\n\nIf set, must also specify `config.services.nextcloud-spreed-signaling.settings.https.certificate` and `config.services.nextcloud-spreed-signaling.settings.https.key`.\nIf set to `null`, will not spawn a HTTPS listener at all.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8443\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "https", "listen"], "readOnly": false, "type": "null or string"}, "services.nextcloud-spreed-signaling.settings.mcu.type": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The type of MCU to use. Leave empty to disable MCU functionality.", "example": {"_type": "literalExpression", "text": "\"janus\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "mcu", "type"], "readOnly": false, "type": "null or one of \"janus\", \"proxy\""}, "services.nextcloud-spreed-signaling.settings.nats.url": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"nats://loopback\"\n]"}, "description": "URL of one or more NATS backends to use.\n\nThis can be set to `nats://loopback` to process NATS messages internally instead.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nats://localhost:4222\"\n]"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "nats", "url"], "readOnly": false, "type": "list of string"}, "services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "description": "The path to the file containing the value for `sessions.blockkey`.\n\nKey for encrypting data in the sessions. Must be either 16, 24, or 32 bytes.\nGenerate one using `openssl rand -hex 16`\n\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/sessions.blockkey\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "sessions", "blockkeyFile"], "readOnly": false, "type": "absolute path"}, "services.nextcloud-spreed-signaling.settings.sessions.hashkeyFile": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "description": "The path to the file containing the value for `sessions.hashkey`.\n\nSecret value used to generate the checksums of sessions.\nThis should be a random string of 32 or 64 bytes.\nGenerate one using `openssl rand -hex 32`\n\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/sessions.hashkey\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "sessions", "hashkeyFile"], "readOnly": false, "type": "absolute path"}, "services.nextcloud-spreed-signaling.settings.stats.allowed_ips": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of IP addresses that are allowed to access the debug, stats and metrics endpoints.\n\nLeave empty or `null` to only allow access from localhost.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "stats", "allowed_ips"], "readOnly": false, "type": "null or (list of string)"}, "services.nextcloud-spreed-signaling.settings.turn.apikeyFile": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the file containing the value for `turn.apikey`.\n\nAPI key that the MCU will need to send when requesting TURN credentials.\n\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/turn.apikey\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "turn", "apikeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.nextcloud-spreed-signaling.settings.turn.secretFile": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the file containing the value for `turn.secret`.\n\nThe shared secret to use for generating TURN credentials. This must be the same as on the TURN server.\n\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/turn.secret\""}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "turn", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.nextcloud-spreed-signaling.settings.turn.servers": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of TURN servers to use. Leave empty to disable the TURN REST API.", "example": {"_type": "literalExpression", "text": "[\n  \"turn:1.2.3.4:9991?transport=udp\"\n]"}, "loc": ["services", "nextcloud-spreed-signaling", "settings", "turn", "servers"], "readOnly": false, "type": "list of string"}, "services.nextcloud-spreed-signaling.stateDir": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/nextcloud-spreed-signaling\""}, "description": "Directory used for state & config files.", "loc": ["services", "nextcloud-spreed-signaling", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.nextcloud-spreed-signaling.user": {"declarations": ["nixos/modules/services/networking/nextcloud-spreed-signaling.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud-spreed-signaling\""}, "description": "User account under which to run the Spreed signaling server.", "loc": ["services", "nextcloud-spreed-signaling", "user"], "readOnly": false, "type": "string"}, "services.nextcloud-whiteboard-server.enable": {"declarations": ["nixos/modules/services/web-apps/nextcloud-whiteboard-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nextcloud backend server for the Whiteboard app.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud-whiteboard-server", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud-whiteboard-server.secrets": {"declarations": ["nixos/modules/services/web-apps/nextcloud-whiteboard-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing the various secrets. Should be in the\nformat expected by systemd's `EnvironmentFile` directory.\n", "loc": ["services", "nextcloud-whiteboard-server", "secrets"], "readOnly": false, "type": "list of string"}, "services.nextcloud-whiteboard-server.settings": {"declarations": ["nixos/modules/services/web-apps/nextcloud-whiteboard-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to configure backend server. Especially the Nextcloud host\nurl has to be set. The required environment variable `JWT_SECRET_KEY`\nshould be set via the secrets option.\n", "example": {"_type": "literalExpression", "text": "{\n  NEXTCLOUD_URL = \"https://nextcloud.example.org\";\n}\n"}, "loc": ["services", "nextcloud-whiteboard-server", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.nextcloud.appstoreEnable": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Allow the installation and updating of apps from the Nextcloud appstore.\nEnabled by default unless there are packages in [](#opt-services.nextcloud.extraApps).\nSet this to true to force enable the store even if [](#opt-services.nextcloud.extraApps) is used.\nSet this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "appstoreEnable"], "readOnly": false, "type": "null or boolean"}, "services.nextcloud.autoUpdateApps.enable": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run a regular auto-update of all apps installed from the Nextcloud app store.\n", "loc": ["services", "nextcloud", "autoUpdateApps", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud.autoUpdateApps.startAt": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"05:00:00\""}, "description": "When to run the update. See `systemd.services.<name>.startAt`.\n", "example": {"_type": "literalExpression", "text": "\"Sun 14:00:00\""}, "loc": ["services", "nextcloud", "autoUpdateApps", "startAt"], "readOnly": false, "type": "string or list of string"}, "services.nextcloud.caching.apcu": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to load the APCu module into PHP.\n", "loc": ["services", "nextcloud", "caching", "apcu"], "readOnly": false, "type": "boolean"}, "services.nextcloud.caching.memcached": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to load the Memcached module into PHP.\nYou still need to enable Memcached in your config.php.\nSee <https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html>\n", "loc": ["services", "nextcloud", "caching", "memcached"], "readOnly": false, "type": "boolean"}, "services.nextcloud.caching.redis": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to load the Redis module into PHP.\nYou still need to enable Redis in your config.php.\nSee <https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html>\n", "loc": ["services", "nextcloud", "caching", "redis"], "readOnly": false, "type": "boolean"}, "services.nextcloud.cli.memoryLimit": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The `memory_limit` of PHP is equal to [](#opt-services.nextcloud.maxUploadSize).\nThe value can be customized for `nextcloud-cron.service` using this option.\n", "example": {"_type": "literalExpression", "text": "\"1G\""}, "loc": ["services", "nextcloud", "cli", "memoryLimit"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.adminpassFile": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "The full path to a file that contains the admin's password. The password is\nset only in the initial setup of Nextcloud by the systemd service `nextcloud-setup.service`.\n", "loc": ["services", "nextcloud", "config", "adminpassFile"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.adminuser": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Username for the admin account. The username is only set during the\ninitial setup of Nextcloud! Since the username also acts as unique\nID internally, it cannot be changed later!\n", "loc": ["services", "nextcloud", "config", "adminuser"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.dbhost": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host (+port) or socket path.\nIf [](#opt-services.nextcloud.database.createLocally) is true and\n[](#opt-services.nextcloud.config.dbtype) is either `pgsql` or `mysql`,\ndefaults to the correct Unix socket instead.\n", "example": {"_type": "literalExpression", "text": "\"localhost:5000\""}, "loc": ["services", "nextcloud", "config", "dbhost"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.dbname": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud\""}, "description": "Database name.", "loc": ["services", "nextcloud", "config", "dbname"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.dbpassFile": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to a file that contains the database password.\n", "loc": ["services", "nextcloud", "config", "dbpassFile"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.dbtableprefix": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Table prefix in Nextcloud's database.\n\n__Note:__ since Nextcloud 20 it's not an option anymore to create a database\nschema with a custom table prefix. This option only exists for backwards compatibility\nwith installations that were originally provisioned with Nextcloud <20.\n", "loc": ["services", "nextcloud", "config", "dbtableprefix"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.dbtype": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database type.", "loc": ["services", "nextcloud", "config", "dbtype"], "readOnly": false, "type": "null or one of \"sqlite\", \"pgsql\", \"mysql\""}, "services.nextcloud.config.dbuser": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud\""}, "description": "Database user.", "loc": ["services", "nextcloud", "config", "dbuser"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.objectstore.s3.bucket": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "The name of the S3 bucket.\n", "example": {"_type": "literalExpression", "text": "\"nextcloud\""}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "bucket"], "readOnly": false, "type": "string"}, "services.nextcloud.config.objectstore.s3.enable": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable S3 object storage as primary storage.\n\nThis mounts a bucket on an Amazon S3 object storage or compatible\nimplementation into the virtual filesystem.\n\nFurther details about this feature can be found in the\n[upstream documentation](https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud.config.objectstore.s3.hostname": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Required for some non-Amazon implementations.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "hostname"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.objectstore.s3.key": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "The access key for the S3 bucket.\n", "example": {"_type": "literalExpression", "text": "\"EJ39ITYZEUH5BGWDRUFY\""}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "key"], "readOnly": false, "type": "string"}, "services.nextcloud.config.objectstore.s3.port": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Required for some non-Amazon implementations.\n", "loc": ["services", "nextcloud", "config", "objectstore", "s3", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nextcloud.config.objectstore.s3.region": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Required for some non-Amazon implementations.\n", "example": {"_type": "literalExpression", "text": "\"REGION\""}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "region"], "readOnly": false, "type": "null or string"}, "services.nextcloud.config.objectstore.s3.secretFile": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "The full path to a file that contains the access secret.\n", "example": {"_type": "literalExpression", "text": "\"/var/nextcloud-objectstore-s3-secret\""}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "secretFile"], "readOnly": false, "type": "string"}, "services.nextcloud.config.objectstore.s3.sseCKeyFile": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If provided this is the full path to a file that contains the key\nto enable [server-side encryption with customer-provided keys][1]\n(SSE-C).\n\nThe file must contain a random 32-byte key encoded as a base64\nstring, e.g. generated with the command\n\n```\nopenssl rand 32 | base64\n```\n\n[1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html\n", "example": {"_type": "literalExpression", "text": "\"/var/nextcloud-objectstore-s3-sse-c-key\""}, "loc": ["services", "nextcloud", "config", "objectstore", "s3", "sseCKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.nextcloud.config.objectstore.s3.usePathStyle": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Required for some non-Amazon S3 implementations.\n\nOrdinarily, requests will be made with\n`http://bucket.hostname.domain/`, but with path style\nenabled requests are made with\n`http://hostname.domain/bucket` instead.\n", "loc": ["services", "nextcloud", "config", "objectstore", "s3", "usePathStyle"], "readOnly": false, "type": "boolean"}, "services.nextcloud.config.objectstore.s3.useSsl": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use SSL for objectstore access.\n", "loc": ["services", "nextcloud", "config", "objectstore", "s3", "useSsl"], "readOnly": false, "type": "boolean"}, "services.nextcloud.config.objectstore.s3.verify_bucket_exists": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the objectstore bucket if it does not exist.\n", "loc": ["services", "nextcloud", "config", "objectstore", "s3", "verify_bucket_exists"], "readOnly": false, "type": "boolean"}, "services.nextcloud.configureRedis": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure Nextcloud to use the recommended Redis settings for small instances.\n\n::: {.note}\nThe Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.\n:::\n\n::: {.note}\nThe `notify_push` app requires Redis to be configured. If this option is turned off, this must be configured manually.\n:::\n", "loc": ["services", "nextcloud", "configureRedis"], "readOnly": false, "type": "boolean"}, "services.nextcloud.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create the database and database user locally.\n", "loc": ["services", "nextcloud", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.nextcloud.datadir": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.home"}, "description": "Nextcloud's data storage path.  Will be [](#opt-services.nextcloud.home) by default.\nThis folder will be populated with a config.php file and a data folder which contains the state of the instance (excluding the database).\";\n", "example": {"_type": "literalExpression", "text": "\"/mnt/nextcloud-file\""}, "loc": ["services", "nextcloud", "datadir"], "readOnly": false, "type": "string"}, "services.nextcloud.enable": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nextcloud.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud.enableImagemagick": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the ImageMagick module for PHP.\nThis is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF).\nYou may want to disable it for increased security. In that case, previews will still be available\nfor some images (e.g. JPEG and PNG).\nSee <https://github.com/nextcloud/server/issues/13099>\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "enableImagemagick"], "readOnly": false, "type": "boolean"}, "services.nextcloud.extraApps": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp.\nThe appid must be identical to the \"id\" value in the apps appinfo/info.xml.\nUsing this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)).\n", "example": {"_type": "literalExpression", "text": "{\n  inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts;\n  phonetrack = pkgs.fetchNextcloudApp {\n    appName = \"phonetrack\";\n    appVersion = \"0.8.2\";\n    license = \"agpl3Plus\";\n    sha512 = \"f67902d1b48def9a244383a39d7bec95bb4215054963a9751f99dae9bd2f2740c02d2ef97b3b76d69a36fa95f8a9374dd049440b195f4dad2f0c4bca645de228\";\n    url = \"https://github.com/julien-nc/phonetrack/releases/download/v0.8.2/phonetrack-0.8.2.tar.gz\";\n  };\n}\n"}, "loc": ["services", "nextcloud", "extraApps"], "readOnly": false, "type": "attribute set of package"}, "services.nextcloud.extraAppsEnable": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time Nextcloud starts.\nIf set to false, apps need to be enabled in the Nextcloud web user interface or with `nextcloud-occ app:enable`.\n", "loc": ["services", "nextcloud", "extraAppsEnable"], "readOnly": false, "type": "boolean"}, "services.nextcloud.fastcgiTimeout": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "FastCGI timeout for database connection in seconds.\n", "loc": ["services", "nextcloud", "fastcgiTimeout"], "readOnly": false, "type": "signed integer"}, "services.nextcloud.finalPackage": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "Package to the finalized Nextcloud package, including all installed apps.\nThis is automatically set by the module.\n", "loc": ["services", "nextcloud", "finalPackage"], "readOnly": true, "type": "package"}, "services.nextcloud.home": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/nextcloud\""}, "description": "Storage path of nextcloud.", "loc": ["services", "nextcloud", "home"], "readOnly": false, "type": "string"}, "services.nextcloud.hostName": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "FQDN for the nextcloud instance.", "loc": ["services", "nextcloud", "hostName"], "readOnly": false, "type": "string"}, "services.nextcloud.https": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use HTTPS for generated links.\n\nBe aware that this also enables HTTP Strict Transport Security (HSTS) headers.\n", "loc": ["services", "nextcloud", "https"], "readOnly": false, "type": "boolean"}, "services.nextcloud.imaginary.enable": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Imaginary.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "imaginary", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"512M\""}, "description": "The upload limit for files. This changes the relevant options\nin php.ini and nginx if enabled.\n", "loc": ["services", "nextcloud", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.nextcloud.nginx.enableFastcgiRequestBuffering": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to buffer requests against fastcgi requests. This is a workaround\nfor `PUT` requests with the `Transfer-Encoding: chunked` header set and\nan unspecified `Content-Length`. Without request buffering for these requests,\nNextcloud will create files with zero bytes length as described in\n[nextcloud/server#7995](https://github.com/nextcloud/server/issues/7995).\n\n::: {.note}\nPlease keep in mind that upstream suggests to not enable this as it might\nlead to timeouts on large files being uploaded as described in the\n[administrator manual](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#nginx).\n:::\n", "loc": ["services", "nextcloud", "nginx", "enableFastcgiRequestBuffering"], "readOnly": false, "type": "boolean"}, "services.nextcloud.nginx.hstsMaxAge": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "15552000"}, "description": "Value for the `max-age` directive of the HTTP\n`Strict-Transport-Security` header.\n\nSee section 6.1.1 of IETF RFC 6797 for detailed information on this\ndirective and header.\n", "loc": ["services", "nextcloud", "nginx", "hstsMaxAge"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.nextcloud.notify_push.bendDomainToLocalhost": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option.\n\nThis is useful when nextcloud's domain is not a static IP address and when the reverse proxy cannot be bypassed because the backend connection is done via unix socket.\n", "loc": ["services", "nextcloud", "notify_push", "bendDomainToLocalhost"], "readOnly": false, "type": "boolean"}, "services.nextcloud.notify_push.dbhost": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.config.dbhost"}, "description": "Database host (+port) or socket path.\nIf [](#opt-services.nextcloud.database.createLocally) is true and\n[](#opt-services.nextcloud.config.dbtype) is either `pgsql` or `mysql`,\ndefaults to the correct Unix socket instead.\n", "example": {"_type": "literalExpression", "text": "\"localhost:5000\""}, "loc": ["services", "nextcloud", "notify_push", "dbhost"], "readOnly": false, "type": "null or string"}, "services.nextcloud.notify_push.dbname": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.config.dbname"}, "description": "Database name.", "loc": ["services", "nextcloud", "notify_push", "dbname"], "readOnly": false, "type": "null or string"}, "services.nextcloud.notify_push.dbpassFile": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.config.dbpassFile"}, "description": "The full path to a file that contains the database password.\n", "loc": ["services", "nextcloud", "notify_push", "dbpassFile"], "readOnly": false, "type": "null or string"}, "services.nextcloud.notify_push.dbtableprefix": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.config.dbtableprefix"}, "description": "Table prefix in Nextcloud's database.\n\n__Note:__ since Nextcloud 20 it's not an option anymore to create a database\nschema with a custom table prefix. This option only exists for backwards compatibility\nwith installations that were originally provisioned with Nextcloud <20.\n", "loc": ["services", "nextcloud", "notify_push", "dbtableprefix"], "readOnly": false, "type": "null or string"}, "services.nextcloud.notify_push.dbtype": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.config.dbtype"}, "description": "Database type.", "loc": ["services", "nextcloud", "notify_push", "dbtype"], "readOnly": false, "type": "null or one of \"sqlite\", \"pgsql\", \"mysql\""}, "services.nextcloud.notify_push.dbuser": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "config.services.nextcloud.config.dbuser"}, "description": "Database user.", "loc": ["services", "nextcloud", "notify_push", "dbuser"], "readOnly": false, "type": "null or string"}, "services.nextcloud.notify_push.enable": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Notify push.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "notify_push", "enable"], "readOnly": false, "type": "boolean"}, "services.nextcloud.notify_push.logLevel": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "\"error\""}, "description": "Log level", "loc": ["services", "nextcloud", "notify_push", "logLevel"], "readOnly": false, "type": "one of \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.nextcloud.notify_push.nextcloudUrl": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "\"http${lib.optionalString config.services.nextcloud.https \"s\"}://${config.services.nextcloud.hostName}\""}, "description": "Configure the nextcloud URL notify_push tries to connect to.", "loc": ["services", "nextcloud", "notify_push", "nextcloudUrl"], "readOnly": false, "type": "string"}, "services.nextcloud.notify_push.package": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nextcloud-notify_push"}, "description": "The nextcloud-notify_push package to use.", "loc": ["services", "nextcloud", "notify_push", "package"], "readOnly": false, "type": "package"}, "services.nextcloud.notify_push.socketPath": {"declarations": ["nixos/modules/services/web-apps/nextcloud-notify_push.nix"], "default": {"_type": "literalExpression", "text": "\"/run/nextcloud-notify_push/sock\""}, "description": "Socket path to use for notify_push", "loc": ["services", "nextcloud", "notify_push", "socketPath"], "readOnly": false, "type": "string"}, "services.nextcloud.occ": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalMD", "text": "generated script"}, "description": "The nextcloud-occ program preconfigured to target this Nextcloud instance.\n", "loc": ["services", "nextcloud", "occ"], "readOnly": false, "type": "package"}, "services.nextcloud.package": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "description": "Which package to use for the Nextcloud instance.", "loc": ["services", "nextcloud", "package"], "readOnly": false, "relatedPackages": "- [`pkgs.nextcloud32`](\n    https://search.nixos.org/packages?show=nextcloud32&sort=relevance&query=nextcloud32\n  )\n- [`pkgs.nextcloud33`](\n    https://search.nixos.org/packages?show=nextcloud33&sort=relevance&query=nextcloud33\n  )\n", "type": "package"}, "services.nextcloud.phpExtraExtensions": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "all: []"}, "description": "Additional PHP extensions to use for Nextcloud.\nBy default, only extensions necessary for a vanilla Nextcloud installation are enabled,\nbut you may choose from the list of available extensions and add further ones.\nThis is sometimes necessary to be able to install a certain Nextcloud app that has additional requirements.\n", "example": {"_type": "literalExpression", "text": "all: [ all.pdlib all.bz2 ]\n"}, "loc": ["services", "nextcloud", "phpExtraExtensions"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.nextcloud.phpOptions": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "{\n  catch_workers_output = \"yes\";\n  display_errors = \"stderr\";\n  error_reporting = \"E_ALL & ~E_DEPRECATED & ~E_STRICT\";\n  expose_php = \"Off\";\n  \"opcache.fast_shutdown\" = \"1\";\n  \"opcache.interned_strings_buffer\" = \"8\";\n  \"opcache.max_accelerated_files\" = \"10000\";\n  \"opcache.memory_consumption\" = \"128\";\n  \"opcache.revalidate_freq\" = \"1\";\n  \"openssl.cafile\" = {\n    _type = \"literalExpression\";\n    text = \"config.security.pki.caBundle\";\n  };\n  output_buffering = \"0\";\n  short_open_tag = \"Off\";\n}"}, "description": "Options for PHP's php.ini file for nextcloud.\n\nPlease note that this option is _additive_ on purpose while the\nattribute values inside the default are option defaults: that means that\n\n```nix\n{\n  services.nextcloud.phpOptions.\"opcache.interned_strings_buffer\" = \"23\";\n}\n```\n\nwill override the `php.ini` option `opcache.interned_strings_buffer` without\ndiscarding the rest of the defaults.\n\nOverriding all of `phpOptions` (including `upload_max_filesize`, `post_max_size`\nand `memory_limit` which all point to [](#opt-services.nextcloud.maxUploadSize)\nby default) can be done like this:\n\n```nix\n{\n  services.nextcloud.phpOptions = lib.mkForce {\n    /* ... */\n  };\n}\n```\n", "loc": ["services", "nextcloud", "phpOptions"], "readOnly": false, "type": "attribute set of (string or signed integer)"}, "services.nextcloud.phpPackage": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php84"}, "description": "The php package to use.", "example": {"_type": "literalExpression", "text": "php82"}, "loc": ["services", "nextcloud", "phpPackage"], "readOnly": false, "type": "package"}, "services.nextcloud.poolConfig": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Options for Nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.\n", "loc": ["services", "nextcloud", "poolConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.nextcloud.poolSettings": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = \"120\";\n  \"pm.max_requests\" = \"500\";\n  \"pm.max_spare_servers\" = \"18\";\n  \"pm.min_spare_servers\" = \"6\";\n  \"pm.start_servers\" = \"12\";\n  \"pm.status_path\" = \"/status\";\n}"}, "description": "Options for nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on\nconfiguration directives. The above are recommended for a server with 4GiB of RAM.\n\nIt's advisable to read the [section about PHPFPM tuning in the upstream manual](https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#tune-php-fpm)\nand consider customizing the values.\n", "loc": ["services", "nextcloud", "poolSettings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.nextcloud.secretFile": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same\nform as the [](#opt-services.nextcloud.settings) option), for example\n`{\"redis\":{\"password\":\"secret\"}}`.\n", "loc": ["services", "nextcloud", "secretFile"], "readOnly": false, "type": "null or string"}, "services.nextcloud.secrets": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Secret files to read into entries in `config.php`.\nThis uses `nix_read_secret` and LoadCredential to read the contents of the file into the entry in `config.php`.\n", "example": {"_type": "literalExpression", "text": "{\n  oidc_login_client_secret = \"/run/secrets/nextcloud_oidc_secret\";\n}\n"}, "loc": ["services", "nextcloud", "secrets"], "readOnly": false, "type": "attribute set of absolute path not in the Nix store"}, "services.nextcloud.settings": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options which should be appended to Nextcloud's config.php file.\n", "example": {"_type": "literalExpression", "text": "{\n  redis = {\n    host = \"/run/redis/redis.sock\";\n    port = 0;\n    dbindex = 0;\n    password = \"secret\";\n    timeout = 1.5;\n  };\n}\n"}, "loc": ["services", "nextcloud", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.nextcloud.settings.\"profile.enabled\"": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes user-profiles globally available under `nextcloud.tld/u/user.name`.\nEven though it's enabled by default in Nextcloud, it must be explicitly enabled\nhere because it has the side-effect that personal information is even accessible to\nunauthenticated users by default.\nBy default, the following properties are set to \u201cShow to everyone\u201d\nif this flag is enabled:\n- About\n- Full name\n- Headline\n- Organisation\n- Profile picture\n- Role\n- Twitter\n- Website\nOnly has an effect in Nextcloud 23 and later.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextcloud", "settings", "profile.enabled"], "readOnly": false, "type": "boolean"}, "services.nextcloud.settings.default_phone_region": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)\ncountry code which replaces automatic phone-number detection\nwithout a country code.\n\nAs an example, with `DE` set as the default phone region,\nthe `+49` prefix can be omitted for phone numbers.\n", "example": {"_type": "literalExpression", "text": "\"DE\""}, "loc": ["services", "nextcloud", "settings", "default_phone_region"], "readOnly": false, "type": "string"}, "services.nextcloud.settings.enabledPreviewProviders": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"OC\\\\Preview\\\\PNG\"\n  \"OC\\\\Preview\\\\JPEG\"\n  \"OC\\\\Preview\\\\GIF\"\n  \"OC\\\\Preview\\\\BMP\"\n  \"OC\\\\Preview\\\\XBitmap\"\n  \"OC\\\\Preview\\\\Krita\"\n  \"OC\\\\Preview\\\\WebP\"\n  \"OC\\\\Preview\\\\MarkDown\"\n  \"OC\\\\Preview\\\\TXT\"\n  \"OC\\\\Preview\\\\OpenDocument\"\n]"}, "description": "The preview providers that should be explicitly enabled.\n", "loc": ["services", "nextcloud", "settings", "enabledPreviewProviders"], "readOnly": false, "type": "list of string"}, "services.nextcloud.settings.log_type": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"syslog\""}, "description": "Logging backend to use.\nsystemd automatically adds the php-systemd extensions to services.nextcloud.phpExtraExtensions.\nSee the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.\n", "loc": ["services", "nextcloud", "settings", "log_type"], "readOnly": false, "type": "one of \"errorlog\", \"file\", \"syslog\", \"systemd\""}, "services.nextcloud.settings.loglevel": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Log level value between 0 (DEBUG) and 4 (FATAL).\n\n- 0 (debug): Log all activity.\n\n- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.\n\n- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.\n\n- 3 (error): Log failed operations and fatal errors.\n\n- 4 (fatal): Log only fatal errors that cause the server to stop.\n", "loc": ["services", "nextcloud", "settings", "loglevel"], "readOnly": false, "type": "integer between 0 and 4 (both inclusive)"}, "services.nextcloud.settings.mail_domain": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The return address that you want to appear on emails sent by the Nextcloud server, for example `nc-admin@example.com`, substituting your own domain, of course.\n", "loc": ["services", "nextcloud", "settings", "mail_domain"], "readOnly": false, "type": "null or string"}, "services.nextcloud.settings.mail_from_address": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "FROM address that overrides the built-in `sharing-noreply` and `lostpassword-noreply` FROM addresses.\nDefaults to different FROM addresses depending on the feature.\n", "loc": ["services", "nextcloud", "settings", "mail_from_address"], "readOnly": false, "type": "null or string"}, "services.nextcloud.settings.mail_send_plaintext_only": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Email will be sent by default with an HTML and a plain text body. This option allows sending only plain text emails.\n", "loc": ["services", "nextcloud", "settings", "mail_send_plaintext_only"], "readOnly": false, "type": "boolean"}, "services.nextcloud.settings.mail_sendmailmode": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"smtp\""}, "description": "For `smtp`, the sendmail binary is started with the parameter `-bs`: Use the SMTP protocol on standard input and output.\nFor `pipe`, the binary is started with the parameters `-t`: Read message from STDIN and extract recipients.\n", "loc": ["services", "nextcloud", "settings", "mail_sendmailmode"], "readOnly": false, "type": "one of \"smtp\", \"pipe\""}, "services.nextcloud.settings.mail_smtpauth": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This depends on `mail_smtpmode`. Change this to `true` if your mail server requires authentication.\n", "loc": ["services", "nextcloud", "settings", "mail_smtpauth"], "readOnly": false, "type": "boolean"}, "services.nextcloud.settings.mail_smtpdebug": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SMTP class debugging.\n`loglevel` will likely need to be adjusted too.\n[See docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/email_configuration.html#enabling-debug-mode).\n", "loc": ["services", "nextcloud", "settings", "mail_smtpdebug"], "readOnly": false, "type": "boolean"}, "services.nextcloud.settings.mail_smtphost": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "This depends on `mail_smtpmode`. Specify the IP address of your mail server host. This may contain multiple hosts separated by a semicolon. If you need to specify the port number, append it to the IP address separated by a colon, like this: `127.0.0.1:24`.\n", "loc": ["services", "nextcloud", "settings", "mail_smtphost"], "readOnly": false, "type": "string"}, "services.nextcloud.settings.mail_smtpmode": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"smtp\""}, "description": "Which mode to use for sending mail.\nIf you are using local or remote SMTP, set this to `smtp`.\nFor the `sendmail` option, you need an installed and working email system on the server, with your local `sendmail` installation.\nFor `qmail`, the binary is /var/qmail/bin/sendmail, and it must be installed on your Unix system.\nUse the string null to send no mails (disable mail delivery). This can be useful if mails should be sent via APIs and rendering messages is not necessary.\n", "loc": ["services", "nextcloud", "settings", "mail_smtpmode"], "readOnly": false, "type": "one of \"sendmail\", \"smtp\", \"qmail\", \"null\""}, "services.nextcloud.settings.mail_smtpname": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This depends on `mail_smtpauth`. Specify the username for authenticating to the SMTP server.\n", "loc": ["services", "nextcloud", "settings", "mail_smtpname"], "readOnly": false, "type": "string"}, "services.nextcloud.settings.mail_smtpport": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "This depends on `mail_smtpmode`. Specify the port for sending mail.\n", "loc": ["services", "nextcloud", "settings", "mail_smtpport"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nextcloud.settings.mail_smtpsecure": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This depends on `mail_smtpmode`. Specify `ssl` when you are using SSL/TLS. Any other value will be ignored.\nIf the server advertises STARTTLS capabilities, they might be used, but they cannot be enforced by this config option.\n", "loc": ["services", "nextcloud", "settings", "mail_smtpsecure"], "readOnly": false, "type": "one of \"\", \"ssl\""}, "services.nextcloud.settings.mail_smtpstreamoptions": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This depends on `mail_smtpmode`. Array of additional streams options that will be passed to underlying Swift mailer implementation.\n", "loc": ["services", "nextcloud", "settings", "mail_smtpstreamoptions"], "readOnly": false, "type": "attribute set of attribute set of anything"}, "services.nextcloud.settings.mail_smtptimeout": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "This depends on `mail_smtpmode`. This sets the SMTP server timeout, in seconds. You may need to increase this if you are running an anti-malware or spam scanner.\n", "loc": ["services", "nextcloud", "settings", "mail_smtptimeout"], "readOnly": false, "type": "signed integer"}, "services.nextcloud.settings.mail_template_class": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"\\\\OC\\\\Mail\\\\EMailTemplate\""}, "description": "Replaces the default mail template layout. This can be utilized if the options to modify the mail texts with the theming app are not enough.\nThe class must extend `\\OC\\Mail\\EMailTemplate`\n", "loc": ["services", "nextcloud", "settings", "mail_template_class"], "readOnly": false, "type": "string"}, "services.nextcloud.settings.overwriteprotocol": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.\nNextcloud uses the currently used protocol by default, but when\nbehind a reverse-proxy, it may use `http` for everything although\nNextcloud may be served via HTTPS.\n", "example": {"_type": "literalExpression", "text": "\"https\""}, "loc": ["services", "nextcloud", "settings", "overwriteprotocol"], "readOnly": false, "type": "one of \"\", \"http\", \"https\""}, "services.nextcloud.settings.skeletondirectory": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The directory where the skeleton files are located. These files will be\ncopied to the data directory of new users. Leave empty to not copy any\nskeleton files.\n", "loc": ["services", "nextcloud", "settings", "skeletondirectory"], "readOnly": false, "type": "string"}, "services.nextcloud.settings.trusted_domains": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Trusted domains, from which the nextcloud installation will be\naccessible. You don't need to add\n`services.nextcloud.hostname` here.\n", "loc": ["services", "nextcloud", "settings", "trusted_domains"], "readOnly": false, "type": "list of string"}, "services.nextcloud.settings.trusted_proxies": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Trusted proxies, to provide if the nextcloud installation is being\nproxied to secure against e.g. spoofing.\n", "loc": ["services", "nextcloud", "settings", "trusted_proxies"], "readOnly": false, "type": "list of string"}, "services.nextcloud.webfinger": {"declarations": ["nixos/modules/services/web-apps/nextcloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable this option if you plan on using the webfinger plugin.\nThe appropriate nginx rewrite rules will be added to your configuration.\n", "loc": ["services", "nextcloud", "webfinger"], "readOnly": false, "type": "boolean"}, "services.nextdns.arguments": {"declarations": ["nixos/modules/services/networking/nextdns.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments to be passed to nextdns run.", "example": {"_type": "literalExpression", "text": "[\n  \"-config\"\n  \"10.0.3.0/24=abcdef\"\n]"}, "loc": ["services", "nextdns", "arguments"], "readOnly": false, "type": "list of string"}, "services.nextdns.enable": {"declarations": ["nixos/modules/services/networking/nextdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the NextDNS DNS/53 to DoH Proxy service.", "loc": ["services", "nextdns", "enable"], "readOnly": false, "type": "boolean"}, "services.nextjs-ollama-llm-ui.enable": {"declarations": ["nixos/modules/services/web-apps/nextjs-ollama-llm-ui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Simple Ollama web UI service; an easy to use web frontend for a Ollama backend service.\nRun state-of-the-art AI large language models (LLM) similar to ChatGPT locally with privacy\non your personal computer.\nThis service is stateless and doesn't store any data on the server; all data is kept\nlocally in your web browser.\nSee <https://github.com/jakobhoeg/nextjs-ollama-llm-ui>.\n\nRequired: You need the Ollama backend service running by having\n\"services.nextjs-ollama-llm-ui.ollamaUrl\" point to the correct url.\nYou can host such a backend service with NixOS through \"services.ollama\".\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nextjs-ollama-llm-ui", "enable"], "readOnly": false, "type": "boolean"}, "services.nextjs-ollama-llm-ui.hostname": {"declarations": ["nixos/modules/services/web-apps/nextjs-ollama-llm-ui.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The hostname under which the Ollama UI interface should be accessible.\nBy default it uses localhost/127.0.0.1 to be accessible only from the local machine.\nChange to \"0.0.0.0\" to make it directly accessible from the local network.\n\nNote: You should keep it at 127.0.0.1 and only serve to the local\nnetwork or internet from a (home) server behind a reverse-proxy and secured encryption.\nSee <https://wiki.nixos.org/wiki/Nginx> for instructions on how to set up a reverse-proxy.\n", "example": {"_type": "literalExpression", "text": "\"ui.example.org\""}, "loc": ["services", "nextjs-ollama-llm-ui", "hostname"], "readOnly": false, "type": "string"}, "services.nextjs-ollama-llm-ui.ollamaUrl": {"declarations": ["nixos/modules/services/web-apps/nextjs-ollama-llm-ui.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:11434\""}, "description": "The address (including host and port) under which we can access the Ollama backend server.\n!Note that if the the UI service is running under a domain \"https://ui.example.org\",\nthe Ollama backend service must allow \"CORS\" requests from this domain, e.g. by adding\n\"services.ollama.environment.OLLAMA_ORIGINS = [ ... \"https://ui.example.org\" ];\"!\n", "example": {"_type": "literalExpression", "text": "\"https://ollama.example.org\""}, "loc": ["services", "nextjs-ollama-llm-ui", "ollamaUrl"], "readOnly": false, "type": "string"}, "services.nextjs-ollama-llm-ui.package": {"declarations": ["nixos/modules/services/web-apps/nextjs-ollama-llm-ui.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nextjs-ollama-llm-ui"}, "description": "The nextjs-ollama-llm-ui package to use.", "loc": ["services", "nextjs-ollama-llm-ui", "package"], "readOnly": false, "type": "package"}, "services.nextjs-ollama-llm-ui.port": {"declarations": ["nixos/modules/services/web-apps/nextjs-ollama-llm-ui.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port under which the Ollama UI interface should be accessible.\n", "example": {"_type": "literalExpression", "text": "3000"}, "loc": ["services", "nextjs-ollama-llm-ui", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nexus.enable": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sonatype Nexus3 OSS service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nexus", "enable"], "readOnly": false, "type": "boolean"}, "services.nexus.group": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "\"nexus\""}, "description": "Group which runs Nexus3.", "loc": ["services", "nexus", "group"], "readOnly": false, "type": "string"}, "services.nexus.home": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sonatype-work\""}, "description": "Home directory of the Nexus3 instance.", "loc": ["services", "nexus", "home"], "readOnly": false, "type": "string"}, "services.nexus.jdkPackage": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openjdk8"}, "description": "The openjdk8 package to use.", "loc": ["services", "nexus", "jdkPackage"], "readOnly": false, "type": "package"}, "services.nexus.jvmOpts": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "''\n  -Xms1200M\n  -Xmx1200M\n  -XX:MaxDirectMemorySize=2G\n  -XX:+UnlockDiagnosticVMOptions\n  -XX:+UnsyncloadClass\n  -XX:+LogVMOutput\n  -XX:LogFile=${home}/nexus3/log/jvm.log\n  -XX:-OmitStackTraceInFastThrow\n  -Djava.net.preferIPv4Stack=true\n  -Dkaraf.home=${package}\n  -Dkaraf.base=${package}\n  -Dkaraf.etc=${package}/etc/karaf\n  -Djava.util.logging.config.file=${package}/etc/karaf/java.util.logging.properties\n  -Dkaraf.data=${home}/nexus3\n  -Djava.io.tmpdir=${home}/nexus3/tmp\n  -Dkaraf.startLocalConsole=false\n  -Djava.endorsed.dirs=${package}/lib/endorsed\n''\n"}, "description": "Options for the JVM written to `nexus.jvmopts`.\nPlease refer to the docs (https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment)\nfor further information.\n", "loc": ["services", "nexus", "jvmOpts"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nexus.listenAddress": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on.", "loc": ["services", "nexus", "listenAddress"], "readOnly": false, "type": "string"}, "services.nexus.listenPort": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Port to listen on.", "loc": ["services", "nexus", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nexus.package": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nexus"}, "description": "The nexus package to use.", "loc": ["services", "nexus", "package"], "readOnly": false, "type": "package"}, "services.nexus.user": {"declarations": ["nixos/modules/services/web-apps/nexus.nix"], "default": {"_type": "literalExpression", "text": "\"nexus\""}, "description": "User which runs Nexus3.", "loc": ["services", "nexus", "user"], "readOnly": false, "type": "string"}, "services.nezha-agent.clientSecretFile": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file contained the client_secret of the dashboard.\n", "loc": ["services", "nezha-agent", "clientSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.nezha-agent.debug": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable verbose log.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nezha-agent", "debug"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.enable": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Agent of Nezha Monitoring.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nezha-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.genUuid": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate uuid from fqdn automatically.\nPlease note that changes in hostname/domain will result in different uuid.\n", "loc": ["services", "nezha-agent", "genUuid"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.package": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nezha-agent"}, "description": "The nezha-agent package to use.", "loc": ["services", "nezha-agent", "package"], "readOnly": false, "type": "package"}, "services.nezha-agent.settings": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "description": "Generate to {file}`config.json` as a Nix attribute set.\nCheck the [guide](https://nezha.wiki/en_US/guide/agent.html)\nfor possible options.\n", "loc": ["services", "nezha-agent", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.nezha-agent.settings.disable_command_execute": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disable executing the command from dashboard.\n", "loc": ["services", "nezha-agent", "settings", "disable_command_execute"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.disable_nat": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable NAT penetration.\n", "loc": ["services", "nezha-agent", "settings", "disable_nat"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.disable_send_query": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable sending TCP/ICMP/HTTP requests.\n", "loc": ["services", "nezha-agent", "settings", "disable_send_query"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.gpu": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable GPU monitoring.\n", "loc": ["services", "nezha-agent", "settings", "gpu"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.report_delay": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "The interval between system status reportings.\nThe value must be an integer from 1 to 4.\n", "loc": ["services", "nezha-agent", "settings", "report_delay"], "readOnly": false, "type": "integer between 1 and 4 (both inclusive)"}, "services.nezha-agent.settings.server": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "description": "Address to the dashboard.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8008\""}, "loc": ["services", "nezha-agent", "settings", "server"], "readOnly": false, "type": "string"}, "services.nezha-agent.settings.skip_connection_count": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not monitor the number of connections.\n", "loc": ["services", "nezha-agent", "settings", "skip_connection_count"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.skip_procs_count": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not monitor the number of processes.\n", "loc": ["services", "nezha-agent", "settings", "skip_procs_count"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.temperature": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable temperature monitoring.\n", "loc": ["services", "nezha-agent", "settings", "temperature"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.tls": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL/TLS encryption.\n", "loc": ["services", "nezha-agent", "settings", "tls"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.use_ipv6_country_code": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use ipv6 countrycode to report location.\n", "loc": ["services", "nezha-agent", "settings", "use_ipv6_country_code"], "readOnly": false, "type": "boolean"}, "services.nezha-agent.settings.uuid": {"declarations": ["nixos/modules/services/monitoring/nezha-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Must be set to a unique identifier, preferably a UUID according to\nRFC 4122. UUIDs can be generated with `uuidgen` command, found in\nthe `util-linux` package.\n\nSet {option}`services.nezha-agent.genUuid` to true to generate uuid\nfrom {option}`networking.fqdn` automatically.\n", "example": {"_type": "literalExpression", "text": "\"6ba7b810-9dad-11d1-80b4-00c04fd430c8\""}, "loc": ["services", "nezha-agent", "settings", "uuid"], "readOnly": false, "type": "null or string"}, "services.nfs.extraConfig": {"declarations": ["nixos/modules/tasks/filesystems/nfs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra nfs-utils configuration.\n", "loc": ["services", "nfs", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nfs.idmapd.settings": {"declarations": ["nixos/modules/tasks/filesystems/nfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "libnfsidmap configuration. Refer to\n<https://linux.die.net/man/5/idmapd.conf>\nfor details.\n", "example": {"_type": "literalExpression", "text": "{\n  Translation = {\n    GSS-Methods = \"static,nsswitch\";\n  };\n  Static = {\n    \"root/hostname.domain.com@REALM.COM\" = \"root\";\n  };\n}\n"}, "loc": ["services", "nfs", "idmapd", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.nfs.server.createMountPoints": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create the mount points in the exports file at startup time.", "loc": ["services", "nfs", "server", "createMountPoints"], "readOnly": false, "type": "boolean"}, "services.nfs.server.enable": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the kernel's NFS server.\n", "loc": ["services", "nfs", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.nfs.server.exports": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the /etc/exports file.  See\n{manpage}`exports(5)` for the format.\n", "loc": ["services", "nfs", "server", "exports"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nfs.server.extraNfsdConfig": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options for the [nfsd] section of /etc/nfs.conf.\n", "loc": ["services", "nfs", "server", "extraNfsdConfig"], "readOnly": false, "type": "string"}, "services.nfs.server.hostName": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname or address on which NFS requests will be accepted.\nDefault is all.  See the {option}`-H` option in\n{manpage}`nfsd(8)`.\n", "loc": ["services", "nfs", "server", "hostName"], "readOnly": false, "type": "null or string"}, "services.nfs.server.lockdPort": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use a fixed port for the NFS lock manager kernel module\n(`lockd/nlockmgr`).  This is useful if the\nNFS server is behind a firewall.\n", "example": {"_type": "literalExpression", "text": "4001"}, "loc": ["services", "nfs", "server", "lockdPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nfs.server.mountdPort": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use fixed port for rpc.mountd, useful if server is behind firewall.\n", "example": {"_type": "literalExpression", "text": "4002"}, "loc": ["services", "nfs", "server", "mountdPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nfs.server.nproc": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Number of NFS server threads.  Defaults to the recommended value of 8.\n", "loc": ["services", "nfs", "server", "nproc"], "readOnly": false, "type": "signed integer"}, "services.nfs.server.statdPort": {"declarations": ["nixos/modules/services/network-filesystems/nfsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use a fixed port for {command}`rpc.statd`. This is\nuseful if the NFS server is behind a firewall.\n", "example": {"_type": "literalExpression", "text": "4000"}, "loc": ["services", "nfs", "server", "statdPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nfs.settings": {"declarations": ["nixos/modules/tasks/filesystems/nfs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "General configuration for NFS daemons and tools.\nSee {manpage}`nfs.conf(5)` and related man pages for details.\n", "example": {"_type": "literalExpression", "text": "{\n  mountd.manage-gids = true;\n}\n"}, "loc": ["services", "nfs", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.nginx.additionalModules": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/)\nto install. Packaged modules are available in `pkgs.nginxModules`.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.nginxModules.echo ]"}, "loc": ["services", "nginx", "additionalModules"], "readOnly": false, "type": "list of attribute set of anything"}, "services.nginx.appendConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines appended to the generated Nginx\nconfiguration file. Commonly used by different modules\nproviding http snippets. {option}`appendConfig`\ncan be specified more than once and its value will be\nconcatenated (contrary to {option}`config` which\ncan be set only once).\n", "loc": ["services", "nginx", "appendConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.appendHttpConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines to be appended to the generated http block.\nThis is mutually exclusive with using config and httpConfig for\nspecifying the whole http block verbatim.\n", "loc": ["services", "nginx", "appendHttpConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.clientMaxBodySize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"10m\""}, "description": "Set nginx global client_max_body_size.", "loc": ["services", "nginx", "clientMaxBodySize"], "readOnly": false, "type": "string"}, "services.nginx.commonHttpConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "With nginx you must provide common http context definitions before\nthey are used, e.g. log_format, resolver, etc. inside of server\nor location contexts. Use this attribute to set these definitions\nat the appropriate location.\n", "example": {"_type": "literalExpression", "text": "''\n  resolver 127.0.0.1 valid=5s;\n  \n  log_format myformat '$remote_addr - $remote_user [$time_local] '\n                      '\"$request\" $status $body_bytes_sent '\n                      '\"$http_referer\" \"$http_user_agent\"';\n''"}, "loc": ["services", "nginx", "commonHttpConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.config": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim {file}`nginx.conf` configuration.\nThis is mutually exclusive to any other config option for\n{file}`nginx.conf` except for\n- [](#opt-services.nginx.appendConfig)\n- [](#opt-services.nginx.httpConfig)\n- [](#opt-services.nginx.logError)\n\nIf additional verbatim config in addition to other options is needed,\n[](#opt-services.nginx.appendConfig) should be used instead.\n", "loc": ["services", "nginx", "config"], "readOnly": false, "type": "string"}, "services.nginx.defaultHTTPListenPort": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "If vhosts do not specify listen.port, use these ports for HTTP by default.\n", "example": {"_type": "literalExpression", "text": "8080"}, "loc": ["services", "nginx", "defaultHTTPListenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nginx.defaultListen": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If vhosts do not specify listen, use these addresses by default.\nThis option takes precedence over {option}`defaultListenAddresses` and\nother listen-related defaults options.\n", "example": {"_type": "literalExpression", "text": "[\n  { addr = \"10.0.0.12\"; proxyProtocol = true; ssl = true; }\n  { addr = \"0.0.0.0\"; }\n  { addr = \"[::0]\"; }\n]\n"}, "loc": ["services", "nginx", "defaultListen"], "readOnly": false, "type": "list of (submodule)"}, "services.nginx.defaultListen.*.addr": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "description": "IP address.", "loc": ["services", "nginx", "defaultListen", "*", "addr"], "readOnly": false, "type": "string"}, "services.nginx.defaultListen.*.extraParameters": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "nginx", "defaultListen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.nginx.defaultListen.*.port": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number.", "loc": ["services", "nginx", "defaultListen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nginx.defaultListen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "nginx", "defaultListen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.nginx.defaultListen.*.ssl": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable SSL.", "loc": ["services", "nginx", "defaultListen", "*", "ssl"], "readOnly": false, "type": "null or boolean"}, "services.nginx.defaultListenAddresses": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ \"0.0.0.0\" ] ++ lib.optional config.networking.enableIPv6 \"[::0]\""}, "description": "If vhosts do not specify listenAddresses, use these addresses by default.\nThis is akin to writing `defaultListen = [ { addr = \"0.0.0.0\" } ]`.\n", "example": {"_type": "literalExpression", "text": "[ \"10.0.0.12\" \"[2002:a00:1::]\" ]"}, "loc": ["services", "nginx", "defaultListenAddresses"], "readOnly": false, "type": "list of string"}, "services.nginx.defaultMimeTypes": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "$''{pkgs.mailcap}/etc/nginx/mime.types"}, "description": "Default MIME types for NGINX, as MIME types definitions from NGINX are very incomplete,\nwe use by default the ones bundled in the mailcap package, used by most of the other\nLinux distributions.\n", "example": {"_type": "literalExpression", "text": "$''{pkgs.nginx}/conf/mime.types"}, "loc": ["services", "nginx", "defaultMimeTypes"], "readOnly": false, "type": "absolute path"}, "services.nginx.defaultSSLListenPort": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "If vhosts do not specify listen.port, use these ports for SSL by default.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "nginx", "defaultSSLListenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nginx.enable": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nginx Web Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.nginx.enableQuicBPF": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables routing of QUIC packets using eBPF. When enabled, this allows\nto support QUIC connection migration. The directive is only supported\non Linux 5.7+.\nNote that enabling this option will make nginx run with extended\ncapabilities that are usually limited to processes running as root\nnamely `CAP_SYS_ADMIN` and `CAP_NET_ADMIN`.\n", "loc": ["services", "nginx", "enableQuicBPF"], "readOnly": false, "type": "boolean"}, "services.nginx.enableReload": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reload nginx when configuration file changes (instead of restart).\nThe configuration file is exposed at {file}`/etc/nginx/nginx.conf`.\nSee also `systemd.services.*.restartIfChanged`.\n", "loc": ["services", "nginx", "enableReload"], "readOnly": false, "type": "boolean"}, "services.nginx.eventsConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines to be set inside the events block.\n", "loc": ["services", "nginx", "eventsConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.experimentalZstdSettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable alpha quality zstd module with recommended settings.\nLearn more about compression in Zstd format [here](https://github.com/tokers/zstd-nginx-module).\n\nThis adds `pkgs.nginxModules.zstd` to `services.nginx.additionalModules`.\n", "loc": ["services", "nginx", "experimentalZstdSettings"], "readOnly": false, "type": "boolean"}, "services.nginx.gitweb.enable": {"declarations": ["nixos/modules/services/web-servers/nginx/gitweb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, enable gitweb in nginx.\n", "loc": ["services", "nginx", "gitweb", "enable"], "readOnly": false, "type": "boolean"}, "services.nginx.gitweb.group": {"declarations": ["nixos/modules/services/web-servers/nginx/gitweb.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Group that the CGI process will belong to. (Set to `config.services.gitolite.group` if you are using gitolite.)\n", "loc": ["services", "nginx", "gitweb", "group"], "readOnly": false, "type": "string"}, "services.nginx.gitweb.location": {"declarations": ["nixos/modules/services/web-servers/nginx/gitweb.nix"], "default": {"_type": "literalExpression", "text": "\"/gitweb\""}, "description": "Location to serve gitweb on.\n", "loc": ["services", "nginx", "gitweb", "location"], "readOnly": false, "type": "string"}, "services.nginx.gitweb.user": {"declarations": ["nixos/modules/services/web-servers/nginx/gitweb.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Existing user that the CGI process will belong to. (Default almost surely will do.)\n", "loc": ["services", "nginx", "gitweb", "user"], "readOnly": false, "type": "string"}, "services.nginx.gitweb.virtualHost": {"declarations": ["nixos/modules/services/web-servers/nginx/gitweb.nix"], "default": {"_type": "literalExpression", "text": "\"_\""}, "description": "VirtualHost to serve gitweb on. Default is catch-all.\n", "loc": ["services", "nginx", "gitweb", "virtualHost"], "readOnly": false, "type": "string"}, "services.nginx.group": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Group account under which nginx runs.", "loc": ["services", "nginx", "group"], "readOnly": false, "type": "string"}, "services.nginx.httpConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines to be set inside the http block.\nThis is mutually exclusive with the structured configuration\nvia virtualHosts and the recommendedXyzSettings configuration\noptions. See appendHttpConfig for appending to the generated http block.\n", "loc": ["services", "nginx", "httpConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.logError": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"stderr\""}, "description": "Configures logging.\nThe first parameter defines a file that will store the log. The\nspecial value stderr selects the standard error file. Logging to\nsyslog can be configured by specifying the \u201csyslog:\u201d prefix.\nThe second parameter determines the level of logging, and can be\none of the following: debug, info, notice, warn, error, crit,\nalert, or emerg. Log levels above are listed in the order of\nincreasing severity. Setting a certain log level will cause all\nmessages of the specified and more severe log levels to be logged.\nIf this parameter is omitted then error is used.\n", "loc": ["services", "nginx", "logError"], "readOnly": false, "type": "string"}, "services.nginx.mapHashBucketSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the bucket size for the map variables hash tables. Default\nvalue depends on the processor\u2019s cache line size.\n\nRefer to [the nginx docs on hashes](https://nginx.org/en/docs/hash.html)\nfor more information.\n", "loc": ["services", "nginx", "mapHashBucketSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.nginx.mapHashMaxSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the maximum size of the map variables hash tables.\n", "loc": ["services", "nginx", "mapHashMaxSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.nginx.package": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nginxStable"}, "description": "Nginx package to use. This defaults to the stable version. Note\nthat the nginx team recommends to use the mainline version which\navailable in nixpkgs as `nginxMainline`.\nSupported Nginx forks include `angie`, `openresty` and `tengine`.\n", "loc": ["services", "nginx", "package"], "readOnly": false, "type": "package"}, "services.nginx.preStart": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed before the service's nginx is started.\n", "loc": ["services", "nginx", "preStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.prependConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines prepended to the generated Nginx\nconfiguration file. Can for example be used to load modules.\n{option}`prependConfig` can be specified more than once\nand its value will be concatenated (contrary to {option}`config`\nwhich can be set only once).\n", "loc": ["services", "nginx", "prependConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.proxyCachePath": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configure a proxy cache path entry.\nSee <https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path> for documentation.\n", "loc": ["services", "nginx", "proxyCachePath"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nginx.proxyCachePath.<name>.enable": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable this proxy cache path entry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.nginx.proxyCachePath.<name>.inactive": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"10m\""}, "description": "Cached data that has not been accessed for the time specified by\nthe inactive parameter is removed from the cache, regardless of\nits freshness.\n", "example": {"_type": "literalExpression", "text": "\"1d\""}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "inactive"], "readOnly": false, "type": "string"}, "services.nginx.proxyCachePath.<name>.keysZoneName": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"cache\""}, "description": "Set name to shared memory zone.", "example": {"_type": "literalExpression", "text": "\"my_cache\""}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "keysZoneName"], "readOnly": false, "type": "string"}, "services.nginx.proxyCachePath.<name>.keysZoneSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"10m\""}, "description": "Set size to shared memory zone.", "example": {"_type": "literalExpression", "text": "\"32m\""}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "keysZoneSize"], "readOnly": false, "type": "string"}, "services.nginx.proxyCachePath.<name>.levels": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"1:2\""}, "description": "The levels parameter defines structure of subdirectories in cache: from\n1 to 3, each level accepts values 1 or 2. Can be used any combination of\n1 and 2 in these formats: x, x:x and x:x:x.\n", "example": {"_type": "literalExpression", "text": "\"1:2:2\""}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "levels"], "readOnly": false, "type": "string"}, "services.nginx.proxyCachePath.<name>.maxSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"1g\""}, "description": "Set maximum cache size", "example": {"_type": "literalExpression", "text": "\"2048m\""}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "maxSize"], "readOnly": false, "type": "string"}, "services.nginx.proxyCachePath.<name>.useTempPath": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Nginx first writes files that are destined for the cache to a temporary\nstorage area, and the use_temp_path=off directive instructs Nginx to\nwrite them to the same directories where they will be cached. Recommended\nthat you set this parameter to off to avoid unnecessary copying of data\nbetween file systems.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "proxyCachePath", "<name>", "useTempPath"], "readOnly": false, "type": "boolean"}, "services.nginx.proxyResolveWhileRunning": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Resolves domains of proxyPass targets at runtime and not only at startup.\nThis can be used as a workaround if nginx fails to start because of not-yet-working DNS.\n\n:::{.warn}\n`services.nginx.resolver` must be set for this option to work.\n:::\n", "loc": ["services", "nginx", "proxyResolveWhileRunning"], "readOnly": false, "type": "boolean"}, "services.nginx.proxyTimeout": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"60s\""}, "description": "Change the proxy related timeouts in recommendedProxySettings.\n", "example": {"_type": "literalExpression", "text": "\"20s\""}, "loc": ["services", "nginx", "proxyTimeout"], "readOnly": false, "type": "string"}, "services.nginx.recommendedBrotliSettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable recommended brotli settings.\nLearn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/).\n\nThis adds `pkgs.nginxModules.brotli` to `services.nginx.additionalModules`.\n", "loc": ["services", "nginx", "recommendedBrotliSettings"], "readOnly": false, "type": "boolean"}, "services.nginx.recommendedGzipSettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable recommended gzip settings.\nLearn more about compression in Gzip format [here](https://docs.nginx.com/nginx/admin-guide/web-server/compression/).\n", "loc": ["services", "nginx", "recommendedGzipSettings"], "readOnly": false, "type": "boolean"}, "services.nginx.recommendedOptimisation": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable recommended optimisation settings.\n", "loc": ["services", "nginx", "recommendedOptimisation"], "readOnly": false, "type": "boolean"}, "services.nginx.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable recommended proxy settings if a vhost does not specify the option manually.\n", "loc": ["services", "nginx", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.nginx.recommendedTlsSettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable recommended TLS settings.\n", "loc": ["services", "nginx", "recommendedTlsSettings"], "readOnly": false, "type": "boolean"}, "services.nginx.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.\n", "loc": ["services", "nginx", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.nginx.resolver": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configures name servers used to resolve names of upstream servers into addresses\n", "loc": ["services", "nginx", "resolver"], "readOnly": false, "type": "submodule"}, "services.nginx.resolver.addresses": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of resolvers to use", "example": {"_type": "literalExpression", "text": "[ \"[::1]\" \"127.0.0.1:5353\" ]"}, "loc": ["services", "nginx", "resolver", "addresses"], "readOnly": false, "type": "list of string"}, "services.nginx.resolver.ipv4": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving.\nIf looking up of IPv4 addresses is not desired, the ipv4=off parameter can be\nspecified.\n", "loc": ["services", "nginx", "resolver", "ipv4"], "readOnly": false, "type": "boolean"}, "services.nginx.resolver.ipv6": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "config.networking.enableIPv6"}, "description": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving.\nIf looking up of IPv6 addresses is not desired, the ipv6=off parameter can be\nspecified.\n", "loc": ["services", "nginx", "resolver", "ipv6"], "readOnly": false, "type": "boolean"}, "services.nginx.resolver.valid": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "By default, nginx caches answers using the TTL value of a response.\nAn optional valid parameter allows overriding it\n", "example": {"_type": "literalExpression", "text": "\"30s\""}, "loc": ["services", "nginx", "resolver", "valid"], "readOnly": false, "type": "string"}, "services.nginx.serverNamesHashBucketSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the bucket size for the server names hash tables. Default\nvalue depends on the processor\u2019s cache line size.\n", "loc": ["services", "nginx", "serverNamesHashBucketSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.nginx.serverNamesHashMaxSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the maximum size of the server names hash tables.\n", "loc": ["services", "nginx", "serverNamesHashMaxSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.nginx.serverTokens": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Show nginx version in headers and error pages.", "loc": ["services", "nginx", "serverTokens"], "readOnly": false, "type": "boolean"}, "services.nginx.sslCiphers": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305\""}, "description": "Ciphers to choose from when negotiating TLS handshakes.", "loc": ["services", "nginx", "sslCiphers"], "readOnly": false, "type": "null or string"}, "services.nginx.sslDhparam": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to DH parameters file.", "example": {"_type": "literalExpression", "text": "\"/path/to/dhparams.pem\""}, "loc": ["services", "nginx", "sslDhparam"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.sslProtocols": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"TLSv1.2 TLSv1.3\""}, "description": "Allowed TLS protocol versions.", "example": {"_type": "literalExpression", "text": "\"TLSv1 TLSv1.1 TLSv1.2 TLSv1.3\""}, "loc": ["services", "nginx", "sslProtocols"], "readOnly": false, "type": "string"}, "services.nginx.sso.configuration": {"declarations": ["nixos/modules/services/security/nginx-sso.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "nginx-sso configuration\n([documentation](https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration))\nas a Nix attribute set.\n\nOptions containing secret data should be set to an attribute set\nwith the singleton attribute `_secret` - a string value set to the path\nto the file containing the secret value which should be used in the\nconfiguration.\n", "example": {"_type": "literalExpression", "text": "{\n  listen = { addr = \"127.0.0.1\"; port = 8080; };\n\n  providers.token.tokens = {\n    myuser = {\n      _secret = \"/path/to/secret/token.txt\"; # File content should be the secret token\n    };\n  };\n\n  acl = {\n    rule_sets = [\n      {\n        rules = [ { field = \"x-application\"; equals = \"MyApp\"; } ];\n        allow = [ \"myuser\" ];\n      }\n    ];\n  };\n}\n"}, "loc": ["services", "nginx", "sso", "configuration"], "readOnly": false, "type": "YAML 1.1 value"}, "services.nginx.sso.enable": {"declarations": ["nixos/modules/services/security/nginx-sso.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx-sso service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "sso", "enable"], "readOnly": false, "type": "boolean"}, "services.nginx.sso.package": {"declarations": ["nixos/modules/services/security/nginx-sso.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nginx-sso"}, "description": "The nginx-sso package to use.", "loc": ["services", "nginx", "sso", "package"], "readOnly": false, "type": "package"}, "services.nginx.statusPage": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable status page reachable from localhost on http://127.0.0.1/nginx_status.\n", "loc": ["services", "nginx", "statusPage"], "readOnly": false, "type": "boolean"}, "services.nginx.streamConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines to be set inside the stream block.\n", "example": {"_type": "literalExpression", "text": "''\n  server {\n    listen 127.0.0.1:53 udp reuseport;\n    proxy_timeout 20s;\n    proxy_pass 192.168.0.1:53535;\n  }\n''"}, "loc": ["services", "nginx", "streamConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.tailscaleAuth.enable": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tailscale.nginx-auth, to authenticate nginx users via tailscale.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "tailscaleAuth", "enable"], "readOnly": false, "type": "boolean"}, "services.nginx.tailscaleAuth.expectedTailnet": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If you want to prevent node sharing from allowing users to access services\nacross tailnets, declare your expected tailnets domain here.\n", "example": {"_type": "literalExpression", "text": "\"tailnet012345.ts.net\""}, "loc": ["services", "nginx", "tailscaleAuth", "expectedTailnet"], "readOnly": false, "type": "null or string"}, "services.nginx.tailscaleAuth.group": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "description": "Alias of {option}`services.tailscaleAuth.group`.", "loc": ["services", "nginx", "tailscaleAuth", "group"], "readOnly": false, "type": "string"}, "services.nginx.tailscaleAuth.package": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "description": "Alias of {option}`services.tailscaleAuth.package`.", "loc": ["services", "nginx", "tailscaleAuth", "package"], "readOnly": false, "type": "package"}, "services.nginx.tailscaleAuth.socketPath": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "description": "Alias of {option}`services.tailscaleAuth.socketPath`.", "loc": ["services", "nginx", "tailscaleAuth", "socketPath"], "readOnly": false, "type": "absolute path"}, "services.nginx.tailscaleAuth.user": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "description": "Alias of {option}`services.tailscaleAuth.user`.", "loc": ["services", "nginx", "tailscaleAuth", "user"], "readOnly": false, "type": "string"}, "services.nginx.tailscaleAuth.virtualHosts": {"declarations": ["nixos/modules/services/web-servers/nginx/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of nginx virtual hosts to put behind tailscale.nginx-auth\n", "loc": ["services", "nginx", "tailscaleAuth", "virtualHosts"], "readOnly": false, "type": "list of string"}, "services.nginx.typesHashMaxSize": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "if config.services.nginx.defaultMimeTypes == \"${pkgs.mailcap}/etc/nginx/mime.types\" then 2688 else 1024"}, "description": "Sets the maximum size of the types hash tables (`types_hash_max_size`).\nIt is recommended that the minimum size possible size is used.\nIf {option}`recommendedOptimisation` is disabled, nginx would otherwise\nfail to start since the mailmap `mime.types` database has more entries\nthan the nginx default value 1024.\n", "loc": ["services", "nginx", "typesHashMaxSize"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.nginx.upstreams": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines a group of servers to use as proxy target.\n", "example": {"_type": "literalExpression", "text": "{\n  backend = {\n    extraConfig = ''\n      keepalive 16;\n    '';\n    servers = {\n      \"backend1.example.com:8080\" = {\n        weight = 5;\n      };\n      \"backend2.example.com\" = {\n        fail_timeout = \"30s\";\n        max_fails = 3;\n      };\n      \"backend3.example.com\" = { };\n      \"backup1.example.com\" = {\n        backup = true;\n      };\n      \"backup2.example.com\" = {\n        backup = true;\n      };\n    };\n  };\n  memcached = {\n    servers = {\n      \"unix:/run/memcached/memcached.sock\" = { };\n    };\n  };\n}"}, "loc": ["services", "nginx", "upstreams"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nginx.upstreams.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the upstream verbatim.\n", "loc": ["services", "nginx", "upstreams", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.upstreams.<name>.servers": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines the address and other parameters of the upstream servers.\nSee [the documentation](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server)\nfor the available parameters.\n", "example": {"_type": "literalMD", "text": "see [](#opt-services.nginx.upstreams)"}, "loc": ["services", "nginx", "upstreams", "<name>", "servers"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (boolean or signed integer or string))"}, "services.nginx.upstreams.<name>.servers.<name>.backup": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Marks the server as a backup server. It will be passed\nrequests when the primary servers are unavailable.\n", "loc": ["services", "nginx", "upstreams", "<name>", "servers", "<name>", "backup"], "readOnly": false, "type": "boolean"}, "services.nginx.user": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "User account under which nginx runs.", "loc": ["services", "nginx", "user"], "readOnly": false, "type": "string"}, "services.nginx.uwsgiResolveWhileRunning": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Resolves domains of uwsgi targets at runtime\nand not only at start, you have to set\nservices.nginx.resolver, too.\n", "loc": ["services", "nginx", "uwsgiResolveWhileRunning"], "readOnly": false, "type": "boolean"}, "services.nginx.uwsgiTimeout": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"60s\""}, "description": "Change the uwsgi related timeouts in recommendedUwsgiSettings.\n", "example": {"_type": "literalExpression", "text": "\"20s\""}, "loc": ["services", "nginx", "uwsgiTimeout"], "readOnly": false, "type": "string"}, "services.nginx.validateConfigFile": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable validating configuration with pkgs.writeNginxConfig.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "validateConfigFile"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  localhost = { };\n}"}, "description": "Declarative vhost config", "example": {"_type": "literalExpression", "text": "{\n  \"hydra.example.com\" = {\n    forceSSL = true;\n    enableACME = true;\n    locations.\"/\" = {\n      proxyPass = \"http://localhost:3000\";\n    };\n  };\n};\n"}, "loc": ["services", "nginx", "virtualHosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nginx.virtualHosts.<name>.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.acmeRoot": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.addSSL": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "addSSL"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.nginx.virtualHosts.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.virtualHosts.<name>.default": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "default"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.enableACME": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "enableACME"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.virtualHosts.<name>.forceSSL": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.globalRedirect": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.http2": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "http2"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.http3": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "http3"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.http3_hq": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.kTLS": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "kTLS"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.listen": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.nginx.virtualHosts.<name>.listen.*.addr": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "description": "Listen address.", "loc": ["services", "nginx", "virtualHosts", "<name>", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.nginx.virtualHosts.<name>.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.nginx.virtualHosts.<name>.listen.*.port": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nginx.virtualHosts.<name>.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "nginx", "virtualHosts", "<name>", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.listen.*.ssl": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "nginx", "virtualHosts", "<name>", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.listenAddresses": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.nginx.virtualHosts.<name>.locations": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nginx.virtualHosts.<name>.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.virtualHosts.<name>.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.virtualHosts.<name>.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.nginx.virtualHosts.<name>.locations.<name>.index": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.nginx.virtualHosts.<name>.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.locations.<name>.return": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.nginx.virtualHosts.<name>.locations.<name>.root": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.virtualHosts.<name>.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.onlySSL": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.quic": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "quic"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.redirectCode": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.nginx.virtualHosts.<name>.rejectSSL": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.reuseport": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "reuseport"], "readOnly": false, "type": "boolean"}, "services.nginx.virtualHosts.<name>.root": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.virtualHosts.<name>.serverAliases": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "nginx", "virtualHosts", "<name>", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.nginx.virtualHosts.<name>.serverName": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "serverName"], "readOnly": false, "type": "null or string"}, "services.nginx.virtualHosts.<name>.sslCertificate": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.nginx.virtualHosts.<name>.sslCertificateKey": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.nginx.virtualHosts.<name>.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "nginx", "virtualHosts", "<name>", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.nginx.virtualHosts.<name>.useACMEHost": {"declarations": ["nixos/modules/services/web-servers/nginx/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "nginx", "virtualHosts", "<name>", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.ngircd.config": {"declarations": ["nixos/modules/services/networking/ngircd.nix"], "description": "The ngircd configuration (see {manpage}`ngircd.conf(5)`).", "loc": ["services", "ngircd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ngircd.enable": {"declarations": ["nixos/modules/services/networking/ngircd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the ngircd IRC server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ngircd", "enable"], "readOnly": false, "type": "boolean"}, "services.ngircd.package": {"declarations": ["nixos/modules/services/networking/ngircd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ngircd"}, "description": "The ngircd package to use.", "loc": ["services", "ngircd", "package"], "readOnly": false, "type": "package"}, "services.nifi.enable": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache NiFi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nifi", "enable"], "readOnly": false, "type": "boolean"}, "services.nifi.enableHTTPS": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable HTTPS protocol. Don`t use in production.", "loc": ["services", "nifi", "enableHTTPS"], "readOnly": false, "type": "boolean"}, "services.nifi.group": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "\"nifi\""}, "description": "Group account where Apache NiFi runs.", "loc": ["services", "nifi", "group"], "readOnly": false, "type": "string"}, "services.nifi.initJavaHeapSize": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the initial heap size for the JVM in MB.", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["services", "nifi", "initJavaHeapSize"], "readOnly": false, "type": "null or signed integer"}, "services.nifi.initPasswordFile": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "nitial password for Apache NiFi. Password must be at least 12 characters.", "example": {"_type": "literalExpression", "text": "\"/run/keys/nifi/password-nifi\""}, "loc": ["services", "nifi", "initPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.nifi.initUser": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Initial user account for Apache NiFi. Username must be at least 4 characters.", "loc": ["services", "nifi", "initUser"], "readOnly": false, "type": "null or string"}, "services.nifi.listenHost": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "if config.services.nifi.enableHTTPS\nthen \"0.0.0.0\"\nelse \"127.0.0.1\"\n"}, "description": "Bind to an ip for Apache NiFi web-ui.", "loc": ["services", "nifi", "listenHost"], "readOnly": false, "type": "string"}, "services.nifi.listenPort": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "if config.services.nifi.enableHTTPS\nthen \"8443\"\nelse \"8000\"\n"}, "description": "Bind to a port for Apache NiFi web-ui.", "loc": ["services", "nifi", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nifi.maxJavaHeapSize": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the initial heap size for the JVM in MB.", "example": {"_type": "literalExpression", "text": "2048"}, "loc": ["services", "nifi", "maxJavaHeapSize"], "readOnly": false, "type": "null or signed integer"}, "services.nifi.package": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nifi"}, "description": "The nifi package to use.", "loc": ["services", "nifi", "package"], "readOnly": false, "type": "package"}, "services.nifi.proxyHost": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "if config.services.nifi.enableHTTPS\nthen \"0.0.0.0\"\nelse null\n"}, "description": "Allow requests from a specific host.", "loc": ["services", "nifi", "proxyHost"], "readOnly": false, "type": "null or string"}, "services.nifi.proxyPort": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "if config.services.nifi.enableHTTPS\nthen \"8443\"\nelse null\n"}, "description": "Allow requests from a specific port.", "loc": ["services", "nifi", "proxyPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nifi.user": {"declarations": ["nixos/modules/services/web-apps/nifi.nix"], "default": {"_type": "literalExpression", "text": "\"nifi\""}, "description": "User account where Apache NiFi runs.", "loc": ["services", "nifi", "user"], "readOnly": false, "type": "string"}, "services.nipap.authBackendSettings": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "{\n  local = {\n    db_path = \"/var/lib/nipap/local_auth.db\";\n    type = \"SqliteAuth\";\n  };\n}"}, "description": "auth.backends options to set in /etc/nipap/nipap.conf.\n", "loc": ["services", "nipap", "authBackendSettings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.nipap.enable": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable global Neat IP Address Planner (NIPAP) configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nipap", "enable"], "readOnly": false, "type": "boolean"}, "services.nipap.nipap-www.enable": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nipap-www server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nipap", "nipap-www", "enable"], "readOnly": false, "type": "boolean"}, "services.nipap.nipap-www.host": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "Host to bind to.", "loc": ["services", "nipap", "nipap-www", "host"], "readOnly": false, "type": "null or string"}, "services.nipap.nipap-www.package": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nipap-www"}, "description": "The nipap-www package to use.", "loc": ["services", "nipap", "nipap-www", "package"], "readOnly": false, "type": "package"}, "services.nipap.nipap-www.port": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "21337"}, "description": "Port to bind to.", "loc": ["services", "nipap", "nipap-www", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nipap.nipap-www.umask": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "umask for files written by Gunicorn, including UNIX socket.", "loc": ["services", "nipap", "nipap-www", "umask"], "readOnly": false, "type": "string"}, "services.nipap.nipap-www.unixSocket": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to UNIX socket to bind to.", "example": {"_type": "literalExpression", "text": "\"/run/nipap/nipap-www.sock\""}, "loc": ["services", "nipap", "nipap-www", "unixSocket"], "readOnly": false, "type": "null or string"}, "services.nipap.nipap-www.workers": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Number of worker processes for Gunicorn to fork.", "loc": ["services", "nipap", "nipap-www", "workers"], "readOnly": false, "type": "signed integer"}, "services.nipap.nipap-www.xmlrpcURIFile": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing XMLRPC URI for use by web UI - this is a secret, since it contains auth credentials. If null, it will be initialized assuming that the auth database is local.", "loc": ["services", "nipap", "nipap-www", "xmlrpcURIFile"], "readOnly": false, "type": "null or absolute path"}, "services.nipap.nipapd.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create a nipap database automatically.", "loc": ["services", "nipap", "nipapd", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.nipap.nipapd.enable": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nipapd server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nipap", "nipapd", "enable"], "readOnly": false, "type": "boolean"}, "services.nipap.nipapd.package": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nipap"}, "description": "The nipap package to use.", "loc": ["services", "nipap", "nipapd", "package"], "readOnly": false, "type": "package"}, "services.nipap.settings": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options to set in /etc/nipap/nipap.conf.\n", "loc": ["services", "nipap", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.nipap.settings.auth.auth_cache_timeout": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "3600"}, "description": "Seconds to store cached auth entries for.", "loc": ["services", "nipap", "settings", "auth", "auth_cache_timeout"], "readOnly": false, "type": "signed integer"}, "services.nipap.settings.auth.default_backend": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "Name of auth backend to use by default.", "loc": ["services", "nipap", "settings", "auth", "default_backend"], "readOnly": false, "type": "string"}, "services.nipap.settings.nipapd.db_host": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "PostgreSQL host to connect to. Empty means use UNIX socket.", "loc": ["services", "nipap", "settings", "nipapd", "db_host"], "readOnly": false, "type": "string"}, "services.nipap.settings.nipapd.db_name": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"nipap\""}, "description": "Name of database to use on PostgreSQL server.", "loc": ["services", "nipap", "settings", "nipapd", "db_name"], "readOnly": false, "type": "string"}, "services.nipap.settings.nipapd.debug": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable debug logging.", "loc": ["services", "nipap", "settings", "nipapd", "debug"], "readOnly": false, "type": "boolean"}, "services.nipap.settings.nipapd.foreground": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Remain in foreground rather than forking to background.", "loc": ["services", "nipap", "settings", "nipapd", "foreground"], "readOnly": false, "type": "boolean"}, "services.nipap.settings.nipapd.listen": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"::1\""}, "description": "IP address to bind nipapd to.", "loc": ["services", "nipap", "settings", "nipapd", "listen"], "readOnly": false, "type": "string"}, "services.nipap.settings.nipapd.port": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "1337"}, "description": "Port to bind nipapd to.", "loc": ["services", "nipap", "settings", "nipapd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nipap.user": {"declarations": ["nixos/modules/services/web-apps/nipap.nix"], "default": {"_type": "literalExpression", "text": "\"nipap\""}, "description": "User to use for running NIPAP services.", "loc": ["services", "nipap", "user"], "readOnly": false, "type": "string"}, "services.nitter.cache.listMinutes": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "240"}, "description": "How long to cache list info (not the tweets, so keep it high).", "loc": ["services", "nitter", "cache", "listMinutes"], "readOnly": false, "type": "signed integer"}, "services.nitter.cache.redisConnections": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Redis connection pool size.", "loc": ["services", "nitter", "cache", "redisConnections"], "readOnly": false, "type": "signed integer"}, "services.nitter.cache.redisHost": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Redis host.", "loc": ["services", "nitter", "cache", "redisHost"], "readOnly": false, "type": "string"}, "services.nitter.cache.redisMaxConnections": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Maximum number of connections to Redis.\n\nNew connections are opened when none are available, but if the\npool size goes above this, they are closed when released, do not\nworry about this unless you receive tons of requests per second.\n", "loc": ["services", "nitter", "cache", "redisMaxConnections"], "readOnly": false, "type": "signed integer"}, "services.nitter.cache.redisPort": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "Redis port.", "loc": ["services", "nitter", "cache", "redisPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nitter.cache.rssMinutes": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "How long to cache RSS queries.", "loc": ["services", "nitter", "cache", "rssMinutes"], "readOnly": false, "type": "signed integer"}, "services.nitter.config.base64Media": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use base64 encoding for proxied media URLs.", "loc": ["services", "nitter", "config", "base64Media"], "readOnly": false, "type": "boolean"}, "services.nitter.config.enableDebug": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable request logs and debug endpoints.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nitter", "config", "enableDebug"], "readOnly": false, "type": "boolean"}, "services.nitter.config.enableRSS": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable RSS feeds.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nitter", "config", "enableRSS"], "readOnly": false, "type": "boolean"}, "services.nitter.config.proxy": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL to a HTTP/HTTPS proxy.", "loc": ["services", "nitter", "config", "proxy"], "readOnly": false, "type": "string"}, "services.nitter.config.proxyAuth": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Credentials for proxy.", "loc": ["services", "nitter", "config", "proxyAuth"], "readOnly": false, "type": "string"}, "services.nitter.config.tokenCount": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Minimum amount of usable tokens.\n\nTokens are used to authorize API requests, but they expire after\n~1 hour, and have a limit of 187 requests. The limit gets reset\nevery 15 minutes, and the pool is filled up so there is always at\nleast tokenCount usable tokens. Only increase this if you receive\nmajor bursts all the time.\n", "loc": ["services", "nitter", "config", "tokenCount"], "readOnly": false, "type": "signed integer"}, "services.nitter.enable": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nitter, an alternative Twitter front-end.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nitter", "enable"], "readOnly": false, "type": "boolean"}, "services.nitter.openFirewall": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Nitter web interface.", "loc": ["services", "nitter", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.nitter.package": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nitter"}, "description": "The nitter package to use.", "loc": ["services", "nitter", "package"], "readOnly": false, "type": "package"}, "services.nitter.preferences.autoplayGifs": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Autoplay GIFs.", "loc": ["services", "nitter", "preferences", "autoplayGifs"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.bidiSupport": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Support bidirectional text (makes clicking on tweets harder).", "loc": ["services", "nitter", "preferences", "bidiSupport"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.hideBanner": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hide profile banner.", "loc": ["services", "nitter", "preferences", "hideBanner"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.hidePins": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hide pinned tweets.", "loc": ["services", "nitter", "preferences", "hidePins"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.hideReplies": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hide tweet replies.", "loc": ["services", "nitter", "preferences", "hideReplies"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.hideTweetStats": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hide tweet stats (replies, retweets, likes).", "loc": ["services", "nitter", "preferences", "hideTweetStats"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.hlsPlayback": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable HLS video streaming (requires JavaScript).", "loc": ["services", "nitter", "preferences", "hlsPlayback"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.infiniteScroll": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Infinite scrolling (requires JavaScript, experimental!).", "loc": ["services", "nitter", "preferences", "infiniteScroll"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.mp4Playback": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable MP4 video playback.", "loc": ["services", "nitter", "preferences", "mp4Playback"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.muteVideos": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Mute videos by default.", "loc": ["services", "nitter", "preferences", "muteVideos"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.proxyVideos": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Proxy video streaming through the server (might be slow).", "loc": ["services", "nitter", "preferences", "proxyVideos"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.replaceReddit": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Replace Reddit links with links to this instance (blank to disable).", "example": {"_type": "literalExpression", "text": "\"teddit.net\""}, "loc": ["services", "nitter", "preferences", "replaceReddit"], "readOnly": false, "type": "string"}, "services.nitter.preferences.replaceTwitter": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Replace Twitter links with links to this instance (blank to disable).", "example": {"_type": "literalExpression", "text": "\"nitter.net\""}, "loc": ["services", "nitter", "preferences", "replaceTwitter"], "readOnly": false, "type": "string"}, "services.nitter.preferences.replaceYouTube": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Replace YouTube links with links to this instance (blank to disable).", "example": {"_type": "literalExpression", "text": "\"piped.kavin.rocks\""}, "loc": ["services", "nitter", "preferences", "replaceYouTube"], "readOnly": false, "type": "string"}, "services.nitter.preferences.squareAvatars": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Square profile pictures.", "loc": ["services", "nitter", "preferences", "squareAvatars"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.stickyProfile": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Make profile sidebar stick to top.", "loc": ["services", "nitter", "preferences", "stickyProfile"], "readOnly": false, "type": "boolean"}, "services.nitter.preferences.theme": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"Nitter\""}, "description": "Instance theme.", "loc": ["services", "nitter", "preferences", "theme"], "readOnly": false, "type": "string"}, "services.nitter.redisCreateLocally": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure local Redis server for Nitter.", "loc": ["services", "nitter", "redisCreateLocally"], "readOnly": false, "type": "boolean"}, "services.nitter.server.address": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address to listen on.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "nitter", "server", "address"], "readOnly": false, "type": "string"}, "services.nitter.server.hostname": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname of the instance.", "example": {"_type": "literalExpression", "text": "\"nitter.net\""}, "loc": ["services", "nitter", "server", "hostname"], "readOnly": false, "type": "string"}, "services.nitter.server.httpMaxConnections": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum number of HTTP connections.", "loc": ["services", "nitter", "server", "httpMaxConnections"], "readOnly": false, "type": "signed integer"}, "services.nitter.server.https": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set secure attribute on cookies. Keep it disabled to enable cookies when not using HTTPS.", "loc": ["services", "nitter", "server", "https"], "readOnly": false, "type": "boolean"}, "services.nitter.server.port": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port to listen on.", "example": {"_type": "literalExpression", "text": "8000"}, "loc": ["services", "nitter", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nitter.server.staticDir": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.nitter.package}/share/nitter/public\""}, "description": "Path to the static files directory.", "loc": ["services", "nitter", "server", "staticDir"], "readOnly": false, "type": "absolute path"}, "services.nitter.server.title": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"nitter\""}, "description": "Title of the instance.", "loc": ["services", "nitter", "server", "title"], "readOnly": false, "type": "string"}, "services.nitter.sessionsFile": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/nitter/sessions.jsonl\""}, "description": "Path to the session tokens file.\n\nThis file contains a list of session tokens that can be used to\naccess the instance without logging in. The file is in JSONL format,\nwhere each line is a JSON object with the following fields:\n\n{\"oauth_token\":\"some_token\",\"oauth_token_secret\":\"some_secret_key\"}\n\nSee <https://github.com/zedeus/nitter/wiki/Creating-session-tokens>\nfor more information on session tokens and how to generate them.\n", "loc": ["services", "nitter", "sessionsFile"], "readOnly": false, "type": "absolute path"}, "services.nitter.settings": {"declarations": ["nixos/modules/services/misc/nitter.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Add settings here to override NixOS module generated settings.\n\nCheck the official repository for the available settings:\n<https://github.com/zedeus/nitter/blob/master/nitter.example.conf>\n", "loc": ["services", "nitter", "settings"], "readOnly": false, "type": "attribute set"}, "services.nix-serve.bindAddress": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address where nix-serve will bind its listening socket.\n", "loc": ["services", "nix-serve", "bindAddress"], "readOnly": false, "type": "string"}, "services.nix-serve.enable": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nix-serve, the standalone Nix binary cache server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nix-serve", "enable"], "readOnly": false, "type": "boolean"}, "services.nix-serve.extraParams": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra command line parameters for nix-serve.\n", "loc": ["services", "nix-serve", "extraParams"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.nix-serve.openFirewall": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for nix-serve.", "loc": ["services", "nix-serve", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.nix-serve.package": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nix-serve"}, "description": "The nix-serve package to use.", "loc": ["services", "nix-serve", "package"], "readOnly": false, "type": "package"}, "services.nix-serve.port": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port number where nix-serve will listen on.\n", "loc": ["services", "nix-serve", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nix-serve.secretKeyFile": {"declarations": ["nixos/modules/services/networking/nix-serve.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the file used for signing derivation data.\nGenerate with:\n\n```\nnix-store --generate-binary-cache-key key-name secret-key-file public-key-file\n```\n\nFor more details see {manpage}`nix-store(1)`.\n", "loc": ["services", "nix-serve", "secretKeyFile"], "readOnly": false, "type": "null or string"}, "services.nix-store-gcs-proxy": {"declarations": ["nixos/modules/services/networking/nix-store-gcs-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set describing an HTTP to GCS proxy that allows us to use GCS\nbucket via HTTP protocol.\n", "loc": ["services", "nix-store-gcs-proxy"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nix-store-gcs-proxy.<name>.address": {"declarations": ["nixos/modules/services/networking/nix-store-gcs-proxy.nix"], "description": "The address of the proxy.", "example": {"_type": "literalExpression", "text": "\"localhost:3000\""}, "loc": ["services", "nix-store-gcs-proxy", "<name>", "address"], "readOnly": false, "type": "string"}, "services.nix-store-gcs-proxy.<name>.bucketName": {"declarations": ["nixos/modules/services/networking/nix-store-gcs-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Name of Google storage bucket", "example": {"_type": "literalExpression", "text": "\"my-bucket-name\""}, "loc": ["services", "nix-store-gcs-proxy", "<name>", "bucketName"], "readOnly": false, "type": "string"}, "services.nix-store-gcs-proxy.<name>.enable": {"declarations": ["nixos/modules/services/networking/nix-store-gcs-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable proxy for this bucket", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nix-store-gcs-proxy", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.nixops-dns.dnsmasq": {"declarations": ["nixos/modules/services/networking/nixops-dns.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable dnsmasq forwarding to nixops-dns. This allows to use\nnixops-dns for `services.nixops-dns.domain` resolution\nwhile forwarding the rest of the queries to original resolvers.\n", "loc": ["services", "nixops-dns", "dnsmasq"], "readOnly": false, "type": "boolean"}, "services.nixops-dns.domain": {"declarations": ["nixos/modules/services/networking/nixops-dns.nix"], "default": {"_type": "literalExpression", "text": "\"ops\""}, "description": "Fake domain name to resolve to NixOps virtual machines.\n\nFor example \"ops\" will resolve \"vm.ops\".\n", "loc": ["services", "nixops-dns", "domain"], "readOnly": false, "type": "string"}, "services.nixops-dns.enable": {"declarations": ["nixos/modules/services/networking/nixops-dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the nixops-dns resolution\nof NixOps virtual machines via dnsmasq and fake domain name.\n", "loc": ["services", "nixops-dns", "enable"], "readOnly": false, "type": "boolean"}, "services.nixops-dns.user": {"declarations": ["nixos/modules/services/networking/nixops-dns.nix"], "description": "The user the nixops-dns daemon should run as.\nThis should be the user, which is also used for nixops and\nhave the .nixops directory in its home.\n", "loc": ["services", "nixops-dns", "user"], "readOnly": false, "type": "string"}, "services.nixseparatedebuginfod2.cacheExpirationDelay": {"declarations": ["nixos/modules/services/development/nixseparatedebuginfod2.nix"], "default": {"_type": "literalExpression", "text": "\"1d\""}, "description": "keep unused cache entries for this long. A number followed by a unit", "loc": ["services", "nixseparatedebuginfod2", "cacheExpirationDelay"], "readOnly": false, "type": "string"}, "services.nixseparatedebuginfod2.enable": {"declarations": ["nixos/modules/services/development/nixseparatedebuginfod2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nixseparatedebuginfod2, a debuginfod server providing source and debuginfo for nix packages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nixseparatedebuginfod2", "enable"], "readOnly": false, "type": "boolean"}, "services.nixseparatedebuginfod2.package": {"declarations": ["nixos/modules/services/development/nixseparatedebuginfod2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nixseparatedebuginfod2"}, "description": "The nixseparatedebuginfod2 package to use.", "loc": ["services", "nixseparatedebuginfod2", "package"], "readOnly": false, "type": "package"}, "services.nixseparatedebuginfod2.port": {"declarations": ["nixos/modules/services/development/nixseparatedebuginfod2.nix"], "default": {"_type": "literalExpression", "text": "1949"}, "description": "port to listen", "loc": ["services", "nixseparatedebuginfod2", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nixseparatedebuginfod2.substituters": {"declarations": ["nixos/modules/services/development/nixseparatedebuginfod2.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"local:\"\n  \"https://cache.nixos.org\"\n]"}, "description": "nix substituter to fetch debuginfo from. Either http/https/file substituters, or `local:` to use debuginfo present in the local store.", "loc": ["services", "nixseparatedebuginfod2", "substituters"], "readOnly": false, "type": "list of string"}, "services.nncp.caller.enable": {"declarations": ["nixos/modules/services/networking/nncp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cron'ed NNCP TCP daemon caller.\nThe daemon will take configuration from\n[](#opt-programs.nncp.settings)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nncp", "caller", "enable"], "readOnly": false, "type": "boolean"}, "services.nncp.caller.extraArgs": {"declarations": ["nixos/modules/services/networking/nncp.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to caller.", "example": {"_type": "literalExpression", "text": "[\n  \"-autotoss\"\n]"}, "loc": ["services", "nncp", "caller", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.nncp.daemon.enable": {"declarations": ["nixos/modules/services/networking/nncp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NNCP TCP synronization daemon.\nThe daemon will take configuration from\n[](#opt-programs.nncp.settings)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nncp", "daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.nncp.daemon.extraArgs": {"declarations": ["nixos/modules/services/networking/nncp.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to daemon.", "example": {"_type": "literalExpression", "text": "[\n  \"-autotoss\"\n]"}, "loc": ["services", "nncp", "daemon", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.nncp.daemon.socketActivation.enable": {"declarations": ["nixos/modules/services/networking/nncp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable socket activation for nncp-daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nncp", "daemon", "socketActivation", "enable"], "readOnly": false, "type": "boolean"}, "services.nncp.daemon.socketActivation.listenStreams": {"declarations": ["nixos/modules/services/networking/nncp.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"5400\"\n]"}, "description": "TCP sockets to bind to.\nSee [](#opt-systemd.sockets._name_.listenStreams).\n", "loc": ["services", "nncp", "daemon", "socketActivation", "listenStreams"], "readOnly": false, "type": "list of string"}, "services.nntp-proxy.enable": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NNTP-Proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nntp-proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.nntp-proxy.listenAddress": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Proxy listen address (IPv6 literal addresses need to be enclosed in \"[\" and \"]\" characters)\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "nntp-proxy", "listenAddress"], "readOnly": false, "type": "string"}, "services.nntp-proxy.port": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "5555"}, "description": "Proxy listen port\n", "loc": ["services", "nntp-proxy", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nntp-proxy.prohibitPosting": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to prohibit posting to the upstream server\n", "loc": ["services", "nntp-proxy", "prohibitPosting"], "readOnly": false, "type": "boolean"}, "services.nntp-proxy.sslCert": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"cert.pem\""}, "description": "Proxy ssl certificate path\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/cert.file\""}, "loc": ["services", "nntp-proxy", "sslCert"], "readOnly": false, "type": "string"}, "services.nntp-proxy.sslKey": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"key.pem\""}, "description": "Proxy ssl key path\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/key.file\""}, "loc": ["services", "nntp-proxy", "sslKey"], "readOnly": false, "type": "string"}, "services.nntp-proxy.upstreamMaxConnections": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Upstream server maximum allowed concurrent connections\n", "loc": ["services", "nntp-proxy", "upstreamMaxConnections"], "readOnly": false, "type": "signed integer"}, "services.nntp-proxy.upstreamPassword": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Upstream server password\n", "loc": ["services", "nntp-proxy", "upstreamPassword"], "readOnly": false, "type": "string"}, "services.nntp-proxy.upstreamPort": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "563"}, "description": "Upstream server port\n", "loc": ["services", "nntp-proxy", "upstreamPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nntp-proxy.upstreamServer": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Upstream server address\n", "example": {"_type": "literalExpression", "text": "\"ssl-eu.astraweb.com\""}, "loc": ["services", "nntp-proxy", "upstreamServer"], "readOnly": false, "type": "string"}, "services.nntp-proxy.upstreamUser": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Upstream server username\n", "loc": ["services", "nntp-proxy", "upstreamUser"], "readOnly": false, "type": "string"}, "services.nntp-proxy.users": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "NNTP-Proxy user configuration\n", "example": {"_type": "literalExpression", "text": "{\n  \"user1\" = {\n    passwordHash = \"$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0\";\n    maxConnections = 5;\n  };\n  \"anotheruser\" = {\n    passwordHash = \"$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0\";\n    maxConnections = 7;\n  };\n}\n"}, "loc": ["services", "nntp-proxy", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nntp-proxy.users.<name>.maxConnections": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Maximum number of concurrent connections to the proxy for this user\n", "loc": ["services", "nntp-proxy", "users", "<name>", "maxConnections"], "readOnly": false, "type": "signed integer"}, "services.nntp-proxy.users.<name>.passwordHash": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "description": "SHA-512 password hash (can be generated by\n`mkpasswd -m sha-512 <password>`)\n", "example": {"_type": "literalExpression", "text": "\"$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0\""}, "loc": ["services", "nntp-proxy", "users", "<name>", "passwordHash"], "readOnly": false, "type": "string"}, "services.nntp-proxy.users.<name>.username": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "description": "Username\n", "loc": ["services", "nntp-proxy", "users", "<name>", "username"], "readOnly": false, "type": "string"}, "services.nntp-proxy.verbosity": {"declarations": ["nixos/modules/services/networking/nntp-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Verbosity level\n", "example": {"_type": "literalExpression", "text": "\"error\""}, "loc": ["services", "nntp-proxy", "verbosity"], "readOnly": false, "type": "one of \"error\", \"warning\", \"notice\", \"info\", \"debug\""}, "services.node-red.configFile": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "\"${package}/lib/node_modules/node-red/packages/node_modules/node-red/settings.js\""}, "description": "Path to the JavaScript configuration file.\nSee <https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js>\nfor a configuration example.\n", "loc": ["services", "node-red", "configFile"], "readOnly": false, "type": "absolute path"}, "services.node-red.define": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List of settings.js overrides to pass via -D to Node-RED.", "example": {"_type": "literalExpression", "text": "{\n  \"logging.console.level\" = \"trace\";\n}\n"}, "loc": ["services", "node-red", "define"], "readOnly": false, "type": "attribute set"}, "services.node-red.enable": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Node-RED service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "node-red", "enable"], "readOnly": false, "type": "boolean"}, "services.node-red.group": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "\"node-red\""}, "description": "Group under which Node-RED runs.If left as the default value this group\nwill automatically be created on system activation, otherwise the\nsysadmin is responsible for ensuring the group exists.\n", "loc": ["services", "node-red", "group"], "readOnly": false, "type": "string"}, "services.node-red.openFirewall": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the server.\n", "loc": ["services", "node-red", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.node-red.package": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "pkgs.node-red"}, "description": "The node-red package to use.", "loc": ["services", "node-red", "package"], "readOnly": false, "type": "package"}, "services.node-red.port": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "1880"}, "description": "Listening port.", "loc": ["services", "node-red", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.node-red.safe": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to launch Node-RED in --safe mode.", "loc": ["services", "node-red", "safe"], "readOnly": false, "type": "boolean"}, "services.node-red.user": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "\"node-red\""}, "description": "User under which Node-RED runs.If left as the default value this user\nwill automatically be created on system activation, otherwise the\nsysadmin is responsible for ensuring the user exists.\n", "loc": ["services", "node-red", "user"], "readOnly": false, "type": "string"}, "services.node-red.userDir": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/node-red\""}, "description": "The directory to store all user data, such as flow and credential files and all library data. If left\nas the default value this directory will automatically be created before the node-red service starts,\notherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership\nand permissions.\n", "loc": ["services", "node-red", "userDir"], "readOnly": false, "type": "absolute path"}, "services.node-red.withNpmAndGcc": {"declarations": ["nixos/modules/services/web-apps/node-red.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be\ndownloaded and managed imperatively via the 'Palette Manager'.\n", "loc": ["services", "node-red", "withNpmAndGcc"], "readOnly": false, "type": "boolean"}, "services.nohang.configPath": {"declarations": ["nixos/modules/services/system/nohang.nix"], "default": {"_type": "literalExpression", "text": "\"desktop\""}, "description": "Configuration file to use with nohang. The default and desktop example configurations in the nohang repository\ncan be used by setting this to \"basic\" or \"desktop\" (which is the default). Otherwise, you can set it to the path\nof a custom configuration file.\n", "example": {"_type": "literalExpression", "text": "./my-nohang-config.conf"}, "loc": ["services", "nohang", "configPath"], "readOnly": false, "type": "one of \"basic\", \"desktop\" or absolute path"}, "services.nohang.enable": {"declarations": ["nixos/modules/services/system/nohang.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nohang, a daemon that keeps system responsiveness when Linux is out of memory.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nohang", "enable"], "readOnly": false, "type": "boolean"}, "services.nohang.package": {"declarations": ["nixos/modules/services/system/nohang.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nohang"}, "description": "The nohang package to use.", "loc": ["services", "nohang", "package"], "readOnly": false, "type": "package"}, "services.nomad.credentials": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Credentials envs used to configure nomad secrets.\n", "example": {"_type": "literalExpression", "text": "{\n  logs_remote_write_password = \"/run/keys/nomad_write_password\";\n}"}, "loc": ["services", "nomad", "credentials"], "readOnly": false, "type": "attribute set of string"}, "services.nomad.dropPrivileges": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the nomad agent should be run as a non-root nomad user.\n", "loc": ["services", "nomad", "dropPrivileges"], "readOnly": false, "type": "boolean"}, "services.nomad.enable": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Nomad, a distributed, highly available, datacenter-aware scheduler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nomad", "enable"], "readOnly": false, "type": "boolean"}, "services.nomad.enableDocker": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable Docker support. Needed for Nomad's docker driver.\n\nNote that the docker group membership is effectively equivalent\nto being root, see <https://github.com/moby/moby/issues/9976>.\n", "loc": ["services", "nomad", "enableDocker"], "readOnly": false, "type": "boolean"}, "services.nomad.extraPackages": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to {env}`PATH` for the Nomad agent process.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ cni-plugins ]\n"}, "loc": ["services", "nomad", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.nomad.extraSettingsPaths": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional settings paths used to configure nomad. These can be files or directories.\n", "example": {"_type": "literalExpression", "text": "[ \"/etc/nomad-mutable.json\" \"/run/keys/nomad-with-secrets.json\" \"/etc/nomad/config.d\" ]\n"}, "loc": ["services", "nomad", "extraSettingsPaths"], "readOnly": false, "type": "list of absolute path"}, "services.nomad.extraSettingsPlugins": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional plugins dir used to configure nomad.\n", "example": {"_type": "literalExpression", "text": "[ \"<pluginDir>\" pkgs.nomad-driver-nix pkgs.nomad-driver-podman  ]\n"}, "loc": ["services", "nomad", "extraSettingsPlugins"], "readOnly": false, "type": "list of (package or absolute path)"}, "services.nomad.package": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nomad"}, "description": "The nomad package to use.", "loc": ["services", "nomad", "package"], "readOnly": false, "type": "package"}, "services.nomad.settings": {"declarations": ["nixos/modules/services/networking/nomad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Nomad. See the [documentation](https://www.nomadproject.io/docs/configuration)\nfor supported values.\n\nNotes about `data_dir`:\n\nIf `data_dir` is set to a value other than the\ndefault value of `\"/var/lib/nomad\"` it is the Nomad\ncluster manager's responsibility to make sure that this directory\nexists and has the appropriate permissions.\n\nAdditionally, if `dropPrivileges` is\n`true` then `data_dir`\n*cannot* be customized. Setting\n`dropPrivileges` to `true` enables\nthe `DynamicUser` feature of systemd which directly\nmanages and operates on `StateDirectory`.\n", "example": {"_type": "literalExpression", "text": "{\n  # A minimal config example:\n  server = {\n    enabled = true;\n    bootstrap_expect = 1; # for demo; no fault tolerance\n  };\n  client = {\n    enabled = true;\n  };\n}\n"}, "loc": ["services", "nomad", "settings"], "readOnly": false, "type": "JSON value"}, "services.nominatim.database.apiUser": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "\"nominatim-api\""}, "description": "Postgresql database user with read-only permissions used for Nominatim\nweb API service.\n", "loc": ["services", "nominatim", "database", "apiUser"], "readOnly": false, "type": "string"}, "services.nominatim.database.dbname": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "\"nominatim\""}, "description": "Name of the postgresql database.", "loc": ["services", "nominatim", "database", "dbname"], "readOnly": false, "type": "string"}, "services.nominatim.database.extraConnectionParams": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra Nominatim database connection parameters.\n\nFormat:\n<param1>=<value1>;<param2>=<value2>\n\nSee <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS>.\n", "loc": ["services", "nominatim", "database", "extraConnectionParams"], "readOnly": false, "type": "null or string"}, "services.nominatim.database.host": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host of the postgresql server. If not set to `localhost`, Nominatim\ndatabase and postgresql superuser with appropriate permissions must\nexist on target host.\n", "loc": ["services", "nominatim", "database", "host"], "readOnly": false, "type": "string"}, "services.nominatim.database.passwordFile": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password file used for Nominatim database connection.\nMust be readable only for the Nominatim web API user.\n\nThe file must be a valid `.pgpass` file as described in:\n<https://www.postgresql.org/docs/current/libpq-pgpass.html>\n\nIn most cases, the following will be enough:\n```\n*:*:*:*:<password>\n```\n", "loc": ["services", "nominatim", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.nominatim.database.port": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Port of the postgresql database.", "loc": ["services", "nominatim", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nominatim.database.superUser": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "\"nominatim\""}, "description": "Postgresql database superuser used to create Nominatim database and\nimport data. If `database.host` is set to `localhost`, a unix user and\ngroup of the same name will be automatically created.\n", "loc": ["services", "nominatim", "database", "superUser"], "readOnly": false, "type": "string"}, "services.nominatim.enable": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nominatim.\n\nAlso enables nginx virtual host management. Further nginx configuration\ncan be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts).\n", "loc": ["services", "nominatim", "enable"], "readOnly": false, "type": "boolean"}, "services.nominatim.hostName": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "description": "Hostname to use for the nginx vhost.", "example": {"_type": "literalExpression", "text": "\"nominatim.example.com\""}, "loc": ["services", "nominatim", "hostName"], "readOnly": false, "type": "string"}, "services.nominatim.package": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nominatim-api"}, "description": "The nominatim-api package to use.", "loc": ["services", "nominatim", "package"], "readOnly": false, "type": "package"}, "services.nominatim.settings": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Nominatim configuration settings.\nFor the list of available configuration options see\n<https://nominatim.org/release-docs/latest/customize/Settings>.\n", "example": {"_type": "literalExpression", "text": "{\n  NOMINATIM_REPLICATION_URL = \"https://planet.openstreetmap.org/replication/minute\";\n  NOMINATIM_REPLICATION_MAX_DIFF = \"100\";\n}\n"}, "loc": ["services", "nominatim", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.nominatim.ui.config": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Nominatim UI configuration placed to theme/config.theme.js file.\n\nFor the list of available configuration options see\n<https://github.com/osm-search/nominatim-ui/blob/master/dist/config.defaults.js>.\n", "example": {"_type": "literalExpression", "text": "''\n  Nominatim_Config.Page_Title='My Nominatim instance';\n  Nominatim_Config.Nominatim_API_Endpoint='https://localhost/';\n''"}, "loc": ["services", "nominatim", "ui", "config"], "readOnly": false, "type": "null or string"}, "services.nominatim.ui.package": {"declarations": ["nixos/modules/services/search/nominatim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nominatim-ui"}, "description": "The nominatim-ui package to use.", "loc": ["services", "nominatim", "ui", "package"], "readOnly": false, "type": "package"}, "services.nostr-rs-relay.dataDir": {"declarations": ["nixos/modules/services/web-apps/nostr-rs-relay.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/nostr-rs-relay\""}, "description": "Directory for SQLite files.", "loc": ["services", "nostr-rs-relay", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.nostr-rs-relay.enable": {"declarations": ["nixos/modules/services/web-apps/nostr-rs-relay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nostr-rs-relay.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nostr-rs-relay", "enable"], "readOnly": false, "type": "boolean"}, "services.nostr-rs-relay.package": {"declarations": ["nixos/modules/services/web-apps/nostr-rs-relay.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nostr-rs-relay"}, "description": "The nostr-rs-relay package to use.", "loc": ["services", "nostr-rs-relay", "package"], "readOnly": false, "type": "package"}, "services.nostr-rs-relay.port": {"declarations": ["nixos/modules/services/web-apps/nostr-rs-relay.nix"], "default": {"_type": "literalExpression", "text": "12849"}, "description": "Listen on this port.", "loc": ["services", "nostr-rs-relay", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nostr-rs-relay.settings": {"declarations": ["nixos/modules/services/web-apps/nostr-rs-relay.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See <https://git.sr.ht/~gheartsfield/nostr-rs-relay/#configuration> for documentation.", "loc": ["services", "nostr-rs-relay", "settings"], "readOnly": false, "type": "TOML value"}, "services.novacomd.enable": {"declarations": ["nixos/modules/services/misc/novacomd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Novacom service for connecting to WebOS devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "novacomd", "enable"], "readOnly": false, "type": "boolean"}, "services.nscd.config": {"declarations": ["nixos/modules/services/system/nscd.nix"], "default": {"_type": "literalExpression", "text": "''\n  # We basically use nscd as a proxy for forwarding nss requests to appropriate\n  # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory\n  # containing all such modules\n  # Note that we can not use `enable-cache no` As this will actually cause nscd\n  # to just reject the nss requests it receives, which then causes glibc to\n  # fallback to trying to handle the request by itself. Which won't work as glibc\n  # is not aware of the path in which the nss modules live.  As a workaround, we\n  # have `enable-cache yes` with an explicit ttl of 0\n  server-user             nscd\n  \n  enable-cache            passwd          yes\n  positive-time-to-live   passwd          0\n  negative-time-to-live   passwd          0\n  shared                  passwd          yes\n  \n  enable-cache            group           yes\n  positive-time-to-live   group           0\n  negative-time-to-live   group           0\n  shared                  group           yes\n  \n  enable-cache            netgroup        yes\n  positive-time-to-live   netgroup        0\n  negative-time-to-live   netgroup        0\n  shared                  netgroup        yes\n  \n  enable-cache            hosts           yes\n  positive-time-to-live   hosts           0\n  negative-time-to-live   hosts           0\n  shared                  hosts           yes\n  \n  enable-cache            services        yes\n  positive-time-to-live   services        0\n  negative-time-to-live   services        0\n  shared                  services        yes\n''"}, "description": "Configuration to use for Name Service Cache Daemon.\nOnly used in case glibc-nscd is used.\n", "loc": ["services", "nscd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nscd.enable": {"declarations": ["nixos/modules/services/system/nscd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the Name Service Cache Daemon.\nDisabling this is strongly discouraged, as this effectively disables NSS Lookups\nfrom all non-glibc NSS modules, including the ones provided by systemd.\n", "loc": ["services", "nscd", "enable"], "readOnly": false, "type": "boolean"}, "services.nscd.enableNsncd": {"declarations": ["nixos/modules/services/system/nscd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use nsncd instead of nscd from glibc.\nThis is a nscd-compatible daemon, that proxies lookups, without any caching.\nUsing nscd from glibc is discouraged.\n", "loc": ["services", "nscd", "enableNsncd"], "readOnly": false, "type": "boolean"}, "services.nscd.group": {"declarations": ["nixos/modules/services/system/nscd.nix"], "default": {"_type": "literalExpression", "text": "\"nscd\""}, "description": "User group under which nscd runs.\n", "loc": ["services", "nscd", "group"], "readOnly": false, "type": "string"}, "services.nscd.package": {"declarations": ["nixos/modules/services/system/nscd.nix"], "default": {"_type": "literalExpression", "text": "if pkgs.stdenv.hostPlatform.libc == \"glibc\"\n  then pkgs.stdenv.cc.libc.bin\n  else pkgs.glibc.bin;\n"}, "description": "package containing the nscd binary to be used by the service.\nIgnored when enableNsncd is set to true.\n", "loc": ["services", "nscd", "package"], "readOnly": false, "type": "package"}, "services.nscd.user": {"declarations": ["nixos/modules/services/system/nscd.nix"], "default": {"_type": "literalExpression", "text": "\"nscd\""}, "description": "User account under which nscd runs.\n", "loc": ["services", "nscd", "user"], "readOnly": false, "type": "string"}, "services.nsd.bind8Stats": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable BIND8 like statistics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nsd", "bind8Stats"], "readOnly": false, "type": "boolean"}, "services.nsd.dnssecInterval": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"1h\""}, "description": "How often to check whether dnssec key rollover is required\n", "loc": ["services", "nsd", "dnssecInterval"], "readOnly": false, "type": "string"}, "services.nsd.enable": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NSD authoritative DNS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nsd", "enable"], "readOnly": false, "type": "boolean"}, "services.nsd.extraConfig": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra nsd config.\n", "loc": ["services", "nsd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nsd.hideVersion": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.\n", "loc": ["services", "nsd", "hideVersion"], "readOnly": false, "type": "boolean"}, "services.nsd.identity": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"unidentified server\""}, "description": "Identify the server (CH TXT ID.SERVER entry).\n", "loc": ["services", "nsd", "identity"], "readOnly": false, "type": "string"}, "services.nsd.interfaces": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.0\"\n  \"::1\"\n]"}, "description": "What addresses the server should listen to.\n", "loc": ["services", "nsd", "interfaces"], "readOnly": false, "type": "list of string"}, "services.nsd.ipFreebind": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to bind to nonlocal addresses and interfaces that are down.\nSimilar to ip-transparent.\n", "loc": ["services", "nsd", "ipFreebind"], "readOnly": false, "type": "boolean"}, "services.nsd.ipTransparent": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow binding to non local addresses.\n", "loc": ["services", "nsd", "ipTransparent"], "readOnly": false, "type": "boolean"}, "services.nsd.ipv4": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to listen on IPv4 connections.\n", "loc": ["services", "nsd", "ipv4"], "readOnly": false, "type": "boolean"}, "services.nsd.ipv4EDNSSize": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "Preferred EDNS buffer size for IPv4.\n", "loc": ["services", "nsd", "ipv4EDNSSize"], "readOnly": false, "type": "signed integer"}, "services.nsd.ipv6": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to listen on IPv6 connections.\n", "loc": ["services", "nsd", "ipv6"], "readOnly": false, "type": "boolean"}, "services.nsd.ipv6EDNSSize": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "Preferred EDNS buffer size for IPv6.\n", "loc": ["services", "nsd", "ipv6EDNSSize"], "readOnly": false, "type": "signed integer"}, "services.nsd.keys": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Define your TSIG keys here.\n", "example": {"_type": "literalExpression", "text": "{ \"tsig.example.org\" = {\n    algorithm = \"hmac-md5\";\n    keyFile = \"/path/to/my/key\";\n  };\n}\n"}, "loc": ["services", "nsd", "keys"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nsd.keys.<name>.algorithm": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"hmac-sha256\""}, "description": "Authentication algorithm for this key.\n", "loc": ["services", "nsd", "keys", "<name>", "algorithm"], "readOnly": false, "type": "string"}, "services.nsd.keys.<name>.keyFile": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "Path to the file which contains the actual base64 encoded\nkey. The key will be copied into \"/var/lib/nsd/private\" before\nNSD starts. The copied file is only accessibly by the NSD\nuser.\n", "loc": ["services", "nsd", "keys", "<name>", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.nsd.logTimeAscii": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Log time in ascii, if false then in unix epoch seconds.\n", "loc": ["services", "nsd", "logTimeAscii"], "readOnly": false, "type": "boolean"}, "services.nsd.nsid": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "NSID identity (hex string, or \"ascii_somestring\").\n", "loc": ["services", "nsd", "nsid"], "readOnly": false, "type": "null or string"}, "services.nsd.port": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "Port the service should bind do.\n", "loc": ["services", "nsd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nsd.ratelimit.enable": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ratelimit capabilities.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nsd", "ratelimit", "enable"], "readOnly": false, "type": "boolean"}, "services.nsd.ratelimit.ipv4PrefixLength": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4 prefix length. Addresses are grouped by netblock.\n", "loc": ["services", "nsd", "ratelimit", "ipv4PrefixLength"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.ratelimit.ipv6PrefixLength": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv6 prefix length. Addresses are grouped by netblock.\n", "loc": ["services", "nsd", "ratelimit", "ipv6PrefixLength"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.ratelimit.ratelimit": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "200"}, "description": "Max qps allowed from any query source.\n0 means unlimited. With an verbosity of 2 blocked and\nunblocked subnets will be logged.\n", "loc": ["services", "nsd", "ratelimit", "ratelimit"], "readOnly": false, "type": "signed integer"}, "services.nsd.ratelimit.size": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "1000000"}, "description": "Size of the hashtable. More buckets use more memory but lower\nthe chance of hash hash collisions.\n", "loc": ["services", "nsd", "ratelimit", "size"], "readOnly": false, "type": "signed integer"}, "services.nsd.ratelimit.slip": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of packets that get discarded before replying a SLIP response.\n0 disables SLIP responses. 1 will make every response a SLIP response.\n", "loc": ["services", "nsd", "ratelimit", "slip"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.ratelimit.whitelistRatelimit": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "2000"}, "description": "Max qps allowed from whitelisted sources.\n0 means unlimited. Set the rrl-whitelist option for specific\nqueries to apply this limit instead of the default to them.\n", "loc": ["services", "nsd", "ratelimit", "whitelistRatelimit"], "readOnly": false, "type": "signed integer"}, "services.nsd.remoteControl.controlCertFile": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/nsd/nsd_control.pem\""}, "description": "Path to the client certificate signed with the server certificate.\nThis file is used by nsd-control and generated by nsd-control-setup.\n", "loc": ["services", "nsd", "remoteControl", "controlCertFile"], "readOnly": false, "type": "absolute path"}, "services.nsd.remoteControl.controlKeyFile": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/nsd/nsd_control.key\""}, "description": "Path to the client private key, which is used by nsd-control\nbut not by the server. This file is generated by nsd-control-setup.\n", "loc": ["services", "nsd", "remoteControl", "controlKeyFile"], "readOnly": false, "type": "absolute path"}, "services.nsd.remoteControl.enable": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable remote control via nsd-control.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nsd", "remoteControl", "enable"], "readOnly": false, "type": "boolean"}, "services.nsd.remoteControl.interfaces": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "description": "Which interfaces NSD should bind to for remote control.\n", "loc": ["services", "nsd", "remoteControl", "interfaces"], "readOnly": false, "type": "list of string"}, "services.nsd.remoteControl.port": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "8952"}, "description": "Port number for remote control operations (uses TLS over TCP).\n", "loc": ["services", "nsd", "remoteControl", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nsd.remoteControl.serverCertFile": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/nsd/nsd_server.pem\""}, "description": "Path to the server self signed certificate, which is used by the server\nbut and by nsd-control. This file is generated by nsd-control-setup.\n", "loc": ["services", "nsd", "remoteControl", "serverCertFile"], "readOnly": false, "type": "absolute path"}, "services.nsd.remoteControl.serverKeyFile": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/nsd/nsd_server.key\""}, "description": "Path to the server private key, which is used by the server\nbut not by nsd-control. This file is generated by nsd-control-setup.\n", "loc": ["services", "nsd", "remoteControl", "serverKeyFile"], "readOnly": false, "type": "absolute path"}, "services.nsd.reuseport": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stdenv.hostPlatform.isLinux"}, "description": "Whether to enable SO_REUSEPORT on all used sockets. This lets multiple\nprocesses bind to the same port. This speeds up operation especially\nif the server count is greater than one and makes fast restarts less\nprone to fail\n", "loc": ["services", "nsd", "reuseport"], "readOnly": false, "type": "boolean"}, "services.nsd.rootServer": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this server will be a root server (a DNS root server, you\nusually don't want that).\n", "loc": ["services", "nsd", "rootServer"], "readOnly": false, "type": "boolean"}, "services.nsd.roundRobin": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable round robin rotation of records.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nsd", "roundRobin"], "readOnly": false, "type": "boolean"}, "services.nsd.serverCount": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of NSD servers to fork. Put the number of CPUs to use here.\n", "loc": ["services", "nsd", "serverCount"], "readOnly": false, "type": "signed integer"}, "services.nsd.statistics": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Statistics are produced every number of seconds. Prints to log.\nIf null no statistics are logged.\n", "loc": ["services", "nsd", "statistics"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.tcpCount": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum number of concurrent TCP connections per server.\n", "loc": ["services", "nsd", "tcpCount"], "readOnly": false, "type": "signed integer"}, "services.nsd.tcpQueryCount": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum number of queries served on a single TCP connection.\n0 means no maximum.\n", "loc": ["services", "nsd", "tcpQueryCount"], "readOnly": false, "type": "signed integer"}, "services.nsd.tcpTimeout": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "TCP timeout in seconds.\n", "loc": ["services", "nsd", "tcpTimeout"], "readOnly": false, "type": "signed integer"}, "services.nsd.verbosity": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Verbosity level.\n", "loc": ["services", "nsd", "verbosity"], "readOnly": false, "type": "signed integer"}, "services.nsd.version": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The version string replied for CH TXT version.server and version.bind\nqueries. Will use the compiled package version on null.\nSee hideVersion for enabling/disabling this responses.\n", "loc": ["services", "nsd", "version"], "readOnly": false, "type": "null or string"}, "services.nsd.xfrdReloadTimeout": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of seconds between reloads triggered by xfrd.\n", "loc": ["services", "nsd", "xfrdReloadTimeout"], "readOnly": false, "type": "signed integer"}, "services.nsd.zonefilesCheck": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to check mtime of all zone files on start and sighup.\n", "loc": ["services", "nsd", "zonefilesCheck"], "readOnly": false, "type": "boolean"}, "services.nsd.zonefilesWrite": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Write changed secondary zones to their zonefile every N seconds.\nIf the zone (pattern) configuration has \"\" zonefile, it is not written.\nZones that have received zone transfer updates are written to their zonefile.\n0 disables writing to zone files.\n", "loc": ["services", "nsd", "zonefilesWrite"], "readOnly": false, "type": "signed integer"}, "services.nsd.zones": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Define your zones here. Zones can cascade other zones and therefore\ninherit settings from parent zones. Look at the definition of\nchildren to learn about inheritance and child zones.\nThe given example will define 3 zones (example.(com|org|net).). Both\nexample.com. and example.org. inherit their configuration from\nserverGroup1.\n", "example": {"_type": "literalExpression", "text": "{ \"serverGroup1\" = {\n    provideXFR = [ \"10.1.2.3 NOKEY\" ];\n    children = {\n      \"example.com.\" = {\n        data = ''\n          $ORIGIN example.com.\n          $TTL    86400\n          @ IN SOA a.ns.example.com. admin.example.com. (\n          ...\n        '';\n      };\n      \"example.org.\" = {\n        data = ''\n          $ORIGIN example.org.\n          $TTL    86400\n          @ IN SOA a.ns.example.com. admin.example.com. (\n          ...\n        '';\n      };\n    };\n  };\n\n  \"example.net.\" = {\n    provideXFR = [ \"10.3.2.1 NOKEY\" ];\n    data = ''\n      ...\n    '';\n  };\n}\n"}, "loc": ["services", "nsd", "zones"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.nsd.zones.<name>.allowAXFRFallback": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If NSD as secondary server should be allowed to AXFR if the primary\nserver does not allow IXFR.\n", "loc": ["services", "nsd", "zones", "<name>", "allowAXFRFallback"], "readOnly": false, "type": "boolean"}, "services.nsd.zones.<name>.allowNotify": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listed primary servers are allowed to notify this secondary server.\n\nFormat: `<ip> <key-name | NOKEY | BLOCKED>`\n\n`<ip>` either a plain IPv4/IPv6 address or range.\nValid patters for ranges:\n* `10.0.0.0/24`: via subnet size\n* `10.0.0.0&255.255.255.0`: via subnet mask\n* `10.0.0.1-10.0.0.254`: via range\n\nA optional port number could be added with a '@':\n* `2001:1234::1@1234`\n\n`<key-name | NOKEY | BLOCKED>`\n* `<key-name>` will use the specified TSIG key\n* `NOKEY` no TSIG signature is required\n* `BLOCKED`notifies from non-listed or blocked IPs will be ignored\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.0.2.0/24 NOKEY\"\n  \"10.0.0.1-10.0.0.5 my_tsig_key_name\"\n  \"10.0.3.4&255.255.0.0 BLOCKED\"\n]"}, "loc": ["services", "nsd", "zones", "<name>", "allowNotify"], "readOnly": false, "type": "list of string"}, "services.nsd.zones.<name>.children": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Children zones inherit all options of their parents. Attributes\ndefined in a child will overwrite the ones of its parent. Only\nleaf zones will be actually served. This way it's possible to\ndefine maybe zones which share most attributes without\nduplicating everything. This mechanism replaces nsd's patterns\nin a save and functional way.\n", "loc": ["services", "nsd", "zones", "<name>", "children"], "readOnly": false, "type": "attribute set of anything"}, "services.nsd.zones.<name>.data": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The actual zone data. This is the content of your zone file.\nUse imports or pkgs.lib.readFile if you don't want this data in your config file.\n", "loc": ["services", "nsd", "zones", "<name>", "data"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nsd.zones.<name>.dnssec": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DNSSEC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nsd", "zones", "<name>", "dnssec"], "readOnly": false, "type": "boolean"}, "services.nsd.zones.<name>.dnssecPolicy.algorithm": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"RSASHA256\""}, "description": "Which algorithm to use for DNSSEC", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "algorithm"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.coverage": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"1y\""}, "description": "The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.\n", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "coverage"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.keyttl": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "\"1h\""}, "description": "TTL for dnssec records", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "keyttl"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.ksk": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "{\n  keySize = 4096;\n  postPublish = \"1mo\";\n  prePublish = \"1mo\";\n  rollPeriod = \"0\";\n}"}, "description": "Key policy for key signing keys", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "ksk"], "readOnly": false, "type": "submodule"}, "services.nsd.zones.<name>.dnssecPolicy.ksk.keySize": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "Key size in bits", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "ksk", "keySize"], "readOnly": false, "type": "signed integer"}, "services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "How long after deactivation to keep a key in the zone", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "ksk", "postPublish"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "How long in advance to publish new keys", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "ksk", "prePublish"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "How frequently to change keys", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "ksk", "rollPeriod"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.zsk": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "{\n  keySize = 2048;\n  postPublish = \"1w\";\n  prePublish = \"1w\";\n  rollPeriod = \"1mo\";\n}"}, "description": "Key policy for zone signing keys", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "zsk"], "readOnly": false, "type": "submodule"}, "services.nsd.zones.<name>.dnssecPolicy.zsk.keySize": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "Key size in bits", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "zsk", "keySize"], "readOnly": false, "type": "signed integer"}, "services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "How long after deactivation to keep a key in the zone", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "zsk", "postPublish"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "How long in advance to publish new keys", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "zsk", "prePublish"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "description": "How frequently to change keys", "loc": ["services", "nsd", "zones", "<name>", "dnssecPolicy", "zsk", "rollPeriod"], "readOnly": false, "type": "string"}, "services.nsd.zones.<name>.maxRefreshSecs": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Limit refresh time for secondary zones. This is the timer which\nchecks to see if the zone has to be refetched when it expires.\nNormally the value from the SOA record is used, but this  option\nrestricts that value.\n", "loc": ["services", "nsd", "zones", "<name>", "maxRefreshSecs"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.zones.<name>.maxRetrySecs": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Limit retry time for secondary zones. This is the timeout after\na failed fetch attempt for the zone. Normally the value from\nthe SOA record is used, but this option restricts that value.\n", "loc": ["services", "nsd", "zones", "<name>", "maxRetrySecs"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.zones.<name>.minRefreshSecs": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Limit refresh time for secondary zones.\n", "loc": ["services", "nsd", "zones", "<name>", "minRefreshSecs"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.zones.<name>.minRetrySecs": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Limit retry time for secondary zones.\n", "loc": ["services", "nsd", "zones", "<name>", "minRetrySecs"], "readOnly": false, "type": "null or signed integer"}, "services.nsd.zones.<name>.multiMasterCheck": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, checks all masters for the last zone version.\nIt uses the higher version from all configured masters.\nUseful if you have multiple masters that have different version numbers served.\n", "loc": ["services", "nsd", "zones", "<name>", "multiMasterCheck"], "readOnly": false, "type": "boolean"}, "services.nsd.zones.<name>.notify": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This primary server will notify all given secondary servers about\nzone changes.\n\nFormat: `<ip> <key-name | NOKEY>`\n\n`<ip>` a plain IPv4/IPv6 address with on optional port number (ip@port)\n\n`<key-name | NOKEY>`\n- `<key-name>` sign notifies with the specified key\n- `NOKEY` don't sign notifies\n", "example": {"_type": "literalExpression", "text": "[\n  \"10.0.0.1@3721 my_key\"\n  \"::5 NOKEY\"\n]"}, "loc": ["services", "nsd", "zones", "<name>", "notify"], "readOnly": false, "type": "list of string"}, "services.nsd.zones.<name>.notifyRetry": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Specifies the number of retries for failed notifies. Set this along with notify.\n", "loc": ["services", "nsd", "zones", "<name>", "notifyRetry"], "readOnly": false, "type": "signed integer"}, "services.nsd.zones.<name>.outgoingInterface": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This address will be used for zone-transfer requests if configured\nas a secondary server or notifications in case of a primary server.\nSupply either a plain IPv4 or IPv6 address with an optional port\nnumber (ip@port).\n", "example": {"_type": "literalExpression", "text": "\"2000::1@1234\""}, "loc": ["services", "nsd", "zones", "<name>", "outgoingInterface"], "readOnly": false, "type": "null or string"}, "services.nsd.zones.<name>.provideXFR": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED\naddress range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.0.2.0/24 NOKEY\"\n  \"192.0.2.0/24 my_tsig_key_name\"\n]"}, "loc": ["services", "nsd", "zones", "<name>", "provideXFR"], "readOnly": false, "type": "list of string"}, "services.nsd.zones.<name>.requestXFR": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Format: `[AXFR|UDP] <ip-address> <key-name | NOKEY>`\n", "loc": ["services", "nsd", "zones", "<name>", "requestXFR"], "readOnly": false, "type": "list of string"}, "services.nsd.zones.<name>.rrlWhitelist": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Whitelists the given rrl-types.\n", "loc": ["services", "nsd", "zones", "<name>", "rrlWhitelist"], "readOnly": false, "type": "list of (one of \"nxdomain\", \"error\", \"referral\", \"any\", \"rrsig\", \"wildcard\", \"nodata\", \"dnskey\", \"positive\", \"all\")"}, "services.nsd.zones.<name>.zoneStats": {"declarations": ["nixos/modules/services/networking/nsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When set to something distinct to null NSD is able to collect\nstatistics per zone. All statistics of this zone(s) will be added\nto the group specified by this given name. Use \"%s\" to use the zones\nname as the group. The groups are output from nsd-control stats\nand stats_noreset.\n", "example": {"_type": "literalExpression", "text": "\"%s\""}, "loc": ["services", "nsd", "zones", "<name>", "zoneStats"], "readOnly": false, "type": "null or string"}, "services.ntfy-sh.enable": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [ntfy-sh](https://ntfy.sh), a push notification service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ntfy-sh", "enable"], "readOnly": false, "type": "boolean"}, "services.ntfy-sh.environmentFile": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing extra ntfy environment variables in the systemd `EnvironmentFile`\nformat. Refer to the [documentation](https://docs.ntfy.sh/config/) for config options.\n\nThis can be used to pass secrets such as creating declarative users or token without putting them in the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/ntfy\""}, "loc": ["services", "ntfy-sh", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.ntfy-sh.group": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "default": {"_type": "literalExpression", "text": "\"ntfy-sh\""}, "description": "Primary group of ntfy-sh user.", "loc": ["services", "ntfy-sh", "group"], "readOnly": false, "type": "string"}, "services.ntfy-sh.package": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ntfy-sh"}, "description": "The ntfy-sh package to use.", "loc": ["services", "ntfy-sh", "package"], "readOnly": false, "type": "package"}, "services.ntfy-sh.settings": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ntfy.sh, supported values are [here](https://ntfy.sh/docs/config/#config-options).\n", "example": {"_type": "literalExpression", "text": "{\n  listen-http = \":8080\";\n}\n"}, "loc": ["services", "ntfy-sh", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.ntfy-sh.settings.base-url": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "description": "Public facing base URL of the service\n\nThis setting is required for any of the following features:\n- attachments (to return a download URL)\n- e-mail sending (for the topic URL in the email footer)\n- iOS push notifications for self-hosted servers\n  (to calculate the Firebase poll_request topic)\n- Matrix Push Gateway (to validate that the pushkey is correct)\n", "example": {"_type": "literalExpression", "text": "\"https://ntfy.example\""}, "loc": ["services", "ntfy-sh", "settings", "base-url"], "readOnly": false, "type": "string"}, "services.ntfy-sh.user": {"declarations": ["nixos/modules/services/misc/ntfy-sh.nix"], "default": {"_type": "literalExpression", "text": "\"ntfy-sh\""}, "description": "User the ntfy-sh server runs under.", "loc": ["services", "ntfy-sh", "user"], "readOnly": false, "type": "string"}, "services.ntopng.configText": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Overridable configuration file contents to use for ntopng. By\ndefault, use the contents automatically generated by NixOS.\n", "example": {"_type": "literalExpression", "text": "''\n  --interface=any\n  --http-port=3000\n  --disable-login\n''"}, "loc": ["services", "ntopng", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ntopng.enable": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable ntopng, a high-speed web-based traffic analysis and flow\ncollection tool.\n\nWith the default configuration, ntopng monitors all network\ninterfaces and displays its findings at http://localhost:${toString\nconfig.services.ntopng.http-port}. Default username and password is admin/admin.\n\nSee the {manpage}`ntopng(8)` manual page and http://www.ntop.org/products/ntop/\nfor more info.\n\nNote that enabling ntopng will also enable redis (key-value\ndatabase server) for persistent data storage.\n", "loc": ["services", "ntopng", "enable"], "readOnly": false, "type": "boolean"}, "services.ntopng.extraConfig": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration lines that will be appended to the generated ntopng\nconfiguration file. Note that this mechanism does not work when the\nmanual {option}`configText` option is used.\n", "loc": ["services", "ntopng", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ntopng.httpPort": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Sets the HTTP port of the embedded web server.\n", "loc": ["services", "ntopng", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ntopng.interfaces": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"any\"\n]"}, "description": "List of interfaces to monitor. Use \"any\" to monitor all interfaces.\n", "example": {"_type": "literalExpression", "text": "[\n  \"eth0\"\n  \"wlan0\"\n]"}, "loc": ["services", "ntopng", "interfaces"], "readOnly": false, "type": "list of string"}, "services.ntopng.redis.address": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "description": "Redis address - may be a Unix socket or a network host and port.\n", "example": {"_type": "literalExpression", "text": "config.services.redis.ntopng.unixSocket"}, "loc": ["services", "ntopng", "redis", "address"], "readOnly": false, "type": "string"}, "services.ntopng.redis.createInstance": {"declarations": ["nixos/modules/services/networking/ntopng.nix"], "default": {"_type": "literalExpression", "text": "\"ntopng\""}, "description": "Local Redis instance name. Set to `null` to disable\nlocal Redis instance. Defaults to `\"\"` for\n`system.stateVersion` older than 22.05.\n", "loc": ["services", "ntopng", "redis", "createInstance"], "readOnly": false, "type": "null or string"}, "services.ntp.enable": {"declarations": ["nixos/modules/services/networking/ntp/ntpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to synchronise your machine's time using ntpd, as a peer in\nthe NTP network.\n\nDisables `systemd.timesyncd` if enabled.\n", "loc": ["services", "ntp", "enable"], "readOnly": false, "type": "boolean"}, "services.ntp.extraConfig": {"declarations": ["nixos/modules/services/networking/ntp/ntpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional text appended to {file}`ntp.conf`.\n", "example": {"_type": "literalExpression", "text": "''\n  fudge 127.127.1.0 stratum 10\n''"}, "loc": ["services", "ntp", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ntp.extraFlags": {"declarations": ["nixos/modules/services/networking/ntp/ntpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the ntpd command.", "example": {"_type": "literalExpression", "text": "[ \"--interface=eth0\" ]"}, "loc": ["services", "ntp", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.ntp.restrictDefault": {"declarations": ["nixos/modules/services/networking/ntp/ntpd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"limited\"\n  \"kod\"\n  \"nomodify\"\n  \"notrap\"\n  \"noquery\"\n  \"nopeer\"\n]"}, "description": "The restriction flags to be set by default.\n\nThe default flags prevent external hosts from using ntpd as a DDoS\nreflector, setting system time, and querying OS/ntpd version. As\nrecommended in section 6.5.1.1.3, answer \"No\" of\nhttps://support.ntp.org/Support/AccessRestrictions\n", "loc": ["services", "ntp", "restrictDefault"], "readOnly": false, "type": "list of string"}, "services.ntp.restrictSource": {"declarations": ["nixos/modules/services/networking/ntp/ntpd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"limited\"\n  \"kod\"\n  \"nomodify\"\n  \"notrap\"\n  \"noquery\"\n]"}, "description": "The restriction flags to be set on source.\n\nThe default flags allow peers to be added by ntpd from configured\npool(s), but not by other means.\n", "loc": ["services", "ntp", "restrictSource"], "readOnly": false, "type": "list of string"}, "services.ntp.servers": {"declarations": ["nixos/modules/services/networking/ntp/ntpd.nix"], "default": {"_type": "literalExpression", "text": "config.networking.timeServers"}, "description": "The set of NTP servers from which to synchronise.\n", "loc": ["services", "ntp", "servers"], "readOnly": false, "type": "list of string"}, "services.ntpd-rs.enable": {"declarations": ["nixos/modules/services/networking/ntp/ntpd-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Network Time Service (ntpd-rs).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ntpd-rs", "enable"], "readOnly": false, "type": "boolean"}, "services.ntpd-rs.metrics.enable": {"declarations": ["nixos/modules/services/networking/ntp/ntpd-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ntpd-rs Prometheus Metrics Exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ntpd-rs", "metrics", "enable"], "readOnly": false, "type": "boolean"}, "services.ntpd-rs.package": {"declarations": ["nixos/modules/services/networking/ntp/ntpd-rs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ntpd-rs"}, "description": "The ntpd-rs package to use.", "loc": ["services", "ntpd-rs", "package"], "readOnly": false, "type": "package"}, "services.ntpd-rs.settings": {"declarations": ["nixos/modules/services/networking/ntp/ntpd-rs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to write to {file}`ntp.toml`\n\nSee <https://docs.ntpd-rs.pendulum-project.org/man/ntp.toml.5>\nfor more information about available options.\n", "loc": ["services", "ntpd-rs", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.ntpd-rs.useNetworkingTimeServers": {"declarations": ["nixos/modules/services/networking/ntp/ntpd-rs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use source time servers from {var}`networking.timeServers` in config.\n", "loc": ["services", "ntpd-rs", "useNetworkingTimeServers"], "readOnly": false, "type": "boolean"}, "services.nullidentdmod.enable": {"declarations": ["nixos/modules/services/networking/nullidentdmod.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the nullidentdmod identd daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nullidentdmod", "enable"], "readOnly": false, "type": "boolean"}, "services.nullidentdmod.userid": {"declarations": ["nixos/modules/services/networking/nullidentdmod.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User ID to return. Set to null to return a random string each time.", "example": {"_type": "literalExpression", "text": "\"alice\""}, "loc": ["services", "nullidentdmod", "userid"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.adminaddr": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all recipients to users at either \"localhost\" (the literal string)\nor the canonical host name (from the me control attribute) are remapped to this address.\nThis is provided to allow local daemons to be able to send email to\n\"somebody@localhost\" and have it go somewhere sensible instead of being  bounced\nby your relay host. To send to multiple addresses,\nput them all on one line separated by a comma.\n", "loc": ["services", "nullmailer", "config", "adminaddr"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.allmailfrom": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, content will override the envelope sender on all messages.\n", "loc": ["services", "nullmailer", "config", "allmailfrom"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.defaultdomain": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of this attribute is appended to any host name that\ndoes not contain a period (except localhost), including defaulthost\nand idhost. Defaults to the value of the me attribute, if it exists,\notherwise the literal name defauldomain.\n", "loc": ["services", "nullmailer", "config", "defaultdomain"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.defaulthost": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of this attribute is appended to any address that\nis missing a host name. Defaults to the value of the me control\nattribute, if it exists, otherwise the literal name defaulthost.\n", "loc": ["services", "nullmailer", "config", "defaulthost"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.doublebounceto": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If the original sender was empty (the original message was a\ndelivery status or disposition notification), the double bounce\nis sent to the address in this attribute.\n", "loc": ["services", "nullmailer", "config", "doublebounceto"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.helohost": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets  the  environment variable $HELOHOST which is used by the\nSMTP protocol module to set the parameter given to the HELO command.\nDefaults to the value of the me configuration attribute.\n", "loc": ["services", "nullmailer", "config", "helohost"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.idhost": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of this attribute is used when building the message-id\nstring for the message. Defaults to the canonicalized value of defaulthost.\n", "loc": ["services", "nullmailer", "config", "idhost"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.maxpause": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum time to pause between successive queue runs, in seconds.\nDefaults to 24 hours (86400).\n", "loc": ["services", "nullmailer", "config", "maxpause"], "readOnly": false, "type": "null or string or signed integer"}, "services.nullmailer.config.me": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The fully-qualifiled host name of the computer running nullmailer.\nDefaults to the literal name me.\n", "loc": ["services", "nullmailer", "config", "me"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.pausetime": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The minimum time to pause between successive queue runs when there\nare messages in the queue, in seconds. Defaults to 1 minute (60).\nEach time this timeout is reached, the timeout is doubled to a\nmaximum of maxpause. After new messages are injected, the timeout\nis reset.  If this is set to 0, nullmailer-send will exit\nimmediately after going through the queue once (one-shot mode).\n", "loc": ["services", "nullmailer", "config", "pausetime"], "readOnly": false, "type": "null or string or signed integer"}, "services.nullmailer.config.remotes": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of remote servers to which to send each message. Each line\ncontains a remote host name or address followed by an optional\nprotocol string, separated by white space.\n\nSee `man 8 nullmailer-send` for syntax and available\noptions.\n\nWARNING: This is stored world-readable in the nix store. If you need\nto specify any secret credentials here, consider using the\n`remotesFile` option instead.\n", "loc": ["services", "nullmailer", "config", "remotes"], "readOnly": false, "type": "null or string"}, "services.nullmailer.config.sendtimeout": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The  time to wait for a remote module listed above to complete sending\na message before killing it and trying again, in seconds.\nDefaults to 1 hour (3600).  If this is set to 0, nullmailer-send\nwill wait forever for messages to complete sending.\n", "loc": ["services", "nullmailer", "config", "sendtimeout"], "readOnly": false, "type": "null or string or signed integer"}, "services.nullmailer.enable": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nullmailer daemon.", "loc": ["services", "nullmailer", "enable"], "readOnly": false, "type": "boolean"}, "services.nullmailer.group": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "\"nullmailer\""}, "description": "Group to use to run nullmailer-send.\n", "loc": ["services", "nullmailer", "group"], "readOnly": false, "type": "string"}, "services.nullmailer.remotesFile": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the `remotes` control file. This file contains a\nlist of remote servers to which to send each message.\n\nSee `man 8 nullmailer-send` for syntax and available\noptions.\n", "loc": ["services", "nullmailer", "remotesFile"], "readOnly": false, "type": "null or string"}, "services.nullmailer.setSendmail": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set the system sendmail to nullmailer's.", "loc": ["services", "nullmailer", "setSendmail"], "readOnly": false, "type": "boolean"}, "services.nullmailer.user": {"declarations": ["nixos/modules/services/mail/nullmailer.nix"], "default": {"_type": "literalExpression", "text": "\"nullmailer\""}, "description": "User to use to run nullmailer-send.\n", "loc": ["services", "nullmailer", "user"], "readOnly": false, "type": "string"}, "services.nvme-rs.enable": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nvme-rs, a monitoring service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nvme-rs", "enable"], "readOnly": false, "type": "boolean"}, "services.nvme-rs.package": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nvme-rs"}, "description": "The nvme-rs package to use.", "loc": ["services", "nvme-rs", "package"], "readOnly": false, "type": "package"}, "services.nvme-rs.settings": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for nvme-rs in TOML format.\nSee the config.toml example for all available options.\n", "loc": ["services", "nvme-rs", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.nvme-rs.settings.check_interval_secs": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "3600"}, "description": "Check interval in seconds", "example": {"_type": "literalExpression", "text": "86400"}, "loc": ["services", "nvme-rs", "settings", "check_interval_secs"], "readOnly": false, "type": "signed integer"}, "services.nvme-rs.settings.email": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Email notification configuration", "loc": ["services", "nvme-rs", "settings", "email"], "readOnly": false, "type": "null or (open submodule of (TOML value))"}, "services.nvme-rs.settings.email.from": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "description": "Sender email address", "example": {"_type": "literalExpression", "text": "\"nvme-monitor@example.com\""}, "loc": ["services", "nvme-rs", "settings", "email", "from"], "readOnly": false, "type": "string"}, "services.nvme-rs.settings.email.smtp_password_file": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "description": "File containing SMTP password", "example": {"_type": "literalExpression", "text": "\"/run/secrets/smtp-password\""}, "loc": ["services", "nvme-rs", "settings", "email", "smtp_password_file"], "readOnly": false, "type": "absolute path"}, "services.nvme-rs.settings.email.smtp_port": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "587"}, "description": "SMTP server port", "loc": ["services", "nvme-rs", "settings", "email", "smtp_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nvme-rs.settings.email.smtp_server": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "\"smtp.gmail.com\""}, "description": "SMTP server address", "example": {"_type": "literalExpression", "text": "\"mail.example.com\""}, "loc": ["services", "nvme-rs", "settings", "email", "smtp_server"], "readOnly": false, "type": "string"}, "services.nvme-rs.settings.email.smtp_username": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "description": "SMTP username", "example": {"_type": "literalExpression", "text": "\"your-email@gmail.com\""}, "loc": ["services", "nvme-rs", "settings", "email", "smtp_username"], "readOnly": false, "type": "string"}, "services.nvme-rs.settings.email.to": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "description": "Recipient email address", "example": {"_type": "literalExpression", "text": "\"admin@example.com\""}, "loc": ["services", "nvme-rs", "settings", "email", "to"], "readOnly": false, "type": "string"}, "services.nvme-rs.settings.email.use_tls": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use TLS for SMTP connection", "loc": ["services", "nvme-rs", "settings", "email", "use_tls"], "readOnly": false, "type": "boolean"}, "services.nvme-rs.settings.thresholds": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Threshold configuration for NVMe monitoring", "loc": ["services", "nvme-rs", "settings", "thresholds"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.nvme-rs.settings.thresholds.error_threshold": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Error count warning threshold", "loc": ["services", "nvme-rs", "settings", "thresholds", "error_threshold"], "readOnly": false, "type": "signed integer"}, "services.nvme-rs.settings.thresholds.spare_warning": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "50"}, "description": "Available spare warning threshold (%)", "loc": ["services", "nvme-rs", "settings", "thresholds", "spare_warning"], "readOnly": false, "type": "signed integer"}, "services.nvme-rs.settings.thresholds.temp_critical": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "65"}, "description": "Temperature critical threshold (\u00b0C)", "loc": ["services", "nvme-rs", "settings", "thresholds", "temp_critical"], "readOnly": false, "type": "signed integer"}, "services.nvme-rs.settings.thresholds.temp_warning": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "55"}, "description": "Temperature warning threshold (\u00b0C)", "loc": ["services", "nvme-rs", "settings", "thresholds", "temp_warning"], "readOnly": false, "type": "signed integer"}, "services.nvme-rs.settings.thresholds.wear_critical": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "50"}, "description": "Wear critical threshold (%)", "loc": ["services", "nvme-rs", "settings", "thresholds", "wear_critical"], "readOnly": false, "type": "signed integer"}, "services.nvme-rs.settings.thresholds.wear_warning": {"declarations": ["nixos/modules/services/system/nvme-rs.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Wear warning threshold (%)", "loc": ["services", "nvme-rs", "settings", "thresholds", "wear_warning"], "readOnly": false, "type": "signed integer"}, "services.nylon.<name>.acceptInterface": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "\"lo\""}, "description": "Tell nylon which interface to listen for client requests on, default is \"lo\".\n", "loc": ["services", "nylon", "<name>", "acceptInterface"], "readOnly": false, "type": "string"}, "services.nylon.<name>.allowedIPRanges": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"192.168.0.0/16\"\n  \"127.0.0.1/8\"\n  \"172.16.0.1/12\"\n  \"10.0.0.0/8\"\n]"}, "description": "Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:\n  [ \"192.168.0.0/16\" \"127.0.0.0/8\" \"172.16.0.0/12\" \"10.0.0.0/8\" ]\n", "loc": ["services", "nylon", "<name>", "allowedIPRanges"], "readOnly": false, "type": "list of string"}, "services.nylon.<name>.bindInterface": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "\"enp3s0f0\""}, "description": "Tell nylon which interface to use as an uplink, default is \"enp3s0f0\".\n", "loc": ["services", "nylon", "<name>", "bindInterface"], "readOnly": false, "type": "string"}, "services.nylon.<name>.deniedIPRanges": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0/0\"\n]"}, "description": "Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:\n  [ \"0.0.0.0/0\" ]\nTo block all other access than the allowed.\n", "loc": ["services", "nylon", "<name>", "deniedIPRanges"], "readOnly": false, "type": "list of string"}, "services.nylon.<name>.enable": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables nylon as a running service upon activation.\n", "loc": ["services", "nylon", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.nylon.<name>.logging": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable logging, default is no logging.\n", "loc": ["services", "nylon", "<name>", "logging"], "readOnly": false, "type": "boolean"}, "services.nylon.<name>.name": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The name of this nylon instance.", "loc": ["services", "nylon", "<name>", "name"], "readOnly": false, "type": "string"}, "services.nylon.<name>.nrConnections": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "The number of allowed simultaneous connections to the daemon, default 10.\n", "loc": ["services", "nylon", "<name>", "nrConnections"], "readOnly": false, "type": "signed integer"}, "services.nylon.<name>.port": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "1080"}, "description": "What port to listen for client requests, default is 1080.\n", "loc": ["services", "nylon", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.nylon.<name>.verbosity": {"declarations": ["nixos/modules/services/networking/nylon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable verbose output, default is to not be verbose.\n", "loc": ["services", "nylon", "<name>", "verbosity"], "readOnly": false, "type": "boolean"}, "services.nzbget.enable": {"declarations": ["nixos/modules/services/misc/nzbget.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NZBGet, for downloading files from news servers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nzbget", "enable"], "readOnly": false, "type": "boolean"}, "services.nzbget.group": {"declarations": ["nixos/modules/services/misc/nzbget.nix"], "default": {"_type": "literalExpression", "text": "\"nzbget\""}, "description": "Group under which NZBGet runs", "loc": ["services", "nzbget", "group"], "readOnly": false, "type": "string"}, "services.nzbget.package": {"declarations": ["nixos/modules/services/misc/nzbget.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nzbget"}, "description": "The nzbget package to use.", "loc": ["services", "nzbget", "package"], "readOnly": false, "type": "package"}, "services.nzbget.settings": {"declarations": ["nixos/modules/services/misc/nzbget.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "NZBGet configuration, passed via command line using switch -o. Refer to\n<https://github.com/nzbgetcom/nzbget/blob/develop/nzbget.conf>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  MainDir = \"/data\";\n}"}, "loc": ["services", "nzbget", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "services.nzbget.user": {"declarations": ["nixos/modules/services/misc/nzbget.nix"], "default": {"_type": "literalExpression", "text": "\"nzbget\""}, "description": "User account under which NZBGet runs", "loc": ["services", "nzbget", "user"], "readOnly": false, "type": "string"}, "services.nzbhydra2.dataDir": {"declarations": ["nixos/modules/services/misc/nzbhydra2.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/nzbhydra2\""}, "description": "The directory where NZBHydra2 stores its data files.", "loc": ["services", "nzbhydra2", "dataDir"], "readOnly": false, "type": "string"}, "services.nzbhydra2.enable": {"declarations": ["nixos/modules/services/misc/nzbhydra2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NZBHydra2, Usenet meta search.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nzbhydra2", "enable"], "readOnly": false, "type": "boolean"}, "services.nzbhydra2.openFirewall": {"declarations": ["nixos/modules/services/misc/nzbhydra2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the NZBHydra2 web interface.", "loc": ["services", "nzbhydra2", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.nzbhydra2.package": {"declarations": ["nixos/modules/services/misc/nzbhydra2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nzbhydra2"}, "description": "The nzbhydra2 package to use.", "loc": ["services", "nzbhydra2", "package"], "readOnly": false, "type": "package"}, "services.oauth2-proxy.approvalPrompt": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"force\""}, "description": "OAuth approval_prompt.\n", "loc": ["services", "oauth2-proxy", "approvalPrompt"], "readOnly": false, "type": "one of \"force\", \"auto\""}, "services.oauth2-proxy.azure.resource": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "description": "The resource that is protected.\n", "loc": ["services", "oauth2-proxy", "azure", "resource"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.azure.tenant": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Go to a tenant-specific or common (tenant-independent) endpoint.\n", "loc": ["services", "oauth2-proxy", "azure", "tenant"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.basicAuthPassword": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password to set when passing the HTTP Basic Auth header.\n", "loc": ["services", "oauth2-proxy", "basicAuthPassword"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.clientID": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The OAuth Client ID.\n", "example": {"_type": "literalExpression", "text": "\"123456.apps.googleusercontent.com\""}, "loc": ["services", "oauth2-proxy", "clientID"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.clientSecretFile": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the OAuth Client Secret.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/oauth2-client-secret\""}, "loc": ["services", "oauth2-proxy", "clientSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.oauth2-proxy.cookie.domain": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional cookie domains to force cookies to (ie: `.yourcompany.com`).\nThe longest domain matching the request's host will be used (or the shortest\ncookie domain if there is no match).\n", "example": {"_type": "literalExpression", "text": "\".yourcompany.com\""}, "loc": ["services", "oauth2-proxy", "cookie", "domain"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.cookie.expire": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"168h0m0s\""}, "description": "Expire timeframe for cookie.\n", "loc": ["services", "oauth2-proxy", "cookie", "expire"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.cookie.httpOnly": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set HttpOnly cookie flag.\n", "loc": ["services", "oauth2-proxy", "cookie", "httpOnly"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.cookie.name": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"_oauth2_proxy\""}, "description": "The name of the cookie that the oauth_proxy creates.\n", "loc": ["services", "oauth2-proxy", "cookie", "name"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.cookie.refresh": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh the cookie after this duration; 0 to disable.\n", "example": {"_type": "literalExpression", "text": "\"168h0m0s\""}, "loc": ["services", "oauth2-proxy", "cookie", "refresh"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.cookie.secretFile": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the seed string for secure cookies.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/oauth2-cookie-secret\""}, "loc": ["services", "oauth2-proxy", "cookie", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.oauth2-proxy.cookie.secure": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set secure (HTTPS) cookie flag.\n", "loc": ["services", "oauth2-proxy", "cookie", "secure"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.customTemplatesDir": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to custom HTML templates.\n", "loc": ["services", "oauth2-proxy", "customTemplatesDir"], "readOnly": false, "type": "null or absolute path"}, "services.oauth2-proxy.email.addresses": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Line-separated email addresses that are allowed to authenticate.\n", "loc": ["services", "oauth2-proxy", "email", "addresses"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.oauth2-proxy.email.domains": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Authenticate emails with the specified domains. Use\n`*` to authenticate any email.\n", "loc": ["services", "oauth2-proxy", "email", "domains"], "readOnly": false, "type": "list of string"}, "services.oauth2-proxy.enable": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oauth2-proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "oauth2-proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.extraConfig": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra config to pass to oauth2-proxy.\n", "loc": ["services", "oauth2-proxy", "extraConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.oauth2-proxy.github.org": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Restrict logins to members of this organisation.\n", "loc": ["services", "oauth2-proxy", "github", "org"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.github.team": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Restrict logins to members of this team.\n", "loc": ["services", "oauth2-proxy", "github", "team"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.google.adminEmail": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "description": "The Google Admin to impersonate for API calls.\n\nOnly users with access to the Admin APIs can access the Admin SDK\nDirectory API, thus the service account needs to impersonate one of\nthose users to access the Admin SDK Directory API.\n\nSee <https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account>.\n", "loc": ["services", "oauth2-proxy", "google", "adminEmail"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.google.groups": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Restrict logins to members of these Google groups.\n", "loc": ["services", "oauth2-proxy", "google", "groups"], "readOnly": false, "type": "list of string"}, "services.oauth2-proxy.google.serviceAccountJSON": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "description": "The path to the service account JSON credentials.\n", "loc": ["services", "oauth2-proxy", "google", "serviceAccountJSON"], "readOnly": false, "type": "absolute path"}, "services.oauth2-proxy.htpasswd.displayForm": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Display username / password login form if an htpasswd file is provided.\n", "loc": ["services", "oauth2-proxy", "htpasswd", "displayForm"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.htpasswd.file": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Additionally authenticate against a htpasswd file. Entries must be\ncreated with `htpasswd -s` for SHA encryption.\n", "loc": ["services", "oauth2-proxy", "htpasswd", "file"], "readOnly": false, "type": "null or absolute path"}, "services.oauth2-proxy.httpAddress": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:4180\""}, "description": "HTTPS listening address.  This module does not expose the port by\ndefault. If you want this URL to be accessible to other machines, please\nadd the port to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "oauth2-proxy", "httpAddress"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.keyFile": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "oauth2-proxy allows passing sensitive configuration via environment variables.\nMake a file that contains lines like\nOAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com\nand specify the path here.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/oauth2-proxy\""}, "loc": ["services", "oauth2-proxy", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.oauth2-proxy.loginURL": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication endpoint.\n\nYou only need to set this if you are using a self-hosted provider (e.g.\nGithub Enterprise). If you're using a publicly hosted provider\n(e.g github.com), then the default works.\n", "example": {"_type": "literalExpression", "text": "\"https://provider.example.com/oauth/authorize\""}, "loc": ["services", "oauth2-proxy", "loginURL"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.nginx.domain": {"declarations": ["nixos/modules/services/security/oauth2-proxy-nginx.nix"], "description": "The domain under which the oauth2-proxy will be accesible and the path of cookies are set to.\nThis setting must be set to ensure back-redirects are working properly\nif oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain`\nor multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain.\n", "loc": ["services", "oauth2-proxy", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.nginx.proxy": {"declarations": ["nixos/modules/services/security/oauth2-proxy-nginx.nix"], "default": {"_type": "literalExpression", "text": "config.services.oauth2-proxy.httpAddress"}, "description": "The address of the reverse proxy endpoint for oauth2-proxy\n", "loc": ["services", "oauth2-proxy", "nginx", "proxy"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.nginx.virtualHosts": {"declarations": ["nixos/modules/services/security/oauth2-proxy-nginx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Nginx virtual hosts to put behind the oauth2 proxy.\nYou can exclude specific locations by setting `auth_request off;` in the locations extraConfig setting.\n", "example": {"_type": "literalExpression", "text": "{\n  \"protected.foo.com\" = {\n    allowed_emails = [\n      \"boss@foo.com\"\n    ];\n    allowed_groups = [\n      \"admins\"\n    ];\n  };\n}"}, "loc": ["services", "oauth2-proxy", "nginx", "virtualHosts"], "readOnly": false, "type": "(attribute set of (submodule)) or (list of string) convertible to it"}, "services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_email_domains": {"declarations": ["nixos/modules/services/security/oauth2-proxy-nginx.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of email domains to allow access to this vhost, or null to allow all.", "loc": ["services", "oauth2-proxy", "nginx", "virtualHosts", "<name>", "allowed_email_domains"], "readOnly": false, "type": "null or (list of string)"}, "services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails": {"declarations": ["nixos/modules/services/security/oauth2-proxy-nginx.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of emails to allow access to this vhost, or null to allow all.", "loc": ["services", "oauth2-proxy", "nginx", "virtualHosts", "<name>", "allowed_emails"], "readOnly": false, "type": "null or (list of string)"}, "services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups": {"declarations": ["nixos/modules/services/security/oauth2-proxy-nginx.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of groups to allow access to this vhost, or null to allow all.", "loc": ["services", "oauth2-proxy", "nginx", "virtualHosts", "<name>", "allowed_groups"], "readOnly": false, "type": "null or (list of string)"}, "services.oauth2-proxy.oidcIssuerUrl": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The OAuth issuer URL.\n", "example": {"_type": "literalExpression", "text": "\"https://login.microsoftonline.com/{TENANT_ID}/v2.0\""}, "loc": ["services", "oauth2-proxy", "oidcIssuerUrl"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.package": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oauth2-proxy"}, "description": "The oauth2-proxy package to use.", "loc": ["services", "oauth2-proxy", "package"], "readOnly": false, "type": "package"}, "services.oauth2-proxy.passAccessToken": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Pass OAuth access_token to upstream via X-Forwarded-Access-Token header.\n", "loc": ["services", "oauth2-proxy", "passAccessToken"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.passBasicAuth": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.\n", "loc": ["services", "oauth2-proxy", "passBasicAuth"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.passHostHeader": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Pass the request Host Header to upstream.\n", "loc": ["services", "oauth2-proxy", "passHostHeader"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.profileURL": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Profile access endpoint.\n", "loc": ["services", "oauth2-proxy", "profileURL"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.provider": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"google\""}, "description": "OAuth provider.\n", "loc": ["services", "oauth2-proxy", "provider"], "readOnly": false, "type": "one of \"adfs\", \"azure\", \"bitbucket\", \"digitalocean\", \"facebook\", \"github\", \"gitlab\", \"google\", \"keycloak\", \"keycloak-oidc\", \"linkedin\", \"login.gov\", \"nextcloud\", \"oidc\""}, "services.oauth2-proxy.proxyPrefix": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"/oauth2\""}, "description": "The url root path that this proxy should be nested under.\n", "loc": ["services", "oauth2-proxy", "proxyPrefix"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.redeemURL": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Token redemption endpoint.\n\nYou only need to set this if you are using a self-hosted provider (e.g.\nGithub Enterprise). If you're using a publicly hosted provider\n(e.g github.com), then the default works.\n", "example": {"_type": "literalExpression", "text": "\"https://provider.example.com/oauth/token\""}, "loc": ["services", "oauth2-proxy", "redeemURL"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.redirectURL": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The OAuth2 redirect URL.\n", "example": {"_type": "literalExpression", "text": "\"https://internalapp.yourcompany.com/oauth2/callback\""}, "loc": ["services", "oauth2-proxy", "redirectURL"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.requestLogging": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Log requests to stdout.\n", "loc": ["services", "oauth2-proxy", "requestLogging"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.reverseProxy": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "In case when running behind a reverse proxy, controls whether headers\nlike `X-Real-Ip` are accepted. Usage behind a reverse\nproxy will require this flag to be set to avoid logging the reverse\nproxy IP address.\n", "loc": ["services", "oauth2-proxy", "reverseProxy"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.scope": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth scope specification.\n", "loc": ["services", "oauth2-proxy", "scope"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.setXauthrequest": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode). Setting this to 'null' means using the upstream default (false).\n", "loc": ["services", "oauth2-proxy", "setXauthrequest"], "readOnly": false, "type": "null or boolean"}, "services.oauth2-proxy.signatureKey": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "GAP-Signature request signature key.\n", "example": {"_type": "literalExpression", "text": "\"sha1:secret0\""}, "loc": ["services", "oauth2-proxy", "signatureKey"], "readOnly": false, "type": "null or string"}, "services.oauth2-proxy.skipAuthRegexes": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Skip authentication for requests matching any of these regular\nexpressions.\n", "loc": ["services", "oauth2-proxy", "skipAuthRegexes"], "readOnly": false, "type": "list of string"}, "services.oauth2-proxy.tls.certificate": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "description": "Path to certificate file.\n", "loc": ["services", "oauth2-proxy", "tls", "certificate"], "readOnly": false, "type": "absolute path"}, "services.oauth2-proxy.tls.enable": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to serve over TLS.\n", "loc": ["services", "oauth2-proxy", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.oauth2-proxy.tls.httpsAddress": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "\":443\""}, "description": "`addr:port` to listen on for HTTPS clients.\n\nRemember to add `port` to\n`allowedTCPPorts` if you want other machines to be\nable to connect to it.\n", "loc": ["services", "oauth2-proxy", "tls", "httpsAddress"], "readOnly": false, "type": "string"}, "services.oauth2-proxy.tls.key": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "description": "Path to private key file.\n", "loc": ["services", "oauth2-proxy", "tls", "key"], "readOnly": false, "type": "absolute path"}, "services.oauth2-proxy.upstream": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The http url(s) of the upstream endpoint or `file://`\npaths for static files. Routing is based on the path.\n", "loc": ["services", "oauth2-proxy", "upstream"], "readOnly": false, "type": "(list of string) or string convertible to it"}, "services.oauth2-proxy.validateURL": {"declarations": ["nixos/modules/services/security/oauth2-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Access token validation endpoint.\n\nYou only need to set this if you are using a self-hosted provider (e.g.\nGithub Enterprise). If you're using a publicly hosted provider\n(e.g github.com), then the default works.\n", "example": {"_type": "literalExpression", "text": "\"https://provider.example.com/user/emails\""}, "loc": ["services", "oauth2-proxy", "validateURL"], "readOnly": false, "type": "null or string"}, "services.ocis.address": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Web interface address.", "loc": ["services", "ocis", "address"], "readOnly": false, "type": "string"}, "services.ocis.configDir": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to directory containing oCIS config file.\n\nExample config can be generated by `ocis init --config-path fileName --admin-password \"adminPass\"`.\nAdd `--insecure true` if SSL certificates are generated and managed externally (e.g. using oCIS behind reverse proxy).\n\nNote: This directory must contain at least a {file}`ocis.yaml`. Ensure\n[user](#opt-services.ocis.user) has read/write access to it. In some\ncircumstances you may need to add additional oCIS configuration files (e.g.,\n{file}`proxy.yaml`) to this directory.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/ocis/config\""}, "loc": ["services", "ocis", "configDir"], "readOnly": false, "type": "null or absolute path"}, "services.ocis.enable": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ownCloud Infinite Scale.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ocis", "enable"], "readOnly": false, "type": "boolean"}, "services.ocis.environment": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra config options.\n\nSee [the documentation](https://doc.owncloud.com/ocis/next/deployment/services/services.html) for available options.\nSee [notes for environment variables](https://doc.owncloud.com/ocis/next/deployment/services/env-var-note.html) for more information.\n\nNote that all the attributes here will be copied to /nix/store/ and will be world readable. Options like *_PASSWORD or *_SECRET should be part of     [environmentFile](#opt-services.ocis.environmentFile) instead, and are only provided here for illustrative purpose.\n\nConfiguration here will override those from [environmentFile](#opt-services.ocis.environmentFile) and will have highest precedence, at the cost of security. Do NOT put security sensitive stuff here.\n", "example": {"_type": "literalExpression", "text": "{\n  CS3_ALLOW_INSECURE = \"true\";\n  GATEWAY_STORAGE_USERS_MOUNT_ID = \"123\";\n  GRAPH_APPLICATION_ID = \"1234\";\n  IDM_IDPSVC_PASSWORD = \"password\";\n  IDM_REVASVC_PASSWORD = \"password\";\n  IDM_SVC_PASSWORD = \"password\";\n  IDP_ISS = \"https://localhost:9200\";\n  IDP_TLS = \"false\";\n  OCIS_INSECURE = \"false\";\n  OCIS_INSECURE_BACKENDS = \"true\";\n  OCIS_JWT_SECRET = \"super_secret\";\n  OCIS_LDAP_BIND_PASSWORD = \"password\";\n  OCIS_LOG_LEVEL = \"error\";\n  OCIS_MACHINE_AUTH_API_KEY = \"foo\";\n  OCIS_MOUNT_ID = \"123\";\n  OCIS_SERVICE_ACCOUNT_ID = \"foo\";\n  OCIS_SERVICE_ACCOUNT_SECRET = \"foo\";\n  OCIS_STORAGE_USERS_MOUNT_ID = \"123\";\n  OCIS_SYSTEM_USER_API_KEY = \"foo\";\n  OCIS_SYSTEM_USER_ID = \"123\";\n  OCIS_TRANSFER_SECRET = \"foo\";\n  STORAGE_USERS_MOUNT_ID = \"123\";\n  TLS_INSECURE = \"true\";\n  TLS_SKIP_VERIFY_CLIENT_CERT = \"true\";\n  WEBDAV_ALLOW_INSECURE = \"true\";\n}"}, "loc": ["services", "ocis", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.ocis.environmentFile": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An environment file as defined in {manpage}`systemd.exec(5)`.\n\nConfiguration provided in this file will override those from [configDir](#opt-services.ocis.configDir)/ocis.yaml.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/ocis.env\""}, "loc": ["services", "ocis", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.ocis.group": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "\"ocis\""}, "description": "The group to run oCIS under.\nBy default, a group named `ocis` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourGroup\""}, "loc": ["services", "ocis", "group"], "readOnly": false, "type": "string"}, "services.ocis.package": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "description": "Which package to use for the ownCloud Infinite Scale instance.", "loc": ["services", "ocis", "package"], "readOnly": false, "relatedPackages": "- [`pkgs.ocis_5-bin`](\n    https://search.nixos.org/packages?show=ocis_5-bin&sort=relevance&query=ocis_5-bin\n  )\n", "type": "package"}, "services.ocis.port": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "9200"}, "description": "Web interface port.", "loc": ["services", "ocis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ocis.stateDir": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ocis\""}, "description": "ownCloud data directory.", "loc": ["services", "ocis", "stateDir"], "readOnly": false, "type": "string"}, "services.ocis.url": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "\"https://localhost:9200\""}, "description": "Web interface address.", "example": {"_type": "literalExpression", "text": "\"https://some-hostname-or-ip:9200\""}, "loc": ["services", "ocis", "url"], "readOnly": false, "type": "string"}, "services.ocis.user": {"declarations": ["nixos/modules/services/web-apps/ocis.nix"], "default": {"_type": "literalExpression", "text": "\"ocis\""}, "description": "The user to run oCIS as.\nBy default, a user named `ocis` will be created whose home\ndirectory is [stateDir](#opt-services.ocis.stateDir).\n", "example": {"_type": "literalExpression", "text": "\"yourUser\""}, "loc": ["services", "ocis", "user"], "readOnly": false, "type": "string"}, "services.ocserv.config": {"declarations": ["nixos/modules/services/networking/ocserv.nix"], "description": "Configuration content to start an OCServ server.\n\nFor a full configuration reference,please refer to the online documentation\n(https://ocserv.gitlab.io/www/manual.html), the openconnect\nrecipes (https://github.com/openconnect/recipes) or `man ocserv`.\n", "example": {"_type": "literalExpression", "text": "''\n  # configuration examples from $out/doc without explanatory comments.\n  # for a full reference please look at the installed man pages.\n  auth = \"plain[passwd=./sample.passwd]\"\n  tcp-port = 443\n  udp-port = 443\n  run-as-user = nobody\n  run-as-group = nogroup\n  socket-file = /run/ocserv-socket\n  server-cert = certs/server-cert.pem\n  server-key = certs/server-key.pem\n  keepalive = 32400\n  dpd = 90\n  mobile-dpd = 1800\n  switch-to-tcp-timeout = 25\n  try-mtu-discovery = false\n  cert-user-oid = 0.9.2342.19200300.100.1.1\n  tls-priorities = \"NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0\"\n  auth-timeout = 240\n  min-reauth-time = 300\n  max-ban-score = 80\n  ban-reset-time = 1200\n  cookie-timeout = 300\n  deny-roaming = false\n  rekey-time = 172800\n  rekey-method = ssl\n  use-occtl = true\n  pid-file = /run/ocserv.pid\n  device = vpns\n  predictable-ips = true\n  default-domain = example.com\n  ipv4-network = 192.168.1.0\n  ipv4-netmask = 255.255.255.0\n  dns = 192.168.1.2\n  ping-leases = false\n  route = 10.10.10.0/255.255.255.0\n  route = 192.168.0.0/255.255.0.0\n  no-route = 192.168.5.0/255.255.255.0\n  cisco-client-compat = true\n  dtls-legacy = true\n  \n  [vhost:www.example.com]\n  auth = \"certificate\"\n  ca-cert = certs/ca.pem\n  server-cert = certs/server-cert-secp521r1.pem\n  server-key = cersts/certs/server-key-secp521r1.pem\n  ipv4-network = 192.168.2.0\n  ipv4-netmask = 255.255.255.0\n  cert-user-oid = 0.9.2342.19200300.100.1.1\n''"}, "loc": ["services", "ocserv", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.ocserv.enable": {"declarations": ["nixos/modules/services/networking/ocserv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ocserv.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ocserv", "enable"], "readOnly": false, "type": "boolean"}, "services.ocsinventory-agent.enable": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OCS Inventory Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ocsinventory-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.ocsinventory-agent.interval": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "How often we run the ocsinventory-agent service. Runs by default every daily.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"06:00\""}, "loc": ["services", "ocsinventory-agent", "interval"], "readOnly": false, "type": "string"}, "services.ocsinventory-agent.package": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ocsinventory-agent"}, "description": "The ocsinventory-agent package to use.", "loc": ["services", "ocsinventory-agent", "package"], "readOnly": false, "type": "package"}, "services.ocsinventory-agent.settings": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg.\n\nRefer to\n{manpage}`ocsinventory-agent(1)` for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  debug = true;\n  server = \"https://ocsinventory.localhost:8080/ocsinventory\";\n  tag = \"01234567890123\";\n}"}, "loc": ["services", "ocsinventory-agent", "settings"], "readOnly": false, "type": "open submodule of (atom (null, bool, int, float or string))"}, "services.ocsinventory-agent.settings.ca": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "config.security.pki.caBundle"}, "description": "Path to CA certificates file in PEM format, for server\nSSL certificate validation.\n", "loc": ["services", "ocsinventory-agent", "settings", "ca"], "readOnly": false, "type": "absolute path"}, "services.ocsinventory-agent.settings.debug": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug mode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ocsinventory-agent", "settings", "debug"], "readOnly": false, "type": "boolean"}, "services.ocsinventory-agent.settings.local": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, the OCS Inventory Agent will run in offline mode\nand the resulting inventory file will be stored in the specified path.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/ocsinventory-agent/reports\""}, "loc": ["services", "ocsinventory-agent", "settings", "local"], "readOnly": false, "type": "null or absolute path"}, "services.ocsinventory-agent.settings.server": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URI of the OCS Inventory server where to send the inventory file.\n\nThis option is ignored if {option}`services.ocsinventory-agent.settings.local` is set.\n", "example": {"_type": "literalExpression", "text": "\"https://ocsinventory.localhost:8080/ocsinventory\""}, "loc": ["services", "ocsinventory-agent", "settings", "server"], "readOnly": false, "type": "null or string"}, "services.ocsinventory-agent.settings.tag": {"declarations": ["nixos/modules/services/monitoring/ocsinventory-agent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tag for the generated inventory.", "example": {"_type": "literalExpression", "text": "\"01234567890123\""}, "loc": ["services", "ocsinventory-agent", "settings", "tag"], "readOnly": false, "type": "null or string"}, "services.octoprint.enable": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OctoPrint, web interface for 3D printers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "octoprint", "enable"], "readOnly": false, "type": "boolean"}, "services.octoprint.extraConfig": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options which are added to OctoPrint's YAML configuration file.", "loc": ["services", "octoprint", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.octoprint.group": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "\"octoprint\""}, "description": "Group for the daemon.", "loc": ["services", "octoprint", "group"], "readOnly": false, "type": "string"}, "services.octoprint.host": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host to bind OctoPrint to.\n", "loc": ["services", "octoprint", "host"], "readOnly": false, "type": "null or string"}, "services.octoprint.openFirewall": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for OctoPrint.", "loc": ["services", "octoprint", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.octoprint.package": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "pkgs.octoprint"}, "description": "The octoprint package to use.", "loc": ["services", "octoprint", "package"], "readOnly": false, "type": "package"}, "services.octoprint.plugins": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "plugins: []"}, "description": "Additional plugins to be used. Available plugins are passed through the plugins input.", "example": {"_type": "literalExpression", "text": "plugins: with plugins; [ themeify stlviewer ]"}, "loc": ["services", "octoprint", "plugins"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.octoprint.port": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port to bind OctoPrint to.\n", "loc": ["services", "octoprint", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.octoprint.stateDir": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/octoprint\""}, "description": "State directory of the daemon.", "loc": ["services", "octoprint", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.octoprint.user": {"declarations": ["nixos/modules/services/misc/octoprint.nix"], "default": {"_type": "literalExpression", "text": "\"octoprint\""}, "description": "User for the daemon.", "loc": ["services", "octoprint", "user"], "readOnly": false, "type": "string"}, "services.odoo.addons": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Odoo addons.", "example": {"_type": "literalExpression", "text": "[ pkgs.odoo_enterprise ]"}, "loc": ["services", "odoo", "addons"], "readOnly": false, "type": "list of package"}, "services.odoo.autoInit": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatically initialize the DB.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "odoo", "autoInit"], "readOnly": false, "type": "boolean"}, "services.odoo.autoInitExtraFlags": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to odoo when run for the first time by autoInit", "example": {"_type": "literalExpression", "text": "[ \"--without-demo=all\" ]\n"}, "loc": ["services", "odoo", "autoInitExtraFlags"], "readOnly": false, "type": "list of string"}, "services.odoo.domain": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Domain to host Odoo with nginx", "loc": ["services", "odoo", "domain"], "readOnly": false, "type": "null or string"}, "services.odoo.enable": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable odoo, an open source ERP and CRM system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "odoo", "enable"], "readOnly": false, "type": "boolean"}, "services.odoo.package": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.odoo"}, "description": "The odoo package to use.", "loc": ["services", "odoo", "package"], "readOnly": false, "type": "package"}, "services.odoo.settings": {"declarations": ["nixos/modules/services/finance/odoo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Odoo configuration settings. For more details see <https://www.odoo.com/documentation/15.0/administration/install/deploy.html>\n", "example": {"_type": "literalExpression", "text": "options = {\n  db_user = \"odoo\";\n  db_password=\"odoo\";\n};\n"}, "loc": ["services", "odoo", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.offlineimap.enable": {"declarations": ["nixos/modules/services/mail/offlineimap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "offlineimap", "enable"], "readOnly": false, "type": "boolean"}, "services.offlineimap.install": {"declarations": ["nixos/modules/services/mail/offlineimap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install a user service for Offlineimap. Once\nthe service is started, emails will be fetched automatically.\n\nThe service must be manually started for each user with\n\"systemctl --user start offlineimap\" or globally through\n{var}`services.offlineimap.enable`.\n", "loc": ["services", "offlineimap", "install"], "readOnly": false, "type": "boolean"}, "services.offlineimap.onCalendar": {"declarations": ["nixos/modules/services/mail/offlineimap.nix"], "default": {"_type": "literalExpression", "text": "\"*:0/3\""}, "description": "How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See {manpage}`systemd.time(7)` for more information about the format.", "loc": ["services", "offlineimap", "onCalendar"], "readOnly": false, "type": "string"}, "services.offlineimap.package": {"declarations": ["nixos/modules/services/mail/offlineimap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.offlineimap"}, "description": "The offlineimap package to use.", "loc": ["services", "offlineimap", "package"], "readOnly": false, "type": "package"}, "services.offlineimap.path": {"declarations": ["nixos/modules/services/mail/offlineimap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of derivations to put in Offlineimap's path.", "example": {"_type": "literalExpression", "text": "[ pkgs.pass pkgs.bash pkgs.notmuch ]"}, "loc": ["services", "offlineimap", "path"], "readOnly": false, "type": "list of absolute path"}, "services.offlineimap.timeoutStartSec": {"declarations": ["nixos/modules/services/mail/offlineimap.nix"], "default": {"_type": "literalExpression", "text": "\"120sec\""}, "description": "How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See {manpage}`systemd.time(7)` for more information about the format.", "loc": ["services", "offlineimap", "timeoutStartSec"], "readOnly": false, "type": "string"}, "services.ofono.enable": {"declarations": ["nixos/modules/services/networking/ofono.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ofono.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ofono", "enable"], "readOnly": false, "type": "boolean"}, "services.ofono.plugins": {"declarations": ["nixos/modules/services/networking/ofono.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of plugins to install.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.modem-manager-gui ]"}, "loc": ["services", "ofono", "plugins"], "readOnly": false, "type": "list of package"}, "services.oidentd.enable": {"declarations": ["nixos/modules/services/networking/oidentd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable \u2018oidentd\u2019, an implementation of the Ident\nprotocol (RFC 1413).  It allows remote systems to identify the\nname of the user associated with a TCP connection.\n", "loc": ["services", "oidentd", "enable"], "readOnly": false, "type": "boolean"}, "services.oink.apiKeyFile": {"declarations": ["nixos/modules/services/networking/oink.nix"], "description": "Path to a file containing the API key to use when modifying DNS records.", "example": {"_type": "literalExpression", "text": "\"/run/keys/oink-api-key\""}, "loc": ["services", "oink", "apiKeyFile"], "readOnly": false, "type": "absolute path"}, "services.oink.domains": {"declarations": ["nixos/modules/services/networking/oink.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of attribute sets containing configuration for each domain.\n\nEach attribute set must have two attributes, one named *domain*\nand another named *subdomain*. The domain attribute must specify\nthe root domain that you want to configure, and the subdomain\nattribute must specify its subdomain if any. If you want to\nconfigure the root domain rather than a subdomain, leave the\nsubdomain attribute as an empty string.\n\nAdditionally, you can use attributes from *services.oink.settings*\nto override settings per-domain.\n\nEvery domain listed here *must* have API access enabled in\nPorkbun's control panel.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    domain = \"nixos.org\";\n    subdomain = \"\";\n    ttl = 1200;\n  }\n  {\n    domain = \"nixos.org\";\n    subdomain = \"hydra\";\n  }\n]"}, "loc": ["services", "oink", "domains"], "readOnly": false, "type": "list of attribute set of anything"}, "services.oink.enable": {"declarations": ["nixos/modules/services/networking/oink.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Oink, a dynamic DNS client for Porkbun.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "oink", "enable"], "readOnly": false, "type": "boolean"}, "services.oink.package": {"declarations": ["nixos/modules/services/networking/oink.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oink"}, "description": "The oink package to use.", "loc": ["services", "oink", "package"], "readOnly": false, "type": "package"}, "services.oink.secretApiKeyFile": {"declarations": ["nixos/modules/services/networking/oink.nix"], "description": "Path to a file containing the secret API key to use when modifying DNS records.", "example": {"_type": "literalExpression", "text": "\"/run/keys/oink-secret-api-key\""}, "loc": ["services", "oink", "secretApiKeyFile"], "readOnly": false, "type": "absolute path"}, "services.oink.settings.interval": {"declarations": ["nixos/modules/services/networking/oink.nix"], "default": {"_type": "literalExpression", "text": "900"}, "description": "Seconds to wait before sending another request.", "loc": ["services", "oink", "settings", "interval"], "readOnly": false, "type": "integer between 60 and 172800 (both inclusive)"}, "services.oink.settings.ttl": {"declarations": ["nixos/modules/services/networking/oink.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "The TTL (\"Time to Live\") value to set for your DNS records.\n\nThe TTL controls how long in seconds your records will be cached\nfor. A smaller value will allow the record to update quicker.\n", "loc": ["services", "oink", "settings", "ttl"], "readOnly": false, "type": "integer between 600 and 172800 (both inclusive)"}, "services.olivetin.enable": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OliveTin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "olivetin", "enable"], "readOnly": false, "type": "boolean"}, "services.olivetin.extraConfigFiles": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Config files to merge into the settings defined in [](#opt-services.olivetin.settings).\nThis is useful to avoid putting secrets into the nix store.\nSee <https://docs.olivetin.app/config.html> for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/olivetin.yaml\"\n]"}, "loc": ["services", "olivetin", "extraConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "services.olivetin.group": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "\"olivetin\""}, "description": "The group under which OliveTin runs.", "loc": ["services", "olivetin", "group"], "readOnly": false, "type": "string"}, "services.olivetin.package": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.olivetin"}, "description": "The olivetin package to use.", "loc": ["services", "olivetin", "package"], "readOnly": false, "type": "package"}, "services.olivetin.path": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ bash ]\n"}, "description": "Packages added to the service's {env}`PATH`.\n", "loc": ["services", "olivetin", "path"], "readOnly": false, "type": "list of (package or string)"}, "services.olivetin.settings": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of OliveTin. See <https://docs.olivetin.app/config.html> for more information.\n", "loc": ["services", "olivetin", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.olivetin.settings.ListenAddressSingleHTTPFrontend": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "description": "The address to listen on for the internal \"microproxy\" frontend.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0:8000\""}, "loc": ["services", "olivetin", "settings", "ListenAddressSingleHTTPFrontend"], "readOnly": false, "type": "string"}, "services.olivetin.user": {"declarations": ["nixos/modules/services/web-apps/olivetin.nix"], "default": {"_type": "literalExpression", "text": "\"olivetin\""}, "description": "The user account under which OliveTin runs.", "loc": ["services", "olivetin", "user"], "readOnly": false, "type": "string"}, "services.ollama.enable": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ollama server for local large language models.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ollama", "enable"], "readOnly": false, "type": "boolean"}, "services.ollama.environmentVariables": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set arbitrary environment variables for the ollama service.\n\nBe aware that these are only seen by the ollama server (systemd service),\nnot normal invocations like `ollama run`.\nSince `ollama run` is mostly a shell around the ollama server, this is usually sufficient.\n", "example": {"_type": "literalExpression", "text": "{\n  HIP_VISIBLE_DEVICES = \"0,1\";\n  OLLAMA_LLM_LIBRARY = \"cpu\";\n}"}, "loc": ["services", "ollama", "environmentVariables"], "readOnly": false, "type": "attribute set of string"}, "services.ollama.group": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "config.services.ollama.user"}, "description": "Group under which to run ollama. Only used when `services.ollama.user` is set.\n\nThe group will automatically be created, if this option is set to a non-null value.\n", "example": {"_type": "literalExpression", "text": "\"ollama\""}, "loc": ["services", "ollama", "group"], "readOnly": false, "type": "null or string"}, "services.ollama.home": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ollama\""}, "description": "The home directory that the ollama service is started in.\n", "example": {"_type": "literalExpression", "text": "\"/home/foo\""}, "loc": ["services", "ollama", "home"], "readOnly": false, "type": "string"}, "services.ollama.host": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address which the ollama server HTTP interface listens to.\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "ollama", "host"], "readOnly": false, "type": "string"}, "services.ollama.loadModels": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Download these models using `ollama pull` as soon as `ollama.service` has started.\n\nThis creates a systemd unit `ollama-model-loader.service`.\nUse `services.ollama.syncModels` to automatically remove any models not currently declared here.\n\nSearch for models of your choice from: <https://ollama.com/library>\n", "example": {"_type": "literalExpression", "text": "[\n  \"dolphin3\"\n  \"gemma3\"\n  \"gemma3:27b\"\n  \"deepseek-r1:latest\"\n  \"deepseek-r1:1.5b\"\n]"}, "loc": ["services", "ollama", "loadModels"], "readOnly": false, "type": "list of string"}, "services.ollama.models": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "\"\\${config.services.ollama.home}/models\""}, "description": "The directory that the ollama service will read models from and download new models to.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/ollama/models\""}, "loc": ["services", "ollama", "models"], "readOnly": false, "type": "string"}, "services.ollama.openFirewall": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for ollama.\n\nThis adds `services.ollama.port` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "ollama", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.ollama.package": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ollama"}, "description": "The ollama package to use. Different packages use different hardware acceleration.\n\n- `ollama`: default behavior; usually equivalent to `ollama-cpu`\n  - if `nixpkgs.config.rocmSupport` is enabled, is equivalent to `ollama-rocm`\n  - if `nixpkgs.config.cudaSupport` is enabled, is equivalent to `ollama-cuda`\n  - otherwise defaults to `ollama-cpu`\n- `ollama-cpu`: disable GPU; only use CPU\n- `ollama-rocm`: supported by most modern AMD GPUs\n  - may require overriding gpu type with `services.ollama.rocmOverrideGfx`\n    if rocm doesn't detect your AMD gpu\n- `ollama-cuda`: supported by most modern NVIDIA GPUs\n- `ollama-vulkan`: supported by most GPUs\n", "example": {"_type": "literalExpression", "text": "pkgs.ollama-rocm"}, "loc": ["services", "ollama", "package"], "readOnly": false, "type": "package"}, "services.ollama.port": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "11434"}, "description": "Which port the ollama server listens to.\n", "example": {"_type": "literalExpression", "text": "11111"}, "loc": ["services", "ollama", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ollama.rocmOverrideGfx": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override what rocm will detect your gpu model as.\nFor example, if you have an RX 5700 XT, try setting this to `\"10.1.0\"` (gfx 1010).\n\nThis sets the value of `HSA_OVERRIDE_GFX_VERSION`. See [ollama's docs](\nhttps://github.com/ollama/ollama/blob/main/docs/gpu.md#amd-radeon\n) for details.\n", "example": {"_type": "literalExpression", "text": "\"10.3.0\""}, "loc": ["services", "ollama", "rocmOverrideGfx"], "readOnly": false, "type": "null or string"}, "services.ollama.syncModels": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Synchronize all currently installed models with those declared in `services.ollama.loadModels`,\nremoving any models that are installed but not currently declared there.\n", "loc": ["services", "ollama", "syncModels"], "readOnly": false, "type": "boolean"}, "services.ollama.user": {"declarations": ["nixos/modules/services/misc/ollama.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User account under which to run ollama. Defaults to [`DynamicUser`](https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser=)\nwhen set to `null`.\n\nThe user will automatically be created, if this option is set to a non-null value.\n", "example": {"_type": "literalExpression", "text": "\"ollama\""}, "loc": ["services", "ollama", "user"], "readOnly": false, "type": "null or string"}, "services.ombi.dataDir": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/ombi\""}, "description": "The directory where Ombi stores its data files.", "loc": ["services", "ombi", "dataDir"], "readOnly": false, "type": "string"}, "services.ombi.enable": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ombi, a web application that automatically gives your shared Plex or\nEmby users the ability to request content by themselves!\n\nOptionally see <https://docs.ombi.app/info/reverse-proxy>\non how to set up a reverse proxy\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ombi", "enable"], "readOnly": false, "type": "boolean"}, "services.ombi.group": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "\"ombi\""}, "description": "Group under which Ombi runs.", "loc": ["services", "ombi", "group"], "readOnly": false, "type": "string"}, "services.ombi.openFirewall": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Ombi web interface.", "loc": ["services", "ombi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.ombi.package": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ombi"}, "description": "The ombi package to use.", "loc": ["services", "ombi", "package"], "readOnly": false, "type": "package"}, "services.ombi.port": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "The port for the Ombi web interface.", "loc": ["services", "ombi", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ombi.user": {"declarations": ["nixos/modules/services/misc/ombi.nix"], "default": {"_type": "literalExpression", "text": "\"ombi\""}, "description": "User account under which Ombi runs.", "loc": ["services", "ombi", "user"], "readOnly": false, "type": "string"}, "services.omnom.dataDir": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/omnom\""}, "description": "The directory where Omnom stores its data files.", "loc": ["services", "omnom", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.omnom.enable": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Omnom, a webpage bookmarking and snapshotting service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "omnom", "enable"], "readOnly": false, "type": "boolean"}, "services.omnom.group": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"omnom\""}, "description": "The Omnom service group.", "loc": ["services", "omnom", "group"], "readOnly": false, "type": "non-empty string"}, "services.omnom.openFirewall": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall.", "loc": ["services", "omnom", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.omnom.package": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "pkgs.omnom"}, "description": "The omnom package to use.", "loc": ["services", "omnom", "package"], "readOnly": false, "type": "package"}, "services.omnom.passwordFile": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password for the SMTP user.", "loc": ["services", "omnom", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.omnom.port": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "7331"}, "description": "The Omnom service port.", "loc": ["services", "omnom", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.omnom.settings": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for the /etc/omnom/config.yml file.\n", "loc": ["services", "omnom", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.omnom.settings.activitypub.privkey": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.omnom.dataDir}/private.pem\"\n"}, "description": "ActivityPub private key. Will be generated, by default.", "loc": ["services", "omnom", "settings", "activitypub", "privkey"], "readOnly": false, "type": "absolute path"}, "services.omnom.settings.activitypub.pubkey": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.omnom.dataDir}/public.pem\"\n"}, "description": "ActivityPub public key. Will be generated, by default.", "loc": ["services", "omnom", "settings", "activitypub", "pubkey"], "readOnly": false, "type": "absolute path"}, "services.omnom.settings.app.debug": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug mode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "omnom", "settings", "app", "debug"], "readOnly": false, "type": "boolean"}, "services.omnom.settings.app.disable_signup": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable restricting user creation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "omnom", "settings", "app", "disable_signup"], "readOnly": false, "type": "boolean"}, "services.omnom.settings.app.results_per_page": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Number of results per page.", "loc": ["services", "omnom", "settings", "app", "results_per_page"], "readOnly": false, "type": "signed integer"}, "services.omnom.settings.db.connection": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.omnom.dataDir}/db.sqlite3\"\n"}, "description": "Database connection URI.", "loc": ["services", "omnom", "settings", "db", "connection"], "readOnly": false, "type": "string"}, "services.omnom.settings.db.type": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database type.", "loc": ["services", "omnom", "settings", "db", "type"], "readOnly": false, "type": "value \"sqlite\" (singular enum)"}, "services.omnom.settings.server.address": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:${config.services.omnom.port}\"\n"}, "description": "Server address.", "loc": ["services", "omnom", "settings", "server", "address"], "readOnly": false, "type": "string"}, "services.omnom.settings.server.secure_cookie": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to limit cookies to a secure channel.", "loc": ["services", "omnom", "settings", "server", "secure_cookie"], "readOnly": false, "type": "boolean"}, "services.omnom.settings.smtp.connection_timeout": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Connection timeout duration in seconds.", "loc": ["services", "omnom", "settings", "smtp", "connection_timeout"], "readOnly": false, "type": "signed integer"}, "services.omnom.settings.smtp.host": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "SMTP server hostname.", "loc": ["services", "omnom", "settings", "smtp", "host"], "readOnly": false, "type": "string"}, "services.omnom.settings.smtp.port": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "SMTP server port address.", "loc": ["services", "omnom", "settings", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.omnom.settings.smtp.send_timeout": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Send timeout duration in seconds.", "loc": ["services", "omnom", "settings", "smtp", "send_timeout"], "readOnly": false, "type": "signed integer"}, "services.omnom.settings.smtp.sender": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"Omnom <omnom@127.0.0.1>\""}, "description": "Omnom sender e-mail.", "loc": ["services", "omnom", "settings", "smtp", "sender"], "readOnly": false, "type": "string"}, "services.omnom.settings.smtp.tls": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether TLS encryption should be used..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "omnom", "settings", "smtp", "tls"], "readOnly": false, "type": "boolean"}, "services.omnom.settings.smtp.tls_allow_insecure": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether to allow insecure TLS..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "omnom", "settings", "smtp", "tls_allow_insecure"], "readOnly": false, "type": "boolean"}, "services.omnom.settings.storage.type": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"fs\""}, "description": "Storage type.", "loc": ["services", "omnom", "settings", "storage", "type"], "readOnly": false, "type": "string"}, "services.omnom.user": {"declarations": ["nixos/modules/services/misc/omnom.nix"], "default": {"_type": "literalExpression", "text": "\"omnom\""}, "description": "The Omnom service user.", "loc": ["services", "omnom", "user"], "readOnly": false, "type": "non-empty string"}, "services.oncall.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Create the database and database user locally..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "oncall", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.oncall.enable": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Oncall web app.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "oncall", "enable"], "readOnly": false, "type": "boolean"}, "services.oncall.package": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oncall"}, "description": "The oncall package to use.", "loc": ["services", "oncall", "package"], "readOnly": false, "type": "package"}, "services.oncall.secretFile": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "description": "A YAML file containing secrets such as database or user passwords.\nSome variables that can be considered secrets are:\n\n- db.conn.kwargs.password:\n  Password used to authenticate to the database.\n\n- session.encrypt_key:\n  Key for encrypting/signing session cookies.\n  Change to random long values in production.\n\n- session.sign_key:\n  Key for encrypting/signing session cookies.\n  Change to random long values in production.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/oncall-dbpassword\""}, "loc": ["services", "oncall", "secretFile"], "readOnly": false, "type": "absolute path not in the Nix store"}, "services.oncall.settings": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options to append or override.\nFor available and default option values see\n[upstream configuration file](https://github.com/linkedin/oncall/blob/master/configs/config.yaml)\nand the administration part in the\n[offical documentation](https://oncall.tools/docs/admin_guide.html).\n", "loc": ["services", "oncall", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.oncall.settings.db.conn.kwargs.database": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "\"oncall\""}, "description": "Database name.", "loc": ["services", "oncall", "settings", "db", "conn", "kwargs", "database"], "readOnly": false, "type": "string"}, "services.oncall.settings.db.conn.kwargs.host": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host.", "loc": ["services", "oncall", "settings", "db", "conn", "kwargs", "host"], "readOnly": false, "type": "string"}, "services.oncall.settings.db.conn.kwargs.user": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "\"oncall\""}, "description": "Database user.", "loc": ["services", "oncall", "settings", "db", "conn", "kwargs", "user"], "readOnly": false, "type": "string"}, "services.oncall.settings.db.conn.require_auth": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether authentication is required to access the web app.\n", "loc": ["services", "oncall", "settings", "db", "conn", "require_auth"], "readOnly": false, "type": "boolean"}, "services.oncall.settings.db.conn.str": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "\"%(scheme)s://%(user)s@%(host)s:%(port)s/%(database)s?charset=%(charset)s&unix_socket=/run/mysqld/mysqld.sock\""}, "description": "Database connection scheme. The default specifies the\nconnection through a local socket.\n", "loc": ["services", "oncall", "settings", "db", "conn", "str"], "readOnly": false, "type": "string"}, "services.oncall.settings.oncall_host": {"declarations": ["nixos/modules/services/web-apps/oncall.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "FQDN for the Oncall instance.", "loc": ["services", "oncall", "settings", "oncall_host"], "readOnly": false, "type": "string"}, "services.onedrive.enable": {"declarations": ["nixos/modules/services/networking/onedrive.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OneDrive service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "onedrive", "enable"], "readOnly": false, "type": "boolean"}, "services.onedrive.package": {"declarations": ["nixos/modules/services/networking/onedrive.nix"], "default": {"_type": "literalExpression", "text": "pkgs.onedrive"}, "description": "The onedrive package to use.", "loc": ["services", "onedrive", "package"], "readOnly": false, "type": "package"}, "services.onlyoffice.enable": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OnlyOffice DocumentServer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "onlyoffice", "enable"], "readOnly": false, "type": "boolean"}, "services.onlyoffice.enableExampleServer": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OnlyOffice example server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "onlyoffice", "enableExampleServer"], "readOnly": false, "type": "boolean"}, "services.onlyoffice.examplePort": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port the OnlyOffice example server should listen on.", "loc": ["services", "onlyoffice", "examplePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.onlyoffice.hostname": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "FQDN for the OnlyOffice instance.", "loc": ["services", "onlyoffice", "hostname"], "readOnly": false, "type": "string"}, "services.onlyoffice.jwtSecretFile": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file that contains the secret to sign web requests using JSON Web Tokens.\nIf left at the default value null signing is disabled.\n", "loc": ["services", "onlyoffice", "jwtSecretFile"], "readOnly": false, "type": "null or string"}, "services.onlyoffice.loglevel": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "\"WARN\""}, "description": "Default loglevel to use for documentserver and converter", "loc": ["services", "onlyoffice", "loglevel"], "readOnly": false, "type": "string"}, "services.onlyoffice.package": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "pkgs.onlyoffice-documentserver"}, "description": "The onlyoffice-documentserver package to use.", "loc": ["services", "onlyoffice", "package"], "readOnly": false, "type": "package"}, "services.onlyoffice.port": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port the OnlyOffice document server should listen on.", "loc": ["services", "onlyoffice", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.onlyoffice.postgresHost": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "The Postgresql hostname or socket path OnlyOffice should connect to.", "loc": ["services", "onlyoffice", "postgresHost"], "readOnly": false, "type": "string"}, "services.onlyoffice.postgresName": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "\"onlyoffice\""}, "description": "The name of database OnlyOffice should use.", "loc": ["services", "onlyoffice", "postgresName"], "readOnly": false, "type": "string"}, "services.onlyoffice.postgresPasswordFile": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file that contains the password OnlyOffice should use to connect to Postgresql.\nUnused when using socket authentication.\n", "loc": ["services", "onlyoffice", "postgresPasswordFile"], "readOnly": false, "type": "null or string"}, "services.onlyoffice.postgresUser": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "\"onlyoffice\""}, "description": "The username OnlyOffice should use to connect to Postgresql.\nUnused when using socket authentication.\n", "loc": ["services", "onlyoffice", "postgresUser"], "readOnly": false, "type": "string"}, "services.onlyoffice.rabbitmqUrl": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "\"amqp://guest:guest@localhost:5672\""}, "description": "The Rabbitmq in amqp URI style OnlyOffice should connect to.", "loc": ["services", "onlyoffice", "rabbitmqUrl"], "readOnly": false, "type": "string"}, "services.onlyoffice.securityNonceFile": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "description": "File holding nginx configuration that sets the nonce used to create secret links.\n\nExample:\n```\nset $secure_link_secret \"changeme\";\n```\n\nThis file must be readable both by nginx and by the onlyoffice\ndocumentserver. Since nginx is added to the onlyoffice group,\nyou may want to make the file readable to the onlyoffice group.\n\nNOTE: The file must be a valid nginx configuration file. The secret must not contain `$` characters, as they will be interpreted as variables by nginx.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/onlyoffice-nginx-nonce.conf\""}, "loc": ["services", "onlyoffice", "securityNonceFile"], "readOnly": false, "type": "string"}, "services.onlyoffice.wopi": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Enable WOPI support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "onlyoffice", "wopi"], "readOnly": false, "type": "boolean"}, "services.onlyoffice.x2t": {"declarations": ["nixos/modules/services/web-apps/onlyoffice.nix"], "default": {"_type": "literalExpression", "text": "pkgs.x2t"}, "description": "The x2t package to use.", "loc": ["services", "onlyoffice", "x2t"], "readOnly": false, "type": "package"}, "services.open-web-calendar.calendarSettings": {"declarations": ["nixos/modules/services/web-apps/open-web-calendar.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configure the default calendar.\n\nSee the documentation options in <https://open-web-calendar.quelltext.eu/host/configure/#configuring-the-default-calendar> and <https://github.com/niccokunzmann/open-web-calendar/blob/master/open_web_calendar/default_specification.yml>.\n\nIndividual calendar instances can be further configured outside this module, by specifying the `specification_url` parameter.\n", "loc": ["services", "open-web-calendar", "calendarSettings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.open-web-calendar.domain": {"declarations": ["nixos/modules/services/web-apps/open-web-calendar.nix"], "description": "The domain under which open-web-calendar is made available", "example": {"_type": "literalExpression", "text": "\"open-web-calendar.example.org\""}, "loc": ["services", "open-web-calendar", "domain"], "readOnly": false, "type": "string"}, "services.open-web-calendar.enable": {"declarations": ["nixos/modules/services/web-apps/open-web-calendar.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenWebCalendar service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "open-web-calendar", "enable"], "readOnly": false, "type": "boolean"}, "services.open-web-calendar.package": {"declarations": ["nixos/modules/services/web-apps/open-web-calendar.nix"], "default": {"_type": "literalExpression", "text": "pkgs.open-web-calendar"}, "description": "The open-web-calendar package to use.", "loc": ["services", "open-web-calendar", "package"], "readOnly": false, "type": "package"}, "services.open-web-calendar.settings": {"declarations": ["nixos/modules/services/web-apps/open-web-calendar.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for the server. These are set as environment variables to the gunicorn/flask service.\n\nSee the documentation options in <https://open-web-calendar.quelltext.eu/host/configure/#configuring-the-server>.\n", "loc": ["services", "open-web-calendar", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "services.open-web-calendar.settings.ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/open-web-calendar.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The hosts that the Open Web Calendar permits. This is required to\nmitigate the Host Header Injection vulnerability.\n\nWe always set this to the empty list, as Nginx already checks the Host header.\n", "loc": ["services", "open-web-calendar", "settings", "ALLOWED_HOSTS"], "readOnly": true, "type": "string"}, "services.open-webui.enable": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Open-WebUI server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "open-webui", "enable"], "readOnly": false, "type": "boolean"}, "services.open-webui.environment": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "{\n  ANONYMIZED_TELEMETRY = \"False\";\n  DO_NOT_TRACK = \"True\";\n  SCARF_NO_ANALYTICS = \"True\";\n}"}, "description": "Extra environment variables for Open-WebUI.\nFor more details see <https://docs.openwebui.com/getting-started/env-configuration>\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    OLLAMA_API_BASE_URL = \"http://127.0.0.1:11434\";\n    # Disable authentication\n    WEBUI_AUTH = \"False\";\n  }\n''"}, "loc": ["services", "open-webui", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.open-webui.environmentFile": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/openWebuiSecrets\""}, "loc": ["services", "open-webui", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.open-webui.host": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address which the Open-WebUI server HTTP interface listens to.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "open-webui", "host"], "readOnly": false, "type": "string"}, "services.open-webui.openFirewall": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for Open-WebUI.\nThis adds `services.open-webui.port` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "open-webui", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.open-webui.package": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "pkgs.open-webui"}, "description": "The open-webui package to use.", "loc": ["services", "open-webui", "package"], "readOnly": false, "type": "package"}, "services.open-webui.port": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Which port the Open-WebUI server listens to.\n", "example": {"_type": "literalExpression", "text": "11111"}, "loc": ["services", "open-webui", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.open-webui.stateDir": {"declarations": ["nixos/modules/services/misc/open-webui.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/open-webui\""}, "description": "State directory of Open-WebUI.", "example": {"_type": "literalExpression", "text": "\"/home/foo\""}, "loc": ["services", "open-webui", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.openafsClient.afsdb": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Resolve cells via AFSDB DNS records.", "loc": ["services", "openafsClient", "afsdb"], "readOnly": false, "type": "boolean"}, "services.openafsClient.cache.blocks": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "100000"}, "description": "Cache size in 1KB blocks.", "loc": ["services", "openafsClient", "cache", "blocks"], "readOnly": false, "type": "signed integer"}, "services.openafsClient.cache.chunksize": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Size of each cache chunk given in powers of\n2. `0` resets the chunk size to its default\nvalues (13 (8 KB) for memcache, 18-20 (256 KB to 1 MB) for\ndiskcache). Maximum value is 30. Important performance\nparameter. Set to higher values when dealing with large files.\n", "loc": ["services", "openafsClient", "cache", "chunksize"], "readOnly": false, "type": "integer between 0 and 30 (both inclusive)"}, "services.openafsClient.cache.directory": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/openafs\""}, "description": "Cache directory.", "loc": ["services", "openafsClient", "cache", "directory"], "readOnly": false, "type": "string"}, "services.openafsClient.cache.diskless": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use in-memory cache for diskless machines. Has no real\nperformance benefit anymore.\n", "loc": ["services", "openafsClient", "cache", "diskless"], "readOnly": false, "type": "boolean"}, "services.openafsClient.cellName": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Cell name.", "example": {"_type": "literalExpression", "text": "\"grand.central.org\""}, "loc": ["services", "openafsClient", "cellName"], "readOnly": false, "type": "string"}, "services.openafsClient.cellServDB": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This cell's database server records, added to the global\nCellServDB. See {manpage}`CellServDB(5)` man page for syntax. Ignored when\n`afsdb` is set to `true`.\n", "example": {"_type": "literalExpression", "text": "{\n  \"dns.fqdn.org\" = [\n    {\n      dnsname = \"first.afsdb.server.dns.fqdn.org\";\n      ip = \"1.2.3.4\";\n    }\n    {\n      dnsname = \"second.afsdb.server.dns.fqdn.org\";\n      ip = \"2.3.4.5\";\n    }\n  ];\n}"}, "loc": ["services", "openafsClient", "cellServDB"], "readOnly": false, "type": "(attribute set of list of (submodule)) or (list of anything) convertible to it"}, "services.openafsClient.cellServDB.<name>.*.dnsname": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "DNS full-qualified domain name of a database server", "example": {"_type": "literalExpression", "text": "\"afs.example.org\""}, "loc": ["services", "openafsClient", "cellServDB", "<name>", "*", "dnsname"], "readOnly": false, "type": "string"}, "services.openafsClient.cellServDB.<name>.*.ip": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "IP Address of a database server", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "openafsClient", "cellServDB", "<name>", "*", "ip"], "readOnly": false, "type": "string"}, "services.openafsClient.crypt": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable (weak) protocol encryption.", "loc": ["services", "openafsClient", "crypt"], "readOnly": false, "type": "boolean"}, "services.openafsClient.daemons": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Number of daemons to serve user requests. Numbers higher than 6\nusually do no increase performance. Default is sufficient for up\nto five concurrent users.\n", "loc": ["services", "openafsClient", "daemons"], "readOnly": false, "type": "signed integer"}, "services.openafsClient.enable": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OpenAFS client.", "loc": ["services", "openafsClient", "enable"], "readOnly": false, "type": "boolean"}, "services.openafsClient.fakestat": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Return fake data on stat() calls. If `true`,\nalways do so. If `false`, only do so for\ncross-cell mounts (as these are potentially expensive).\n", "loc": ["services", "openafsClient", "fakestat"], "readOnly": false, "type": "boolean"}, "services.openafsClient.globalCellServDBFile": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openafs.cellservdb"}, "description": "Global CellServDB file to be deployed. Set to `null` to only deploy the\ncells in `cellServDB`. Any cells defined in `cellServDB` will override\ncells in the global file.\n", "example": {"_type": "literalExpression", "text": "./CellServDB"}, "loc": ["services", "openafsClient", "globalCellServDBFile"], "readOnly": false, "type": "null or path in the Nix store"}, "services.openafsClient.inumcalc": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "\"compat\""}, "description": "Inode calculation method. `compat` is\ncomputationally less expensive, but `md5` greatly\nreduces the likelihood of inode collisions in larger scenarios\ninvolving multiple cells mounted into one AFS space.\n", "loc": ["services", "openafsClient", "inumcalc"], "readOnly": false, "type": "string matching the pattern compat|md5"}, "services.openafsClient.mountPoint": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "\"/afs\""}, "description": "Mountpoint of the AFS file tree, conventionally\n`/afs`. When set to a different value, only\ncross-cells that use the same value can be accessed.\n", "loc": ["services", "openafsClient", "mountPoint"], "readOnly": false, "type": "string"}, "services.openafsClient.packages.module": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "config.boot.kernelPackages.openafs"}, "description": "OpenAFS kernel module package. MUST match the userland package!", "loc": ["services", "openafsClient", "packages", "module"], "readOnly": false, "type": "package"}, "services.openafsClient.packages.programs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "getBin pkgs.openafs"}, "description": "OpenAFS programs package. MUST match the kernel module package!", "loc": ["services", "openafsClient", "packages", "programs"], "readOnly": false, "type": "package"}, "services.openafsClient.sparse": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Minimal cell list in /afs.", "loc": ["services", "openafsClient", "sparse"], "readOnly": false, "type": "boolean"}, "services.openafsClient.startDisconnected": {"declarations": ["nixos/modules/services/network-filesystems/openafs/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Start up in disconnected mode.  You need to execute\n`fs disco online` (as root) to switch to\nconnected mode. Useful for roaming devices.\n", "loc": ["services", "openafsClient", "startDisconnected"], "readOnly": false, "type": "boolean"}, "services.openafsServer.advertisedAddresses": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IP addresses this server is advertised under. See {manpage}`NetInfo(5)`", "loc": ["services", "openafsServer", "advertisedAddresses"], "readOnly": false, "type": "list of string"}, "services.openafsServer.cellName": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Cell name, this server will serve.", "example": {"_type": "literalExpression", "text": "\"grand.central.org\""}, "loc": ["services", "openafsServer", "cellName"], "readOnly": false, "type": "string"}, "services.openafsServer.cellServDB": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of all cell-local database server machines. If a single\nlist is provided, it will be used as the servers for `cellName`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dnsname = \"first.afsdb.server.dns.fqdn.org\";\n    ip = \"1.2.3.4\";\n  }\n  {\n    dnsname = \"second.afsdb.server.dns.fqdn.org\";\n    ip = \"2.3.4.5\";\n  }\n]"}, "loc": ["services", "openafsServer", "cellServDB"], "readOnly": false, "type": "(attribute set of list of (submodule)) or (list of anything) convertible to it"}, "services.openafsServer.cellServDB.<name>.*.dnsname": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "DNS full-qualified domain name of a database server", "example": {"_type": "literalExpression", "text": "\"afs.example.org\""}, "loc": ["services", "openafsServer", "cellServDB", "<name>", "*", "dnsname"], "readOnly": false, "type": "string"}, "services.openafsServer.cellServDB.<name>.*.ip": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "IP Address of a database server", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "openafsServer", "cellServDB", "<name>", "*", "ip"], "readOnly": false, "type": "string"}, "services.openafsServer.dottedPrincipals": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, allow principal names containing (.) dots. Enabling\nthis has security implications!\n", "loc": ["services", "openafsServer", "dottedPrincipals"], "readOnly": false, "type": "boolean"}, "services.openafsServer.enable": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OpenAFS server. An OpenAFS server needs a\ncomplex setup. So, be aware that enabling this service and setting\nsome options does not give you a turn-key-ready solution. You need\nat least a running Kerberos 5 setup, as OpenAFS relies on it for\nauthentication. See the Guide \"QuickStartUnix\" coming with\n`pkgs.openafs.doc` for complete setup\ninstructions.\n", "loc": ["services", "openafsServer", "enable"], "readOnly": false, "type": "boolean"}, "services.openafsServer.package": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openafs"}, "description": "The openafs package to use.", "loc": ["services", "openafsServer", "package"], "readOnly": false, "type": "package"}, "services.openafsServer.roles.backup.buserverArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the buserver process. See its man page.", "example": {"_type": "literalExpression", "text": "\"-p 8\""}, "loc": ["services", "openafsServer", "roles", "backup", "buserverArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.backup.cellServDB": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of all cell-local backup database server machines.\nUse this when your cell uses less backup database servers than\nother database server machines.\n", "loc": ["services", "openafsServer", "roles", "backup", "cellServDB"], "readOnly": false, "type": "(attribute set of list of (submodule)) or (list of anything) convertible to it"}, "services.openafsServer.roles.backup.cellServDB.<name>.*.dnsname": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "DNS full-qualified domain name of a database server", "example": {"_type": "literalExpression", "text": "\"afs.example.org\""}, "loc": ["services", "openafsServer", "roles", "backup", "cellServDB", "<name>", "*", "dnsname"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.backup.cellServDB.<name>.*.ip": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "IP Address of a database server", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "openafsServer", "roles", "backup", "cellServDB", "<name>", "*", "ip"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.backup.enable": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the backup server role. When using OpenAFS built-in buserver, use in conjunction with the\n`database` role to maintain the Backup\nDatabase. Normally only used in conjunction with tape storage\nor IBM's Tivoli Storage Manager.\n\nFor a modern backup server, enable this role and see\n{option}`enableFabs`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openafsServer", "roles", "backup", "enable"], "readOnly": false, "type": "boolean"}, "services.openafsServer.roles.backup.enableFabs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FABS, the flexible AFS backup system. It stores volumes as dump files, relying on other\npre-existing backup solutions for handling them\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openafsServer", "roles", "backup", "enableFabs"], "readOnly": false, "type": "boolean"}, "services.openafsServer.roles.backup.fabsArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the fabsys process. See\n{manpage}`fabsys_server(1)` and\n{manpage}`fabsys_config(1)`.\n", "loc": ["services", "openafsServer", "roles", "backup", "fabsArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.backup.fabsExtraConfig": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration parameters for the FABS backup server.\n", "example": {"_type": "literalExpression", "text": "{\n  afs.localauth = true;\n  afs.keytab = config.sops.secrets.fabsKeytab.path;\n}\n"}, "loc": ["services", "openafsServer", "roles", "backup", "fabsExtraConfig"], "readOnly": false, "type": "attribute set"}, "services.openafsServer.roles.database.enable": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Database server role, maintains the Volume Location Database,\nProtection Database (and Backup Database, see\n`backup` role). There can be multiple\nservers in the database role for replication, which then need\nreliable network connection to each other.\n\nServers in this role appear in AFSDB DNS records or the\nCellServDB.\n", "loc": ["services", "openafsServer", "roles", "database", "enable"], "readOnly": false, "type": "boolean"}, "services.openafsServer.roles.database.ptserverArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the ptserver process. See its man page.", "example": {"_type": "literalExpression", "text": "\"-restricted -default_access S---- S-M---\""}, "loc": ["services", "openafsServer", "roles", "database", "ptserverArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.database.vlserverArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the vlserver process. See its man page.", "example": {"_type": "literalExpression", "text": "\"-rxbind\""}, "loc": ["services", "openafsServer", "roles", "database", "vlserverArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.fileserver.enable": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Fileserver role, serves files and volumes from its local storage.", "loc": ["services", "openafsServer", "roles", "fileserver", "enable"], "readOnly": false, "type": "boolean"}, "services.openafsServer.roles.fileserver.fileserverArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"-vattachpar 128 -vhashsize 11 -L -rxpck 400 -cb 1000000\""}, "description": "Arguments to the dafileserver process. See its man page.", "loc": ["services", "openafsServer", "roles", "fileserver", "fileserverArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.fileserver.salvagerArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the dasalvager process. See its man page.", "example": {"_type": "literalExpression", "text": "\"-showlog -showmounts\""}, "loc": ["services", "openafsServer", "roles", "fileserver", "salvagerArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.fileserver.salvageserverArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the salvageserver process. See its man page.", "example": {"_type": "literalExpression", "text": "\"-showlog\""}, "loc": ["services", "openafsServer", "roles", "fileserver", "salvageserverArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.roles.fileserver.volserverArgs": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to the davolserver process. See its man page.", "example": {"_type": "literalExpression", "text": "\"-sync never\""}, "loc": ["services", "openafsServer", "roles", "fileserver", "volserverArgs"], "readOnly": false, "type": "string"}, "services.openafsServer.udpPacketSize": {"declarations": ["nixos/modules/services/network-filesystems/openafs/server.nix"], "default": {"_type": "literalExpression", "text": "1310720"}, "description": "UDP packet size to use in Bytes. Higher values can speed up\ncommunications. The default of 1 MB is a sufficient in most\ncases. Make sure to increase the kernel's UDP buffer size\naccordingly via `net.core(w|r|opt)mem_max`\nsysctl.\n", "loc": ["services", "openafsServer", "udpPacketSize"], "readOnly": false, "type": "signed integer"}, "services.openarena.enable": {"declarations": ["nixos/modules/services/games/openarena.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenArena game server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openarena", "enable"], "readOnly": false, "type": "boolean"}, "services.openarena.extraFlags": {"declarations": ["nixos/modules/services/games/openarena.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to {command}`oa_ded`", "example": {"_type": "literalExpression", "text": "[\n  \"+set dedicated 2\"\n  \"+set sv_hostname 'My NixOS OpenArena Server'\"\n  \"+map oa_dm1\"\n]"}, "loc": ["services", "openarena", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.openarena.openPorts": {"declarations": ["nixos/modules/services/games/openarena.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open firewall ports for OpenArena", "loc": ["services", "openarena", "openPorts"], "readOnly": false, "type": "boolean"}, "services.openarena.package": {"declarations": ["nixos/modules/services/games/openarena.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openarena"}, "description": "The openarena package to use.", "loc": ["services", "openarena", "package"], "readOnly": false, "type": "package"}, "services.openbao.enable": {"declarations": ["nixos/modules/services/security/openbao.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenBao daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openbao", "enable"], "readOnly": false, "type": "boolean"}, "services.openbao.extraArgs": {"declarations": ["nixos/modules/services/security/openbao.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments given to OpenBao.\n", "loc": ["services", "openbao", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.openbao.package": {"declarations": ["nixos/modules/services/security/openbao.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openbao"}, "description": "The openbao package to use.", "example": {"_type": "literalExpression", "text": "pkgs.openbao.override { withHsm = false; withUi = false; }"}, "loc": ["services", "openbao", "package"], "readOnly": false, "type": "package"}, "services.openbao.settings": {"declarations": ["nixos/modules/services/security/openbao.nix"], "description": "Settings of OpenBao.\n\nSee [documentation](https://openbao.org/docs/configuration) for more details.\n", "example": {"_type": "literalExpression", "text": "{\n  ui = true;\n\n  listener.default = {\n    type = \"tcp\";\n    tls_acme_email = config.security.acme.defaults.email;\n    tls_acme_domains = [ \"example.com\" ];\n    tls_acme_disable_http_challenge = true;\n  };\n\n  cluster_addr = \"http://127.0.0.1:8201\";\n  api_addr = \"https://example.com\";\n\n  storage.raft.path = \"/var/lib/openbao\";\n}\n"}, "loc": ["services", "openbao", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.openbao.settings.listener": {"declarations": ["nixos/modules/services/security/openbao.nix"], "description": "Configure a listener for responding to requests.\n", "loc": ["services", "openbao", "settings", "listener"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.openbao.settings.listener.<name>.address": {"declarations": ["nixos/modules/services/security/openbao.nix"], "default": {"_type": "literalExpression", "text": "if config.services.openbao.settings.listener.<name>.type == \"unix\" then \"/run/openbao/openbao.sock\" else \"127.0.0.1:8200\""}, "description": "The TCP address or UNIX socket path to listen on.\n", "loc": ["services", "openbao", "settings", "listener", "<name>", "address"], "readOnly": false, "type": "string"}, "services.openbao.settings.listener.<name>.type": {"declarations": ["nixos/modules/services/security/openbao.nix"], "description": "The listener type to enable.\n", "loc": ["services", "openbao", "settings", "listener", "<name>", "type"], "readOnly": false, "type": "one of \"tcp\", \"unix\""}, "services.openbao.settings.ui": {"declarations": ["nixos/modules/services/security/openbao.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OpenBao web UI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openbao", "settings", "ui"], "readOnly": false, "type": "boolean"}, "services.opencloud.address": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Web server bind address.", "loc": ["services", "opencloud", "address"], "readOnly": false, "type": "string"}, "services.opencloud.enable": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenCloud.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opencloud", "enable"], "readOnly": false, "type": "boolean"}, "services.opencloud.environment": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "{\n  OC_INSECURE = \"true\";\n}"}, "description": "Extra environment variables to set for the service.\n\nUse this to set configuration that may affect multiple microservices.\n\nSet `OC_INSECURE = \"false\"` if you want OpenCloud to terminate TLS.\n\nConfiguration provided here will override `settings`.\n", "example": {"_type": "literalExpression", "text": "{\n  OC_INSECURE = \"false\";\n  OC_LOG_LEVEL = \"error\";\n}"}, "loc": ["services", "opencloud", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.opencloud.environmentFile": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An environment file as defined in {manpage}`systemd.exec(5)`.\n\nUse this to inject secrets, e.g. database or auth credentials out of band.\n\nConfiguration provided here will override `settings` and `environment`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/opencloud.env\""}, "loc": ["services", "opencloud", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.opencloud.group": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "\"opencloud\""}, "description": "The group to run OpenCloud under.\nBy default, a group named `opencloud` will be created.\n", "example": {"_type": "literalExpression", "text": "\"mycloud\""}, "loc": ["services", "opencloud", "group"], "readOnly": false, "type": "string"}, "services.opencloud.idpWebPackage": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opencloud.idp-web"}, "description": "The idp-web package to use.", "loc": ["services", "opencloud", "idpWebPackage"], "readOnly": false, "type": "package"}, "services.opencloud.package": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opencloud"}, "description": "The opencloud package to use.", "loc": ["services", "opencloud", "package"], "readOnly": false, "type": "package"}, "services.opencloud.port": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "9200"}, "description": "Web server port.", "loc": ["services", "opencloud", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.opencloud.settings": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional YAML configuration for OpenCloud services.\n\nEvery item in this attrset will be mapped to a .yaml file in /etc/opencloud.\n\nThe possible config options are currently not well documented, see source code:\nhttps://github.com/opencloud-eu/opencloud/blob/main/pkg/config/config.go\n", "example": {"_type": "literalExpression", "text": "{\n  proxy = {\n    auto_provision_accounts = true;\n    oidc = {\n      rewrite_well_known = true;\n    };\n    role_assignment = {\n      driver = \"oidc\";\n      oidc_role_mapper = {\n        role_claim = \"opencloud_roles\";\n      };\n    };\n  };\n  web = {\n    web = {\n      config = {\n        oidc = {\n          scope = \"openid profile email opencloud_roles\";\n        };\n      };\n    };\n  };\n}"}, "loc": ["services", "opencloud", "settings"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.opencloud.stateDir": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/opencloud\""}, "description": "OpenCloud data directory.", "loc": ["services", "opencloud", "stateDir"], "readOnly": false, "type": "string"}, "services.opencloud.url": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "\"https://localhost:9200\""}, "description": "Web interface root public URL, including scheme and port (if non-default).", "example": {"_type": "literalExpression", "text": "\"https://cloud.example.com\""}, "loc": ["services", "opencloud", "url"], "readOnly": false, "type": "string"}, "services.opencloud.user": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "\"opencloud\""}, "description": "The user to run OpenCloud as.\nBy default, a user named `opencloud` will be created whose home\ndirectory is [](#opt-services.opencloud.stateDir).\n", "example": {"_type": "literalExpression", "text": "\"mycloud\""}, "loc": ["services", "opencloud", "user"], "readOnly": false, "type": "string"}, "services.opencloud.webPackage": {"declarations": ["nixos/modules/services/web-apps/opencloud.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opencloud.web"}, "description": "The web package to use.", "loc": ["services", "opencloud", "webPackage"], "readOnly": false, "type": "package"}, "services.opendkim.configFile": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Additional opendkim configuration as a file.", "loc": ["services", "opendkim", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.opendkim.domains": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "\"csl:${config.networking.hostName}\""}, "description": "Local domains set (see {manpage}`opendkim(8)` for more information on datasets).\nMessages from them are signed, not verified.\n", "example": {"_type": "literalExpression", "text": "\"csl:example.com,mydomain.net\""}, "loc": ["services", "opendkim", "domains"], "readOnly": false, "type": "string"}, "services.opendkim.enable": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenDKIM sender authentication system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opendkim", "enable"], "readOnly": false, "type": "boolean"}, "services.opendkim.group": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "\"opendkim\""}, "description": "Group for the daemon.", "loc": ["services", "opendkim", "group"], "readOnly": false, "type": "string"}, "services.opendkim.keyPath": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/opendkim/keys\""}, "description": "The path that opendkim should put its generated private keys into.\nThe DNS settings will be found in this directory with the name selector.txt.\n", "loc": ["services", "opendkim", "keyPath"], "readOnly": false, "type": "absolute path"}, "services.opendkim.selector": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "description": "Selector to use when signing.", "loc": ["services", "opendkim", "selector"], "readOnly": false, "type": "string"}, "services.opendkim.settings": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional opendkim configuration", "loc": ["services", "opendkim", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.opendkim.socket": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "\"local:/run/opendkim/opendkim.sock\""}, "description": "Socket which is used for communication with OpenDKIM.", "loc": ["services", "opendkim", "socket"], "readOnly": false, "type": "string"}, "services.opendkim.user": {"declarations": ["nixos/modules/services/mail/opendkim.nix"], "default": {"_type": "literalExpression", "text": "\"opendkim\""}, "description": "User for the daemon.", "loc": ["services", "opendkim", "user"], "readOnly": false, "type": "string"}, "services.opengfw.dir": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/opengfw\""}, "description": "Working directory of the OpenGFW service and home of `opengfw.user`.\n", "loc": ["services", "opengfw", "dir"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.opengfw.enable": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenGFW, A flexible, easy-to-use, open source implementation of GFW on Linux\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opengfw", "enable"], "readOnly": false, "type": "boolean"}, "services.opengfw.logFile": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to write the output to instead of systemd.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/opengfw/opengfw.log\""}, "loc": ["services", "opengfw", "logFile"], "readOnly": false, "type": "null or absolute path"}, "services.opengfw.logFormat": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"json\""}, "description": "Format of the logs. [logFormatMap](https://github.com/apernet/OpenGFW/blob/d7737e92117a11c9a6100d53019fac3b9d724fe3/cmd/root.go#L62)\n", "example": {"_type": "literalExpression", "text": "\"console\""}, "loc": ["services", "opengfw", "logFormat"], "readOnly": false, "type": "one of \"json\", \"console\""}, "services.opengfw.logLevel": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Level of the logs. [logLevelMap](https://github.com/apernet/OpenGFW/blob/d7737e92117a11c9a6100d53019fac3b9d724fe3/cmd/root.go#L55)\n", "example": {"_type": "literalExpression", "text": "\"warn\""}, "loc": ["services", "opengfw", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.opengfw.package": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opengfw"}, "description": "The opengfw package to use.", "loc": ["services", "opengfw", "package"], "readOnly": false, "type": "package"}, "services.opengfw.pcapReplay": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to PCAP replay file.\nIn pcap mode, none of the actions in the rules have any effect.\nThis mode is mainly for debugging.\n", "example": {"_type": "literalExpression", "text": "\"./opengfw.pcap\""}, "loc": ["services", "opengfw", "pcapReplay"], "readOnly": false, "type": "null or absolute path"}, "services.opengfw.rules": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rules passed to OpenGFW. [Example rules](https://gfw.dev/docs/rules)\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    action = \"block\";\n    expr = \"string(http?.req?.headers?.host) endsWith \\\"v2ex.com\\\"\";\n    name = \"block v2ex http\";\n  }\n  {\n    action = \"block\";\n    expr = \"string(socks?.req?.addr) endsWith \\\"google.com\\\" && socks?.req?.port == 80\";\n    name = \"block google socks\";\n  }\n  {\n    action = \"modify\";\n    expr = \"dns != nil && dns.qr && any(dns.questions, {.name endsWith \\\"v2ex.com\\\"})\";\n    modifier = {\n      args = {\n        a = \"0.0.0.0\";\n        aaaa = \"::\";\n      };\n      name = \"dns\";\n    };\n    name = \"v2ex dns poisoning\";\n  }\n]"}, "loc": ["services", "opengfw", "rules"], "readOnly": false, "type": "list of (submodule)"}, "services.opengfw.rules.*.action": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"allow\""}, "description": "Action of the rule. [Supported actions](https://gfw.dev/docs/rules#supported-actions)\n", "example": {"_type": "literalExpression", "text": "\"block\""}, "loc": ["services", "opengfw", "rules", "*", "action"], "readOnly": false, "type": "one of \"allow\", \"block\", \"drop\", \"modify\""}, "services.opengfw.rules.*.expr": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "description": "[Expr Language](https://expr-lang.org/docs/language-definition) expression using [analyzers](https://gfw.dev/docs/analyzers) and [functions](https://gfw.dev/docs/functions).\n", "example": {"_type": "literalExpression", "text": "\"dns != nil && dns.qr && any(dns.questions, {.name endsWith \\\"google.com\\\"})\""}, "loc": ["services", "opengfw", "rules", "*", "expr"], "readOnly": false, "type": "string"}, "services.opengfw.rules.*.log": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable logging for the rule.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "opengfw", "rules", "*", "log"], "readOnly": false, "type": "boolean"}, "services.opengfw.rules.*.modifier": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Modification of specified packets when using the `modify` action. [Available modifiers](https://github.com/apernet/OpenGFW/tree/master/modifier)\n", "loc": ["services", "opengfw", "rules", "*", "modifier"], "readOnly": false, "type": "null or (submodule)"}, "services.opengfw.rules.*.modifier.args": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "description": "Arguments passed to the modifier.", "example": {"_type": "literalExpression", "text": "{\n  a = \"0.0.0.0\";\n  aaaa = \"::\";\n}"}, "loc": ["services", "opengfw", "rules", "*", "modifier", "args"], "readOnly": false, "type": "attribute set"}, "services.opengfw.rules.*.modifier.name": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "description": "Name of the modifier.", "example": {"_type": "literalExpression", "text": "\"dns\""}, "loc": ["services", "opengfw", "rules", "*", "modifier", "name"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.opengfw.rules.*.name": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "description": "Name of the rule.", "example": {"_type": "literalExpression", "text": "\"block google dns\""}, "loc": ["services", "opengfw", "rules", "*", "name"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.opengfw.rulesFile": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing OpenGFW rules.\n", "loc": ["services", "opengfw", "rulesFile"], "readOnly": false, "type": "null or absolute path"}, "services.opengfw.settings": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Settings passed to OpenGFW. [Example config](https://gfw.dev/docs/build-run/#config-example)\n", "loc": ["services", "opengfw", "settings"], "readOnly": false, "type": "null or (submodule)"}, "services.opengfw.settings.io": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "IO settings.\n", "loc": ["services", "opengfw", "settings", "io"], "readOnly": false, "type": "submodule"}, "services.opengfw.settings.io.local": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to false if you want to run OpenGFW on FORWARD chain. (e.g. on a router)\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "opengfw", "settings", "io", "local"], "readOnly": false, "type": "boolean"}, "services.opengfw.settings.io.queueSize": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "IO queue size.", "example": {"_type": "literalExpression", "text": "2048"}, "loc": ["services", "opengfw", "settings", "io", "queueSize"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.io.rcvBuf": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "4194304"}, "description": "Netlink receive buffer size.", "example": {"_type": "literalExpression", "text": "2097152"}, "loc": ["services", "opengfw", "settings", "io", "rcvBuf"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.io.rst": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"`!config.services.opengfw.settings.io.local`\""}, "description": "Set to true if you want to send RST for blocked TCP connections, needs `local = false`.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "opengfw", "settings", "io", "rst"], "readOnly": false, "type": "boolean"}, "services.opengfw.settings.io.sndBuf": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "4194304"}, "description": "Netlink send buffer size.", "example": {"_type": "literalExpression", "text": "2097152"}, "loc": ["services", "opengfw", "settings", "io", "sndBuf"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.replay": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PCAP replay settings.\n", "loc": ["services", "opengfw", "settings", "replay"], "readOnly": false, "type": "submodule"}, "services.opengfw.settings.replay.realtime": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the packets in the PCAP file should be replayed in \"real time\" (instead of as fast as possible).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opengfw", "settings", "replay", "realtime"], "readOnly": false, "type": "boolean"}, "services.opengfw.settings.ruleset": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The path to load specific local geoip/geosite db files.\nIf not set, they will be automatically downloaded from [Loyalsoldier/v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat).\n", "loc": ["services", "opengfw", "settings", "ruleset"], "readOnly": false, "type": "submodule"}, "services.opengfw.settings.ruleset.geoip": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to `geoip.dat`.", "loc": ["services", "opengfw", "settings", "ruleset", "geoip"], "readOnly": false, "type": "null or absolute path"}, "services.opengfw.settings.ruleset.geosite": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to `geosite.dat`.", "loc": ["services", "opengfw", "settings", "ruleset", "geosite"], "readOnly": false, "type": "null or absolute path"}, "services.opengfw.settings.workers": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Worker settings.", "loc": ["services", "opengfw", "settings", "workers"], "readOnly": false, "type": "submodule"}, "services.opengfw.settings.workers.count": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Number of workers.\nRecommended to be no more than the number of CPU cores\n", "example": {"_type": "literalExpression", "text": "8"}, "loc": ["services", "opengfw", "settings", "workers", "count"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.workers.queueSize": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Worker queue size.", "example": {"_type": "literalExpression", "text": "32"}, "loc": ["services", "opengfw", "settings", "workers", "queueSize"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.workers.tcpMaxBufferedPagesPerConn": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "64"}, "description": "TCP max total bufferd pages per connection.\n", "example": {"_type": "literalExpression", "text": "128"}, "loc": ["services", "opengfw", "settings", "workers", "tcpMaxBufferedPagesPerConn"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.workers.tcpMaxBufferedPagesTotal": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "TCP max total buffered pages.\n", "example": {"_type": "literalExpression", "text": "8192"}, "loc": ["services", "opengfw", "settings", "workers", "tcpMaxBufferedPagesTotal"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settings.workers.tcpTimeout": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"10m\""}, "description": "How long a connection is considered dead when no data is being transferred.\nDead connections are purged from TCP reassembly pools once per minute.\n", "example": {"_type": "literalExpression", "text": "\"5m\""}, "loc": ["services", "opengfw", "settings", "workers", "tcpTimeout"], "readOnly": false, "type": "string"}, "services.opengfw.settings.workers.udpMaxStreams": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "UDP max streams.", "example": {"_type": "literalExpression", "text": "8192"}, "loc": ["services", "opengfw", "settings", "workers", "udpMaxStreams"], "readOnly": false, "type": "signed integer"}, "services.opengfw.settingsFile": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing OpenGFW settings.\n", "loc": ["services", "opengfw", "settingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.opengfw.user": {"declarations": ["nixos/modules/services/networking/opengfw.nix"], "default": {"_type": "literalExpression", "text": "\"opengfw\""}, "description": "Username of the OpenGFW user.", "loc": ["services", "opengfw", "user"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.openiscsi.discoverPortal": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Portal to discover targets on", "loc": ["services", "openiscsi", "discoverPortal"], "readOnly": false, "type": "null or string"}, "services.openiscsi.enable": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the openiscsi iscsi daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openiscsi", "enable"], "readOnly": false, "type": "boolean"}, "services.openiscsi.enableAutoLoginOut": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic login and logout of all automatic targets.\nYou probably do not want this\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openiscsi", "enableAutoLoginOut"], "readOnly": false, "type": "boolean"}, "services.openiscsi.extraConfig": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Lines to append to default iscsid.conf", "loc": ["services", "openiscsi", "extraConfig"], "readOnly": false, "type": "string"}, "services.openiscsi.extraConfigFile": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Append an additional file's contents to /etc/iscsid.conf. Use a non-store path\nand store passwords in this file.\n", "loc": ["services", "openiscsi", "extraConfigFile"], "readOnly": false, "type": "null or string"}, "services.openiscsi.name": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "description": "Name of this iscsi initiator", "example": {"_type": "literalExpression", "text": "\"iqn.2020-08.org.linux-iscsi.initiatorhost:example\""}, "loc": ["services", "openiscsi", "name"], "readOnly": false, "type": "string"}, "services.openiscsi.package": {"declarations": ["nixos/modules/services/networking/iscsi/initiator.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openiscsi"}, "description": "The openiscsi package to use.", "loc": ["services", "openiscsi", "package"], "readOnly": false, "type": "package"}, "services.openldap.configDir": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use this config directory instead of generating one from the\n`settings` option. Overrides all NixOS settings.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/openldap/slapd.d\""}, "loc": ["services", "openldap", "configDir"], "readOnly": false, "type": "null or absolute path"}, "services.openldap.declarativeContents": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative contents for the LDAP database, in LDIF format by suffix.\n\nAll data will be erased when starting the LDAP server. Modifications\nto the database are not prevented, they are just dropped on the next\nreboot of the server. Performance-wise the database and indexes are\nrebuilt on each server startup, so this will slow down server startup,\nespecially with large databases.\n\nNote that the root of the DB must be defined in\n`services.openldap.settings` and the\n`olcDbDirectory` must begin with\n`\"/var/lib/openldap\"`.\n", "example": {"_type": "literalExpression", "text": "{\n  \"dc=example,dc=org\" = ''\n    dn= dn: dc=example,dc=org\n    objectClass: domain\n    dc: example\n\n    dn: ou=users,dc=example,dc=org\n    objectClass = organizationalUnit\n    ou: users\n\n    # ...\n  '';\n}\n"}, "loc": ["services", "openldap", "declarativeContents"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.openldap.enable": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the ldap server.", "loc": ["services", "openldap", "enable"], "readOnly": false, "type": "boolean"}, "services.openldap.group": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "\"openldap\""}, "description": "Group account under which slapd runs.", "loc": ["services", "openldap", "group"], "readOnly": false, "type": "string"}, "services.openldap.mutableConfig": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow writable on-line configuration. If\n`true`, the NixOS settings will only be used to\ninitialize the OpenLDAP configuration if it does not exist, and are\nsubsequently ignored.\n", "loc": ["services", "openldap", "mutableConfig"], "readOnly": false, "type": "boolean"}, "services.openldap.package": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openldap"}, "description": "The openldap package to use. This can be used to, for example, set an OpenLDAP package\nwith custom overrides to enable modules or other\nfunctionality.\n", "loc": ["services", "openldap", "package"], "readOnly": false, "type": "package"}, "services.openldap.settings": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "description": "Configuration for OpenLDAP, in OLC format", "example": {"_type": "literalExpression", "text": "{\n  attrs.olcLogLevel = [ \"stats\" ];\n  children = {\n    \"cn=schema\".includes = [\n       \"${pkgs.openldap}/etc/schema/core.ldif\"\n       \"${pkgs.openldap}/etc/schema/cosine.ldif\"\n       \"${pkgs.openldap}/etc/schema/inetorgperson.ldif\"\n    ];\n    \"olcDatabase={-1}frontend\" = {\n      attrs = {\n        objectClass = \"olcDatabaseConfig\";\n        olcDatabase = \"{-1}frontend\";\n        olcAccess = [ \"{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop\" ];\n      };\n    };\n    \"olcDatabase={0}config\" = {\n      attrs = {\n        objectClass = \"olcDatabaseConfig\";\n        olcDatabase = \"{0}config\";\n        olcAccess = [ \"{0}to * by * none break\" ];\n      };\n    };\n    \"olcDatabase={1}mdb\" = {\n      attrs = {\n        objectClass = [ \"olcDatabaseConfig\" \"olcMdbConfig\" ];\n        olcDatabase = \"{1}mdb\";\n        olcDbDirectory = \"/var/lib/openldap/ldap\";\n        olcDbIndex = [\n          \"objectClass eq\"\n          \"cn pres,eq\"\n          \"uid pres,eq\"\n          \"sn pres,eq,subany\"\n        ];\n        olcSuffix = \"dc=example,dc=com\";\n        olcAccess = [ \"{0}to * by * read break\" ];\n      };\n    };\n  };\n};\n"}, "loc": ["services", "openldap", "settings"], "readOnly": false, "type": "submodule"}, "services.openldap.settings.attrs": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attributes of the parent entry.", "loc": ["services", "openldap", "settings", "attrs"], "readOnly": false, "type": "attribute set of ((LDAP value - either a string, or an attrset containing\n`path` or `base64` for included\nvalues or base-64 encoded values respectively.\n) or list of (LDAP value - either a string, or an attrset containing\n`path` or `base64` for included\nvalues or base-64 encoded values respectively.\n))"}, "services.openldap.settings.children": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Child entries of the current entry, with recursively the same structure.", "example": {"_type": "literalExpression", "text": "{\n    \"cn=schema\" = {\n    # The attribute used in the DN must be defined\n    attrs = { cn = \"schema\"; };\n    children = {\n        # This entry's DN is expanded to \"cn=foo,cn=schema\"\n        \"cn=foo\" = { ... };\n    };\n    # These includes are inserted after \"cn=schema\", but before \"cn=foo,cn=schema\"\n    includes = [ ... ];\n    };\n}\n"}, "loc": ["services", "openldap", "settings", "children"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.openldap.settings.includes": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "LDIF files to include after the parent's attributes but before its children.\n", "loc": ["services", "openldap", "settings", "includes"], "readOnly": false, "type": "list of absolute path"}, "services.openldap.urlList": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"ldap:///\"\n]"}, "description": "URL list slapd should listen on.", "example": {"_type": "literalExpression", "text": "[\n  \"ldaps:///\"\n]"}, "loc": ["services", "openldap", "urlList"], "readOnly": false, "type": "list of string"}, "services.openldap.user": {"declarations": ["nixos/modules/services/databases/openldap.nix"], "default": {"_type": "literalExpression", "text": "\"openldap\""}, "description": "User account under which slapd runs.", "loc": ["services", "openldap", "user"], "readOnly": false, "type": "string"}, "services.openntpd.enable": {"declarations": ["nixos/modules/services/networking/ntp/openntpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenNTP time synchronization server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openntpd", "enable"], "readOnly": false, "type": "boolean"}, "services.openntpd.extraConfig": {"declarations": ["nixos/modules/services/networking/ntp/openntpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional text appended to {file}`openntpd.conf`.\n", "example": {"_type": "literalExpression", "text": "''\n  listen on 127.0.0.1\n  listen on ::1\n''"}, "loc": ["services", "openntpd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.openntpd.extraOptions": {"declarations": ["nixos/modules/services/networking/ntp/openntpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra options used when launching openntpd.\n", "example": {"_type": "literalExpression", "text": "\"-s\""}, "loc": ["services", "openntpd", "extraOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.openntpd.servers": {"declarations": ["nixos/modules/services/networking/ntp/openntpd.nix"], "default": {"_type": "literalExpression", "text": "config.services.ntp.servers"}, "description": "The set of NTP servers from which to synchronise.\n", "loc": ["services", "openntpd", "servers"], "readOnly": false, "type": "list of string"}, "services.opensearch.dataDir": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/opensearch\""}, "description": "Data directory for OpenSearch. If you change this, you need to\nmanually create the directory. You also need to create the\n`opensearch` user and group, or change\n[](#opt-services.opensearch.user) and\n[](#opt-services.opensearch.group) to existing ones with\naccess to the directory.\n", "loc": ["services", "opensearch", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.opensearch.enable": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenSearch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opensearch", "enable"], "readOnly": false, "type": "boolean"}, "services.opensearch.extraCmdLineOptions": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for the OpenSearch launcher.", "loc": ["services", "opensearch", "extraCmdLineOptions"], "readOnly": false, "type": "list of string"}, "services.opensearch.extraJavaOptions": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for Java.", "example": {"_type": "literalExpression", "text": "[\n  \"-Djava.net.preferIPv4Stack=true\"\n]"}, "loc": ["services", "opensearch", "extraJavaOptions"], "readOnly": false, "type": "list of string"}, "services.opensearch.group": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "\"opensearch\""}, "description": "The group OpenSearch runs as. Should be left at default unless\nyou have very specific needs.\n", "loc": ["services", "opensearch", "group"], "readOnly": false, "type": "string"}, "services.opensearch.logging": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "''\n  logger.action.name = org.opensearch.action\n  logger.action.level = info\n  \n  appender.console.type = Console\n  appender.console.name = console\n  appender.console.layout.type = PatternLayout\n  appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n\n  \n  rootLogger.level = info\n  rootLogger.appenderRef.console.ref = console\n''"}, "description": "opensearch logging configuration.", "loc": ["services", "opensearch", "logging"], "readOnly": false, "type": "string"}, "services.opensearch.package": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opensearch"}, "description": "The OpenSearch package to use.", "loc": ["services", "opensearch", "package"], "readOnly": false, "type": "package"}, "services.opensearch.restartIfChanged": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on a server or cluster.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "opensearch", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.opensearch.settings": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "OpenSearch configuration.\n", "loc": ["services", "opensearch", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.opensearch.settings.\"cluster.name\"": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "\"opensearch\""}, "description": "The name of the cluster.\n", "loc": ["services", "opensearch", "settings", "cluster.name"], "readOnly": false, "type": "string"}, "services.opensearch.settings.\"discovery.type\"": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "\"single-node\""}, "description": "The type of discovery to use.\n", "loc": ["services", "opensearch", "settings", "discovery.type"], "readOnly": false, "type": "string"}, "services.opensearch.settings.\"http.port\"": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "9200"}, "description": "The port to listen on for HTTP traffic.\n", "loc": ["services", "opensearch", "settings", "http.port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.opensearch.settings.\"network.host\"": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Which port this service should listen on.\n", "loc": ["services", "opensearch", "settings", "network.host"], "readOnly": false, "type": "string"}, "services.opensearch.settings.\"plugins.security.disabled\"": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the security plugin,\n`plugins.security.ssl.transport.keystore_filepath` or\n`plugins.security.ssl.transport.server.pemcert_filepath` and\n`plugins.security.ssl.transport.client.pemcert_filepath`\nmust be set for this plugin to be enabled.\n", "loc": ["services", "opensearch", "settings", "plugins.security.disabled"], "readOnly": false, "type": "boolean"}, "services.opensearch.settings.\"transport.port\"": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "9300"}, "description": "The port to listen on for transport traffic.\n", "loc": ["services", "opensearch", "settings", "transport.port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.opensearch.user": {"declarations": ["nixos/modules/services/search/opensearch.nix"], "default": {"_type": "literalExpression", "text": "\"opensearch\""}, "description": "The user OpenSearch runs as. Should be left at default unless\nyou have very specific needs.\n", "loc": ["services", "opensearch", "user"], "readOnly": false, "type": "string"}, "services.opensmtpd.enable": {"declarations": ["nixos/modules/services/mail/opensmtpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OpenSMTPD server.", "loc": ["services", "opensmtpd", "enable"], "readOnly": false, "type": "boolean"}, "services.opensmtpd.extraServerArgs": {"declarations": ["nixos/modules/services/mail/opensmtpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments provided when the smtpd process\nis started.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-v\"\n  \"-P mta\"\n]"}, "loc": ["services", "opensmtpd", "extraServerArgs"], "readOnly": false, "type": "list of string"}, "services.opensmtpd.package": {"declarations": ["nixos/modules/services/mail/opensmtpd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opensmtpd"}, "description": "The opensmtpd package to use.", "loc": ["services", "opensmtpd", "package"], "readOnly": false, "type": "package"}, "services.opensmtpd.procPackages": {"declarations": ["nixos/modules/services/mail/opensmtpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages to search for filters, tables, queues, and schedulers.\n\nAdd packages here if you want to use them as as such, for example\nfrom the opensmtpd-table-* packages.\n", "loc": ["services", "opensmtpd", "procPackages"], "readOnly": false, "type": "list of package"}, "services.opensmtpd.serverConfiguration": {"declarations": ["nixos/modules/services/mail/opensmtpd.nix"], "description": "The contents of the smtpd.conf configuration file. See the\nOpenSMTPD documentation for syntax information.\n", "example": {"_type": "literalExpression", "text": "''\n  listen on lo\n  accept for any deliver to lmtp localhost:24\n''"}, "loc": ["services", "opensmtpd", "serverConfiguration"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.opensmtpd.setSendmail": {"declarations": ["nixos/modules/services/mail/opensmtpd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set the system sendmail to OpenSMTPD's.", "loc": ["services", "opensmtpd", "setSendmail"], "readOnly": false, "type": "boolean"}, "services.opensnitch.enable": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Opensnitch application firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opensnitch", "enable"], "readOnly": false, "type": "boolean"}, "services.opensnitch.package": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opensnitch"}, "description": "The opensnitch package to use.", "loc": ["services", "opensnitch", "package"], "readOnly": false, "type": "package"}, "services.opensnitch.rules": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative configuration of firewall rules.\nAll rules will be stored in `/var/lib/opensnitch/rules` by default.\nRules path can be configured with `settings.Rules.Path`.\nSee [upstream documentation](https://github.com/evilsocket/opensnitch/wiki/Rules)\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  \"tor\" = {\n    \"name\" = \"tor\";\n    \"enabled\" = true;\n    \"action\" = \"allow\";\n    \"duration\" = \"always\";\n    \"operator\" = {\n      \"type\" =\"simple\";\n      \"sensitive\" = false;\n      \"operand\" = \"process.path\";\n      \"data\" = \"${lib.getBin pkgs.tor}/bin/tor\";\n    };\n  };\n};\n"}, "loc": ["services", "opensnitch", "rules"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.opensnitch.settings": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "opensnitchd configuration. Refer to [upstream documentation](https://github.com/evilsocket/opensnitch/wiki/Configurations)\nfor details on supported values.\n", "loc": ["services", "opensnitch", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.opensnitch.settings.Audit.AudispSocketPath": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "default": {"_type": "literalExpression", "text": "\"/run/audit/audispd_events\""}, "description": "Configure audit socket path. Used when\n`settings.ProcMonitorMethod` is set to `audit`.\n", "loc": ["services", "opensnitch", "settings", "Audit", "AudispSocketPath"], "readOnly": false, "type": "absolute path"}, "services.opensnitch.settings.DefaultAction": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Default action whether to block or allow application internet\naccess.\n", "loc": ["services", "opensnitch", "settings", "DefaultAction"], "readOnly": false, "type": "one of \"allow\", \"deny\""}, "services.opensnitch.settings.Ebpf.ModulesPath": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "default": {"_type": "literalExpression", "text": "if cfg.settings.ProcMonitorMethod == \"ebpf\" then\n  \"\\\\$\\\\{config.boot.kernelPackages.opensnitch-ebpf\\\\}/etc/opensnitchd\"\nelse null;\n"}, "description": "Configure eBPF modules path. Used when\n`settings.ProcMonitorMethod` is set to `ebpf`.\n", "loc": ["services", "opensnitch", "settings", "Ebpf", "ModulesPath"], "readOnly": false, "type": "null or absolute path"}, "services.opensnitch.settings.Firewall": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Which firewall backend to use.\n", "loc": ["services", "opensnitch", "settings", "Firewall"], "readOnly": false, "type": "one of \"iptables\", \"nftables\""}, "services.opensnitch.settings.InterceptUnknown": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Whether to intercept spare connections.\n", "loc": ["services", "opensnitch", "settings", "InterceptUnknown"], "readOnly": false, "type": "boolean"}, "services.opensnitch.settings.LogLevel": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Default log level from 0 to 4 (debug, info, important, warning,\nerror).\n", "loc": ["services", "opensnitch", "settings", "LogLevel"], "readOnly": false, "type": "integer between 0 and 4 (both inclusive)"}, "services.opensnitch.settings.ProcMonitorMethod": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Which process monitoring method to use.\n", "loc": ["services", "opensnitch", "settings", "ProcMonitorMethod"], "readOnly": false, "type": "one of \"ebpf\", \"proc\", \"ftrace\", \"audit\""}, "services.opensnitch.settings.Rules.Path": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/opensnitch/rules\""}, "description": "Path to the directory where firewall rules can be found and will\nget stored by the NixOS module.\n", "loc": ["services", "opensnitch", "settings", "Rules", "Path"], "readOnly": false, "type": "absolute path"}, "services.opensnitch.settings.Server.Address": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Unix socket path (unix:///tmp/osui.sock, the \"unix:///\" part is\nmandatory) or TCP socket (192.168.1.100:50051).\n", "loc": ["services", "opensnitch", "settings", "Server", "Address"], "readOnly": false, "type": "string"}, "services.opensnitch.settings.Server.LogFile": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "File to write logs to (use /dev/stdout to write logs to standard\noutput).\n", "loc": ["services", "opensnitch", "settings", "Server", "LogFile"], "readOnly": false, "type": "absolute path"}, "services.opensnitch.settings.Stats.MaxEvents": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Max events to send to the GUI.\n", "loc": ["services", "opensnitch", "settings", "Stats", "MaxEvents"], "readOnly": false, "type": "signed integer"}, "services.opensnitch.settings.Stats.MaxStats": {"declarations": ["nixos/modules/services/security/opensnitch.nix"], "description": "Max stats per item to keep in backlog.\n", "loc": ["services", "opensnitch", "settings", "Stats", "MaxStats"], "readOnly": false, "type": "signed integer"}, "services.openssh.allowSFTP": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the SFTP subsystem in the SSH daemon.  This\nenables the use of commands such as {command}`sftp` and\n{command}`sshfs`.\n", "loc": ["services", "openssh", "allowSFTP"], "readOnly": false, "type": "boolean"}, "services.openssh.authorizedKeysCommand": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Specifies a program to be used to look up the user's public\nkeys. The program must be owned by root, not writable by group\nor others and specified by an absolute path.\n", "loc": ["services", "openssh", "authorizedKeysCommand"], "readOnly": false, "type": "string"}, "services.openssh.authorizedKeysCommandUser": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "Specifies the user under whose account the AuthorizedKeysCommand\nis run. It is recommended to use a dedicated user that has no\nother role on the host than running authorized keys commands.\n", "loc": ["services", "openssh", "authorizedKeysCommandUser"], "readOnly": false, "type": "string"}, "services.openssh.authorizedKeysFiles": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify the rules for which files to read on the host.\n\nThis is an advanced option. If you're looking to configure user\nkeys, you can generally use [](#opt-users.users._name_.openssh.authorizedKeys.keys)\nor [](#opt-users.users._name_.openssh.authorizedKeys.keyFiles).\n\nThese are paths relative to the host root file system or home\ndirectories and they are subject to certain token expansion rules.\nSee AuthorizedKeysFile in man sshd_config for details.\n", "loc": ["services", "openssh", "authorizedKeysFiles"], "readOnly": false, "type": "list of string"}, "services.openssh.authorizedKeysInHomedir": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables the use of the `~/.ssh/authorized_keys` file.\n\nOtherwise, the only files trusted by default are those in `/etc/ssh/authorized_keys.d`,\n*i.e.* SSH keys from [](#opt-users.users._name_.openssh.authorizedKeys.keys).\n", "loc": ["services", "openssh", "authorizedKeysInHomedir"], "readOnly": false, "type": "boolean"}, "services.openssh.banner": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Message to display to the remote user before authentication is allowed.\n", "loc": ["services", "openssh", "banner"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.openssh.enable": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OpenSSH secure shell daemon, which\nallows secure remote logins.\n", "loc": ["services", "openssh", "enable"], "readOnly": false, "type": "boolean"}, "services.openssh.extraConfig": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim contents of {file}`sshd_config`.", "loc": ["services", "openssh", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.openssh.generateHostKeys": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "services.openssh.enable"}, "description": "Whether to generate SSH host keys.\n\nThis can be enabled explicitly if you want to generate host keys but\ndon't want to enable the SSH daemon.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openssh", "generateHostKeys"], "readOnly": false, "type": "boolean"}, "services.openssh.hostKeys": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    bits = 4096;\n    path = \"/etc/ssh/ssh_host_rsa_key\";\n    type = \"rsa\";\n  }\n  {\n    path = \"/etc/ssh/ssh_host_ed25519_key\";\n    type = \"ed25519\";\n  }\n]"}, "description": "NixOS can automatically generate SSH host keys.  This option\nspecifies the path, type and size of each key.  See\n{manpage}`ssh-keygen(1)` for supported types\nand sizes.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    bits = 4096;\n    openSSHFormat = true;\n    path = \"/etc/ssh/ssh_host_rsa_key\";\n    type = \"rsa\";\n  }\n  {\n    comment = \"key comment\";\n    path = \"/etc/ssh/ssh_host_ed25519_key\";\n    type = \"ed25519\";\n  }\n]"}, "loc": ["services", "openssh", "hostKeys"], "readOnly": false, "type": "list of (attribute set)"}, "services.openssh.knownHosts": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "description": "Alias of {option}`programs.ssh.knownHosts`.", "loc": ["services", "openssh", "knownHosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.openssh.knownHosts.<name>.certAuthority": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This public key is an SSH certificate authority, rather than an\nindividual host's key.\n", "loc": ["services", "openssh", "knownHosts", "<name>", "certAuthority"], "readOnly": false, "type": "boolean"}, "services.openssh.knownHosts.<name>.extraHostNames": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of additional host names and/or IP numbers used for\naccessing the host's ssh service. This list is ignored if\n`hostNames` is set explicitly.\n", "loc": ["services", "openssh", "knownHosts", "<name>", "extraHostNames"], "readOnly": false, "type": "list of string"}, "services.openssh.knownHosts.<name>.hostNames": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "[ \u2039name\u203a ] ++ config.services.openssh.knownHosts.<name>.extraHostNames"}, "description": "A list of host names and/or IP numbers used for accessing\nthe host's ssh service. This list includes the name of the\ncontaining `knownHosts` attribute by default\nfor convenience. If you wish to configure multiple host keys\nfor the same host use multiple `knownHosts`\nentries with different attribute names and the same\n`hostNames` list.\n", "loc": ["services", "openssh", "knownHosts", "<name>", "hostNames"], "readOnly": false, "type": "list of string"}, "services.openssh.knownHosts.<name>.publicKey": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public key data for the host. You can fetch a public key\nfrom a running SSH server with the {command}`ssh-keyscan`\ncommand. The public key should not include any host names, only\nthe key type and the key itself.\n", "example": {"_type": "literalExpression", "text": "\"ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==\""}, "loc": ["services", "openssh", "knownHosts", "<name>", "publicKey"], "readOnly": false, "type": "null or string"}, "services.openssh.knownHosts.<name>.publicKeyFile": {"declarations": ["nixos/modules/programs/ssh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the public key file for the host. The public\nkey file is read at build time and saved in the Nix store.\nYou can fetch a public key file from a running SSH server\nwith the {command}`ssh-keyscan` command. The content\nof the file should follow the same format as described for\nthe `publicKey` option. Only a single key\nis supported. If a host has multiple keys, use\n{option}`programs.ssh.knownHostsFiles` instead.\n", "loc": ["services", "openssh", "knownHosts", "<name>", "publicKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.openssh.listenAddresses": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of addresses and ports to listen on (ListenAddress directive\nin config). If port is not specified for address sshd will listen\non all ports specified by `ports` option.\nNOTE: this will override default listening on all local addresses and port 22.\nNOTE: setting this option won't automatically enable given ports\nin firewall configuration.\nNOTE: If the IP address is not available at boot time, the following has\nto be added to make sure sshd will wait for dhcp configuration:\n```nix\nsystemd.services.sshd = {\n  wants = [ \"network-online.target\" ];\n  after = [ \"network-online.target\" ];\n};\n```\nSee the following issue for details: <https://github.com/NixOS/nixpkgs/issues/105570>\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"192.168.3.1\";\n    port = 22;\n  }\n  {\n    addr = \"0.0.0.0\";\n    port = 64022;\n  }\n]"}, "loc": ["services", "openssh", "listenAddresses"], "readOnly": false, "type": "list of (submodule)"}, "services.openssh.listenAddresses.*.addr": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host, IPv4 or IPv6 address to listen to.\n", "loc": ["services", "openssh", "listenAddresses", "*", "addr"], "readOnly": false, "type": "null or string"}, "services.openssh.listenAddresses.*.port": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port to listen to.\n", "loc": ["services", "openssh", "listenAddresses", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.openssh.moduliFile": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "description": "Path to `moduli` file to install in\n`/etc/ssh/moduli`. If this option is unset, then\nthe `moduli` file shipped with OpenSSH will be used.\n", "example": {"_type": "literalExpression", "text": "\"/etc/my-local-ssh-moduli;\""}, "loc": ["services", "openssh", "moduliFile"], "readOnly": false, "type": "absolute path"}, "services.openssh.openFirewall": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically open the specified ports in the firewall.\n", "loc": ["services", "openssh", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.openssh.package": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "programs.ssh.package"}, "description": "OpenSSH package to use for sshd.", "loc": ["services", "openssh", "package"], "readOnly": false, "type": "package"}, "services.openssh.ports": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[\n  22\n]"}, "description": "Specifies on which ports the SSH daemon listens.\n", "loc": ["services", "openssh", "ports"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.openssh.settings": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `sshd_config(5)`.", "example": {"_type": "literalExpression", "text": "{\n  UseDns = true;\n  PasswordAuthentication = false;\n}\n"}, "loc": ["services", "openssh", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "services.openssh.settings.AcceptEnv": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies what environment variables sent by the client will be copied into the session's\nenvironment. The TERM environment variable is always accepted whenever the client requests\na pseudo-terminal as it is required by the protocol.\n", "loc": ["services", "openssh", "settings", "AcceptEnv"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.AllowGroups": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, login is allowed only for users part of the\nlisted groups.\nSee {manpage}`sshd_config(5)` for details.\n", "loc": ["services", "openssh", "settings", "AllowGroups"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.AllowUsers": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, login is allowed only for the listed users.\nSee {manpage}`sshd_config(5)` for details.\n", "loc": ["services", "openssh", "settings", "AllowUsers"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.AuthorizedPrincipalsFile": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Specifies a file that lists principal names that are accepted for certificate authentication. The default\nis `\"none\"`, i.e. not to use a principals file.\n", "loc": ["services", "openssh", "settings", "AuthorizedPrincipalsFile"], "readOnly": false, "type": "null or string"}, "services.openssh.settings.Ciphers": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"chacha20-poly1305@openssh.com\"\n  \"aes256-gcm@openssh.com\"\n  \"aes128-gcm@openssh.com\"\n  \"aes256-ctr\"\n  \"aes192-ctr\"\n  \"aes128-ctr\"\n]"}, "description": "Allowed ciphers\n\nDefaults to recommended settings from both\n<https://stribika.github.io/2015/01/04/secure-secure-shell.html>\nand\n<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>\n", "loc": ["services", "openssh", "settings", "Ciphers"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.DenyGroups": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, login is denied for all users part of the listed\ngroups. Takes precedence over\n[](#opt-services.openssh.settings.AllowGroups). See\n{manpage}`sshd_config(5)` for details.\n", "loc": ["services", "openssh", "settings", "DenyGroups"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.DenyUsers": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, login is denied for all listed users. Takes\nprecedence over [](#opt-services.openssh.settings.AllowUsers).\nSee {manpage}`sshd_config(5)` for details.\n", "loc": ["services", "openssh", "settings", "DenyUsers"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.GatewayPorts": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Specifies whether remote hosts are allowed to connect to\nports forwarded for the client.  See\n{manpage}`sshd_config(5)`.\n", "loc": ["services", "openssh", "settings", "GatewayPorts"], "readOnly": false, "type": "null or string"}, "services.openssh.settings.KbdInteractiveAuthentication": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Specifies whether keyboard-interactive authentication is allowed.\n", "loc": ["services", "openssh", "settings", "KbdInteractiveAuthentication"], "readOnly": false, "type": "null or boolean"}, "services.openssh.settings.KexAlgorithms": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"mlkem768x25519-sha256\"\n  \"sntrup761x25519-sha512\"\n  \"sntrup761x25519-sha512@openssh.com\"\n  \"curve25519-sha256\"\n  \"curve25519-sha256@libssh.org\"\n  \"diffie-hellman-group-exchange-sha256\"\n]"}, "description": "Allowed key exchange algorithms\n\nUses the lower bound recommended in both\n<https://stribika.github.io/2015/01/04/secure-secure-shell.html>\nand\n<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>\n", "loc": ["services", "openssh", "settings", "KexAlgorithms"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.LogLevel": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Gives the verbosity level that is used when logging messages from {manpage}`sshd(8)`. Logging with a DEBUG level\nviolates the privacy of users and is not recommended.\n", "loc": ["services", "openssh", "settings", "LogLevel"], "readOnly": false, "type": "null or one of \"QUIET\", \"FATAL\", \"ERROR\", \"INFO\", \"VERBOSE\", \"DEBUG\", \"DEBUG1\", \"DEBUG2\", \"DEBUG3\""}, "services.openssh.settings.Macs": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"hmac-sha2-512-etm@openssh.com\"\n  \"hmac-sha2-256-etm@openssh.com\"\n  \"umac-128-etm@openssh.com\"\n]"}, "description": "Allowed MACs\n\nDefaults to recommended settings from both\n<https://stribika.github.io/2015/01/04/secure-secure-shell.html>\nand\n<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>\n", "loc": ["services", "openssh", "settings", "Macs"], "readOnly": false, "type": "null or (list of string)"}, "services.openssh.settings.PasswordAuthentication": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Specifies whether password authentication is allowed.\n", "loc": ["services", "openssh", "settings", "PasswordAuthentication"], "readOnly": false, "type": "null or boolean"}, "services.openssh.settings.PermitRootLogin": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "\"prohibit-password\""}, "description": "Whether the root user can login using ssh.\n", "loc": ["services", "openssh", "settings", "PermitRootLogin"], "readOnly": false, "type": "null or one of \"yes\", \"without-password\", \"prohibit-password\", \"forced-commands-only\", \"no\""}, "services.openssh.settings.PrintMotd": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable printing /etc/motd when a user logs in interactively.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openssh", "settings", "PrintMotd"], "readOnly": false, "type": "null or boolean"}, "services.openssh.settings.StrictModes": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether sshd should check file modes and ownership of directories\n", "loc": ["services", "openssh", "settings", "StrictModes"], "readOnly": false, "type": "null or boolean"}, "services.openssh.settings.UseDns": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies whether {manpage}`sshd(8)` should look up the remote host name, and to check that the resolved host name for\nthe remote IP address maps back to the very same IP address.\nIf this option is set to no (the default) then only addresses and not host names may be used in\n~/.ssh/authorized_keys from and sshd_config Match Host directives.\n", "loc": ["services", "openssh", "settings", "UseDns"], "readOnly": false, "type": "null or boolean"}, "services.openssh.settings.UsePAM": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable PAM authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openssh", "settings", "UsePAM"], "readOnly": false, "type": "null or boolean"}, "services.openssh.settings.X11Forwarding": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow X11 connections to be forwarded.\n", "loc": ["services", "openssh", "settings", "X11Forwarding"], "readOnly": false, "type": "null or boolean"}, "services.openssh.sftpFlags": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Commandline flags to add to sftp-server.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-f AUTHPRIV\"\n  \"-l INFO\"\n]"}, "loc": ["services", "openssh", "sftpFlags"], "readOnly": false, "type": "list of string"}, "services.openssh.sftpServerExecutable": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "description": "The sftp server executable.  Can be a path or \"internal-sftp\" to use\nthe sftp server built into the sshd binary.\n", "example": {"_type": "literalExpression", "text": "\"internal-sftp\""}, "loc": ["services", "openssh", "sftpServerExecutable"], "readOnly": false, "type": "string"}, "services.openssh.startWhenNeeded": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, {command}`sshd` is socket-activated; that\nis, instead of having it permanently running as a daemon,\nsystemd will start an instance for each incoming connection.\n", "loc": ["services", "openssh", "startWhenNeeded"], "readOnly": false, "type": "boolean"}, "services.opentelemetry-collector.configFile": {"declarations": ["nixos/modules/services/monitoring/opentelemetry-collector.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a path to a configuration file that Opentelemetry Collector should use.\n", "loc": ["services", "opentelemetry-collector", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.opentelemetry-collector.enable": {"declarations": ["nixos/modules/services/monitoring/opentelemetry-collector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Opentelemetry Collector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opentelemetry-collector", "enable"], "readOnly": false, "type": "boolean"}, "services.opentelemetry-collector.package": {"declarations": ["nixos/modules/services/monitoring/opentelemetry-collector.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opentelemetry-collector"}, "description": "The opentelemetry-collector package to use.", "loc": ["services", "opentelemetry-collector", "package"], "readOnly": false, "type": "package"}, "services.opentelemetry-collector.settings": {"declarations": ["nixos/modules/services/monitoring/opentelemetry-collector.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify the configuration for Opentelemetry Collector in Nix.\n\nSee <https://opentelemetry.io/docs/collector/configuration/> for available options.\n", "loc": ["services", "opentelemetry-collector", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.opentelemetry-collector.validateConfigFile": {"declarations": ["nixos/modules/services/monitoring/opentelemetry-collector.nix"], "default": {"_type": "literalMD", "text": "`true` if `configFile` is a store path"}, "description": "Whether to enable Validate configuration file.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opentelemetry-collector", "validateConfigFile"], "readOnly": false, "type": "boolean"}, "services.opentracker.enable": {"declarations": ["nixos/modules/services/torrent/opentracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opentracker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opentracker", "enable"], "readOnly": false, "type": "boolean"}, "services.opentracker.extraOptions": {"declarations": ["nixos/modules/services/torrent/opentracker.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration Arguments for opentracker\nSee <https://erdgeist.org/arts/software/opentracker/> for all params\n", "loc": ["services", "opentracker", "extraOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.opentracker.package": {"declarations": ["nixos/modules/services/torrent/opentracker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opentracker"}, "description": "The opentracker package to use.", "loc": ["services", "opentracker", "package"], "readOnly": false, "type": "package"}, "services.opentsdb.config": {"declarations": ["nixos/modules/services/databases/opentsdb.nix"], "default": {"_type": "literalExpression", "text": "''\n  tsd.core.auto_create_metrics = true\n  tsd.http.request.enable_chunked  = true\n''"}, "description": "The contents of OpenTSDB's configuration file\n", "loc": ["services", "opentsdb", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.opentsdb.enable": {"declarations": ["nixos/modules/services/databases/opentsdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenTSDB.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opentsdb", "enable"], "readOnly": false, "type": "boolean"}, "services.opentsdb.group": {"declarations": ["nixos/modules/services/databases/opentsdb.nix"], "default": {"_type": "literalExpression", "text": "\"opentsdb\""}, "description": "Group account under which OpenTSDB runs.\n", "loc": ["services", "opentsdb", "group"], "readOnly": false, "type": "string"}, "services.opentsdb.package": {"declarations": ["nixos/modules/services/databases/opentsdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opentsdb"}, "description": "The opentsdb package to use.", "loc": ["services", "opentsdb", "package"], "readOnly": false, "type": "package"}, "services.opentsdb.port": {"declarations": ["nixos/modules/services/databases/opentsdb.nix"], "default": {"_type": "literalExpression", "text": "4242"}, "description": "Which port OpenTSDB listens on.\n", "loc": ["services", "opentsdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.opentsdb.user": {"declarations": ["nixos/modules/services/databases/opentsdb.nix"], "default": {"_type": "literalExpression", "text": "\"opentsdb\""}, "description": "User account under which OpenTSDB runs.\n", "loc": ["services", "opentsdb", "user"], "readOnly": false, "type": "string"}, "services.openvpn.package": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openvpn"}, "description": "The openvpn package to use.", "loc": ["services", "openvpn", "package"], "readOnly": false, "type": "package"}, "services.openvpn.restartAfterSleep": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether OpenVPN client should be restarted after sleep.", "loc": ["services", "openvpn", "restartAfterSleep"], "readOnly": false, "type": "boolean"}, "services.openvpn.servers": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute of this option defines a systemd service that\nruns an OpenVPN instance.  These can be OpenVPN servers or\nclients.  The name of each systemd service is\n`openvpn-\u00abname\u00bb.service`,\nwhere \u00abname\u00bb is the corresponding\nattribute name.\n", "example": {"_type": "literalExpression", "text": "{\n  server = {\n    config = ''\n      # Simplest server configuration: https://community.openvpn.net/openvpn/wiki/StaticKeyMiniHowto\n      # server :\n      dev tun\n      ifconfig 10.8.0.1 10.8.0.2\n      secret /root/static.key\n    '';\n    up = \"ip route add ...\";\n    down = \"ip route del ...\";\n  };\n\n  client = {\n    config = ''\n      client\n      remote vpn.example.org\n      dev tun\n      proto tcp-client\n      port 8080\n      ca /root/.vpn/ca.crt\n      cert /root/.vpn/alice.crt\n      key /root/.vpn/alice.key\n    '';\n    up = \"echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev\";\n    down = \"${pkgs.openresolv}/sbin/resolvconf -d $dev\";\n  };\n}\n"}, "loc": ["services", "openvpn", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.openvpn.servers.<name>.authUserPass": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option can be used to store the username / password credentials\nwith the \"auth-user-pass\" authentication method.\n\nYou can either provide an attribute set of `username` and `password`,\nor the path to a file containing the credentials on two lines.\n\nWARNING: If you use an attribute set, this option will put the credentials WORLD-READABLE into the Nix store!\n", "loc": ["services", "openvpn", "servers", "<name>", "authUserPass"], "readOnly": false, "type": "null or (optionally newline-terminated) single-line string or (submodule)"}, "services.openvpn.servers.<name>.autoStart": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this OpenVPN instance should be started automatically.", "loc": ["services", "openvpn", "servers", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "services.openvpn.servers.<name>.config": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "description": "Configuration of this OpenVPN instance.  See\n{manpage}`openvpn(8)`\nfor details.\n\nTo import an external config file, use the following definition:\n`config = \"config /path/to/config.ovpn\"`\n", "loc": ["services", "openvpn", "servers", "<name>", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.openvpn.servers.<name>.down": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed when the instance is shutting down.\n", "loc": ["services", "openvpn", "servers", "<name>", "down"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.openvpn.servers.<name>.up": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed when the instance is starting.\n", "loc": ["services", "openvpn", "servers", "<name>", "up"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.openvpn.servers.<name>.updateResolvConf": {"declarations": ["nixos/modules/services/networking/openvpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use the script from the update-resolv-conf package to automatically\nupdate resolv.conf with the DNS information provided by openvpn. The\nscript will be run after the \"up\" commands and before the \"down\" commands.\n", "loc": ["services", "openvpn", "servers", "<name>", "updateResolvConf"], "readOnly": false, "type": "boolean"}, "services.openvscode-server.connectionToken": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A secret that must be included with all requests.\n", "example": {"_type": "literalExpression", "text": "\"secret-token\""}, "loc": ["services", "openvscode-server", "connectionToken"], "readOnly": false, "type": "null or string"}, "services.openvscode-server.connectionTokenFile": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file that contains the connection token.\n", "loc": ["services", "openvscode-server", "connectionTokenFile"], "readOnly": false, "type": "null or string"}, "services.openvscode-server.enable": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable openvscode-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openvscode-server", "enable"], "readOnly": false, "type": "boolean"}, "services.openvscode-server.extensionsDir": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the root path for extensions.\n", "loc": ["services", "openvscode-server", "extensionsDir"], "readOnly": false, "type": "null or string"}, "services.openvscode-server.extraArguments": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments to pass to openvscode-server.\n", "example": {"_type": "literalExpression", "text": "[ \"--log=info\" ]"}, "loc": ["services", "openvscode-server", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.openvscode-server.extraEnvironment": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables to pass to openvscode-server.\n", "example": {"_type": "literalExpression", "text": "{\n  PKG_CONFIG_PATH = \"/run/current-system/sw/lib/pkgconfig\";\n}"}, "loc": ["services", "openvscode-server", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.openvscode-server.extraGroups": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An array of additional groups for the `openvscode-server` user.\n", "example": {"_type": "literalExpression", "text": "[\n  \"docker\"\n]"}, "loc": ["services", "openvscode-server", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.openvscode-server.extraPackages": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to the openvscode-server {env}`PATH`.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.go ]"}, "loc": ["services", "openvscode-server", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.openvscode-server.group": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "\"openvscode-server\""}, "description": "The group to run openvscode-server under.\nBy default, a group named `openvscode-server` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourGroup\""}, "loc": ["services", "openvscode-server", "group"], "readOnly": false, "type": "string"}, "services.openvscode-server.host": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host name or IP address the server should listen to.\n", "loc": ["services", "openvscode-server", "host"], "readOnly": false, "type": "string"}, "services.openvscode-server.package": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openvscode-server"}, "description": "The openvscode-server package to use.", "loc": ["services", "openvscode-server", "package"], "readOnly": false, "type": "package"}, "services.openvscode-server.port": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port the server should listen to. If 0 is passed a random free port is picked. If a range in the format num-num is passed, a free port from the range (end inclusive) is selected.\n", "loc": ["services", "openvscode-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.openvscode-server.serverDataDir": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the directory that server data is kept in.\n", "loc": ["services", "openvscode-server", "serverDataDir"], "readOnly": false, "type": "null or string"}, "services.openvscode-server.socketPath": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a socket file for the server to listen to.\n", "example": {"_type": "literalExpression", "text": "\"/run/openvscode/socket\""}, "loc": ["services", "openvscode-server", "socketPath"], "readOnly": false, "type": "null or string"}, "services.openvscode-server.telemetryLevel": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the initial telemetry level. Valid levels are: 'off', 'crash', 'error' and 'all'.\n", "example": {"_type": "literalExpression", "text": "\"crash\""}, "loc": ["services", "openvscode-server", "telemetryLevel"], "readOnly": false, "type": "null or one of \"off\", \"crash\", \"error\", \"all\""}, "services.openvscode-server.user": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "\"openvscode-server\""}, "description": "The user to run openvscode-server as.\nBy default, a user named `openvscode-server` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourUser\""}, "loc": ["services", "openvscode-server", "user"], "readOnly": false, "type": "string"}, "services.openvscode-server.userDataDir": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the directory that user data is kept in. Can be used to open multiple distinct instances of Code.\n", "loc": ["services", "openvscode-server", "userDataDir"], "readOnly": false, "type": "null or string"}, "services.openvscode-server.withoutConnectionToken": {"declarations": ["nixos/modules/services/web-apps/openvscode-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run without a connection token. Only use this if the connection is secured by other means.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openvscode-server", "withoutConnectionToken"], "readOnly": false, "type": "boolean"}, "services.openwebrx.enable": {"declarations": ["nixos/modules/services/web-apps/openwebrx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenWebRX Web interface for Software-Defined Radios on http://localhost:8073.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "openwebrx", "enable"], "readOnly": false, "type": "boolean"}, "services.openwebrx.package": {"declarations": ["nixos/modules/services/web-apps/openwebrx.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openwebrx"}, "description": "The openwebrx package to use.", "loc": ["services", "openwebrx", "package"], "readOnly": false, "type": "package"}, "services.opkssh.authorizations": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "User authorization mappings", "example": {"_type": "literalExpression", "text": "# This example refers to values in the providers example\n# adjust your expressions as necessary\n[\n  {\n    user = \"alice\";\n    principal = \"alice@gmail.com\";\n    inherit (config.services.opkssh.providers.google) issuer;\n  }\n  {\n    user = \"bob\";\n    principal = \"repo:NixOs/nixpkgs:environment:production\";\n    inherit (config.services.opkssh.providers.github) issuer;\n  }\n];\n"}, "loc": ["services", "opkssh", "authorizations"], "readOnly": false, "type": "list of (submodule)"}, "services.opkssh.authorizations.*.issuer": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "description": "Issuer URI", "loc": ["services", "opkssh", "authorizations", "*", "issuer"], "readOnly": false, "type": "string"}, "services.opkssh.authorizations.*.principal": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "description": "Principal identifier (email, repo, etc.)", "loc": ["services", "opkssh", "authorizations", "*", "principal"], "readOnly": false, "type": "string"}, "services.opkssh.authorizations.*.user": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "description": "Linux user to authorize", "loc": ["services", "opkssh", "authorizations", "*", "user"], "readOnly": false, "type": "string"}, "services.opkssh.enable": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OpenID Connect SSH authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "opkssh", "enable"], "readOnly": false, "type": "boolean"}, "services.opkssh.group": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "\"opksshuser\""}, "description": "System group for opkssh", "loc": ["services", "opkssh", "group"], "readOnly": false, "type": "string"}, "services.opkssh.package": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.opkssh"}, "description": "The opkssh package to use.", "loc": ["services", "opkssh", "package"], "readOnly": false, "type": "package"}, "services.opkssh.providers": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "{\n  github = {\n    clientId = \"github\";\n    issuer = \"https://token.actions.githubusercontent.com\";\n    lifetime = \"oidc\";\n  };\n  google = {\n    clientId = \"206584157355-7cbe4s640tvm7naoludob4ut1emii7sf.apps.googleusercontent.com\";\n    issuer = \"https://accounts.google.com\";\n    lifetime = \"24h\";\n  };\n  microsoft = {\n    clientId = \"096ce0a3-5e72-4da8-9c86-12924b294a01\";\n    issuer = \"https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0\";\n    lifetime = \"24h\";\n  };\n}"}, "description": "OpenID Connect providers configuration", "loc": ["services", "opkssh", "providers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.opkssh.providers.<name>.clientId": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "description": "OAuth client ID", "loc": ["services", "opkssh", "providers", "<name>", "clientId"], "readOnly": false, "type": "string"}, "services.opkssh.providers.<name>.issuer": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "description": "Issuer URI", "example": {"_type": "literalExpression", "text": "\"https://accounts.google.com\""}, "loc": ["services", "opkssh", "providers", "<name>", "issuer"], "readOnly": false, "type": "string"}, "services.opkssh.providers.<name>.lifetime": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "\"24h\""}, "description": "Token lifetime", "loc": ["services", "opkssh", "providers", "<name>", "lifetime"], "readOnly": false, "type": "one of \"12h\", \"24h\", \"48h\", \"1week\", \"oidc\", \"oidc-refreshed\""}, "services.opkssh.user": {"declarations": ["nixos/modules/services/networking/opkssh/opkssh.nix"], "default": {"_type": "literalExpression", "text": "\"opksshuser\""}, "description": "System user for running opkssh", "loc": ["services", "opkssh", "user"], "readOnly": false, "type": "string"}, "services.orangefs.client.enable": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/client.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OrangeFS client daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "orangefs", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.orangefs.client.extraOptions": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/client.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for pvfs2-client.", "loc": ["services", "orangefs", "client", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.orangefs.client.fileSystems": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/client.nix"], "description": "The orangefs file systems to be mounted.\nThis option is preferred over using {option}`fileSystems` directly since\nthe pvfs client service needs to be running for it to be mounted.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    mountPoint = \"/orangefs\";\n    target = \"tcp://server:3334/orangefs\";\n  }\n]"}, "loc": ["services", "orangefs", "client", "fileSystems"], "readOnly": false, "type": "list of (submodule)"}, "services.orangefs.client.fileSystems.*.mountPoint": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/client.nix"], "default": {"_type": "literalExpression", "text": "\"/orangefs\""}, "description": "Mount point.", "loc": ["services", "orangefs", "client", "fileSystems", "*", "mountPoint"], "readOnly": false, "type": "string"}, "services.orangefs.client.fileSystems.*.options": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/client.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mount options", "loc": ["services", "orangefs", "client", "fileSystems", "*", "options"], "readOnly": false, "type": "list of string"}, "services.orangefs.client.fileSystems.*.target": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/client.nix"], "description": "Target URL", "example": {"_type": "literalExpression", "text": "\"tcp://server:3334/orangefs\""}, "loc": ["services", "orangefs", "client", "fileSystems", "*", "target"], "readOnly": false, "type": "string"}, "services.orangefs.server.BMIModules": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"bmi_tcp\"\n]"}, "description": "List of BMI modules to load.", "example": {"_type": "literalExpression", "text": "[\n  \"bmi_tcp\"\n  \"bmi_ib\"\n]"}, "loc": ["services", "orangefs", "server", "BMIModules"], "readOnly": false, "type": "list of string"}, "services.orangefs.server.dataStorageSpace": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Directory for data storage.", "example": {"_type": "literalExpression", "text": "\"/data/storage\""}, "loc": ["services", "orangefs", "server", "dataStorageSpace"], "readOnly": false, "type": "null or string"}, "services.orangefs.server.enable": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OrangeFS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "orangefs", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.orangefs.server.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config for the global section.", "loc": ["services", "orangefs", "server", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.orangefs.server.extraDefaults": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config for `<Defaults>` section.", "loc": ["services", "orangefs", "server", "extraDefaults"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.orangefs.server.fileSystems": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "{\n  orangefs = { };\n}"}, "description": "These options will create the `<FileSystem>` sections of config file.\n", "example": {"_type": "literalExpression", "text": "{\n  fs1 = {\n    id = 101;\n  };\n\n  fs2 = {\n    id = 102;\n  };\n}\n"}, "loc": ["services", "orangefs", "server", "fileSystems"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.orangefs.server.fileSystems.<name>.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config for `<FileSystem>` section.", "loc": ["services", "orangefs", "server", "fileSystems", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.orangefs.server.fileSystems.<name>.extraStorageHints": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config for `<StorageHints>` section.", "loc": ["services", "orangefs", "server", "fileSystems", "<name>", "extraStorageHints"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.orangefs.server.fileSystems.<name>.id": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "File system ID (must be unique within configuration).", "loc": ["services", "orangefs", "server", "fileSystems", "<name>", "id"], "readOnly": false, "type": "signed integer"}, "services.orangefs.server.fileSystems.<name>.rootHandle": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "File system root ID.", "loc": ["services", "orangefs", "server", "fileSystems", "<name>", "rootHandle"], "readOnly": false, "type": "signed integer"}, "services.orangefs.server.fileSystems.<name>.troveSyncData": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Sync data.", "loc": ["services", "orangefs", "server", "fileSystems", "<name>", "troveSyncData"], "readOnly": false, "type": "boolean"}, "services.orangefs.server.fileSystems.<name>.troveSyncMeta": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Sync meta data.", "loc": ["services", "orangefs", "server", "fileSystems", "<name>", "troveSyncMeta"], "readOnly": false, "type": "boolean"}, "services.orangefs.server.logType": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "\"syslog\""}, "description": "Destination for log messages.", "loc": ["services", "orangefs", "server", "logType"], "readOnly": false, "type": "one of \"file\", \"syslog\""}, "services.orangefs.server.metadataStorageSpace": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Directory for meta data storage.", "example": {"_type": "literalExpression", "text": "\"/data/meta\""}, "loc": ["services", "orangefs", "server", "metadataStorageSpace"], "readOnly": false, "type": "null or string"}, "services.orangefs.server.servers": {"declarations": ["nixos/modules/services/network-filesystems/orangefs/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "URLs for storage server including port. The attribute names define the server alias.", "example": {"_type": "literalExpression", "text": "{\n  node1 = \"tcp://node1:3334\";\n  node2 = \"tcp://node2:3334\";\n}"}, "loc": ["services", "orangefs", "server", "servers"], "readOnly": false, "type": "attribute set of string"}, "services.orca.enable": {"declarations": ["nixos/modules/services/accessibility/orca.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Orca screen reader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "orca", "enable"], "readOnly": false, "type": "boolean"}, "services.orca.package": {"declarations": ["nixos/modules/services/accessibility/orca.nix"], "default": {"_type": "literalExpression", "text": "pkgs.orca"}, "description": "The orca package to use.", "loc": ["services", "orca", "package"], "readOnly": false, "type": "package"}, "services.orthanc.enable": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Orthanc server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "orthanc", "enable"], "readOnly": false, "type": "boolean"}, "services.orthanc.environment": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables\nFor more details see <https://orthanc.uclouvain.be/book/users/configuration.html>\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    ORTHANC_NAME = \"Orthanc server\";\n  }\n''"}, "loc": ["services", "orthanc", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.orthanc.environmentFile": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/orthancSecrets\""}, "loc": ["services", "orthanc", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.orthanc.openFirewall": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for Orthanc.\nThis adds `services.orthanc.settings.HttpPort` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "orthanc", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.orthanc.package": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.orthanc"}, "description": "The orthanc package to use.", "loc": ["services", "orthanc", "package"], "readOnly": false, "type": "package"}, "services.orthanc.settings": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "{\n  HttpPort = {\n    _type = \"override\";\n    content = 8042;\n    priority = 1000;\n  };\n  IndexDirectory = {\n    _type = \"override\";\n    content = \"/var/lib/orthanc/\";\n    priority = 1000;\n  };\n  StorageDirectory = {\n    _type = \"override\";\n    content = \"/var/lib/orthanc/\";\n    priority = 1000;\n  };\n}"}, "description": "Configuration written to a json file that is read by orthanc.\nSee <https://orthanc.uclouvain.be/book/index.html> for more.\n", "example": {"_type": "literalExpression", "text": "{\n  HttpPort = 12345;\n  Name = \"My Orthanc Server\";\n}"}, "loc": ["services", "orthanc", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.orthanc.stateDir": {"declarations": ["nixos/modules/services/misc/orthanc.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/orthanc\""}, "description": "State directory of Orthanc.", "example": {"_type": "literalExpression", "text": "\"/home/foo\""}, "loc": ["services", "orthanc", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.osquery.enable": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable osqueryd daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "osquery", "enable"], "readOnly": false, "type": "boolean"}, "services.osquery.flags": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of flag names and values to be written to the osqueryd flagfile.\nFor more information, refer to <https://osquery.readthedocs.io/en/stable/installation/cli-flags>.\n", "example": {"_type": "literalExpression", "text": "{\n  config_refresh = \"10\";\n}"}, "loc": ["services", "osquery", "flags"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.osquery.flags.database_path": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/osquery/osquery.db\""}, "description": "Path used for the database file.\n\n::: {.note}\nIf left as the default value, this directory will be automatically created before the\nservice starts, otherwise you are responsible for ensuring the directory exists with\nthe appropriate ownership and permissions.\n", "loc": ["services", "osquery", "flags", "database_path"], "readOnly": true, "type": "absolute path"}, "services.osquery.flags.logger_path": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/osquery\""}, "description": "Base directory used for logging.\n\n::: {.note}\nIf left as the default value, this directory will be automatically created before the\nservice starts, otherwise you are responsible for ensuring the directory exists with\nthe appropriate ownership and permissions.\n", "loc": ["services", "osquery", "flags", "logger_path"], "readOnly": true, "type": "absolute path"}, "services.osquery.flags.pidfile": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "\"/run/osquery/osqueryd.pid\""}, "description": "Path used for pid file.", "loc": ["services", "osquery", "flags", "pidfile"], "readOnly": true, "type": "absolute path"}, "services.osquery.package": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "pkgs.osquery"}, "description": "The osquery package to use.", "loc": ["services", "osquery", "package"], "readOnly": false, "type": "package"}, "services.osquery.settings": {"declarations": ["nixos/modules/services/monitoring/osquery.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration to be written to the osqueryd JSON configuration file.\nTo understand the configuration format, refer to <https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components>.\n", "example": {"_type": "literalExpression", "text": "{\n  options = {\n    utc = false;\n  };\n}"}, "loc": ["services", "osquery", "settings"], "readOnly": false, "type": "attribute set"}, "services.osrm.address": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address on which the web server will listen.", "loc": ["services", "osrm", "address"], "readOnly": false, "type": "string"}, "services.osrm.algorithm": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "default": {"_type": "literalExpression", "text": "\"MLD\""}, "description": "Algorithm to use for the data. Must be one of CH, CoreCH, MLD", "loc": ["services", "osrm", "algorithm"], "readOnly": false, "type": "one of \"CH\", \"CoreCH\", \"MLD\""}, "services.osrm.dataFile": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "description": "Data file location", "example": {"_type": "literalExpression", "text": "\"/var/lib/osrm/berlin-latest.osrm\""}, "loc": ["services", "osrm", "dataFile"], "readOnly": false, "type": "absolute path"}, "services.osrm.enable": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the OSRM service.", "loc": ["services", "osrm", "enable"], "readOnly": false, "type": "boolean"}, "services.osrm.extraFlags": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments passed to osrm-routed", "example": {"_type": "literalExpression", "text": "[\n  \"--max-table-size 1000\"\n  \"--max-matching-size 1000\"\n]"}, "loc": ["services", "osrm", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.osrm.port": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port on which the web server will run.", "loc": ["services", "osrm", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.osrm.threads": {"declarations": ["nixos/modules/services/misc/osrm.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Number of threads to use.", "loc": ["services", "osrm", "threads"], "readOnly": false, "type": "signed integer"}, "services.ostinato.enable": {"declarations": ["nixos/modules/services/networking/ostinato.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Ostinato agent-controller (Drone).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ostinato", "enable"], "readOnly": false, "type": "boolean"}, "services.ostinato.port": {"declarations": ["nixos/modules/services/networking/ostinato.nix"], "default": {"_type": "literalExpression", "text": "7878"}, "description": "Port to listen on.\n", "loc": ["services", "ostinato", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ostinato.portList.exclude": {"declarations": ["nixos/modules/services/networking/ostinato.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of ports does not appear on the port list managed by drone.\n", "example": {"_type": "literalExpression", "text": "[\n  \"usbmon*\"\n  \"eth0\"\n]"}, "loc": ["services", "ostinato", "portList", "exclude"], "readOnly": false, "type": "list of string"}, "services.ostinato.portList.include": {"declarations": ["nixos/modules/services/networking/ostinato.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "For a port to pass the filter and appear on the port list managed\nby drone, it be allowed by this include list.\n", "example": {"_type": "literalExpression", "text": "[\n  \"eth*\"\n  \"lo*\"\n]"}, "loc": ["services", "ostinato", "portList", "include"], "readOnly": false, "type": "list of string"}, "services.ostinato.rateAccuracy": {"declarations": ["nixos/modules/services/networking/ostinato.nix"], "default": {"_type": "literalExpression", "text": "\"High\""}, "description": "To ensure that the actual transmit rate is as close as possible to\nthe configured transmit rate, Drone runs a busy-wait loop.\nWhile this provides the maximum accuracy possible, the CPU\nutilization is 100% while the transmit is on. You can however,\nsacrifice the accuracy to reduce the CPU load.\n", "loc": ["services", "ostinato", "rateAccuracy"], "readOnly": false, "type": "one of \"High\", \"Low\""}, "services.ostinato.rpcServer.address": {"declarations": ["nixos/modules/services/networking/ostinato.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "By default, the Drone RPC server will listen on all interfaces and\nlocal IPv4 addresses for incoming connections from clients.  Specify\na single IPv4 or IPv6 address if you want to restrict that.\nTo listen on any IPv6 address, use ::\n", "loc": ["services", "ostinato", "rpcServer", "address"], "readOnly": false, "type": "string"}, "services.outline.azureAuthentication": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To configure Microsoft/Azure auth, you'll need to create an OAuth\nClient. See\n[the guide](https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4)\nfor details on setting up your Azure App.\n", "loc": ["services", "outline", "azureAuthentication"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.azureAuthentication.clientId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Authentication client identifier.", "loc": ["services", "outline", "azureAuthentication", "clientId"], "readOnly": false, "type": "string"}, "services.outline.azureAuthentication.clientSecretFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the authentication secret.", "loc": ["services", "outline", "azureAuthentication", "clientSecretFile"], "readOnly": false, "type": "string"}, "services.outline.azureAuthentication.resourceAppId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Authentication application resource ID.", "loc": ["services", "outline", "azureAuthentication", "resourceAppId"], "readOnly": false, "type": "string"}, "services.outline.cdnUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If using a Cloudfront/Cloudflare distribution or similar it can be set\nusing this option. This will cause paths to JavaScript files,\nstylesheets and images to be updated to the hostname defined here. In\nyour CDN configuration the origin server should be set to public URL.\n", "loc": ["services", "outline", "cdnUrl"], "readOnly": false, "type": "string"}, "services.outline.concurrency": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "How many processes should be spawned. For a rough estimate, divide your\nserver's available memory by 512.\n", "loc": ["services", "outline", "concurrency"], "readOnly": false, "type": "signed integer"}, "services.outline.databaseUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "URI to use for the main PostgreSQL database. If this needs to include\ncredentials that shouldn't be world-readable in the Nix store, set an\nenvironment file on the systemd service and override the\n`DATABASE_URL` entry. Pass the string\n`local` to setup a database on the local server.\n", "loc": ["services", "outline", "databaseUrl"], "readOnly": false, "type": "string"}, "services.outline.debugOutput": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set this to `http` log HTTP requests.", "loc": ["services", "outline", "debugOutput"], "readOnly": false, "type": "null or value \"http\" (singular enum)"}, "services.outline.defaultLanguage": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"en_US\""}, "description": "The default interface language. See\n[translate.getoutline.com](https://translate.getoutline.com/)\nfor a list of available language codes and their rough percentage\ntranslated.\n", "loc": ["services", "outline", "defaultLanguage"], "readOnly": false, "type": "one of \"da_DK\", \"de_DE\", \"en_US\", \"es_ES\", \"fa_IR\", \"fr_FR\", \"it_IT\", \"ja_JP\", \"ko_KR\", \"nl_NL\", \"pl_PL\", \"pt_BR\", \"pt_PT\", \"ru_RU\", \"sv_SE\", \"th_TH\", \"vi_VN\", \"zh_CN\", \"zh_TW\""}, "services.outline.discordAuthentication": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To configure Discord auth, you'll need to create an application at\n<https://discord.com/developers/applications/>\n\nSee <https://docs.getoutline.com/s/hosting/doc/discord-g4JdWFFub6>\nfor details on setting up your Discord app.\n", "loc": ["services", "outline", "discordAuthentication"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.discordAuthentication.clientId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Authentication client identifier.", "loc": ["services", "outline", "discordAuthentication", "clientId"], "readOnly": false, "type": "string"}, "services.outline.discordAuthentication.clientSecretFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the authentication secret.", "loc": ["services", "outline", "discordAuthentication", "clientSecretFile"], "readOnly": false, "type": "string"}, "services.outline.discordAuthentication.serverId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Restrict logins to a specific server (optional, but recommended).\nYou can find a Discord server's ID by right-clicking the server icon,\nand select \u201cCopy Server ID\u201d.\n", "loc": ["services", "outline", "discordAuthentication", "serverId"], "readOnly": false, "type": "string"}, "services.outline.discordAuthentication.serverRoles": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Optionally restrict logins to a comma-separated list of role IDs", "loc": ["services", "outline", "discordAuthentication", "serverRoles"], "readOnly": false, "type": "strings concatenated with \",\""}, "services.outline.enable": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable outline.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "outline", "enable"], "readOnly": false, "type": "boolean"}, "services.outline.enableUpdateCheck": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Have the installation check for updates by sending anonymized statistics\nto the maintainers.\n", "loc": ["services", "outline", "enableUpdateCheck"], "readOnly": false, "type": "boolean"}, "services.outline.forceHttps": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Auto-redirect to HTTPS in production. The default is\n`true` but you may set this to `false`\nif you can be sure that SSL is terminated at an external loadbalancer.\n", "loc": ["services", "outline", "forceHttps"], "readOnly": false, "type": "boolean"}, "services.outline.googleAnalyticsId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optionally enable Google Analytics to track page views in the knowledge\nbase.\n", "loc": ["services", "outline", "googleAnalyticsId"], "readOnly": false, "type": "null or string"}, "services.outline.googleAuthentication": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To configure Google auth, you'll need to create an OAuth Client ID at\n<https://console.cloud.google.com/apis/credentials>\n\nWhen configuring the Client ID, add an Authorized redirect URI to\n`https://[publicUrl]/auth/google.callback`.\n", "loc": ["services", "outline", "googleAuthentication"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.googleAuthentication.clientId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Authentication client identifier.", "loc": ["services", "outline", "googleAuthentication", "clientId"], "readOnly": false, "type": "string"}, "services.outline.googleAuthentication.clientSecretFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the authentication secret.", "loc": ["services", "outline", "googleAuthentication", "clientSecretFile"], "readOnly": false, "type": "string"}, "services.outline.group": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"outline\""}, "description": "Group under which the service should run. If this is the default value,\nthe group will be created.\n", "loc": ["services", "outline", "group"], "readOnly": false, "type": "string"}, "services.outline.logo": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom logo displayed on the authentication screen. This will be scaled\nto a height of 60px.\n", "loc": ["services", "outline", "logo"], "readOnly": false, "type": "null or string"}, "services.outline.maximumImportSize": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "5120000"}, "description": "The maximum size of document imports. Overriding this could be required\nif you have especially large Word documents with embedded imagery.\n", "loc": ["services", "outline", "maximumImportSize"], "readOnly": false, "type": "signed integer"}, "services.outline.oidcAuthentication": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To configure generic OIDC auth, you'll need some kind of identity\nprovider. See the documentation for whichever IdP you use to fill out\nall the fields. The redirect URL is\n`https://[publicUrl]/auth/oidc.callback`.\n", "loc": ["services", "outline", "oidcAuthentication"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.oidcAuthentication.authUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "OIDC authentication URL endpoint.", "loc": ["services", "outline", "oidcAuthentication", "authUrl"], "readOnly": false, "type": "string"}, "services.outline.oidcAuthentication.clientId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Authentication client identifier.", "loc": ["services", "outline", "oidcAuthentication", "clientId"], "readOnly": false, "type": "string"}, "services.outline.oidcAuthentication.clientSecretFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the authentication secret.", "loc": ["services", "outline", "oidcAuthentication", "clientSecretFile"], "readOnly": false, "type": "string"}, "services.outline.oidcAuthentication.displayName": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"OpenID\""}, "description": "Display name for OIDC authentication.", "loc": ["services", "outline", "oidcAuthentication", "displayName"], "readOnly": false, "type": "string"}, "services.outline.oidcAuthentication.scopes": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"openid\"\n  \"profile\"\n  \"email\"\n]"}, "description": "OpenID authentication scopes.", "loc": ["services", "outline", "oidcAuthentication", "scopes"], "readOnly": false, "type": "list of string"}, "services.outline.oidcAuthentication.tokenUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "OIDC token URL endpoint.", "loc": ["services", "outline", "oidcAuthentication", "tokenUrl"], "readOnly": false, "type": "string"}, "services.outline.oidcAuthentication.userinfoUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "OIDC userinfo URL endpoint.", "loc": ["services", "outline", "oidcAuthentication", "userinfoUrl"], "readOnly": false, "type": "string"}, "services.outline.oidcAuthentication.usernameClaim": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"preferred_username\""}, "description": "Specify which claims to derive user information from. Supports any\nvalid JSON path with the JWT payload\n", "loc": ["services", "outline", "oidcAuthentication", "usernameClaim"], "readOnly": false, "type": "string"}, "services.outline.package": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "pkgs.outline"}, "description": "Outline package to use.", "example": {"_type": "literalExpression", "text": "pkgs.outline.overrideAttrs (super: {\n  # Ignore the domain part in emails that come from OIDC. This is might\n  # be helpful if you want multiple users with different email providers\n  # to still land in the same team. Note that this effectively makes\n  # Outline a single-team instance.\n  patchPhase = ''\n    sed -i 's/const domain = parts\\.length && parts\\[1\\];/const domain = \"example.com\";/g' plugins/oidc/server/auth/oidc.ts\n  '';\n})\n"}, "loc": ["services", "outline", "package"], "readOnly": false, "type": "package"}, "services.outline.port": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Listening port.", "loc": ["services", "outline", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.outline.publicUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:3000\""}, "description": "The fully qualified, publicly accessible URL", "loc": ["services", "outline", "publicUrl"], "readOnly": false, "type": "string"}, "services.outline.rateLimiter.durationWindow": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Length of a throttling window.", "loc": ["services", "outline", "rateLimiter", "durationWindow"], "readOnly": false, "type": "signed integer"}, "services.outline.rateLimiter.enable": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rate limiter for the application web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "outline", "rateLimiter", "enable"], "readOnly": false, "type": "boolean"}, "services.outline.rateLimiter.requests": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Maximum number of requests in a throttling window.", "loc": ["services", "outline", "rateLimiter", "requests"], "readOnly": false, "type": "signed integer"}, "services.outline.redisUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "Connection to a redis server. If this needs to include credentials\nthat shouldn't be world-readable in the Nix store, set an environment\nfile on the systemd service and override the\n`REDIS_URL` entry. Pass the string\n`local` to setup a local Redis database.\n", "loc": ["services", "outline", "redisUrl"], "readOnly": false, "type": "string"}, "services.outline.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/outline/secret_key\""}, "description": "File path that contains the application secret key. It must be 32\nbytes long and hex-encoded. If the file does not exist, a new key will\nbe generated and saved here.\n", "loc": ["services", "outline", "secretKeyFile"], "readOnly": false, "type": "string"}, "services.outline.sentryDsn": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optionally enable [Sentry](https://sentry.io/) to\ntrack errors and performance.\n", "loc": ["services", "outline", "sentryDsn"], "readOnly": false, "type": "null or string"}, "services.outline.sentryTunnel": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optionally add a\n[Sentry proxy tunnel](https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)\nfor bypassing ad blockers in the UI.\n", "loc": ["services", "outline", "sentryTunnel"], "readOnly": false, "type": "null or string"}, "services.outline.slackAuthentication": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To configure Slack auth, you'll need to create an Application at\n<https://api.slack.com/apps>\n\nWhen configuring the Client ID, add a redirect URL under \"OAuth & Permissions\"\nto `https://[publicUrl]/auth/slack.callback`.\n", "loc": ["services", "outline", "slackAuthentication"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.slackAuthentication.clientId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Authentication key.", "loc": ["services", "outline", "slackAuthentication", "clientId"], "readOnly": false, "type": "string"}, "services.outline.slackAuthentication.secretFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the authentication secret.", "loc": ["services", "outline", "slackAuthentication", "secretFile"], "readOnly": false, "type": "string"}, "services.outline.slackIntegration": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "For a complete Slack integration with search and posting to channels\nthis configuration is also needed. See here for details:\n<https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a>\n", "loc": ["services", "outline", "slackIntegration"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.slackIntegration.appId": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Application ID.", "loc": ["services", "outline", "slackIntegration", "appId"], "readOnly": false, "type": "string"}, "services.outline.slackIntegration.messageActions": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable message actions.", "loc": ["services", "outline", "slackIntegration", "messageActions"], "readOnly": false, "type": "boolean"}, "services.outline.slackIntegration.verificationTokenFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the verification token.", "loc": ["services", "outline", "slackIntegration", "verificationTokenFile"], "readOnly": false, "type": "string"}, "services.outline.smtp": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To support sending outgoing transactional emails such as\n\"document updated\" or \"you've been invited\" you'll need to provide\nauthentication for an SMTP server.\n", "loc": ["services", "outline", "smtp"], "readOnly": false, "type": "null or (submodule)"}, "services.outline.smtp.fromEmail": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Sender email in outgoing mail.", "loc": ["services", "outline", "smtp", "fromEmail"], "readOnly": false, "type": "string"}, "services.outline.smtp.host": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Host name or IP address of the SMTP server.", "loc": ["services", "outline", "smtp", "host"], "readOnly": false, "type": "string"}, "services.outline.smtp.passwordFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path containing the password to authenticate with.\n", "loc": ["services", "outline", "smtp", "passwordFile"], "readOnly": false, "type": "string"}, "services.outline.smtp.port": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "TCP port of the SMTP server.", "loc": ["services", "outline", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.outline.smtp.replyEmail": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Reply address in outgoing mail.", "loc": ["services", "outline", "smtp", "replyEmail"], "readOnly": false, "type": "string"}, "services.outline.smtp.secure": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use a secure SMTP connection.", "loc": ["services", "outline", "smtp", "secure"], "readOnly": false, "type": "boolean"}, "services.outline.smtp.tlsCiphers": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Override SMTP cipher configuration.", "loc": ["services", "outline", "smtp", "tlsCiphers"], "readOnly": false, "type": "string"}, "services.outline.smtp.username": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Username to authenticate with.", "loc": ["services", "outline", "smtp", "username"], "readOnly": false, "type": "string"}, "services.outline.sslCertFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path that contains the Base64-encoded certificate for HTTPS\ntermination. This is only required if you do not use an external reverse\nproxy. See\n[the documentation](https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4).\n", "loc": ["services", "outline", "sslCertFile"], "readOnly": false, "type": "null or string"}, "services.outline.sslKeyFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path that contains the Base64-encoded private key for HTTPS\ntermination. This is only required if you do not use an external reverse\nproxy. See\n[the documentation](https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4).\n", "loc": ["services", "outline", "sslKeyFile"], "readOnly": false, "type": "null or string"}, "services.outline.storage": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "To support uploading of images for avatars and document attachments an\ns3-compatible storage can be provided. AWS S3 is recommended for\nredundancy however if you want to keep all file storage local an\nalternative such as [minio](https://github.com/minio/minio)\ncan be used.\nLocal filesystem storage can also be used.\n\nA more detailed guide on setting up storage is available\n[here](https://docs.getoutline.com/s/hosting/doc/file-storage-N4M0T6Ypu7).\n", "example": {"_type": "literalExpression", "text": "{\n  accessKey = \"...\";\n  secretKeyFile = \"/somewhere\";\n  uploadBucketUrl = \"https://minio.example.com\";\n  uploadBucketName = \"outline\";\n  region = \"us-east-1\";\n}\n"}, "loc": ["services", "outline", "storage"], "readOnly": false, "type": "submodule"}, "services.outline.storage.accelerateUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL for AWS S3 [transfer acceleration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html).\n", "loc": ["services", "outline", "storage", "accelerateUrl"], "readOnly": false, "type": "null or string"}, "services.outline.storage.accessKey": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "S3 access key.", "loc": ["services", "outline", "storage", "accessKey"], "readOnly": false, "type": "string"}, "services.outline.storage.acl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"private\""}, "description": "ACL setting.", "loc": ["services", "outline", "storage", "acl"], "readOnly": false, "type": "string"}, "services.outline.storage.forcePathStyle": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Force S3 path style.", "loc": ["services", "outline", "storage", "forcePathStyle"], "readOnly": false, "type": "boolean"}, "services.outline.storage.localRootDir": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/outline/data\""}, "description": "If `storageType` is `local`, this sets the parent directory\nunder which all attachments/images go.\n", "loc": ["services", "outline", "storage", "localRootDir"], "readOnly": false, "type": "string"}, "services.outline.storage.region": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"xx-xxxx-x\""}, "description": "AWS S3 region name.", "loc": ["services", "outline", "storage", "region"], "readOnly": false, "type": "string"}, "services.outline.storage.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "File path that contains the S3 secret key.", "loc": ["services", "outline", "storage", "secretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.outline.storage.storageType": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"s3\""}, "description": "File storage type, it can be local or s3.", "loc": ["services", "outline", "storage", "storageType"], "readOnly": false, "type": "one of \"local\", \"s3\""}, "services.outline.storage.uploadBucketName": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "Name of the bucket where uploads should be stored.", "loc": ["services", "outline", "storage", "uploadBucketName"], "readOnly": false, "type": "string"}, "services.outline.storage.uploadBucketUrl": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "description": "URL endpoint of an S3-compatible API where uploads should be\nstored.\n", "loc": ["services", "outline", "storage", "uploadBucketUrl"], "readOnly": false, "type": "string"}, "services.outline.storage.uploadMaxSize": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "26214400"}, "description": "Maxmium file size for uploads.", "loc": ["services", "outline", "storage", "uploadMaxSize"], "readOnly": false, "type": "signed integer"}, "services.outline.user": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"outline\""}, "description": "User under which the service should run. If this is the default value,\nthe user will be created, with the specified group as the primary\ngroup.\n", "loc": ["services", "outline", "user"], "readOnly": false, "type": "string"}, "services.outline.utilsSecretFile": {"declarations": ["nixos/modules/services/web-apps/outline.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/outline/utils_secret\""}, "description": "File path that contains the utility secret key. If the file does not\nexist, a new key will be generated and saved here.\n", "loc": ["services", "outline", "utilsSecretFile"], "readOnly": false, "type": "string"}, "services.overseerr.enable": {"declarations": ["nixos/modules/services/misc/overseerr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Overseerr, a request management and media discovery tool for the Plex ecosystem.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "overseerr", "enable"], "readOnly": false, "type": "boolean"}, "services.overseerr.openFirewall": {"declarations": ["nixos/modules/services/misc/overseerr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open a port in the firewall for the Overseerr web interface.", "loc": ["services", "overseerr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.overseerr.package": {"declarations": ["nixos/modules/services/misc/overseerr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.overseerr"}, "description": "The overseerr package to use.", "loc": ["services", "overseerr", "package"], "readOnly": false, "type": "package"}, "services.overseerr.port": {"declarations": ["nixos/modules/services/misc/overseerr.nix"], "default": {"_type": "literalExpression", "text": "5055"}, "description": "The port which the Overseerr web UI should listen on.", "loc": ["services", "overseerr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.owamp.enable": {"declarations": ["nixos/modules/services/networking/owamp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OWAMP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "owamp", "enable"], "readOnly": false, "type": "boolean"}, "services.owncast.dataDir": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/owncast\""}, "description": "The directory where owncast stores its data files. If left as the default value this directory will automatically be created before the owncast server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.\n", "loc": ["services", "owncast", "dataDir"], "readOnly": false, "type": "string"}, "services.owncast.enable": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable owncast, a video live streaming solution.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "owncast", "enable"], "readOnly": false, "type": "boolean"}, "services.owncast.group": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "\"owncast\""}, "description": "Group under which owncast runs.", "loc": ["services", "owncast", "group"], "readOnly": false, "type": "string"}, "services.owncast.listen": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP address to bind the owncast web server to.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "owncast", "listen"], "readOnly": false, "type": "string"}, "services.owncast.openFirewall": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the appropriate ports in the firewall for owncast.\n", "loc": ["services", "owncast", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.owncast.port": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "TCP port where owncast web-gui listens.\n", "loc": ["services", "owncast", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.owncast.rtmp-port": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "1935"}, "description": "TCP port where owncast rtmp service listens.\n", "loc": ["services", "owncast", "rtmp-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.owncast.user": {"declarations": ["nixos/modules/services/misc/owncast.nix"], "default": {"_type": "literalExpression", "text": "\"owncast\""}, "description": "User account under which owncast runs.", "loc": ["services", "owncast", "user"], "readOnly": false, "type": "string"}, "services.oxidized.configFile": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "description": "Path to the oxidized configuration file.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"oxidized-config.yml\" ''\n  ---\n  debug: true\n  use_syslog: true\n  input:\n    default: ssh\n    ssh:\n      secure: true\n  interval: 3600\n  model_map:\n    dell: powerconnect\n    hp: procurve\n  source:\n    default: csv\n    csv:\n      delimiter: !ruby/regexp /:/\n      file: \"/var/lib/oxidized/.config/oxidized/router.db\"\n      map:\n        name: 0\n        model: 1\n        username: 2\n        password: 3\n  pid: \"/var/lib/oxidized/.config/oxidized/pid\"\n  rest: 127.0.0.1:8888\n  retries: 3\n  # ... additional config\n'';\n"}, "loc": ["services", "oxidized", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.oxidized.dataDir": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/oxidized\""}, "description": "State directory for the oxidized service.", "loc": ["services", "oxidized", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.oxidized.enable": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the oxidized configuration backup service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "oxidized", "enable"], "readOnly": false, "type": "boolean"}, "services.oxidized.group": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "default": {"_type": "literalExpression", "text": "\"oxidized\""}, "description": "Group under which the oxidized service runs.\n", "loc": ["services", "oxidized", "group"], "readOnly": false, "type": "string"}, "services.oxidized.package": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oxidized"}, "description": "The oxidized package to use.", "loc": ["services", "oxidized", "package"], "readOnly": false, "type": "package"}, "services.oxidized.routerDB": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file/database which contains the targets for oxidized.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"oxidized-router.db\" ''\n  hostname-sw1:powerconnect:username1:password2\n  hostname-sw2:procurve:username2:password2\n  # ... additional hosts\n''\n"}, "loc": ["services", "oxidized", "routerDB"], "readOnly": false, "type": "null or absolute path"}, "services.oxidized.user": {"declarations": ["nixos/modules/services/admin/oxidized.nix"], "default": {"_type": "literalExpression", "text": "\"oxidized\""}, "description": "User under which the oxidized service runs.\n", "loc": ["services", "oxidized", "user"], "readOnly": false, "type": "string"}, "services.pacemaker.enable": {"declarations": ["nixos/modules/services/cluster/pacemaker/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pacemaker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pacemaker", "enable"], "readOnly": false, "type": "boolean"}, "services.pacemaker.package": {"declarations": ["nixos/modules/services/cluster/pacemaker/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pacemaker"}, "description": "The pacemaker package to use.", "loc": ["services", "pacemaker", "package"], "readOnly": false, "type": "package"}, "services.packagekit.enable": {"declarations": ["nixos/modules/services/misc/packagekit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PackageKit, a cross-platform D-Bus abstraction layer for\ninstalling software. Software utilizing PackageKit can install\nsoftware regardless of the package manager\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "packagekit", "enable"], "readOnly": false, "type": "boolean"}, "services.packagekit.settings": {"declarations": ["nixos/modules/services/misc/packagekit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings passed straight through to PackageKit.conf", "loc": ["services", "packagekit", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.packagekit.vendorSettings": {"declarations": ["nixos/modules/services/misc/packagekit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings passed straight through to Vendor.conf", "loc": ["services", "packagekit", "vendorSettings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.pairdrop.enable": {"declarations": ["nixos/modules/services/web-apps/pairdrop.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pairdrop.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pairdrop", "enable"], "readOnly": false, "type": "boolean"}, "services.pairdrop.environment": {"declarations": ["nixos/modules/services/web-apps/pairdrop.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration (environment variables) for PairDrop, see\n<https://github.com/schlagmichdoch/PairDrop/blob/master/docs/host-your-own.md#environment-variables>\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  BLUESKY_BUTTON_ACTIVE = false;\n  CUSTOM_BUTTON_ACTIVE = false;\n  DEBUG_MODE = true;\n  DONATION_BUTTON_ACTIVE = false;\n  IPV6_LOCALIZE = 4;\n  MASTODON_BUTTON_ACTIVE = false;\n  PRIVACYPOLICY_BUTTON_ACTIVE = false;\n  RATE_LIMIT = 1;\n  RTC_CONFIG = \"/etc/pairdrop/rtc-config.json\";\n  SIGNALING_SERVER = \"pairdrop.net\";\n  TWITTER_BUTTON_ACTIVE = false;\n  WS_FALLBACK = true;\n}"}, "loc": ["services", "pairdrop", "environment"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string)"}, "services.pairdrop.package": {"declarations": ["nixos/modules/services/web-apps/pairdrop.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pairdrop"}, "description": "The pairdrop package to use.", "loc": ["services", "pairdrop", "package"], "readOnly": false, "type": "package"}, "services.pairdrop.port": {"declarations": ["nixos/modules/services/web-apps/pairdrop.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port to listen on.", "example": {"_type": "literalExpression", "text": "3010"}, "loc": ["services", "pairdrop", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pairdrop.rtcConfig": {"declarations": ["nixos/modules/services/web-apps/pairdrop.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for STUN/TURN servers.\nThis is converted to JSON and written into a file automatically.\nIf you want to provide a file path instead, set `RTC_CONFIG` in {option}`services.pairdrop.environment`.\n", "example": {"_type": "literalExpression", "text": "{\n  iceServers = [\n    {\n      urls = \"stun:stun.example.com:19302\";\n    }\n  ];\n  sdpSemantics = \"unified-plan\";\n}"}, "loc": ["services", "pairdrop", "rtcConfig"], "readOnly": false, "type": "JSON value"}, "services.paisa.enable": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Paisa personal finance manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "paisa", "enable"], "readOnly": false, "type": "boolean"}, "services.paisa.host": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Host bind IP address.", "loc": ["services", "paisa", "host"], "readOnly": false, "type": "string"}, "services.paisa.mutableSettings": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow changes made on the web interface to persist between service\nrestarts.\n", "loc": ["services", "paisa", "mutableSettings"], "readOnly": false, "type": "boolean"}, "services.paisa.openFirewall": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Paisa web server.", "loc": ["services", "paisa", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.paisa.package": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "pkgs.paisa"}, "description": "The paisa package to use.", "loc": ["services", "paisa", "package"], "readOnly": false, "type": "package"}, "services.paisa.port": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "7500"}, "description": "Port to serve Paisa on.", "loc": ["services", "paisa", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.paisa.settings": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Paisa configuration. Please refer to\n<https://paisa.fyi/reference/config/> for details.\n\nOn start and if `mutableSettings` is `true`, these options are merged\ninto the configuration file on start, taking precedence over\nconfiguration changes made on the web interface.\n", "loc": ["services", "paisa", "settings"], "readOnly": false, "type": "null or (open submodule of (YAML 1.1 value))"}, "services.paisa.settings.dataDir": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/paisa/\""}, "description": "Path to paisa data directory.", "loc": ["services", "paisa", "settings", "dataDir"], "readOnly": false, "type": "string"}, "services.paisa.settings.dbFile": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "\"paisa.sqlite3\""}, "description": "Filename of the Paisa database.", "loc": ["services", "paisa", "settings", "dbFile"], "readOnly": false, "type": "string"}, "services.paisa.settings.journalFile": {"declarations": ["nixos/modules/services/misc/paisa.nix"], "default": {"_type": "literalExpression", "text": "\"main.ledger\""}, "description": "Filename of the main journal / ledger file.", "loc": ["services", "paisa", "settings", "journalFile"], "readOnly": false, "type": "string"}, "services.pangolin.baseDomain": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your base fully qualified domain name (without any subdomains).\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "pangolin", "baseDomain"], "readOnly": false, "type": "null or string"}, "services.pangolin.dashboardDomain": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "\"pangolin.\\${config.services.pangolin.baseDomain}\""}, "description": "The domain where the application will be hosted. This is used for many things, including generating links. You can run Pangolin on a subdomain or root domain. Do not prefix with `http` or `https`.\n", "example": {"_type": "literalExpression", "text": "\"auth.example.com\""}, "loc": ["services", "pangolin", "dashboardDomain"], "readOnly": false, "type": "string"}, "services.pangolin.dataDir": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pangolin\""}, "description": "Path to variable state data directory for Pangolin.", "example": {"_type": "literalExpression", "text": "\"/srv/pangolin\""}, "loc": ["services", "pangolin", "dataDir"], "readOnly": false, "type": "string"}, "services.pangolin.dnsProvider": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The DNS provider Traefik will request wildcard certificates from. See the [Traefik Documentation](https://doc.traefik.io/traefik/https/acme/#providers) for more information.\n", "loc": ["services", "pangolin", "dnsProvider"], "readOnly": false, "type": "null or string"}, "services.pangolin.enable": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pangolin reverse proxy server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pangolin", "enable"], "readOnly": false, "type": "boolean"}, "services.pangolin.environmentFile": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing sensitive environment variables for Pangolin. See the [Pangolin Documentation](https://docs.fossorial.io/Pangolin/Configuration/config) for more information.\nThese will overwrite anything defined in the config.\nThe file should contain environment-variable assignments like:\n```\nSERVER_SECRET=1234567890abc\n```\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/secrets/pangolin.env\""}, "loc": ["services", "pangolin", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.pangolin.letsEncryptEmail": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "config.security.acme.defaults.email"}, "description": "An email address for SSL certificate registration with Let's Encrypt. This should be an email you have access to.\n", "loc": ["services", "pangolin", "letsEncryptEmail"], "readOnly": false, "type": "null or string"}, "services.pangolin.openFirewall": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening TCP ports 80 and 443, and UDP port 51820 in the firewall for the Pangolin service(s).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pangolin", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pangolin.package": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fosrl-pangolin"}, "description": "The fosrl-pangolin package to use.", "loc": ["services", "pangolin", "package"], "readOnly": false, "type": "package"}, "services.pangolin.settings": {"declarations": ["nixos/modules/services/networking/pangolin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional attributes to be merged with the configuration options and written to Pangolin's {file}`config.yml` file.\n", "example": {"_type": "literalExpression", "text": "{\n  app = {\n    save_logs = true;\n  };\n  domains = {\n    domain1 = {\n      prefer_wildcard_cert = true;\n    };\n  };\n  server = {\n    external_port = 3007;\n    internal_port = 3008;\n  };\n}"}, "loc": ["services", "pangolin", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.pantalaimon-headless.instances": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative instance config.\n\nNote: to use pantalaimon interactively, e.g. for a Matrix client which does not\nsupport End-to-end encryption (like `fractal`), refer to the home-manager module.\n", "loc": ["services", "pantalaimon-headless", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.pantalaimon-headless.instances.<name>.dataPath": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pantalaimon-\u2039name\u203a\""}, "description": "The directory where `pantalaimon` should store its state such as the database file.\n", "loc": ["services", "pantalaimon-headless", "instances", "<name>", "dataPath"], "readOnly": false, "type": "absolute path"}, "services.pantalaimon-headless.instances.<name>.extraSettings": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options. See\n[pantalaimon(5)](https://github.com/matrix-org/pantalaimon/blob/master/docs/man/pantalaimon.5.md)\nfor available options.\n", "loc": ["services", "pantalaimon-headless", "instances", "<name>", "extraSettings"], "readOnly": false, "type": "attribute set"}, "services.pantalaimon-headless.instances.<name>.homeserver": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "description": "The URI of the homeserver that the `pantalaimon` proxy should\nforward requests to, without the matrix API path but including\nthe http(s) schema.\n", "example": {"_type": "literalExpression", "text": "\"https://matrix.org\""}, "loc": ["services", "pantalaimon-headless", "instances", "<name>", "homeserver"], "readOnly": false, "type": "string"}, "services.pantalaimon-headless.instances.<name>.listenAddress": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address where the daemon will listen to client connections\nfor this homeserver.\n", "loc": ["services", "pantalaimon-headless", "instances", "<name>", "listenAddress"], "readOnly": false, "type": "string"}, "services.pantalaimon-headless.instances.<name>.listenPort": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "8009"}, "description": "The port where the daemon will listen to client connections for\nthis homeserver. Note that the listen address/port combination\nneeds to be lib.unique between different homeservers.\n", "loc": ["services", "pantalaimon-headless", "instances", "<name>", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pantalaimon-headless.instances.<name>.logLevel": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "\"warning\""}, "description": "Set the log level of the daemon.\n", "loc": ["services", "pantalaimon-headless", "instances", "<name>", "logLevel"], "readOnly": false, "type": "one of \"info\", \"warning\", \"error\", \"debug\""}, "services.pantalaimon-headless.instances.<name>.ssl": {"declarations": ["nixos/modules/services/matrix/pantalaimon.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether or not SSL verification should be enabled for outgoing\nconnections to the homeserver.\n", "loc": ["services", "pantalaimon-headless", "instances", "<name>", "ssl"], "readOnly": false, "type": "boolean"}, "services.pantheon.apps.enable": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pantheon default applications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pantheon", "apps", "enable"], "readOnly": false, "type": "boolean"}, "services.pantheon.contractor.enable": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable contractor, a desktop-wide extension service used by Pantheon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pantheon", "contractor", "enable"], "readOnly": false, "type": "boolean"}, "services.pantheon.parental-controls.enable": {"declarations": ["nixos/modules/services/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pantheon parental controls daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pantheon", "parental-controls", "enable"], "readOnly": false, "type": "boolean"}, "services.paperless.address": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Web interface address.", "loc": ["services", "paperless", "address"], "readOnly": false, "type": "string"}, "services.paperless.configureNginx": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure nginx as a reverse proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "paperless", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.paperless.configureTika": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure Tika and Gotenberg to process Office and e-mail files with OCR.\n", "loc": ["services", "paperless", "configureTika"], "readOnly": false, "type": "boolean"}, "services.paperless.consumptionDir": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "\"${dataDir}/consume\""}, "description": "Directory from which new documents are imported.", "loc": ["services", "paperless", "consumptionDir"], "readOnly": false, "type": "string"}, "services.paperless.consumptionDirIsPublic": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether all users can write to the consumption dir.", "loc": ["services", "paperless", "consumptionDirIsPublic"], "readOnly": false, "type": "boolean"}, "services.paperless.dataDir": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/paperless\""}, "description": "Directory to store the Paperless data.", "loc": ["services", "paperless", "dataDir"], "readOnly": false, "type": "string"}, "services.paperless.database.createLocally": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local PostgreSQL database server for Paperless.\n", "loc": ["services", "paperless", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.paperless.domain": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Domain under which paperless will be available.", "example": {"_type": "literalExpression", "text": "\"paperless.example.com\""}, "loc": ["services", "paperless", "domain"], "readOnly": false, "type": "null or string"}, "services.paperless.enable": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Paperless-ngx.\n\nWhen started, the Paperless database is automatically created if it doesn't exist\nand updated if the Paperless package has changed.\nBoth tasks are achieved by running a Django migration.\n\nA script to manage the Paperless-ngx instance (by wrapping Django's manage.py) is available as `paperless-manage`.\n", "loc": ["services", "paperless", "enable"], "readOnly": false, "type": "boolean"}, "services.paperless.environmentFile": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing extra paperless config options in the systemd `EnvironmentFile`\nformat. Refer to the [documentation](https://docs.paperless-ngx.com/configuration/) for\nconfig options.\n\nThis can be used to pass secrets to paperless without putting them in the Nix store.\n\nTo set a database password, point `environmentFile` at a file containing:\n```\nPAPERLESS_DBPASS=<pass>\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/paperless\""}, "loc": ["services", "paperless", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.paperless.exporter.directory": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "${config.services.paperless.dataDir}/export"}, "description": "Directory to store export.", "loc": ["services", "paperless", "exporter", "directory"], "readOnly": false, "type": "string"}, "services.paperless.exporter.enable": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable regular automatic document exports.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "paperless", "exporter", "enable"], "readOnly": false, "type": "boolean"}, "services.paperless.exporter.onCalendar": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "\"01:30:00\""}, "description": "When to run the exporter. See {manpage}`systemd.time(7)`.\n\n`null` disables the timer; allowing you to run the\n`paperless-exporter` service through other means.\n", "loc": ["services", "paperless", "exporter", "onCalendar"], "readOnly": false, "type": "null or string"}, "services.paperless.exporter.settings": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "{\n  compare-checksums = true;\n  delete = true;\n  no-color = true;\n  no-progress-bar = true;\n}"}, "description": "Settings to pass to the document exporter as CLI arguments.", "loc": ["services", "paperless", "exporter", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.paperless.manage": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "description": "The package derivation for the `paperless-manage` wrapper script.\nUseful for other modules that need to add this specific script to a service's PATH.\n", "loc": ["services", "paperless", "manage"], "readOnly": true, "type": "package"}, "services.paperless.mediaDir": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "\"${dataDir}/media\""}, "description": "Directory to store the Paperless documents.", "loc": ["services", "paperless", "mediaDir"], "readOnly": false, "type": "string"}, "services.paperless.openMPThreadingWorkaround": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable a workaround for document classifier timeouts.\n\nPaperless uses OpenBLAS via scikit-learn for document classification.\n\nThe default is to use threading for OpenMP but this would cause the\ndocument classifier to spin on one core seemingly indefinitely if there\nare large amounts of classes per classification; causing it to\neffectively never complete due to running into timeouts.\n\nThis sets `OMP_NUM_THREADS` to `1` in order to mitigate the issue. See\nhttps://github.com/NixOS/nixpkgs/issues/240591 for more information\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "paperless", "openMPThreadingWorkaround"], "readOnly": false, "type": "boolean"}, "services.paperless.package": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "pkgs.paperless-ngx"}, "description": "The paperless-ngx package to use.", "loc": ["services", "paperless", "package"], "readOnly": false, "type": "package"}, "services.paperless.passwordFile": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the superuser password.\n\nA superuser is required to access the web interface.\nIf unset, you can create a superuser manually by running `paperless-manage createsuperuser`.\n\nThe default superuser name is `admin`. To change it, set\noption {option}`settings.PAPERLESS_ADMIN_USER`.\nWARNING: When changing the superuser name after the initial setup, the old superuser\nwill continue to exist.\n\nTo disable login for the web interface, set the following:\n`settings.PAPERLESS_AUTO_LOGIN_USERNAME = \"admin\";`.\nWARNING: Only use this on a trusted system without internet access to Paperless.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/paperless-password\""}, "loc": ["services", "paperless", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.paperless.port": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "28981"}, "description": "Web interface port.", "loc": ["services", "paperless", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.paperless.settings": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra paperless config options.\n\nSee [the documentation](https://docs.paperless-ngx.com/configuration/) for available options.\n\nNote that some settings such as `PAPERLESS_CONSUMER_IGNORE_PATTERN` expect JSON values.\nSettings declared as lists or attrsets will automatically be serialised into JSON strings for your convenience.\n", "example": {"_type": "literalExpression", "text": "{\n  PAPERLESS_CONSUMER_IGNORE_PATTERN = [\n    \".DS_STORE/*\"\n    \"desktop.ini\"\n  ];\n  PAPERLESS_OCR_LANGUAGE = \"deu+eng\";\n  PAPERLESS_OCR_USER_ARGS = {\n    optimize = 1;\n    pdfa_image_compression = \"lossless\";\n  };\n}"}, "loc": ["services", "paperless", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or string or absolute path or package or list of (boolean or floating point number or signed integer or string or absolute path or package) or attribute set of (boolean or floating point number or signed integer or string or absolute path or package))"}, "services.paperless.user": {"declarations": ["nixos/modules/services/misc/paperless.nix"], "default": {"_type": "literalExpression", "text": "\"paperless\""}, "description": "User under which Paperless runs.", "loc": ["services", "paperless", "user"], "readOnly": false, "type": "string"}, "services.paretosecurity.enable": {"declarations": ["nixos/modules/services/security/paretosecurity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "paretosecurity", "enable"], "readOnly": false, "type": "boolean"}, "services.paretosecurity.package": {"declarations": ["nixos/modules/services/security/paretosecurity.nix"], "default": {"_type": "literalExpression", "text": "pkgs.paretosecurity"}, "description": "The paretosecurity package to use.", "loc": ["services", "paretosecurity", "package"], "readOnly": false, "type": "package"}, "services.paretosecurity.trayIcon": {"declarations": ["nixos/modules/services/security/paretosecurity.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to false to disable the tray icon and run as a CLI tool only.", "loc": ["services", "paretosecurity", "trayIcon"], "readOnly": false, "type": "boolean"}, "services.paretosecurity.users": {"declarations": ["nixos/modules/services/security/paretosecurity.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Per-user Pareto Security configuration.", "loc": ["services", "paretosecurity", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.paretosecurity.users.<name>.inviteId": {"declarations": ["nixos/modules/services/security/paretosecurity.nix"], "description": "A unique ID that links the agent to Pareto Cloud.\nGet it from the Join Team page on `https://cloud.paretosecurity.com/team/join/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`.\nIn Step 2, under Linux tab, enter your email then copy it from the generated command.\n", "example": {"_type": "literalExpression", "text": "\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\""}, "loc": ["services", "paretosecurity", "users", "<name>", "inviteId"], "readOnly": false, "type": "string"}, "services.parsedmarc.enable": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable parsedmarc, a DMARC report monitoring service\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "parsedmarc", "enable"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.provision.elasticsearch": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set up and use a local instance of Elasticsearch.\n", "loc": ["services", "parsedmarc", "provision", "elasticsearch"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.provision.geoIp": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable and configure the [geoipupdate](#opt-services.geoipupdate.enable)\nservice to automatically fetch GeoIP databases. Not crucial,\nbut recommended for full functionality.\n\nTo finish the setup, you need to manually set the [](#opt-services.geoipupdate.settings.AccountID) and\n[](#opt-services.geoipupdate.settings.LicenseKey)\noptions.\n", "loc": ["services", "parsedmarc", "provision", "geoIp"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.provision.grafana.dashboard": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "config.services.grafana.enable"}, "description": "Whether the official parsedmarc grafana dashboard should\nbe provisioned to the local grafana instance.\n", "loc": ["services", "parsedmarc", "provision", "grafana", "dashboard"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.provision.grafana.datasource": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "config.services.parsedmarc.provision.elasticsearch && config.services.grafana.enable\n"}, "description": "Whether the automatically provisioned Elasticsearch\ninstance should be added as a grafana datasource. Has no\neffect unless\n[](#opt-services.parsedmarc.provision.elasticsearch)\nis also enabled.\n", "loc": ["services", "parsedmarc", "provision", "grafana", "datasource"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.provision.localMail.enable": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether Postfix and Dovecot should be set up to receive\nmail locally. parsedmarc will be configured to watch the\nlocal inbox as the automatically created user specified in\n[](#opt-services.parsedmarc.provision.localMail.recipientName)\n", "loc": ["services", "parsedmarc", "provision", "localMail", "enable"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.provision.localMail.hostname": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdn"}, "description": "The hostname to use when configuring Postfix.\n\nShould correspond to the host's fully qualified domain\nname and the domain part of the email address which\nreceives DMARC reports. You also have to set up an MX record\npointing to this domain name.\n", "example": {"_type": "literalExpression", "text": "\"monitoring.example.com\""}, "loc": ["services", "parsedmarc", "provision", "localMail", "hostname"], "readOnly": false, "type": "string"}, "services.parsedmarc.provision.localMail.recipientName": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "\"dmarc\""}, "description": "The DMARC mail recipient name, i.e. the name part of the\nemail address which receives DMARC reports.\n\nA local user with this name will be set up and assigned a\nrandomized password on service start.\n", "loc": ["services", "parsedmarc", "provision", "localMail", "recipientName"], "readOnly": false, "type": "string"}, "services.parsedmarc.settings": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "description": "Configuration parameters to set in\n{file}`parsedmarc.ini`. For a full list of\navailable parameters, see\n<https://domainaware.github.io/parsedmarc/#configuration-file>.\n\nSettings containing secret data should be set to an attribute\nset containing the attribute `_secret` - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting {file}`parsedmarc.ini`\nfile, the `splunk_hec.token` key will be set\nto the contents of the\n{file}`/run/keys/splunk_token` file.\n", "example": {"_type": "literalExpression", "text": "{\n  imap = {\n    host = \"imap.example.com\";\n    user = \"alice@example.com\";\n    password = { _secret = \"/run/keys/imap_password\" };\n  };\n  mailbox = {\n    watch = true;\n    batch_size = 30;\n  };\n  splunk_hec = {\n    url = \"https://splunkhec.example.com\";\n    token = { _secret = \"/run/keys/splunk_token\" };\n    index = \"email\";\n  };\n}\n"}, "loc": ["services", "parsedmarc", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.parsedmarc.settings.elasticsearch.cert_path": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "config.security.pki.caBundle"}, "description": "The path to a TLS certificate bundle used to verify\nthe server's certificate.\n", "loc": ["services", "parsedmarc", "settings", "elasticsearch", "cert_path"], "readOnly": false, "type": "absolute path"}, "services.parsedmarc.settings.elasticsearch.hosts": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of Elasticsearch hosts to push parsed reports\nto.\n", "loc": ["services", "parsedmarc", "settings", "elasticsearch", "hosts"], "readOnly": false, "type": "list of string"}, "services.parsedmarc.settings.elasticsearch.password": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password to use when connecting to Elasticsearch,\nif required.\n\nAlways handled as a secret whether the value is\nwrapped in a `{ _secret = ...; }`\nattrset or not (refer to [](#opt-services.parsedmarc.settings) for\ndetails).\n", "loc": ["services", "parsedmarc", "settings", "elasticsearch", "password"], "readOnly": false, "type": "null or absolute path or attribute set of absolute path"}, "services.parsedmarc.settings.elasticsearch.ssl": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use an encrypted SSL/TLS connection.\n", "loc": ["services", "parsedmarc", "settings", "elasticsearch", "ssl"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.settings.elasticsearch.user": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username to use when connecting to Elasticsearch, if\nrequired.\n", "loc": ["services", "parsedmarc", "settings", "elasticsearch", "user"], "readOnly": false, "type": "null or string"}, "services.parsedmarc.settings.general.save_aggregate": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Save aggregate report data to Elasticsearch and/or Splunk.\n", "loc": ["services", "parsedmarc", "settings", "general", "save_aggregate"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.settings.general.save_forensic": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Save forensic report data to Elasticsearch and/or Splunk.\n", "loc": ["services", "parsedmarc", "settings", "general", "save_forensic"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.settings.imap.host": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The IMAP server hostname or IP address.\n", "loc": ["services", "parsedmarc", "settings", "imap", "host"], "readOnly": false, "type": "string"}, "services.parsedmarc.settings.imap.password": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IMAP server password.\n\nAlways handled as a secret whether the value is\nwrapped in a `{ _secret = ...; }`\nattrset or not (refer to [](#opt-services.parsedmarc.settings) for\ndetails).\n", "loc": ["services", "parsedmarc", "settings", "imap", "password"], "readOnly": false, "type": "null or absolute path or attribute set of absolute path"}, "services.parsedmarc.settings.imap.port": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "993"}, "description": "The IMAP server port.\n", "loc": ["services", "parsedmarc", "settings", "imap", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.parsedmarc.settings.imap.ssl": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use an encrypted SSL/TLS connection.\n", "loc": ["services", "parsedmarc", "settings", "imap", "ssl"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.settings.imap.user": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IMAP server username.\n", "loc": ["services", "parsedmarc", "settings", "imap", "user"], "readOnly": false, "type": "null or string"}, "services.parsedmarc.settings.mailbox.delete": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Delete messages after processing them, instead of archiving them.\n", "loc": ["services", "parsedmarc", "settings", "mailbox", "delete"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.settings.mailbox.watch": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use the IMAP IDLE command to process messages as they arrive.\n", "loc": ["services", "parsedmarc", "settings", "mailbox", "watch"], "readOnly": false, "type": "boolean"}, "services.parsedmarc.settings.smtp.from": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The `From` address to use for the\noutgoing mail.\n", "loc": ["services", "parsedmarc", "settings", "smtp", "from"], "readOnly": false, "type": "null or string"}, "services.parsedmarc.settings.smtp.host": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SMTP server hostname or IP address.\n", "loc": ["services", "parsedmarc", "settings", "smtp", "host"], "readOnly": false, "type": "null or string"}, "services.parsedmarc.settings.smtp.password": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SMTP server password.\n\nAlways handled as a secret whether the value is\nwrapped in a `{ _secret = ...; }`\nattrset or not (refer to [](#opt-services.parsedmarc.settings) for\ndetails).\n", "loc": ["services", "parsedmarc", "settings", "smtp", "password"], "readOnly": false, "type": "null or absolute path or attribute set of absolute path"}, "services.parsedmarc.settings.smtp.port": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SMTP server port.\n", "loc": ["services", "parsedmarc", "settings", "smtp", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.parsedmarc.settings.smtp.ssl": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use an encrypted SSL/TLS connection.\n", "loc": ["services", "parsedmarc", "settings", "smtp", "ssl"], "readOnly": false, "type": "null or boolean"}, "services.parsedmarc.settings.smtp.to": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The addresses to send outgoing mail to.\n", "loc": ["services", "parsedmarc", "settings", "smtp", "to"], "readOnly": false, "type": "null or (list of string)"}, "services.parsedmarc.settings.smtp.user": {"declarations": ["nixos/modules/services/monitoring/parsedmarc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SMTP server username.\n", "loc": ["services", "parsedmarc", "settings", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.part-db.enable": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PartDB.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "part-db", "enable"], "readOnly": false, "type": "boolean"}, "services.part-db.enableNginx": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable nginx or not. If enabled, an nginx virtual host will\nbe created for access to part-db. If not enabled, then you may use\n`${config.services.part-db.package}/public` as your document root in\nwhichever webserver you wish to setup.\n", "loc": ["services", "part-db", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.part-db.enablePostgresql": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure the postgresql database for part-db. If enabled,\na database and user will be created for part-db.\n", "loc": ["services", "part-db", "enablePostgresql"], "readOnly": false, "type": "boolean"}, "services.part-db.package": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "pkgs.part-db"}, "description": "The part-db package to use.", "loc": ["services", "part-db", "package"], "readOnly": false, "type": "package"}, "services.part-db.phpPackage": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php"}, "description": "The php package to use.", "loc": ["services", "part-db", "phpPackage"], "readOnly": false, "type": "package"}, "services.part-db.poolConfig": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    \"pm\" = \"dynamic\";\n    \"pm.max_children\" = 32;\n    \"pm.start_servers\" = 2;\n    \"pm.min_spare_servers\" = 2;\n    \"pm.max_spare_servers\" = 4;\n    \"pm.max_requests\" = 500;\n  }\n''"}, "description": "Options for the PartDB PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "part-db", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.part-db.settings": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for part-db configuration. Refer to\n<https://github.com/Part-DB/Part-DB-server/blob/master/.env> for\ndetails on supported values. All <option>_FILE values supported by\nupstream are supported here.\n", "example": {"_type": "literalExpression", "text": "{\n  DATABASE_URL = \"postgresql://db_user@localhost/db_name?serverVersion=16.6&charset=utf8&host=/var/run/postgresql\";\n}\n"}, "loc": ["services", "part-db", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.part-db.settings.DATABASE_URL": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql://part-db@localhost/part-db?serverVersion=\\${config.services.postgresql.package.version}&host=/run/postgresql\""}, "description": "The postgresql database server to connect to.\nDefauls to local postgresql unix socket\n", "loc": ["services", "part-db", "settings", "DATABASE_URL"], "readOnly": false, "type": "string"}, "services.part-db.virtualHost": {"declarations": ["nixos/modules/services/web-apps/part-db.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The virtualHost at which you wish part-db to be served.\n", "loc": ["services", "part-db", "virtualHost"], "readOnly": false, "type": "string"}, "services.passSecretService.enable": {"declarations": ["nixos/modules/services/security/pass-secret-service.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pass secret service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "passSecretService", "enable"], "readOnly": false, "type": "boolean"}, "services.passSecretService.package": {"declarations": ["nixos/modules/services/security/pass-secret-service.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pass-secret-service"}, "description": "The pass-secret-service package to use.", "example": {"_type": "literalExpression", "text": "pass-secret-service.override { python3 = pkgs.python315 }"}, "loc": ["services", "passSecretService", "package"], "readOnly": false, "type": "package"}, "services.patroni.dataDir": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/patroni\""}, "description": "Folder where Patroni data will be written, this is where the pgpass password file will be written.\n", "loc": ["services", "patroni", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.patroni.enable": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Patroni.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "patroni", "enable"], "readOnly": false, "type": "boolean"}, "services.patroni.environmentFiles": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables made available to Patroni as files content, useful for providing secrets from files.", "example": {"_type": "literalExpression", "text": "{\n  PATRONI_REPLICATION_PASSWORD = \"/secret/file\";\n  PATRONI_SUPERUSER_PASSWORD = \"/secret/file\";\n}"}, "loc": ["services", "patroni", "environmentFiles"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "services.patroni.group": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "\"patroni\""}, "description": "The group for the service. If left as the default value this group will automatically be created,\notherwise the sysadmin is responsible for ensuring the group exists.\n", "example": {"_type": "literalExpression", "text": "\"postgres\""}, "loc": ["services", "patroni", "group"], "readOnly": false, "type": "string"}, "services.patroni.name": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "description": "The name of the host. Must be unique for the cluster.\n", "example": {"_type": "literalExpression", "text": "\"node1\""}, "loc": ["services", "patroni", "name"], "readOnly": false, "type": "string"}, "services.patroni.namespace": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "\"/service\""}, "description": "Path within the configuration store where Patroni will keep information about the cluster.\n", "loc": ["services", "patroni", "namespace"], "readOnly": false, "type": "string"}, "services.patroni.nodeIp": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "description": "IP address of this node.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.1\""}, "loc": ["services", "patroni", "nodeIp"], "readOnly": false, "type": "string"}, "services.patroni.otherNodesIps": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "description": "IP addresses of the other nodes.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.1.2\"\n  \"192.168.1.3\"\n]"}, "loc": ["services", "patroni", "otherNodesIps"], "readOnly": false, "type": "list of string"}, "services.patroni.postgresqlDataDir": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/postgresql/${config.services.patroni.postgresqlPackage.psqlSchema}\""}, "description": "The data directory for PostgreSQL. If left as the default value\nthis directory will automatically be created before the PostgreSQL server starts, otherwise\nthe sysadmin is responsible for ensuring the directory exists with appropriate ownership\nand permissions.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/postgresql/14\""}, "loc": ["services", "patroni", "postgresqlDataDir"], "readOnly": false, "type": "absolute path"}, "services.patroni.postgresqlPackage": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "description": "PostgreSQL package to use.\nPlugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`.\n", "example": {"_type": "literalExpression", "text": "pkgs.postgresql_14"}, "loc": ["services", "patroni", "postgresqlPackage"], "readOnly": false, "type": "package"}, "services.patroni.postgresqlPort": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "The port on which PostgreSQL listens.\n", "loc": ["services", "patroni", "postgresqlPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.patroni.restApiPort": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "8008"}, "description": "The port on Patroni's REST api listens.\n", "loc": ["services", "patroni", "restApiPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.patroni.scope": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "description": "Cluster name.\n", "example": {"_type": "literalExpression", "text": "\"cluster1\""}, "loc": ["services", "patroni", "scope"], "readOnly": false, "type": "string"}, "services.patroni.settings": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The primary patroni configuration. See the [documentation](https://patroni.readthedocs.io/en/latest/yaml_configuration.html)\nfor possible values.\nSecrets should be passed in by using the `environmentFiles` option.\n", "example": {"_type": "literalExpression", "text": "{\n  bootstrap = {\n    initdb = [\n      \"encoding=UTF-8\"\n      \"data-checksums\"\n    ];\n  };\n  postgresql = {\n    parameters = {\n      unix_socket_directories = \"/tmp\";\n    };\n  };\n}"}, "loc": ["services", "patroni", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.patroni.softwareWatchdog": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This will configure Patroni to use the software watchdog built into the Linux kernel\nas described in the [documentation](https://patroni.readthedocs.io/en/latest/watchdog.html#setting-up-software-watchdog-on-linux).\n", "loc": ["services", "patroni", "softwareWatchdog"], "readOnly": false, "type": "boolean"}, "services.patroni.user": {"declarations": ["nixos/modules/services/cluster/patroni/default.nix"], "default": {"_type": "literalExpression", "text": "\"patroni\""}, "description": "The user for the service. If left as the default value this user will automatically be created,\notherwise the sysadmin is responsible for ensuring the user exists.\n", "example": {"_type": "literalExpression", "text": "\"postgres\""}, "loc": ["services", "patroni", "user"], "readOnly": false, "type": "string"}, "services.pcscd.enable": {"declarations": ["nixos/modules/services/hardware/pcscd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PCSC-Lite daemon, to access smart cards using SCard API (PC/SC).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pcscd", "enable"], "readOnly": false, "type": "boolean"}, "services.pcscd.extendReaderNames": {"declarations": ["nixos/modules/services/hardware/pcscd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "String to append to every reader name. The special variable `$HOSTNAME`\nwill be expanded to the current host name.\n", "example": {"_type": "literalExpression", "text": "\" $HOSTNAME\""}, "loc": ["services", "pcscd", "extendReaderNames"], "readOnly": false, "type": "null or string"}, "services.pcscd.extraArgs": {"declarations": ["nixos/modules/services/hardware/pcscd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to be passed to the PCSC daemon.", "loc": ["services", "pcscd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pcscd.ignoreReaderNames": {"declarations": ["nixos/modules/services/hardware/pcscd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of reader name patterns for the PCSC daemon to ignore.\n\nFor more precise control, readers can be ignored through udev rules\n(cf. {option}`services.udev.extraRules`) by setting the\n`PCSCLITE_IGNORE` property, for example:\n\n```\nACTION!=\"remove|unbind\", SUBSYSTEM==\"usb\", ATTR{idVendor}==\"20a0\", ENV{PCSCLITE_IGNORE}=\"1\"\n```\n", "example": {"_type": "literalExpression", "text": "[\n  \"Nitrokey\"\n  \"YubiKey\"\n]"}, "loc": ["services", "pcscd", "ignoreReaderNames"], "readOnly": false, "type": "list of string matching the pattern [^:]+"}, "services.pcscd.plugins": {"declarations": ["nixos/modules/services/hardware/pcscd.nix"], "default": {"_type": "literalExpression", "text": "[ pkgs.ccid ]"}, "description": "Plugin packages to be used for PCSC-Lite.", "example": {"_type": "literalExpression", "text": "[ pkgs.pcsc-cyberjack ]"}, "loc": ["services", "pcscd", "plugins"], "readOnly": false, "type": "list of package"}, "services.pcscd.readerConfigs": {"declarations": ["nixos/modules/services/hardware/pcscd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configuration for devices that aren't hotpluggable.\n\nSee {manpage}`reader.conf(5)` for valid options.\n", "example": {"_type": "literalExpression", "text": "[\n  ''\n    FRIENDLYNAME      \"Some serial reader\"\n    DEVICENAME        /dev/ttyS0\n    LIBPATH           /path/to/serial_reader.so\n    CHANNELID         1\n  ''\n]"}, "loc": ["services", "pcscd", "readerConfigs"], "readOnly": false, "type": "list of strings concatenated with \"\\n\""}, "services.pdfding.allowedHosts": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"localhost\"\n]"}, "description": "Domains where PdfDing is allowed to run", "loc": ["services", "pdfding", "allowedHosts"], "readOnly": false, "type": "list of string"}, "services.pdfding.backup.enable": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatic backup of important data to a AWS S3 (or compatible) instance.\n\nWhen enabled and properly configured via environment variables,\nimportant data is periodically uploaded to the specified s3\ninstance via cronjob.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pdfding", "backup", "enable"], "readOnly": false, "type": "boolean"}, "services.pdfding.backup.endpoint": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The s3 endpoint for backups", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:9000\""}, "loc": ["services", "pdfding", "backup", "endpoint"], "readOnly": false, "type": "null or string"}, "services.pdfding.backup.schedule": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"0 2 * * *\""}, "description": "The cron schedule for the consume task to trigger.\nThe format is \"minute hour day month day_of_week\"\nRead\n  - https://github.com/mrmn2/PdfDing/blob/d0f21ec2f9fbee4b1a2f6b7e0e6c7ea7784ab1bc/pdfding/base/task_helpers.py#L5\n  - https://huey.readthedocs.io/en/latest/api.html#crontab\n", "loc": ["services", "pdfding", "backup", "schedule"], "readOnly": false, "type": "string"}, "services.pdfding.consume.enable": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Bulk PDF import from consume directory.\n\nWhen enabled, administrators can create per-user directories like /var/lib/pdfding/consume/<user_id>\nwith permissions allowing the pdfding user to read and write.\nPDFs placed in these directories are automatically imported into user accounts.\n\nPDFs are imported periodically via cronjob and successfully imported files\nare automatically deleted from the consume directory.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pdfding", "consume", "enable"], "readOnly": false, "type": "boolean"}, "services.pdfding.consume.schedule": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"*/5 * * * *\""}, "description": "The cron schedule for the consume task to trigger.\nThe format is \"minute hour day month day_of_week\"\nRead\n  - https://github.com/mrmn2/PdfDing/blob/d0f21ec2f9fbee4b1a2f6b7e0e6c7ea7784ab1bc/pdfding/base/task_helpers.py#L5\n  - https://huey.readthedocs.io/en/latest/api.html#crontab\n", "loc": ["services", "pdfding", "consume", "schedule"], "readOnly": false, "type": "string"}, "services.pdfding.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create a local PostgreSQL database automatically", "loc": ["services", "pdfding", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.pdfding.database.host": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "PostgreSQL host", "loc": ["services", "pdfding", "database", "host"], "readOnly": false, "type": "string"}, "services.pdfding.database.name": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"pdfding\""}, "description": "PostgreSQL database name", "loc": ["services", "pdfding", "database", "name"], "readOnly": false, "type": "string"}, "services.pdfding.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing POSTGRES_PASSWORD. Consider using a secret managing scheme such as `agenix` or `sops-nix` to generate this file.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/pdfding-db-password\""}, "loc": ["services", "pdfding", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.pdfding.database.port": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "PostgreSQL port", "loc": ["services", "pdfding", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pdfding.database.type": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database type to use", "loc": ["services", "pdfding", "database", "type"], "readOnly": false, "type": "one of \"sqlite\", \"postgres\""}, "services.pdfding.database.user": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"pdfding\""}, "description": "PostgreSQL user", "loc": ["services", "pdfding", "database", "user"], "readOnly": false, "type": "string"}, "services.pdfding.enable": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PdfDing service.\n\nTo use the pdfding-manage CLI, add your user to the pdfding group:\n  users.users.<youruser>.extraGroups = [ \"pdfding\" ];\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pdfding", "enable"], "readOnly": false, "type": "boolean"}, "services.pdfding.envFiles": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment variable files", "loc": ["services", "pdfding", "envFiles"], "readOnly": false, "type": "list of absolute path"}, "services.pdfding.extraEnvironment": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional environment variables", "loc": ["services", "pdfding", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.pdfding.group": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"pdfding\""}, "description": "Group under which PdfDing runs", "loc": ["services", "pdfding", "group"], "readOnly": false, "type": "string"}, "services.pdfding.gunicorn.extraArgs": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command line arguments passed to Gunicorn server.", "loc": ["services", "pdfding", "gunicorn", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pdfding.hostName": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Listen address for PdfDing", "example": {"_type": "literalExpression", "text": "\"pdfding.example.com\""}, "loc": ["services", "pdfding", "hostName"], "readOnly": false, "type": "string"}, "services.pdfding.openFirewall": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the PdfDing web interface.", "loc": ["services", "pdfding", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pdfding.package": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pdfding"}, "description": "The pdfding package to use.", "loc": ["services", "pdfding", "package"], "readOnly": false, "type": "package"}, "services.pdfding.port": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port on which PdfDing listens", "loc": ["services", "pdfding", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pdfding.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the Django SECRET_KEY. Consider using a secret managing scheme such as `agenix` or `sops-nix` to generate this file.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/pdfding-secret-key\""}, "loc": ["services", "pdfding", "secretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.pdfding.user": {"declarations": ["nixos/modules/services/web-apps/pdfding.nix"], "default": {"_type": "literalExpression", "text": "\"pdfding\""}, "description": "User account under which PdfDing runs", "loc": ["services", "pdfding", "user"], "readOnly": false, "type": "string"}, "services.pdns-recursor.api.address": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address Recursor REST API server will bind to.\n", "loc": ["services", "pdns-recursor", "api", "address"], "readOnly": false, "type": "string"}, "services.pdns-recursor.api.allowFrom": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "description": "IP address ranges of clients allowed to make API requests.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0/0\"\n  \"::/0\"\n]"}, "loc": ["services", "pdns-recursor", "api", "allowFrom"], "readOnly": false, "type": "list of string"}, "services.pdns-recursor.api.port": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "8082"}, "description": "Port number Recursor REST API server will bind to.\n", "loc": ["services", "pdns-recursor", "api", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pdns-recursor.dns.address": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"::\"\n  \"0.0.0.0\"\n]"}, "description": "IP addresses Recursor DNS server will bind to.\n", "loc": ["services", "pdns-recursor", "dns", "address"], "readOnly": false, "type": "string or list of string"}, "services.pdns-recursor.dns.allowFrom": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.0/8\"\n  \"10.0.0.0/8\"\n  \"100.64.0.0/10\"\n  \"169.254.0.0/16\"\n  \"192.168.0.0/16\"\n  \"172.16.0.0/12\"\n  \"::1/128\"\n  \"fc00::/7\"\n  \"fe80::/10\"\n]"}, "description": "IP address ranges of clients allowed to make DNS queries.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0/0\"\n  \"::/0\"\n]"}, "loc": ["services", "pdns-recursor", "dns", "allowFrom"], "readOnly": false, "type": "list of string"}, "services.pdns-recursor.dns.port": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "Port number Recursor DNS server will bind to.\n", "loc": ["services", "pdns-recursor", "dns", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pdns-recursor.dnssecValidation": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "\"validate\""}, "description": "Controls the level of DNSSEC processing done by the PowerDNS Recursor.\nSee <https://doc.powerdns.com/md/recursor/dnssec/> for a detailed explanation.\n", "loc": ["services", "pdns-recursor", "dnssecValidation"], "readOnly": false, "type": "one of \"off\", \"process-no-validate\", \"process\", \"log-fail\", \"validate\""}, "services.pdns-recursor.enable": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PowerDNS Recursor, a recursive DNS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pdns-recursor", "enable"], "readOnly": false, "type": "boolean"}, "services.pdns-recursor.exportHosts": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to export names and IP addresses defined in /etc/hosts.\n", "loc": ["services", "pdns-recursor", "exportHosts"], "readOnly": false, "type": "boolean"}, "services.pdns-recursor.forwardZones": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "DNS zones to be forwarded to other authoritative servers.\n", "loc": ["services", "pdns-recursor", "forwardZones"], "readOnly": false, "type": "attribute set"}, "services.pdns-recursor.forwardZonesRecurse": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "DNS zones to be forwarded to other recursive servers.\n", "example": {"_type": "literalExpression", "text": "{\n  eth = \"[::1]:5353\";\n}"}, "loc": ["services", "pdns-recursor", "forwardZonesRecurse"], "readOnly": false, "type": "attribute set"}, "services.pdns-recursor.luaConfig": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The content Lua configuration file for PowerDNS Recursor. See\n<https://doc.powerdns.com/recursor/lua-config/index.html>.\n", "loc": ["services", "pdns-recursor", "luaConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pdns-recursor.resolveNamecoin": {"declarations": ["nixos/modules/services/networking/ncdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Resolve `.bit` top-level domains using ncdns and namecoin.\n", "loc": ["services", "pdns-recursor", "resolveNamecoin"], "readOnly": false, "type": "boolean"}, "services.pdns-recursor.serveRFC1918": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to directly resolve the RFC1918 reverse-mapping domains:\n`10.in-addr.arpa`,\n`168.192.in-addr.arpa`,\n`16-31.172.in-addr.arpa`\nThis saves load on the AS112 servers.\n", "loc": ["services", "pdns-recursor", "serveRFC1918"], "readOnly": false, "type": "boolean"}, "services.pdns-recursor.settings": {"declarations": ["nixos/modules/services/networking/pdns-recursor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PowerDNS Recursor settings. Use this option to configure Recursor\nsettings not exposed in a NixOS option or to bypass one.\nSee the full documentation at\n<https://doc.powerdns.com/recursor/yamlsettings.html>\nfor the available options.\n", "example": {"_type": "literalExpression", "text": "{\n  loglevel = 8;\n  log-common-errors = true;\n}\n"}, "loc": ["services", "pdns-recursor", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.pdnsd.cacheDir": {"declarations": ["nixos/modules/services/networking/pdnsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/pdnsd\""}, "description": "Directory holding the pdnsd cache", "loc": ["services", "pdnsd", "cacheDir"], "readOnly": false, "type": "string"}, "services.pdnsd.enable": {"declarations": ["nixos/modules/services/networking/pdnsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pdnsd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pdnsd", "enable"], "readOnly": false, "type": "boolean"}, "services.pdnsd.extraConfig": {"declarations": ["nixos/modules/services/networking/pdnsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration directives that should be added to\n{file}`pdnsd.conf`.\n", "loc": ["services", "pdnsd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pdnsd.globalConfig": {"declarations": ["nixos/modules/services/networking/pdnsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Global configuration that should be added to the global directory\nof {file}`pdnsd.conf`.\n", "loc": ["services", "pdnsd", "globalConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pdnsd.serverConfig": {"declarations": ["nixos/modules/services/networking/pdnsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Server configuration that should be added to the server directory\nof {file}`pdnsd.conf`.\n", "loc": ["services", "pdnsd", "serverConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.peerflix.downloadDir": {"declarations": ["nixos/modules/services/torrent/peerflix.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.peerflix.stateDir}/torrents\""}, "description": "Peerflix temporary download directory.", "loc": ["services", "peerflix", "downloadDir"], "readOnly": false, "type": "absolute path"}, "services.peerflix.enable": {"declarations": ["nixos/modules/services/torrent/peerflix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable peerflix service.", "loc": ["services", "peerflix", "enable"], "readOnly": false, "type": "boolean"}, "services.peerflix.stateDir": {"declarations": ["nixos/modules/services/torrent/peerflix.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/peerflix\""}, "description": "Peerflix state directory.", "loc": ["services", "peerflix", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.peering-manager.enable": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Peering Manager.\n\nThis module requires a reverse proxy that serves `/static` separately.\nSee this [example](https://github.com/peering-manager/contrib/blob/main/nginx.conf) on how to configure this.\n", "loc": ["services", "peering-manager", "enable"], "readOnly": false, "type": "boolean"}, "services.peering-manager.enableLdap": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable LDAP-Authentication for Peering Manager.\n\nThis requires a configuration file being pass through `ldapConfigPath`.\n", "loc": ["services", "peering-manager", "enableLdap"], "readOnly": false, "type": "boolean"}, "services.peering-manager.enableScheduledTasks": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set up [scheduled tasks](https://peering-manager.readthedocs.io/en/stable/setup/8-scheduled-tasks/)\n", "loc": ["services", "peering-manager", "enableScheduledTasks"], "readOnly": false, "type": "boolean"}, "services.peering-manager.environmentFile": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the world-readable\nNix store, by specifying placeholder variables as the option value in Nix and\nsetting these variables accordingly in the environment file.\n\n```\n  # snippet of peering-manager-related config\n  services.peering-manager.settings.SOCIAL_AUTH_OIDC_SECRET = \"$PM_OIDC_SECRET\";\n```\n\n```\n  # content of the environment file\n  PM_OIDC_SECRET=topsecret\n```\n\nNote that this file needs to be available on the host on which\n`peering-manager` is running.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/peering-manager.env\""}, "loc": ["services", "peering-manager", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.peering-manager.extraConfig": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines of configuration appended to the `configuration.py`.\nSee the [documentation](https://peering-manager.readthedocs.io/en/stable/configuration/optional-settings/) for more possible options.\n", "loc": ["services", "peering-manager", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.peering-manager.ldapConfigPath": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "description": "Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.\nSee the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options.\n", "loc": ["services", "peering-manager", "ldapConfigPath"], "readOnly": false, "type": "absolute path"}, "services.peering-manager.listenAddress": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "\"[::1]\""}, "description": "Address the server will listen on.\n", "loc": ["services", "peering-manager", "listenAddress"], "readOnly": false, "type": "string"}, "services.peering-manager.peeringdbApiKeyFile": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the PeeringDB API key.\n", "loc": ["services", "peering-manager", "peeringdbApiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.peering-manager.plugins": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "python3Packages: with python3Packages; [];\n"}, "description": "List of plugin packages to install.\n", "loc": ["services", "peering-manager", "plugins"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.peering-manager.port": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "8001"}, "description": "Port the server will listen on.\n", "loc": ["services", "peering-manager", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.peering-manager.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "description": "Path to a file containing the secret key.\n", "loc": ["services", "peering-manager", "secretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.peering-manager.settings": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options to set in `configuration.py`.\nSee the [documentation](https://peering-manager.readthedocs.io/en/stable/configuration/optional-settings/) for more possible options.\n", "loc": ["services", "peering-manager", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Python value)"}, "services.peering-manager.settings.ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/peering-manager.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "A list of valid fully-qualified domain names (FQDNs) and/or IP\naddresses that can be used to reach the peering manager service.\n", "loc": ["services", "peering-manager", "settings", "ALLOWED_HOSTS"], "readOnly": false, "type": "list of string"}, "services.peertube-runner.enable": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable peertube-runner.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "peertube-runner", "enable"], "readOnly": false, "type": "boolean"}, "services.peertube-runner.enabledJobTypes": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"vod-web-video-transcoding\"\n  \"vod-hls-transcoding\"\n  \"vod-audio-merge-transcoding\"\n  \"live-rtmp-hls-transcoding\"\n  \"video-studio-transcoding\"\n  \"video-transcription\"\n]"}, "description": "Job types that this runner will execute.", "example": {"_type": "literalExpression", "text": "[\n  \"video-transcription\"\n]"}, "loc": ["services", "peertube-runner", "enabledJobTypes"], "readOnly": false, "type": "non-empty (list of string)"}, "services.peertube-runner.group": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "\"prunner\""}, "description": "Group under which peertube-runner runs.", "example": {"_type": "literalExpression", "text": "\"peertube-runner\""}, "loc": ["services", "peertube-runner", "group"], "readOnly": false, "type": "string"}, "services.peertube-runner.instancesToRegister": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PeerTube instances to register this runner with.", "example": {"_type": "literalExpression", "text": "{\n  personal = {\n    registrationTokenFile = \"/run/secrets/my-peertube-instance-registration-token\";\n    runnerDescription = \"Runner for video transcription\";\n    runnerName = \"Transcription\";\n    url = \"https://mypeertubeinstance.com\";\n  };\n}"}, "loc": ["services", "peertube-runner", "instancesToRegister"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.peertube-runner.instancesToRegister.<name>.registrationTokenFile": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "description": "Path to a file containing a registration token for the PeerTube instance.\n\nSee how to generate registration tokens at <https://docs.joinpeertube.org/admin/remote-runners#manage-remote-runners>.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/my-peertube-instance-registration-token\""}, "loc": ["services", "peertube-runner", "instancesToRegister", "<name>", "registrationTokenFile"], "readOnly": false, "type": "absolute path"}, "services.peertube-runner.instancesToRegister.<name>.runnerDescription": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Runner description declared to the PeerTube instance.", "example": {"_type": "literalExpression", "text": "\"Runner for video transcription\""}, "loc": ["services", "peertube-runner", "instancesToRegister", "<name>", "runnerDescription"], "readOnly": false, "type": "null or string"}, "services.peertube-runner.instancesToRegister.<name>.runnerName": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "description": "Runner name declared to the PeerTube instance.", "example": {"_type": "literalExpression", "text": "\"Transcription\""}, "loc": ["services", "peertube-runner", "instancesToRegister", "<name>", "runnerName"], "readOnly": false, "type": "string"}, "services.peertube-runner.instancesToRegister.<name>.url": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "description": "URL of the PeerTube instance.", "example": {"_type": "literalExpression", "text": "\"https://mypeertubeinstance.com\""}, "loc": ["services", "peertube-runner", "instancesToRegister", "<name>", "url"], "readOnly": false, "type": "string"}, "services.peertube-runner.package": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "pkgs.peertube.runner"}, "description": "The runner package to use.", "loc": ["services", "peertube-runner", "package"], "readOnly": false, "type": "package"}, "services.peertube-runner.settings": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for peertube-runner.\n\nSee available configuration options at <https://docs.joinpeertube.org/maintain/tools#configuration>.\n", "example": {"_type": "literalExpression", "text": "{\n  jobs.concurrency = 4;\n  ffmpeg = {\n    threads = 0; # Let ffmpeg automatically choose.\n    nice = 5;\n  };\n  transcription.model = \"large-v3\";\n}\n"}, "loc": ["services", "peertube-runner", "settings"], "readOnly": false, "type": "TOML value"}, "services.peertube-runner.user": {"declarations": ["nixos/modules/services/web-apps/peertube-runner.nix"], "default": {"_type": "literalExpression", "text": "\"prunner\""}, "description": "User account under which peertube-runner runs.", "example": {"_type": "literalExpression", "text": "\"peertube-runner\""}, "loc": ["services", "peertube-runner", "user"], "readOnly": false, "type": "string"}, "services.peertube.configureNginx": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure nginx as a reverse proxy for peertube.", "loc": ["services", "peertube", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.peertube.dataDirs": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow access to custom data locations.", "example": {"_type": "literalExpression", "text": "[\n  \"/opt/peertube/storage\"\n  \"/var/cache/peertube\"\n]"}, "loc": ["services", "peertube", "dataDirs"], "readOnly": false, "type": "list of absolute path"}, "services.peertube.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local PostgreSQL database server for PeerTube.", "loc": ["services", "peertube", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.peertube.database.host": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "if config.services.peertube.database.createLocally\nthen \"/run/postgresql\"\nelse null\n"}, "description": "Database host address or unix socket.", "example": {"_type": "literalExpression", "text": "\"192.168.15.47\""}, "loc": ["services", "peertube", "database", "host"], "readOnly": false, "type": "string"}, "services.peertube.database.name": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "\"peertube\""}, "description": "Database name.", "loc": ["services", "peertube", "database", "name"], "readOnly": false, "type": "string"}, "services.peertube.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for PostgreSQL database.", "example": {"_type": "literalExpression", "text": "\"/run/keys/peertube/password-postgresql\""}, "loc": ["services", "peertube", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.peertube.database.port": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Database host port.", "loc": ["services", "peertube", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.peertube.database.user": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "\"peertube\""}, "description": "Database user.", "loc": ["services", "peertube", "database", "user"], "readOnly": false, "type": "string"}, "services.peertube.enable": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Peertube.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "peertube", "enable"], "readOnly": false, "type": "boolean"}, "services.peertube.enableWebHttps": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether clients will access your PeerTube instance with HTTPS. Does NOT configure the PeerTube webserver itself to listen for incoming HTTPS connections.", "loc": ["services", "peertube", "enableWebHttps"], "readOnly": false, "type": "boolean"}, "services.peertube.group": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "\"peertube\""}, "description": "Group under which Peertube runs.", "loc": ["services", "peertube", "group"], "readOnly": false, "type": "string"}, "services.peertube.listenHttp": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "The port that the local PeerTube web server will listen on.", "loc": ["services", "peertube", "listenHttp"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.peertube.listenWeb": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "The public-facing port that PeerTube will be accessible at (likely 80 or 443 if running behind a reverse proxy). Clients will try to access PeerTube at this port.", "loc": ["services", "peertube", "listenWeb"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.peertube.localDomain": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "description": "The domain serving your PeerTube instance.", "example": {"_type": "literalExpression", "text": "\"peertube.example.com\""}, "loc": ["services", "peertube", "localDomain"], "readOnly": false, "type": "string"}, "services.peertube.package": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "pkgs.peertube"}, "description": "The peertube package to use.", "loc": ["services", "peertube", "package"], "readOnly": false, "type": "package"}, "services.peertube.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local Redis server for PeerTube.", "loc": ["services", "peertube", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.peertube.redis.enableUnixSocket": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "config.services.peertube.redis.createLocally"}, "description": "Use Unix socket.", "loc": ["services", "peertube", "redis", "enableUnixSocket"], "readOnly": false, "type": "boolean"}, "services.peertube.redis.host": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "if config.services.peertube.redis.createLocally && !config.services.peertube.redis.enableUnixSocket\nthen \"127.0.0.1\"\nelse null\n"}, "description": "Redis host.", "loc": ["services", "peertube", "redis", "host"], "readOnly": false, "type": "null or string"}, "services.peertube.redis.passwordFile": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for redis database.", "example": {"_type": "literalExpression", "text": "\"/run/keys/peertube/password-redis-db\""}, "loc": ["services", "peertube", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.peertube.redis.port": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "if config.services.peertube.redis.createLocally && config.services.peertube.redis.enableUnixSocket\nthen null\nelse 6379\n"}, "description": "Redis port.", "loc": ["services", "peertube", "redis", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.peertube.secrets.secretsFile": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secrets to run PeerTube.\nGenerate one using `openssl rand -hex 32`\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/peertube\""}, "loc": ["services", "peertube", "secrets", "secretsFile"], "readOnly": false, "type": "null or absolute path"}, "services.peertube.serviceEnvironmentFile": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set environment variables for the service. Mainly useful for setting the initial root password.\nFor example write to file:\nPT_INITIAL_ROOT_PASSWORD=changeme\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/peertube/password-init-root\""}, "loc": ["services", "peertube", "serviceEnvironmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.peertube.settings": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "description": "Configuration for peertube.", "example": {"_type": "literalExpression", "text": "{\n  listen = {\n    hostname = \"0.0.0.0\";\n  };\n  log = {\n    level = \"debug\";\n  };\n  storage = {\n    tmp = \"/opt/data/peertube/storage/tmp/\";\n    logs = \"/opt/data/peertube/storage/logs/\";\n    cache = \"/opt/data/peertube/storage/cache/\";\n  };\n}\n"}, "loc": ["services", "peertube", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.peertube.settings.video_transcription.enabled": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable automatic transcription of videos.", "loc": ["services", "peertube", "settings", "video_transcription", "enabled"], "readOnly": false, "type": "boolean"}, "services.peertube.settings.video_transcription.engine_path": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "if config.services.peertube.settings.video_transcription.enabled then\n  lib.getExe pkgs.whisper-ctranslate2\nelse\n  \"Set `services.peertube.settings.video_transcription.enabled = true`.\"\n"}, "description": "Custom engine path for local transcription.", "loc": ["services", "peertube", "settings", "video_transcription", "engine_path"], "readOnly": false, "type": "absolute path or string"}, "services.peertube.smtp.createLocally": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local Postfix SMTP server for PeerTube.", "loc": ["services", "peertube", "smtp", "createLocally"], "readOnly": false, "type": "boolean"}, "services.peertube.smtp.passwordFile": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for smtp server.", "example": {"_type": "literalExpression", "text": "\"/run/keys/peertube/password-smtp\""}, "loc": ["services", "peertube", "smtp", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.peertube.user": {"declarations": ["nixos/modules/services/web-apps/peertube.nix"], "default": {"_type": "literalExpression", "text": "\"peertube\""}, "description": "User account under which Peertube runs.", "loc": ["services", "peertube", "user"], "readOnly": false, "type": "string"}, "services.persistent-evdev.devices": {"declarations": ["nixos/modules/services/misc/persistent-evdev.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of virtual proxy device labels with backing physical device ids.\n\nPhysical devices should already exist in {file}`/dev/input/by-id/`.\nProxy devices will be automatically given a `uinput-` prefix.\n\nSee the [project page](https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt)\nfor example configuration of virtual devices with libvirt\nand remember to add `uinput-*` devices to the qemu\n`cgroup_device_acl` list (see [](#opt-virtualisation.libvirtd.qemu.verbatimConfig)).\n", "example": {"_type": "literalExpression", "text": "{\n  persist-mouse0 = \"usb-Logitech_G403_Prodigy_Gaming_Mouse_078738533531-event-if01\";\n  persist-mouse1 = \"usb-Logitech_G403_Prodigy_Gaming_Mouse_078738533531-event-mouse\";\n  persist-mouse2 = \"usb-Logitech_G403_Prodigy_Gaming_Mouse_078738533531-if01-event-kbd\";\n  persist-keyboard0 = \"usb-Microsoft_Natural\u00ae_Ergonomic_Keyboard_4000-event-kbd\";\n  persist-keyboard1 = \"usb-Microsoft_Natural\u00ae_Ergonomic_Keyboard_4000-if01-event-kbd\";\n}\n"}, "loc": ["services", "persistent-evdev", "devices"], "readOnly": false, "type": "attribute set of string"}, "services.persistent-evdev.enable": {"declarations": ["nixos/modules/services/misc/persistent-evdev.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable virtual input devices that persist even if the backing device is hotplugged.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "persistent-evdev", "enable"], "readOnly": false, "type": "boolean"}, "services.pfix-srsd.configurePostfix": {"declarations": ["nixos/modules/services/mail/pfix-srsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure the required settings to use pfix-srsd in the local Postfix instance.\n", "loc": ["services", "pfix-srsd", "configurePostfix"], "readOnly": false, "type": "boolean"}, "services.pfix-srsd.domain": {"declarations": ["nixos/modules/services/mail/pfix-srsd.nix"], "description": "The domain for which to enable srs", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "pfix-srsd", "domain"], "readOnly": false, "type": "string"}, "services.pfix-srsd.enable": {"declarations": ["nixos/modules/services/mail/pfix-srsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the postfix sender rewriting scheme daemon.", "loc": ["services", "pfix-srsd", "enable"], "readOnly": false, "type": "boolean"}, "services.pfix-srsd.secretsFile": {"declarations": ["nixos/modules/services/mail/pfix-srsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pfix-srsd/secrets\""}, "description": "The secret data used to encode the SRS address.\nto generate, use a command like:\n`for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done`\n", "loc": ["services", "pfix-srsd", "secretsFile"], "readOnly": false, "type": "absolute path"}, "services.pgadmin.emailServer.address": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "SMTP server for email delivery", "loc": ["services", "pgadmin", "emailServer", "address"], "readOnly": false, "type": "string"}, "services.pgadmin.emailServer.enable": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SMTP email server. This is necessary, if you want to use password recovery or change your own password.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgadmin", "emailServer", "enable"], "readOnly": false, "type": "boolean"}, "services.pgadmin.emailServer.passwordFile": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "description": "Password for SMTP email account.\nNOTE: Should be string not a store path, to prevent the password from being world readable\n", "loc": ["services", "pgadmin", "emailServer", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.pgadmin.emailServer.port": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "SMTP server port for email delivery", "loc": ["services", "pgadmin", "emailServer", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pgadmin.emailServer.sender": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "description": "SMTP server sender email for email delivery. Some servers require this to be a valid email address from that server\n", "example": {"_type": "literalExpression", "text": "\"noreply@example.com\""}, "loc": ["services", "pgadmin", "emailServer", "sender"], "readOnly": false, "type": "string"}, "services.pgadmin.emailServer.useSSL": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL for connecting to the SMTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgadmin", "emailServer", "useSSL"], "readOnly": false, "type": "boolean"}, "services.pgadmin.emailServer.useTLS": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TLS for connecting to the SMTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgadmin", "emailServer", "useTLS"], "readOnly": false, "type": "boolean"}, "services.pgadmin.emailServer.username": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP server username for email delivery", "loc": ["services", "pgadmin", "emailServer", "username"], "readOnly": false, "type": "null or string"}, "services.pgadmin.enable": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgreSQL Admin 4.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgadmin", "enable"], "readOnly": false, "type": "boolean"}, "services.pgadmin.initialEmail": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "description": "Initial email for the pgAdmin account", "loc": ["services", "pgadmin", "initialEmail"], "readOnly": false, "type": "string"}, "services.pgadmin.initialPasswordFile": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "description": "Initial password file for the pgAdmin account. Minimum length by default is 6.\nPlease see `services.pgadmin.minimumPasswordLength`.\nNOTE: Should be string not a store path, to prevent the password from being world readable\n", "loc": ["services", "pgadmin", "initialPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.pgadmin.minimumPasswordLength": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "Minimum length of the password", "loc": ["services", "pgadmin", "minimumPasswordLength"], "readOnly": false, "type": "signed integer"}, "services.pgadmin.openFirewall": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable firewall passthrough for pgadmin4.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgadmin", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pgadmin.package": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pgadmin4"}, "description": "The pgadmin4 package to use.", "loc": ["services", "pgadmin", "package"], "readOnly": false, "type": "package"}, "services.pgadmin.port": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "5050"}, "description": "Port for pgadmin4 to run on", "loc": ["services", "pgadmin", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pgadmin.settings": {"declarations": ["nixos/modules/services/admin/pgadmin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for pgadmin4.\n[Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html)\n", "loc": ["services", "pgadmin", "settings"], "readOnly": false, "type": "attribute set of ((attribute set of ((list of (signed integer or boolean or string)) or attribute set of (signed integer or boolean or string) or signed integer or boolean or string)) or list of ((list of (signed integer or boolean or string)) or attribute set of (signed integer or boolean or string) or signed integer or boolean or string) or (list of (signed integer or boolean or string)) or attribute set of (signed integer or boolean or string) or signed integer or boolean or string)"}, "services.pgbackrest.commands.annotate": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'annotate' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "annotate"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.archive-get": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'archive-get' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "archive-get"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.archive-push": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'archive-push' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "archive-push"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.backup": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'backup' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "backup"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.check": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'check' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "check"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.expire": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'expire' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "expire"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.help": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'help' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "help"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.info": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'info' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "info"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.repo-get": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'repo-get' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "repo-get"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.repo-ls": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'repo-ls' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "repo-ls"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.restore": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'restore' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "restore"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.server": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'server' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "server"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.server-ping": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'server-ping' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "server-ping"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.stanza-create": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'stanza-create' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "stanza-create"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.stanza-delete": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'stanza-delete' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "stanza-delete"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.stanza-upgrade": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'stanza-upgrade' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "stanza-upgrade"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.start": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'start' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "start"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.stop": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'stop' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "stop"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.verify": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'verify' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "verify"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.commands.version": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for the 'version' command.\n\nAn attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "loc": ["services", "pgbackrest", "commands", "version"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.enable": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pgBackRest.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgbackrest", "enable"], "readOnly": false, "type": "boolean"}, "services.pgbackrest.repos": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set of repositories as described in:\n<https://pgbackrest.org/configuration.html#section-repository>\n\nEach repository defaults to set `repo-host` to the attribute's name.\nThe special value \"localhost\" will unset `repo-host`.\n\n::: {.note}\nThe prefix `repoNNN-` is added automatically.\nExample: Use `path` instead of `repo1-path`.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  localhost.path = \"/var/lib/backup\";\n  \"backup.example.com\".host-type = \"tls\";\n}\n"}, "loc": ["services", "pgbackrest", "repos"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string))"}, "services.pgbackrest.repos.<name>.host": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "name"}, "description": "Repository host when operating remotely", "loc": ["services", "pgbackrest", "repos", "<name>", "host"], "readOnly": false, "type": "null or string"}, "services.pgbackrest.repos.<name>.sftp-host": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "name"}, "description": "SFTP repository host", "loc": ["services", "pgbackrest", "repos", "<name>", "sftp-host"], "readOnly": false, "type": "null or string"}, "services.pgbackrest.repos.<name>.sftp-private-key-file": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SFTP private key file.\n\nThe file must be accessible by both the pgbackrest and the postgres users.\n", "loc": ["services", "pgbackrest", "repos", "<name>", "sftp-private-key-file"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.pgbackrest.settings": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll globally available options, i.e. all except stanza options, can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\n", "example": {"_type": "literalExpression", "text": "{\n  process-max = 2;\n}\n"}, "loc": ["services", "pgbackrest", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbackrest.stanzas": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set of stanzas as described in:\n<https://pgbackrest.org/user-guide.html#quickstart/configure-stanza>\n", "loc": ["services", "pgbackrest", "stanzas"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.pgbackrest.stanzas.<name>.instances": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set of database instances as described in:\n<https://pgbackrest.org/configuration.html#section-stanza>\n\nEach instance defaults to set `pg-host` to the attribute's name.\nThe special value \"localhost\" will unset `pg-host`.\n\n::: {.note}\nThe prefix `pgNNN-` is added automatically.\nExample: Use `user` instead of `pg1-user`.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  localhost.database = \"app\";\n  \"postgres.example.com\".port = \"5433\";\n}\n"}, "loc": ["services", "pgbackrest", "stanzas", "<name>", "instances"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string))"}, "services.pgbackrest.stanzas.<name>.instances.<name>.host": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "if name == \"localhost\" then null else name"}, "description": "PostgreSQL host for operating remotely.", "loc": ["services", "pgbackrest", "stanzas", "<name>", "instances", "<name>", "host"], "readOnly": false, "type": "null or string"}, "services.pgbackrest.stanzas.<name>.jobs": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Backups jobs to schedule for this stanza as described in:\n<https://pgbackrest.org/user-guide.html#quickstart/schedule-backup>\n", "example": {"_type": "literalExpression", "text": "{\n  weekly = { schedule = \"Sun, 6:30\"; type = \"full\"; };\n  daily = { schedule = \"Mon..Sat, 6:30\"; type = \"diff\"; };\n}\n"}, "loc": ["services", "pgbackrest", "stanzas", "<name>", "jobs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.pgbackrest.stanzas.<name>.jobs.<name>.schedule": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "description": "When or how often the backup should run.\nMust be in the format described in {manpage}`systemd.time(7)`.\n", "loc": ["services", "pgbackrest", "stanzas", "<name>", "jobs", "<name>", "schedule"], "readOnly": false, "type": "string"}, "services.pgbackrest.stanzas.<name>.jobs.<name>.type": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "description": "Backup type as described in:\n<https://pgbackrest.org/command.html#command-backup/category-command/option-type>\n", "loc": ["services", "pgbackrest", "stanzas", "<name>", "jobs", "<name>", "type"], "readOnly": false, "type": "string"}, "services.pgbackrest.stanzas.<name>.settings": {"declarations": ["nixos/modules/services/backup/pgbackrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set of options as described in:\n<https://pgbackrest.org/configuration.html>\n\nAll options can be used.\nRepository options should be set via [`repos`](#opt-services.pgbackrest.repos) instead.\nStanza options should be set via [`instances`](#opt-services.pgbackrest.stanzas._name_.instances) instead.\n", "example": {"_type": "literalExpression", "text": "{\n  process-max = 2;\n}\n"}, "loc": ["services", "pgbackrest", "stanzas", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string or attribute set of string or list of string)"}, "services.pgbouncer.enable": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgreSQL connection pooler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgbouncer", "enable"], "readOnly": false, "type": "boolean"}, "services.pgbouncer.group": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "\"pgbouncer\""}, "description": "The group pgbouncer is run as.\n", "loc": ["services", "pgbouncer", "group"], "readOnly": false, "type": "string"}, "services.pgbouncer.homeDir": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pgbouncer\""}, "description": "Specifies the home directory.\n", "loc": ["services", "pgbouncer", "homeDir"], "readOnly": false, "type": "absolute path"}, "services.pgbouncer.openFilesLimit": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "65536"}, "description": "Maximum number of open files.\n", "loc": ["services", "pgbouncer", "openFilesLimit"], "readOnly": false, "type": "signed integer"}, "services.pgbouncer.openFirewall": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the specified TCP port in the firewall.\n", "loc": ["services", "pgbouncer", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pgbouncer.package": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pgbouncer"}, "description": "The pgbouncer package to use.", "loc": ["services", "pgbouncer", "package"], "readOnly": false, "type": "package"}, "services.pgbouncer.settings": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for PgBouncer, see <https://www.pgbouncer.org/config.html>\nfor supported values.\n", "loc": ["services", "pgbouncer", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.pgbouncer.settings.databases": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Detailed information about PostgreSQL database definitions:\n<https://www.pgbouncer.org/config.html#section-databases>\n", "example": {"_type": "literalExpression", "text": "{\n  bardb = \"host=localhost dbname=bazdb\";\n  exampledb = \"host=/run/postgresql/ port=5432 auth_user=exampleuser dbname=exampledb sslmode=require\";\n  foodb = \"host=host1.example.com port=5432\";\n}"}, "loc": ["services", "pgbouncer", "settings", "databases"], "readOnly": false, "type": "attribute set of string"}, "services.pgbouncer.settings.peers": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Optional.\n\nDetailed information about PostgreSQL database definitions:\n<https://www.pgbouncer.org/config.html#section-peers>\n", "example": {"_type": "literalExpression", "text": "{\n  \"1\" = \"host=host1.example.com\";\n  \"2\" = \"host=/tmp/pgbouncer-2 port=5555\";\n}"}, "loc": ["services", "pgbouncer", "settings", "peers"], "readOnly": false, "type": "attribute set of string"}, "services.pgbouncer.settings.pgbouncer.default_pool_size": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "How many server connections to allow per user/database pair.\nCan be overridden in the per-database configuration.\n", "loc": ["services", "pgbouncer", "settings", "pgbouncer", "default_pool_size"], "readOnly": false, "type": "signed integer"}, "services.pgbouncer.settings.pgbouncer.ignore_startup_parameters": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "By default, PgBouncer allows only parameters it can keep track of in startup packets:\nclient_encoding, datestyle, timezone and standard_conforming_strings.\n\nAll others parameters will raise an error.\nTo allow others parameters, they can be specified here, so that PgBouncer knows that\nthey are handled by the admin and it can ignore them.\n\nIf you need to specify multiple values, use a comma-separated list.\n\nIMPORTANT: When using prometheus-pgbouncer-exporter, you need:\nextra_float_digits\n<https://github.com/prometheus-community/pgbouncer_exporter#pgbouncer-configuration>\n", "example": {"_type": "literalExpression", "text": "\"extra_float_digits\""}, "loc": ["services", "pgbouncer", "settings", "pgbouncer", "ignore_startup_parameters"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.pgbouncer.settings.pgbouncer.listen_addr": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies a list (comma-separated) of addresses where to listen for TCP connections.\nYou may also use * meaning \u201clisten on all addresses\u201d.\nWhen not set, only Unix socket connections are accepted.\n\nAddresses can be specified numerically (IPv4/IPv6) or by name.\n", "example": {"_type": "literalExpression", "text": "\"*\""}, "loc": ["services", "pgbouncer", "settings", "pgbouncer", "listen_addr"], "readOnly": false, "type": "null or strings concatenated with \",\""}, "services.pgbouncer.settings.pgbouncer.listen_port": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "6432"}, "description": "Which port to listen on. Applies to both TCP and Unix sockets.\n", "loc": ["services", "pgbouncer", "settings", "pgbouncer", "listen_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pgbouncer.settings.pgbouncer.max_client_conn": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum number of client connections allowed.\n\nWhen this setting is increased, then the file descriptor limits in the operating system\nmight also have to be increased. Note that the number of file descriptors potentially\nused is more than maxClientConn. If each user connects under its own user name to the server,\nthe theoretical maximum used is:\nmaxClientConn + (max pool_size * total databases * total users)\n\nIf a database user is specified in the connection string (all users connect under the same user name),\nthe theoretical maximum is:\nmaxClientConn + (max pool_size * total databases)\n\nThe theoretical maximum should never be reached, unless somebody deliberately crafts a special load for it.\nStill, it means you should set the number of file descriptors to a safely high number.\n", "loc": ["services", "pgbouncer", "settings", "pgbouncer", "max_client_conn"], "readOnly": false, "type": "signed integer"}, "services.pgbouncer.settings.pgbouncer.max_db_connections": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Do not allow more than this many server connections per database (regardless of user).\nThis considers the PgBouncer database that the client has connected to,\nnot the PostgreSQL database of the outgoing connection.\n\nThis can also be set per database in the [databases] section.\n\nNote that when you hit the limit, closing a client connection to one pool will\nnot immediately allow a server connection to be established for another pool,\nbecause the server connection for the first pool is still open.\nOnce the server connection closes (due to idle timeout),\na new server connection will immediately be opened for the waiting pool.\n\n0 = unlimited\n", "loc": ["services", "pgbouncer", "settings", "pgbouncer", "max_db_connections"], "readOnly": false, "type": "signed integer"}, "services.pgbouncer.settings.pgbouncer.max_user_connections": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Do not allow more than this many server connections per user (regardless of database).\nThis considers the PgBouncer user that is associated with a pool,\nwhich is either the user specified for the server connection\nor in absence of that the user the client has connected as.\n\nThis can also be set per user in the [users] section.\n\nNote that when you hit the limit, closing a client connection to one pool\nwill not immediately allow a server connection to be established for another pool,\nbecause the server connection for the first pool is still open.\nOnce the server connection closes (due to idle timeout), a new server connection\nwill immediately be opened for the waiting pool.\n\n0 = unlimited\n", "loc": ["services", "pgbouncer", "settings", "pgbouncer", "max_user_connections"], "readOnly": false, "type": "signed integer"}, "services.pgbouncer.settings.pgbouncer.pool_mode": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "\"session\""}, "description": "Specifies when a server connection can be reused by other clients.\n\nsession\n    Server is released back to pool after client disconnects. Default.\ntransaction\n    Server is released back to pool after transaction finishes.\nstatement\n    Server is released back to pool after query finishes.\n    Transactions spanning multiple statements are disallowed in this mode.\n", "loc": ["services", "pgbouncer", "settings", "pgbouncer", "pool_mode"], "readOnly": false, "type": "one of \"session\", \"transaction\", \"statement\""}, "services.pgbouncer.settings.users": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Optional.\n\nDetailed information about PostgreSQL user definitions:\n<https://www.pgbouncer.org/config.html#section-users>\n", "example": {"_type": "literalExpression", "text": "{\n  user1 = \"pool_mode=session\";\n}"}, "loc": ["services", "pgbouncer", "settings", "users"], "readOnly": false, "type": "attribute set of string"}, "services.pgbouncer.user": {"declarations": ["nixos/modules/services/databases/pgbouncer.nix"], "default": {"_type": "literalExpression", "text": "\"pgbouncer\""}, "description": "The user pgbouncer is run as.\n", "loc": ["services", "pgbouncer", "user"], "readOnly": false, "type": "string"}, "services.pghero.enable": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PgHero service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pghero", "enable"], "readOnly": false, "type": "boolean"}, "services.pghero.environment": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the service. Secrets should be\nspecified using {option}`environmentFile`.\n", "loc": ["services", "pghero", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.pghero.environmentFiles": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load environment variables from. Loaded variables override\nvalues set in {option}`environment`.\n", "loc": ["services", "pghero", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.pghero.extraArgs": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments for the systemd service.\n\nRefer to the [Puma web server documentation] for available arguments.\n\n[Puma web server documentation]: https://puma.io/puma#configuration\n", "loc": ["services", "pghero", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pghero.extraGroups": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional groups for the systemd service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tlskeys\"\n]"}, "loc": ["services", "pghero", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.pghero.listenAddress": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "description": "`hostname:port` to listen for HTTP traffic.\n\nThis is bound using the systemd socket activation.\n", "example": {"_type": "literalExpression", "text": "\"[::1]:3000\""}, "loc": ["services", "pghero", "listenAddress"], "readOnly": false, "type": "string"}, "services.pghero.package": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pghero"}, "description": "The pghero package to use.", "loc": ["services", "pghero", "package"], "readOnly": false, "type": "package"}, "services.pghero.settings": {"declarations": ["nixos/modules/services/misc/pghero.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PgHero configuration. Refer to the [PgHero documentation] for more\ndetails.\n\n[PgHero documentation]: https://github.com/ankane/pghero/blob/master/guides/Linux.md#multiple-databases\n", "example": {"_type": "literalExpression", "text": "{\n  databases = {\n    primary = {\n      url = \"<%= ENV['PRIMARY_DATABASE_URL'] %>\";\n    };\n  };\n}"}, "loc": ["services", "pghero", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.pgmanage.allowCustomConnections": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This tells pgmanage whether or not to allow anyone to use a custom\nconnection from the login screen.\n", "loc": ["services", "pgmanage", "allowCustomConnections"], "readOnly": false, "type": "boolean"}, "services.pgmanage.connections": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "pgmanage requires at least one PostgreSQL server be defined.\n\nDetailed information about PostgreSQL connection strings is available at:\n<https://www.postgresql.org/docs/current/libpq-connect.html>\n\nNote that you should not specify your user name or password. That\ninformation will be entered on the login screen. If you specify a\nusername or password, it will be removed by pgmanage before attempting to\nconnect to a database.\n", "example": {"_type": "literalExpression", "text": "{\n  mini-server = \"hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require\";\n  nuc-server = \"hostaddr=192.168.0.100 port=5432 dbname=postgres\";\n}"}, "loc": ["services", "pgmanage", "connections"], "readOnly": false, "type": "attribute set of string"}, "services.pgmanage.enable": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgreSQL Administration for the web.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgmanage", "enable"], "readOnly": false, "type": "boolean"}, "services.pgmanage.localOnly": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "This tells pgmanage whether or not to set the listening socket to local\naddresses only.\n", "loc": ["services", "pgmanage", "localOnly"], "readOnly": false, "type": "boolean"}, "services.pgmanage.logLevel": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "\"error\""}, "description": "Verbosity of logs\n", "loc": ["services", "pgmanage", "logLevel"], "readOnly": false, "type": "one of \"error\", \"warn\", \"notice\", \"info\""}, "services.pgmanage.loginGroup": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This tells pgmanage to only allow users in a certain PostgreSQL group to\nlogin to pgmanage. Note that a connection will be made to PostgreSQL in\norder to test if the user is a member of the login group.\n", "loc": ["services", "pgmanage", "loginGroup"], "readOnly": false, "type": "null or string"}, "services.pgmanage.loginTimeout": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "3600"}, "description": "Number of seconds of inactivity before user is automatically logged\nout.\n", "loc": ["services", "pgmanage", "loginTimeout"], "readOnly": false, "type": "signed integer"}, "services.pgmanage.package": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pgmanage"}, "description": "The pgmanage package to use.", "loc": ["services", "pgmanage", "package"], "readOnly": false, "type": "package"}, "services.pgmanage.port": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "This tells pgmanage what port to listen on for browser requests.\n", "loc": ["services", "pgmanage", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pgmanage.sqlRoot": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pgmanage\""}, "description": "This tells pgmanage where to put the SQL file history. All tabs are saved\nto this location so that if you get disconnected from pgmanage you\ndon't lose your work.\n", "loc": ["services", "pgmanage", "sqlRoot"], "readOnly": false, "type": "string"}, "services.pgmanage.superOnly": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "This tells pgmanage whether or not to only allow super users to\nlogin. The recommended value is true and will restrict users who are not\nsuper users from logging in to any PostgreSQL instance through\npgmanage. Note that a connection will be made to PostgreSQL in order to\ntest if the user is a superuser.\n", "loc": ["services", "pgmanage", "superOnly"], "readOnly": false, "type": "boolean"}, "services.pgmanage.tls": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "These options tell pgmanage where the TLS Certificate and Key files\nreside. If you use these options then you'll only be able to access\npgmanage through a secure TLS connection. These options are only\nnecessary if you wish to connect directly to pgmanage using a secure TLS\nconnection. As an alternative, you can set up pgmanage in a reverse proxy\nconfiguration. This allows your web server to terminate the secure\nconnection and pass on the request to pgmanage. You can find help to set\nup this configuration in:\n<https://github.com/pgManage/pgManage/blob/master/INSTALL_NGINX.md>\n", "loc": ["services", "pgmanage", "tls"], "readOnly": false, "type": "null or (submodule)"}, "services.pgmanage.tls.cert": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "description": "TLS certificate", "loc": ["services", "pgmanage", "tls", "cert"], "readOnly": false, "type": "string"}, "services.pgmanage.tls.key": {"declarations": ["nixos/modules/services/databases/pgmanage.nix"], "description": "TLS key", "loc": ["services", "pgmanage", "tls", "key"], "readOnly": false, "type": "string"}, "services.pgpkeyserver-lite.enable": {"declarations": ["nixos/modules/services/web-apps/pgpkeyserver-lite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgpkeyserver-lite", "enable"], "readOnly": false, "type": "boolean"}, "services.pgpkeyserver-lite.hkpAddress": {"declarations": ["nixos/modules/services/web-apps/pgpkeyserver-lite.nix"], "default": {"_type": "literalExpression", "text": "head config.services.sks.hkpAddress"}, "description": "Which IP address the sks-keyserver is listening on.\n", "loc": ["services", "pgpkeyserver-lite", "hkpAddress"], "readOnly": false, "type": "string"}, "services.pgpkeyserver-lite.hkpPort": {"declarations": ["nixos/modules/services/web-apps/pgpkeyserver-lite.nix"], "default": {"_type": "literalExpression", "text": "config.services.sks.hkpPort"}, "description": "Which port the sks-keyserver is listening on.\n", "loc": ["services", "pgpkeyserver-lite", "hkpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pgpkeyserver-lite.hostname": {"declarations": ["nixos/modules/services/web-apps/pgpkeyserver-lite.nix"], "description": "Which hostname to set the vHost to that is proxying to sks.\n", "loc": ["services", "pgpkeyserver-lite", "hostname"], "readOnly": false, "type": "string"}, "services.pgpkeyserver-lite.package": {"declarations": ["nixos/modules/services/web-apps/pgpkeyserver-lite.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pgpkeyserver-lite"}, "description": "The pgpkeyserver-lite package to use.", "loc": ["services", "pgpkeyserver-lite", "package"], "readOnly": false, "type": "package"}, "services.pgscv.enable": {"declarations": ["nixos/modules/services/monitoring/pgscv.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pgSCV, a PostgreSQL ecosystem metrics collector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pgscv", "enable"], "readOnly": false, "type": "boolean"}, "services.pgscv.logLevel": {"declarations": ["nixos/modules/services/monitoring/pgscv.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level for pgSCV.", "loc": ["services", "pgscv", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.pgscv.package": {"declarations": ["nixos/modules/services/monitoring/pgscv.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pgscv"}, "description": "The pgscv package to use.", "loc": ["services", "pgscv", "package"], "readOnly": false, "type": "package"}, "services.pgscv.settings": {"declarations": ["nixos/modules/services/monitoring/pgscv.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for pgSCV, in YAML format.\n\nSee [configuration reference](https://github.com/cherts/pgscv/wiki/Configuration-settings-reference).\n", "loc": ["services", "pgscv", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.photonvision.enable": {"declarations": ["nixos/modules/services/video/photonvision.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PhotonVision.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "photonvision", "enable"], "readOnly": false, "type": "boolean"}, "services.photonvision.openFirewall": {"declarations": ["nixos/modules/services/video/photonvision.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the required ports in the firewall.\n", "loc": ["services", "photonvision", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.photonvision.package": {"declarations": ["nixos/modules/services/video/photonvision.nix"], "default": {"_type": "literalExpression", "text": "pkgs.photonvision"}, "description": "The photonvision package to use.", "loc": ["services", "photonvision", "package"], "readOnly": false, "type": "package"}, "services.photoprism.address": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Web interface address.\n", "loc": ["services", "photoprism", "address"], "readOnly": false, "type": "string"}, "services.photoprism.databasePasswordFile": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database password file.\n", "loc": ["services", "photoprism", "databasePasswordFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.photoprism.enable": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Photoprism web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "photoprism", "enable"], "readOnly": false, "type": "boolean"}, "services.photoprism.group": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "\"photoprism\""}, "description": "Group under which photoprism runs.", "loc": ["services", "photoprism", "group"], "readOnly": false, "type": "string"}, "services.photoprism.importPath": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "\"import\""}, "description": "Relative or absolute to the `originalsPath` from where the files should be imported.\n", "loc": ["services", "photoprism", "importPath"], "readOnly": false, "type": "string"}, "services.photoprism.originalsPath": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Storage path of your original media files (photos and videos).\n", "example": {"_type": "literalExpression", "text": "\"/data/photos\""}, "loc": ["services", "photoprism", "originalsPath"], "readOnly": false, "type": "absolute path"}, "services.photoprism.package": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "pkgs.photoprism"}, "description": "The photoprism package to use.", "loc": ["services", "photoprism", "package"], "readOnly": false, "type": "package"}, "services.photoprism.passwordFile": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Admin password file.\n", "loc": ["services", "photoprism", "passwordFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.photoprism.port": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "2342"}, "description": "Web interface port.\n", "loc": ["services", "photoprism", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.photoprism.settings": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the getting-started guide](https://docs.photoprism.app/getting-started/config-options/) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PHOTOPRISM_ADMIN_USER = \"root\";\n  PHOTOPRISM_DEFAULT_LOCALE = \"de\";\n}"}, "loc": ["services", "photoprism", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.photoprism.storagePath": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/photoprism\""}, "description": "Location for sidecar, cache, and database files.\n", "loc": ["services", "photoprism", "storagePath"], "readOnly": false, "type": "absolute path"}, "services.photoprism.user": {"declarations": ["nixos/modules/services/web-apps/photoprism.nix"], "default": {"_type": "literalExpression", "text": "\"photoprism\""}, "description": "User under which photoprism runs.", "loc": ["services", "photoprism", "user"], "readOnly": false, "type": "string"}, "services.photoview.dataDir": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/photoview\""}, "description": "Directory for photoview state, cache, and database.", "loc": ["services", "photoview", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.photoview.database.host": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "photoview", "database", "host"], "readOnly": false, "type": "string"}, "services.photoview.database.name": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"photoview\""}, "description": "Database name.", "loc": ["services", "photoview", "database", "name"], "readOnly": false, "type": "string"}, "services.photoview.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the database password.\nRequired when using MySQL or PostgreSQL.\n", "loc": ["services", "photoview", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.photoview.database.port": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "Database port.", "loc": ["services", "photoview", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.photoview.database.type": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.", "loc": ["services", "photoview", "database", "type"], "readOnly": false, "type": "one of \"sqlite\", \"mysql\", \"postgres\""}, "services.photoview.database.user": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"photoview\""}, "description": "Database user.", "loc": ["services", "photoview", "database", "user"], "readOnly": false, "type": "string"}, "services.photoview.enable": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Photoview, a photo gallery for self-hosted personal servers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "photoview", "enable"], "readOnly": false, "type": "boolean"}, "services.photoview.group": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"photoview\""}, "description": "Group under which photoview runs.", "loc": ["services", "photoview", "group"], "readOnly": false, "type": "string"}, "services.photoview.host": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on.", "loc": ["services", "photoview", "host"], "readOnly": false, "type": "string"}, "services.photoview.mediaPath": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "description": "Path to the directory containing photos to be served.\nThis directory must be readable by the photoview user.\n", "example": {"_type": "literalExpression", "text": "\"/mnt/photos\""}, "loc": ["services", "photoview", "mediaPath"], "readOnly": false, "type": "absolute path"}, "services.photoview.package": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "pkgs.photoview"}, "description": "The photoview package to use.", "loc": ["services", "photoview", "package"], "readOnly": false, "type": "package"}, "services.photoview.port": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "4001"}, "description": "Port to listen on.", "loc": ["services", "photoview", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.photoview.secretsFile": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an environment file containing secrets.\nCan be used for MAPBOX_TOKEN or other sensitive settings.\n", "loc": ["services", "photoview", "secretsFile"], "readOnly": false, "type": "null or absolute path"}, "services.photoview.settings.disableFaceRecognition": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable face recognition feature.", "loc": ["services", "photoview", "settings", "disableFaceRecognition"], "readOnly": false, "type": "boolean"}, "services.photoview.settings.disableRawProcessing": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable RAW photo processing.", "loc": ["services", "photoview", "settings", "disableRawProcessing"], "readOnly": false, "type": "boolean"}, "services.photoview.settings.disableVideoEncoding": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable video encoding with FFmpeg.", "loc": ["services", "photoview", "settings", "disableVideoEncoding"], "readOnly": false, "type": "boolean"}, "services.photoview.settings.mapboxToken": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mapbox API token for map features.", "loc": ["services", "photoview", "settings", "mapboxToken"], "readOnly": false, "type": "null or string"}, "services.photoview.settings.videoEncoder": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hardware video encoder to use.", "loc": ["services", "photoview", "settings", "videoEncoder"], "readOnly": false, "type": "null or one of \"h264_qsv\", \"h264_vaapi\", \"h264_nvenc\""}, "services.photoview.user": {"declarations": ["nixos/modules/services/web-apps/photoview.nix"], "default": {"_type": "literalExpression", "text": "\"photoview\""}, "description": "User account under which photoview runs.", "loc": ["services", "photoview", "user"], "readOnly": false, "type": "string"}, "services.phpfpm.extraConfig": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra configuration that should be put in the global section of\nthe PHP-FPM configuration file. Do not specify the options\n`error_log` or\n`daemonize` here, since they are generated by\nNixOS.\n", "loc": ["services", "phpfpm", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.phpfpm.phpOptions": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options appended to the PHP configuration file {file}`php.ini`.\n", "example": {"_type": "literalExpression", "text": "''\n  date.timezone = \"CET\"\n''"}, "loc": ["services", "phpfpm", "phpOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.phpfpm.phpPackage": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php"}, "description": "The php package to use.", "loc": ["services", "phpfpm", "phpPackage"], "readOnly": false, "type": "package"}, "services.phpfpm.pools": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PHP-FPM pools. If no pools are defined, the PHP-FPM\nservice is disabled.\n", "example": {"_type": "literalExpression", "text": "{\n  mypool = {\n    user = \"php\";\n    group = \"php\";\n    phpPackage = pkgs.php;\n    settings = {\n      \"pm\" = \"dynamic\";\n      \"pm.max_children\" = 75;\n      \"pm.start_servers\" = 10;\n      \"pm.min_spare_servers\" = 5;\n      \"pm.max_spare_servers\" = 20;\n      \"pm.max_requests\" = 500;\n    };\n  }\n}"}, "loc": ["services", "phpfpm", "pools"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.phpfpm.pools.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Extra lines that go into the pool configuration.\nSee the documentation on `php-fpm.conf` for\ndetails on configuration directives.\n", "loc": ["services", "phpfpm", "pools", "<name>", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.phpfpm.pools.<name>.group": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "description": "Group account under which this pool runs.", "loc": ["services", "phpfpm", "pools", "<name>", "group"], "readOnly": false, "type": "string"}, "services.phpfpm.pools.<name>.listen": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The address on which to accept FastCGI requests.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/unix/socket\""}, "loc": ["services", "phpfpm", "pools", "<name>", "listen"], "readOnly": false, "type": "string"}, "services.phpfpm.pools.<name>.phpEnv": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables used for this PHP-FPM pool.\n", "example": {"_type": "literalExpression", "text": "{\n  HOSTNAME = \"$HOSTNAME\";\n  TMP = \"/tmp\";\n  TMPDIR = \"/tmp\";\n  TEMP = \"/tmp\";\n}\n"}, "loc": ["services", "phpfpm", "pools", "<name>", "phpEnv"], "readOnly": false, "type": "attribute set of string"}, "services.phpfpm.pools.<name>.phpOptions": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "description": "\"Options appended to the PHP configuration file {file}`php.ini` used for this PHP-FPM pool.\"\n", "loc": ["services", "phpfpm", "pools", "<name>", "phpOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.phpfpm.pools.<name>.phpPackage": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.phpfpm.phpPackage"}, "description": "The PHP package to use for running this PHP-FPM pool.\n", "loc": ["services", "phpfpm", "pools", "<name>", "phpPackage"], "readOnly": false, "type": "package"}, "services.phpfpm.pools.<name>.settings": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PHP-FPM pool directives. Refer to the \"List of pool directives\" section of\n<https://www.php.net/manual/en/install.fpm.configuration.php>\nfor details. Note that settings names must be enclosed in quotes (e.g.\n`\"pm.max_children\"` instead of `pm.max_children`).\n", "example": {"_type": "literalExpression", "text": "{\n  \"pm\" = \"dynamic\";\n  \"pm.max_children\" = 75;\n  \"pm.start_servers\" = 10;\n  \"pm.min_spare_servers\" = 5;\n  \"pm.max_spare_servers\" = 20;\n  \"pm.max_requests\" = 500;\n}\n"}, "loc": ["services", "phpfpm", "pools", "<name>", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.phpfpm.pools.<name>.socket": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "description": "Path to the unix socket file on which to accept FastCGI requests.\n\n::: {.note}\nThis option is read-only and managed by NixOS.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/run/phpfpm/<name>.sock\""}, "loc": ["services", "phpfpm", "pools", "<name>", "socket"], "readOnly": true, "type": "string"}, "services.phpfpm.pools.<name>.user": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "description": "User account under which this pool runs.", "loc": ["services", "phpfpm", "pools", "<name>", "user"], "readOnly": false, "type": "string"}, "services.phpfpm.settings": {"declarations": ["nixos/modules/services/web-servers/phpfpm/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PHP-FPM global directives. Refer to the \"List of global php-fpm.conf directives\" section of\n<https://www.php.net/manual/en/install.fpm.configuration.php>\nfor details. Note that settings names must be enclosed in quotes (e.g.\n`\"pm.max_children\"` instead of `pm.max_children`).\nYou need not specify the options `error_log` or\n`daemonize` here, since they are generated by NixOS.\n", "loc": ["services", "phpfpm", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.phylactery.enable": {"declarations": ["nixos/modules/services/web-apps/phylactery.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Phylactery server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "phylactery", "enable"], "readOnly": false, "type": "boolean"}, "services.phylactery.host": {"declarations": ["nixos/modules/services/web-apps/phylactery.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Listen host for Phylactery", "loc": ["services", "phylactery", "host"], "readOnly": false, "type": "string"}, "services.phylactery.library": {"declarations": ["nixos/modules/services/web-apps/phylactery.nix"], "description": "Path to CBZ library", "loc": ["services", "phylactery", "library"], "readOnly": false, "type": "absolute path"}, "services.phylactery.package": {"declarations": ["nixos/modules/services/web-apps/phylactery.nix"], "default": {"_type": "literalExpression", "text": "pkgs.phylactery"}, "description": "The phylactery package to use.", "loc": ["services", "phylactery", "package"], "readOnly": false, "type": "package"}, "services.phylactery.port": {"declarations": ["nixos/modules/services/web-apps/phylactery.nix"], "description": "Listen port for Phylactery", "loc": ["services", "phylactery", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.physlock.allowAnyUser": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow any user to lock the screen. This will install a\nsetuid wrapper to allow any user to start physlock as root, which\nis a minor security risk. Call the physlock binary to use this instead\nof using the systemd service.\n", "loc": ["services", "physlock", "allowAnyUser"], "readOnly": false, "type": "boolean"}, "services.physlock.disableSysRq": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to disable SysRq when locked with physlock.\n", "loc": ["services", "physlock", "disableSysRq"], "readOnly": false, "type": "boolean"}, "services.physlock.enable": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the {command}`physlock` screen locking mechanism.\n\nEnable this and then run {command}`systemctl start physlock`\nto securely lock the screen.\n\nThis will switch to a new virtual terminal, turn off console\nswitching and disable SysRq mechanism (when\n{option}`services.physlock.disableSysRq` is set)\nuntil the root or user password is given.\n", "loc": ["services", "physlock", "enable"], "readOnly": false, "type": "boolean"}, "services.physlock.lockMessage": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Message to show on physlock login terminal.\n", "loc": ["services", "physlock", "lockMessage"], "readOnly": false, "type": "string"}, "services.physlock.lockOn.extraTargets": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Other targets to lock the screen just before.\n\nUseful if you want to e.g. both autologin to X11 so that\nyour {file}`~/.xsession` gets executed and\nstill to have the screen locked so that the system can be\nbooted relatively unattended.\n", "example": {"_type": "literalExpression", "text": "[\n  \"display-manager.service\"\n]"}, "loc": ["services", "physlock", "lockOn", "extraTargets"], "readOnly": false, "type": "list of string"}, "services.physlock.lockOn.hibernate": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to lock screen with physlock just before hibernate.\n", "loc": ["services", "physlock", "lockOn", "hibernate"], "readOnly": false, "type": "boolean"}, "services.physlock.lockOn.suspend": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to lock screen with physlock just before suspend.\n", "loc": ["services", "physlock", "lockOn", "suspend"], "readOnly": false, "type": "boolean"}, "services.physlock.muteKernelMessages": {"declarations": ["nixos/modules/services/security/physlock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable kernel messages on console while physlock is running.\n", "loc": ["services", "physlock", "muteKernelMessages"], "readOnly": false, "type": "boolean"}, "services.picom.activeOpacity": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "Opacity of active windows.\n", "example": {"_type": "literalExpression", "text": "0.8"}, "loc": ["services", "picom", "activeOpacity"], "readOnly": false, "type": "integer or floating point number between 0 and 1 (both inclusive)"}, "services.picom.backend": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "\"xrender\""}, "description": "Backend to use: `egl`, `glx`, `xrender` or `xr_glx_hybrid`.\n", "loc": ["services", "picom", "backend"], "readOnly": false, "type": "one of \"egl\", \"glx\", \"xrender\", \"xr_glx_hybrid\""}, "services.picom.enable": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable Picom as the X.org composite manager.\n", "loc": ["services", "picom", "enable"], "readOnly": false, "type": "boolean"}, "services.picom.fade": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Fade windows in and out.\n", "loc": ["services", "picom", "fade"], "readOnly": false, "type": "boolean"}, "services.picom.fadeDelta": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Time between fade animation step (in ms).\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "picom", "fadeDelta"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.picom.fadeExclude": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of conditions of windows that should not be faded.\nSee {manpage}`picom(1)` man page for more examples.\n", "example": {"_type": "literalExpression", "text": "[\n  \"window_type *= 'menu'\"\n  \"name ~= 'Firefox$'\"\n  \"focused = 1\"\n]"}, "loc": ["services", "picom", "fadeExclude"], "readOnly": false, "type": "list of string"}, "services.picom.fadeSteps": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "[\n  0.028\n  0.03\n]"}, "description": "Opacity change between fade steps (in and out).\n", "example": {"_type": "literalExpression", "text": "[\n  0.04\n  0.04\n]"}, "loc": ["services", "picom", "fadeSteps"], "readOnly": false, "type": "pair of integer or floating point number between 0.01 and 1 (both inclusive)"}, "services.picom.inactiveOpacity": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "Opacity of inactive windows.\n", "example": {"_type": "literalExpression", "text": "0.8"}, "loc": ["services", "picom", "inactiveOpacity"], "readOnly": false, "type": "integer or floating point number between 0.1 and 1 (both inclusive)"}, "services.picom.menuOpacity": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "Opacity of dropdown and popup menu.\n", "example": {"_type": "literalExpression", "text": "0.8"}, "loc": ["services", "picom", "menuOpacity"], "readOnly": false, "type": "integer or floating point number between 0 and 1 (both inclusive)"}, "services.picom.opacityRules": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rules that control the opacity of windows, in format PERCENT:PATTERN.\n", "example": {"_type": "literalExpression", "text": "[\n  \"95:class_g = 'URxvt' && !_NET_WM_STATE@:32a\"\n  \"0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'\"\n]"}, "loc": ["services", "picom", "opacityRules"], "readOnly": false, "type": "list of string"}, "services.picom.package": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "pkgs.picom"}, "description": "The picom package to use.", "loc": ["services", "picom", "package"], "readOnly": false, "type": "package"}, "services.picom.settings": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Picom settings. Use this option to configure Picom settings not exposed\nin a NixOS option or to bypass one.  For the available options see the\nCONFIGURATION FILES section at {manpage}`picom(1)`.\n", "example": {"_type": "literalExpression", "text": "blur =\n  { method = \"gaussian\";\n    size = 10;\n    deviation = 5.0;\n  };\n"}, "loc": ["services", "picom", "settings"], "readOnly": false, "type": "libconfig configuration. The format consists of an attributes\nset (called a group) of settings. Each setting can be a scalar type\n(boolean, integer, floating point number or string), a list of\nscalars or a group itself\n"}, "services.picom.shadow": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Draw window shadows.\n", "loc": ["services", "picom", "shadow"], "readOnly": false, "type": "boolean"}, "services.picom.shadowExclude": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of conditions of windows that should have no shadow.\nSee {manpage}`picom(1)` man page for more examples.\n", "example": {"_type": "literalExpression", "text": "[\n  \"window_type *= 'menu'\"\n  \"name ~= 'Firefox$'\"\n  \"focused = 1\"\n]"}, "loc": ["services", "picom", "shadowExclude"], "readOnly": false, "type": "list of string"}, "services.picom.shadowOffsets": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "[\n  -15\n  -15\n]"}, "description": "Left and right offset for shadows (in pixels).\n", "example": {"_type": "literalExpression", "text": "[\n  -10\n  -15\n]"}, "loc": ["services", "picom", "shadowOffsets"], "readOnly": false, "type": "pair of signed integer"}, "services.picom.shadowOpacity": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "0.75"}, "description": "Window shadows opacity.\n", "example": {"_type": "literalExpression", "text": "0.8"}, "loc": ["services", "picom", "shadowOpacity"], "readOnly": false, "type": "integer or floating point number between 0 and 1 (both inclusive)"}, "services.picom.vSync": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable vertical synchronization. Chooses the best method\n(drm, opengl, opengl-oml, opengl-swc, opengl-mswc) automatically.\nThe bool value should be used, the others are just for backwards compatibility.\n", "loc": ["services", "picom", "vSync"], "readOnly": false, "type": "boolean or one of \"none\", \"drm\", \"opengl\", \"opengl-oml\", \"opengl-swc\", \"opengl-mswc\""}, "services.picom.wintypes": {"declarations": ["nixos/modules/services/x11/picom.nix"], "default": {"_type": "literalExpression", "text": "{\n  popup_menu = { opacity = config.services.picom.menuOpacity; };\n  dropdown_menu = { opacity = config.services.picom.menuOpacity; };\n}\n"}, "description": "Rules for specific window types.\n", "example": {"_type": "literalExpression", "text": "{ }"}, "loc": ["services", "picom", "wintypes"], "readOnly": false, "type": "attribute set"}, "services.picosnitch.enable": {"declarations": ["nixos/modules/services/networking/picosnitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable picosnitch daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "picosnitch", "enable"], "readOnly": false, "type": "boolean"}, "services.pict-rs.address": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IPv4 address to deploy the service to.\n", "loc": ["services", "pict-rs", "address"], "readOnly": false, "type": "string"}, "services.pict-rs.dataDir": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pict-rs\""}, "description": "The directory where to store the uploaded images & database.\n", "loc": ["services", "pict-rs", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.pict-rs.enable": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pict-rs server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pict-rs", "enable"], "readOnly": false, "type": "boolean"}, "services.pict-rs.package": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pict-rs"}, "description": "The pict-rs package to use.", "loc": ["services", "pict-rs", "package"], "readOnly": false, "type": "package"}, "services.pict-rs.port": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port which to bind the service to.\n", "loc": ["services", "pict-rs", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pict-rs.repoPath": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The directory where to store the database.\nThis option takes precedence over dataDir.\n", "loc": ["services", "pict-rs", "repoPath"], "readOnly": false, "type": "null or absolute path"}, "services.pict-rs.storePath": {"declarations": ["nixos/modules/services/web-apps/pict-rs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The directory where to store the uploaded images.\nThis option takes precedence over dataDir.\n", "loc": ["services", "pict-rs", "storePath"], "readOnly": false, "type": "null or absolute path"}, "services.pid-fan-controller.enable": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the PID fan controller, which controls the configured fans by running a closed-loop PID control loop.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pid-fan-controller", "enable"], "readOnly": false, "type": "boolean"}, "services.pid-fan-controller.package": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pid-fan-controller"}, "description": "The pid-fan-controller package to use.", "loc": ["services", "pid-fan-controller", "package"], "readOnly": false, "type": "package"}, "services.pid-fan-controller.settings.fans": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "List of fans to be controlled.", "example": {"_type": "literalExpression", "text": "''\n  [\n    {\n      wildcardPath = \"/sys/devices/platform/nct6775.2592/hwmon/hwmon*/pwm1\";\n      minPwm = 60;\n      maxPwm = 255;\n      heatPressureSrcs = [\n        \"cpu\"\n        \"gpu\"\n      ];\n    }\n  ];\n''"}, "loc": ["services", "pid-fan-controller", "settings", "fans"], "readOnly": false, "type": "list of (submodule)"}, "services.pid-fan-controller.settings.fans.*.cutoff": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to stop the fan when `minPwm` is reached.", "loc": ["services", "pid-fan-controller", "settings", "fans", "*", "cutoff"], "readOnly": false, "type": "boolean"}, "services.pid-fan-controller.settings.fans.*.heatPressureSrcs": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "Heat pressure sources affected by the fan.", "loc": ["services", "pid-fan-controller", "settings", "fans", "*", "heatPressureSrcs"], "readOnly": false, "type": "non-empty (list of string)"}, "services.pid-fan-controller.settings.fans.*.maxPwm": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "default": {"_type": "literalExpression", "text": "255"}, "description": "Maximum PWM value.", "loc": ["services", "pid-fan-controller", "settings", "fans", "*", "maxPwm"], "readOnly": false, "type": "8 bit unsigned integer; between 0 and 255 (both inclusive)"}, "services.pid-fan-controller.settings.fans.*.minPwm": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Minimum PWM value.", "loc": ["services", "pid-fan-controller", "settings", "fans", "*", "minPwm"], "readOnly": false, "type": "8 bit unsigned integer; between 0 and 255 (both inclusive)"}, "services.pid-fan-controller.settings.fans.*.wildcardPath": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "Wildcard path of the `hwmon` `pwm` file.\nIf the fans are not to be found in `/sys/class/hwmon/hwmon*` the corresponding\nkernel module (like `nct6775`) needs to be added to `boot.kernelModules`.\nSee the [`hwmon` Documentation](https://www.kernel.org/doc/html/latest/hwmon/index.html).\n", "loc": ["services", "pid-fan-controller", "settings", "fans", "*", "wildcardPath"], "readOnly": false, "type": "string"}, "services.pid-fan-controller.settings.heatSources": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "List of heat sources to be monitored.", "example": {"_type": "literalExpression", "text": "''\n  [\n    {\n      name = \"cpu\";\n      wildcardPath = \"/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon*/temp1_input\";\n      pidParams = {\n        setPoint = 60;\n        P = -5.0e-3;\n        I = -2.0e-3;\n        D = -6.0e-3;\n      };\n    }\n  ];\n''"}, "loc": ["services", "pid-fan-controller", "settings", "heatSources"], "readOnly": false, "type": "list of (submodule)"}, "services.pid-fan-controller.settings.heatSources.*.name": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "Name of the heat source.", "loc": ["services", "pid-fan-controller", "settings", "heatSources", "*", "name"], "readOnly": false, "type": "non-empty string"}, "services.pid-fan-controller.settings.heatSources.*.pidParams.D": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "K_d of PID controller.", "loc": ["services", "pid-fan-controller", "settings", "heatSources", "*", "pidParams", "D"], "readOnly": false, "type": "floating point number"}, "services.pid-fan-controller.settings.heatSources.*.pidParams.I": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "K_i of PID controller.", "loc": ["services", "pid-fan-controller", "settings", "heatSources", "*", "pidParams", "I"], "readOnly": false, "type": "floating point number"}, "services.pid-fan-controller.settings.heatSources.*.pidParams.P": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "K_p of PID controller.", "loc": ["services", "pid-fan-controller", "settings", "heatSources", "*", "pidParams", "P"], "readOnly": false, "type": "floating point number"}, "services.pid-fan-controller.settings.heatSources.*.pidParams.setPoint": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "Set point of the controller in \u00b0C.", "loc": ["services", "pid-fan-controller", "settings", "heatSources", "*", "pidParams", "setPoint"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.pid-fan-controller.settings.heatSources.*.wildcardPath": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "description": "Path of the heat source's `hwmon` `temp_input` file.\nThis path can contain multiple wildcards, but has to resolve to\nexactly one result.\n", "loc": ["services", "pid-fan-controller", "settings", "heatSources", "*", "wildcardPath"], "readOnly": false, "type": "non-empty string"}, "services.pid-fan-controller.settings.interval": {"declarations": ["nixos/modules/services/hardware/pid-fan-controller.nix"], "default": {"_type": "literalExpression", "text": "500"}, "description": "Interval between controller cycles in milliseconds.", "loc": ["services", "pid-fan-controller", "settings", "interval"], "readOnly": false, "type": "signed integer"}, "services.pihole-ftl.enable": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pi-hole FTL.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pihole-ftl", "enable"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.group": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"pihole\""}, "description": "Group to run the service as.", "loc": ["services", "pihole-ftl", "group"], "readOnly": false, "type": "string"}, "services.pihole-ftl.lists": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Deny (or allow) domain lists to use", "example": {"_type": "literalExpression", "text": "[\n  {\n    url = \"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\";\n  }\n]"}, "loc": ["services", "pihole-ftl", "lists"], "readOnly": false, "type": "list of (submodule)"}, "services.pihole-ftl.lists.*.description": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of the list", "loc": ["services", "pihole-ftl", "lists", "*", "description"], "readOnly": false, "type": "string"}, "services.pihole-ftl.lists.*.enabled": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this list is enabled", "loc": ["services", "pihole-ftl", "lists", "*", "enabled"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.lists.*.type": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"block\""}, "description": "Whether domains on this list should be explicitly allowed, or blocked", "loc": ["services", "pihole-ftl", "lists", "*", "type"], "readOnly": false, "type": "one of \"allow\", \"block\""}, "services.pihole-ftl.lists.*.url": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "description": "URL of the domain list", "loc": ["services", "pihole-ftl", "lists", "*", "url"], "readOnly": false, "type": "string"}, "services.pihole-ftl.logDirectory": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/pihole\""}, "description": "Path for Pi-hole log files", "loc": ["services", "pihole-ftl", "logDirectory"], "readOnly": false, "type": "absolute path"}, "services.pihole-ftl.macvendorURL": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"https://ftl.pi-hole.net/macvendor.db\""}, "description": "URL from which to download the macvendor.db file.\n", "loc": ["services", "pihole-ftl", "macvendorURL"], "readOnly": false, "type": "string"}, "services.pihole-ftl.openFirewallDHCP": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for pihole-FTL's DHCP server.", "loc": ["services", "pihole-ftl", "openFirewallDHCP"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.openFirewallDNS": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for pihole-FTL's DNS server.", "loc": ["services", "pihole-ftl", "openFirewallDNS"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.openFirewallWebserver": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for pihole-FTL's webserver, as configured in `settings.webserver.port`.\n", "loc": ["services", "pihole-ftl", "openFirewallWebserver"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.package": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pihole-ftl"}, "description": "The pihole-ftl package to use.", "loc": ["services", "pihole-ftl", "package"], "readOnly": false, "type": "package"}, "services.pihole-ftl.piholePackage": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pihole"}, "description": "The pihole package to use.", "loc": ["services", "pihole-ftl", "piholePackage"], "readOnly": false, "type": "package"}, "services.pihole-ftl.privacyLevel": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Level of detail in generated statistics. 0 enables full statistics, 3\nshows only anonymous statistics.\n\nSee [the documentation](https://docs.pi-hole.net/ftldns/privacylevels).\n\nAlso see services.dnsmasq.settings.log-queries to completely disable\nquery logging.\n", "example": {"_type": "literalExpression", "text": "3"}, "loc": ["services", "pihole-ftl", "privacyLevel"], "readOnly": false, "type": "integer or floating point number between 0 and 3 (both inclusive)"}, "services.pihole-ftl.queryLogDeleter.age": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "90"}, "description": "Delete DNS query logs older than this many days, if\n[](#opt-services.pihole-ftl.queryLogDeleter.enable) is on.\n", "loc": ["services", "pihole-ftl", "queryLogDeleter", "age"], "readOnly": false, "type": "signed integer"}, "services.pihole-ftl.queryLogDeleter.enable": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pi-hole FTL DNS query log deleter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pihole-ftl", "queryLogDeleter", "enable"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.queryLogDeleter.interval": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "How often the query log deleter is run. See systemd.time(7) for more\ninformation about the format.\n", "loc": ["services", "pihole-ftl", "queryLogDeleter", "interval"], "readOnly": false, "type": "string"}, "services.pihole-ftl.settings": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "description": "Configuration options for pihole.toml.\nSee the upstream [documentation](https://docs.pi-hole.net/ftldns/configfile).\n", "loc": ["services", "pihole-ftl", "settings"], "readOnly": false, "type": "TOML value"}, "services.pihole-ftl.stateDirectory": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pihole\""}, "description": "Path for pihole state files.\n", "loc": ["services", "pihole-ftl", "stateDirectory"], "readOnly": false, "type": "absolute path"}, "services.pihole-ftl.useDnsmasqConfig": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Import options defined in [](#opt-services.dnsmasq.settings) via\nmisc.dnsmasq_lines in Pi-hole's config.\n", "loc": ["services", "pihole-ftl", "useDnsmasqConfig"], "readOnly": false, "type": "boolean"}, "services.pihole-ftl.user": {"declarations": ["nixos/modules/services/networking/pihole-ftl.nix"], "default": {"_type": "literalExpression", "text": "\"pihole\""}, "description": "User to run the service as.", "loc": ["services", "pihole-ftl", "user"], "readOnly": false, "type": "string"}, "services.pihole-web.enable": {"declarations": ["nixos/modules/services/web-apps/pihole-web.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pi-hole dashboard.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pihole-web", "enable"], "readOnly": false, "type": "boolean"}, "services.pihole-web.hostName": {"declarations": ["nixos/modules/services/web-apps/pihole-web.nix"], "default": {"_type": "literalExpression", "text": "\"pi.hole\""}, "description": "Domain name for the website.", "loc": ["services", "pihole-web", "hostName"], "readOnly": false, "type": "string"}, "services.pihole-web.package": {"declarations": ["nixos/modules/services/web-apps/pihole-web.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pihole-web"}, "description": "The pihole-web package to use.", "loc": ["services", "pihole-web", "package"], "readOnly": false, "type": "package"}, "services.pihole-web.ports": {"declarations": ["nixos/modules/services/web-apps/pihole-web.nix"], "description": "Port(s) for the webserver to serve on.\n\nIf provided as a string, optionally append suffixes to control behaviour:\n\n- `o`: to make the port is optional - failure to bind will not be an error.\n- `s`: for the port to be used for SSL.\n- `r`: for a non-SSL port to redirect to the first available SSL port.\n", "example": {"_type": "literalExpression", "text": "[\n  \"80r\"\n  \"443s\"\n]"}, "loc": ["services", "pihole-web", "ports"], "readOnly": false, "type": "list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or string or (submodule))"}, "services.pinchflat.enable": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pinchflat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pinchflat", "enable"], "readOnly": false, "type": "boolean"}, "services.pinchflat.extraConfig": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration of Pinchflat is handled through environment variables.\nThe available configuration options can be found in [the Pinchflat README](https://github.com/kieraneglin/pinchflat/README.md#environment-variables).\n", "example": {"_type": "literalExpression", "text": "{\n  YT_DLP_WORKER_CONCURRENCY = 1;\n}\n"}, "loc": ["services", "pinchflat", "extraConfig"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or string)"}, "services.pinchflat.group": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "\"pinchflat\""}, "description": "Group under which Pinchflat runs.\n", "loc": ["services", "pinchflat", "group"], "readOnly": false, "type": "string"}, "services.pinchflat.logLevel": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level for Pinchflat.", "loc": ["services", "pinchflat", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"error\""}, "services.pinchflat.mediaDir": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pinchflat/media\""}, "description": "The directory into which Pinchflat downloads videos.", "loc": ["services", "pinchflat", "mediaDir"], "readOnly": false, "type": "absolute path"}, "services.pinchflat.openFirewall": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Pinchflat web interface", "loc": ["services", "pinchflat", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pinchflat.package": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pinchflat"}, "description": "The pinchflat package to use.", "loc": ["services", "pinchflat", "package"], "readOnly": false, "type": "package"}, "services.pinchflat.port": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "8945"}, "description": "Port on which the Pinchflat web interface is available.", "loc": ["services", "pinchflat", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pinchflat.secretsFile": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secrets like {env}`SECRET_KEY_BASE` and {env}`BASIC_AUTH_PASSWORD`\nshould be passed to the service without adding them to the world-readable Nix store.\n\nNote that either this file needs to be available on the host on which `pinchflat` is running,\nor the option `selfhosted` must be `true`.\nFurther, {env}`SECRET_KEY_BASE` has a minimum length requirement of 64 bytes.\nOne way to generate such a secret is to use `openssl rand -hex 64`.\n\nAs an example, the contents of the file might look like this:\n```\nSECRET_KEY_BASE=...copy-paste a secret token here...\nBASIC_AUTH_USERNAME=...basic auth username...\nBASIC_AUTH_PASSWORD=...basic auth password...\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/pinchflat\""}, "loc": ["services", "pinchflat", "secretsFile"], "readOnly": false, "type": "null or absolute path"}, "services.pinchflat.selfhosted": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use a weak secret. If true, you are not required to provide a {env}`SECRET_KEY_BASE` through the `secretsFile` option. Do not use this option in production!", "loc": ["services", "pinchflat", "selfhosted"], "readOnly": false, "type": "boolean"}, "services.pinchflat.user": {"declarations": ["nixos/modules/services/misc/pinchflat.nix"], "default": {"_type": "literalExpression", "text": "\"pinchflat\""}, "description": "User account under which Pinchflat runs.\n", "loc": ["services", "pinchflat", "user"], "readOnly": false, "type": "string"}, "services.pipewire.alsa.enable": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ALSA support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pipewire", "alsa", "enable"], "readOnly": false, "type": "boolean"}, "services.pipewire.alsa.support32Bit": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable 32-bit ALSA support on 64-bit systems.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pipewire", "alsa", "support32Bit"], "readOnly": false, "type": "boolean"}, "services.pipewire.audio.enable": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "config.services.pipewire.alsa.enable || config.services.pipewire.jack.enable || config.services.pipewire.pulse.enable"}, "description": "Whether to use PipeWire as the primary sound server", "loc": ["services", "pipewire", "audio", "enable"], "readOnly": false, "type": "boolean"}, "services.pipewire.configPackages": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages that provide PipeWire configuration, in the form of\n`share/pipewire/*/*.conf` files.\n\nLV2 dependencies will be picked up from config packages automatically\nvia `passthru.requiredLv2Packages`.\n", "example": {"_type": "literalExpression", "text": "[\n          (pkgs.writeTextDir \"share/pipewire/pipewire.conf.d/10-loopback.conf\" ''\n            context.modules = [\n            {   name = libpipewire-module-loopback\n                args = {\n                  node.description = \"Scarlett Focusrite Line 1\"\n                  capture.props = {\n                      audio.position = [ FL ]\n                      stream.dont-remix = true\n                      node.target = \"alsa_input.usb-Focusrite_Scarlett_Solo_USB_Y7ZD17C24495BC-00.analog-stereo\"\n                      node.passive = true\n                  }\n                  playback.props = {\n                      node.name = \"SF_mono_in_1\"\n                      media.class = \"Audio/Source\"\n                      audio.position = [ MONO ]\n                  }\n                }\n            }\n            ]\n          '')\n        ]"}, "loc": ["services", "pipewire", "configPackages"], "readOnly": false, "type": "list of package"}, "services.pipewire.enable": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PipeWire service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pipewire", "enable"], "readOnly": false, "type": "boolean"}, "services.pipewire.extraConfig.client": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for the PipeWire client library, used by most applications.\n\nEvery item in this attrset becomes a separate drop-in file in `/etc/pipewire/client.conf.d`.\n\nSee the [PipeWire wiki][wiki] for examples.\n\n[wiki]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Config-client\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-no-resample\" = {\n    \"stream.properties\" = {\n      \"resample.disable\" = true;\n    };\n  };\n}"}, "loc": ["services", "pipewire", "extraConfig", "client"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.pipewire.extraConfig.jack": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for the PipeWire JACK server and client library.\n\nEvery item in this attrset becomes a separate drop-in file in `/etc/pipewire/jack.conf.d`.\n\nSee the [PipeWire wiki][wiki] for examples.\n\n[wiki]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Config-JACK\n", "example": {"_type": "literalExpression", "text": "{\n  \"20-hide-midi\" = {\n    \"jack.properties\" = {\n      \"jack.show-midi\" = false;\n    };\n  };\n}"}, "loc": ["services", "pipewire", "extraConfig", "jack"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.pipewire.extraConfig.pipewire": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for the PipeWire server.\n\nEvery item in this attrset becomes a separate drop-in file in `/etc/pipewire/pipewire.conf.d`.\n\nSee `man pipewire.conf` for details, and [the PipeWire wiki][wiki] for examples.\n\nSee also:\n- [PipeWire wiki - virtual devices][wiki-virtual-device] for creating virtual devices or remapping channels\n- [PipeWire wiki - filter-chain][wiki-filter-chain] for creating more complex processing pipelines\n- [PipeWire wiki - network][wiki-network] for streaming audio over a network\n\n[wiki]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Config-PipeWire\n[wiki-virtual-device]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Virtual-Devices\n[wiki-filter-chain]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Filter-Chain\n[wiki-network]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Network\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-clock-rate\" = {\n    \"context.properties\" = {\n      \"default.clock.rate\" = 44100;\n    };\n  };\n  \"11-no-upmixing\" = {\n    \"stream.properties\" = {\n      \"channelmix.upmix\" = false;\n    };\n  };\n}"}, "loc": ["services", "pipewire", "extraConfig", "pipewire"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.pipewire.extraConfig.pipewire-pulse": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for the PipeWire PulseAudio server.\n\nEvery item in this attrset becomes a separate drop-in file in `/etc/pipewire/pipewire-pulse.conf.d`.\n\nSee `man pipewire-pulse.conf` for details, and [the PipeWire wiki][wiki] for examples.\n\nSee also:\n- [PipeWire wiki - PulseAudio tricks guide][wiki-tricks] for more examples.\n\n[wiki]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Config-PulseAudio\n[wiki-tricks]: https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Guide-PulseAudio-Tricks\n", "example": {"_type": "literalExpression", "text": "{\n  \"15-force-s16-info\" = {\n    \"pulse.rules\" = [\n      {\n        actions = {\n          quirks = [\n            \"force-s16-info\"\n          ];\n        };\n        matches = [\n          {\n            \"application.process.binary\" = \"my-broken-app\";\n          }\n        ];\n      }\n    ];\n  };\n}"}, "loc": ["services", "pipewire", "extraConfig", "pipewire-pulse"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.pipewire.extraLv2Packages": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages that provide LV2 plugins in `lib/lv2` that should\nbe made available to PipeWire for [filter chains][wiki-filter-chain].\n\nConfig packages have their required LV2 plugins added automatically,\nso they don't need to be specified here. Config packages need to set\n`passthru.requiredLv2Packages` for this to work.\n\n[wiki-filter-chain]: https://docs.pipewire.org/page_module_filter_chain.html\n", "example": {"_type": "literalExpression", "text": "[ pkgs.lsp-plugins ]"}, "loc": ["services", "pipewire", "extraLv2Packages"], "readOnly": false, "type": "list of package"}, "services.pipewire.jack.enable": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable JACK audio emulation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pipewire", "jack", "enable"], "readOnly": false, "type": "boolean"}, "services.pipewire.package": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pipewire"}, "description": "The pipewire package to use.", "loc": ["services", "pipewire", "package"], "readOnly": false, "type": "package"}, "services.pipewire.pulse.enable": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PulseAudio server emulation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pipewire", "pulse", "enable"], "readOnly": false, "type": "boolean"}, "services.pipewire.raopOpenFirewall": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens UDP/6001-6002, required by RAOP/Airplay for timing and control data.\n", "loc": ["services", "pipewire", "raopOpenFirewall"], "readOnly": false, "type": "boolean"}, "services.pipewire.socketActivation": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically run PipeWire when connections are made to the PipeWire socket.\n", "loc": ["services", "pipewire", "socketActivation"], "readOnly": false, "type": "boolean"}, "services.pipewire.systemWide": {"declarations": ["nixos/modules/services/desktops/pipewire/pipewire.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, a system-wide PipeWire service and socket is enabled\nallowing all users in the \"pipewire\" group to use it simultaneously.\nIf false, then user units are used instead, restricting access to\nonly one user.\n\nEnabling system-wide PipeWire is however not recommended and disabled\nby default according to\nhttps://github.com/PipeWire/pipewire/blob/0.3.11/NEWS#L14-L16\n", "loc": ["services", "pipewire", "systemWide"], "readOnly": false, "type": "boolean"}, "services.pipewire.wireplumber.configPackages": {"declarations": ["nixos/modules/services/desktops/pipewire/wireplumber.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages that provide WirePlumber configuration, in the form of\n`share/wireplumber/*/*.conf` files.\n\nLV2 dependencies will be picked up from config packages automatically\nvia `passthru.requiredLv2Packages`.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.writeTextDir \"share/wireplumber/wireplumber.conf.d/10-bluez.conf\" ''\n    monitor.bluez.properties = {\n      bluez5.roles = [ a2dp_sink a2dp_source bap_sink bap_source hsp_hs hsp_ag hfp_hf hfp_ag ]\n      bluez5.codecs = [ sbc sbc_xq aac ]\n      bluez5.enable-sbc-xq = true\n      bluez5.hfphsp-backend = \"native\"\n    }\n  '')\n]\n"}, "loc": ["services", "pipewire", "wireplumber", "configPackages"], "readOnly": false, "type": "list of package"}, "services.pipewire.wireplumber.enable": {"declarations": ["nixos/modules/services/desktops/pipewire/wireplumber.nix"], "default": {"_type": "literalExpression", "text": "config.services.pipewire.enable"}, "description": "Whether to enable WirePlumber, a modular session / policy manager for PipeWire", "loc": ["services", "pipewire", "wireplumber", "enable"], "readOnly": false, "type": "boolean"}, "services.pipewire.wireplumber.extraConfig": {"declarations": ["nixos/modules/services/desktops/pipewire/wireplumber.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for the WirePlumber daemon when run in\nsingle-instance mode (the default in nixpkgs and currently the only\nsupported way to run WirePlumber configured via `extraConfig`).\n\nSee also:\n- [The configuration file][docs-the-conf-file]\n- [Modifying configuration][docs-modifying-config]\n- [Locations of files][docs-file-locations]\n- and the [configuration section][docs-config-section] of the docs in general\n\nNote that WirePlumber (and PipeWire) use dotted attribute names like\n`device.product.id`. These are not nested, but flat objects for WirePlumber/PipeWire,\nso to write these in nix expressions, remember to quote them like `\"device.product.id\"`.\nHave a look at the example for this.\n\n[docs-the-conf-file]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/conf_file.html\n[docs-modifying-config]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/modifying_configuration.html\n[docs-file-locations]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/locations.html\n[docs-config-section]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration.html\n", "example": {"_type": "literalExpression", "text": "{\n  \"log-level-debug\" = {\n    \"context.properties\" = {\n      # Output Debug log messages as opposed to only the default level (Notice)\n      \"log.level\" = \"D\";\n    };\n  };\n  \"wh-1000xm3-ldac-hq\" = {\n    \"monitor.bluez.rules\" = [\n      {\n        matches = [\n          {\n            # Match any bluetooth device with ids equal to that of a WH-1000XM3\n            \"device.name\" = \"~bluez_card.*\";\n            \"device.product.id\" = \"0x0cd3\";\n            \"device.vendor.id\" = \"usb:054c\";\n          }\n        ];\n        actions = {\n          update-props = {\n            # Set quality to high quality instead of the default of auto\n            \"bluez5.a2dp.ldac.quality\" = \"hq\";\n          };\n        };\n      }\n    ];\n  };\n}\n"}, "loc": ["services", "pipewire", "wireplumber", "extraConfig"], "readOnly": false, "type": "attribute set of attribute set of (JSON value)"}, "services.pipewire.wireplumber.extraLv2Packages": {"declarations": ["nixos/modules/services/desktops/pipewire/wireplumber.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages that provide LV2 plugins in `lib/lv2` that should\nbe made available to WirePlumber for [filter chains][wiki-filter-chain].\n\nConfig packages have their required LV2 plugins added automatically,\nso they don't need to be specified here. Config packages need to set\n`passthru.requiredLv2Packages` for this to work.\n\n[wiki-filter-chain]: https://docs.pipewire.org/page_module_filter_chain.html\n", "example": {"_type": "literalExpression", "text": "[ pkgs.lsp-plugins ]"}, "loc": ["services", "pipewire", "wireplumber", "extraLv2Packages"], "readOnly": false, "type": "list of package"}, "services.pipewire.wireplumber.extraScripts": {"declarations": ["nixos/modules/services/desktops/pipewire/wireplumber.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional scripts for WirePlumber to be used by configuration files.\n\nEvery item in this attrset becomes a separate lua file with the path\nrelative to the `scripts` directory specified in the name of the item.\nThe scripts get passed to the WirePlumber service via the `XDG_DATA_DIRS`\nvariable. Scripts specified here are preferred over those shipped with\nWirePlumber if they occupy the same relative path.\n\nFor a script to be loaded, it needs to be specified as part of a component,\nand that component needs to be required by an active profile (e.g. `main`).\nComponents can be defined in config files either via `extraConfig` or `configPackages`.\n\nFor the hello-world example, you'd have to add the following `extraConfig`:\n```nix\n  services.pipewire.wireplumber.extraConfig.\"99-hello-world\" = {\n    \"wireplumber.components\" = [\n      {\n        name = \"test/hello-world.lua\";\n        type = \"script/lua\";\n        provides = \"custom.hello-world\";\n      }\n    ];\n\n    \"wireplumber.profiles\" = {\n      main = {\n        \"custom.hello-world\" = \"required\";\n      };\n    };\n  };\n```\n\nSee also:\n- [Location of scripts][docs-file-locations-scripts]\n- [Components & Profiles][docs-components-profiles]\n- [Migration - Loading custom scripts][docs-migration-loading-custom-scripts]\n\n[docs-file-locations-scripts]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/locations.html#location-of-scripts\n[docs-components-profiles]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/components_and_profiles.html\n[docs-migration-loading-custom-scripts]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/migration.html#loading-custom-scripts\n", "example": {"_type": "literalExpression", "text": "{\n  \"test/hello-world.lua\" = ''\n    print(\"Hello, world!\")\n  '';\n}"}, "loc": ["services", "pipewire", "wireplumber", "extraScripts"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.pipewire.wireplumber.package": {"declarations": ["nixos/modules/services/desktops/pipewire/wireplumber.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wireplumber"}, "description": "The WirePlumber derivation to use.", "loc": ["services", "pipewire", "wireplumber", "package"], "readOnly": false, "type": "package"}, "services.pixelfed.dataDir": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pixelfed\""}, "description": "State directory of the `pixelfed` user which holds\nthe application's state and data.\n", "loc": ["services", "pixelfed", "dataDir"], "readOnly": false, "type": "string"}, "services.pixelfed.database.automaticMigrations": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable automatic migrations for database schema and data.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pixelfed", "database", "automaticMigrations"], "readOnly": false, "type": "boolean"}, "services.pixelfed.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable a local database using UNIX socket authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pixelfed", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.pixelfed.database.name": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"pixelfed\""}, "description": "Database name.", "loc": ["services", "pixelfed", "database", "name"], "readOnly": false, "type": "string"}, "services.pixelfed.database.type": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"mysql\""}, "description": "Database engine to use.\nNote that PGSQL is not well supported: <https://github.com/pixelfed/pixelfed/issues/2727>\n", "example": {"_type": "literalExpression", "text": "\"pgsql\""}, "loc": ["services", "pixelfed", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"pgsql\""}, "services.pixelfed.domain": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "description": "FQDN for the Pixelfed instance.\n", "loc": ["services", "pixelfed", "domain"], "readOnly": false, "type": "string"}, "services.pixelfed.enable": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a Pixelfed instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pixelfed", "enable"], "readOnly": false, "type": "boolean"}, "services.pixelfed.group": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"pixelfed\""}, "description": "Group account under which pixelfed runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the group exists before the pixelfed application starts.\n:::\n", "loc": ["services", "pixelfed", "group"], "readOnly": false, "type": "string"}, "services.pixelfed.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"8M\""}, "description": "Max upload size with units.\n", "loc": ["services", "pixelfed", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.pixelfed.nginx": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an nginx virtual host which already has sensible defaults for Pixelfed.\nSet to {} if you do not need any customization to the virtual host.\nIf enabled, then by default, the {option}`serverName` is\n`${domain}`,\nIf this is set to null (the default), no nginx virtualHost will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"pics.${config.networking.domain}\"\n  ];\n  enableACME = true;\n  forceSSL = true;\n}\n"}, "loc": ["services", "pixelfed", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.pixelfed.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "pixelfed", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "pixelfed", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "pixelfed", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "pixelfed", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.pixelfed.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "pixelfed", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.pixelfed.nginx.default": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "pixelfed", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "pixelfed", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "pixelfed", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pixelfed.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "pixelfed", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "pixelfed", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "pixelfed", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "pixelfed", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "pixelfed", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "pixelfed", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "pixelfed", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.pixelfed.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "description": "Listen address.", "loc": ["services", "pixelfed", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.pixelfed.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "pixelfed", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.pixelfed.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "pixelfed", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pixelfed.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "pixelfed", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "pixelfed", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "pixelfed", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.pixelfed.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "pixelfed", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.pixelfed.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.pixelfed.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.pixelfed.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.pixelfed.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pixelfed.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.pixelfed.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.pixelfed.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.pixelfed.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.pixelfed.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "pixelfed", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "pixelfed", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "pixelfed", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "pixelfed", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.pixelfed.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "pixelfed", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "pixelfed", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.pixelfed.nginx.root": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "pixelfed", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.pixelfed.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "pixelfed", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.pixelfed.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "pixelfed", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.pixelfed.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "pixelfed", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.pixelfed.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "pixelfed", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.pixelfed.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "pixelfed", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.pixelfed.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "pixelfed", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.pixelfed.package": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pixelfed"}, "description": "The pixelfed package to use.", "loc": ["services", "pixelfed", "package"], "readOnly": false, "type": "package"}, "services.pixelfed.phpPackage": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "pkgs.php83"}, "description": "The php83 package to use.", "loc": ["services", "pixelfed", "phpPackage"], "readOnly": false, "type": "package"}, "services.pixelfed.poolConfig": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for Pixelfed's PHP-FPM pool.\n", "loc": ["services", "pixelfed", "poolConfig"], "readOnly": false, "type": "attribute set of (signed integer or string or boolean)"}, "services.pixelfed.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable a local Redis database using UNIX socket authentication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pixelfed", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.pixelfed.runtimeDir": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"/run/pixelfed\""}, "description": "Ruutime directory of the `pixelfed` user which holds\nthe application's caches and temporary files.\n", "loc": ["services", "pixelfed", "runtimeDir"], "readOnly": false, "type": "string"}, "services.pixelfed.schedulerInterval": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"1d\""}, "description": "How often the Pixelfed cron task should run", "loc": ["services", "pixelfed", "schedulerInterval"], "readOnly": false, "type": "string"}, "services.pixelfed.secretFile": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "description": "A secret file to be sourced for the .env settings.\nPlace `APP_KEY` and other settings that should not end up in the Nix store here.\n", "loc": ["services", "pixelfed", "secretFile"], "readOnly": false, "type": "absolute path"}, "services.pixelfed.settings": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "description": ".env settings for Pixelfed.\nSecrets should use `secretFile` option instead.\n", "loc": ["services", "pixelfed", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "services.pixelfed.user": {"declarations": ["nixos/modules/services/web-apps/pixelfed.nix"], "default": {"_type": "literalExpression", "text": "\"pixelfed\""}, "description": "User account under which pixelfed runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the pixelfed application starts.\n:::\n", "loc": ["services", "pixelfed", "user"], "readOnly": false, "type": "string"}, "services.pixiecore.apiServer": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "description": "URI to connect to the API. Ignored unless mode is set to 'api'", "example": {"_type": "literalExpression", "text": "\"http://localhost:8080\""}, "loc": ["services", "pixiecore", "apiServer"], "readOnly": false, "type": "string"}, "services.pixiecore.cmdLine": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kernel commandline arguments. Ignored unless mode is set to 'boot'", "loc": ["services", "pixiecore", "cmdLine"], "readOnly": false, "type": "string"}, "services.pixiecore.debug": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log more things that aren't directly related to booting a recognized client", "loc": ["services", "pixiecore", "debug"], "readOnly": false, "type": "boolean"}, "services.pixiecore.dhcpNoBind": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Handle DHCP traffic without binding to the DHCP server port", "loc": ["services", "pixiecore", "dhcpNoBind"], "readOnly": false, "type": "boolean"}, "services.pixiecore.enable": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pixiecore.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pixiecore", "enable"], "readOnly": false, "type": "boolean"}, "services.pixiecore.extraArguments": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass to Pixiecore", "loc": ["services", "pixiecore", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.pixiecore.initrd": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Initrd path. Ignored unless mode is set to 'boot'", "loc": ["services", "pixiecore", "initrd"], "readOnly": false, "type": "string"}, "services.pixiecore.kernel": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kernel path. Ignored unless mode is set to 'boot'", "loc": ["services", "pixiecore", "kernel"], "readOnly": false, "type": "string"}, "services.pixiecore.listen": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IPv4 address to listen on", "loc": ["services", "pixiecore", "listen"], "readOnly": false, "type": "string"}, "services.pixiecore.mode": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "\"boot\""}, "description": "Which mode to use", "loc": ["services", "pixiecore", "mode"], "readOnly": false, "type": "one of \"api\", \"boot\", \"quick\""}, "services.pixiecore.openFirewall": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports (67, 69, 4011 UDP and 'port', 'statusPort' TCP) in the firewall for Pixiecore.\n", "loc": ["services", "pixiecore", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pixiecore.port": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "Port to listen on for HTTP", "loc": ["services", "pixiecore", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pixiecore.quick": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "\"xyz\""}, "description": "Which quick option to use", "loc": ["services", "pixiecore", "quick"], "readOnly": false, "type": "one of \"arch\", \"centos\", \"coreos\", \"debian\", \"fedora\", \"ubuntu\", \"xyz\""}, "services.pixiecore.statusPort": {"declarations": ["nixos/modules/services/networking/pixiecore.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "HTTP port for status information (can be the same as --port)", "loc": ["services", "pixiecore", "statusPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.plantuml-server.enable": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PlantUML server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plantuml-server", "enable"], "readOnly": false, "type": "boolean"}, "services.plantuml-server.graphvizPackage": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.graphviz"}, "description": "The graphviz package to use.", "loc": ["services", "plantuml-server", "graphvizPackage"], "readOnly": false, "type": "package"}, "services.plantuml-server.group": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "\"plantuml\""}, "description": "Group which runs PlantUML server.", "loc": ["services", "plantuml-server", "group"], "readOnly": false, "type": "string"}, "services.plantuml-server.home": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/plantuml\""}, "description": "Home directory of the PlantUML server instance.", "loc": ["services", "plantuml-server", "home"], "readOnly": false, "type": "absolute path"}, "services.plantuml-server.httpAuthorization": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.", "loc": ["services", "plantuml-server", "httpAuthorization"], "readOnly": false, "type": "null or string"}, "services.plantuml-server.listenHost": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host to listen on.", "loc": ["services", "plantuml-server", "listenHost"], "readOnly": false, "type": "string"}, "services.plantuml-server.listenPort": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port to listen on.", "loc": ["services", "plantuml-server", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.plantuml-server.package": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.plantuml-server"}, "description": "The plantuml-server package to use.", "loc": ["services", "plantuml-server", "package"], "readOnly": false, "type": "package"}, "services.plantuml-server.packages.jdk": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk"}, "description": "The jdk package to use.", "loc": ["services", "plantuml-server", "packages", "jdk"], "readOnly": false, "type": "package"}, "services.plantuml-server.packages.jetty": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jetty_11"}, "description": "The jetty package to use. At the time of writing (v1.2023.12), PlantUML Server does not support\nJetty versions higher than 12.x.\n\nJetty 12.x has introduced major breaking changes, see\n<https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.0> and\n<https://eclipse.dev/jetty/documentation/jetty-12/programming-guide/index.html#pg-migration-11-to-12>\n", "loc": ["services", "plantuml-server", "packages", "jetty"], "readOnly": false, "type": "package"}, "services.plantuml-server.plantumlLimitSize": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "Limits image width and height.", "loc": ["services", "plantuml-server", "plantumlLimitSize"], "readOnly": false, "type": "signed integer"}, "services.plantuml-server.plantumlStats": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set it to on to enable statistics report (https://plantuml.com/statistics-report).", "loc": ["services", "plantuml-server", "plantumlStats"], "readOnly": false, "type": "boolean"}, "services.plantuml-server.user": {"declarations": ["nixos/modules/services/web-apps/plantuml-server.nix"], "default": {"_type": "literalExpression", "text": "\"plantuml\""}, "description": "User which runs PlantUML server.", "loc": ["services", "plantuml-server", "user"], "readOnly": false, "type": "string"}, "services.plausible.database.clickhouse.setup": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable creating a clickhouse instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plausible", "database", "clickhouse", "setup"], "readOnly": false, "type": "boolean"}, "services.plausible.database.clickhouse.url": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:8123/default\""}, "description": "The URL to be used to connect to `clickhouse`.\n", "loc": ["services", "plausible", "database", "clickhouse", "url"], "readOnly": false, "type": "string"}, "services.plausible.database.postgres.dbname": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "\"plausible\""}, "description": "Name of the database to use.\n", "loc": ["services", "plausible", "database", "postgres", "dbname"], "readOnly": false, "type": "string"}, "services.plausible.database.postgres.setup": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable creating a postgresql instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plausible", "database", "postgres", "setup"], "readOnly": false, "type": "boolean"}, "services.plausible.database.postgres.socket": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Path to the UNIX domain-socket to communicate with `postgres`.\n", "loc": ["services", "plausible", "database", "postgres", "socket"], "readOnly": false, "type": "string"}, "services.plausible.enable": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable plausible.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plausible", "enable"], "readOnly": false, "type": "boolean"}, "services.plausible.mail.email": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "\"hello@plausible.local\""}, "description": "The email id to use for as *from* address of all communications\nfrom Plausible.\n", "loc": ["services", "plausible", "mail", "email"], "readOnly": false, "type": "string"}, "services.plausible.mail.smtp.enableSSL": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL when connecting to the SMTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plausible", "mail", "smtp", "enableSSL"], "readOnly": false, "type": "boolean"}, "services.plausible.mail.smtp.hostAddr": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host address of your smtp server.\n", "loc": ["services", "plausible", "mail", "smtp", "hostAddr"], "readOnly": false, "type": "string"}, "services.plausible.mail.smtp.hostPort": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "The port of your smtp server.\n", "loc": ["services", "plausible", "mail", "smtp", "hostPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.plausible.mail.smtp.passwordFile": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the file with the password in case SMTP auth is enabled.\n", "loc": ["services", "plausible", "mail", "smtp", "passwordFile"], "readOnly": false, "type": "null or string or absolute path"}, "services.plausible.mail.smtp.retries": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Number of retries to make until mailer gives up.\n", "loc": ["services", "plausible", "mail", "smtp", "retries"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.plausible.mail.smtp.user": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The username/email in case SMTP auth is enabled.\n", "loc": ["services", "plausible", "mail", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.plausible.package": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "pkgs.plausible"}, "description": "The plausible package to use.", "loc": ["services", "plausible", "package"], "readOnly": false, "type": "package"}, "services.plausible.server.baseUrl": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "description": "Public URL where plausible is available.\n\nNote that `/path` components are currently ignored:\n<https://github.com/plausible/analytics/issues/1182>.\n", "loc": ["services", "plausible", "server", "baseUrl"], "readOnly": false, "type": "string"}, "services.plausible.server.disableRegistration": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to prohibit creating an account in plausible's UI or allow on `invite_only`.\n", "loc": ["services", "plausible", "server", "disableRegistration"], "readOnly": false, "type": "one of true, false, \"invite_only\""}, "services.plausible.server.listenAddress": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP address on which the server is listening.\n", "loc": ["services", "plausible", "server", "listenAddress"], "readOnly": false, "type": "string"}, "services.plausible.server.port": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port where the service should be available.\n", "loc": ["services", "plausible", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.plausible.server.secretKeybaseFile": {"declarations": ["nixos/modules/services/web-apps/plausible.nix"], "description": "Path to the secret used by the `phoenix`-framework. Instructions\nhow to generate one are documented in the\n[framework docs](https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content).\n", "loc": ["services", "plausible", "server", "secretKeybaseFile"], "readOnly": false, "type": "absolute path or string"}, "services.playerctld.enable": {"declarations": ["nixos/modules/services/desktops/playerctld.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the playerctld daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "playerctld", "enable"], "readOnly": false, "type": "boolean"}, "services.playerctld.package": {"declarations": ["nixos/modules/services/desktops/playerctld.nix"], "default": {"_type": "literalExpression", "text": "pkgs.playerctl"}, "description": "The playerctl package to use.", "loc": ["services", "playerctld", "package"], "readOnly": false, "type": "package"}, "services.pleroma.configs": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "description": "Pleroma public configuration.\n\nThis list gets appended from left to\nright into /etc/pleroma/config.exs. Elixir evaluates its\nconfiguration imperatively, meaning you can override a\nsetting by appending a new str to this NixOS option list.\n\n*DO NOT STORE ANY PLEROMA SECRET\nHERE*, use\n[services.pleroma.secretConfigFile](#opt-services.pleroma.secretConfigFile)\ninstead.\n\nThis setting is going to be stored in a file part of\nthe Nix store. The Nix store being world-readable, it's not\nthe right place to store any secret\n\nHave a look to Pleroma section in the NixOS manual for more\ninformation.\n", "loc": ["services", "pleroma", "configs"], "readOnly": false, "type": "list of string"}, "services.pleroma.enable": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pleroma.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pleroma", "enable"], "readOnly": false, "type": "boolean"}, "services.pleroma.group": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "default": {"_type": "literalExpression", "text": "\"pleroma\""}, "description": "Group account under which pleroma runs.", "loc": ["services", "pleroma", "group"], "readOnly": false, "type": "string"}, "services.pleroma.package": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pleroma"}, "description": "The pleroma package to use.", "loc": ["services", "pleroma", "package"], "readOnly": false, "type": "package"}, "services.pleroma.secretConfigFile": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pleroma/secrets.exs\""}, "description": "Path to the file containing your secret pleroma configuration.\n\n*DO NOT POINT THIS OPTION TO THE NIX\nSTORE*, the store being world-readable, it'll\ncompromise all your secrets.\n", "loc": ["services", "pleroma", "secretConfigFile"], "readOnly": false, "type": "string"}, "services.pleroma.stateDir": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pleroma\""}, "description": "Directory where the pleroma service will save the uploads and static files.", "loc": ["services", "pleroma", "stateDir"], "readOnly": true, "type": "string"}, "services.pleroma.user": {"declarations": ["nixos/modules/services/networking/pleroma.nix"], "default": {"_type": "literalExpression", "text": "\"pleroma\""}, "description": "User account under which pleroma runs.", "loc": ["services", "pleroma", "user"], "readOnly": false, "type": "string"}, "services.plex.accelerationDevices": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "A list of device paths to hardware acceleration devices that Plex should\nhave access to. This is useful when transcoding media files.\nThe special value `\"*\"` will allow all devices.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/dri/renderD128\"\n]"}, "loc": ["services", "plex", "accelerationDevices"], "readOnly": false, "type": "list of string"}, "services.plex.dataDir": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/plex\""}, "description": "The directory where Plex stores its data files.\n", "loc": ["services", "plex", "dataDir"], "readOnly": false, "type": "string"}, "services.plex.enable": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Plex Media Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plex", "enable"], "readOnly": false, "type": "boolean"}, "services.plex.extraPlugins": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths to extra plugin bundles to install in Plex's plugin\ndirectory. Every time the systemd unit for Plex starts up, all of the\nsymlinks in Plex's plugin directory will be cleared and this module\nwill symlink all of the paths specified here to that directory.\n", "example": {"_type": "literalExpression", "text": "[\n  (builtins.path {\n    name = \"Audnexus.bundle\";\n    path = pkgs.fetchFromGitHub {\n      owner = \"djdembeck\";\n      repo = \"Audnexus.bundle\";\n      rev = \"v0.2.8\";\n      sha256 = \"sha256-IWOSz3vYL7zhdHan468xNc6C/eQ2C2BukQlaJNLXh7E=\";\n    };\n  })\n]\n"}, "loc": ["services", "plex", "extraPlugins"], "readOnly": false, "type": "list of absolute path"}, "services.plex.extraScanners": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths to extra scanners to install in Plex's scanners\ndirectory.\n\nEvery time the systemd unit for Plex starts up, all of the symlinks\nin Plex's scanners directory will be cleared and this module will\nsymlink all of the paths specified here to that directory.\n", "example": {"_type": "literalExpression", "text": "[\n  (fetchFromGitHub {\n    owner = \"ZeroQI\";\n    repo = \"Absolute-Series-Scanner\";\n    rev = \"773a39f502a1204b0b0255903cee4ed02c46fde0\";\n    sha256 = \"4l+vpiDdC8L/EeJowUgYyB3JPNTZ1sauN8liFAcK+PY=\";\n  })\n]\n"}, "loc": ["services", "plex", "extraScanners"], "readOnly": false, "type": "list of absolute path"}, "services.plex.group": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "\"plex\""}, "description": "Group under which Plex runs.\n", "loc": ["services", "plex", "group"], "readOnly": false, "type": "string"}, "services.plex.openFirewall": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the media server.\n", "loc": ["services", "plex", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.plex.package": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "pkgs.plex"}, "description": "The plex package to use. Plex subscribers may wish to use their own package here,\npointing to subscriber-only server versions.\n", "loc": ["services", "plex", "package"], "readOnly": false, "type": "package"}, "services.plex.user": {"declarations": ["nixos/modules/services/misc/plex.nix"], "default": {"_type": "literalExpression", "text": "\"plex\""}, "description": "User account under which Plex runs.\n", "loc": ["services", "plex", "user"], "readOnly": false, "type": "string"}, "services.plikd.enable": {"declarations": ["nixos/modules/services/misc/plikd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable plikd, a temporary file upload system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "plikd", "enable"], "readOnly": false, "type": "boolean"}, "services.plikd.openFirewall": {"declarations": ["nixos/modules/services/misc/plikd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the plikd.", "loc": ["services", "plikd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.plikd.settings": {"declarations": ["nixos/modules/services/misc/plikd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for plikd, see <https://github.com/root-gg/plik/blob/master/server/plikd.cfg>\nfor supported values.\n", "loc": ["services", "plikd", "settings"], "readOnly": false, "type": "TOML value"}, "services.pocket-id.credentials": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables which are loaded from the contents of the specified file paths.\nThis can be used to securely store tokens and secrets outside of the world-readable Nix store.\n\nSee [PocketID environment variables](https://pocket-id.org/docs/configuration/environment-variables).\n\nAlternatively you can use `services.pocket-id.environmentFile` to define all the variables in a single file.\n", "example": {"_type": "literalExpression", "text": "{\n  ENCRYPTION_KEY = \"/run/secrets/pocket-id/encryption-key\";\n}"}, "loc": ["services", "pocket-id", "credentials"], "readOnly": false, "type": "attribute set of absolute path"}, "services.pocket-id.dataDir": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pocket-id\""}, "description": "The directory where Pocket ID will store its data, such as the database when using SQLite.\n", "loc": ["services", "pocket-id", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.pocket-id.enable": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pocket ID server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pocket-id", "enable"], "readOnly": false, "type": "boolean"}, "services.pocket-id.environmentFile": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Path to an environment file to be loaded.\nThis can be used to securely store tokens and secrets outside of the world-readable Nix store.\n\nSee [PocketID environment variables](https://pocket-id.org/docs/configuration/environment-variables).\n\nExample contents of the file:\nMAXMIND_LICENSE_KEY=your-license-key\n\nAlternatively you can use `services.pocket-id.credentials` to define each variable in separate files.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/pocket-id\""}, "loc": ["services", "pocket-id", "environmentFile"], "readOnly": false, "type": "absolute path"}, "services.pocket-id.group": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "\"pocket-id\""}, "description": "Group account under which Pocket ID runs.", "loc": ["services", "pocket-id", "group"], "readOnly": false, "type": "string"}, "services.pocket-id.package": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pocket-id"}, "description": "The pocket-id package to use.", "loc": ["services", "pocket-id", "package"], "readOnly": false, "type": "package"}, "services.pocket-id.settings": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to be passed.\n\nSee [PocketID environment variables](https://pocket-id.org/docs/configuration/environment-variables).\n", "loc": ["services", "pocket-id", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "services.pocket-id.settings.ANALYTICS_DISABLED": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable analytics.\n\nSee the [analytics documentation](https://pocket-id.org/docs/configuration/analytics/).\n", "loc": ["services", "pocket-id", "settings", "ANALYTICS_DISABLED"], "readOnly": false, "type": "boolean"}, "services.pocket-id.settings.APP_URL": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost\""}, "description": "The URL where you will access the app.\n", "loc": ["services", "pocket-id", "settings", "APP_URL"], "readOnly": false, "type": "string"}, "services.pocket-id.settings.TRUST_PROXY": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the app is behind a reverse proxy.\n", "loc": ["services", "pocket-id", "settings", "TRUST_PROXY"], "readOnly": false, "type": "boolean"}, "services.pocket-id.user": {"declarations": ["nixos/modules/services/security/pocket-id.nix"], "default": {"_type": "literalExpression", "text": "\"pocket-id\""}, "description": "User account under which Pocket ID runs.", "loc": ["services", "pocket-id", "user"], "readOnly": false, "type": "string"}, "services.podgrab.dataDirectory": {"declarations": ["nixos/modules/services/misc/podgrab.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/podgrab/data\""}, "description": "Directory to store downloads.", "example": {"_type": "literalExpression", "text": "\"/mnt/podcasts\""}, "loc": ["services", "podgrab", "dataDirectory"], "readOnly": false, "type": "absolute path"}, "services.podgrab.enable": {"declarations": ["nixos/modules/services/misc/podgrab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Podgrab, a self-hosted podcast manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "podgrab", "enable"], "readOnly": false, "type": "boolean"}, "services.podgrab.group": {"declarations": ["nixos/modules/services/misc/podgrab.nix"], "default": {"_type": "literalExpression", "text": "\"podgrab\""}, "description": "Group under which Podgrab runs, and which owns the download directory.", "loc": ["services", "podgrab", "group"], "readOnly": false, "type": "string"}, "services.podgrab.passwordFile": {"declarations": ["nixos/modules/services/misc/podgrab.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the PASSWORD environment variable\ndefinition for Podgrab's authentication.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/password.env\""}, "loc": ["services", "podgrab", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.podgrab.port": {"declarations": ["nixos/modules/services/misc/podgrab.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port on which Podgrab will listen for incoming HTTP traffic.", "example": {"_type": "literalExpression", "text": "4242"}, "loc": ["services", "podgrab", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.podgrab.user": {"declarations": ["nixos/modules/services/misc/podgrab.nix"], "default": {"_type": "literalExpression", "text": "\"podgrab\""}, "description": "User under which Podgrab runs, and which owns the download directory.", "loc": ["services", "podgrab", "user"], "readOnly": false, "type": "string"}, "services.polaris.enable": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Polaris Music Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "polaris", "enable"], "readOnly": false, "type": "boolean"}, "services.polaris.extraGroups": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Polaris' auxiliary groups.", "example": {"_type": "literalExpression", "text": "[\"media\" \"music\"]"}, "loc": ["services", "polaris", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.polaris.group": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "\"polaris\""}, "description": "Group under which Polaris is run.", "loc": ["services", "polaris", "group"], "readOnly": false, "type": "string"}, "services.polaris.openFirewall": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the configured port in the firewall.\n", "loc": ["services", "polaris", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.polaris.package": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "pkgs.polaris"}, "description": "The polaris package to use.", "loc": ["services", "polaris", "package"], "readOnly": false, "type": "package"}, "services.polaris.port": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "5050"}, "description": "The port which the Polaris REST api and web UI should listen to.\nNote: polaris is hardcoded to listen to the hostname \"0.0.0.0\".\n", "loc": ["services", "polaris", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.polaris.settings": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents for the TOML Polaris config, applied each start.\nAlthough poorly documented, an example may be found here:\n[test-config.toml](https://github.com/agersant/polaris/blob/374d0ca56fc0a466d797a4b252e2078607476797/test-data/config.toml)\n", "example": {"_type": "literalExpression", "text": "{\n  settings.reindex_every_n_seconds = 7*24*60*60; # weekly, default is 1800\n  settings.album_art_pattern =\n    \"(cover|front|folder)\\.(jpeg|jpg|png|bmp|gif)\";\n  mount_dirs = [\n    {\n      name = \"NAS\";\n      source = \"/mnt/nas/music\";\n    }\n    {\n      name = \"Local\";\n      source = \"/home/my_user/Music\";\n    }\n  ];\n}\n"}, "loc": ["services", "polaris", "settings"], "readOnly": false, "type": "TOML value"}, "services.polaris.user": {"declarations": ["nixos/modules/services/misc/polaris.nix"], "default": {"_type": "literalExpression", "text": "\"polaris\""}, "description": "User account under which Polaris runs.", "loc": ["services", "polaris", "user"], "readOnly": false, "type": "string"}, "services.pomerium.configFile": {"declarations": ["nixos/modules/services/web-servers/pomerium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to Pomerium config YAML. If set, overrides services.pomerium.settings.", "loc": ["services", "pomerium", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.pomerium.enable": {"declarations": ["nixos/modules/services/web-servers/pomerium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Pomerium authenticating reverse proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pomerium", "enable"], "readOnly": false, "type": "boolean"}, "services.pomerium.secretsFile": {"declarations": ["nixos/modules/services/web-servers/pomerium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing secrets for Pomerium, in systemd\nEnvironmentFile format. See the {manpage}`systemd.exec(5)` man page.\n", "loc": ["services", "pomerium", "secretsFile"], "readOnly": false, "type": "null or absolute path"}, "services.pomerium.settings": {"declarations": ["nixos/modules/services/web-servers/pomerium.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The contents of Pomerium's config.yaml, in Nix expressions.\n\nSpecifying configFile will override this in its entirety.\n\nSee [the Pomerium\nconfiguration reference](https://pomerium.io/reference/) for more information about what to put\nhere.\n", "loc": ["services", "pomerium", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.pomerium.useACMEHost": {"declarations": ["nixos/modules/services/web-servers/pomerium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, use a NixOS-generated ACME certificate with the specified name.\n\nNote that this will require you to use a non-HTTP-based challenge, or\ndisable Pomerium's in-built HTTP redirect server by setting\nhttp_redirect_addr to null and use a different HTTP server for serving\nthe challenge response.\n\nIf you're using an HTTP-based challenge, you should use the\nPomerium-native autocert option instead.\n", "loc": ["services", "pomerium", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.porn-vault.autoStart": {"declarations": ["nixos/modules/services/web-apps/porn-vault/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to start porn-vault automatically.\n", "loc": ["services", "porn-vault", "autoStart"], "readOnly": false, "type": "boolean"}, "services.porn-vault.enable": {"declarations": ["nixos/modules/services/web-apps/porn-vault/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Porn-Vault.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "porn-vault", "enable"], "readOnly": false, "type": "boolean"}, "services.porn-vault.openFirewall": {"declarations": ["nixos/modules/services/web-apps/porn-vault/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the Porn-Vault port in the firewall.\n", "loc": ["services", "porn-vault", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.porn-vault.package": {"declarations": ["nixos/modules/services/web-apps/porn-vault/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.porn-vault"}, "description": "The porn-vault package to use.", "loc": ["services", "porn-vault", "package"], "readOnly": false, "type": "package"}, "services.porn-vault.port": {"declarations": ["nixos/modules/services/web-apps/porn-vault/default.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Which port Porn-Vault will use.\n", "loc": ["services", "porn-vault", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.porn-vault.settings": {"declarations": ["nixos/modules/services/web-apps/porn-vault/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  auth = {\n    password = null;\n  };\n  binaries = {\n    ffmpeg = \"ffmpeg\";\n    ffprobe = \"ffprobe\";\n    imagemagick = {\n      convertPath = \"convert\";\n      identifyPath = \"identify\";\n      montagePath = \"montage\";\n    };\n    izzyPort = 8000;\n  };\n  import = {\n    images = [\n      {\n        enable = true;\n        exclude = [ ];\n        extensions = [\n          \".jpg\"\n          \".jpeg\"\n          \".png\"\n          \".gif\"\n        ];\n        include = [ ];\n        path = \"/media/porn-vault/images\";\n      }\n    ];\n    scanInterval = 10800000;\n    videos = [\n      {\n        enable = true;\n        exclude = [ ];\n        extensions = [\n          \".mp4\"\n          \".mov\"\n          \".webm\"\n        ];\n        include = [ ];\n        path = \"/media/porn-vault/videos\";\n      }\n    ];\n  };\n  log = {\n    level = \"debug\";\n    maxFiles = \"5\";\n    maxSize = \"20m\";\n    writeFile = [\n      {\n        level = \"debug\";\n        prefix = \"errors-\";\n        silent = false;\n      }\n    ];\n  };\n  matching = {\n    applyActorLabels = [\n      \"event:actor:create\"\n      \"event:actor:find-unmatched-scenes\"\n      \"plugin:actor:create\"\n      \"event:scene:create\"\n      \"plugin:scene:create\"\n      \"event:image:create\"\n      \"plugin:marker:create\"\n      \"event:marker:create\"\n    ];\n    applySceneLabels = true;\n    applyStudioLabels = [\n      \"event:studio:create\"\n      \"event:studio:find-unmatched-scenes\"\n      \"plugin:studio:create\"\n      \"event:scene:create\"\n      \"plugin:scene:create\"\n    ];\n    extractSceneActorsFromFilepath = true;\n    extractSceneLabelsFromFilepath = true;\n    extractSceneMoviesFromFilepath = true;\n    extractSceneStudiosFromFilepath = true;\n    matchCreatedActors = true;\n    matchCreatedLabels = true;\n    matchCreatedStudios = true;\n    matcher = {\n      options = {\n        camelCaseWordGroups = true;\n        enableWordGroups = true;\n        filepathSeparators = [\n          \"[/\\\\\\\\&]\"\n        ];\n        groupSeparators = [\n          \"[\\\\s',()[\\\\]{}*\\\\.]\"\n        ];\n        ignoreDiacritics = true;\n        ignoreSingleNames = false;\n        overlappingMatchPreference = \"longest\";\n        wordSeparatorFallback = true;\n        wordSeparators = [\n          \"[-_]\"\n        ];\n      };\n      type = \"word\";\n    };\n  };\n  persistence = {\n    backup = {\n      enable = true;\n      maxAmount = 10;\n    };\n    libraryPath = \"/media/porn-vault/lib\";\n  };\n  plugins = {\n    allowActorThumbnailOverwrite = false;\n    allowMovieThumbnailOverwrite = false;\n    allowSceneThumbnailOverwrite = false;\n    allowStudioThumbnailOverwrite = false;\n    createMissingActors = false;\n    createMissingLabels = false;\n    createMissingMovies = false;\n    createMissingStudios = false;\n    events = {\n      actorCreated = [ ];\n      actorCustom = [ ];\n      movieCustom = [ ];\n      sceneCreated = [ ];\n      sceneCustom = [ ];\n      studioCreated = [ ];\n      studioCustom = [ ];\n    };\n    markerDeduplicationThreshold = 5;\n    register = { };\n  };\n  processing = {\n    generateImageThumbnails = true;\n    generatePreviews = true;\n    readImagesOnImport = false;\n  };\n  server = {\n    https = {\n      certificate = \"\";\n      enable = false;\n      key = \"\";\n    };\n  };\n  transcode = {\n    h264 = {\n      crf = 23;\n      preset = \"veryfast\";\n    };\n    hwaDriver = null;\n    vaapiDevice = \"/dev/dri/renderD128\";\n    webm = {\n      cpuUsed = 3;\n      crf = 31;\n      deadline = \"realtime\";\n    };\n  };\n}"}, "description": "Configuration for Porn-Vault. The attributes are serialized to JSON in config.json.\n\nSee <https://gitlab.com/porn-vault/porn-vault/-/blob/dev/config.example.json>\n", "loc": ["services", "porn-vault", "settings"], "readOnly": false, "type": "JSON value"}, "services.portunus.dex.enable": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Dex ldap connector.\n\nTo activate dex, first a search user must be created in the Portunus web ui\nand then the password must to be set as the `DEX_SEARCH_USER_PASSWORD` environment variable\nin the [](#opt-services.dex.environmentFile) setting\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "portunus", "dex", "enable"], "readOnly": false, "type": "boolean"}, "services.portunus.dex.oidcClients": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of OIDC clients.\n\nThe OIDC secret must be set as the `DEX_CLIENT_${id}` environment variable\nin the [](#opt-services.dex.environmentFile) setting.\n\n::: {.note}\nMake sure the id only contains characters that are allowed in an environment variable name, e.g. no -.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    callbackURL = \"https://example.com/client/oidc/callback\";\n    id = \"service\";\n  }\n]"}, "loc": ["services", "portunus", "dex", "oidcClients"], "readOnly": false, "type": "list of (submodule)"}, "services.portunus.dex.oidcClients.*.callbackURL": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "description": "URL where the OIDC client should redirect", "loc": ["services", "portunus", "dex", "oidcClients", "*", "callbackURL"], "readOnly": false, "type": "string"}, "services.portunus.dex.oidcClients.*.id": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "description": "ID of the OIDC client", "loc": ["services", "portunus", "dex", "oidcClients", "*", "id"], "readOnly": false, "type": "string"}, "services.portunus.dex.port": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "5556"}, "description": "Port where dex should listen on.", "loc": ["services", "portunus", "dex", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.portunus.domain": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "description": "Subdomain which gets reverse proxied to Portunus webserver.", "example": {"_type": "literalExpression", "text": "\"sso.example.com\""}, "loc": ["services", "portunus", "domain"], "readOnly": false, "type": "string"}, "services.portunus.enable": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "portunus", "enable"], "readOnly": false, "type": "boolean"}, "services.portunus.group": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "\"portunus\""}, "description": "Group account under which Portunus runs its webserver.", "loc": ["services", "portunus", "group"], "readOnly": false, "type": "string"}, "services.portunus.ldap.group": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "\"openldap\""}, "description": "Group account under which Portunus runs its LDAP server.", "loc": ["services", "portunus", "ldap", "group"], "readOnly": false, "type": "string"}, "services.portunus.ldap.package": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openldap"}, "description": "The openldap package to use.", "loc": ["services", "portunus", "ldap", "package"], "readOnly": false, "type": "package"}, "services.portunus.ldap.searchUserName": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The login name of the search user.\nThis user account must be configured in Portunus either manually or via seeding.\n", "example": {"_type": "literalExpression", "text": "\"admin\""}, "loc": ["services", "portunus", "ldap", "searchUserName"], "readOnly": false, "type": "string"}, "services.portunus.ldap.suffix": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "description": "The DN of the topmost entry in your LDAP directory.\nPlease refer to the Portunus documentation for more information on how this impacts the structure of the LDAP directory.\n", "example": {"_type": "literalExpression", "text": "\"dc=example,dc=org\""}, "loc": ["services", "portunus", "ldap", "suffix"], "readOnly": false, "type": "string"}, "services.portunus.ldap.tls": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LDAPS protocol.\nThis also adds two entries to the `/etc/hosts` file to point [](#opt-services.portunus.domain) to localhost,\nso that CLIs and programs can use ldaps protocol and verify the certificate without opening the firewall port for the protocol.\n\nThis requires a TLS certificate for [](#opt-services.portunus.domain) to be configured via [](#opt-security.acme.certs).\n", "loc": ["services", "portunus", "ldap", "tls"], "readOnly": false, "type": "boolean"}, "services.portunus.ldap.user": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "\"openldap\""}, "description": "User account under which Portunus runs its LDAP server.", "loc": ["services", "portunus", "ldap", "user"], "readOnly": false, "type": "string"}, "services.portunus.package": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.portunus"}, "description": "The portunus package to use.", "loc": ["services", "portunus", "package"], "readOnly": false, "type": "package"}, "services.portunus.port": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port where the Portunus webserver should listen on.\n\nThis must be put behind a TLS-capable reverse proxy because Portunus only listens on localhost.\n", "loc": ["services", "portunus", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.portunus.seedPath": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a portunus seed file in json format.\nSee <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration> for available options.\n", "loc": ["services", "portunus", "seedPath"], "readOnly": false, "type": "null or absolute path"}, "services.portunus.seedSettings": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Seed settings for users and groups.\nSee upstream for format <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration>\n", "loc": ["services", "portunus", "seedSettings"], "readOnly": false, "type": "null or (attribute set of list of attribute set of anything)"}, "services.portunus.stateDir": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/portunus\""}, "description": "Path where Portunus stores its state.", "loc": ["services", "portunus", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.portunus.user": {"declarations": ["nixos/modules/services/misc/portunus.nix"], "default": {"_type": "literalExpression", "text": "\"portunus\""}, "description": "User account under which Portunus runs its webserver.", "loc": ["services", "portunus", "user"], "readOnly": false, "type": "string"}, "services.postfix-tlspol.configurePostfix": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.\n", "loc": ["services", "postfix-tlspol", "configurePostfix"], "readOnly": false, "type": "boolean"}, "services.postfix-tlspol.enable": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable postfix-tlspol.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postfix-tlspol", "enable"], "readOnly": false, "type": "boolean"}, "services.postfix-tlspol.package": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "pkgs.postfix-tlspol"}, "description": "The postfix-tlspol package to use.", "loc": ["services", "postfix-tlspol", "package"], "readOnly": false, "type": "package"}, "services.postfix-tlspol.settings": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The postfix-tlspol configuration file as a Nix attribute set.\n\nSee the reference documentation for possible options.\n<https://github.com/Zuplu/postfix-tlspol/blob/main/configs/config.default.yaml>\n", "loc": ["services", "postfix-tlspol", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.2 value)"}, "services.postfix-tlspol.settings.dns.address": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP and port to your DNS resolver.\n\nUses resolvers from /etc/resolv.conf if unset.\n\n::: {.note}\nThe configured DNS resolver must validate DNSSEC signatures.\n:::\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:53\""}, "loc": ["services", "postfix-tlspol", "settings", "dns", "address"], "readOnly": false, "type": "null or string"}, "services.postfix-tlspol.settings.server.address": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "\"unix:/run/postfix-tlspol/tlspol.sock\""}, "description": "Path or address/port where postfix-tlspol binds its socket to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8642\""}, "loc": ["services", "postfix-tlspol", "settings", "server", "address"], "readOnly": false, "type": "string"}, "services.postfix-tlspol.settings.server.cache-file": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/postfix-tlspol/cache.db\""}, "description": "Path to the cache file.\n", "loc": ["services", "postfix-tlspol", "settings", "server", "cache-file"], "readOnly": true, "type": "absolute path"}, "services.postfix-tlspol.settings.server.log-level": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level\n", "example": {"_type": "literalExpression", "text": "\"warn\""}, "loc": ["services", "postfix-tlspol", "settings", "server", "log-level"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.postfix-tlspol.settings.server.prefetch": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to prefetch DNS records when the TTL of a cached record is about to expire.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "postfix-tlspol", "settings", "server", "prefetch"], "readOnly": false, "type": "boolean"}, "services.postfix-tlspol.settings.server.socket-permissions": {"declarations": ["nixos/modules/services/mail/postfix-tlspol.nix"], "default": {"_type": "literalExpression", "text": "\"0660\""}, "description": "Permissions to the UNIX socket, if configured.\n\n::: {.note}\nDue to hardening on the systemd unit the socket can never be created world readable/writable.\n:::\n", "loc": ["services", "postfix-tlspol", "settings", "server", "socket-permissions"], "readOnly": true, "type": "string"}, "services.postfix.aliasFiles": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Aliases' tables to be compiled and placed into /var/lib/postfix/conf.", "loc": ["services", "postfix", "aliasFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "services.postfix.aliasMapType": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"hash\""}, "description": "The format the alias map should have. Use regexp if you want to use regular expressions.", "example": {"_type": "literalExpression", "text": "\"regexp\""}, "loc": ["services", "postfix", "aliasMapType"], "readOnly": false, "type": "one of \"hash\", \"regexp\", \"pcre\""}, "services.postfix.canonical": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Entries for the {manpage}`canonical(5)` table.\n", "loc": ["services", "postfix", "canonical"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.dnsBlacklistOverrides": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "contents of check_client_access for overriding dnsBlacklists", "loc": ["services", "postfix", "dnsBlacklistOverrides"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.dnsBlacklists": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "dns blacklist servers to use with smtpd_client_restrictions", "loc": ["services", "postfix", "dnsBlacklists"], "readOnly": false, "type": "list of string"}, "services.postfix.enable": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the Postfix mail server.", "loc": ["services", "postfix", "enable"], "readOnly": false, "type": "boolean"}, "services.postfix.enableHeaderChecks": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable postfix header checks", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postfix", "enableHeaderChecks"], "readOnly": false, "type": "boolean"}, "services.postfix.enableSmtp": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `smtp` service configured in the master.cf.\n\nThis service listens for plain text SMTP connections on port 25\nand supports explicit TLS via StartTLS.\n\nIt is the primary port used by SMTP servers to exchange mail.\n", "loc": ["services", "postfix", "enableSmtp"], "readOnly": false, "type": "boolean"}, "services.postfix.enableSubmission": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "\n          Whether to enable the `submission` service configured in master.cf.\n\n          This service listens for plain text SMTP connections on port 587\n          and supports explicit TLS via StartTLS.\n\n          It is a way for clients to login and submit mails after an inband\n          connection upgrade using StartTLS.\n\n          ::: {.warning}\n          [RFC 8314](https://www.rfc-editor.org/rfc/rfc8314) discourages the use\n          of explicit TLS for mail submissionn.\n          :::\n        ", "loc": ["services", "postfix", "enableSubmission"], "readOnly": false, "type": "boolean"}, "services.postfix.enableSubmissions": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the `submissions` service configured in master.cf.\n\nThis service listen for implicit TLS connections on port 465.\n\n::: {.info}\nPer [RFC 8314](https://www.rfc-editor.org/rfc/rfc8314) implicit TLS\nis recommended for mail submission.\n:::\n", "loc": ["services", "postfix", "enableSubmissions"], "readOnly": false, "type": "boolean"}, "services.postfix.extraAliases": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional entries to put verbatim into aliases file, cf. man-page {manpage}`aliases(8)`.\n", "loc": ["services", "postfix", "extraAliases"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.extraHeaderChecks": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to /etc/postfix/header_checks file.", "example": {"_type": "literalExpression", "text": "\"/^X-Spam-Flag:/ REDIRECT spam@example.com\""}, "loc": ["services", "postfix", "extraHeaderChecks"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.extraMasterConf": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to append to the generated master.cf file.", "example": {"_type": "literalExpression", "text": "\"submission inet n - n - - smtpd\""}, "loc": ["services", "postfix", "extraMasterConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.group": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"postfix\""}, "description": "What to call the Postfix group (must be used only for postfix).", "loc": ["services", "postfix", "group"], "readOnly": false, "type": "string"}, "services.postfix.headerChecks": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Postfix header checks.", "example": {"_type": "literalExpression", "text": "[\n  {\n    action = \"REDIRECT spam@example.com\";\n    pattern = \"/^X-Spam-Flag:/\";\n  }\n]"}, "loc": ["services", "postfix", "headerChecks"], "readOnly": false, "type": "list of (submodule)"}, "services.postfix.headerChecks.*.action": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"DUNNO\""}, "description": "The action to be executed when the pattern is matched", "example": {"_type": "literalExpression", "text": "\"BCC mail@example.com\""}, "loc": ["services", "postfix", "headerChecks", "*", "action"], "readOnly": false, "type": "string"}, "services.postfix.headerChecks.*.pattern": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"/^.*/\""}, "description": "A regexp pattern matching the header", "example": {"_type": "literalExpression", "text": "\"/^X-Mailer:/\""}, "loc": ["services", "postfix", "headerChecks", "*", "pattern"], "readOnly": false, "type": "string"}, "services.postfix.localRecipients": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of accepted local users. Specify a bare username, an\n`\"@domain.tld\"` wild-card, or a complete\n`\"user@domain.tld\"` address. If set, these names end\nup in the local recipient map -- see the {manpage}`local(8)` man-page -- and\neffectively replace the system user database lookup that's otherwise\nused by default.\n", "loc": ["services", "postfix", "localRecipients"], "readOnly": false, "type": "null or (list of string)"}, "services.postfix.mapFiles": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Maps to be compiled and placed into /var/lib/postfix/conf.", "loc": ["services", "postfix", "mapFiles"], "readOnly": false, "type": "attribute set of absolute path"}, "services.postfix.package": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "pkgs.postfix"}, "description": "The postfix package to use.", "loc": ["services", "postfix", "package"], "readOnly": false, "type": "package"}, "services.postfix.postmasterAlias": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Who should receive postmaster e-mail. Multiple values can be added by\nseparating values with comma.\n", "loc": ["services", "postfix", "postmasterAlias"], "readOnly": false, "type": "string"}, "services.postfix.rootAlias": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Who should receive root e-mail. Blank for no redirection.\nMultiple values can be added by separating values with comma.\n", "loc": ["services", "postfix", "rootAlias"], "readOnly": false, "type": "string"}, "services.postfix.setSendmail": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set the system sendmail to postfix's.", "loc": ["services", "postfix", "setSendmail"], "readOnly": false, "type": "boolean"}, "services.postfix.setgidGroup": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"postdrop\""}, "description": "How to call postfix setgid group (for postdrop). Should\nbe uniquely used group.\n", "loc": ["services", "postfix", "setgidGroup"], "readOnly": false, "type": "string"}, "services.postfix.settings.main": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "The main.cf configuration file as key value set.\n\nNull values will not be rendered.\n\n::: {.tip}\nCheck `postconf -d` for the default values of all settings.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  mail_owner = \"postfix\";\n  smtp_tls_security_level = \"may\";\n}"}, "loc": ["services", "postfix", "settings", "main"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or signed integer or absolute path or string or list of string)"}, "services.postfix.settings.main.message_size_limit": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "10240000"}, "description": "Maximum size of an email message in bytes.\n\n<https://www.postfix.org/postconf.5.html#message_size_limit>\n", "example": {"_type": "literalExpression", "text": "52428800"}, "loc": ["services", "postfix", "settings", "main", "message_size_limit"], "readOnly": false, "type": "null or signed integer"}, "services.postfix.settings.main.mydestination": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"$myhostname\"\n  \"localhost.$mydomain\"\n  \"localhost\"\n]"}, "description": "List of domain names intended for local delivery using /etc/passwd and /etc/aliases.\n\n::: {.warning}\nDo not include [virtual](https://www.postfix.org/VIRTUAL_README.html) domains in this list.\n:::\n\n<https://www.postfix.org/postconf.5.html#mydestination>\n", "loc": ["services", "postfix", "settings", "main", "mydestination"], "readOnly": false, "type": "null or string or list of string"}, "services.postfix.settings.main.myhostname": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The internet hostname of this mail system.\n\nLeave unset to default to the system hostname with the {option}`mydomain` suffix.\n\n<https://www.postfix.org/postconf.5.html#myhostname>\n", "example": {"_type": "literalExpression", "text": "\"mail.example.com\""}, "loc": ["services", "postfix", "settings", "main", "myhostname"], "readOnly": false, "type": "null or string"}, "services.postfix.settings.main.mynetworks": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of trusted remote SMTP clients, that are allowed to relay mail.\n\nLeave unset to let Postfix populate this list based on the {option}`mynetworks_style` setting.\n\n<https://www.postfix.org/postconf.5.html#mynetworks>\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.0/8\"\n  \"::1\"\n]"}, "loc": ["services", "postfix", "settings", "main", "mynetworks"], "readOnly": false, "type": "null or (list of string)"}, "services.postfix.settings.main.mynetworks_style": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"host\""}, "description": "The method used for generating the default value for {option}`mynetworks`, if that option is unset.\n\n<https://www.postfix.org/postconf.5.html#mynetworks_style>\n", "loc": ["services", "postfix", "settings", "main", "mynetworks_style"], "readOnly": false, "type": "null or one of \"host\", \"subnet\", \"class\""}, "services.postfix.settings.main.recipient_delimiter": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Set of characters used as the delimiters for address extensions.\n\nThis allows creating different forwarding rules per extension.\n\n<https://www.postfix.org/postconf.5.html#recipient_delimiter>\n", "example": {"_type": "literalExpression", "text": "\"+\""}, "loc": ["services", "postfix", "settings", "main", "recipient_delimiter"], "readOnly": false, "type": "null or string"}, "services.postfix.settings.main.relay_domains": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of domains delivered via the relay transport.\n\n<https://www.postfix.org/postconf.5.html#relay_domains>\n", "example": {"_type": "literalExpression", "text": "[\n  \"lists.example.com\"\n]"}, "loc": ["services", "postfix", "settings", "main", "relay_domains"], "readOnly": false, "type": "null or (list of string)"}, "services.postfix.settings.main.relayhost": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hosts to use for relaying outbound mail.\n\n::: {.note}\nPutting the hostname in angled brackets, e.g. `[relay.example.com]`, turns off MX and SRV lookups for the hostname.\n:::\n\n<https://www.postfix.org/postconf.5.html#relayhost>\n", "example": {"_type": "literalExpression", "text": "[\n  \"[relay.example.com]:587\"\n]"}, "loc": ["services", "postfix", "settings", "main", "relayhost"], "readOnly": false, "type": "null or (list of string)"}, "services.postfix.settings.main.smtp_tls_CAfile": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "config.security.pki.caBundle\n"}, "description": "File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates.\n\nDefaults to the system CA bundle that is managed through the `security.pki` options.\n\n<https://www.postfix.org/postconf.5.html#smtp_tls_CAfile>\n", "example": {"_type": "literalExpression", "text": "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\n"}, "loc": ["services", "postfix", "settings", "main", "smtp_tls_CAfile"], "readOnly": false, "type": "absolute path"}, "services.postfix.settings.main.smtp_tls_security_level": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"may\""}, "description": "The client TLS security level.\n\n::: {.tip}\nUse `dane` with a local DNSSEC validating DNS resolver enabled.\n:::\n\n<https://www.postfix.org/postconf.5.html#smtp_tls_security_level>\n", "loc": ["services", "postfix", "settings", "main", "smtp_tls_security_level"], "readOnly": false, "type": "one of \"none\", \"may\", \"encrypt\", \"dane\", \"dane-only\", \"fingerprint\", \"verify\", \"secure\""}, "services.postfix.settings.main.smtpd_tls_chain_files": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths to the server private keys and certificates.\n\n::: {.caution}\nThe order of items matters and a private key must always be followed by the corresponding certificate.\n:::\n\n<https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files>\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/lib/acme/mail.example.com/privkey.pem\"\n  \"/var/lib/acme/mail.example.com/fullchain.pem\"\n]"}, "loc": ["services", "postfix", "settings", "main", "smtpd_tls_chain_files"], "readOnly": false, "type": "list of absolute path"}, "services.postfix.settings.main.smtpd_tls_security_level": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "if config.services.postfix.settings.main.smtpd_tls_chain_files != [ ] then \"may\" else \"none\"\n"}, "description": "The server TLS security level. Enable TLS by configuring at least `may`.\n\n<https://www.postfix.org/postconf.5.html#smtpd_tls_security_level>\n", "example": {"_type": "literalExpression", "text": "\"may\""}, "loc": ["services", "postfix", "settings", "main", "smtpd_tls_security_level"], "readOnly": false, "type": "one of \"none\", \"may\", \"encrypt\""}, "services.postfix.settings.master": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The {file}`master.cf` configuration file as an attribute set of service\ndefitions\n\n::: {.tip}\nCheck <https://www.postfix.org/master.5.html> for possible settings.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  submission = {\n    args = [\n      \"-o\"\n      \"smtpd_tls_security_level=encrypt\"\n    ];\n    type = \"inet\";\n  };\n}"}, "loc": ["services", "postfix", "settings", "master"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.postfix.settings.master.<name>.args": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Arguments to pass to the {option}`command`. There is no shell\nprocessing involved and shell syntax is passed verbatim to the\nprocess.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-o\"\n  \"smtp_helo_timeout=5\"\n]"}, "loc": ["services", "postfix", "settings", "master", "<name>", "args"], "readOnly": false, "type": "list of string"}, "services.postfix.settings.master.<name>.chroot": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "Whether the service is chrooted to have only access to the\n{option}`services.postfix.queueDir` and the closure of\nstore paths specified by the {option}`program` option.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postfix", "settings", "master", "<name>", "chroot"], "readOnly": false, "type": "boolean"}, "services.postfix.settings.master.<name>.command": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "A program name specifying a Postfix service/daemon process.\nBy default it's the attribute {option}`name`.\n", "example": {"_type": "literalExpression", "text": "\"smtpd\""}, "loc": ["services", "postfix", "settings", "master", "<name>", "command"], "readOnly": false, "type": "string"}, "services.postfix.settings.master.<name>.maxproc": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "The maximum number of processes to spawn for this service. If the\nvalue is `0` it doesn't have any limit. If\n`null` is given it uses the postfix default of\n`100`.\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "postfix", "settings", "master", "<name>", "maxproc"], "readOnly": false, "type": "signed integer"}, "services.postfix.settings.master.<name>.name": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the service to run. Defaults to the attribute set key.\n", "example": {"_type": "literalExpression", "text": "\"smtp\""}, "loc": ["services", "postfix", "settings", "master", "<name>", "name"], "readOnly": false, "type": "string"}, "services.postfix.settings.master.<name>.private": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "Whether the service's sockets and storage directory is restricted to\nbe only available via the mail system. If `null` is\ngiven it uses the postfix default `true`.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "postfix", "settings", "master", "<name>", "private"], "readOnly": false, "type": "boolean"}, "services.postfix.settings.master.<name>.privileged": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postfix", "settings", "master", "<name>", "privileged"], "readOnly": false, "type": "boolean"}, "services.postfix.settings.master.<name>.type": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"unix\""}, "description": "The type of the service", "example": {"_type": "literalExpression", "text": "\"inet\""}, "loc": ["services", "postfix", "settings", "master", "<name>", "type"], "readOnly": false, "type": "one of \"inet\", \"unix\", \"unix-dgram\", \"fifo\", \"pass\""}, "services.postfix.settings.master.<name>.wakeup": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "Automatically wake up the service after the specified number of\nseconds. If `0` is given, never wake the service\nup.\n", "example": {"_type": "literalExpression", "text": "60"}, "loc": ["services", "postfix", "settings", "master", "<name>", "wakeup"], "readOnly": false, "type": "signed integer"}, "services.postfix.settings.master.<name>.wakeupUnusedComponent": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "description": "If set to `false` the component will only be woken\nup if it is used. This is equivalent to postfix' notion of adding a\nquestion mark behind the wakeup time in\n{file}`master.cf`\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "postfix", "settings", "master", "<name>", "wakeupUnusedComponent"], "readOnly": false, "type": "boolean"}, "services.postfix.submissionOptions": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "{\n  milter_macro_daemon_name = \"ORIGINATING\";\n  smtpd_client_restrictions = \"permit_sasl_authenticated,reject\";\n  smtpd_sasl_auth_enable = \"yes\";\n  smtpd_tls_security_level = \"encrypt\";\n}"}, "description": "Options for the submission config in master.cf", "example": {"_type": "literalExpression", "text": "{\n  milter_macro_daemon_name = \"ORIGINATING\";\n  smtpd_client_restrictions = \"permit_sasl_authenticated,reject\";\n  smtpd_sasl_auth_enable = \"yes\";\n  smtpd_sasl_type = \"dovecot\";\n  smtpd_tls_security_level = \"encrypt\";\n}"}, "loc": ["services", "postfix", "submissionOptions"], "readOnly": false, "type": "attribute set of string"}, "services.postfix.submissionsOptions": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "{\n  milter_macro_daemon_name = \"ORIGINATING\";\n  smtpd_client_restrictions = \"permit_sasl_authenticated,reject\";\n  smtpd_sasl_auth_enable = \"yes\";\n}"}, "description": "Options for the submission config via smtps in master.cf.\n\nsmtpd_tls_security_level will be set to encrypt, if it is missing\nor has one of the values \"may\" or \"none\".\n\nsmtpd_tls_wrappermode with value \"yes\" will be added automatically.\n", "example": {"_type": "literalExpression", "text": "{\n  milter_macro_daemon_name = \"ORIGINATING\";\n  smtpd_client_restrictions = \"permit_sasl_authenticated,reject\";\n  smtpd_sasl_auth_enable = \"yes\";\n  smtpd_sasl_type = \"dovecot\";\n}"}, "loc": ["services", "postfix", "submissionsOptions"], "readOnly": false, "type": "attribute set of string"}, "services.postfix.transport": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Entries for the transport map, cf. man-page {manpage}`transport(5)`.\n", "loc": ["services", "postfix", "transport"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.user": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"postfix\""}, "description": "What to call the Postfix user (must be used only for postfix).", "loc": ["services", "postfix", "user"], "readOnly": false, "type": "string"}, "services.postfix.virtual": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Entries for the virtual alias map, cf. man-page {manpage}`virtual(5)`.\n", "loc": ["services", "postfix", "virtual"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postfix.virtualMapType": {"declarations": ["nixos/modules/services/mail/postfix.nix"], "default": {"_type": "literalExpression", "text": "\"hash\""}, "description": "What type of virtual alias map file to use. Use `\"regexp\"` for regular expressions.\n", "loc": ["services", "postfix", "virtualMapType"], "readOnly": false, "type": "one of \"hash\", \"regexp\", \"pcre\""}, "services.postgres-websockets.enable": {"declarations": ["nixos/modules/services/databases/postgres-websockets.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable postgres-websockets.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgres-websockets", "enable"], "readOnly": false, "type": "boolean"}, "services.postgres-websockets.environment": {"declarations": ["nixos/modules/services/databases/postgres-websockets.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "postgres-websockets configuration as defined in:\n<https://github.com/diogob/postgres-websockets/blob/master/src/PostgresWebsockets/Config.hs#L71-L87>\n\n`PGWS_DB_URI` is represented as an attribute set, see [`environment.PGWS_DB_URI`](#opt-services.postgres-websockets.environment.PGWS_DB_URI)\n\n::: {.note}\nThe `environment.PGWS_JWT_SECRET` option is blocked.\nUse [`jwtSecretFile`](#opt-services.postgres-websockets.jwtSecretFile) instead.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  PGWS_LISTEN_CHANNEL = \"my_channel\";\n  PGWS_DB_URI.dbname = \"postgres\";\n}\n"}, "loc": ["services", "postgres-websockets", "environment"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.postgres-websockets.environment.PGWS_DB_URI": {"declarations": ["nixos/modules/services/databases/postgres-websockets.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "libpq connection parameters as documented in:\n\n<https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS>\n\n::: {.note}\nThe `environment.PGWS_DB_URI.password` and `environment.PGWS_DB_URI.passfile` options are blocked.\nUse [`pgpassFile`](#opt-services.postgres-websockets.pgpassFile) instead.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  host = \"localhost\";\n  dbname = \"postgres\";\n}\n"}, "loc": ["services", "postgres-websockets", "environment", "PGWS_DB_URI"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.postgres-websockets.environment.PGWS_HOST": {"declarations": ["nixos/modules/services/databases/postgres-websockets.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address the server will listen for websocket connections.\n", "loc": ["services", "postgres-websockets", "environment", "PGWS_HOST"], "readOnly": false, "type": "null or string"}, "services.postgres-websockets.jwtSecretFile": {"declarations": ["nixos/modules/services/databases/postgres-websockets.nix"], "description": "Secret used to sign JWT tokens used to open communications channels.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jwt_secret\""}, "loc": ["services", "postgres-websockets", "jwtSecretFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.postgres-websockets.pgpassFile": {"declarations": ["nixos/modules/services/databases/postgres-websockets.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password to authenticate to PostgreSQL with.\nNot needed for peer or trust based authentication.\n\nThe file must be a valid `.pgpass` file as described in:\n<https://www.postgresql.org/docs/current/libpq-pgpass.html>\n\nIn most cases, the following will be enough:\n```\n*:*:*:*:<password>\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/db_password\""}, "loc": ["services", "postgres-websockets", "pgpassFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.postgresql.authentication": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines how users authenticate themselves to the server. See the\n[PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html)\nfor details on the expected format of this option. By default,\npeer based authentication will be used for users connecting\nvia the Unix socket, and md5 password authentication will be\nused for users connecting via TCP. Any added rules will be\ninserted above the default rules. If you'd like to replace the\ndefault rules entirely, you can use `lib.mkForce` in your\nmodule.\n", "loc": ["services", "postgresql", "authentication"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postgresql.checkConfig": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check the syntax of the configuration file at compile time", "loc": ["services", "postgresql", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.postgresql.dataDir": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}\""}, "description": "The data directory for PostgreSQL. If left as the default value\nthis directory will automatically be created before the PostgreSQL server starts, otherwise\nthe sysadmin is responsible for ensuring the directory exists with appropriate ownership\nand permissions.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/postgresql/15\""}, "loc": ["services", "postgresql", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.postgresql.enable": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgreSQL Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgresql", "enable"], "readOnly": false, "type": "boolean"}, "services.postgresql.enableJIT": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable JIT support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgresql", "enableJIT"], "readOnly": false, "type": "boolean"}, "services.postgresql.enableTCPIP": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether PostgreSQL should listen on all network interfaces.\nIf disabled, the database can only be accessed via its Unix\ndomain socket or via TCP connections to localhost.\n", "loc": ["services", "postgresql", "enableTCPIP"], "readOnly": false, "type": "boolean"}, "services.postgresql.ensureDatabases": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ensures that the specified databases exist.\nThis option will never delete existing databases, especially not when the value of this\noption is changed. This means that databases created once through this option or\notherwise have to be removed manually.\n", "example": {"_type": "literalExpression", "text": "[\n  \"gitea\"\n  \"nextcloud\"\n]"}, "loc": ["services", "postgresql", "ensureDatabases"], "readOnly": false, "type": "list of string"}, "services.postgresql.ensureUsers": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Ensures that the specified users exist.\nThe PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the\nsame name only, and that without the need for a password.\nThis option will never delete existing users or remove DB ownership of databases\nonce granted with `ensureDBOwnership = true;`. This means that this must be\ncleaned up manually when changing after changing the config in here.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"nextcloud\";\n  }\n  {\n    name = \"superuser\";\n    ensureDBOwnership = true;\n  }\n]\n"}, "loc": ["services", "postgresql", "ensureUsers"], "readOnly": false, "type": "list of (submodule)"}, "services.postgresql.ensureUsers.*.ensureClauses": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attrset of clauses to grant to the user. Under the hood this uses the\n[ALTER USER syntax](https://www.postgresql.org/docs/current/sql-alteruser.html) for each attrName where\nthe attrValue is true in the attrSet:\n`ALTER USER user.name WITH attrName`\n", "example": {"_type": "literalExpression", "text": "{\n  superuser = true;\n  createrole = true;\n  createdb = true;\n  connection_limit = 5;\n\n  # SCRAM-SHA-256 hashed password for \"password\"\n  # Generate hashes using PostgreSQL or a dedicated script rather than storing passwords in plain text.\n  password = \"SCRAM-SHA-256$4096:SZEJF5Si4QZ6l4fedrZZWQ==$6u3PWVcz+dts+NdpByPIjKa4CaSnoXGG3M2vpo76bVU=:WSZ0iGUCmVtKYVvNX0pFOp/60IgsdJ+90Y67Eun+QE0=\";\n}\n"}, "loc": ["services", "postgresql", "ensureUsers", "*", "ensureClauses"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean)"}, "services.postgresql.ensureUsers.*.ensureDBOwnership": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Grants the user ownership to a database with the same name.\nThis database must be defined manually in\n[](#opt-services.postgresql.ensureDatabases).\n", "loc": ["services", "postgresql", "ensureUsers", "*", "ensureDBOwnership"], "readOnly": false, "type": "boolean"}, "services.postgresql.ensureUsers.*.name": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "description": "Name of the user to ensure.\n", "loc": ["services", "postgresql", "ensureUsers", "*", "name"], "readOnly": false, "type": "string"}, "services.postgresql.extensions": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "<function>"}, "description": "List of PostgreSQL extensions to install.\n", "example": {"_type": "literalExpression", "text": "ps: with ps; [ postgis pg_repack ]"}, "loc": ["services", "postgresql", "extensions"], "readOnly": false, "type": "(function that evaluates to a(n) list of absolute path) or (list of absolute path) convertible to it"}, "services.postgresql.finalPackage": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "\"with config.services.postgresql; package.withPackages extensions\""}, "description": "The postgresql package that will effectively be used in the system.\nIt consists of the base package with plugins applied to it.\n", "loc": ["services", "postgresql", "finalPackage"], "readOnly": true, "type": "package"}, "services.postgresql.identMap": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Defines the mapping from system users to database users.\n\nSee the [auth doc](https://postgresql.org/docs/current/auth-username-maps.html).\n\nThere is a default map \"postgres\" which is used for local peer authentication\nas the postgres superuser role.\nFor example, to allow the root user to login as the postgres superuser, add:\n\n```\npostgres root postgres\n```\n", "example": {"_type": "literalExpression", "text": "''\n  map-name-0 system-username-0 database-username-0\n  map-name-1 system-username-1 database-username-1\n''"}, "loc": ["services", "postgresql", "identMap"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.postgresql.initdbArgs": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments passed to `initdb` during data dir\ninitialisation.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--data-checksums\"\n  \"--allow-group-access\"\n]"}, "loc": ["services", "postgresql", "initdbArgs"], "readOnly": false, "type": "list of string"}, "services.postgresql.initialScript": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing SQL statements to execute on first startup.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"init-sql-script\" ''\n  alter user postgres with password 'myPassword';\n'';"}, "loc": ["services", "postgresql", "initialScript"], "readOnly": false, "type": "null or absolute path"}, "services.postgresql.package": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "if versionAtLeast config.system.stateVersion \"25.11\" then\n  pkgs.postgresql_17\nelse if versionAtLeast config.system.stateVersion \"24.11\" then\n  pkgs.postgresql_16\nelse if versionAtLeast config.system.stateVersion \"23.11\" then\n  pkgs.postgresql_15\nelse\n  pkgs.postgresql_14\n"}, "description": "The package being used by postgresql.\n", "example": {"_type": "literalExpression", "text": "pkgs.postgresql_15"}, "loc": ["services", "postgresql", "package"], "readOnly": false, "type": "package"}, "services.postgresql.settings": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PostgreSQL configuration. Refer to\n<https://www.postgresql.org/docs/current/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE>\nfor an overview of {file}`postgresql.conf`.\n\n::: {.note}\nString values will automatically be enclosed in single quotes. Single quotes will be\nescaped with two single quotes as described by the upstream documentation linked above.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  log_connections = true;\n  log_statement = \"all\";\n  logging_collector = true;\n  log_disconnections = true;\n  log_destination = lib.mkForce \"syslog\";\n}\n"}, "loc": ["services", "postgresql", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or string)"}, "services.postgresql.settings.log_line_prefix": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "\"[%p] \""}, "description": "A printf-style string that is output at the beginning of each log line.\nUpstream default is `'%m [%p] '`, i.e. it includes the timestamp. We do\nnot include the timestamp, because journal has it anyway.\n", "example": {"_type": "literalExpression", "text": "\"%m [%p] \""}, "loc": ["services", "postgresql", "settings", "log_line_prefix"], "readOnly": false, "type": "string"}, "services.postgresql.settings.port": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "The port on which PostgreSQL listens.\n", "loc": ["services", "postgresql", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.postgresql.settings.shared_preload_libraries": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of libraries to be preloaded.\n", "example": {"_type": "literalExpression", "text": "[ \"auto_explain\" \"anon\" ]"}, "loc": ["services", "postgresql", "settings", "shared_preload_libraries"], "readOnly": false, "type": "null or (strings concatenated with \",\" or (list of string) convertible to it)"}, "services.postgresql.systemCallFilter": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"@system-service\" = true;\n  \"~@privileged\" = true;\n  \"~@resources\" = true;\n}\n"}, "description": "Configures the syscall filter for `postgresql.service`. The keys are\ndeclarations for `SystemCallFilter` as described in {manpage}`systemd.exec(5)`.\n\nThe value is a boolean: `true` adds the attribute name to the syscall filter-set,\n`false` doesn't. This is done to allow downstream configurations to turn off\nrestrictions made here. E.g. with\n\n```nix\n{\n  services.postgresql.systemCallFilter.\"~@resources\" = false;\n}\n```\n\nit's possible to remove the restriction on `@resources` (keep in mind that\n`@system-service` implies `@resources`).\n\nAs described in the section for [](#opt-services.postgresql.systemCallFilter._name_.priority),\nthe ordering matters. Hence, it's also possible to specify customizations with\n\n```nix\n{\n  services.postgresql.systemCallFilter = {\n    \"foobar\" = { enable = true; priority = 23; };\n  };\n}\n```\n\n[](#opt-services.postgresql.systemCallFilter._name_.enable) is the flag whether\nor not it will be added to the `SystemCallFilter` of `postgresql.service`.\n\nSettings with a higher priority are added after filter settings with a lower\npriority. Hence, syscall groups with a higher priority can discard declarations\nwith a lower priority.\n\nBy default, syscall groups (i.e. attribute names starting with `@`) are added\n_before_ negated groups (i.e. `~@` as prefix) _before_ syscall names\nand negations.\n", "loc": ["services", "postgresql", "systemCallFilter"], "readOnly": false, "type": "attribute set of ((submodule) or boolean convertible to it)"}, "services.postgresql.systemCallFilter.<name>.enable": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable \u2039name\u203a in postgresql's syscall filter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgresql", "systemCallFilter", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.postgresql.systemCallFilter.<name>.priority": {"declarations": ["nixos/modules/services/databases/postgresql.nix"], "default": {"_type": "literalExpression", "text": "if hasPrefix \"@\" name then 500 else if hasPrefix \"~@\" name then 1000 else 1500\n"}, "description": "Set the priority of the system call filter setting. Later declarations\noverride earlier ones, e.g.\n\n```ini\n[Service]\nSystemCallFilter=~read write\nSystemCallFilter=write\n```\n\nresults in a service where _only_ `read` is not allowed.\n\nThe ordering in the unit file is controlled by this option: the higher\nthe number, the later it will be added to the filterset.\n\nBy default, depending on the prefix a priority is assigned: usually, call-groups\n(starting with `@`) are used to allow/deny a larger set of syscalls and later\non single syscalls are configured for exceptions. Hence, syscall groups\nand negative groups are placed before individual syscalls by default.\n", "loc": ["services", "postgresql", "systemCallFilter", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.postgresqlBackup.backupAll": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "services.postgresqlBackup.databases == []"}, "description": "Backup all databases using pg_dumpall.\nThis option is mutual exclusive to\n`services.postgresqlBackup.databases`.\nThe resulting backup dump will have the name all.sql.gz.\nThis option is the default if no databases are specified.\n", "loc": ["services", "postgresqlBackup", "backupAll"], "readOnly": false, "type": "boolean"}, "services.postgresqlBackup.compression": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"gzip\""}, "description": "The type of compression to use on the generated database dump.\n", "loc": ["services", "postgresqlBackup", "compression"], "readOnly": false, "type": "one of \"none\", \"gzip\", \"zstd\""}, "services.postgresqlBackup.compressionLevel": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "The compression level used when compression is enabled.\ngzip accepts levels 1 to 9. zstd accepts levels 1 to 19.\n", "loc": ["services", "postgresqlBackup", "compressionLevel"], "readOnly": false, "type": "integer between 1 and 19 (both inclusive)"}, "services.postgresqlBackup.databases": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of database names to dump.\n", "loc": ["services", "postgresqlBackup", "databases"], "readOnly": false, "type": "list of string"}, "services.postgresqlBackup.enable": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgreSQL dumps.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgresqlBackup", "enable"], "readOnly": false, "type": "boolean"}, "services.postgresqlBackup.location": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"/var/backup/postgresql\""}, "description": "Path of directory where the PostgreSQL database dumps will be placed.\n", "loc": ["services", "postgresqlBackup", "location"], "readOnly": false, "type": "absolute path"}, "services.postgresqlBackup.pgdumpAllOptions": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command line options for pg_dumpall. This options is not used if\n`config.services.postgresqlBackup.backupAll` is disabled.\n", "loc": ["services", "postgresqlBackup", "pgdumpAllOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.postgresqlBackup.pgdumpOptions": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"-C\""}, "description": "Command line options for pg_dump. This options is not used if\n`config.services.postgresqlBackup.backupAll` is enabled. Note that\nconfig.services.postgresqlBackup.backupAll is also active, when no\ndatabases where specified.\n", "loc": ["services", "postgresqlBackup", "pgdumpOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.postgresqlBackup.startAt": {"declarations": ["nixos/modules/services/backup/postgresql-backup.nix"], "default": {"_type": "literalExpression", "text": "\"*-*-* 01:15:00\""}, "description": "This option defines (see `systemd.time` for format) when the\ndatabases should be dumped.\nThe default is to update at 01:15 (at night) every day.\n", "loc": ["services", "postgresqlBackup", "startAt"], "readOnly": false, "type": "(list of string) or string"}, "services.postgresqlWalReceiver.receivers": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PostgreSQL WAL receivers.\nStream write-ahead logs from a PostgreSQL server using {command}`pg_receivewal` (formerly {command}`pg_receivexlog`).\nSee [the man page](https://www.postgresql.org/docs/current/app-pgreceivewal.html) for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    postgresqlPackage = pkgs.postgresql_15;\n    directory = /mnt/pg_wal/main/;\n    slot = \"main_wal_receiver\";\n    connection = \"postgresql://user@somehost\";\n  };\n}\n"}, "loc": ["services", "postgresqlWalReceiver", "receivers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.postgresqlWalReceiver.receivers.<name>.compress": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Enables gzip compression of write-ahead logs, and specifies the compression level\n(`0` through `9`, `0` being no compression and `9` being best compression).\nThe suffix `.gz` will automatically be added to all filenames.\n\nThis option requires PostgreSQL >= 10.\n", "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "compress"], "readOnly": false, "type": "integer between 0 and 9 (both inclusive)"}, "services.postgresqlWalReceiver.receivers.<name>.connection": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "description": "Specifies parameters used to connect to the server, as a connection string.\nSee [Section 34.1.1 of the PostgreSQL manual](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING) for more information.\n\nBecause {command}`pg_receivewal` doesn't connect to any particular database in the cluster,\ndatabase name in the connection string will be ignored.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://user@somehost\""}, "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "connection"], "readOnly": false, "type": "string"}, "services.postgresqlWalReceiver.receivers.<name>.directory": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "description": "Directory to write the output to.\n", "example": {"_type": "literalExpression", "text": "/mnt/pg_wal/main/"}, "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "directory"], "readOnly": false, "type": "absolute path"}, "services.postgresqlWalReceiver.receivers.<name>.environment": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to the service.\nUsable parameters are listed in [Section 34.14 of the PostgreSQL manual](https://www.postgresql.org/docs/current/libpq-envars.html).\n", "example": {"_type": "literalExpression", "text": "{\n  PGPASSFILE = \"/private/passfile\";\n  PGSSLMODE = \"require\";\n}\n"}, "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.postgresqlWalReceiver.receivers.<name>.extraArgs": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra arguments to pass to the {command}`pg_receivewal` command.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--no-sync\"\n]\n"}, "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.postgresqlWalReceiver.receivers.<name>.postgresqlPackage": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.postgresql"}, "description": "The postgresql package to use.", "example": {"_type": "literalExpression", "text": "postgresql_15"}, "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "postgresqlPackage"], "readOnly": false, "type": "package"}, "services.postgresqlWalReceiver.receivers.<name>.slot": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Require {command}`pg_receivewal` to use an existing replication slot (see\n[Section 26.2.6 of the PostgreSQL manual](https://www.postgresql.org/docs/current/warm-standby.html#STREAMING-REPLICATION-SLOTS)).\nWhen this option is used, {command}`pg_receivewal` will report a flush position to the server,\nindicating when each segment has been synchronized to disk so that the server can remove that segment if it is not otherwise needed.\n\nWhen the replication client of {command}`pg_receivewal` is configured on the server as a synchronous standby,\nthen using a replication slot will report the flush position to the server, but only when a WAL file is closed.\nTherefore, that configuration will cause transactions on the primary to wait for a long time and effectively not work satisfactorily.\nThe option {option}`synchronous` must be specified in addition to make this work correctly.\n", "example": {"_type": "literalExpression", "text": "\"some_slot_name\""}, "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "slot"], "readOnly": false, "type": "string"}, "services.postgresqlWalReceiver.receivers.<name>.statusInterval": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Specifies the number of seconds between status packets sent back to the server.\nThis allows for easier monitoring of the progress from server.\nA value of zero disables the periodic status updates completely,\nalthough an update will still be sent when requested by the server, to avoid timeout disconnect.\n", "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "statusInterval"], "readOnly": false, "type": "signed integer"}, "services.postgresqlWalReceiver.receivers.<name>.synchronous": {"declarations": ["nixos/modules/services/backup/postgresql-wal-receiver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Flush the WAL data to disk immediately after it has been received.\nAlso send a status packet back to the server immediately after flushing, regardless of {option}`statusInterval`.\n\nThis option should be specified if the replication client of {command}`pg_receivewal` is configured on the server as a synchronous standby,\nto ensure that timely feedback is sent to the server.\n", "loc": ["services", "postgresqlWalReceiver", "receivers", "<name>", "synchronous"], "readOnly": false, "type": "boolean"}, "services.postgrest.enable": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgREST.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgrest", "enable"], "readOnly": false, "type": "boolean"}, "services.postgrest.jwtSecretFile": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The secret or JSON Web Key (JWK) (or set) used to decode JWT tokens clients provide for authentication.\nFor security the key must be at least 32 characters long.\nIf this parameter is not specified then PostgREST refuses authentication requests.\n\n<https://docs.postgrest.org/en/stable/references/configuration.html#jwt-secret>\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/jwt_secret\""}, "loc": ["services", "postgrest", "jwtSecretFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.postgrest.pgpassFile": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password to authenticate to PostgreSQL with.\nNot needed for peer or trust based authentication.\n\nThe file must be a valid `.pgpass` file as described in:\n<https://www.postgresql.org/docs/current/libpq-pgpass.html>\n\nIn most cases, the following will be enough:\n```\n*:*:*:*:<password>\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/db_password\""}, "loc": ["services", "postgrest", "pgpassFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.postgrest.settings": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PostgREST configuration as documented in:\n<https://docs.postgrest.org/en/stable/references/configuration.html#list-of-parameters>\n\n`db-uri` is represented as an attribute set, see [`settings.db-uri`](#opt-services.postgrest.settings.db-uri)\n\n::: {.note}\nThe `settings.jwt-secret` option is blocked.\nUse [`jwtSecretFile`](#opt-services.postgrest.jwtSecretFile) instead.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  db-anon-role = \"anon\";\n  db-uri.dbname = \"postgres\";\n  \"app.settings.custom\" = \"value\";\n}\n"}, "loc": ["services", "postgrest", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or (unsigned integer, meaning >=0) or string)"}, "services.postgrest.settings.admin-server-port": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the port for the admin server, which can be used for healthchecks.\n\n<https://docs.postgrest.org/en/stable/references/admin_server.html#admin-server>\n", "loc": ["services", "postgrest", "settings", "admin-server-port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.postgrest.settings.db-config": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the in-database configuration.\n\n<https://docs.postgrest.org/en/stable/references/configuration.html#in-database-configuration>\n\n::: {.note}\nThis is enabled by default upstream, but disabled by default in this module.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postgrest", "settings", "db-config"], "readOnly": false, "type": "boolean"}, "services.postgrest.settings.db-uri": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "libpq connection parameters as documented in:\n\n<https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS>\n\n::: {.note}\nThe `settings.db-uri.password` and `settings.db-uri.passfile` options are blocked.\nUse [`pgpassFile`](#opt-services.postgrest.pgpassFile) instead.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  host = \"localhost\";\n  dbname = \"postgres\";\n}\n"}, "loc": ["services", "postgrest", "settings", "db-uri"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.postgrest.settings.server-host": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Where to bind the PostgREST web server.\n\n::: {.note}\nThe admin server will also bind here, but potentially exposes sensitive information.\nMake sure you turn off the admin server, when opening this to the public.\n\n<https://github.com/PostgREST/postgrest/issues/3956>\n:::\n", "loc": ["services", "postgrest", "settings", "server-host"], "readOnly": false, "type": "null or string"}, "services.postgrest.settings.server-port": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The TCP port to bind the web server.\n", "example": {"_type": "literalExpression", "text": "3000"}, "loc": ["services", "postgrest", "settings", "server-port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.postgrest.settings.server-unix-socket": {"declarations": ["nixos/modules/services/databases/postgrest.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgrest/postgrest.sock\""}, "description": "Unix domain socket where to bind the PostgREST web server.\n", "loc": ["services", "postgrest", "settings", "server-unix-socket"], "readOnly": false, "type": "null or absolute path"}, "services.postgrey.IPv4CIDR": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "24"}, "description": "Strip N bits from IPv4 addresses if lookupBySubnet is true", "loc": ["services", "postgrey", "IPv4CIDR"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.postgrey.IPv6CIDR": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "64"}, "description": "Strip N bits from IPv6 addresses if lookupBySubnet is true", "loc": ["services", "postgrey", "IPv6CIDR"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.postgrey.autoWhitelist": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Whitelist clients after successful delivery of N messages", "loc": ["services", "postgrey", "autoWhitelist"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.postgrey.delay": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Greylist for N seconds", "loc": ["services", "postgrey", "delay"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.postgrey.enable": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the Postgrey daemon", "loc": ["services", "postgrey", "enable"], "readOnly": false, "type": "boolean"}, "services.postgrey.greylistAction": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "\"DEFER_IF_PERMIT\""}, "description": "Response status for greylisted messages (see {manpage}`access(5)`)", "loc": ["services", "postgrey", "greylistAction"], "readOnly": false, "type": "string"}, "services.postgrey.greylistHeader": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "\"X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d\""}, "description": "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host", "loc": ["services", "postgrey", "greylistHeader"], "readOnly": false, "type": "string"}, "services.postgrey.greylistText": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "\"Greylisted for %%s seconds\""}, "description": "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient", "loc": ["services", "postgrey", "greylistText"], "readOnly": false, "type": "string"}, "services.postgrey.lookupBySubnet": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR", "loc": ["services", "postgrey", "lookupBySubnet"], "readOnly": false, "type": "boolean"}, "services.postgrey.maxAge": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "35"}, "description": "Delete entries from whitelist if they haven't been seen for N days", "loc": ["services", "postgrey", "maxAge"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.postgrey.privacy": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Store data using one-way hash functions (SHA1)", "loc": ["services", "postgrey", "privacy"], "readOnly": false, "type": "boolean"}, "services.postgrey.retryWindow": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Allow N days for the first retry. Use string with appended 'h' to specify time in hours", "example": {"_type": "literalExpression", "text": "\"12h\""}, "loc": ["services", "postgrey", "retryWindow"], "readOnly": false, "type": "string or (unsigned integer, meaning >=0)"}, "services.postgrey.socket": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "{\n  mode = \"0777\";\n  path = \"/run/postgrey.sock\";\n}"}, "description": "Socket to bind to", "example": {"_type": "literalExpression", "text": "{\n  addr = \"127.0.0.1\";\n  port = 10030;\n}"}, "loc": ["services", "postgrey", "socket"], "readOnly": false, "type": "(submodule) or (submodule)"}, "services.postgrey.whitelistClients": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Client address whitelist files (see {manpage}`postgrey(8)`)", "loc": ["services", "postgrey", "whitelistClients"], "readOnly": false, "type": "list of absolute path"}, "services.postgrey.whitelistRecipients": {"declarations": ["nixos/modules/services/mail/postgrey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Recipient address whitelist files (see {manpage}`postgrey(8)`)", "loc": ["services", "postgrey", "whitelistRecipients"], "readOnly": false, "type": "list of absolute path"}, "services.power-profiles-daemon.enable": {"declarations": ["nixos/modules/services/hardware/power-profiles-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable power-profiles-daemon, a DBus daemon that allows\nchanging system behavior based upon user-selected power profiles.\n", "loc": ["services", "power-profiles-daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.power-profiles-daemon.package": {"declarations": ["nixos/modules/services/hardware/power-profiles-daemon.nix"], "default": {"_type": "literalExpression", "text": "pkgs.power-profiles-daemon"}, "description": "The power-profiles-daemon package to use.", "loc": ["services", "power-profiles-daemon", "package"], "readOnly": false, "type": "package"}, "services.powerdns.enable": {"declarations": ["nixos/modules/services/networking/powerdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PowerDNS domain name server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "powerdns", "enable"], "readOnly": false, "type": "boolean"}, "services.powerdns.extraConfig": {"declarations": ["nixos/modules/services/networking/powerdns.nix"], "default": {"_type": "literalExpression", "text": "\"launch=bind\""}, "description": "PowerDNS configuration. Refer to\n<https://doc.powerdns.com/authoritative/settings.html>\nfor details on supported values.\n", "loc": ["services", "powerdns", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.powerdns.secretFile": {"declarations": ["nixos/modules/services/networking/powerdns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment variables from this file will be interpolated into the\nfinal config file using envsubst with this syntax: `$ENVIRONMENT`\nor `${VARIABLE}`.\nThe file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/powerdns.env\""}, "loc": ["services", "powerdns", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.powerstation.enable": {"declarations": ["nixos/modules/services/hardware/powerstation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PowerStation.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "powerstation", "enable"], "readOnly": false, "type": "boolean"}, "services.powerstation.package": {"declarations": ["nixos/modules/services/hardware/powerstation.nix"], "default": {"_type": "literalExpression", "text": "pkgs.powerstation"}, "description": "The powerstation package to use.", "loc": ["services", "powerstation", "package"], "readOnly": false, "type": "package"}, "services.pppd.enable": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pppd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pppd", "enable"], "readOnly": false, "type": "boolean"}, "services.pppd.package": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ppp"}, "description": "The ppp package to use.", "loc": ["services", "pppd", "package"], "readOnly": false, "type": "package"}, "services.pppd.peers": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "pppd peers.", "loc": ["services", "pppd", "peers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.pppd.peers.<name>.autostart": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the PPP session is automatically started at boot time.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pppd", "peers", "<name>", "autostart"], "readOnly": false, "type": "boolean"}, "services.pppd.peers.<name>.config": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "pppd configuration for this peer, see the {manpage}`pppd(8)` man page.", "loc": ["services", "pppd", "peers", "<name>", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pppd.peers.<name>.enable": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this PPP peer.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pppd", "peers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.pppd.peers.<name>.name": {"declarations": ["nixos/modules/services/networking/pppd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Name of the PPP peer.", "example": {"_type": "literalExpression", "text": "\"dialup\""}, "loc": ["services", "pppd", "peers", "<name>", "name"], "readOnly": false, "type": "string"}, "services.pptpd.clientIpRange": {"declarations": ["nixos/modules/services/networking/pptpd.nix"], "default": {"_type": "literalExpression", "text": "\"10.124.124.2-11\""}, "description": "The range from which client IPs are drawn.", "loc": ["services", "pptpd", "clientIpRange"], "readOnly": false, "type": "string"}, "services.pptpd.enable": {"declarations": ["nixos/modules/services/networking/pptpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pptpd, the Point-to-Point Tunneling Protocol daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pptpd", "enable"], "readOnly": false, "type": "boolean"}, "services.pptpd.extraPppdOptions": {"declarations": ["nixos/modules/services/networking/pptpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Adds extra lines to the pppd options file.", "example": {"_type": "literalExpression", "text": "''\n  ms-dns 8.8.8.8\n  ms-dns 8.8.4.4\n''"}, "loc": ["services", "pptpd", "extraPppdOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pptpd.extraPptpdOptions": {"declarations": ["nixos/modules/services/networking/pptpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Adds extra lines to the pptpd configuration file.", "loc": ["services", "pptpd", "extraPptpdOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pptpd.maxClients": {"declarations": ["nixos/modules/services/networking/pptpd.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "The maximum number of simultaneous connections.", "loc": ["services", "pptpd", "maxClients"], "readOnly": false, "type": "signed integer"}, "services.pptpd.serverIp": {"declarations": ["nixos/modules/services/networking/pptpd.nix"], "default": {"_type": "literalExpression", "text": "\"10.124.124.1\""}, "description": "The server-side IP address.", "loc": ["services", "pptpd", "serverIp"], "readOnly": false, "type": "string"}, "services.prefect.baseUrl": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "external url when served by a reverse proxy, e.g. `https://example.com/prefect`", "loc": ["services", "prefect", "baseUrl"], "readOnly": false, "type": "null or string"}, "services.prefect.dataDir": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/prefect-server\""}, "description": "Specify the directory for Prefect.\n", "loc": ["services", "prefect", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.prefect.database": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "which database to use for prefect server: sqlite or postgres", "loc": ["services", "prefect", "database"], "readOnly": false, "type": "one of \"sqlite\", \"postgres\""}, "services.prefect.databaseHost": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "database host for postgres only", "loc": ["services", "prefect", "databaseHost"], "readOnly": false, "type": "string"}, "services.prefect.databaseName": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"prefect\""}, "description": "database name for postgres only", "loc": ["services", "prefect", "databaseName"], "readOnly": false, "type": "string"}, "services.prefect.databasePasswordFile": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "path to a file containing e.g.:\n  DBPASSWORD=supersecret\n\nstored outside the nix store, read by systemd as EnvironmentFile.\n", "loc": ["services", "prefect", "databasePasswordFile"], "readOnly": false, "type": "null or string"}, "services.prefect.databasePort": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"5432\""}, "description": "database port for postgres only", "loc": ["services", "prefect", "databasePort"], "readOnly": false, "type": "string"}, "services.prefect.databaseUser": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"postgres\""}, "description": "database user for postgres only", "loc": ["services", "prefect", "databaseUser"], "readOnly": false, "type": "string"}, "services.prefect.enable": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "enable prefect server and worker services", "loc": ["services", "prefect", "enable"], "readOnly": false, "type": "boolean"}, "services.prefect.host": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Prefect server host", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "prefect", "host"], "readOnly": false, "type": "string"}, "services.prefect.package": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prefect"}, "description": "The prefect package to use.", "loc": ["services", "prefect", "package"], "readOnly": false, "type": "package"}, "services.prefect.port": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "4200"}, "description": "Prefect server port", "loc": ["services", "prefect", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prefect.workerPools": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "define a set of worker pools with submodule config. example:\nworkerPools.my-pool = {\n  installPolicy = \"never\";\n};\n", "loc": ["services", "prefect", "workerPools"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.prefect.workerPools.<name>.installPolicy": {"declarations": ["nixos/modules/services/scheduling/prefect.nix"], "default": {"_type": "literalExpression", "text": "\"always\""}, "description": "install policy for the worker (always, if-not-present, never, prompt)", "loc": ["services", "prefect", "workerPools", "<name>", "installPolicy"], "readOnly": false, "type": "one of \"always\", \"if-not-present\", \"never\", \"prompt\""}, "services.pretalx.celery.enable": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set up celery as an asynchronous task runner.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretalx", "celery", "enable"], "readOnly": false, "type": "boolean"}, "services.pretalx.celery.extraArgs": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to celery.\n\nSee <https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker> for more info.\n", "loc": ["services", "pretalx", "celery", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pretalx.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically set up the database on the local DBMS instance.\n\nCurrently only supported for PostgreSQL. Not required for sqlite.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretalx", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.pretalx.enable": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pretalx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pretalx", "enable"], "readOnly": false, "type": "boolean"}, "services.pretalx.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment files that allow passing secret configuration values.\n\nEach line must follow the `PRETALX_SECTION_KEY=value` pattern.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/pretalx/env\"\n]"}, "loc": ["services", "pretalx", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.pretalx.finalPackage": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "''\n  config.services.package.override {\n    inherit (config.services.pretalx) plugins;\n  }\n''"}, "description": "The effective pretalx package used. This is the base package with the selected plugins applied.\n", "loc": ["services", "pretalx", "finalPackage"], "readOnly": true, "type": "package"}, "services.pretalx.group": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"pretalx\""}, "description": "Group under which pretalx should run.", "loc": ["services", "pretalx", "group"], "readOnly": false, "type": "string"}, "services.pretalx.gunicorn.extraArgs": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--name=pretalx\"\n]"}, "description": "Extra arguments to pass to gunicorn.\nSee <https://docs.pretalx.org/administrator/installation.html#step-6-starting-pretalx-as-a-service> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--name=pretalx\"\n  \"--workers=4\"\n  \"--max-requests=1200\"\n  \"--max-requests-jitter=50\"\n  \"--log-level=info\"\n]"}, "loc": ["services", "pretalx", "gunicorn", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pretalx.nginx.domain": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "description": "The domain name under which to set up the virtual host.\n", "example": {"_type": "literalExpression", "text": "\"talks.example.com\""}, "loc": ["services", "pretalx", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.pretalx.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set up an nginx virtual host.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretalx", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.pretalx.package": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pretalx"}, "description": "The pretalx package to use.", "loc": ["services", "pretalx", "package"], "readOnly": false, "type": "package"}, "services.pretalx.plugins": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Pretalx plugins to install into the Python environment.\n", "example": {"_type": "literalExpression", "text": "with config.services.pretalx.package.plugins; [\n  pages\n  youtube\n];\n"}, "loc": ["services", "pretalx", "plugins"], "readOnly": false, "type": "list of package"}, "services.pretalx.settings": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "pretalx configuration as a Nix attribute set. All settings can also be passed\nfrom the environment.\n\nSee <https://docs.pretalx.org/administrator/configure.html> for possible options.\n", "loc": ["services", "pretalx", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.pretalx.settings.celery.backend": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "optionalString config.services.pretalx.celery.enable \"redis+socket://${config.services.redis.servers.pretalx.unixSocket}?virtual_host=1\"\n"}, "description": "URI to the celery backend used for the asynchronous job queue.\n", "loc": ["services", "pretalx", "settings", "celery", "backend"], "readOnly": false, "type": "null or string"}, "services.pretalx.settings.celery.broker": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "optionalString config.services.pretalx.celery.enable \"redis+socket://${config.services.redis.servers.pretalx.unixSocket}?virtual_host=2\"\n"}, "description": "URI to the celery broker used for the asynchronous job queue.\n", "loc": ["services", "pretalx", "settings", "celery", "broker"], "readOnly": false, "type": "null or string"}, "services.pretalx.settings.database.backend": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql\""}, "description": "Database backend to use.\n\nCurrently only PostgreSQL gets tested, and as such we don't support any other DBMS.\n", "loc": ["services", "pretalx", "settings", "database", "backend"], "readOnly": true, "type": "value \"postgresql\" (singular enum)"}, "services.pretalx.settings.database.host": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "if config.services.pretalx.settings..database.backend == \"postgresql\" then \"/run/postgresql\"\nelse if config.services.pretalx.settings.database.backend == \"mysql\" then \"/run/mysqld/mysqld.sock\"\nelse null\n"}, "description": "Database host or socket path.\n", "loc": ["services", "pretalx", "settings", "database", "host"], "readOnly": false, "type": "null or absolute path"}, "services.pretalx.settings.database.name": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"pretalx\""}, "description": "Database name.\n", "loc": ["services", "pretalx", "settings", "database", "name"], "readOnly": false, "type": "string"}, "services.pretalx.settings.database.user": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"pretalx\""}, "description": "Database username.\n", "loc": ["services", "pretalx", "settings", "database", "user"], "readOnly": false, "type": "string"}, "services.pretalx.settings.files.upload_limit": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Maximum file upload size in MiB.\n", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["services", "pretalx", "settings", "files", "upload_limit"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.pretalx.settings.filesystem.data": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pretalx\""}, "description": "Base path for all other storage paths.\n", "loc": ["services", "pretalx", "settings", "filesystem", "data"], "readOnly": false, "type": "absolute path"}, "services.pretalx.settings.filesystem.logs": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/pretalx\""}, "description": "Path to the log directory, that pretalx logs message to.\n", "loc": ["services", "pretalx", "settings", "filesystem", "logs"], "readOnly": false, "type": "absolute path"}, "services.pretalx.settings.filesystem.static": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"\\${config.services.pretalx.finalPackage.static}/\""}, "description": "Path to the directory that contains static files.\n", "loc": ["services", "pretalx", "settings", "filesystem", "static"], "readOnly": true, "type": "absolute path"}, "services.pretalx.settings.redis.location": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"unix://${config.services.redis.servers.pretalx.unixSocket}?db=0\"\n"}, "description": "URI to the redis server, used to speed up locking, caching and session storage.\n", "loc": ["services", "pretalx", "settings", "redis", "location"], "readOnly": false, "type": "null or string"}, "services.pretalx.settings.redis.session": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use redis as the session storage.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretalx", "settings", "redis", "session"], "readOnly": false, "type": "boolean"}, "services.pretalx.settings.site.url": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "https://${config.services.pretalx.nginx.domain}"}, "description": "The base URI below which your pretalx instance will be reachable.\n", "example": {"_type": "literalExpression", "text": "\"https://talks.example.com\""}, "loc": ["services", "pretalx", "settings", "site", "url"], "readOnly": false, "type": "string"}, "services.pretalx.user": {"declarations": ["nixos/modules/services/web-apps/pretalx.nix"], "default": {"_type": "literalExpression", "text": "\"pretalx\""}, "description": "User under which pretalx should run.", "loc": ["services", "pretalx", "user"], "readOnly": false, "type": "string"}, "services.pretix.celery.extraArgs": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to celery.\n\nSee <https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker> for more info.\n", "loc": ["services", "pretix", "celery", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pretix.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically set up the database on the local DBMS instance.\n\nOnly supported for PostgreSQL. Not required for sqlite.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretix", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.pretix.enable": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pretix, a ticket shop application for conferences, festivals, concerts, etc.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pretix", "enable"], "readOnly": false, "type": "boolean"}, "services.pretix.environmentFile": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to pass secret configuration values.\n\nEach line must follow the `PRETIX_SECTION_KEY=value` pattern.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/pretix-secrets.env\""}, "loc": ["services", "pretix", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.pretix.group": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"pretix\""}, "description": "Group under which pretix should run.\n", "loc": ["services", "pretix", "group"], "readOnly": false, "type": "string"}, "services.pretix.gunicorn.extraArgs": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--name=pretix\"\n]"}, "description": "Extra arguments to pass to gunicorn.\nSee <https://docs.pretix.eu/en/latest/admin/installation/manual_smallscale.html#start-pretix-as-a-service> for details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--name=pretix\"\n  \"--workers=4\"\n  \"--max-requests=1200\"\n  \"--max-requests-jitter=50\"\n  \"--log-level=info\"\n]"}, "loc": ["services", "pretix", "gunicorn", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pretix.nginx.domain": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "description": "The domain name under which to set up the virtual host.\n", "example": {"_type": "literalExpression", "text": "\"talks.example.com\""}, "loc": ["services", "pretix", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.pretix.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to set up an nginx virtual host.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretix", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.pretix.package": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pretix"}, "description": "The pretix package to use.", "loc": ["services", "pretix", "package"], "readOnly": false, "type": "package"}, "services.pretix.plugins": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Pretix plugins to install into the Python environment.\n", "example": {"_type": "literalExpression", "text": "with config.services.pretix.package.plugins; [\n  passbook\n  pages\n];\n"}, "loc": ["services", "pretix", "plugins"], "readOnly": false, "type": "list of package"}, "services.pretix.settings": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "pretix configuration as a Nix attribute set. All settings can also be passed\nfrom the environment.\n\nSee <https://docs.pretix.eu/en/latest/admin/config.html> for possible options.\n", "loc": ["services", "pretix", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.pretix.settings.celery.backend": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "redis+socket://${config.services.redis.servers.pretix.unixSocket}?virtual_host=1\n"}, "description": "URI to the celery backend used for the asynchronous job queue.\n", "loc": ["services", "pretix", "settings", "celery", "backend"], "readOnly": false, "type": "string"}, "services.pretix.settings.celery.broker": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "redis+socket://${config.services.redis.servers.pretix.unixSocket}?virtual_host=2\n"}, "description": "URI to the celery broker used for the asynchronous job queue.\n", "loc": ["services", "pretix", "settings", "celery", "broker"], "readOnly": false, "type": "string"}, "services.pretix.settings.database.backend": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"postgresql\""}, "description": "Database backend to use.\n\nOnly postgresql is recommended for production setups.\n", "loc": ["services", "pretix", "settings", "database", "backend"], "readOnly": false, "type": "one of \"sqlite3\", \"postgresql\""}, "services.pretix.settings.database.host": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "if config.services.pretix.settings..database.backend == \"postgresql\" then \"/run/postgresql\"\nelse null\n"}, "description": "Database host or socket path.\n", "loc": ["services", "pretix", "settings", "database", "host"], "readOnly": false, "type": "null or string"}, "services.pretix.settings.database.name": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"pretix\""}, "description": "Database name.\n", "loc": ["services", "pretix", "settings", "database", "name"], "readOnly": false, "type": "string"}, "services.pretix.settings.database.user": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"pretix\""}, "description": "Database username.\n", "loc": ["services", "pretix", "settings", "database", "user"], "readOnly": false, "type": "string"}, "services.pretix.settings.mail.from": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "description": "E-Mail address used in the `FROM` header of outgoing mails.\n", "example": {"_type": "literalExpression", "text": "\"tickets@example.com\""}, "loc": ["services", "pretix", "settings", "mail", "from"], "readOnly": false, "type": "string"}, "services.pretix.settings.mail.host": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname of the SMTP server use for mail delivery.\n", "example": {"_type": "literalExpression", "text": "\"mail.example.com\""}, "loc": ["services", "pretix", "settings", "mail", "host"], "readOnly": false, "type": "string"}, "services.pretix.settings.mail.port": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "25"}, "description": "Port of the SMTP server to use for mail delivery.\n", "example": {"_type": "literalExpression", "text": "587"}, "loc": ["services", "pretix", "settings", "mail", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pretix.settings.memcached.location": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The `host:port` combination or the path to the UNIX socket of a memcached instance.\n\nCan be used instead of Redis for caching.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:11211\""}, "loc": ["services", "pretix", "settings", "memcached", "location"], "readOnly": false, "type": "null or string"}, "services.pretix.settings.pretix.cachedir": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/pretix\""}, "description": "Directory for storing temporary files.\n", "loc": ["services", "pretix", "settings", "pretix", "cachedir"], "readOnly": false, "type": "absolute path"}, "services.pretix.settings.pretix.currency": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"EUR\""}, "description": "Default currency for events in its ISO 4217 three-letter code.\n", "example": {"_type": "literalExpression", "text": "\"USD\""}, "loc": ["services", "pretix", "settings", "pretix", "currency"], "readOnly": false, "type": "string"}, "services.pretix.settings.pretix.datadir": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pretix\""}, "description": "Directory for storing user uploads and similar data.\n", "loc": ["services", "pretix", "settings", "pretix", "datadir"], "readOnly": false, "type": "absolute path"}, "services.pretix.settings.pretix.instance_name": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "description": "The name of this installation.\n", "example": {"_type": "literalExpression", "text": "\"tickets.example.com\""}, "loc": ["services", "pretix", "settings", "pretix", "instance_name"], "readOnly": false, "type": "string"}, "services.pretix.settings.pretix.logdir": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/pretix\""}, "description": "Directory for storing log files.\n", "loc": ["services", "pretix", "settings", "pretix", "logdir"], "readOnly": false, "type": "absolute path"}, "services.pretix.settings.pretix.registration": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow registration of new admin users.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pretix", "settings", "pretix", "registration"], "readOnly": false, "type": "boolean"}, "services.pretix.settings.pretix.url": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "description": "The installation\u2019s full URL, without a trailing slash.\n", "example": {"_type": "literalExpression", "text": "\"https://tickets.example.com\""}, "loc": ["services", "pretix", "settings", "pretix", "url"], "readOnly": false, "type": "string"}, "services.pretix.settings.redis.location": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"unix://${config.services.redis.servers.pretix.unixSocket}?db=0\"\n"}, "description": "URI to the redis server, used to speed up locking, caching and session storage.\n", "loc": ["services", "pretix", "settings", "redis", "location"], "readOnly": false, "type": "null or string"}, "services.pretix.settings.redis.sessions": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use redis as the session storage.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "pretix", "settings", "redis", "sessions"], "readOnly": false, "type": "boolean"}, "services.pretix.settings.tools.pdftk": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "lib.getExe pkgs.pdftk\n"}, "description": "Path to the pdftk executable.\n", "loc": ["services", "pretix", "settings", "tools", "pdftk"], "readOnly": false, "type": "absolute path"}, "services.pretix.user": {"declarations": ["nixos/modules/services/web-apps/pretix.nix"], "default": {"_type": "literalExpression", "text": "\"pretix\""}, "description": "User under which pretix should run.\n", "loc": ["services", "pretix", "user"], "readOnly": false, "type": "string"}, "services.printing.allowFrom": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"localhost\"\n]"}, "description": "From which hosts to allow unconditional access.\n", "example": {"_type": "literalExpression", "text": "[\n  \"all\"\n]"}, "loc": ["services", "printing", "allowFrom"], "readOnly": false, "type": "list of string"}, "services.printing.browsed.enable": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "config.services.avahi.enable"}, "description": "Whether to enable the CUPS Remote Printer Discovery (browsed) daemon.\n", "loc": ["services", "printing", "browsed", "enable"], "readOnly": false, "type": "boolean"}, "services.printing.browsed.package": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cups-browsed"}, "description": "The cups-browsed package to use.", "loc": ["services", "printing", "browsed", "package"], "readOnly": false, "type": "package"}, "services.printing.browsedConf": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The contents of the configuration. file of the CUPS Browsed daemon\n({file}`cups-browsed.conf`)\n", "example": {"_type": "literalExpression", "text": "''\n  BrowsePoll cups.example.com\n''"}, "loc": ["services", "printing", "browsedConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.printing.browsing": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies whether shared printers are advertised.\n", "loc": ["services", "printing", "browsing"], "readOnly": false, "type": "boolean"}, "services.printing.clientConf": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The contents of the client configuration.\n({file}`client.conf`)\n", "example": {"_type": "literalExpression", "text": "''\n  ServerName server.example.com\n  Encryption Never\n''"}, "loc": ["services", "printing", "clientConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.printing.cups-pdf.enable": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the cups-pdf virtual pdf printer backend.\nBy default, this will install a single printer `pdf`.\nbut this can be changed/extended with {option}`services.printing.cups-pdf.instances`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "printing", "cups-pdf", "enable"], "readOnly": false, "type": "boolean"}, "services.printing.cups-pdf.instances": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "{\n  pdf = { };\n}"}, "description": "Permits to raise one or more cups-pdf instances.\nEach instance is named by an attribute name, and the attribute's values control the instance' configuration.\n", "example": {"_type": "literalExpression", "text": "{\n  pdf = {\n    settings = {\n      Out = \"\\${HOME}/cups-pdf\";\n      UserUMask = \"0033\";\n    };\n  };\n}"}, "loc": ["services", "printing", "cups-pdf", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.printing.cups-pdf.instances.<name>.confFileText": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "description": "This will contain the contents of {file}`cups-pdf.conf` for this instance, derived from {option}`settings`.\nYou can use this option to append text to the file.\n", "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "confFileText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.printing.cups-pdf.instances.<name>.enable": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this cups-pdf instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.printing.cups-pdf.instances.<name>.installPrinter": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable a CUPS printer queue for this instance.\nThe queue will be named after the instance and will use the {file}`CUPS-PDF_opt.ppd` ppd file.\nIf this is disabled, you need to add the queue yourself to use the instance\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "installPrinter"], "readOnly": false, "type": "boolean"}, "services.printing.cups-pdf.instances.<name>.settings": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package.\nThe key value pairs declared here will be translated into proper key value pairs for {file}`cups-pdf.conf`.\nSetting a value to `null` disables the option and removes it from the file.\n", "example": {"_type": "literalExpression", "text": "{\n  Out = \"\\${HOME}/cups-pdf\";\n  UserUMask = \"0033\";\n}"}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or signed integer or string or absolute path or package)"}, "services.printing.cups-pdf.instances.<name>.settings.AnonDirName": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/cups-pdf-{instance-name}/anonymous\""}, "description": "path for anonymously created PDF files", "example": {"_type": "literalExpression", "text": "\"/var/lib/cups-pdf\""}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "settings", "AnonDirName"], "readOnly": false, "type": "null or (optionally newline-terminated) single-line string"}, "services.printing.cups-pdf.instances.<name>.settings.Anonuser": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "User for anonymous PDF creation.\nAn empty string disables this feature.\n", "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "settings", "Anonuser"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.printing.cups-pdf.instances.<name>.settings.GhostScript": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "lib.getExe pkgs.ghostscript"}, "description": "location of GhostScript binary", "example": {"_type": "literalExpression", "text": "${pkgs.ghostscript}/bin/ps2pdf"}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "settings", "GhostScript"], "readOnly": false, "type": "null or absolute path"}, "services.printing.cups-pdf.instances.<name>.settings.Out": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/cups-pdf-{instance-name}/users/\\${USER}\""}, "description": "output directory;\n`${HOME}` will be expanded to the user's home directory,\n`${USER}` will be expanded to the user name.\n", "example": {"_type": "literalExpression", "text": "\"\\${HOME}/cups-pdf\""}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "settings", "Out"], "readOnly": false, "type": "null or (optionally newline-terminated) single-line string"}, "services.printing.cups-pdf.instances.<name>.settings.Spool": {"declarations": ["nixos/modules/services/printing/cups-pdf.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/cups-pdf-{instance-name}/spool\""}, "description": "spool directory", "example": {"_type": "literalExpression", "text": "\"/var/lib/cups-pdf\""}, "loc": ["services", "printing", "cups-pdf", "instances", "<name>", "settings", "Spool"], "readOnly": false, "type": "null or (optionally newline-terminated) single-line string"}, "services.printing.defaultShared": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies whether local printers are shared by default.\n", "loc": ["services", "printing", "defaultShared"], "readOnly": false, "type": "boolean"}, "services.printing.drivers": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "CUPS drivers to use. Drivers provided by CUPS, cups-filters,\nGhostscript and Samba are added unconditionally. If this list contains\nGutenprint (i.e. a derivation with\n`meta.isGutenprint = true`) the PPD files in\n{file}`/var/lib/cups/ppd` will be updated automatically\nto avoid errors due to incompatible versions.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ gutenprint hplip splix ]"}, "loc": ["services", "printing", "drivers"], "readOnly": false, "type": "list of absolute path"}, "services.printing.enable": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable printing support through the CUPS daemon.\n", "loc": ["services", "printing", "enable"], "readOnly": false, "type": "boolean"}, "services.printing.extraConf": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents of the configuration file of the CUPS daemon\n({file}`cupsd.conf`).\n", "example": {"_type": "literalExpression", "text": "''\n  BrowsePoll cups.example.com\n  MaxCopies 42\n''"}, "loc": ["services", "printing", "extraConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.printing.extraFilesConf": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents of the configuration file of the CUPS daemon\n({file}`cups-files.conf`).\n", "loc": ["services", "printing", "extraFilesConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.printing.listenAddresses": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"localhost:631\"\n]"}, "description": "A list of addresses and ports on which to listen.\n", "example": {"_type": "literalExpression", "text": "[\n  \"*:631\"\n]"}, "loc": ["services", "printing", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.printing.logLevel": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Specifies the cupsd logging verbosity.\n", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "printing", "logLevel"], "readOnly": false, "type": "string"}, "services.printing.openFirewall": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for TCP ports specified in\nlistenAddresses option.\n", "loc": ["services", "printing", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.printing.package": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cups"}, "description": "The cups package to use.", "loc": ["services", "printing", "package"], "readOnly": false, "type": "package"}, "services.printing.snmpConf": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "''\n  Address @LOCAL\n''"}, "description": "The contents of {file}`/etc/cups/snmp.conf`. See \"man\ncups-snmp.conf\" for a complete description.\n", "loc": ["services", "printing", "snmpConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.printing.startWhenNeeded": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set, CUPS is socket-activated; that is,\ninstead of having it permanently running as a daemon,\nsystemd will start it on the first incoming connection.\n", "loc": ["services", "printing", "startWhenNeeded"], "readOnly": false, "type": "boolean"}, "services.printing.stateless": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, all state directories relating to CUPS will be removed on\nstartup of the service.\n", "loc": ["services", "printing", "stateless"], "readOnly": false, "type": "boolean"}, "services.printing.tempDir": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "\"/tmp\""}, "description": "CUPSd temporary directory.\n", "example": {"_type": "literalExpression", "text": "\"/tmp/cups\""}, "loc": ["services", "printing", "tempDir"], "readOnly": false, "type": "absolute path"}, "services.printing.webInterface": {"declarations": ["nixos/modules/services/printing/cupsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Specifies whether the web interface is enabled.\n", "loc": ["services", "printing", "webInterface"], "readOnly": false, "type": "boolean"}, "services.privatebin.dataDir": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/privatebin\""}, "description": "The place where privatebin stores its state.\n", "loc": ["services", "privatebin", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.privatebin.enable": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Privatebin: A minimalist, open source online\n      pastebin where the server has zero knowledge of pasted data..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "privatebin", "enable"], "readOnly": false, "type": "boolean"}, "services.privatebin.enableNginx": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx or not. If enabled, an nginx virtual host will\nbe created for access to privatebin. If not enabled, then you may use\n`${config.services.privatebin.package}` as your document root in\nwhichever webserver you wish to setup.\n", "loc": ["services", "privatebin", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.privatebin.group": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "if config.services.privatebin.enableNginx then \"nginx\" else \"privatebin\""}, "description": "Group under which privatebin runs. It is best to set this to the group\nof whatever webserver is being used as the frontend.\n", "loc": ["services", "privatebin", "group"], "readOnly": false, "type": "string"}, "services.privatebin.package": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.privatebin"}, "description": "The privatebin package to use.", "loc": ["services", "privatebin", "package"], "readOnly": false, "type": "package"}, "services.privatebin.poolConfig": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"pm\" = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.start_servers\" = 2;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.max_requests\" = 500;\n}\n"}, "description": "Options for the PrivateBin PHP pool. See the documentation on <literal>php-fpm.conf</literal>\nfor details on configuration directives.\n", "loc": ["services", "privatebin", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.privatebin.settings": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for privatebin configuration. Refer to\n<https://github.com/PrivateBin/PrivateBin/wiki/Configuration> for\ndetails on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    name = \"NixOS Based Privatebin\";\n    discussion = false;\n    defaultformatter = \"plalib.types.intext\";\n    qrcode = true\n  };\n  model.class = \"Filesystem\";\n  model_options.dir = \"/var/lib/privatebin/data\";\n}\n"}, "loc": ["services", "privatebin", "settings"], "readOnly": false, "type": "open submodule of attribute set of anything"}, "services.privatebin.user": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "\"privatebin\""}, "description": "User account under which privatebin runs.", "loc": ["services", "privatebin", "user"], "readOnly": false, "type": "string"}, "services.privatebin.virtualHost": {"declarations": ["nixos/modules/services/web-apps/privatebin.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The hostname at which you wish privatebin to be served. If you have\nenabled nginx using `services.privatebin.enableNginx` then this will\nbe used.\n", "loc": ["services", "privatebin", "virtualHost"], "readOnly": false, "type": "string"}, "services.privoxy.certsLifetime": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "\"10d\""}, "description": "If `inspectHttps` is enabled, the time generated HTTPS\ncertificates will be stored in a temporary directory for reuse. Once\nthe lifetime has expired the directory will cleared and the certificate\nwill have to be generated again, on-demand.\n\nDepending on the traffic, you may want to reduce the lifetime to limit\nthe disk usage, since Privoxy itself never deletes the certificates.\n\n::: {.note}\nThe format is that of the {manpage}`tmpfiles.d(5)`\nAge parameter.\n:::\n", "example": {"_type": "literalExpression", "text": "\"12h\""}, "loc": ["services", "privoxy", "certsLifetime"], "readOnly": false, "type": "tmpfiles.d(5) age format"}, "services.privoxy.enable": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Privoxy, non-caching filtering proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "privoxy", "enable"], "readOnly": false, "type": "boolean"}, "services.privoxy.enableTor": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure Privoxy to use Tor's faster SOCKS port,\nsuitable for HTTP.\n", "loc": ["services", "privoxy", "enableTor"], "readOnly": false, "type": "boolean"}, "services.privoxy.inspectHttps": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure Privoxy to inspect HTTPS requests, meaning all\nencrypted traffic will be filtered as well. This works by decrypting\nand re-encrypting the requests using a per-domain generated certificate.\n\nTo issue per-domain certificates, Privoxy must be provided with a CA\ncertificate, using the `ca-cert-file`,\n`ca-key-file` settings.\n\n::: {.warning}\nThe CA certificate must also be added to the system trust roots,\notherwise browsers will reject all Privoxy certificates as invalid.\nYou can do so by using the option\n{option}`security.pki.certificateFiles`.\n:::\n", "loc": ["services", "privoxy", "inspectHttps"], "readOnly": false, "type": "boolean"}, "services.privoxy.settings": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option is mapped to the main Privoxy configuration file.\nCheck out the Privoxy user manual at\n<https://www.privoxy.org/user-manual/config.html>\nfor available settings and documentation.\n\n::: {.note}\nRepeated settings can be represented by using a list.\n:::\n", "example": {"_type": "literalExpression", "text": "{ # Listen on IPv6 only\n  listen-address = \"[::]:8118\";\n\n  # Forward .onion requests to Tor\n  forward-socks5 = \".onion localhost:9050 .\";\n\n  # Log redirects and filters\n  debug = [ 128 64 ];\n  # This is equivalent to writing these lines\n  # in the Privoxy configuration file:\n  # debug 128\n  # debug 64\n}\n"}, "loc": ["services", "privoxy", "settings"], "readOnly": false, "type": "open submodule of privoxy configuration type. The format consists of an attribute\nset of settings. Each setting can be either a value (integer, string,\nboolean or path) or a list of such values.\n"}, "services.privoxy.settings.actionsfile": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"match-all.action\"\n  \"default.action\"\n]"}, "description": "List of paths to Privoxy action files. These paths may either be\nabsolute or relative to the privoxy configuration directory.\n", "loc": ["services", "privoxy", "settings", "actionsfile"], "readOnly": false, "type": "list of string"}, "services.privoxy.settings.enable-edit-actions": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the web-based actions file editor may be used.", "loc": ["services", "privoxy", "settings", "enable-edit-actions"], "readOnly": false, "type": "boolean"}, "services.privoxy.settings.filterfile": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"default.filter\"\n]"}, "description": "List of paths to Privoxy filter files. These paths may either be\nabsolute or relative to the privoxy configuration directory.\n", "loc": ["services", "privoxy", "settings", "filterfile"], "readOnly": false, "type": "list of string"}, "services.privoxy.settings.listen-address": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8118\""}, "description": "Pair of address:port the proxy server is listening to.", "loc": ["services", "privoxy", "settings", "listen-address"], "readOnly": false, "type": "string or list of string"}, "services.privoxy.userActions": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Actions to be included in a `user.action` file. This\nwill have a higher priority and can be used to override all other\nactions.\n", "loc": ["services", "privoxy", "userActions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.privoxy.userFilters": {"declarations": ["nixos/modules/services/networking/privoxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Filters to be included in a `user.filter` file. This\nwill have a higher priority and can be used to override all other\nfilters definitions.\n", "loc": ["services", "privoxy", "userFilters"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.prometheus.alertmanager-ntfy.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable alertmanager-ntfy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "alertmanager-ntfy", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanager-ntfy.extraConfigFiles": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Config files to merge into the settings defined in [](#opt-services.prometheus.alertmanager-ntfy.settings).\nThis is useful to avoid putting secrets into the Nix store.\nSee <https://github.com/alexbakker/alertmanager-ntfy> for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/alertmanager-ntfy.yml\"\n]"}, "loc": ["services", "prometheus", "alertmanager-ntfy", "extraConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "services.prometheus.alertmanager-ntfy.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.alertmanager-ntfy"}, "description": "The alertmanager-ntfy package to use.", "loc": ["services", "prometheus", "alertmanager-ntfy", "package"], "readOnly": false, "type": "package"}, "services.prometheus.alertmanager-ntfy.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of alertmanager-ntfy.\nSee <https://github.com/alexbakker/alertmanager-ntfy> for more information.\n", "loc": ["services", "prometheus", "alertmanager-ntfy", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.prometheus.alertmanager-ntfy.settings.http.addr": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "description": "The address to listen on.", "example": {"_type": "literalExpression", "text": "\":8000\""}, "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "http", "addr"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.baseurl": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "description": "The base URL of the ntfy.sh instance.", "example": {"_type": "literalExpression", "text": "\"https://ntfy.sh\""}, "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "baseurl"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.priority": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "\"status == \\\"firing\\\" ? \\\"high\\\" : \\\"default\\\"\""}, "description": "The ntfy.sh message priority (see <https://docs.ntfy.sh/publish/#message-priority> for more information).\nCan either be a hardcoded string or a gval expression that evaluates to a string.\n", "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "priority"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    condition = \"status == \\\"resolved\\\"\";\n    tag = \"green_circle\";\n  }\n  {\n    condition = \"status == \\\"firing\\\"\";\n    tag = \"red_circle\";\n  }\n]"}, "description": "Tags to add to ntfy.sh messages.\nSee <https://docs.ntfy.sh/publish/#tags-emojis> for more information.\n", "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "tags"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags.*.condition": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The condition under which this tag should be added.\nTags with no condition are always included.\n", "example": {"_type": "literalExpression", "text": "\"status == \\\"firing\\\"\""}, "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "tags", "*", "condition"], "readOnly": false, "type": "null or string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags.*.tag": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "description": "The tag to add.\nSee <https://docs.ntfy.sh/emojis> for a list of all supported emojis.\n", "example": {"_type": "literalExpression", "text": "\"rotating_light\""}, "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "tags", "*", "tag"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.templates.description": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "''\n  {{ index .Annotations \"description\" }}\n''"}, "description": "The ntfy.sh message description template.", "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "templates", "description"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.templates.title": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "default": {"_type": "literalExpression", "text": "''\n  {{ if eq .Status \"resolved\" }}Resolved: {{ end }}{{ index .Annotations \"summary\" }}\n''"}, "description": "The ntfy.sh message title template.", "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "templates", "title"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager-ntfy.settings.ntfy.notification.topic": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-ntfy.nix"], "description": "__Note:__ when using ntfy.sh and other public instances\nit is recommended to set this option to an empty string and set the actual topic via\n[](#opt-services.prometheus.alertmanager-ntfy.extraConfigFiles) since\nthe `topic` in `ntfy.sh` is essentially a password.\n\nThe topic to which alerts should be published.\nCan either be a hardcoded string or a gval expression that evaluates to a string.\n", "example": {"_type": "literalExpression", "text": "\"alertmanager\""}, "loc": ["services", "prometheus", "alertmanager-ntfy", "settings", "ntfy", "notification", "topic"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager.checkConfig": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check configuration with `amtool check-config`. The call to `amtool` is\nsubject to sandboxing by Nix.\n\nIf you use credentials stored in external files\n(`environmentFile`, etc),\nthey will not be visible to `amtool`\nand it will report errors, despite a correct configuration.\n", "loc": ["services", "prometheus", "alertmanager", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanager.clusterPeers": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Initial peers for HA cluster.\n", "loc": ["services", "prometheus", "alertmanager", "clusterPeers"], "readOnly": false, "type": "list of string"}, "services.prometheus.alertmanager.configText": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alertmanager configuration as YAML text. If non-null, this option\ndefines the text that is written to alertmanager.yml. If null, the\ncontents of alertmanager.yml is generated from the structured config\noptions.\n\nThe contents of the resulting config file are processed using envsubst.\n`$` needs to be escaped as `$$` to be preserved.\n", "loc": ["services", "prometheus", "alertmanager", "configText"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.alertmanager.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alertmanager configuration as nix attribute set.\n\nThe contents of the resulting config file are processed using envsubst.\n`$` needs to be escaped as `$$` to be preserved.\n", "loc": ["services", "prometheus", "alertmanager", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.alertmanager.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Prometheus Alertmanager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "alertmanager", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanager.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to load as environment file. Environment variables\nfrom this file will be interpolated into the config file\nusing envsubst with this syntax:\n`$ENVIRONMENT ${VARIABLE}`\n", "example": {"_type": "literalExpression", "text": "\"/root/alertmanager.env\""}, "loc": ["services", "prometheus", "alertmanager", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.alertmanager.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options when launching the Alertmanager.\n", "loc": ["services", "prometheus", "alertmanager", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.alertmanager.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address to listen on for the web interface and API. Empty string will listen on all interfaces.\n\"localhost\" will listen on 127.0.0.1 (but not ::1).\n", "loc": ["services", "prometheus", "alertmanager", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanager.logFormat": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set use a syslog logger or JSON logging.\n", "loc": ["services", "prometheus", "alertmanager", "logFormat"], "readOnly": false, "type": "null or string"}, "services.prometheus.alertmanager.logLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "\"warn\""}, "description": "Only log messages with the given severity or above.\n", "loc": ["services", "prometheus", "alertmanager", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.prometheus.alertmanager.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "alertmanager", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanager.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-alertmanager"}, "description": "The prometheus-alertmanager package to use.", "loc": ["services", "prometheus", "alertmanager", "package"], "readOnly": false, "type": "package"}, "services.prometheus.alertmanager.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "9093"}, "description": "Port to listen on for the web interface and API.\n", "loc": ["services", "prometheus", "alertmanager", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.alertmanager.webExternalUrl": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy).\nUsed for generating relative and absolute links back to Alertmanager itself.\nIf the URL has a path portion, it will be used to prefix all HTTP endoints served by Alertmanager.\nIf omitted, relevant URL components will be derived automatically.\n", "loc": ["services", "prometheus", "alertmanager", "webExternalUrl"], "readOnly": false, "type": "null or string"}, "services.prometheus.alertmanagerGotify.bindAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address the server will listen on (bind address).", "loc": ["services", "prometheus", "alertmanagerGotify", "bindAddress"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.debug": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables extended logs for debugging purposes. Should be disabled in productive mode.", "loc": ["services", "prometheus", "alertmanagerGotify", "debug"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerGotify.defaultPriority": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The default priority for messages sent to gotify.", "loc": ["services", "prometheus", "alertmanagerGotify", "defaultPriority"], "readOnly": false, "type": "signed integer"}, "services.prometheus.alertmanagerGotify.dispatchErrors": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, alerts will be tried to dispatch with an error message regarding faulty templating or missing fields to help debugging.", "loc": ["services", "prometheus", "alertmanagerGotify", "dispatchErrors"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerGotify.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable alertmagager-gotify.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "alertmanagerGotify", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerGotify.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing additional config environment variables for alertmanager-gotify-bridge.\nThis is especially for secrets like GOTIFY_TOKEN and AUTH_PASSWORD.\n", "loc": ["services", "prometheus", "alertmanagerGotify", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.alertmanagerGotify.extendedDetails": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, alerts are presented in HTML format and include colorized status (FIR|RES), alert start time, and a link to the generator of the alert.", "loc": ["services", "prometheus", "alertmanagerGotify", "extendedDetails"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerGotify.gotifyEndpoint.host": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The hostname or ip your gotify endpoint is running.", "loc": ["services", "prometheus", "alertmanagerGotify", "gotifyEndpoint", "host"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.gotifyEndpoint.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "The port your gotify endpoint is running.", "loc": ["services", "prometheus", "alertmanagerGotify", "gotifyEndpoint", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.alertmanagerGotify.gotifyEndpoint.tls": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If your gotify endpoint uses https, leave this option set to default", "loc": ["services", "prometheus", "alertmanagerGotify", "gotifyEndpoint", "tls"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerGotify.messageAnnotation": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "description": "Annotation holding the alert message.", "loc": ["services", "prometheus", "alertmanagerGotify", "messageAnnotation"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.metrics.namespace": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"alertmanager-gotify-bridge\""}, "description": "The namescape of the metrics.", "loc": ["services", "prometheus", "alertmanagerGotify", "metrics", "namespace"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.metrics.path": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "The path under which the metrics will be exposed.", "loc": ["services", "prometheus", "alertmanagerGotify", "metrics", "path"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.metrics.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "description": "The username used to access your metrics.", "loc": ["services", "prometheus", "alertmanagerGotify", "metrics", "username"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens the bridge port in the firewall.", "loc": ["services", "prometheus", "alertmanagerGotify", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerGotify.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.alertmanager-gotify-bridge"}, "description": "The alertmanager-gotify-bridge package to use.", "loc": ["services", "prometheus", "alertmanagerGotify", "package"], "readOnly": false, "type": "package"}, "services.prometheus.alertmanagerGotify.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The local port the bridge is listening on.", "loc": ["services", "prometheus", "alertmanagerGotify", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.alertmanagerGotify.priorityAnnotation": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"priority\""}, "description": "Annotation holding the priority of the alert.", "loc": ["services", "prometheus", "alertmanagerGotify", "priorityAnnotation"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The time between sending a message and the timeout.", "loc": ["services", "prometheus", "alertmanagerGotify", "timeout"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.prometheus.alertmanagerGotify.titleAnnotation": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"summary\""}, "description": "Annotation holding the title of the alert", "loc": ["services", "prometheus", "alertmanagerGotify", "titleAnnotation"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerGotify.webhookPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-gotify-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"/gotify_webhook\""}, "description": "The URL path to handle requests on.", "loc": ["services", "prometheus", "alertmanagerGotify", "webhookPath"], "readOnly": false, "type": "string"}, "services.prometheus.alertmanagerIrcRelay.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Alertmanager IRC Relay.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "alertmanagerIrcRelay", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerIrcRelay.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options to pass to alertmanager-irc-relay.", "loc": ["services", "prometheus", "alertmanagerIrcRelay", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.alertmanagerIrcRelay.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix"], "default": {"_type": "literalExpression", "text": "pkgs.alertmanager-irc-relay"}, "description": "The alertmanager-irc-relay package to use.", "loc": ["services", "prometheus", "alertmanagerIrcRelay", "package"], "readOnly": false, "type": "package"}, "services.prometheus.alertmanagerIrcRelay.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix"], "description": "Configuration for Alertmanager IRC Relay as a Nix attribute set.\nFor a reference, check out the\n[example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot)\nand the\n[source code](https://github.com/google/alertmanager-irc-relay/blob/master/config.go).\n\nNote: The webhook's URL MUST point to the IRC channel where the message\nshould be posted. For `#mychannel` from the example, this would be\n`http://localhost:8080/mychannel`.\n", "example": {"_type": "literalExpression", "text": "{\n  http_host = \"localhost\";\n  http_port = 8000;\n\n  irc_host = \"irc.example.com\";\n  irc_port = 7000;\n  irc_nickname = \"myalertbot\";\n\n  irc_channels = [\n    { name = \"#mychannel\"; }\n  ];\n}\n"}, "loc": ["services", "prometheus", "alertmanagerIrcRelay", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.prometheus.alertmanagerNotificationQueueCapacity": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "10000"}, "description": "The capacity of the queue for pending alert manager notifications.\n", "loc": ["services", "prometheus", "alertmanagerNotificationQueueCapacity"], "readOnly": false, "type": "signed integer"}, "services.prometheus.alertmanagerWebhookLogger.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-webhook-logger.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Alertmanager Webhook Logger.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "alertmanagerWebhookLogger", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.alertmanagerWebhookLogger.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-webhook-logger.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options to pass to alertmanager-webhook-logger.", "loc": ["services", "prometheus", "alertmanagerWebhookLogger", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.alertmanagerWebhookLogger.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/alertmanager-webhook-logger.nix"], "default": {"_type": "literalExpression", "text": "pkgs.alertmanager-webhook-logger"}, "description": "The alertmanager-webhook-logger package to use.", "loc": ["services", "prometheus", "alertmanagerWebhookLogger", "package"], "readOnly": false, "type": "package"}, "services.prometheus.alertmanagers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of alertmanagers to send alerts to.\nSee [the official documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config) for more information.\n", "example": {"_type": "literalExpression", "text": "[ {\n  scheme = \"https\";\n  path_prefix = \"/alertmanager\";\n  static_configs = [ {\n    targets = [\n      \"prometheus.domain.tld\"\n    ];\n  } ];\n} ]\n"}, "loc": ["services", "prometheus", "alertmanagers"], "readOnly": false, "type": "list of (attribute set)"}, "services.prometheus.checkConfig": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check configuration with `promtool check`. The call to `promtool` is\nsubject to sandboxing by Nix.\n\nIf you use credentials stored in external files\n(`password_file`, `bearer_token_file`, etc),\nthey will not be visible to `promtool`\nand it will report errors, despite a correct configuration.\nTo resolve this, you may set this option to `\"syntax-only\"`\nin order to only syntax check the Prometheus configuration.\n", "example": {"_type": "literalExpression", "text": "\"syntax-only\""}, "loc": ["services", "prometheus", "checkConfig"], "readOnly": false, "type": "boolean or value \"syntax-only\" (singular enum)"}, "services.prometheus.configText": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If non-null, this option defines the text that is written to\nprometheus.yml. If null, the contents of prometheus.yml is generated\nfrom the structured config options.\n", "loc": ["services", "prometheus", "configText"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Prometheus monitoring daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.enableAgentMode": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable agent mode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "enableAgentMode"], "readOnly": false, "type": "boolean"}, "services.prometheus.enableReload": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reload prometheus when configuration file changes (instead of restart).\n\nThe following property holds: switching to a configuration\n(`switch-to-configuration`) that changes the prometheus\nconfiguration only finishes successfully when prometheus has finished\nloading the new configuration.\n", "loc": ["services", "prometheus", "enableReload"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Prometheus exporter configuration", "example": {"_type": "literalExpression", "text": "{\n  node = {\n    enable = true;\n    enabledCollectors = [ \"systemd\" ];\n  };\n  varnish.enable = true;\n}\n"}, "loc": ["services", "prometheus", "exporters"], "readOnly": false, "type": "submodule"}, "services.prometheus.exporters.apcupsd.apcupsdAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\":3551\""}, "description": "Address of the apcupsd Network Information Server (NIS).\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "apcupsdAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.apcupsd.apcupsdNetwork": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "Network of the apcupsd Network Information Server (NIS): one of \"tcp\", \"tcp4\", or \"tcp6\".\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "apcupsdNetwork"], "readOnly": false, "type": "one of \"tcp\", \"tcp4\", \"tcp6\""}, "services.prometheus.exporters.apcupsd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus apcupsd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "apcupsd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.apcupsd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the apcupsd exporter.\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.apcupsd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.apcupsd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9162\"\n"}, "loc": ["services", "prometheus", "exporters", "apcupsd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.apcupsd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.apcupsd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9162 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "apcupsd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.apcupsd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"apcupsd-exporter\""}, "description": "Group under which the apcupsd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.apcupsd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.apcupsd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.apcupsd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9162"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.apcupsd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"apcupsd-exporter\""}, "description": "User name under which the apcupsd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "apcupsd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.artiAccessToken": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Access token for authentication against JFrog Artifactory API.\nOne of the password or access token needs to be set.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "artiAccessToken"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.artiPassword": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Password for authentication against JFrog Artifactory API.\nOne of the password or access token needs to be set.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "artiPassword"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.artiUsername": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Username for authentication against JFrog Artifactory API.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "artiUsername"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus artifactory exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "artifactory", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.artifactory.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the artifactory exporter.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.artifactory.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.artifactory.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9531\"\n"}, "loc": ["services", "prometheus", "exporters", "artifactory", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.artifactory.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.artifactory.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9531 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "artifactory", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.artifactory.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"artifactory-exporter\""}, "description": "Group under which the artifactory exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.artifactory.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9531"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.artifactory.scrapeUri": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:8081/artifactory\""}, "description": "URI on which to scrape JFrog Artifactory.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "scrapeUri"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.artifactory.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"artifactory-exporter\""}, "description": "User name under which the artifactory exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "artifactory", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bind.bindGroups": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"server\"\n  \"view\"\n]"}, "description": "List of statistics to collect. Available: [server, view, tasks]\n", "loc": ["services", "prometheus", "exporters", "bind", "bindGroups"], "readOnly": false, "type": "list of (one of \"server\", \"view\", \"tasks\")"}, "services.prometheus.exporters.bind.bindTimeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"10s\""}, "description": "Timeout for trying to get stats from Bind.\n", "loc": ["services", "prometheus", "exporters", "bind", "bindTimeout"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bind.bindURI": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:8053/\""}, "description": "HTTP XML API address of an Bind server.\n", "loc": ["services", "prometheus", "exporters", "bind", "bindURI"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bind.bindVersion": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "BIND statistics version. Can be detected automatically.\n", "loc": ["services", "prometheus", "exporters", "bind", "bindVersion"], "readOnly": false, "type": "one of \"xml.v2\", \"xml.v3\", \"auto\""}, "services.prometheus.exporters.bind.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus bind exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "bind", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bind.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the bind exporter.\n", "loc": ["services", "prometheus", "exporters", "bind", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.bind.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.bind.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9119\"\n"}, "loc": ["services", "prometheus", "exporters", "bind", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.bind.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.bind.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9119 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "bind", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.bind.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bind-exporter\""}, "description": "Group under which the bind exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "bind", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bind.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "bind", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bind.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "bind", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bind.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9119"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "bind", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.bind.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bind-exporter\""}, "description": "User name under which the bind exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "bind", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bird.birdSocket": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/run/bird/bird.ctl\""}, "description": "Path to BIRD2 (or BIRD1 v4) socket.\n", "loc": ["services", "prometheus", "exporters", "bird", "birdSocket"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.bird.birdVersion": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Specifies whether BIRD1 or BIRD2 is in use.\n", "loc": ["services", "prometheus", "exporters", "bird", "birdVersion"], "readOnly": false, "type": "one of 1, 2"}, "services.prometheus.exporters.bird.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus bird exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "bird", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bird.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the bird exporter.\n", "loc": ["services", "prometheus", "exporters", "bird", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.bird.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.bird.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9324\"\n"}, "loc": ["services", "prometheus", "exporters", "bird", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.bird.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.bird.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9324 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "bird", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.bird.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bird-exporter\""}, "description": "Group under which the bird exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "bird", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bird.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "bird", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bird.newMetricFormat": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the new more-generic metric format.\n", "loc": ["services", "prometheus", "exporters", "bird", "newMetricFormat"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bird.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "bird", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bird.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9324"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "bird", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.bird.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bird-exporter\""}, "description": "User name under which the bird exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "bird", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bitcoin.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus bitcoin exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "bitcoin", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bitcoin.extraEnv": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables for the exporter.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.bitcoin.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the bitcoin exporter.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.bitcoin.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.bitcoin.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9332\"\n"}, "loc": ["services", "prometheus", "exporters", "bitcoin", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.bitcoin.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.bitcoin.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9332 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "bitcoin", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.bitcoin.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoin-exporter\""}, "description": "Group under which the bitcoin exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bitcoin.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bitcoin.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.bitcoin.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-bitcoin-exporter"}, "description": "The prometheus-bitcoin-exporter package to use.", "loc": ["services", "prometheus", "exporters", "bitcoin", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.bitcoin.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9332"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.bitcoin.refreshSeconds": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "How often to ask bitcoind for metrics.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "refreshSeconds"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.prometheus.exporters.bitcoin.rpcHost": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "RPC host.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "rpcHost"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bitcoin.rpcPasswordFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File containing RPC password.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "rpcPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.bitcoin.rpcPort": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "8332"}, "description": "RPC port number.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "rpcPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.bitcoin.rpcScheme": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "Whether to connect to bitcoind over http or https.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "rpcScheme"], "readOnly": false, "type": "one of \"http\", \"https\""}, "services.prometheus.exporters.bitcoin.rpcUser": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoinrpc\""}, "description": "RPC user name.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "rpcUser"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.bitcoin.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoin-exporter\""}, "description": "User name under which the bitcoin exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "bitcoin", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.blackbox.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to configuration file.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "configFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.blackbox.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus blackbox exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "blackbox", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.blackbox.enableConfigCheck": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run a correctness check for the configuration file. This depends\non the configuration file residing in the nix-store. Paths passed as string will\nbe copied to the store.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "enableConfigCheck"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.blackbox.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the blackbox exporter.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.blackbox.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.blackbox.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9115\"\n"}, "loc": ["services", "prometheus", "exporters", "blackbox", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.blackbox.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.blackbox.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9115 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "blackbox", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.blackbox.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"blackbox-exporter\""}, "description": "Group under which the blackbox exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.blackbox.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.blackbox.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.blackbox.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9115"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.blackbox.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"blackbox-exporter\""}, "description": "User name under which the blackbox exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "blackbox", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.borgmatic.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/borgmatic/config.yaml\""}, "description": "The path to the borgmatic config file\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "configFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.borgmatic.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus borgmatic exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "borgmatic", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.borgmatic.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the borgmatic exporter.\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.borgmatic.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.borgmatic.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9996\"\n"}, "loc": ["services", "prometheus", "exporters", "borgmatic", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.borgmatic.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.borgmatic.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9996 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "borgmatic", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.borgmatic.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"borgmatic-exporter\""}, "description": "Group under which the borgmatic exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.borgmatic.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.borgmatic.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.borgmatic.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9996"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.borgmatic.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"borgmatic-exporter\""}, "description": "User name under which the borgmatic exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "borgmatic", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.buildkite-agent.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus buildkite-agent exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "buildkite-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.buildkite-agent.endpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"https://agent.buildkite.com/v3\""}, "description": "The Buildkite Agent API endpoint.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "endpoint"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.buildkite-agent.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the buildkite-agent exporter.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.buildkite-agent.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.buildkite-agent.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9876\"\n"}, "loc": ["services", "prometheus", "exporters", "buildkite-agent", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.buildkite-agent.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.buildkite-agent.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9876 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "buildkite-agent", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.buildkite-agent.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"buildkite-agent-exporter\""}, "description": "Group under which the buildkite-agent exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.buildkite-agent.interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "How often to update metrics.\n", "example": {"_type": "literalExpression", "text": "\"1min\""}, "loc": ["services", "prometheus", "exporters", "buildkite-agent", "interval"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.buildkite-agent.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.buildkite-agent.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.buildkite-agent.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9876"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.buildkite-agent.queues": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Which specific queues to process.\n", "example": {"_type": "literalExpression", "text": "[ \"my-queue1\" \"my-queue2\" ]"}, "loc": ["services", "prometheus", "exporters", "buildkite-agent", "queues"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.exporters.buildkite-agent.tokenPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "The token from your Buildkite \"Agents\" page.\n\nA run-time path to the token file, which is supposed to be provisioned\noutside of Nix store.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "tokenPath"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.buildkite-agent.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"buildkite-agent-exporter\""}, "description": "User name under which the buildkite-agent exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "buildkite-agent", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.chrony.chronyServerAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"unix:///run/chrony/chronyd.sock\""}, "description": "ChronyServerAddress of the chrony server side command port. (Not enabled by default.)\nDefaults to the local unix socket.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.82.0.1:323\"\n]"}, "loc": ["services", "prometheus", "exporters", "chrony", "chronyServerAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.chrony.disabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to disable which are enabled by default.\nDisable sources.with-ntpdata for network scraper. Option requires unix socket.\n", "example": {"_type": "literalExpression", "text": "[\n  \"sources.with-ntpdata\"\n]"}, "loc": ["services", "prometheus", "exporters", "chrony", "disabledCollectors"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.chrony.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus chrony exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "chrony", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.chrony.enabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"tracking\"\n  \"sources\"\n  \"sources.with-ntpdata\"\n  \"serverstats\"\n  \"dns-lookups\"\n]"}, "description": "Collectors to enable.\nCurrently all collectors are enabled by default.\n", "example": {"_type": "literalExpression", "text": "[\n  \"dns-lookups\"\n]"}, "loc": ["services", "prometheus", "exporters", "chrony", "enabledCollectors"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.chrony.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the chrony exporter.\n", "loc": ["services", "prometheus", "exporters", "chrony", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.chrony.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.chrony.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9123\"\n"}, "loc": ["services", "prometheus", "exporters", "chrony", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.chrony.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.chrony.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9123 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "chrony", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.chrony.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"chrony\""}, "description": "Group under which the chrony exporter shall be run.\nThis allows the exporter to talk to chrony using a unix socket, which is owned by chrony group.\nThe service startup with the default group chrony will fail without local chrony instance.\n", "loc": ["services", "prometheus", "exporters", "chrony", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.chrony.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "chrony", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.chrony.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "chrony", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.chrony.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9123"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "chrony", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.chrony.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"chrony\""}, "description": "User name under which the chrony exporter shall be run.\nThis allows the exporter to talk to chrony using a unix socket, which is owned by chrony.\nThe exporter startup with the default user chrony will fail without local chrony instance.\n", "loc": ["services", "prometheus", "exporters", "chrony", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.collectd.collectdBinary.authFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File mapping user names to pre-shared keys (passwords).", "loc": ["services", "prometheus", "exporters", "collectd", "collectdBinary", "authFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.collectd.collectdBinary.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable collectd binary protocol receiver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "collectd", "collectdBinary", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.collectd.collectdBinary.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on for binary network packets.\n", "loc": ["services", "prometheus", "exporters", "collectd", "collectdBinary", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.collectd.collectdBinary.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "25826"}, "description": "Network address on which to accept collectd binary network packets.", "loc": ["services", "prometheus", "exporters", "collectd", "collectdBinary", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.collectd.collectdBinary.securityLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"None\""}, "description": "Minimum required security level for accepted packets.\n", "loc": ["services", "prometheus", "exporters", "collectd", "collectdBinary", "securityLevel"], "readOnly": false, "type": "one of \"None\", \"Sign\", \"Encrypt\""}, "services.prometheus.exporters.collectd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus collectd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "collectd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.collectd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the collectd exporter.\n", "loc": ["services", "prometheus", "exporters", "collectd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.collectd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.collectd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9103\"\n"}, "loc": ["services", "prometheus", "exporters", "collectd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.collectd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.collectd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9103 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "collectd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.collectd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"collectd-exporter\""}, "description": "Group under which the collectd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "collectd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.collectd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "collectd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.collectd.logFormat": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"logfmt\""}, "description": "Set the log format.\n", "example": {"_type": "literalExpression", "text": "\"json\""}, "loc": ["services", "prometheus", "exporters", "collectd", "logFormat"], "readOnly": false, "type": "one of \"logfmt\", \"json\""}, "services.prometheus.exporters.collectd.logLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Only log messages with the given severity or above.\n", "loc": ["services", "prometheus", "exporters", "collectd", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.prometheus.exporters.collectd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "collectd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.collectd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9103"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "collectd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.collectd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"collectd-exporter\""}, "description": "User name under which the collectd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "collectd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.deluge.delugeHost": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname where deluge server is running.\n", "loc": ["services", "prometheus", "exporters", "deluge", "delugeHost"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.deluge.delugePassword": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password to connect to deluge server.\n\nThis stores the password unencrypted in the nix store and is thus considered unsafe. Prefer\nusing the delugePasswordFile option.\n", "loc": ["services", "prometheus", "exporters", "deluge", "delugePassword"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.deluge.delugePasswordFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password to connect to deluge server.\n", "loc": ["services", "prometheus", "exporters", "deluge", "delugePasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.deluge.delugePort": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "58846"}, "description": "Port where deluge server is listening.\n", "loc": ["services", "prometheus", "exporters", "deluge", "delugePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.deluge.delugeUser": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"localclient\""}, "description": "User to connect to deluge server.\n", "loc": ["services", "prometheus", "exporters", "deluge", "delugeUser"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.deluge.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus deluge exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "deluge", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.deluge.exportPerTorrentMetrics": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable per-torrent metrics.\n\nThis may significantly increase the number of time series depending on the number of\ntorrents in your Deluge instance.\n", "loc": ["services", "prometheus", "exporters", "deluge", "exportPerTorrentMetrics"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.deluge.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the deluge exporter.\n", "loc": ["services", "prometheus", "exporters", "deluge", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.deluge.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.deluge.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9354\"\n"}, "loc": ["services", "prometheus", "exporters", "deluge", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.deluge.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.deluge.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9354 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "deluge", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.deluge.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"deluge-exporter\""}, "description": "Group under which the deluge exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "deluge", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.deluge.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "deluge", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.deluge.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "deluge", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.deluge.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9354"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "deluge", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.deluge.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"deluge-exporter\""}, "description": "User name under which the deluge exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "deluge", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.debug": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to declare enable `--debug`.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "debug"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dmarc.deduplicationMaxSeconds": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"7 days (in seconds)\""}, "description": "How long individual report IDs will be remembered to avoid\ncounting double delivered reports twice.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "deduplicationMaxSeconds"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.prometheus.exporters.dmarc.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus dmarc exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "dmarc", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dmarc.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the dmarc exporter.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.dmarc.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.dmarc.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9797\"\n"}, "loc": ["services", "prometheus", "exporters", "dmarc", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.dmarc.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.dmarc.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9797 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "dmarc", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.dmarc.folders.done": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"Archive\""}, "description": "IMAP mailbox that successfully processed reports are moved to.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "folders", "done"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.folders.error": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"Invalid\""}, "description": "IMAP mailbox that emails are moved to that could not be processed.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "folders", "error"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.folders.inbox": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"INBOX\""}, "description": "IMAP mailbox that is checked for incoming DMARC aggregate reports\n", "loc": ["services", "prometheus", "exporters", "dmarc", "folders", "inbox"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dmarc-exporter\""}, "description": "Group under which the dmarc exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.imap.host": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname of IMAP server to connect to.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "imap", "host"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.imap.passwordFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File containing the login password for the IMAP connection.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/dovecot_pw\""}, "loc": ["services", "prometheus", "exporters", "dmarc", "imap", "passwordFile"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.imap.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "993"}, "description": "Port of the IMAP server to connect to.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "imap", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.dmarc.imap.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Login username for the IMAP connection.\n", "example": {"_type": "literalExpression", "text": "\"postmaster@example.org\""}, "loc": ["services", "prometheus", "exporters", "dmarc", "imap", "username"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dmarc.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dmarc.pollIntervalSeconds": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "How often to poll the IMAP server in seconds.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "pollIntervalSeconds"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.prometheus.exporters.dmarc.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9797"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.dmarc.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dmarc-exporter\""}, "description": "User name under which the dmarc exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dmarc", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dnsmasq.dnsmasqListenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:53\""}, "description": "Address on which dnsmasq listens.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "dnsmasqListenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dnsmasq.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus dnsmasq exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "dnsmasq", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dnsmasq.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the dnsmasq exporter.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.dnsmasq.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.dnsmasq.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9153\"\n"}, "loc": ["services", "prometheus", "exporters", "dnsmasq", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.dnsmasq.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.dnsmasq.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9153 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "dnsmasq", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.dnsmasq.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dnsmasq-exporter\""}, "description": "Group under which the dnsmasq exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dnsmasq.leasesPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/dnsmasq/dnsmasq.leases\""}, "description": "Path to the `dnsmasq.leases` file.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/misc/dnsmasq.leases\""}, "loc": ["services", "prometheus", "exporters", "dnsmasq", "leasesPath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.dnsmasq.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dnsmasq.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dnsmasq.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9153"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.dnsmasq.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dnsmasq-exporter\""}, "description": "User name under which the dnsmasq exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dnsmasq", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dnssec.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "dnssec exporter configuration as nix attribute set.\n\nSee <https://github.com/chrj/prometheus-dnssec-exporter/blob/master/README.md>\nfor the description of the configuration file format.\n", "example": {"_type": "literalExpression", "text": "{\n  records = [\n    {\n      zone = \"ietf.org\";\n      record = \"@\";\n      type = \"SOA\";\n    }\n    {\n      zone = \"verisigninc.com\";\n      record = \"@\";\n      type = \"SOA\";\n    }\n  ];\n}\n"}, "loc": ["services", "prometheus", "exporters", "dnssec", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.exporters.dnssec.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus dnssec exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "dnssec", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dnssec.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options when launching Prometheus.\n", "loc": ["services", "prometheus", "exporters", "dnssec", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.dnssec.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.dnssec.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9204\"\n"}, "loc": ["services", "prometheus", "exporters", "dnssec", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.dnssec.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.dnssec.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9204 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "dnssec", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.dnssec.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dnssec-exporter\""}, "description": "Group under which the dnssec exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dnssec", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dnssec.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen address as host IP and port definition.\n", "example": {"_type": "literalExpression", "text": "\":9204\""}, "loc": ["services", "prometheus", "exporters", "dnssec", "listenAddress"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.dnssec.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "dnssec", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dnssec.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9204"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "dnssec", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.dnssec.resolvers": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "DNSSEC capable resolver to be used for the check.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:53\"\n]"}, "loc": ["services", "prometheus", "exporters", "dnssec", "resolvers"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.dnssec.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "DNS request timeout duration.\n", "example": {"_type": "literalExpression", "text": "\"10s\""}, "loc": ["services", "prometheus", "exporters", "dnssec", "timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.dnssec.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dnssec-exporter\""}, "description": "User name under which the dnssec exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dnssec", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.domain.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus domain exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "domain", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.domain.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the domain exporter.\n", "loc": ["services", "prometheus", "exporters", "domain", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.domain.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.domain.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9222\"\n"}, "loc": ["services", "prometheus", "exporters", "domain", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.domain.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.domain.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9222 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "domain", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.domain.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"domain-exporter\""}, "description": "Group under which the domain exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "domain", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.domain.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "domain", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.domain.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "domain", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.domain.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9222"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "domain", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.domain.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"domain-exporter\""}, "description": "User name under which the domain exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "domain", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dovecot.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus dovecot exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "dovecot", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dovecot.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the dovecot exporter.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.dovecot.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.dovecot.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9166\"\n"}, "loc": ["services", "prometheus", "exporters", "dovecot", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.dovecot.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.dovecot.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9166 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "dovecot", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.dovecot.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dovecot-exporter\""}, "description": "Group under which the dovecot exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dovecot.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dovecot.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.dovecot.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9166"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.dovecot.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"user\"\n]"}, "description": "Stats scopes to query.\n", "example": {"_type": "literalExpression", "text": "[\n  \"user\"\n  \"global\"\n]"}, "loc": ["services", "prometheus", "exporters", "dovecot", "scopes"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.dovecot.socketPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/run/dovecot/stats\""}, "description": "Path under which the stats socket is placed.\nThe user/group under which the exporter runs,\nshould be able to access the socket in order\nto scrape the metrics successfully.\n\nPlease keep in mind that the stats module has changed in\n[Dovecot 2.3+](https://wiki2.dovecot.org/Upgrading/2.3) which\nis not [compatible with this exporter](https://github.com/kumina/dovecot_exporter/issues/8).\n\nThe following extra config has to be passed to Dovecot to ensure that recent versions\nwork with this exporter:\n```\n{\n  services.prometheus.exporters.dovecot.enable = true;\n  services.prometheus.exporters.dovecot.socketPath = \"/var/run/dovecot2/old-stats\";\n  services.dovecot2.mailPlugins.globally.enable = [ \"old_stats\" ];\n  services.dovecot2.extraConfig = ''\n    service old-stats {\n      unix_listener old-stats {\n        user = dovecot-exporter\n        group = dovecot-exporter\n        mode = 0660\n      }\n      fifo_listener old-stats-mail {\n        mode = 0660\n        user = dovecot\n        group = dovecot\n      }\n      fifo_listener old-stats-user {\n        mode = 0660\n        user = dovecot\n        group = dovecot\n      }\n    }\n    plugin {\n      old_stats_refresh = 30 secs\n      old_stats_track_cmds = yes\n    }\n  '';\n}\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/run/dovecot2/old-stats\""}, "loc": ["services", "prometheus", "exporters", "dovecot", "socketPath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.dovecot.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.dovecot.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"dovecot-exporter\""}, "description": "User name under which the dovecot exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "dovecot", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ebpf.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus ebpf exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "ebpf", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ebpf.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the ebpf exporter.\n", "loc": ["services", "prometheus", "exporters", "ebpf", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.ebpf.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.ebpf.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9435\"\n"}, "loc": ["services", "prometheus", "exporters", "ebpf", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.ebpf.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.ebpf.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9435 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "ebpf", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.ebpf.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ebpf-exporter\""}, "description": "Group under which the ebpf exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ebpf", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ebpf.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "ebpf", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ebpf.names": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of eBPF programs to load\n", "example": {"_type": "literalExpression", "text": "[\n  \"timers\"\n]"}, "loc": ["services", "prometheus", "exporters", "ebpf", "names"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.ebpf.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "ebpf", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ebpf.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9435"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "ebpf", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.ebpf.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ebpf-exporter\""}, "description": "User name under which the ebpf exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ebpf", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ecoflow.debug": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Enable debug log messages. Disabled by default. Set to \"1\" to enable.\n", "example": {"_type": "literalExpression", "text": "\"1\""}, "loc": ["services", "prometheus", "exporters", "ecoflow", "debug"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ecoflow.ecoflowAccessKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "/etc/ecoflow-access-key"}, "description": "Path to the file with your personal api access string from the Ecoflow development website <https://developer-eu.ecoflow.com>.\nDo to share or commit your plaintext scecrets to a public repo use: agenix or soaps.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "ecoflowAccessKeyFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.ecoflow.ecoflowDevicesFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "/etc/ecoflow-devices"}, "description": "File must contain one line, example: R3300000,R3400000,NC430000,....\nThe list of devices serial numbers separated by comma. For instance: SN1,SN2,SN3.\nInstead of \"devicesFile\" you can specify \"devicesPrettynamesFile\" which will also work. You can specify both.\nDo to share or commit your plaintext serial numbers to a public repo use: agenix or soaps.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "ecoflowDevicesFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.ecoflow.ecoflowDevicesPrettyNamesFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "/etc/ecoflow-devices-pretty-names"}, "description": "File must contain one line, example: {\"R3300000\":\"Delta 2\",\"R3400000\":\"Delta Pro\",...}\nThe key/value map of custom names for your devices. Key is a serial number, value is a device name you want\nto see in Grafana Dashboard. It's helpful to see a meaningful name in Grafana dashboard instead of a serialnumber.\nDo to share or commit your plaintext serial numbers to a public repo use: agenix or soaps.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "ecoflowDevicesPrettyNamesFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.ecoflow.ecoflowEmailFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "/etc/ecoflow-email"}, "description": "Path to the file with your personal ecoflow app login email address.\nDo to share or commit your plaintext scecrets to a public repo use: agenix or soaps.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "ecoflowEmailFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.ecoflow.ecoflowPasswordFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "/etc/ecoflow-password"}, "description": "Path to the file with your personal ecoflow app login email password.\nDo to share or commit your plaintext passwords to a public repo use: agenix or soaps here!\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "ecoflowPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.ecoflow.ecoflowSecretKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "/etc/ecoflow-secret-key"}, "description": "Path to the file with your personal api secret string from the Ecoflow development website <https://developer-eu.ecoflow.com>.\nDo to share or commit your plaintext scecrets to a public repo use: agenix or soaps.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "ecoflowSecretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.ecoflow.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus ecoflow exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "ecoflow", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ecoflow.exporterType": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rest\""}, "description": "The type of exporter you'd like to use.\nPossible values: \"rest\" and \"mqtt\". Default value is \"rest\".\nChoose \"rest\" for the ecoflow online cloud api use \"rest\" and define: accessKey, secretKey.\nChoose \"mqtt\" for the lan realtime integration use \"mqtt\" and define: email, password, devices.\n", "example": {"_type": "literalExpression", "text": "\"mqtt\""}, "loc": ["services", "prometheus", "exporters", "ecoflow", "exporterType"], "readOnly": false, "type": "one of \"rest\", \"mqtt\""}, "services.prometheus.exporters.ecoflow.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the ecoflow exporter.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.ecoflow.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.ecoflow.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 2112\"\n"}, "loc": ["services", "prometheus", "exporters", "ecoflow", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.ecoflow.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.ecoflow.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 2112 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "ecoflow", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.ecoflow.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ecoflow-exporter\""}, "description": "Group under which the ecoflow exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ecoflow.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ecoflow.mqttDeviceOfflineThreshold": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "The threshold in seconds which indicates how long we should wait for a metric message from MQTT broker.\nDefault value: 60 seconds. If we don't receive message within 60 seconds we consider that device is offline.\nIf we don't receive messages within the threshold for all devices, we'll try to reconnect to the MQTT broker.\nThere is a strange behavior that MQTT stop sends messages if you open Ecoflow mobile app and then close it).\n", "example": {"_type": "literalExpression", "text": "120"}, "loc": ["services", "prometheus", "exporters", "ecoflow", "mqttDeviceOfflineThreshold"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.prometheus.exporters.ecoflow.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ecoflow.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "2112"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.ecoflow.prefix": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ecoflow\""}, "description": "The prefix that will be added to all metrics. Default value is ecoflow.\nFor instance metric bms_bmsStatus.minCellTemp will be exported to prometheus as ecoflow.bms_bmsStatus.minCellTemp.\nWith default value \"ecoflow\" you can use Grafana Dashboard with ID 17812 without any changes.\n", "example": {"_type": "literalExpression", "text": "\"ecoflow_privateSite\""}, "loc": ["services", "prometheus", "exporters", "ecoflow", "prefix"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ecoflow.scrapingInterval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Scrapping interval in seconds. How often should the exporter execute requests to Ecoflow Rest API in order to get the data.\nDefault value is 30 seconds. Align this value with your prometheus scraper interval settings.\n", "example": {"_type": "literalExpression", "text": "120"}, "loc": ["services", "prometheus", "exporters", "ecoflow", "scrapingInterval"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.prometheus.exporters.ecoflow.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ecoflow-exporter\""}, "description": "User name under which the ecoflow exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ecoflow", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-bazarr.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the api-key.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.exportarr-bazarr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus exportarr-bazarr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-bazarr.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PROWLARR__BACKFILL = true;\n}"}, "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.exportarr-bazarr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the exportarr-bazarr exporter.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.exportarr-bazarr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.exportarr-bazarr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9708\"\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.exportarr-bazarr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.exportarr-bazarr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9708 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.exportarr-bazarr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-bazarr-exporter\""}, "description": "Group under which the exportarr-bazarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-bazarr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-bazarr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-bazarr.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exportarr"}, "description": "The exportarr package to use.", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.exportarr-bazarr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9708"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.exportarr-bazarr.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "The full URL to Sonarr, Radarr, or Lidarr.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-bazarr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-bazarr-exporter\""}, "description": "User name under which the exportarr-bazarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-bazarr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-lidarr.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the api-key.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.exportarr-lidarr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus exportarr-lidarr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-lidarr.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PROWLARR__BACKFILL = true;\n}"}, "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.exportarr-lidarr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the exportarr-lidarr exporter.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.exportarr-lidarr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.exportarr-lidarr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9708\"\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.exportarr-lidarr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.exportarr-lidarr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9708 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.exportarr-lidarr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-lidarr-exporter\""}, "description": "Group under which the exportarr-lidarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-lidarr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-lidarr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-lidarr.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exportarr"}, "description": "The exportarr package to use.", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.exportarr-lidarr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9708"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.exportarr-lidarr.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "The full URL to Sonarr, Radarr, or Lidarr.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-lidarr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-lidarr-exporter\""}, "description": "User name under which the exportarr-lidarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-lidarr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-prowlarr.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the api-key.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.exportarr-prowlarr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus exportarr-prowlarr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-prowlarr.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PROWLARR__BACKFILL = true;\n}"}, "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.exportarr-prowlarr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the exportarr-prowlarr exporter.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.exportarr-prowlarr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.exportarr-prowlarr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9708\"\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.exportarr-prowlarr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.exportarr-prowlarr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9708 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.exportarr-prowlarr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-prowlarr-exporter\""}, "description": "Group under which the exportarr-prowlarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-prowlarr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-prowlarr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-prowlarr.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exportarr"}, "description": "The exportarr package to use.", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.exportarr-prowlarr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9708"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.exportarr-prowlarr.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "The full URL to Sonarr, Radarr, or Lidarr.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-prowlarr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-prowlarr-exporter\""}, "description": "User name under which the exportarr-prowlarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-prowlarr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-radarr.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the api-key.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.exportarr-radarr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus exportarr-radarr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-radarr.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PROWLARR__BACKFILL = true;\n}"}, "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.exportarr-radarr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the exportarr-radarr exporter.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.exportarr-radarr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.exportarr-radarr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9708\"\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.exportarr-radarr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.exportarr-radarr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9708 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.exportarr-radarr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-radarr-exporter\""}, "description": "Group under which the exportarr-radarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-radarr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-radarr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-radarr.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exportarr"}, "description": "The exportarr package to use.", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.exportarr-radarr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9708"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.exportarr-radarr.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "The full URL to Sonarr, Radarr, or Lidarr.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-radarr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-radarr-exporter\""}, "description": "User name under which the exportarr-radarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-radarr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-readarr.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the api-key.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.exportarr-readarr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus exportarr-readarr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-readarr.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PROWLARR__BACKFILL = true;\n}"}, "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.exportarr-readarr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the exportarr-readarr exporter.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.exportarr-readarr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.exportarr-readarr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9708\"\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.exportarr-readarr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.exportarr-readarr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9708 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.exportarr-readarr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-readarr-exporter\""}, "description": "Group under which the exportarr-readarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-readarr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-readarr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-readarr.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exportarr"}, "description": "The exportarr package to use.", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.exportarr-readarr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9708"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.exportarr-readarr.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "The full URL to Sonarr, Radarr, or Lidarr.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-readarr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-readarr-exporter\""}, "description": "User name under which the exportarr-readarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-readarr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-sonarr.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the api-key.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.exportarr-sonarr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus exportarr-sonarr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-sonarr.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  PROWLARR__BACKFILL = true;\n}"}, "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.exportarr-sonarr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the exportarr-sonarr exporter.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.exportarr-sonarr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.exportarr-sonarr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9708\"\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.exportarr-sonarr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.exportarr-sonarr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9708 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.exportarr-sonarr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-sonarr-exporter\""}, "description": "Group under which the exportarr-sonarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-sonarr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-sonarr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.exportarr-sonarr.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.exportarr"}, "description": "The exportarr package to use.", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.exportarr-sonarr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9708"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.exportarr-sonarr.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1\""}, "description": "The full URL to Sonarr, Radarr, or Lidarr.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.exportarr-sonarr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"exportarr-sonarr-exporter\""}, "description": "User name under which the exportarr-sonarr exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "exportarr-sonarr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fastly.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a fastly-exporter configuration file.\nExample one can be generated with `fastly-exporter --config-file-example`.\n", "example": {"_type": "literalExpression", "text": "\"./fastly-exporter-config.txt\""}, "loc": ["services", "prometheus", "exporters", "fastly", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.fastly.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus fastly exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "fastly", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fastly.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "An environment file containg at least the FASTLY_API_TOKEN= environment\nvariable.\n", "loc": ["services", "prometheus", "exporters", "fastly", "environmentFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.fastly.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the fastly exporter.\n", "loc": ["services", "prometheus", "exporters", "fastly", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.fastly.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.fastly.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9118\"\n"}, "loc": ["services", "prometheus", "exporters", "fastly", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.fastly.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.fastly.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9118 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "fastly", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.fastly.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fastly-exporter\""}, "description": "Group under which the fastly exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "fastly", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fastly.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "fastly", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fastly.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "fastly", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fastly.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9118"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "fastly", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.fastly.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fastly-exporter\""}, "description": "User name under which the fastly exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "fastly", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.flow.asn": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "The ASN being monitored.", "example": {"_type": "literalExpression", "text": "65542"}, "loc": ["services", "prometheus", "exporters", "flow", "asn"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.prometheus.exporters.flow.brokers": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "List of Kafka brokers to connect to.", "example": {"_type": "literalExpression", "text": "[ \"kafka.example.org:19092\" ]"}, "loc": ["services", "prometheus", "exporters", "flow", "brokers"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.flow.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus flow exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "flow", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.flow.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the flow exporter.\n", "loc": ["services", "prometheus", "exporters", "flow", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.flow.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.flow.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9590\"\n"}, "loc": ["services", "prometheus", "exporters", "flow", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.flow.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.flow.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9590 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "flow", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.flow.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"flow-exporter\""}, "description": "Group under which the flow exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "flow", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.flow.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "flow", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.flow.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "flow", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.flow.partitions": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The number of the partitions to consume, none means all.\n", "loc": ["services", "prometheus", "exporters", "flow", "partitions"], "readOnly": false, "type": "list of signed integer"}, "services.prometheus.exporters.flow.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9590"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "flow", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.flow.topic": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "The Kafka topic to consume from.", "example": {"_type": "literalExpression", "text": "\"pmacct.acct\""}, "loc": ["services", "prometheus", "exporters", "flow", "topic"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.flow.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"flow-exporter\""}, "description": "User name under which the flow exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "flow", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritz.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus fritz exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "fritz", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fritz.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the fritz exporter.\n", "loc": ["services", "prometheus", "exporters", "fritz", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.fritz.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.fritz.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9787\"\n"}, "loc": ["services", "prometheus", "exporters", "fritz", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.fritz.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.fritz.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9787 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "fritz", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.fritz.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fritz-exporter\""}, "description": "Group under which the fritz exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "fritz", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritz.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "fritz", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritz.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "fritz", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fritz.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9787"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "fritz", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.fritz.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Configuration settings for fritz-exporter.", "loc": ["services", "prometheus", "exporters", "fritz", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.prometheus.exporters.fritz.settings.devices": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Fritz!-devices to monitor using the exporter.", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "devices"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.prometheus.exporters.fritz.settings.devices.*.host_info": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable extended host info for this device. *Warning*: This will heavily increase scrape time.\n", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "devices", "*", "host_info"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fritz.settings.devices.*.hostname": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fritz.box\""}, "description": "Hostname under which the target device is reachable.\n", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "devices", "*", "hostname"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritz.settings.devices.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name to use for the device.\n", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "devices", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritz.settings.devices.*.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to a file which contains the password to authenticate with the target device.\nNeeds to be readable by the user the exporter runs under.\n", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "devices", "*", "password_file"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.fritz.settings.devices.*.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Username to authenticate with the target device.\n", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "devices", "*", "username"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritz.settings.log_level": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level to use for the exporter.\n", "loc": ["services", "prometheus", "exporters", "fritz", "settings", "log_level"], "readOnly": false, "type": "one of \"DEBUG\", \"INFO\", \"WARNING\", \"ERROR\", \"CRITICAL\""}, "services.prometheus.exporters.fritz.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fritz-exporter\""}, "description": "User name under which the fritz exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "fritz", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritzbox.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus fritzbox exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "fritzbox", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fritzbox.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the fritzbox exporter.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.fritzbox.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.fritzbox.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9133\"\n"}, "loc": ["services", "prometheus", "exporters", "fritzbox", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.fritzbox.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.fritzbox.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9133 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "fritzbox", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.fritzbox.gatewayAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fritz.box\""}, "description": "The hostname or IP of the FRITZ!Box.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "gatewayAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritzbox.gatewayPort": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "49000"}, "description": "The port of the FRITZ!Box UPnP service.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "gatewayPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.fritzbox.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fritzbox-exporter\""}, "description": "Group under which the fritzbox exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritzbox.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.fritzbox.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.fritzbox.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9133"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.fritzbox.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"fritzbox-exporter\""}, "description": "User name under which the fritzbox exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "fritzbox", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.frr.disabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to disable which are enabled by default.\n", "example": {"_type": "literalExpression", "text": "[\n  \"bfd\"\n]"}, "loc": ["services", "prometheus", "exporters", "frr", "disabledCollectors"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.frr.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus frr exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "frr", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.frr.enabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to enable. The collectors listed here are enabled in addition to the default ones.\n", "example": {"_type": "literalExpression", "text": "[\n  \"vrrp\"\n]"}, "loc": ["services", "prometheus", "exporters", "frr", "enabledCollectors"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.frr.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the frr exporter.\n", "loc": ["services", "prometheus", "exporters", "frr", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.frr.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.frr.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9342\"\n"}, "loc": ["services", "prometheus", "exporters", "frr", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.frr.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.frr.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9342 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "frr", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.frr.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"frrtty\""}, "description": "Group under which the frr exporter shall be run.\nThe exporter talks to frr using a unix socket, which is owned by frrtty group.\n", "loc": ["services", "prometheus", "exporters", "frr", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.frr.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "frr", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.frr.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "frr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.frr.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9342"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "frr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.frr.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"frr\""}, "description": "User name under which the frr exporter shall be run.\nThe exporter talks to frr using a unix socket, which is owned by frr.\n", "loc": ["services", "prometheus", "exporters", "frr", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.graphite.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus graphite exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "graphite", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.graphite.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the graphite exporter.\n", "loc": ["services", "prometheus", "exporters", "graphite", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.graphite.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.graphite.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9108\"\n"}, "loc": ["services", "prometheus", "exporters", "graphite", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.graphite.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.graphite.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9108 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "graphite", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.graphite.graphitePort": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9109"}, "description": "Port to use for the graphite server.\n", "loc": ["services", "prometheus", "exporters", "graphite", "graphitePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.graphite.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"graphite-exporter\""}, "description": "Group under which the graphite exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "graphite", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.graphite.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "graphite", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.graphite.mappingSettings": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Mapping configuration for the exporter, see\n<https://github.com/prometheus/graphite_exporter#yaml-config> for\navailable options.\n", "loc": ["services", "prometheus", "exporters", "graphite", "mappingSettings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.prometheus.exporters.graphite.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "graphite", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.graphite.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9108"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "graphite", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.graphite.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"graphite-exporter\""}, "description": "User name under which the graphite exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "graphite", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.idrac.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for iDRAC exporter, as a nix attribute set.\n\nConfiguration reference: <https://github.com/mrlhansen/idrac_exporter/#configuration>\n\nMutually exclusive with `configurationPath` option.\n", "example": {"_type": "literalExpression", "text": "{\n  hosts = {\n    default = {\n      password = \"password\";\n      username = \"username\";\n    };\n  };\n  metrics = {\n    memory = true;\n    power = true;\n    sel = true;\n    sensors = true;\n    storage = true;\n    system = true;\n  };\n  retries = 1;\n  timeout = 10;\n}"}, "loc": ["services", "prometheus", "exporters", "idrac", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.exporters.idrac.configurationPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the service's config file. This path can either be a computed path in /nix/store or a path in the local filesystem.\n\nThe config file should NOT be stored in /nix/store as it will contain passwords and/or keys in plain text.\n\nMutually exclusive with `configuration` option.\n\nConfiguration reference: <https://github.com/mrlhansen/idrac_exporter/#configuration>\n", "example": {"_type": "literalExpression", "text": "\"/etc/prometheus-idrac-exporter/idrac.yml\""}, "loc": ["services", "prometheus", "exporters", "idrac", "configurationPath"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.idrac.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus idrac exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "idrac", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.idrac.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the idrac exporter.\n", "loc": ["services", "prometheus", "exporters", "idrac", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.idrac.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.idrac.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9348\"\n"}, "loc": ["services", "prometheus", "exporters", "idrac", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.idrac.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.idrac.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9348 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "idrac", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.idrac.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"idrac-exporter\""}, "description": "Group under which the idrac exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "idrac", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.idrac.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "idrac", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.idrac.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "idrac", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.idrac.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9348"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "idrac", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.idrac.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"idrac-exporter\""}, "description": "User name under which the idrac exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "idrac", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.imap-mailstat.accounts": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Accounts to monitor\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your email address (at the moment used as login name)", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts", "<name>", "mailaddress"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.imap-mailstat.accounts.<name>.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts", "<name>", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "mailserver name or address", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts", "<name>", "serveraddress"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "imap port number (at the moment only tls connection is supported)", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts", "<name>", "serverport"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.exporters.imap-mailstat.accounts.<name>.starttls": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "set to true for using STARTTLS to start a TLS connection", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts", "<name>", "starttls"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.exporters.imap-mailstat.accounts.<name>.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If empty string mailaddress value is used", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "accounts", "<name>", "username"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.imap-mailstat.configurationFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File containing the configuration\n", "example": {"_type": "literalExpression", "text": "\"/path/to/config-file\""}, "loc": ["services", "prometheus", "exporters", "imap-mailstat", "configurationFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.imap-mailstat.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus imap-mailstat exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "imap-mailstat", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.imap-mailstat.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the imap-mailstat exporter.\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.imap-mailstat.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.imap-mailstat.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 8081\"\n"}, "loc": ["services", "prometheus", "exporters", "imap-mailstat", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.imap-mailstat.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.imap-mailstat.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 8081 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "imap-mailstat", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.imap-mailstat.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"imap-mailstat-exporter\""}, "description": "Group under which the imap-mailstat exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.imap-mailstat.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.imap-mailstat.oldestUnseenDate": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable metric with timestamp of oldest unseen mail\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "oldestUnseenDate"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.imap-mailstat.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.imap-mailstat.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.imap-mailstat.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"imap-mailstat-exporter\""}, "description": "User name under which the imap-mailstat exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "imap-mailstat", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.influxdb.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus influxdb exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "influxdb", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.influxdb.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the influxdb exporter.\n", "loc": ["services", "prometheus", "exporters", "influxdb", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.influxdb.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.influxdb.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9122\"\n"}, "loc": ["services", "prometheus", "exporters", "influxdb", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.influxdb.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.influxdb.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9122 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "influxdb", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.influxdb.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"influxdb-exporter\""}, "description": "Group under which the influxdb exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "influxdb", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.influxdb.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "influxdb", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.influxdb.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "influxdb", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.influxdb.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9122"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "influxdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.influxdb.sampleExpiry": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"5m\""}, "description": "How long a sample is valid for", "example": {"_type": "literalExpression", "text": "\"10m\""}, "loc": ["services", "prometheus", "exporters", "influxdb", "sampleExpiry"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.influxdb.udpBindAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\":9122\""}, "description": "Address on which to listen for udp packets", "example": {"_type": "literalExpression", "text": "\"192.0.2.1:9122\""}, "loc": ["services", "prometheus", "exporters", "influxdb", "udpBindAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.influxdb.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"influxdb-exporter\""}, "description": "User name under which the influxdb exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "influxdb", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ipmi.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.ipmi.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus ipmi exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "ipmi", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ipmi.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the ipmi exporter.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.ipmi.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.ipmi.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9290\"\n"}, "loc": ["services", "prometheus", "exporters", "ipmi", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.ipmi.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.ipmi.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9290 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "ipmi", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.ipmi.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ipmi-exporter\""}, "description": "Group under which the ipmi exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ipmi.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ipmi.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ipmi.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9290"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.ipmi.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ipmi-exporter\""}, "description": "User name under which the ipmi exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ipmi.webConfigFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file that can enable TLS or authentication.\n", "loc": ["services", "prometheus", "exporters", "ipmi", "webConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.jitsi.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus jitsi exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "jitsi", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.jitsi.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the jitsi exporter.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.jitsi.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.jitsi.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9700\"\n"}, "loc": ["services", "prometheus", "exporters", "jitsi", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.jitsi.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.jitsi.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9700 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "jitsi", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.jitsi.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"jitsi-exporter\""}, "description": "Group under which the jitsi exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.jitsi.interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "How often to scrape new data\n", "example": {"_type": "literalExpression", "text": "\"1min\""}, "loc": ["services", "prometheus", "exporters", "jitsi", "interval"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.jitsi.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.jitsi.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.jitsi.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9700"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.jitsi.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost:8080/colibri/stats\""}, "description": "Jitsi Videobridge metrics URL to monitor.\nThis is usually /colibri/stats on port 8080 of the jitsi videobridge host.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.jitsi.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"jitsi-exporter\""}, "description": "User name under which the jitsi exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "jitsi", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.json.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to configuration file.\n", "loc": ["services", "prometheus", "exporters", "json", "configFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.json.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus json exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "json", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.json.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the json exporter.\n", "loc": ["services", "prometheus", "exporters", "json", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.json.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.json.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 7979\"\n"}, "loc": ["services", "prometheus", "exporters", "json", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.json.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.json.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 7979 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "json", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.json.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"json-exporter\""}, "description": "Group under which the json exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "json", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.json.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "json", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.json.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "json", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.json.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "7979"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "json", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.json.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"json-exporter\""}, "description": "User name under which the json exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "json", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.junos-czerwonk.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "JunOS exporter configuration as nix attribute set. Mutually exclusive with the `configurationFile` option.\n", "example": {"_type": "literalExpression", "text": "{\n  devices = [\n    {\n      host = \"router1\";\n      key_file = \"/path/to/key\";\n    }\n  ];\n}"}, "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.exporters.junos-czerwonk.configurationFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the JunOS exporter configuration file to use.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "configurationFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.junos-czerwonk.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus junos-czerwonk exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.junos-czerwonk.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing env-vars to be substituted into the exporter's config.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.junos-czerwonk.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the junos-czerwonk exporter.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.junos-czerwonk.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.junos-czerwonk.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9326\"\n"}, "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.junos-czerwonk.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.junos-czerwonk.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9326 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.junos-czerwonk.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"junos-czerwonk-exporter\""}, "description": "Group under which the junos-czerwonk exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.junos-czerwonk.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.junos-czerwonk.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.junos-czerwonk.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9326"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.junos-czerwonk.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.junos-czerwonk.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"junos-czerwonk-exporter\""}, "description": "User name under which the junos-czerwonk exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "junos-czerwonk", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.kafka.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus kafka exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "kafka", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.kafka.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the credentials to access the repository, in the\nformat of an EnvironmentFile as described by systemd.exec(5)\n", "loc": ["services", "prometheus", "exporters", "kafka", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.kafka.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the kafka exporter.\n", "loc": ["services", "prometheus", "exporters", "kafka", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.kafka.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.kafka.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 8080\"\n"}, "loc": ["services", "prometheus", "exporters", "kafka", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.kafka.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.kafka.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 8080 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "kafka", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.kafka.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"kafka-exporter\""}, "description": "Group under which the kafka exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "kafka", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.kafka.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "kafka", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.kafka.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "kafka", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.kafka.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kminion"}, "description": "The kminion package to use.", "loc": ["services", "prometheus", "exporters", "kafka", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.kafka.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "kafka", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.kafka.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"kafka-exporter\""}, "description": "User name under which the kafka exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "kafka", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.kea.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus kea exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "kea", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.kea.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the kea exporter.\n", "loc": ["services", "prometheus", "exporters", "kea", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.kea.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.kea.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9547\"\n"}, "loc": ["services", "prometheus", "exporters", "kea", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.kea.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.kea.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9547 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "kea", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.kea.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"kea-exporter\""}, "description": "Group under which the kea exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "kea", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.kea.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "kea", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.kea.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "kea", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.kea.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9547"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "kea", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.kea.targets": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Paths or URLs to the Kea control socket.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/kea/kea-dhcp4.socket\"\n  \"/run/kea/kea-dhcp6.socket\"\n  \"http://127.0.0.1:8547\"\n]\n"}, "loc": ["services", "prometheus", "exporters", "kea", "targets"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.kea.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"kea-exporter\""}, "description": "User name under which the kea exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "kea", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.keylight.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus keylight exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "keylight", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.keylight.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the keylight exporter.\n", "loc": ["services", "prometheus", "exporters", "keylight", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.keylight.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.keylight.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9288\"\n"}, "loc": ["services", "prometheus", "exporters", "keylight", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.keylight.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.keylight.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9288 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "keylight", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.keylight.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"keylight-exporter\""}, "description": "Group under which the keylight exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "keylight", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.keylight.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "keylight", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.keylight.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "keylight", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.keylight.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9288"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "keylight", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.keylight.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"keylight-exporter\""}, "description": "User name under which the keylight exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "keylight", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.klipper.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus klipper exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "klipper", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.klipper.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the klipper exporter.\n", "loc": ["services", "prometheus", "exporters", "klipper", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.klipper.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.klipper.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9101\"\n"}, "loc": ["services", "prometheus", "exporters", "klipper", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.klipper.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.klipper.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9101 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "klipper", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.klipper.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"klipper-exporter\""}, "description": "Group under which the klipper exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "klipper", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.klipper.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "klipper", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.klipper.moonrakerApiKey": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "API Key to authenticate with the Moonraker APIs.\nOnly needed if the host running the exporter is not a trusted client to Moonraker.\n", "loc": ["services", "prometheus", "exporters", "klipper", "moonrakerApiKey"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.klipper.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "klipper", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.klipper.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-klipper-exporter"}, "description": "The prometheus-klipper-exporter package to use.", "loc": ["services", "prometheus", "exporters", "klipper", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.klipper.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9101"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "klipper", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.klipper.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"klipper-exporter\""}, "description": "User name under which the klipper exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "klipper", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.knot.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus knot exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "knot", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.knot.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the knot exporter.\n", "loc": ["services", "prometheus", "exporters", "knot", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.knot.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.knot.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9433\"\n"}, "loc": ["services", "prometheus", "exporters", "knot", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.knot.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.knot.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9433 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "knot", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.knot.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"knot-exporter\""}, "description": "Group under which the knot exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "knot", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.knot.knotLibraryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the library of `knot-dns`.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.knot-dns.out}/lib/libknot.so\""}, "loc": ["services", "prometheus", "exporters", "knot", "knotLibraryPath"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.knot.knotSocketPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/run/knot/knot.sock\""}, "description": "Socket path of {manpage}`knotd(8)`.\n", "loc": ["services", "prometheus", "exporters", "knot", "knotSocketPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.knot.knotSocketTimeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "2000"}, "description": "Timeout in seconds.\n", "loc": ["services", "prometheus", "exporters", "knot", "knotSocketTimeout"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.prometheus.exporters.knot.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "knot", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.knot.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "knot", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.knot.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9433"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "knot", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.knot.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"knot-exporter\""}, "description": "User name under which the knot exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "knot", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.libvirt.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus libvirt exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "libvirt", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.libvirt.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the libvirt exporter.\n", "loc": ["services", "prometheus", "exporters", "libvirt", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.libvirt.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.libvirt.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9177\"\n"}, "loc": ["services", "prometheus", "exporters", "libvirt", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.libvirt.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.libvirt.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9177 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "libvirt", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.libvirt.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"libvirt-exporter\""}, "description": "Group under which the libvirt exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "libvirt", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.libvirt.libvirtUri": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"qemu:///system\""}, "description": "Libvirt URI from which to extract metrics", "loc": ["services", "prometheus", "exporters", "libvirt", "libvirtUri"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.libvirt.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "libvirt", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.libvirt.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "libvirt", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.libvirt.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9177"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "libvirt", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.libvirt.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"libvirt-exporter\""}, "description": "User name under which the libvirt exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "libvirt", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.lnd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus lnd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "lnd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.lnd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the lnd exporter.\n", "loc": ["services", "prometheus", "exporters", "lnd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.lnd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.lnd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9092\"\n"}, "loc": ["services", "prometheus", "exporters", "lnd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.lnd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.lnd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9092 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "lnd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.lnd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"lnd-exporter\""}, "description": "Group under which the lnd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "lnd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.lnd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "lnd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.lnd.lndHost": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:10009\""}, "description": "lnd instance gRPC address:port.\n", "loc": ["services", "prometheus", "exporters", "lnd", "lndHost"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.lnd.lndMacaroonDir": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to lnd macaroons.\n", "loc": ["services", "prometheus", "exporters", "lnd", "lndMacaroonDir"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.lnd.lndTlsPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to lnd TLS certificate.\n", "loc": ["services", "prometheus", "exporters", "lnd", "lndTlsPath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.lnd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "lnd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.lnd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9092"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "lnd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.lnd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"lnd-exporter\""}, "description": "User name under which the lnd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "lnd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the mailexporter configuration file to use.\n", "loc": ["services", "prometheus", "exporters", "mail", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.mail.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the mailexporter configuration file to use.\n", "loc": ["services", "prometheus", "exporters", "mail", "configuration"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.exporters.mail.configuration.disableFileDeletion": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disables the exporter's function to delete probing mails.\n", "loc": ["services", "prometheus", "exporters", "mail", "configuration", "disableFileDeletion"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mail.configuration.mailCheckTimeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Timeout until mails are considered \"didn't make it\".\n", "loc": ["services", "prometheus", "exporters", "mail", "configuration", "mailCheckTimeout"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.configuration.monitoringInterval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Time interval between two probe attempts.\n", "example": {"_type": "literalExpression", "text": "\"10s\""}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "monitoringInterval"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.configuration.servers": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of servers that should be probed.\n\n*Note:* if your mailserver has {manpage}`rspamd(8)` configured,\nit can happen that emails from this exporter are marked as spam.\n\nIt's possible to work around the issue with a config like this:\n```\n{\n  services.rspamd.locals.\"multimap.conf\".text = ''\n    ALLOWLIST_PROMETHEUS {\n      filter = \"email:domain:tld\";\n      type = \"from\";\n      map = \"${pkgs.writeText \"allowmap\" \"domain.tld\"}\";\n      score = -100.0;\n    }\n  '';\n}\n```\n", "example": {"_type": "literalExpression", "text": "[ {\n  name = \"testserver\";\n  server = \"smtp.domain.tld\";\n  port = 587;\n  from = \"exporteruser@domain.tld\";\n  to = \"exporteruser@domain.tld\";\n  detectionDir = \"/path/to/Maildir/new\";\n} ]\n"}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.exporters.mail.configuration.servers.*.detectionDir": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Directory in which new mails for the exporter user are placed.\nNote that this needs to exist when the exporter starts.\n", "example": {"_type": "literalExpression", "text": "\"/var/spool/mail/exporteruser/new\""}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "detectionDir"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.mail.configuration.servers.*.from": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Content of 'From' Header for probing mails.\n", "example": {"_type": "literalExpression", "text": "\"exporteruser@domain.tld\""}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "from"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.configuration.servers.*.login": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username to use for SMTP authentication.\n", "example": {"_type": "literalExpression", "text": "\"exporteruser@domain.tld\""}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "login"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mail.configuration.servers.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Value for label 'configname' which will be added to all metrics.\n", "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.configuration.servers.*.passphrase": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password to use for SMTP authentication.\n", "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "passphrase"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mail.configuration.servers.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Port to use for SMTP.\n", "example": {"_type": "literalExpression", "text": "587"}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mail.configuration.servers.*.server": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Hostname of the server that should be probed.\n", "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "server"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.configuration.servers.*.to": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Content of 'To' Header for probing mails.\n", "example": {"_type": "literalExpression", "text": "\"exporteruser@domain.tld\""}, "loc": ["services", "prometheus", "exporters", "mail", "configuration", "servers", "*", "to"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus mail exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mail", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mail.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing env-vars to be substituted into the exporter's config.\n", "loc": ["services", "prometheus", "exporters", "mail", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mail.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the mail exporter.\n", "loc": ["services", "prometheus", "exporters", "mail", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mail.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.mail.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9225\"\n"}, "loc": ["services", "prometheus", "exporters", "mail", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mail.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.mail.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9225 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "mail", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.mail.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mail-exporter\""}, "description": "Group under which the mail exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mail", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "mail", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "mail", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mail.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9225"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "mail", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mail.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "mail", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mail.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mail-exporter\""}, "description": "User name under which the mail exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mail", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mailman3.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus mailman3 exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mailman3", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mailman3.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the mailman3 exporter.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mailman3.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.mailman3.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9934\"\n"}, "loc": ["services", "prometheus", "exporters", "mailman3", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mailman3.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.mailman3.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9934 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "mailman3", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.mailman3.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mailman3-exporter\""}, "description": "Group under which the mailman3 exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mailman3.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mailman3.logLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Detail level to log.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"error\", \"critical\""}, "services.prometheus.exporters.mailman3.mailman.addr": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8001\""}, "description": "Mailman3 Core REST API address.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "mailman", "addr"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mailman3.mailman.passFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "config.services.mailman.restApiPassFile"}, "description": "Mailman3 Core REST API password.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "mailman", "passFile"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mailman3.mailman.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"restadmin\""}, "description": "Mailman3 Core REST API username.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "mailman", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mailman3.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mailman3.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9934"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mailman3.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mailman3-exporter\""}, "description": "User name under which the mailman3 exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mailman3", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mikrotik.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a mikrotik exporter configuration file. Mutually exclusive with\n{option}`configuration` option.\n", "example": {"_type": "literalExpression", "text": "./mikrotik.yml"}, "loc": ["services", "prometheus", "exporters", "mikrotik", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.mikrotik.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mikrotik exporter configuration as nix attribute set. Mutually exclusive with\n{option}`configFile` option.\n\nSee <https://github.com/nshttpd/mikrotik-exporter/blob/master/README.md>\nfor the description of the configuration file format.\n", "example": {"_type": "literalExpression", "text": "{\n  devices = [\n    {\n      name = \"my_router\";\n      address = \"10.10.0.1\";\n      user = \"prometheus\";\n      password = \"changeme\";\n    }\n  ];\n  features = {\n    bgp = true;\n    dhcp = true;\n    routes = true;\n    optics = true;\n  };\n}\n"}, "loc": ["services", "prometheus", "exporters", "mikrotik", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.exporters.mikrotik.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus mikrotik exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mikrotik", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mikrotik.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the mikrotik exporter.\n", "loc": ["services", "prometheus", "exporters", "mikrotik", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mikrotik.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.mikrotik.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9436\"\n"}, "loc": ["services", "prometheus", "exporters", "mikrotik", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mikrotik.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.mikrotik.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9436 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "mikrotik", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.mikrotik.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mikrotik-exporter\""}, "description": "Group under which the mikrotik exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mikrotik", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mikrotik.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "mikrotik", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mikrotik.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "mikrotik", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mikrotik.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9436"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "mikrotik", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mikrotik.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mikrotik-exporter\""}, "description": "User name under which the mikrotik exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mikrotik", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.modemmanager.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus modemmanager exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "modemmanager", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.modemmanager.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the modemmanager exporter.\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.modemmanager.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.modemmanager.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9539\"\n"}, "loc": ["services", "prometheus", "exporters", "modemmanager", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.modemmanager.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.modemmanager.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9539 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "modemmanager", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.modemmanager.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"modemmanager-exporter\""}, "description": "Group under which the modemmanager exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.modemmanager.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.modemmanager.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.modemmanager.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9539"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.modemmanager.refreshRate": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"5s\""}, "description": "How frequently ModemManager will refresh the extended signal quality\ninformation for each modem. The duration should be specified in seconds\n(\"5s\"), minutes (\"1m\"), or hours (\"1h\").\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "refreshRate"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.modemmanager.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"modemmanager-exporter\""}, "description": "User name under which the modemmanager exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "modemmanager", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mongodb.collStats": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of comma separared databases.collections to get $collStats\n", "example": {"_type": "literalExpression", "text": "[\n  \"db1.coll1\"\n  \"db2\"\n]"}, "loc": ["services", "prometheus", "exporters", "mongodb", "collStats"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mongodb.collectAll": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable all collectors. Same as specifying all --collector.<name>\n", "loc": ["services", "prometheus", "exporters", "mongodb", "collectAll"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mongodb.collector": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enabled collectors", "example": {"_type": "literalExpression", "text": "[\n  \"diagnosticdata\"\n  \"replicasetstatus\"\n  \"dbstats\"\n  \"topmetrics\"\n  \"currentopmetrics\"\n  \"indexstats\"\n  \"dbstats\"\n  \"profile\"\n]"}, "loc": ["services", "prometheus", "exporters", "mongodb", "collector"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mongodb.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus mongodb exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mongodb", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mongodb.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the mongodb exporter.\n", "loc": ["services", "prometheus", "exporters", "mongodb", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mongodb.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.mongodb.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9216\"\n"}, "loc": ["services", "prometheus", "exporters", "mongodb", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mongodb.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.mongodb.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9216 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "mongodb", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.mongodb.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb-exporter\""}, "description": "Group under which the mongodb exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mongodb", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mongodb.indexStats": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of comma separared databases.collections to get $indexStats\n", "example": {"_type": "literalExpression", "text": "[\n  \"db1.coll1\"\n  \"db2\"\n]"}, "loc": ["services", "prometheus", "exporters", "mongodb", "indexStats"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mongodb.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "mongodb", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mongodb.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "mongodb", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mongodb.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9216"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "mongodb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mongodb.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Metrics expose path", "example": {"_type": "literalExpression", "text": "\"/metrics\""}, "loc": ["services", "prometheus", "exporters", "mongodb", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mongodb.uri": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb://localhost:27017/test\""}, "description": "MongoDB URI to connect to.", "example": {"_type": "literalExpression", "text": "\"mongodb://localhost:27017/test\""}, "loc": ["services", "prometheus", "exporters", "mongodb", "uri"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mongodb.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb-exporter\""}, "description": "User name under which the mongodb exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mongodb", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus mqtt exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mqtt", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to load as environment file. Useful for e.g. setting `MQTT_PASSWORD`\nwithout putting any secrets into the Nix store.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/mqtt-exporter\"\n]"}, "loc": ["services", "prometheus", "exporters", "mqtt", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.mqtt.esphomeTopicPrefixes": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "MQTT topic used for ESPHome messages.", "loc": ["services", "prometheus", "exporters", "mqtt", "esphomeTopicPrefixes"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mqtt.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the mqtt exporter.\n", "loc": ["services", "prometheus", "exporters", "mqtt", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mqtt.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.mqtt.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9000\"\n"}, "loc": ["services", "prometheus", "exporters", "mqtt", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mqtt.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.mqtt.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9000 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "mqtt", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.mqtt.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mqtt-exporter\""}, "description": "Group under which the mqtt exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mqtt", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.hubitatTopicPrefixes": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"hubitat/\"\n]"}, "description": "MQTT topic used for Hubitat messages.", "loc": ["services", "prometheus", "exporters", "mqtt", "hubitatTopicPrefixes"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mqtt.keepFullTopic": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Keep entire topic instead of the first two elements only. Usecase: Shelly 3EM.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mqtt", "keepFullTopic"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "mqtt", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.logLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Logging level", "example": {"_type": "literalExpression", "text": "\"DEBUG\""}, "loc": ["services", "prometheus", "exporters", "mqtt", "logLevel"], "readOnly": false, "type": "one of \"CRITICAL\", \"ERROR\", \"WARNING\", \"INFO\", \"DEBUG\""}, "services.prometheus.exporters.mqtt.logMqttMessage": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Log MQTT original message, only if `LOG_LEVEL` is set to DEBUG..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mqtt", "logMqttMessage"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.mqttAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP or hostname of MQTT broker.", "loc": ["services", "prometheus", "exporters", "mqtt", "mqttAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.mqttClientId": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set client ID manually for MQTT connection", "loc": ["services", "prometheus", "exporters", "mqtt", "mqttClientId"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mqtt.mqttExposeClientId": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Expose the client ID as a label in Prometheus metrics..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mqtt", "mqttExposeClientId"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.mqttIgnoredTopics": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Lists of topics to ignore. Accepts wildcards.", "loc": ["services", "prometheus", "exporters", "mqtt", "mqttIgnoredTopics"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mqtt.mqttKeepAlive": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Keep alive interval to maintain connection with MQTT broker.", "example": {"_type": "literalExpression", "text": "30"}, "loc": ["services", "prometheus", "exporters", "mqtt", "mqttKeepAlive"], "readOnly": false, "type": "signed integer"}, "services.prometheus.exporters.mqtt.mqttPort": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "1883"}, "description": "TCP port of MQTT broker.", "loc": ["services", "prometheus", "exporters", "mqtt", "mqttPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mqtt.mqttTopic": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"#\""}, "description": "Topic path to subscribe to.", "loc": ["services", "prometheus", "exporters", "mqtt", "mqttTopic"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.mqttUsername": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username which should be used to authenticate against the MQTT broker.", "example": {"_type": "literalExpression", "text": "\"mqttexporter\""}, "loc": ["services", "prometheus", "exporters", "mqtt", "mqttUsername"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mqtt.mqttV5Protocol": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Force to use MQTT protocol v5 instead of 3.1.1..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mqtt", "mqttV5Protocol"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "mqtt", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "mqtt", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mqtt.prometheusPrefix": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mqtt_\""}, "description": "Prefix added to the metric name.", "loc": ["services", "prometheus", "exporters", "mqtt", "prometheusPrefix"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.topicLabel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"topic\""}, "description": "Define the Prometheus label for the topic.", "loc": ["services", "prometheus", "exporters", "mqtt", "topicLabel"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mqtt-exporter\""}, "description": "User name under which the mqtt exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mqtt", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mqtt.zigbee2MqttAvailability": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mqtt", "zigbee2MqttAvailability"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mqtt.zwaveTopicPrefix": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"zwave/\""}, "description": "MQTT topic used for Zwavejs2Mqtt messages.", "loc": ["services", "prometheus", "exporters", "mqtt", "zwaveTopicPrefix"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mysqld.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to the services config file.\n\nSee <https://github.com/prometheus/mysqld_exporter#running> for more information about\nthe available options.\n\n::: {.warn}\nPlease do not store this file in the nix store if you choose to include any credentials here,\nas it would be world-readable.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/prometheus-mysqld-exporter.cnf\""}, "loc": ["services", "prometheus", "exporters", "mysqld", "configFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.mysqld.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus mysqld exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "mysqld", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mysqld.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the mysqld exporter.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.mysqld.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.mysqld.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9104\"\n"}, "loc": ["services", "prometheus", "exporters", "mysqld", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.mysqld.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.mysqld.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9104 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "mysqld", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.mysqld.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mysqld-exporter\""}, "description": "Group under which the mysqld exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mysqld.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mysqld.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mysqld.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9104"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.mysqld.runAsLocalSuperUser": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the exporter as {option}`services.mysql.user`.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "runAsLocalSuperUser"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.mysqld.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.mysqld.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"mysqld-exporter\""}, "description": "User name under which the mysqld exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "mysqld", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nats.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus nats exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "nats", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nats.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the nats exporter.\n", "loc": ["services", "prometheus", "exporters", "nats", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nats.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.nats.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 7777\"\n"}, "loc": ["services", "prometheus", "exporters", "nats", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.nats.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.nats.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 7777 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "nats", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.nats.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nats-exporter\""}, "description": "Group under which the nats exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nats", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nats.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "nats", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nats.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "nats", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nats.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "7777"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "nats", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.nats.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8222\""}, "description": "NATS monitor endpoint to query.\n", "loc": ["services", "prometheus", "exporters", "nats", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nats.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nats-exporter\""}, "description": "User name under which the nats exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nats", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nextcloud.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus nextcloud exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "nextcloud", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nextcloud.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the nextcloud exporter.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nextcloud.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.nextcloud.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9205\"\n"}, "loc": ["services", "prometheus", "exporters", "nextcloud", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.nextcloud.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.nextcloud.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9205 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "nextcloud", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.nextcloud.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud-exporter\""}, "description": "Group under which the nextcloud exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nextcloud.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nextcloud.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nextcloud.passwordFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password for connecting to Nextcloud.\nMake sure that this file is readable by the exporter user.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/password-file\""}, "loc": ["services", "prometheus", "exporters", "nextcloud", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.nextcloud.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9205"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.nextcloud.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"5s\""}, "description": "Timeout for getting server info document.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "timeout"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nextcloud.tokenFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the token for connecting to Nextcloud.\nMake sure that this file is readable by the exporter user.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/token-file\""}, "loc": ["services", "prometheus", "exporters", "nextcloud", "tokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.nextcloud.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "URL to the Nextcloud serverinfo page.\nAdding the path to the serverinfo API is optional, it defaults\nto `/ocs/v2.php/apps/serverinfo/api/v1/info`.\n", "example": {"_type": "literalExpression", "text": "\"https://domain.tld\""}, "loc": ["services", "prometheus", "exporters", "nextcloud", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nextcloud.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud-exporter\""}, "description": "User name under which the nextcloud exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nextcloud.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nextcloud-exporter\""}, "description": "Username for connecting to Nextcloud.\nNote that this account needs to have admin privileges in Nextcloud.\nUnused when using token authentication.\n", "loc": ["services", "prometheus", "exporters", "nextcloud", "username"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginx.constLabels": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of constant labels that will be used in every metric.\n", "example": {"_type": "literalExpression", "text": "[\n  \"label1=value1\"\n  \"label2=value2\"\n]"}, "loc": ["services", "prometheus", "exporters", "nginx", "constLabels"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nginx.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus nginx exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nginx.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the nginx exporter.\n", "loc": ["services", "prometheus", "exporters", "nginx", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nginx.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.nginx.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9113\"\n"}, "loc": ["services", "prometheus", "exporters", "nginx", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.nginx.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.nginx.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9113 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "nginx", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.nginx.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nginx-exporter\""}, "description": "Group under which the nginx exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nginx", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginx.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "nginx", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginx.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "nginx", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nginx.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9113"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "nginx", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.nginx.scrapeUri": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost/nginx_status\""}, "description": "Address to access the nginx status page.\nCan be enabled with services.nginx.statusPage = true.\n", "loc": ["services", "prometheus", "exporters", "nginx", "scrapeUri"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginx.sslVerify": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to perform certificate verification for https.\n", "loc": ["services", "prometheus", "exporters", "nginx", "sslVerify"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nginx.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "nginx", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginx.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nginx-exporter\""}, "description": "User name under which the nginx exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nginx", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginxlog.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus nginxlog exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "nginxlog", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nginxlog.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the nginxlog exporter.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nginxlog.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.nginxlog.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9117\"\n"}, "loc": ["services", "prometheus", "exporters", "nginxlog", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.nginxlog.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.nginxlog.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9117 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "nginxlog", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.nginxlog.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nginxlog-exporter\""}, "description": "Group under which the nginxlog exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginxlog.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginxlog.metricsEndpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "metricsEndpoint"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nginxlog.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nginxlog.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9117"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.nginxlog.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "All settings of nginxlog expressed as an Nix attrset.\n\nCheck the official documentation for the corresponding YAML\nsettings that can all be used here: <https://github.com/martin-helmich/prometheus-nginxlog-exporter>\n\nThe `listen` object is already generated by `port`, `listenAddress` and `metricsEndpoint` and\nwill be merged with the value of `settings` before writing it as JSON.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "settings"], "readOnly": false, "type": "submodule"}, "services.prometheus.exporters.nginxlog.settings.consul": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul integration options. For more information see the [example config](https://github.com/martin-helmich/prometheus-nginxlog-exporter#configuration-file).\n\nThis is disabled by default.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "settings", "consul"], "readOnly": false, "type": "null or (attribute set of anything)"}, "services.prometheus.exporters.nginxlog.settings.namespaces": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Namespaces to collect the metrics for. For more information see the [example config](https://github.com/martin-helmich/prometheus-nginxlog-exporter#configuration-file).\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "settings", "namespaces"], "readOnly": false, "type": "list of attribute set of anything"}, "services.prometheus.exporters.nginxlog.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nginxlog-exporter\""}, "description": "User name under which the nginxlog exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nginxlog", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.node-cert.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus node-cert exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "node-cert", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.node-cert.excludeGlobs": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List files matching a pattern to include. Uses Go blob pattern.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "excludeGlobs"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node-cert.excludePaths": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths to exclute from searching for SSL certificates.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "excludePaths"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node-cert.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the node-cert exporter.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node-cert.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.node-cert.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9141\"\n"}, "loc": ["services", "prometheus", "exporters", "node-cert", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.node-cert.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.node-cert.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9141 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "node-cert", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.node-cert.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"node-cert-exporter\""}, "description": "Group under which the node-cert exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.node-cert.includeGlobs": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List files matching a pattern to include. Uses Go blob pattern.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "includeGlobs"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node-cert.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.node-cert.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.node-cert.paths": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "List of paths to search for SSL certificates.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "paths"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node-cert.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9141"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.node-cert.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"acme\""}, "description": "User owning the certs.\n", "loc": ["services", "prometheus", "exporters", "node-cert", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.node.disabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to disable which are enabled by default.\n", "example": {"_type": "literalExpression", "text": "[\n  \"timex\"\n]"}, "loc": ["services", "prometheus", "exporters", "node", "disabledCollectors"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus node exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "node", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.node.enabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to enable. The collectors listed here are enabled in addition to the default ones.\n", "example": {"_type": "literalExpression", "text": "[\n  \"systemd\"\n]"}, "loc": ["services", "prometheus", "exporters", "node", "enabledCollectors"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the node exporter.\n", "loc": ["services", "prometheus", "exporters", "node", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.node.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.node.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9100\"\n"}, "loc": ["services", "prometheus", "exporters", "node", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.node.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.node.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9100 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "node", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.node.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"node-exporter\""}, "description": "Group under which the node exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "node", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.node.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "node", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.node.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "node", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.node.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9100"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "node", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.node.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"node-exporter\""}, "description": "User name under which the node exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "node", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nut.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus nut exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "nut", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nut.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the nut exporter.\n", "loc": ["services", "prometheus", "exporters", "nut", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nut.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.nut.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9199\"\n"}, "loc": ["services", "prometheus", "exporters", "nut", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.nut.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.nut.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9199 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "nut", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.nut.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nut-exporter\""}, "description": "Group under which the nut exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nut", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nut.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "nut", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nut.nutServer": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Hostname or address of the NUT server\n", "loc": ["services", "prometheus", "exporters", "nut", "nutServer"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nut.nutUser": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The user to log in into NUT server. If set, passwordPath should\nalso be set.\n\nDefault NUT configs usually permit reading variables without\nauthentication.\n", "example": {"_type": "literalExpression", "text": "\"nut\""}, "loc": ["services", "prometheus", "exporters", "nut", "nutUser"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nut.nutVariables": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of NUT variable names to monitor.\n\nIf no variables are set, all numeric variables will be exported automatically.\nSee the [upstream docs](https://github.com/DRuggeri/nut_exporter?tab=readme-ov-file#variables-and-information)\nfor more information.\n", "loc": ["services", "prometheus", "exporters", "nut", "nutVariables"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nut.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "nut", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nut.passwordPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A run-time path to the nutUser password file, which should be\nprovisioned outside of Nix store.\n", "loc": ["services", "prometheus", "exporters", "nut", "passwordPath"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.nut.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9199"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "nut", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.nut.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nut-exporter\""}, "description": "User name under which the nut exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nut", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nvidia-gpu.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus nvidia-gpu exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nvidia-gpu.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the nvidia-gpu exporter.\n", "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.nvidia-gpu.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.nvidia-gpu.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9835\"\n"}, "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.nvidia-gpu.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.nvidia-gpu.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9835 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.nvidia-gpu.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nvidia-gpu-exporter\""}, "description": "Group under which the nvidia-gpu exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nvidia-gpu.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.nvidia-gpu.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.nvidia-gpu.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9835"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.nvidia-gpu.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"nvidia-gpu-exporter\""}, "description": "User name under which the nvidia-gpu exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "nvidia-gpu", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.opnsense.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File containing the api key.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "apiKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.opnsense.apiSecretFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File containing the api secret.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "apiSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.opnsense.disabledExporter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to enable or disable.\nAll collectors are enabled by default.\n", "example": {"_type": "literalExpression", "text": "[\n  \"disable-openvpn\"\n]"}, "loc": ["services", "prometheus", "exporters", "opnsense", "disabledExporter"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.opnsense.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus opnsense exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "opnsense", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.opnsense.enabledExporter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Collectors to enable or disable.\nAll collectors are enabled by default.\n", "example": {"_type": "literalExpression", "text": "[\n  \"disable-openvpn\"\n]"}, "loc": ["services", "prometheus", "exporters", "opnsense", "enabledExporter"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.opnsense.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the opnsense exporter.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.opnsense.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.opnsense.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9144\"\n"}, "loc": ["services", "prometheus", "exporters", "opnsense", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.opnsense.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.opnsense.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9144 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "opnsense", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.opnsense.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"opnsense\""}, "description": "Group under which the opnsense exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.opnsense.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.opnsense.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.opnsense.opnsenseServerAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"192.168.1.1\""}, "description": "Opnsense IP address of the opnsense appliance.\nDefaults to 192.168.1.1\n", "example": {"_type": "literalExpression", "text": "\"192.168.100.254\""}, "loc": ["services", "prometheus", "exporters", "opnsense", "opnsenseServerAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.opnsense.opnsenseServerProtocol": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"https\""}, "description": "Opnsense metrics scraper protocol to use.\nDefaults to https.\n", "example": {"_type": "literalExpression", "text": "\"http\""}, "loc": ["services", "prometheus", "exporters", "opnsense", "opnsenseServerProtocol"], "readOnly": false, "type": "one of \"http\", \"https\""}, "services.prometheus.exporters.opnsense.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9144"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.opnsense.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"opnsense\""}, "description": "User name under which the opensense exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "opnsense", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pgbouncer.connectionEnvFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that must contain the environment variable\n`PGBOUNCER_EXPORTER_CONNECTION_STRING` which is set to the connection\nstring used by pgbouncer. I.e. the format is supposed to look like this:\n\n```\nPGBOUNCER_EXPORTER_CONNECTION_STRING=\"postgres://admin@localhost:6432/pgbouncer?sslmode=require\"\n```\n\nNOTE: You MUST keep pgbouncer as database name (special internal db)!\nNOTE: `services.pgbouncer.settings.pgbouncer.ignore_startup_parameters`\nMUST contain \"extra_float_digits\".\n\nMutually exclusive with [](#opt-services.prometheus.exporters.pgbouncer.connectionString).\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "connectionEnvFile"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.pgbouncer.connectionString": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Connection string for accessing pgBouncer.\n\nNOTE: You MUST keep pgbouncer as database name (special internal db)!!!\n\nNOTE: ignore_startup_parameters MUST contain \"extra_float_digits\".\n\nNOTE: Admin user (with password or passwordless) MUST exist in the\nauth_file if auth_type other than \"any\" is used.\n\nWARNING: this secret is stored in the world-readable Nix store!\nUse [](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) if the\nURL contains a secret.\n", "example": {"_type": "literalExpression", "text": "\"postgres://admin:@localhost:6432/pgbouncer?sslmode=require\""}, "loc": ["services", "prometheus", "exporters", "pgbouncer", "connectionString"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.pgbouncer.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus pgbouncer exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "pgbouncer", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pgbouncer.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options when launching Prometheus.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.pgbouncer.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.pgbouncer.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9127\"\n"}, "loc": ["services", "prometheus", "exporters", "pgbouncer", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.pgbouncer.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.pgbouncer.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9127 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "pgbouncer", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.pgbouncer.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pgbouncer-exporter\""}, "description": "Group under which the pgbouncer exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pgbouncer.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pgbouncer.logFormat": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"logfmt\""}, "description": "Output format of log messages. One of: [logfmt, json]\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "logFormat"], "readOnly": false, "type": "one of \"logfmt\", \"json\""}, "services.prometheus.exporters.pgbouncer.logLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Only log messages with the given severity or above.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.prometheus.exporters.pgbouncer.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pgbouncer.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-pgbouncer-exporter"}, "description": "The prometheus-pgbouncer-exporter package to use.", "loc": ["services", "prometheus", "exporters", "pgbouncer", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.pgbouncer.pidFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to PgBouncer pid file.\n\nIf provided, the standard process metrics get exported for the PgBouncer\nprocess, prefixed with 'pgbouncer_process_...'. The pgbouncer_process exporter\nneeds to have read access to files owned by the PgBouncer process. Depends on\nthe availability of /proc.\n\n<https://prometheus.io/docs/instrumenting/writing_clientlibs/#process-metrics>.\n\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "pidFile"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.pgbouncer.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9127"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.pgbouncer.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pgbouncer.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pgbouncer-exporter\""}, "description": "User name under which the pgbouncer exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pgbouncer.webConfigFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file that can enable TLS or authentication.\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "webConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.pgbouncer.webSystemdSocket": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use systemd socket activation listeners instead of port listeners (Linux only).\n", "loc": ["services", "prometheus", "exporters", "pgbouncer", "webSystemdSocket"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.php-fpm.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus php-fpm exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "php-fpm", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.php-fpm.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the\nworld-readable Nix store, by specifying placeholder variables as\nthe option value in Nix and setting these variables accordingly in the\nenvironment file.\n\nEnvironment variables from this file will be interpolated into the\nconfig file using envsubst with this syntax:\n`$ENVIRONMENT ${VARIABLE}`\n\nFor variables to use see [options and defaults](https://github.com/hipages/php-fpm_exporter#options-and-defaults).\n\nThe main use is to set the PHP_FPM_SCRAPE_URI that indicate how to connect to PHP-FPM process.\n\n```\n  # Content of the environment file\n  PHP_FPM_SCRAPE_URI=\"unix:///tmp/php.sock;/status\"\n```\n\nNote that this file needs to be available on the host on which\nthis exporter is running.\n", "example": {"_type": "literalExpression", "text": "\"/root/prometheus-php-fpm-exporter.env\""}, "loc": ["services", "prometheus", "exporters", "php-fpm", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.php-fpm.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the php-fpm exporter.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.php-fpm.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.php-fpm.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9253\"\n"}, "loc": ["services", "prometheus", "exporters", "php-fpm", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.php-fpm.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.php-fpm.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9253 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "php-fpm", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.php-fpm.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"php-fpm-exporter\""}, "description": "Group under which the php-fpm exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.php-fpm.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.php-fpm.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.php-fpm.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-php-fpm-exporter"}, "description": "The prometheus-php-fpm-exporter package to use.", "loc": ["services", "prometheus", "exporters", "php-fpm", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.php-fpm.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9253"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.php-fpm.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.php-fpm.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"php-fpm-exporter\""}, "description": "User name under which the php-fpm exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "php-fpm", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.apiToken": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Pi-Hole API token which can be used instead of a password\n", "example": {"_type": "literalExpression", "text": "\"580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003\""}, "loc": ["services", "prometheus", "exporters", "pihole", "apiToken"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus pihole exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "pihole", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pihole.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the pihole exporter.\n", "loc": ["services", "prometheus", "exporters", "pihole", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.pihole.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.pihole.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9617\"\n"}, "loc": ["services", "prometheus", "exporters", "pihole", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.pihole.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.pihole.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9617 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "pihole", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.pihole.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pihole-exporter\""}, "description": "Group under which the pihole exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "pihole", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "pihole", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "pihole", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pihole.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The password to login into Pi-Hole. An api token can be used instead.\n", "example": {"_type": "literalExpression", "text": "\"password\""}, "loc": ["services", "prometheus", "exporters", "pihole", "password"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.piholeHostname": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pihole\""}, "description": "Hostname or address where to find the Pi-Hole webinterface\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "prometheus", "exporters", "pihole", "piholeHostname"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.piholePort": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "The port Pi-Hole webinterface is reachable on\n", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "prometheus", "exporters", "pihole", "piholePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.pihole.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9617"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "pihole", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.pihole.protocol": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "The protocol which is used to connect to Pi-Hole\n", "example": {"_type": "literalExpression", "text": "\"https\""}, "loc": ["services", "prometheus", "exporters", "pihole", "protocol"], "readOnly": false, "type": "one of \"http\", \"https\""}, "services.prometheus.exporters.pihole.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"5s\""}, "description": "Controls the timeout to connect to a Pi-Hole instance\n", "loc": ["services", "prometheus", "exporters", "pihole", "timeout"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pihole.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pihole-exporter\""}, "description": "User name under which the pihole exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "pihole", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ping.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus ping exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "ping", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ping.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the ping exporter.\n", "loc": ["services", "prometheus", "exporters", "ping", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.ping.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.ping.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9427\"\n"}, "loc": ["services", "prometheus", "exporters", "ping", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.ping.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.ping.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9427 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "ping", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.ping.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ping-exporter\""}, "description": "Group under which the ping exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ping", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ping.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "ping", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ping.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "ping", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.ping.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9427"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "ping", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.ping.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ping_exporter, see\n<https://github.com/czerwonk/ping_exporter>\nfor supported values.\n", "loc": ["services", "prometheus", "exporters", "ping", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.prometheus.exporters.ping.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "ping", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.ping.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"ping-exporter\""}, "description": "User name under which the ping exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "ping", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postfix.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus postfix exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "postfix", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.postfix.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the postfix exporter.\n", "loc": ["services", "prometheus", "exporters", "postfix", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.postfix.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.postfix.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9154\"\n"}, "loc": ["services", "prometheus", "exporters", "postfix", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.postfix.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.postfix.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9154 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "postfix", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.postfix.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Group under which the postfix exporter shall be run.\nIt should match the group that is allowed to access the\n`showq` socket in the `queue/public/` directory.\nDefaults to `services.postfix.setgidGroup` when postfix is enabled.\n", "loc": ["services", "prometheus", "exporters", "postfix", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postfix.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "postfix", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postfix.logfilePath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/postfix_exporter_input.log\""}, "description": "Path where Postfix writes log entries.\nThis file will be truncated by this exporter!\n", "example": {"_type": "literalExpression", "text": "\"/var/log/mail.log\""}, "loc": ["services", "prometheus", "exporters", "postfix", "logfilePath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.postfix.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "postfix", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.postfix.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-postfix-exporter"}, "description": "The prometheus-postfix-exporter package to use.", "loc": ["services", "prometheus", "exporters", "postfix", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.postfix.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9154"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "postfix", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.postfix.showqPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/postfix/queue/public/showq\""}, "description": "Path where Postfix places its showq socket.\n", "example": {"_type": "literalExpression", "text": "\"/var/spool/postfix/public/showq\""}, "loc": ["services", "prometheus", "exporters", "postfix", "showqPath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.postfix.systemd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable reading metrics from the systemd journal instead of from a logfile\n", "loc": ["services", "prometheus", "exporters", "postfix", "systemd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.postfix.systemd.journalPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the systemd journal.\n", "loc": ["services", "prometheus", "exporters", "postfix", "systemd", "journalPath"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.postfix.systemd.slice": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the postfix systemd slice.\nThis overrides the {option}`systemd.unit`.\n", "loc": ["services", "prometheus", "exporters", "postfix", "systemd", "slice"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.postfix.systemd.unit": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"postfix.service\""}, "description": "Name of the postfix systemd unit.\n", "loc": ["services", "prometheus", "exporters", "postfix", "systemd", "unit"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postfix.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "postfix", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postfix.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"postfix-exporter\""}, "description": "User name under which the postfix exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "postfix", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postgres.dataSourceName": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"user=postgres database=postgres host=/run/postgresql sslmode=disable\""}, "description": "Accepts PostgreSQL URI form and key=value form arguments.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://username:password@localhost:5432/postgres?sslmode=disable\""}, "loc": ["services", "prometheus", "exporters", "postgres", "dataSourceName"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postgres.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus postgres exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "postgres", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.postgres.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the\nworld-readable Nix store, by specifying placeholder variables as\nthe option value in Nix and setting these variables accordingly in the\nenvironment file.\n\nEnvironment variables from this file will be interpolated into the\nconfig file using envsubst with this syntax:\n`$ENVIRONMENT ${VARIABLE}`\n\nThe main use is to set the DATA_SOURCE_NAME that contains the\npostgres password\n\nnote that contents from this file will override dataSourceName\nif you have set it from nix.\n\n```\n  # Content of the environment file\n  DATA_SOURCE_NAME=postgresql://username:password@localhost:5432/postgres?sslmode=disable\n```\n\nNote that this file needs to be available on the host on which\nthis exporter is running.\n", "example": {"_type": "literalExpression", "text": "\"/root/prometheus-postgres-exporter.env\""}, "loc": ["services", "prometheus", "exporters", "postgres", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.postgres.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the postgres exporter.\n", "loc": ["services", "prometheus", "exporters", "postgres", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.postgres.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.postgres.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9187\"\n"}, "loc": ["services", "prometheus", "exporters", "postgres", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.postgres.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.postgres.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9187 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "postgres", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.postgres.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"postgres-exporter\""}, "description": "Group under which the postgres exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "postgres", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postgres.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "postgres", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postgres.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "postgres", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.postgres.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9187"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "postgres", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.postgres.runAsLocalSuperUser": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the exporter as the local 'postgres' super user.\n", "loc": ["services", "prometheus", "exporters", "postgres", "runAsLocalSuperUser"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.postgres.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "postgres", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.postgres.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"postgres-exporter\""}, "description": "User name under which the postgres exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "postgres", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.process.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus process exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "process", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.process.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the process exporter.\n", "loc": ["services", "prometheus", "exporters", "process", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.process.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.process.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9256\"\n"}, "loc": ["services", "prometheus", "exporters", "process", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.process.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.process.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9256 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "process", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.process.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"process-exporter\""}, "description": "Group under which the process exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "process", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.process.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "process", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.process.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "process", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.process.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9256"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "process", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.process.settings.process_names": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "All settings expressed as an Nix attrset.\n\nCheck the official documentation for the corresponding YAML\nsettings that can all be used here: <https://github.com/ncabatoff/process-exporter>\n", "example": {"_type": "literalExpression", "text": "[\n  # Remove nix store path from process name\n  { name = \"{{.Matches.Wrapped}} {{ .Matches.Args }}\"; cmdline = [ \"^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)\" ]; }\n]\n"}, "loc": ["services", "prometheus", "exporters", "process", "settings", "process_names"], "readOnly": false, "type": "list of anything"}, "services.prometheus.exporters.process.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"process-exporter\""}, "description": "User name under which the process exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "process", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pve.collectors.cluster": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect PVE cluster info\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "cluster"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.collectors.config": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect PVE onboot status\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "config"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.collectors.node": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect PVE node info\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "node"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.collectors.replication": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect PVE replication info\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "replication"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.collectors.resources": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect PVE resources info\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "resources"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.collectors.status": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect Node/VM/CT status\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "status"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.collectors.version": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect PVE version info\n", "loc": ["services", "prometheus", "exporters", "pve", "collectors", "version"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the service's config file. This path can either be a computed path in /nix/store or a path in the local filesystem.\n\nThe config file should NOT be stored in /nix/store as it will contain passwords and/or keys in plain text.\n\nIf both configFile and environmentFile are provided, the configFile option will be ignored.\n\nConfiguration reference: <https://github.com/prometheus-pve/prometheus-pve-exporter/#authentication>\n", "example": {"_type": "literalExpression", "text": "\"/etc/prometheus-pve-exporter/pve.yml\""}, "loc": ["services", "prometheus", "exporters", "pve", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.pve.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus pve exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "pve", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the service's environment file. This path can either be a computed path in /nix/store or a path in the local filesystem.\n\nThe environment file should NOT be stored in /nix/store as it contains passwords and/or keys in plain text.\n\nEnvironment reference: <https://github.com/prometheus-pve/prometheus-pve-exporter#authentication>\n", "example": {"_type": "literalExpression", "text": "\"/etc/prometheus-pve-exporter/pve.env\""}, "loc": ["services", "prometheus", "exporters", "pve", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.pve.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the pve exporter.\n", "loc": ["services", "prometheus", "exporters", "pve", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.pve.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.pve.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9221\"\n"}, "loc": ["services", "prometheus", "exporters", "pve", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.pve.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.pve.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9221 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "pve", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.pve.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pve-exporter\""}, "description": "Group under which the pve exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "pve", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pve.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "pve", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.pve.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "pve", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.pve.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-pve-exporter"}, "description": "The prometheus-pve-exporter package to use.", "loc": ["services", "prometheus", "exporters", "pve", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.pve.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9221"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "pve", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.pve.server.certFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a SSL certificate file for the server\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/prometheus-pve-exporter/full-chain.pem\""}, "loc": ["services", "prometheus", "exporters", "pve", "server", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.pve.server.keyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a SSL private key file for the server\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/prometheus-pve-exporter/privkey.key\""}, "loc": ["services", "prometheus", "exporters", "pve", "server", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.pve.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"pve-exporter\""}, "description": "User name under which the pve exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "pve", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.py-air-control.deviceHostname": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "The hostname of the air purification device from which to scrape the metrics.\n", "example": {"_type": "literalExpression", "text": "\"192.168.1.123\""}, "loc": ["services", "prometheus", "exporters", "py-air-control", "deviceHostname"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.py-air-control.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus py-air-control exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "py-air-control", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.py-air-control.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the py-air-control exporter.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.py-air-control.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.py-air-control.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9896\"\n"}, "loc": ["services", "prometheus", "exporters", "py-air-control", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.py-air-control.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.py-air-control.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9896 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "py-air-control", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.py-air-control.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"py-air-control-exporter\""}, "description": "Group under which the py-air-control exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.py-air-control.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.py-air-control.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.py-air-control.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9896"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.py-air-control.protocol": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "The protocol to use when communicating with the air purification device.\nAvailable: [http, coap, plain_coap]\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "protocol"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.py-air-control.stateDir": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"prometheus-py-air-control-exporter\""}, "description": "Directory below `/var/lib` to store runtime data.\nThis directory will be created automatically using systemd's StateDirectory mechanism.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "stateDir"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.py-air-control.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"py-air-control-exporter\""}, "description": "User name under which the py-air-control exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "py-air-control", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rasdaemon.databasePath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rasdaemon/ras-mc_event.db\""}, "description": "Path to the RAS daemon machine check event database.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "databasePath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.rasdaemon.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus rasdaemon exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "rasdaemon", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.rasdaemon.enabledCollectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"aer\"\n  \"mce\"\n  \"mc\"\n]"}, "description": "List of error types to collect from the event database.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "enabledCollectors"], "readOnly": false, "type": "list of (one of \"aer\", \"mce\", \"mc\", \"extlog\", \"devlink\", \"disk\")"}, "services.prometheus.exporters.rasdaemon.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the rasdaemon exporter.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.rasdaemon.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.rasdaemon.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 10029\"\n"}, "loc": ["services", "prometheus", "exporters", "rasdaemon", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.rasdaemon.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.rasdaemon.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 10029 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "rasdaemon", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.rasdaemon.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rasdaemon-exporter\""}, "description": "Group under which the rasdaemon exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rasdaemon.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rasdaemon.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.rasdaemon.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "10029"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.rasdaemon.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rasdaemon-exporter\""}, "description": "User name under which the rasdaemon exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "rasdaemon", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.redis.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus redis exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "redis", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.redis.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the redis exporter.\n", "loc": ["services", "prometheus", "exporters", "redis", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.redis.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.redis.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9121\"\n"}, "loc": ["services", "prometheus", "exporters", "redis", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.redis.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.redis.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9121 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "redis", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.redis.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"redis-exporter\""}, "description": "Group under which the redis exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "redis", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.redis.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "redis", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.redis.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "redis", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.redis.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9121"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.redis.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"redis-exporter\""}, "description": "User name under which the redis exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "redis", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.restic.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus restic exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "restic", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.restic.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the credentials to access the repository, in the\nformat of an EnvironmentFile as described by {manpage}`systemd.exec(5)`\n", "loc": ["services", "prometheus", "exporters", "restic", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.restic.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the restic exporter.\n", "loc": ["services", "prometheus", "exporters", "restic", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.restic.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.restic.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9753\"\n"}, "loc": ["services", "prometheus", "exporters", "restic", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.restic.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.restic.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9753 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "restic", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.restic.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"restic-exporter\""}, "description": "Group under which the restic exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "restic", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.restic.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "restic", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.restic.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "restic", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.restic.passwordFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File containing the password to the repository.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/restic-password\""}, "loc": ["services", "prometheus", "exporters", "restic", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.restic.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9753"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "restic", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.restic.rcloneConfig": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for the rclone remote being used for backup.\nSee the remote's specific options under rclone's docs at\n<https://rclone.org/docs/>. When specifying\noption names, use the \"config\" name specified in the docs.\nFor example, to set `--b2-hard-delete` for a B2\nremote, use `hard_delete = true` in the\nattribute set.\n\n::: {.warning}\nSecrets set in here will be world-readable in the Nix\nstore! Consider using the {option}`rcloneConfigFile`\noption instead to specify secret values separately. Note that\noptions set here will override those set in the config file.\n:::\n", "loc": ["services", "prometheus", "exporters", "restic", "rcloneConfig"], "readOnly": false, "type": "attribute set of (string or boolean)"}, "services.prometheus.exporters.restic.rcloneConfigFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing rclone configuration. This file\nmust contain configuration for the remote specified in this backup\nset and also must be readable by root.\n\n::: {.caution}\nOptions set in `rcloneConfig` will override those set in this\nfile.\n:::\n", "loc": ["services", "prometheus", "exporters", "restic", "rcloneConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.restic.rcloneOptions": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options to pass to rclone to control its behavior.\nSee <https://rclone.org/docs/#options> for\navailable options. When specifying option names, strip the\nleading `--`. To set a flag such as\n`--drive-use-trash`, which does not take a value,\nset the value to the Boolean `true`.\n", "loc": ["services", "prometheus", "exporters", "restic", "rcloneOptions"], "readOnly": false, "type": "attribute set of (string or boolean)"}, "services.prometheus.exporters.restic.refreshInterval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Refresh interval for the metrics in seconds.\nComputing the metrics is an expensive task, keep this value as high as possible.\n", "loc": ["services", "prometheus", "exporters", "restic", "refreshInterval"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.prometheus.exporters.restic.repository": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URI pointing to the repository to monitor.\n", "example": {"_type": "literalExpression", "text": "\"sftp:backup@192.168.1.100:/backups/example\""}, "loc": ["services", "prometheus", "exporters", "restic", "repository"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.restic.repositoryFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the URI for the repository to monitor.\n", "loc": ["services", "prometheus", "exporters", "restic", "repositoryFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.restic.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"restic-exporter\""}, "description": "User name under which the restic exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "restic", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rspamd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus rspamd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "rspamd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.rspamd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the rspamd exporter.\n", "loc": ["services", "prometheus", "exporters", "rspamd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.rspamd.extraLabels": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ host = config.networking.hostName; }"}, "description": "Set of labels added to each metric.", "example": {"_type": "literalExpression", "text": "{\n  host = config.networking.hostName;\n  custom_label = \"some_value\";\n}\n"}, "loc": ["services", "prometheus", "exporters", "rspamd", "extraLabels"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.exporters.rspamd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.rspamd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 7980\"\n"}, "loc": ["services", "prometheus", "exporters", "rspamd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.rspamd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.rspamd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 7980 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "rspamd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.rspamd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rspamd-exporter\""}, "description": "Group under which the rspamd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "rspamd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rspamd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "rspamd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rspamd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "rspamd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.rspamd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "7980"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "rspamd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.rspamd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rspamd-exporter\""}, "description": "User name under which the rspamd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "rspamd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.channels": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of channel matchers to export.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    channel = 6543;\n    location = \"Kitchen\";\n    name = \"Acurite\";\n  }\n]"}, "loc": ["services", "prometheus", "exporters", "rtl_433", "channels"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.exporters.rtl_433.channels.*.channel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Channel to match.", "loc": ["services", "prometheus", "exporters", "rtl_433", "channels", "*", "channel"], "readOnly": false, "type": "signed integer"}, "services.prometheus.exporters.rtl_433.channels.*.location": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Location to match.", "loc": ["services", "prometheus", "exporters", "rtl_433", "channels", "*", "location"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.channels.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Name to match.", "loc": ["services", "prometheus", "exporters", "rtl_433", "channels", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus rtl_433 exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "rtl_433", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.rtl_433.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the rtl_433 exporter.\n", "loc": ["services", "prometheus", "exporters", "rtl_433", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.rtl_433.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.rtl_433.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9550\"\n"}, "loc": ["services", "prometheus", "exporters", "rtl_433", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.rtl_433.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.rtl_433.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9550 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "rtl_433", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.rtl_433.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rtl_433-exporter\""}, "description": "Group under which the rtl_433 exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "rtl_433", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.ids": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of ID matchers to export.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    id = 1;\n    location = \"Bedroom\";\n    name = \"Nexus\";\n  }\n]"}, "loc": ["services", "prometheus", "exporters", "rtl_433", "ids"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.exporters.rtl_433.ids.*.id": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "ID to match.", "loc": ["services", "prometheus", "exporters", "rtl_433", "ids", "*", "id"], "readOnly": false, "type": "signed integer"}, "services.prometheus.exporters.rtl_433.ids.*.location": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Location to match.", "loc": ["services", "prometheus", "exporters", "rtl_433", "ids", "*", "location"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.ids.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Name to match.", "loc": ["services", "prometheus", "exporters", "rtl_433", "ids", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "rtl_433", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "rtl_433", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.rtl_433.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9550"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "rtl_433", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.rtl_433.rtl433Flags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"-C si\""}, "description": "Flags passed verbatim to rtl_433 binary.\nHaving `-C si` (the default) is recommended since only Celsius temperatures are parsed.\n", "example": {"_type": "literalExpression", "text": "\"-C si -R 19\""}, "loc": ["services", "prometheus", "exporters", "rtl_433", "rtl433Flags"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.rtl_433.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"rtl_433-exporter\""}, "description": "User name under which the rtl_433 exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "rtl_433", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sabnzbd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus sabnzbd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "sabnzbd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.sabnzbd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the sabnzbd exporter.\n", "loc": ["services", "prometheus", "exporters", "sabnzbd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.sabnzbd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.sabnzbd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9387\"\n"}, "loc": ["services", "prometheus", "exporters", "sabnzbd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.sabnzbd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.sabnzbd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9387 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "sabnzbd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.sabnzbd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"sabnzbd-exporter\""}, "description": "Group under which the sabnzbd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "sabnzbd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sabnzbd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "sabnzbd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sabnzbd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "sabnzbd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.sabnzbd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9387"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "sabnzbd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.sabnzbd.servers": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "List of sabnzbd servers to connect to.", "loc": ["services", "prometheus", "exporters", "sabnzbd", "servers"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.exporters.sabnzbd.servers.*.apiKeyFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "The path to a file containing the API key.\nThe file is securely passed to the service by leveraging systemd credentials.\nNo special permissions need to be set on this file.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/sabnzbd_apikey\""}, "loc": ["services", "prometheus", "exporters", "sabnzbd", "servers", "*", "apiKeyFile"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sabnzbd.servers.*.baseUrl": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Base URL of the sabnzbd server.", "example": {"_type": "literalExpression", "text": "\"http://localhost:8080/sabnzbd\""}, "loc": ["services", "prometheus", "exporters", "sabnzbd", "servers", "*", "baseUrl"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sabnzbd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"sabnzbd-exporter\""}, "description": "User name under which the sabnzbd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "sabnzbd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.scaphandre.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus scaphandre exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "scaphandre", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.scaphandre.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the scaphandre exporter.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.scaphandre.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.scaphandre.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 8080\"\n"}, "loc": ["services", "prometheus", "exporters", "scaphandre", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.scaphandre.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.scaphandre.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 8080 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "scaphandre", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.scaphandre.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"scaphandre-exporter\""}, "description": "Group under which the scaphandre exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.scaphandre.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.scaphandre.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.scaphandre.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.scaphandre.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.scaphandre.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"scaphandre-exporter\""}, "description": "User name under which the scaphandre exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "scaphandre", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.script.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus script exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "script", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.script.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the script exporter.\n", "loc": ["services", "prometheus", "exporters", "script", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.script.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.script.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9172\"\n"}, "loc": ["services", "prometheus", "exporters", "script", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.script.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.script.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9172 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "script", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.script.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"script-exporter\""}, "description": "Group under which the script exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "script", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.script.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "script", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.script.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "script", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.script.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9172"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "script", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.script.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.\n\n**Migration note:**\nThe previous format using `script = \"sleep 5\"` is no longer supported. You must use `command` (list) and `args` (list), e.g. `{ command = [ \"sleep\" ]; args = [ \"5\" ]; }`.\n\nSee the official documentation for all available options: <https://github.com/ricoberger/script_exporter#configuration-file>\n", "example": {"_type": "literalExpression", "text": "{\n  scripts = [\n    { name = \"sleep\"; command = [ \"sleep\" ]; args = [ \"5\" ]; }\n  ];\n}\n"}, "loc": ["services", "prometheus", "exporters", "script", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.prometheus.exporters.script.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"script-exporter\""}, "description": "User name under which the script exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "script", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.shelly.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus shelly exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "shelly", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.shelly.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the shelly exporter.\n", "loc": ["services", "prometheus", "exporters", "shelly", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.shelly.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.shelly.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9784\"\n"}, "loc": ["services", "prometheus", "exporters", "shelly", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.shelly.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.shelly.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9784 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "shelly", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.shelly.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"shelly-exporter\""}, "description": "Group under which the shelly exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "shelly", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.shelly.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "shelly", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.shelly.metrics-file": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Path to the JSON file with the metric definitions\n", "loc": ["services", "prometheus", "exporters", "shelly", "metrics-file"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.shelly.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "shelly", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.shelly.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9784"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "shelly", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.shelly.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"shelly-exporter\""}, "description": "User name under which the shelly exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "shelly", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smartctl.devices": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to the disks that will be monitored. Will autodiscover\nall disks if none given.\n", "example": {"_type": "literalExpression", "text": "[ \"/dev/sda\", \"/dev/nvme0n1\" ];\n"}, "loc": ["services", "prometheus", "exporters", "smartctl", "devices"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.smartctl.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus smartctl exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "smartctl", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.smartctl.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the smartctl exporter.\n", "loc": ["services", "prometheus", "exporters", "smartctl", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.smartctl.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.smartctl.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9633\"\n"}, "loc": ["services", "prometheus", "exporters", "smartctl", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.smartctl.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.smartctl.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9633 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "smartctl", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.smartctl.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"smartctl-exporter\""}, "description": "Group under which the smartctl exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "smartctl", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smartctl.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "smartctl", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smartctl.maxInterval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"60s\""}, "description": "Interval that limits how often a disk can be queried.\n", "example": {"_type": "literalExpression", "text": "\"2m\""}, "loc": ["services", "prometheus", "exporters", "smartctl", "maxInterval"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smartctl.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "smartctl", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.smartctl.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9633"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "smartctl", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.smartctl.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"smartctl-exporter\""}, "description": "User name under which the smartctl exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "smartctl", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smokeping.buckets": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"5e-05,0.0001,0.0002,0.0004,0.0008,0.0016,0.0032,0.0064,0.0128,0.0256,0.0512,0.1024,0.2048,0.4096,0.8192,1.6384,3.2768,6.5536,13.1072,26.2144\""}, "description": "List of buckets to use for the response duration histogram.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "buckets"], "readOnly": false, "type": "strings concatenated with \",\""}, "services.prometheus.exporters.smokeping.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus smokeping exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "smokeping", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.smokeping.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the smokeping exporter.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.smokeping.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.smokeping.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9374\"\n"}, "loc": ["services", "prometheus", "exporters", "smokeping", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.smokeping.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.smokeping.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9374 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "smokeping", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.smokeping.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"smokeping-exporter\""}, "description": "Group under which the smokeping exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smokeping.hosts": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "List of endpoints to probe.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "hosts"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.smokeping.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smokeping.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.smokeping.pingInterval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"1s\""}, "description": "Interval between pings.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "pingInterval"], "readOnly": false, "type": "Go duration (https://golang.org/pkg/time/#ParseDuration)"}, "services.prometheus.exporters.smokeping.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9374"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.smokeping.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.smokeping.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"smokeping-exporter\""}, "description": "User name under which the smokeping exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "smokeping", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.snmp.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option.\n", "example": {"_type": "literalExpression", "text": "{\n  auths = {\n    public_v2 = {\n      community = \"public\";\n      version = 2;\n    };\n  };\n}"}, "loc": ["services", "prometheus", "exporters", "snmp", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.exporters.snmp.configurationPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option.\n", "example": {"_type": "literalExpression", "text": "./snmp.yml"}, "loc": ["services", "prometheus", "exporters", "snmp", "configurationPath"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.snmp.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus snmp exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "snmp", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.snmp.enableConfigCheck": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run a correctness check for the configuration file. This depends\non the configuration file residing in the nix-store. Paths passed as string will\nbe copied to the store.\n", "loc": ["services", "prometheus", "exporters", "snmp", "enableConfigCheck"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.snmp.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "EnvironmentFile as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the\nworld-readable Nix store, by specifying placeholder variables as\nthe option value in Nix and setting these variables accordingly in the\nenvironment file.\n\nEnvironment variables from this file will be interpolated into the\nconfig file using envsubst with this syntax:\n`$ENVIRONMENT ${VARIABLE}`\n\nFor variables to use see [Prometheus Configuration](https://github.com/prometheus/snmp_exporter#prometheus-configuration).\n\nIf the file path is set to this option, the parameter\n`--config.expand-environment-variables` is implicitly added to\n`ExecStart`.\n\nNote that this file needs to be available on the host on which\nthis exporter is running.\n", "example": {"_type": "literalExpression", "text": "\"/root/prometheus-snmp-exporter.env\""}, "loc": ["services", "prometheus", "exporters", "snmp", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.snmp.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the snmp exporter.\n", "loc": ["services", "prometheus", "exporters", "snmp", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.snmp.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.snmp.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9116\"\n"}, "loc": ["services", "prometheus", "exporters", "snmp", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.snmp.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.snmp.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9116 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "snmp", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.snmp.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"snmp-exporter\""}, "description": "Group under which the snmp exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "snmp", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.snmp.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "snmp", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.snmp.logFormat": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"logfmt\""}, "description": "Output format of log messages.\n", "loc": ["services", "prometheus", "exporters", "snmp", "logFormat"], "readOnly": false, "type": "one of \"logfmt\", \"json\""}, "services.prometheus.exporters.snmp.logLevel": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Only log messages with the given severity or above.\n", "loc": ["services", "prometheus", "exporters", "snmp", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.prometheus.exporters.snmp.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "snmp", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.snmp.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9116"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "snmp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.snmp.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"snmp-exporter\""}, "description": "User name under which the snmp exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "snmp", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sql.configFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file.\n", "loc": ["services", "prometheus", "exporters", "sql", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.sql.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Exporter configuration as nix attribute set. Mutually exclusive with 'configFile' option.\n", "loc": ["services", "prometheus", "exporters", "sql", "configuration"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.exporters.sql.configuration.jobs": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attrset of metrics scraping jobs to run.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.connections": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "A list of connection strings of the SQL servers to scrape metrics from", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "connections"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "How often to run this job, specified in\n[Go duration](https://golang.org/pkg/time/#ParseDuration) format.\n", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "interval"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.queries": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "SQL queries to run.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "queries"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.help": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A human-readable description of this metric.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "queries", "<name>", "help"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A set of columns that will be used as Prometheus labels.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "queries", "<name>", "labels"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.query": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "The SQL query to run.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "queries", "<name>", "query"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.values": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "A set of columns that will be used as values of this metric.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "queries", "<name>", "values"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of SQL statements to execute once after making a connection.", "loc": ["services", "prometheus", "exporters", "sql", "configuration", "jobs", "<name>", "startupSql"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.sql.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus sql exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "sql", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.sql.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the sql exporter.\n", "loc": ["services", "prometheus", "exporters", "sql", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.sql.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.sql.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9237\"\n"}, "loc": ["services", "prometheus", "exporters", "sql", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.sql.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.sql.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9237 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "sql", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.sql.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"sql-exporter\""}, "description": "Group under which the sql exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "sql", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sql.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "sql", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.sql.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "sql", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.sql.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9237"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "sql", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.sql.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"sql-exporter\""}, "description": "User name under which the sql exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "sql", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.statsd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus statsd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "statsd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.statsd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the statsd exporter.\n", "loc": ["services", "prometheus", "exporters", "statsd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.statsd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.statsd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9102\"\n"}, "loc": ["services", "prometheus", "exporters", "statsd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.statsd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.statsd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9102 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "statsd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.statsd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"statsd-exporter\""}, "description": "Group under which the statsd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "statsd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.statsd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "statsd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.statsd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "statsd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.statsd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9102"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "statsd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.statsd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"statsd-exporter\""}, "description": "User name under which the statsd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "statsd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.storagebox.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus storagebox exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "storagebox", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.storagebox.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the storagebox exporter.\n", "loc": ["services", "prometheus", "exporters", "storagebox", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.storagebox.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.storagebox.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9509\"\n"}, "loc": ["services", "prometheus", "exporters", "storagebox", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.storagebox.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.storagebox.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9509 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "storagebox", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.storagebox.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"storagebox-exporter\""}, "description": "Group under which the storagebox exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "storagebox", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.storagebox.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "storagebox", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.storagebox.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "storagebox", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.storagebox.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-storagebox-exporter"}, "description": "The prometheus-storagebox-exporter package to use.", "loc": ["services", "prometheus", "exporters", "storagebox", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.storagebox.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9509"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "storagebox", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.storagebox.tokenFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "File that contains the Hetzner API token to use.", "loc": ["services", "prometheus", "exporters", "storagebox", "tokenFile"], "readOnly": false, "type": "absolute path not in the Nix store"}, "services.prometheus.exporters.storagebox.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"storagebox-exporter\""}, "description": "User name under which the storagebox exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "storagebox", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.surfboard.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus surfboard exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "surfboard", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.surfboard.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the surfboard exporter.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.surfboard.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.surfboard.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9239\"\n"}, "loc": ["services", "prometheus", "exporters", "surfboard", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.surfboard.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.surfboard.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9239 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "surfboard", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.surfboard.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"surfboard-exporter\""}, "description": "Group under which the surfboard exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.surfboard.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.surfboard.modemAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"192.168.100.1\""}, "description": "The hostname or IP of the cable modem.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "modemAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.surfboard.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.surfboard.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9239"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.surfboard.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"surfboard-exporter\""}, "description": "User name under which the surfboard exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "surfboard", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.systemd.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus systemd exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "systemd", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.systemd.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the systemd exporter.\n", "loc": ["services", "prometheus", "exporters", "systemd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.systemd.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.systemd.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9558\"\n"}, "loc": ["services", "prometheus", "exporters", "systemd", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.systemd.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.systemd.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9558 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "systemd", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.systemd.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"systemd-exporter\""}, "description": "Group under which the systemd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "systemd", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.systemd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "systemd", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.systemd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "systemd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.systemd.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9558"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "systemd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.systemd.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"systemd-exporter\""}, "description": "User name under which the systemd exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "systemd", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.tailscale.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus tailscale exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "tailscale", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.tailscale.environmentFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "description": "Environment file containg at least the TAILSCALE_TAILNET,\nTAILSCALE_OAUTH_CLIENT_ID, and TAILSCALE_OAUTH_CLIENT_SECRET\nenvironment variables.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "environmentFile"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.tailscale.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the tailscale exporter.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.tailscale.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.tailscale.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9250\"\n"}, "loc": ["services", "prometheus", "exporters", "tailscale", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.tailscale.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.tailscale.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9250 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "tailscale", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.tailscale.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"tailscale-exporter\""}, "description": "Group under which the tailscale exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.tailscale.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.tailscale.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.tailscale.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-tailscale-exporter"}, "description": "The prometheus-tailscale-exporter package to use.", "loc": ["services", "prometheus", "exporters", "tailscale", "package"], "readOnly": false, "type": "package"}, "services.prometheus.exporters.tailscale.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9250"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.tailscale.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"tailscale-exporter\""}, "description": "User name under which the tailscale exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "tailscale", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.tibber.apiTokenPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Add here the path to your personal Tibber API Token ('Bearer Token') File.\nGet your personal Tibber API Token here: <https://developer.tibber.com>\nDo not share your personal plaintext Tibber API Token via github. (see: ryantm/agenix, mic92/sops)\n", "loc": ["services", "prometheus", "exporters", "tibber", "apiTokenPath"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.tibber.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus tibber exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "tibber", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.tibber.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the tibber exporter.\n", "loc": ["services", "prometheus", "exporters", "tibber", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.tibber.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.tibber.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9489\"\n"}, "loc": ["services", "prometheus", "exporters", "tibber", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.tibber.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.tibber.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9489 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "tibber", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.tibber.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"tibber-exporter\""}, "description": "Group under which the tibber exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "tibber", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.tibber.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "tibber", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.tibber.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "tibber", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.tibber.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9489"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "tibber", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.tibber.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"tibber-exporter\""}, "description": "User name under which the tibber exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "tibber", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unbound.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus unbound exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "unbound", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unbound.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the unbound exporter.\n", "loc": ["services", "prometheus", "exporters", "unbound", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.unbound.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.unbound.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9167\"\n"}, "loc": ["services", "prometheus", "exporters", "unbound", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.unbound.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.unbound.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9167 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "unbound", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.unbound.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"unbound-exporter\""}, "description": "Group under which the unbound exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "unbound", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unbound.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "unbound", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unbound.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "unbound", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unbound.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9167"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "unbound", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.unbound.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "unbound", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unbound.unbound.ca": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/unbound/unbound_server.pem\""}, "description": "Path to the Unbound server certificate authority\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "prometheus", "exporters", "unbound", "unbound", "ca"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.unbound.unbound.certificate": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/unbound/unbound_control.pem\""}, "description": "Path to the Unbound control socket certificate\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "prometheus", "exporters", "unbound", "unbound", "certificate"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.unbound.unbound.host": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://127.0.0.1:8953\""}, "description": "Path to the unbound control socket. Supports unix domain sockets, as well as the TCP interface.\n", "example": {"_type": "literalExpression", "text": "\"unix:///run/unbound/unbound.socket\""}, "loc": ["services", "prometheus", "exporters", "unbound", "unbound", "host"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unbound.unbound.key": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/unbound/unbound_control.key\""}, "description": "Path to the Unbound control socket key.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "prometheus", "exporters", "unbound", "unbound", "key"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.exporters.unbound.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"unbound-exporter\""}, "description": "User name under which the unbound exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "unbound", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.controllers": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of Unifi controllers to poll. Use defaults if empty.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.exporters.unpoller.controllers.*.hash_pii": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hash, with md5, client names and MAC addresses. This attempts\nto protect personally identifiable information.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "hash_pii"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.pass": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "unpoller-unifi-default.password"}, "description": "Path of a file containing the password for the unifi service user.\nThis file needs to be readable by the unifi-poller user.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "pass"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.unpoller.controllers.*.save_alarms": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi alarms to influxdb and Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "save_alarms"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.save_anomalies": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi anomalies to influxdb and Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "save_anomalies"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.save_dpi": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from deep packet inspection.\nAdds around 150 data points and impacts performance.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "save_dpi"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.save_events": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi events to influxdb and Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "save_events"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.save_ids": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from the intrusion detection system to influxdb and Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "save_ids"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.save_sites": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect and save site data.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "save_sites"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.controllers.*.sites": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"all\""}, "description": "List of site names for which statistics should be exported.\nOr the string \"default\" for the default site or the string \"all\" for all sites.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "sites"], "readOnly": false, "type": "one of \"default\", \"all\" or list of string"}, "services.prometheus.exporters.unpoller.controllers.*.url": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"https://unifi:8443\""}, "description": "URL of the Unifi controller.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.controllers.*.user": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"unifi\""}, "description": "Unifi service user name.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.controllers.*.verify_ssl": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Verify the Unifi controller's certificate.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "controllers", "*", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus unpoller exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "unpoller", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the unpoller exporter.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.unpoller.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.unpoller.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9130\"\n"}, "loc": ["services", "prometheus", "exporters", "unpoller", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.unpoller.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.unpoller.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9130 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "unpoller", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.unpoller.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"unpoller-exporter\""}, "description": "Group under which the unpoller exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.log.debug": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging including line numbers, high resolution timestamps, per-device logs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "unpoller", "log", "debug"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.log.prometheusErrors": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable emitting errors to prometheus.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "unpoller", "log", "prometheusErrors"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.log.quiet": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable startup and error logs only.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "unpoller", "log", "quiet"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.loki.interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"2m\""}, "description": "How often the events are polled and pushed to Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "interval"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.loki.pass": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"unpoller-influxdb-default.password\""}, "description": "Path of a file containing the password for Loki.\nThis file needs to be readable by the unifi-poller user.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "pass"], "readOnly": false, "type": "absolute path"}, "services.prometheus.exporters.unpoller.loki.tenant_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Tenant ID to use in Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "tenant_id"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.loki.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"10s\""}, "description": "Should be increased in case of timeout errors.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "timeout"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.loki.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL of the Loki host.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "url"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.loki.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Username for Loki.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.unpoller.loki.verify_ssl": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Verify Loki's certificate.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "loki", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.unpoller.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9130"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.unpoller.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"unpoller-exporter\""}, "description": "User name under which the unpoller exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "unpoller", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.v2ray.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus v2ray exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "v2ray", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.v2ray.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the v2ray exporter.\n", "loc": ["services", "prometheus", "exporters", "v2ray", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.v2ray.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.v2ray.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9299\"\n"}, "loc": ["services", "prometheus", "exporters", "v2ray", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.v2ray.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.v2ray.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9299 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "v2ray", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.v2ray.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"v2ray-exporter\""}, "description": "Group under which the v2ray exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "v2ray", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.v2ray.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "v2ray", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.v2ray.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "v2ray", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.v2ray.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9299"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "v2ray", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.v2ray.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"v2ray-exporter\""}, "description": "User name under which the v2ray exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "v2ray", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.v2ray.v2rayEndpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:54321\""}, "description": "v2ray grpc api endpoint\n", "loc": ["services", "prometheus", "exporters", "v2ray", "v2rayEndpoint"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.varnish.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus varnish exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "varnish", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.varnish.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the varnish exporter.\n", "loc": ["services", "prometheus", "exporters", "varnish", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.varnish.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.varnish.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9131\"\n"}, "loc": ["services", "prometheus", "exporters", "varnish", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.varnish.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.varnish.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9131 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "varnish", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.varnish.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"varnish-exporter\""}, "description": "Group under which the varnish exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "varnish", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.varnish.healthPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path under which to expose healthcheck. Disabled unless configured.\n", "loc": ["services", "prometheus", "exporters", "varnish", "healthPath"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.varnish.instance": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "config.services.varnish.stateDir"}, "description": "varnishstat -n value.\n", "loc": ["services", "prometheus", "exporters", "varnish", "instance"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.varnish.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "varnish", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.varnish.noExit": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not exit server on Varnish scrape errors.\n", "loc": ["services", "prometheus", "exporters", "varnish", "noExit"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.varnish.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "varnish", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.varnish.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9131"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "varnish", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.varnish.raw": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable raw stdout logging without timestamps.\n", "loc": ["services", "prometheus", "exporters", "varnish", "raw"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.varnish.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "varnish", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.varnish.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"varnish-exporter\""}, "description": "User name under which the varnish exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "varnish", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.varnish.varnishStatPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"varnishstat\""}, "description": "Path to varnishstat.\n", "loc": ["services", "prometheus", "exporters", "varnish", "varnishStatPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.varnish.verbose": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable verbose logging.\n", "loc": ["services", "prometheus", "exporters", "varnish", "verbose"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.varnish.withGoMetrics": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Export go runtime and http handler metrics.\n", "loc": ["services", "prometheus", "exporters", "varnish", "withGoMetrics"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus wireguard exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "wireguard", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the wireguard exporter.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.wireguard.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.wireguard.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9586\"\n"}, "loc": ["services", "prometheus", "exporters", "wireguard", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.wireguard.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.wireguard.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9586 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "wireguard", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.wireguard.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"wireguard-exporter\""}, "description": "Group under which the wireguard exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.wireguard.interfaces": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specifies the interface(s) passed to the wg show <interface> dump parameter.\nBy default all interfaces are used.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "interfaces"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.wireguard.latestHandshakeDelay": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Adds the `wireguard_latest_handshake_delay_seconds` metric that automatically calculates the seconds passed since the last handshake.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "latestHandshakeDelay"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.wireguard.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9586"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.wireguard.prependSudo": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or no to prepend sudo to wg commands.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "prependSudo"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.singleSubnetPerField": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default, all allowed IPs and subnets are comma-separated in the\n`allowed_ips` field. With this option enabled,\na single IP and subnet will be listed in fields like `allowed_ip_0`,\n`allowed_ip_1` and so on.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "singleSubnetPerField"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"wireguard-exporter\""}, "description": "User name under which the wireguard exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "user"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.wireguard.verbose": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable verbose logging mode for prometheus-wireguard-exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "wireguard", "verbose"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.wireguard.wireguardConfig": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the Wireguard Config to\n[add the peer's name to the stats of a peer](https://github.com/MindFlavor/prometheus_wireguard_exporter/tree/2.0.0#usage).\n\nPlease note that `networking.wg-quick` is required for this feature\nas `networking.wireguard` uses\n{manpage}`wg(8)`\nto set the peers up.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "wireguardConfig"], "readOnly": false, "type": "null or absolute path or string"}, "services.prometheus.exporters.wireguard.withRemoteIp": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.\n", "loc": ["services", "prometheus", "exporters", "wireguard", "withRemoteIp"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.zfs.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prometheus zfs exporter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "exporters", "zfs", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.zfs.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to the zfs exporter.\n", "loc": ["services", "prometheus", "exporters", "zfs", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.exporters.zfs.firewallFilter": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a filter for iptables to use when\n{option}`services.prometheus.exporters.zfs.openFirewall`\nis true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.\n", "example": {"_type": "literalExpression", "text": "\"-i eth0 -p tcp -m tcp --dport 9134\"\n"}, "loc": ["services", "prometheus", "exporters", "zfs", "firewallFilter"], "readOnly": false, "type": "null or string"}, "services.prometheus.exporters.zfs.firewallRules": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify rules for nftables to add to the input chain\nwhen {option}`services.prometheus.exporters.zfs.openFirewall` is true.\n", "example": {"_type": "literalExpression", "text": "iifname \"eth0\" tcp dport 9134 counter accept\n"}, "loc": ["services", "prometheus", "exporters", "zfs", "firewallRules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.prometheus.exporters.zfs.group": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"zfs-exporter\""}, "description": "Group under which the zfs exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "zfs", "group"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.zfs.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "prometheus", "exporters", "zfs", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.zfs.openFirewall": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for incoming connections.\n", "loc": ["services", "prometheus", "exporters", "zfs", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prometheus.exporters.zfs.pools": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Name of the pool(s) to collect, repeat for multiple pools (default: all pools).\n", "loc": ["services", "prometheus", "exporters", "zfs", "pools"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.exporters.zfs.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "9134"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "exporters", "zfs", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.exporters.zfs.telemetryPath": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"/metrics\""}, "description": "Path under which to expose metrics.\n", "loc": ["services", "prometheus", "exporters", "zfs", "telemetryPath"], "readOnly": false, "type": "string"}, "services.prometheus.exporters.zfs.user": {"declarations": ["nixos/modules/services/monitoring/prometheus/exporters.nix"], "default": {"_type": "literalExpression", "text": "\"zfs-exporter\""}, "description": "User name under which the zfs exporter shall be run.\n", "loc": ["services", "prometheus", "exporters", "zfs", "user"], "readOnly": false, "type": "string"}, "services.prometheus.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options when launching Prometheus.\n", "loc": ["services", "prometheus", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.globalConfig": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameters that are valid in all  configuration contexts. They\nalso serve as defaults for other configuration sections\n", "loc": ["services", "prometheus", "globalConfig"], "readOnly": false, "type": "submodule"}, "services.prometheus.globalConfig.evaluation_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How frequently to evaluate rules by default.\n\nDefaults to ````1m```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "globalConfig", "evaluation_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.globalConfig.external_labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The labels to add to any time series or alerts when\ncommunicating with external systems (federation, remote\nstorage, Alertmanager).\n", "loc": ["services", "prometheus", "globalConfig", "external_labels"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.globalConfig.query_log_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file prometheus should write its query log to.\n", "loc": ["services", "prometheus", "globalConfig", "query_log_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.globalConfig.scrape_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How frequently to scrape targets by default.\n\nDefaults to ````1m```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "globalConfig", "scrape_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.globalConfig.scrape_timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long until a scrape request times out.\n\nDefaults to ````10s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "globalConfig", "scrape_timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.listenAddress": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on for the web interface, API, and telemetry.\n", "loc": ["services", "prometheus", "listenAddress"], "readOnly": false, "type": "string"}, "services.prometheus.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus"}, "description": "The prometheus package to use.", "loc": ["services", "prometheus", "package"], "readOnly": false, "type": "package"}, "services.prometheus.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "9090"}, "description": "Port to listen on.\n", "loc": ["services", "prometheus", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.pushgateway.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Prometheus Pushgateway.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "pushgateway", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.pushgateway.extraFlags": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options when launching the Pushgateway.\n", "loc": ["services", "prometheus", "pushgateway", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prometheus.pushgateway.log.format": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the log target and format.\n\n`null` will default to `logger:stderr`.\n", "example": {"_type": "literalExpression", "text": "\"logger:syslog?appname=bob&local=7\""}, "loc": ["services", "prometheus", "pushgateway", "log", "format"], "readOnly": false, "type": "null or string"}, "services.prometheus.pushgateway.log.level": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only log messages with the given severity or above.\n\n`null` will default to `info`.\n", "loc": ["services", "prometheus", "pushgateway", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.prometheus.pushgateway.package": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prometheus-pushgateway"}, "description": "The prometheus-pushgateway package to use.", "loc": ["services", "prometheus", "pushgateway", "package"], "readOnly": false, "type": "package"}, "services.prometheus.pushgateway.persistMetrics": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to persist metrics to a file.\n\nWhen enabled metrics will be saved to a file called\n`metrics` in the directory\n`/var/lib/pushgateway`. The directory below\n`/var/lib` can be set using\n{option}`services.prometheus.pushgateway.stateDir`.\n", "loc": ["services", "prometheus", "pushgateway", "persistMetrics"], "readOnly": false, "type": "boolean"}, "services.prometheus.pushgateway.persistence.interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The minimum interval at which to write out the persistence file.\n\n`null` will default to `5m`.\n", "example": {"_type": "literalExpression", "text": "\"10m\""}, "loc": ["services", "prometheus", "pushgateway", "persistence", "interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.pushgateway.stateDir": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "\"pushgateway\""}, "description": "Directory below `/var/lib` to store metrics.\n\nThis directory will be created automatically using systemd's\nStateDirectory mechanism when\n{option}`services.prometheus.pushgateway.persistMetrics`\nis enabled.\n", "loc": ["services", "prometheus", "pushgateway", "stateDir"], "readOnly": false, "type": "string"}, "services.prometheus.pushgateway.web.external-url": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL under which Pushgateway is externally reachable.\n", "loc": ["services", "prometheus", "pushgateway", "web", "external-url"], "readOnly": false, "type": "null or string"}, "services.prometheus.pushgateway.web.listen-address": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address to listen on for the web interface, API and telemetry.\n\n`null` will default to `:9091`.\n", "loc": ["services", "prometheus", "pushgateway", "web", "listen-address"], "readOnly": false, "type": "null or string"}, "services.prometheus.pushgateway.web.route-prefix": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Prefix for the internal routes of web endpoints.\n\nDefaults to the path of\n{option}`services.prometheus.pushgateway.web.external-url`.\n", "loc": ["services", "prometheus", "pushgateway", "web", "route-prefix"], "readOnly": false, "type": "null or string"}, "services.prometheus.pushgateway.web.telemetry-path": {"declarations": ["nixos/modules/services/monitoring/prometheus/pushgateway.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path under which to expose metrics.\n\n`null` will default to `/metrics`.\n", "loc": ["services", "prometheus", "pushgateway", "web", "telemetry-path"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Parameters of the endpoints to query from.\nSee [the official documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read) for more information.\n", "loc": ["services", "prometheus", "remoteRead"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.remoteRead.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every remote read request with the\nconfigured username and password.\npassword and password_file are mutually exclusive.\n", "loc": ["services", "prometheus", "remoteRead", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteRead.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "remoteRead", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "remoteRead", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "remoteRead", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.remoteRead.*.bearer_token": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every remote read request with\nthe configured bearer token. It is mutually exclusive with `bearer_token_file`.\n", "loc": ["services", "prometheus", "remoteRead", "*", "bearer_token"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.bearer_token_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every remote read request with the bearer token\nread from the configured file. It is mutually exclusive with `bearer_token`.\n", "loc": ["services", "prometheus", "remoteRead", "*", "bearer_token_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.headers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom HTTP headers to be sent along with each remote read request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n", "loc": ["services", "prometheus", "remoteRead", "*", "headers"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.remoteRead.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the remote read config, which if specified must be unique among remote read configs.\nThe name will be used in metrics and logging in place of a generated value to help users distinguish between\nremote read configs.\n", "loc": ["services", "prometheus", "remoteRead", "*", "name"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional Proxy URL.", "loc": ["services", "prometheus", "remoteRead", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.read_recent": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether reads should be made for queries for time ranges that\nthe local storage should have complete data for.\n", "loc": ["services", "prometheus", "remoteRead", "*", "read_recent"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.remoteRead.*.remote_timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for requests to the remote read endpoint.\n", "loc": ["services", "prometheus", "remoteRead", "*", "remote_timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.required_matchers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An optional list of equality matchers which have to be\npresent in a selector to query the remote read endpoint.\n", "loc": ["services", "prometheus", "remoteRead", "*", "required_matchers"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.remoteRead.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the remote read request's TLS settings.\n", "loc": ["services", "prometheus", "remoteRead", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteRead.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "remoteRead", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "remoteRead", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "remoteRead", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.remoteRead.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "remoteRead", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "remoteRead", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteRead.*.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "remoteRead", "*", "url"], "readOnly": false, "type": "string"}, "services.prometheus.remoteWrite": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Parameters of the endpoints to send samples to.\nSee [the official documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write) for more information.\n", "loc": ["services", "prometheus", "remoteWrite"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.remoteWrite.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every remote write request with the\nconfigured username and password.\npassword and password_file are mutually exclusive.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteWrite.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "remoteWrite", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "remoteWrite", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "remoteWrite", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.remoteWrite.*.bearer_token": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every remote write request with\nthe configured bearer token. It is mutually exclusive with `bearer_token_file`.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "bearer_token"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.bearer_token_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every remote write request with the bearer token\nread from the configured file. It is mutually exclusive with `bearer_token`.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "bearer_token_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.headers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "headers"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.remoteWrite.*.metadata_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the sending of series metadata to remote storage.\nMetadata configuration is subject to change at any point\nor be removed in future releases.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "metadata_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteWrite.*.metadata_config.send": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether metric metadata is sent to remote storage or not.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "metadata_config", "send"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.remoteWrite.*.metadata_config.send_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How frequently metric metadata is sent to remote storage.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "metadata_config", "send_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the remote write config, which if specified must be unique among remote write configs.\nThe name will be used in metrics and logging in place of a generated value to help users distinguish between\nremote write configs.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "name"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional Proxy URL.", "loc": ["services", "prometheus", "remoteWrite", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.queue_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the queue used to write to remote storage.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteWrite.*.queue_config.batch_send_deadline": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum time a sample will wait in buffer.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "batch_send_deadline"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.queue_config.capacity": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of samples to buffer per shard before we block reading of more\nsamples from the WAL. It is recommended to have enough capacity in each\nshard to buffer several requests to keep throughput up while processing\noccasional slow remote requests.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "capacity"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.remoteWrite.*.queue_config.max_backoff": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum retry delay.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "max_backoff"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.queue_config.max_samples_per_send": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of samples per send.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "max_samples_per_send"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.remoteWrite.*.queue_config.max_shards": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of shards, i.e. amount of concurrency.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "max_shards"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.remoteWrite.*.queue_config.min_backoff": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Initial retry delay. Gets doubled for every retry.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "min_backoff"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.queue_config.min_shards": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Minimum number of shards, i.e. amount of concurrency.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "queue_config", "min_shards"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.remoteWrite.*.remote_timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for requests to the remote write endpoint.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "remote_timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.sigv4": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures AWS Signature Version 4 settings.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "sigv4"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteWrite.*.sigv4.access_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Access Key ID.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "sigv4", "access_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.sigv4.profile": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The named AWS profile used to authenticate.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "sigv4", "profile"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.sigv4.region": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS region.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "sigv4", "region"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.sigv4.role_arn": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS role ARN.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "sigv4", "role_arn"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.sigv4.secret_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Secret Access Key.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "sigv4", "secret_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the remote write request's TLS settings.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.remoteWrite.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.remoteWrite.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "remoteWrite", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "remoteWrite", "*", "url"], "readOnly": false, "type": "string"}, "services.prometheus.remoteWrite.*.write_relabel_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of remote write relabel configurations.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.action": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Action to perform based on regex matching.\n\nDefaults to ````replace```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "action"], "readOnly": false, "type": "null or one of \"replace\", \"lowercase\", \"uppercase\", \"keep\", \"drop\", \"hashmod\", \"labelmap\", \"labeldrop\", \"labelkeep\""}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.modulus": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Modulus to take of the hash of the source label values.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "modulus"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.regex": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Regular expression against which the extracted value is matched.\n\nDefaults to ````(.*)```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "regex"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.replacement": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Replacement value against which a regex replace is performed if the\nregular expression matches.\n\nDefaults to ````$1```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "replacement"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Separator placed between concatenated source label values.\n\nDefaults to ````;```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.source_labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The source labels select values from existing labels. Their content\nis concatenated using the configured separator and matched against\nthe configured regular expression.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "source_labels"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.remoteWrite.*.write_relabel_configs.*.target_label": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions.\n", "loc": ["services", "prometheus", "remoteWrite", "*", "write_relabel_configs", "*", "target_label"], "readOnly": false, "type": "null or string"}, "services.prometheus.retentionTime": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to retain samples in storage.\n", "example": {"_type": "literalExpression", "text": "\"15d\""}, "loc": ["services", "prometheus", "retentionTime"], "readOnly": false, "type": "null or string"}, "services.prometheus.ruleFiles": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any additional rules files to include in this configuration.\n", "loc": ["services", "prometheus", "ruleFiles"], "readOnly": false, "type": "list of absolute path"}, "services.prometheus.rules": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Alerting and/or Recording rules to evaluate at runtime.\n", "loc": ["services", "prometheus", "rules"], "readOnly": false, "type": "list of string"}, "services.prometheus.sachet.address": {"declarations": ["nixos/modules/services/monitoring/prometheus/sachet.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address Sachet will listen to.\n", "loc": ["services", "prometheus", "sachet", "address"], "readOnly": false, "type": "string"}, "services.prometheus.sachet.configuration": {"declarations": ["nixos/modules/services/monitoring/prometheus/sachet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sachet's configuration as a nix attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  providers = {\n    twilio = {\n      # environment variables gets expanded at runtime\n      account_sid = \"$TWILIO_ACCOUNT\";\n      auth_token = \"$TWILIO_TOKEN\";\n    };\n  };\n  templates = [ ./some-template.tmpl ];\n  receivers = [{\n    name = \"pager\";\n    provider = \"twilio\";\n    to = [ \"+33123456789\" ];\n    text = \"{{ template \\\"message\\\" . }}\";\n  }];\n}\n"}, "loc": ["services", "prometheus", "sachet", "configuration"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.sachet.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/sachet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sachet, an SMS alerting tool for the Prometheus Alertmanager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "sachet", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.sachet.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/sachet.nix"], "default": {"_type": "literalExpression", "text": "9876"}, "description": "The port Sachet will listen to.\n", "loc": ["services", "prometheus", "sachet", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of scrape configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs"], "readOnly": false, "type": "list of (submodule)"}, "services.prometheus.scrapeConfigs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every scrape request with the configured credentials.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "authorization"], "readOnly": false, "type": "null or (attribute set)"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Azure service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.authentication_method": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The authentication method, either OAuth or ManagedIdentity.\nSee <https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview>\n\nDefaults to ````OAuth```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "authentication_method"], "readOnly": false, "type": "null or one of \"OAuth\", \"ManagedIdentity\""}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional client ID. Only required with authentication_method OAuth.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional client secret. Only required with authentication_method OAuth.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.environment": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Azure environment.\n\nDefaults to ````AzurePublicCloud```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "environment"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from. If using the public IP\naddress, this must instead be specified in the relabeling\nrule.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the instance list.\n\nDefaults to ````300s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.subscription_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The subscription ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "subscription_id"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tenant_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional tenant ID. Only required with authentication_method OAuth.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tenant_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "azure_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every scrape request with the\nconfigured username and password.\npassword and password_file are mutually exclusive.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.bearer_token": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every scrape request with\nthe configured bearer token. It is mutually exclusive with\n{option}`bearer_token_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "bearer_token"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.bearer_token_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the `Authorization` header on every scrape request with\nthe bearer token read from the configured file. It is mutually\nexclusive with {option}`bearer_token`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "bearer_token_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.body_size_limit": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An uncompressed response body larger than this many bytes will cause the\nscrape to fail. 0 means no limit. Example: 100MB.\nThis is an experimental feature, this behaviour could\nchange or be removed in the future.\n\nDefaults to ````0```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "body_size_limit"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Consul service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.allow_stale": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Allow stale Consul results\n(see <https://www.consul.io/api/index.html#consistency-modes>).\n\nWill reduce load on Consul.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "allow_stale"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.datacenter": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul datacenter", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "datacenter"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.node_meta": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Node metadata used to filter nodes for a given service.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "node_meta"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the provided names are refreshed.\n\nOn large setup it might be a good idea to increase this value\nbecause the catalog will change all the time.\n\nDefaults to ````30s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.scheme": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul scheme\nDefaults to ````http```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "scheme"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.server": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul server to query.\n\nDefaults to ````localhost:8500```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "server"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.services": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of services for which targets are retrieved.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "services"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tag_separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The string by which Consul tags are joined into the tag label.\n\nDefaults to ````,```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tag_separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tags": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An optional list of tags used to filter nodes for a given\nservice. Services must contain all tags in the list.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tags"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the Consul request's TLS settings.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.token": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul token", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "token"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.consul_sd_configs.*.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Consul username", "loc": ["services", "prometheus", "scrapeConfigs", "*", "consul_sd_configs", "*", "username"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of DigitalOcean service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the droplets are refreshed.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "digitalocean_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dns_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of DNS service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dns_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.dns_sd_configs.*.names": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "A list of DNS SRV record names to be queried.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dns_sd_configs", "*", "names"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.dns_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port number used if the query type is not SRV.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dns_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.dns_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the provided names are refreshed.\n\nDefaults to ````30s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dns_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dns_sd_configs.*.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The type of DNS query to perform.\n\nDefaults to ````SRV```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dns_sd_configs", "*", "type"], "readOnly": false, "type": "null or one of \"SRV\", \"A\", \"AAAA\", \"MX\", \"NS\""}, "services.prometheus.scrapeConfigs.*.docker_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Docker service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional filters to limit the discovery process to a subset of available resources.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "filters"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Name of the filter. The available filters are listed in the upstream documentation:\nServices: <https://docs.docker.com/engine/api/v1.40/#operation/ServiceList>\nTasks: <https://docs.docker.com/engine/api/v1.40/#operation/TaskList>\nNodes: <https://docs.docker.com/engine/api/v1.40/#operation/NodeList>\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "filters", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.values": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Value for the filter.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "filters", "*", "values"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Address of the Docker daemon.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "host"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host_networking_host": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The host to use if the container is in host networking mode.\n\nDefaults to ````localhost```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "host_networking_host"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the containers are refreshed.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "docker_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Docker Swarm service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional filters to limit the discovery process to a subset of available resources.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "filters"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Name of the filter. The available filters are listed in the upstream documentation:\nServices: <https://docs.docker.com/engine/api/v1.40/#operation/ServiceList>\nTasks: <https://docs.docker.com/engine/api/v1.40/#operation/TaskList>\nNodes: <https://docs.docker.com/engine/api/v1.40/#operation/NodeList>\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "filters", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.values": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Value for the filter.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "filters", "*", "values"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.host": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Address of the Docker daemon.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "host"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the containers are refreshed.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "role"], "readOnly": false, "type": "one of \"services\", \"tasks\", \"nodes\""}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "dockerswarm_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of EC2 service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.access_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS API key id. If blank, the environment variable\n`AWS_ACCESS_KEY_ID` is used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "access_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.endpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom endpoint to be used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "endpoint"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Filters can be used optionally to filter the instance list by other criteria.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "filters"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "See [this list](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html)\nfor the available filters.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "filters", "*", "name"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.values": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Value of the filter.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "filters", "*", "values"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from. If using the public IP\naddress, this must instead be specified in the relabeling\nrule.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.profile": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Named AWS profile used to connect to the API.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "profile"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the instance list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.region": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The AWS Region. If blank, the region from the instance metadata is used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "region"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.role_arn": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "AWS Role ARN, an alternative to using AWS API keys.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "role_arn"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.secret_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS API key secret. If blank, the environment variable\n `AWS_SECRET_ACCESS_KEY` is used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "ec2_sd_configs", "*", "secret_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Eureka service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.server": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The URL to connect to the Eureka server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "server"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "eureka_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.fallback_scrape_protocol": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fallback protocol to use if a scrape returns blank, unparseable, or otherwise\ninvalid Content-Type.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "fallback_scrape_protocol"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.file_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of file service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "file_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.file_sd_configs.*.files": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Patterns for files from which target groups are extracted. Refer\nto the Prometheus documentation for permitted filename patterns\nand formats.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "file_sd_configs", "*", "files"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.file_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the files.\n\nDefaults to ````5m```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "file_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Google Compute Engine service discovery configurations.\n\nSee [the relevant Prometheus configuration docs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config)\nfor more detail.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs.*.filter": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Filter can be used optionally to filter the instance list by other\ncriteria Syntax of this filter string is described here in the filter\nquery parameter section: <https://cloud.google.com/compute/docs/reference/latest/instances/list>.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs", "*", "filter"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from. If using the public IP address, this\nmust instead be specified in the relabeling rule.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs.*.project": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The GCP Project.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs", "*", "project"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the cloud instance list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs.*.tag_separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The tag separator used to separate concatenated GCE instance network tags.\n\nSee the GCP documentation on network tags for more information:\n<https://cloud.google.com/vpc/docs/add-remove-network-tags>\n\nDefaults to ````,```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs", "*", "tag_separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.gce_sd_configs.*.zone": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The zone of the scrape targets. If you need multiple zones use multiple\ngce_sd_configs.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "gce_sd_configs", "*", "zone"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Hetzner service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the servers are refreshed.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The Hetzner role of entities that should be discovered.\nOne of `robot` or `hcloud`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "role"], "readOnly": false, "type": "one of \"robot\", \"hcloud\""}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "hetzner_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.honor_labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Controls how Prometheus handles conflicts between labels\nthat are already present in scraped data and labels that\nPrometheus would attach server-side (\"job\" and \"instance\"\nlabels, manually configured target labels, and labels\ngenerated by service discovery implementations).\n\nIf honor_labels is set to \"true\", label conflicts are\nresolved by keeping label values from the scraped data and\nignoring the conflicting server-side labels.\n\nIf honor_labels is set to \"false\", label conflicts are\nresolved by renaming conflicting labels in the scraped data\nto \"exported_\\<original-label\\>\" (for example\n\"exported_instance\", \"exported_job\") and then attaching\nserver-side labels. This is useful for use cases such as\nfederation, where all labels specified in the target should\nbe preserved.\n\nDefaults to ````false```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "honor_labels"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.honor_timestamps": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "honor_timestamps controls whether Prometheus respects the timestamps present\nin scraped data.\n\nIf honor_timestamps is set to `true`, the timestamps of the metrics exposed\nby the target will be used.\n\nIf honor_timestamps is set to `false`, the timestamps of the metrics exposed\nby the target will be ignored.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "honor_timestamps"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.http_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of HTTP service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication information used to authenticate to the API server.\npassword and password_file are mutually exclusive.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-query the endpoint.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the scrape request's TLS settings.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.http_sd_configs.*.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "URL from which the targets are fetched.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "http_sd_configs", "*", "url"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.job_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The job name assigned to scraped metrics by default.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "job_name"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Kubernetes service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.api_server": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The API server addresses. If left empty, Prometheus is assumed to run inside\nof the cluster and will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "api_server"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.kubeconfig_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional path to a kubeconfig file.\nNote that api_server and kube_config are mutually exclusive.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "kubeconfig_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional namespace discovery. If omitted, all namespaces are used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "namespaces"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Namespace name.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "namespaces", "names"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The Kubernetes role of entities that should be discovered.\nOne of endpoints, service, pod, node, or ingress.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "role"], "readOnly": false, "type": "one of \"endpoints\", \"service\", \"pod\", \"node\", \"ingress\""}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional label and field selectors to limit the discovery process to a subset of available resources.\nSee <https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/>\nand <https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/> to learn more about the possible\nfilters that can be used. Endpoints role supports pod, service and endpoints selectors, other roles\nonly support selectors matching the role itself (e.g. node role can only contain node selectors).\n\nNote: When making decision about using field/label selector make sure that this\nis the best approach - it will prevent Prometheus from reusing single list/watch\nfor all scrape configs. This might result in a bigger load on the Kubernetes API,\nbecause per each selector combination there will be additional LIST/WATCH. On the other hand,\nif you just want to monitor small subset of pods in large cluster it's recommended to use selectors.\nDecision, if selectors should be used or not depends on the particular situation.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "selectors"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.field": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Selector field\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "selectors", "*", "field"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.label": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Selector label\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "selectors", "*", "label"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Selector role\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "selectors", "*", "role"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kubernetes_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Kuma service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.fetch_timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the monitoring assignments are refreshed.\n\nDefaults to ````2m```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "fetch_timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time to wait between polling update requests.\n\nDefaults to ````30s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.server": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Address of the Kuma Control Plane's MADS xDS server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "server"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "kuma_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.label_limit": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per-scrape limit on number of labels that will be accepted for a sample. If\nmore than this number of labels are present post metric-relabeling, the\nentire scrape will be treated as failed. 0 means no limit.\n\nDefaults to ````0```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "label_limit"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.label_name_length_limit": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nIf a label name is longer than this number post metric-relabeling, the entire\nscrape will be treated as failed. 0 means no limit.\n\nDefaults to ````0```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "label_name_length_limit"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.label_value_length_limit": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nIf a label value is longer than this number post metric-relabeling, the\nentire scrape will be treated as failed. 0 means no limit.\n\nDefaults to ````0```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "label_value_length_limit"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Lightsail service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.access_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS API keys. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "access_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.endpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom endpoint to be used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "endpoint"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.profile": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Named AWS profile used to connect to the API.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "profile"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the instance list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.region": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS region. If blank, the region from the instance metadata is used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "region"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.role_arn": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "AWS Role ARN, an alternative to using AWS API keys.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "role_arn"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.secret_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The AWS API keys. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "lightsail_sd_configs", "*", "secret_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Linode service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time after which the linode instances are refreshed.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tag_separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The string by which Linode Instance tags are joined into the tag label.\n\nDefaults to ````,```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tag_separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "linode_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Marathon service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional authentication information for token-based authentication:\n<https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token>\nIt is mutually exclusive with `auth_token_file` and other authentication mechanisms.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "auth_token"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional authentication information for token-based authentication:\n<https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token>\nIt is mutually exclusive with `auth_token` and other authentication mechanisms.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "auth_token_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Polling interval.\n\nDefaults to ````30s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.servers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "List of URLs to be used to contact Marathon servers. You need to provide at least one server URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "servers"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "marathon_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of metric relabel configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.action": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Action to perform based on regex matching.\n\nDefaults to ````replace```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "action"], "readOnly": false, "type": "null or one of \"replace\", \"lowercase\", \"uppercase\", \"keep\", \"drop\", \"hashmod\", \"labelmap\", \"labeldrop\", \"labelkeep\""}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.modulus": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Modulus to take of the hash of the source label values.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "modulus"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.regex": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Regular expression against which the extracted value is matched.\n\nDefaults to ````(.*)```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "regex"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.replacement": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Replacement value against which a regex replace is performed if the\nregular expression matches.\n\nDefaults to ````$1```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "replacement"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Separator placed between concatenated source label values.\n\nDefaults to ````;```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.source_labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The source labels select values from existing labels. Their content\nis concatenated using the configured separator and matched against\nthe configured regular expression.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "source_labels"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.target_label": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metric_relabel_configs", "*", "target_label"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.metrics_path": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The HTTP resource path on which to fetch metrics from targets.\n\nDefaults to ````/metrics```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "metrics_path"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.nerve_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of AirBnB's Nerve service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "nerve_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.paths": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Paths can point to a single service, or the root of a tree of services.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "nerve_sd_configs", "*", "paths"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.servers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The Zookeeper servers.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "nerve_sd_configs", "*", "servers"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout value.\n\nDefaults to ````10s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "nerve_sd_configs", "*", "timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of OpenStack service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.all_tenants": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether the service discovery should list all instances for all projects.\nIt is only relevant for the 'instance' role and usually requires admin permissions.\n\nDefaults to ````false```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "all_tenants"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The application_credential_id or application_credential_name fields are\nrequired if using an application credential to authenticate. Some providers\nallow you to create an application credential to authenticate rather than a\npassword.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "application_credential_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The application_credential_id or application_credential_name fields are\nrequired if using an application credential to authenticate. Some providers\nallow you to create an application credential to authenticate rather than a\npassword.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "application_credential_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The application_credential_secret field is required if using an application\ncredential to authenticate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "application_credential_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.availability": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The availability of the endpoint to connect to. Must be one of public, admin or internal.\n\nDefaults to ````public```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "availability"], "readOnly": false, "type": "null or one of \"public\", \"admin\", \"internal\""}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "At most one of domain_id and domain_name must be provided if using username\nwith Identity V3. Otherwise, either are optional.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "domain_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "At most one of domain_id and domain_name must be provided if using username\nwith Identity V3. Otherwise, either are optional.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "domain_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.identity_endpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "identity_endpoint specifies the HTTP endpoint that is required to work with\nthe Identity API of the appropriate version. While it's ultimately needed by\nall of the identity services, it will often be populated by a provider-level\nfunction.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "identity_endpoint"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "password for the Identity V2 and V3 APIs. Consult with your provider's\ncontrol panel to discover your account's preferred method of authentication.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The project_id and project_name fields are optional for the Identity V2 API.\nSome providers allow you to specify a project_name instead of the project_id.\nSome require both. Your provider's authentication policies will determine\nhow these fields influence authentication.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "project_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The project_id and project_name fields are optional for the Identity V2 API.\nSome providers allow you to specify a project_name instead of the project_id.\nSome require both. Your provider's authentication policies will determine\nhow these fields influence authentication.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "project_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the instance list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.region": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The OpenStack Region.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "region"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The OpenStack role of entities that should be discovered.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "role"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.userid": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "username is required if using Identity V2 API. Consult with your provider's\ncontrol panel to discover your account's username. In Identity V3, either\nuserid or a combination of username and domain_id or domain_name are needed.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "userid"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "username is required if using Identity V2 API. Consult with your provider's\ncontrol panel to discover your account's username. In Identity V3, either\nuserid or a combination of username and domain_id or domain_name are needed.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "openstack_sd_configs", "*", "username"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP URL parameters.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "params"], "readOnly": false, "type": "null or (attribute set of list of string)"}, "services.prometheus.scrapeConfigs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of PuppetDB service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.include_parameters": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to include the parameters as meta labels.\nDue to the differences between parameter types and Prometheus labels,\nsome parameters might not be rendered. The format of the parameters might\nalso change in future releases.\n\nNote: Enabling this exposes parameters in the Prometheus UI and API. Make sure\nthat you don't have secrets exposed as parameters if you enable this.\n\nDefaults to ````false```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "include_parameters"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.query": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Puppet Query Language (PQL) query. Only resources are supported.\n<https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html>\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "query"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the resources list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The URL of the PuppetDB root query endpoint.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "puppetdb_sd_configs", "*", "url"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.relabel_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of relabel configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.action": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Action to perform based on regex matching.\n\nDefaults to ````replace```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "action"], "readOnly": false, "type": "null or one of \"replace\", \"lowercase\", \"uppercase\", \"keep\", \"drop\", \"hashmod\", \"labelmap\", \"labeldrop\", \"labelkeep\""}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.modulus": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Modulus to take of the hash of the source label values.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "modulus"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.regex": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Regular expression against which the extracted value is matched.\n\nDefaults to ````(.*)```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "regex"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.replacement": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Replacement value against which a regex replace is performed if the\nregular expression matches.\n\nDefaults to ````$1```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "replacement"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Separator placed between concatenated source label values.\n\nDefaults to ````;```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.source_labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The source labels select values from existing labels. Their content\nis concatenated using the configured separator and matched against\nthe configured regular expression.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "source_labels"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.relabel_configs.*.target_label": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label to which the resulting value is written in a replace action.\nIt is mandatory for replace actions.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "relabel_configs", "*", "target_label"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.sample_limit": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per-scrape limit on number of scraped samples that will be accepted.\nIf more than this number of samples are present after metric relabelling\nthe entire scrape will be treated as failed. 0 means no limit.\n\nDefaults to ````0```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "sample_limit"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Scaleway service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.access_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Access key to use. <https://console.scaleway.com/project/credentials>\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "access_key"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.api_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "API URL to use when doing the server listing requests.\n\nDefaults to ````https://api.scaleway.com```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "api_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.name_filter": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a name filter (works as a LIKE) to apply on the server listing request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "name_filter"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to scrape metrics from.\n\nDefaults to ````80```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.project_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Project ID of the targets.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "project_id"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the managed targets list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Role of the targets to retrieve. Must be `instance` or `baremetal`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "role"], "readOnly": false, "type": "one of \"instance\", \"baremetal\""}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secret key to use when listing targets. <https://console.scaleway.com/project/credentials>\nIt is mutually exclusive with `secret_key_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "secret_key"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the secret key with the credentials read from the configured file.\nIt is mutually exclusive with `secret_key`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "secret_key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tags_filter": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tags_filter"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.zone": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Zone is the availability zone of your targets (e.g. fr-par-1).\n\nDefaults to ````fr-par-1```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scaleway_sd_configs", "*", "zone"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scheme": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL scheme with which to fetch metrics from targets.\n\nDefaults to ````http```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scheme"], "readOnly": false, "type": "null or one of \"http\", \"https\""}, "services.prometheus.scrapeConfigs.*.scrape_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How frequently to scrape targets from this job. Defaults to the\nglobally configured default.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scrape_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.scrape_protocols": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The protocols to negotiate during a scrape with the client.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scrape_protocols"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.scrape_timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per-target timeout when scraping this job. Defaults to the\nglobally configured default.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "scrape_timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.serverset_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Zookeeper Serverset service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "serverset_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.paths": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Paths can point to a single service, or the root of a tree of services.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "serverset_sd_configs", "*", "paths"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.servers": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The Zookeeper servers.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "serverset_sd_configs", "*", "servers"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.timeout": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout value.\n\nDefaults to ````10s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "serverset_sd_configs", "*", "timeout"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.static_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of labeled target groups for this job.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "static_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.static_configs.*.labels": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Labels assigned to all metrics scraped from the targets.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "static_configs", "*", "labels"], "readOnly": false, "type": "attribute set of string"}, "services.prometheus.scrapeConfigs.*.static_configs.*.targets": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The targets specified by the target group.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "static_configs", "*", "targets"], "readOnly": false, "type": "list of string"}, "services.prometheus.scrapeConfigs.*.target_limit": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per-scrape config limit on number of unique targets that will be\naccepted. If more than this number of targets are present after target\nrelabeling, Prometheus will mark the targets as failed without scraping them.\n0 means no limit. This is an experimental feature, this behaviour could\nchange in the future.\n\nDefaults to ````0```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "target_limit"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the scrape request's TLS settings.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Triton Serverset service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.account": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The account to use for discovering new targets.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "account"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.dns_suffix": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The DNS suffix which should be applied to target.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "dns_suffix"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.endpoint": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The Triton discovery endpoint (e.g. `cmon.us-east-3b.triton.zone`). This is\noften the same value as dns_suffix.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "endpoint"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.groups": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of groups for which targets are retrieved, only supported when targeting the `container` role.\nIf omitted all containers owned by the requesting account are scraped.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "groups"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.port": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to use for discovery and metric scraping.\n\nDefaults to ````9163```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The interval which should be used for refreshing targets.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.role": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The type of targets to discover, can be set to:\n- \"container\" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton\n- \"cn\" to discover compute nodes (servers/global zones) making up the Triton infrastructure\n\nDefaults to ````container```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "role"], "readOnly": false, "type": "null or one of \"container\", \"cn\""}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.triton_sd_configs.*.version": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Triton discovery API version.\n\nDefaults to ````1```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "triton_sd_configs", "*", "version"], "readOnly": false, "type": "null or signed integer"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of Uyuni Serverset service discovery configurations.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs"], "readOnly": false, "type": "null or (list of (submodule))"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional `Authorization` header configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "authorization"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentials": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials. It is mutually exclusive with `credentials_file`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "authorization", "credentials"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentials_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the credentials to the credentials read from the configured file.\nIt is mutually exclusive with `credentials`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "authorization", "credentials_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.type": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the authentication type.\n\nDefaults to ````Bearer```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "authorization", "type"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional HTTP basic authentication information.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "basic_auth"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "basic_auth", "password"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP password file", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "basic_auth", "password_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "HTTP username\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "basic_auth", "username"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.entitlement": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The entitlement string to filter eligible systems.\n\nDefaults to ````monitoring_entitled```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "entitlement"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.follow_redirects": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nDefaults to ````true```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "follow_redirects"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as basic_auth or authorization.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_id": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client ID.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2", "client_id"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secret": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "OAuth client secret.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2", "client_secret"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secret_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the client secret from a file. It is mutually exclusive with `client_secret`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2", "client_secret_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.endpoint_params": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional parameters to append to the token URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2", "endpoint_params"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.scopes": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Scopes for the token request.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2", "scopes"], "readOnly": false, "type": "null or (list of string)"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.token_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL to fetch the token from.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "oauth2", "token_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.password": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Credentials are used to authenticate the requests to Uyuni API.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "password"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.proxy_url": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional proxy URL.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "proxy_url"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.refresh_interval": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read the managed targets list.\n\nDefaults to ````60s```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "refresh_interval"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.separator": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The string by which Uyuni group names are joined into the groups label\n\nDefaults to ````,```` in prometheus\nwhen set to `null`.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "separator"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.server": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "The URL to connect to the Uyuni server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "server"], "readOnly": false, "type": "string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS configuration.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "tls_config"], "readOnly": false, "type": "null or (submodule)"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.ca_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CA certificate to validate API server certificate with.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "tls_config", "ca_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "tls_config", "cert_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Disable validation of the server certificate.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "tls_config", "insecure_skip_verify"], "readOnly": false, "type": "null or boolean"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_file": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key file for client cert authentication to the server.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "tls_config", "key_file"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.server_name": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ServerName extension to indicate the name of the server.\nhttp://tools.ietf.org/html/rfc4366#section-3.1\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "tls_config", "server_name"], "readOnly": false, "type": "null or string"}, "services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.username": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "description": "Credentials are used to authenticate the requests to Uyuni API.\n", "loc": ["services", "prometheus", "scrapeConfigs", "*", "uyuni_sd_configs", "*", "username"], "readOnly": false, "type": "string"}, "services.prometheus.stateDir": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "\"prometheus2\""}, "description": "Directory below `/var/lib` to store Prometheus metrics data.\nThis directory will be created automatically using systemd's StateDirectory mechanism.\n", "loc": ["services", "prometheus", "stateDir"], "readOnly": false, "type": "string"}, "services.prometheus.webConfigFile": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies which file should be used as web.config.file and be passed on startup.\nSee <https://prometheus.io/docs/prometheus/latest/configuration/https/> for valid options.\n", "loc": ["services", "prometheus", "webConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.prometheus.webExternalUrl": {"declarations": ["nixos/modules/services/monitoring/prometheus/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URL under which Prometheus is externally reachable (for example,\nif Prometheus is served via a reverse proxy).\n", "example": {"_type": "literalExpression", "text": "\"https://example.com/\""}, "loc": ["services", "prometheus", "webExternalUrl"], "readOnly": false, "type": "null or string"}, "services.prometheus.xmpp-alerts.enable": {"declarations": ["nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable XMPP Web hook service for Alertmanager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prometheus", "xmpp-alerts", "enable"], "readOnly": false, "type": "boolean"}, "services.prometheus.xmpp-alerts.settings": {"declarations": ["nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for prometheus xmpp-alerts, see\n<https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example>\nfor supported values.\n", "loc": ["services", "prometheus", "xmpp-alerts", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.promtail.configFile": {"declarations": ["nixos/modules/services/logging/promtail.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Config file path for Promtail.\nIf this option is defined, the value of `services.promtail.configuration` will be ignored.\n", "loc": ["services", "promtail", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.promtail.configuration": {"declarations": ["nixos/modules/services/logging/promtail.nix"], "description": "Specify the configuration for Promtail in Nix.\nThis option will be ignored if `services.promtail.configFile` is defined.\n", "loc": ["services", "promtail", "configuration"], "readOnly": false, "type": "JSON value"}, "services.promtail.enable": {"declarations": ["nixos/modules/services/logging/promtail.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Promtail ingresser.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "promtail", "enable"], "readOnly": false, "type": "boolean"}, "services.promtail.extraFlags": {"declarations": ["nixos/modules/services/logging/promtail.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify a list of additional command line flags,\nwhich get escaped and are then passed to Loki.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--server.http-listen-port=3101\"\n]"}, "loc": ["services", "promtail", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.prosody-filer.enable": {"declarations": ["nixos/modules/services/web-apps/prosody-filer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Prosody Filer XMPP upload file server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prosody-filer", "enable"], "readOnly": false, "type": "boolean"}, "services.prosody-filer.settings": {"declarations": ["nixos/modules/services/web-apps/prosody-filer.nix"], "default": {"_type": "literalExpression", "text": "{\n  listenport = mkDefault \"127.0.0.1:5050\";\n  uploadSubDir = mkDefault \"upload/\";\n}\n"}, "description": "Configuration for Prosody Filer.\nRefer to <https://github.com/ThomasLeister/prosody-filer#configure-prosody-filer> for details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  secret = \"mysecret\";\n  storeDir = \"/srv/http/nginx/prosody-upload\";\n}"}, "loc": ["services", "prosody-filer", "settings"], "readOnly": false, "type": "TOML value"}, "services.prosody.admins": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of administrators of the current host", "example": {"_type": "literalExpression", "text": "[\n  \"admin1@example.com\"\n  \"admin2@example.com\"\n]"}, "loc": ["services", "prosody", "admins"], "readOnly": false, "type": "list of string"}, "services.prosody.allowRegistration": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow account creation", "loc": ["services", "prosody", "allowRegistration"], "readOnly": false, "type": "boolean"}, "services.prosody.authentication": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"internal_hashed\""}, "description": "Authentication mechanism used for logins.", "example": {"_type": "literalExpression", "text": "\"internal_plain\""}, "loc": ["services", "prosody", "authentication"], "readOnly": false, "type": "one of \"internal_plain\", \"internal_hashed\", \"cyrus\", \"anonymous\""}, "services.prosody.c2sRequireEncryption": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Force clients to use encrypted connections? This option will\nprevent clients from authenticating unless they are using encryption.\n", "loc": ["services", "prosody", "c2sRequireEncryption"], "readOnly": false, "type": "boolean"}, "services.prosody.checkConfig": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check the configuration file with `prosodyctl check config`", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "prosody", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.prosody.dataDir": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/prosody\""}, "description": "The prosody home directory used to store all data. If left as the default value\nthis directory will automatically be created before the prosody server starts, otherwise\nyou are responsible for ensuring the directory exists with appropriate ownership\nand permissions.\n", "loc": ["services", "prosody", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.prosody.disco_items": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of discoverable items you want to advertise.", "loc": ["services", "prosody", "disco_items"], "readOnly": false, "type": "list of (submodule)"}, "services.prosody.disco_items.*.description": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "A short description of the endpoint you want to advertise", "loc": ["services", "prosody", "disco_items", "*", "description"], "readOnly": false, "type": "string"}, "services.prosody.disco_items.*.url": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "URL of the endpoint you want to make discoverable", "loc": ["services", "prosody", "disco_items", "*", "url"], "readOnly": false, "type": "string"}, "services.prosody.enable": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the prosody server", "loc": ["services", "prosody", "enable"], "readOnly": false, "type": "boolean"}, "services.prosody.extraConfig": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional prosody configuration\n\nThe generated file is processed by `envsubst` to allow secrets to be passed securely via environment variables.\n", "loc": ["services", "prosody", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.prosody.extraModules": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enable custom modules", "loc": ["services", "prosody", "extraModules"], "readOnly": false, "type": "list of string"}, "services.prosody.extraPluginPaths": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional path in which to look find plugins/modules", "loc": ["services", "prosody", "extraPluginPaths"], "readOnly": false, "type": "list of absolute path"}, "services.prosody.group": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"prosody\""}, "description": "Group account under which prosody runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the group exists before the prosody service starts.\n:::\n", "loc": ["services", "prosody", "group"], "readOnly": false, "type": "string"}, "services.prosody.httpFileShare": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configures the http_file_share module to handle user uploads.\n\nSee <https://prosody.im/doc/modules/mod_http_file_share> for a full list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  domain = \"uploads.my-xmpp-example-host.org\";\n}"}, "loc": ["services", "prosody", "httpFileShare"], "readOnly": false, "type": "null or (open submodule of int, bool, string or list of them)"}, "services.prosody.httpFileShare.daily_quota": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "10 * services.prosody.httpFileShare.size_limit"}, "description": "Maximum size of daily uploaded files per user, in bytes.\n", "example": {"_type": "literalExpression", "text": "\"100*1024*1024\""}, "loc": ["services", "prosody", "httpFileShare", "daily_quota"], "readOnly": false, "type": "null or signed integer"}, "services.prosody.httpFileShare.domain": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Domain name for a http_file_share service.", "loc": ["services", "prosody", "httpFileShare", "domain"], "readOnly": false, "type": "null or string"}, "services.prosody.httpFileShare.expires_after": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"1 week\""}, "description": "Max age of a file before it gets deleted.", "loc": ["services", "prosody", "httpFileShare", "expires_after"], "readOnly": false, "type": "string"}, "services.prosody.httpFileShare.http_external_url": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "External URL in case Prosody sits behind a reverse proxy.", "loc": ["services", "prosody", "httpFileShare", "http_external_url"], "readOnly": false, "type": "null or string"}, "services.prosody.httpFileShare.http_host": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To avoid an additional DNS record and certificate, you may set this option to your primary domain (e.g. \"example.com\")\nor use a reverse proxy to handle the HTTP for that domain.\n", "loc": ["services", "prosody", "httpFileShare", "http_host"], "readOnly": false, "type": "null or string"}, "services.prosody.httpFileShare.size_limit": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"10 * 1024 * 1024\""}, "description": "Maximum file size, in bytes.", "loc": ["services", "prosody", "httpFileShare", "size_limit"], "readOnly": false, "type": "signed integer"}, "services.prosody.httpInterfaces": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n  \"::\"\n]"}, "description": "Interfaces on which the HTTP server will listen on.", "loc": ["services", "prosody", "httpInterfaces"], "readOnly": false, "type": "list of string"}, "services.prosody.httpPorts": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[\n  5280\n]"}, "description": "Listening HTTP ports list for this service.", "loc": ["services", "prosody", "httpPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prosody.httpsInterfaces": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n  \"::\"\n]"}, "description": "Interfaces on which the HTTPS server will listen on.", "loc": ["services", "prosody", "httpsInterfaces"], "readOnly": false, "type": "list of string"}, "services.prosody.httpsPorts": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[\n  5281\n]"}, "description": "Listening HTTPS ports list for this service.", "loc": ["services", "prosody", "httpsPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prosody.log": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"\\\"*syslog\\\"\""}, "description": "Logging configuration. See [](https://prosody.im/doc/logging) for more details", "example": {"_type": "literalExpression", "text": "''\n  {\n    { min = \"warn\"; to = \"*syslog\"; };\n  }\n''"}, "loc": ["services", "prosody", "log"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.prosody.modules.admin_adhoc": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allows administration via an XMPP client that supports ad-hoc commands", "loc": ["services", "prosody", "modules", "admin_adhoc"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.admin_telnet": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Opens telnet console interface on localhost port 5582", "loc": ["services", "prosody", "modules", "admin_telnet"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.announce": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send announcement to all online users", "loc": ["services", "prosody", "modules", "announce"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.blocklist": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow users to block communications with other users", "loc": ["services", "prosody", "modules", "blocklist"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.bookmarks": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP", "loc": ["services", "prosody", "modules", "bookmarks"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.bosh": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable BOSH clients, aka 'Jabber over HTTP'", "loc": ["services", "prosody", "modules", "bosh"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.carbons": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Keep multiple clients in sync", "loc": ["services", "prosody", "modules", "carbons"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.cloud_notify": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online", "loc": ["services", "prosody", "modules", "cloud_notify"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.csi": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Implements the CSI protocol that allows clients to report their active/inactive state to the server", "loc": ["services", "prosody", "modules", "csi"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.dialback": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "s2s dialback support", "loc": ["services", "prosody", "modules", "dialback"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.disco": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Service discovery", "loc": ["services", "prosody", "modules", "disco"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.groups": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Shared roster support", "loc": ["services", "prosody", "modules", "groups"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.http_files": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Serve static files from a directory over HTTP", "loc": ["services", "prosody", "modules", "http_files"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.legacyauth": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Legacy authentication. Only used by some old clients and bots", "loc": ["services", "prosody", "modules", "legacyauth"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.limits": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable bandwidth limiting for XMPP connections", "loc": ["services", "prosody", "modules", "limits"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.mam": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Store messages in an archive and allow users to access it", "loc": ["services", "prosody", "modules", "mam"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.motd": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send a message to users when they log in", "loc": ["services", "prosody", "modules", "motd"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.pep": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables users to publish their mood, activity, playing music and more", "loc": ["services", "prosody", "modules", "pep"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.ping": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Replies to XMPP pings with pongs", "loc": ["services", "prosody", "modules", "ping"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.private": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Private XML storage (for room bookmarks, etc.)", "loc": ["services", "prosody", "modules", "private"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.proxy65": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables a file transfer proxy service which clients behind NAT can use", "loc": ["services", "prosody", "modules", "proxy65"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.register": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow users to register on this server using a client and change passwords", "loc": ["services", "prosody", "modules", "register"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.roster": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow users to have a roster", "loc": ["services", "prosody", "modules", "roster"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.saslauth": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Authentication for clients and servers. Recommended if you want to log in.", "loc": ["services", "prosody", "modules", "saslauth"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.server_contact_info": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Publish contact information for this service", "loc": ["services", "prosody", "modules", "server_contact_info"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.smacks": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow a client to resume a disconnected session, and prevent message loss", "loc": ["services", "prosody", "modules", "smacks"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.time": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Let others know the time here on this server", "loc": ["services", "prosody", "modules", "time"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.tls": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Add support for secure TLS on c2s/s2s connections", "loc": ["services", "prosody", "modules", "tls"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.uptime": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Report how long server has been running", "loc": ["services", "prosody", "modules", "uptime"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.vcard": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow users to set vCards", "loc": ["services", "prosody", "modules", "vcard"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.vcard_legacy": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Converts users profiles and Avatars between old and new formats", "loc": ["services", "prosody", "modules", "vcard_legacy"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.version": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Replies to server version requests", "loc": ["services", "prosody", "modules", "version"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.watchregistrations": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Alert admins of registrations", "loc": ["services", "prosody", "modules", "watchregistrations"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.websocket": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable WebSocket support", "loc": ["services", "prosody", "modules", "websocket"], "readOnly": false, "type": "boolean"}, "services.prosody.modules.welcome": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Welcome users who register accounts", "loc": ["services", "prosody", "modules", "welcome"], "readOnly": false, "type": "boolean"}, "services.prosody.muc": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Multi User Chat (MUC) configuration", "example": {"_type": "literalExpression", "text": "[\n  {\n    domain = \"conference.my-xmpp-example-host.org\";\n  }\n]"}, "loc": ["services", "prosody", "muc"], "readOnly": false, "type": "list of (submodule)"}, "services.prosody.muc.*.allowners_muc": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add module allowners, any user in chat is able to\nkick other. Useful in jitsi-meet to kick ghosts.\n", "loc": ["services", "prosody", "muc", "*", "allowners_muc"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.domain": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Domain name of the MUC", "loc": ["services", "prosody", "muc", "*", "domain"], "readOnly": false, "type": "string"}, "services.prosody.muc.*.extraConfig": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional MUC specific configuration", "loc": ["services", "prosody", "muc", "*", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.prosody.muc.*.maxHistoryMessages": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Specifies a limit on what each room can be configured to keep", "loc": ["services", "prosody", "muc", "*", "maxHistoryMessages"], "readOnly": false, "type": "signed integer"}, "services.prosody.muc.*.moderation": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow rooms to be moderated", "loc": ["services", "prosody", "muc", "*", "moderation"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.name": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"Prosody Chatrooms\""}, "description": "The name to return in service discovery responses for the MUC service itself", "loc": ["services", "prosody", "muc", "*", "name"], "readOnly": false, "type": "string"}, "services.prosody.muc.*.restrictRoomCreation": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Restrict room creation to server admins", "loc": ["services", "prosody", "muc", "*", "restrictRoomCreation"], "readOnly": false, "type": "one of true, false, \"admin\", \"local\""}, "services.prosody.muc.*.roomDefaultChangeSubject": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the rooms will display the public JIDs by default.", "loc": ["services", "prosody", "muc", "*", "roomDefaultChangeSubject"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.roomDefaultHistoryLength": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Number of history message sent to participants by default.", "loc": ["services", "prosody", "muc", "*", "roomDefaultHistoryLength"], "readOnly": false, "type": "signed integer"}, "services.prosody.muc.*.roomDefaultLanguage": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"en\""}, "description": "Default room language.", "loc": ["services", "prosody", "muc", "*", "roomDefaultLanguage"], "readOnly": false, "type": "string"}, "services.prosody.muc.*.roomDefaultMembersOnly": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the MUC rooms will only be accessible to the members by default.", "loc": ["services", "prosody", "muc", "*", "roomDefaultMembersOnly"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.roomDefaultModerated": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the MUC rooms will be moderated by default.", "loc": ["services", "prosody", "muc", "*", "roomDefaultModerated"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.roomDefaultPublic": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set, the MUC rooms will be public by default.", "loc": ["services", "prosody", "muc", "*", "roomDefaultPublic"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.roomDefaultPublicJids": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the MUC rooms will display the public JIDs by default.", "loc": ["services", "prosody", "muc", "*", "roomDefaultPublicJids"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.roomLockTimeout": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Timeout after which the room is destroyed or unlocked if not\nconfigured, in seconds\n", "loc": ["services", "prosody", "muc", "*", "roomLockTimeout"], "readOnly": false, "type": "signed integer"}, "services.prosody.muc.*.roomLocking": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables room locking, which means that a room must be\nconfigured before it can be used. Locked rooms are invisible\nand cannot be entered by anyone but the creator\n", "loc": ["services", "prosody", "muc", "*", "roomLocking"], "readOnly": false, "type": "boolean"}, "services.prosody.muc.*.tombstoneExpiry": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "2678400"}, "description": "This settings controls how long a tombstone is considered\nvalid. It defaults to 31 days. After this time, the room in\nquestion can be created again.\n", "loc": ["services", "prosody", "muc", "*", "tombstoneExpiry"], "readOnly": false, "type": "signed integer"}, "services.prosody.muc.*.tombstones": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When a room is destroyed, it leaves behind a tombstone which\nprevents the room being entered or recreated. It also allows\nanyone who was not in the room at the time it was destroyed\nto learn about it, and to update their bookmarks. Tombstones\nprevents the case where someone could recreate a previously\nsemi-anonymous room in order to learn the real JIDs of those\nwho often join there.\n", "loc": ["services", "prosody", "muc", "*", "tombstones"], "readOnly": false, "type": "boolean"}, "services.prosody.package": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prosody"}, "description": "The prosody package to use.", "example": {"_type": "literalExpression", "text": "pkgs.prosody.override {\n  withExtraLibs = [ pkgs.luaPackages.lpty ];\n  withCommunityModules = [ \"auth_external\" ];\n};\n"}, "loc": ["services", "prosody", "package"], "readOnly": false, "type": "package"}, "services.prosody.s2sInsecureDomains": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Some servers have invalid or self-signed certificates. You can list\nremote domains here that will not be required to authenticate using\ncertificates. They will be authenticated using DNS instead, even\nwhen s2s_secure_auth is enabled.\n", "example": {"_type": "literalExpression", "text": "[\n  \"insecure.example.com\"\n]"}, "loc": ["services", "prosody", "s2sInsecureDomains"], "readOnly": false, "type": "list of string"}, "services.prosody.s2sRequireEncryption": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Force servers to use encrypted connections? This option will\nprevent servers from authenticating unless they are using encryption.\nNote that this is different from authentication.\n", "loc": ["services", "prosody", "s2sRequireEncryption"], "readOnly": false, "type": "boolean"}, "services.prosody.s2sSecureAuth": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Force certificate authentication for server-to-server connections?\nThis provides ideal security, but requires servers you communicate\nwith to support encryption AND present valid, trusted certificates.\nFor more information see <https://prosody.im/doc/s2s#security>\n", "loc": ["services", "prosody", "s2sSecureAuth"], "readOnly": false, "type": "boolean"}, "services.prosody.s2sSecureDomains": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Even if you leave s2s_secure_auth disabled, you can still require valid\ncertificates for some domains by specifying a list here.\n", "example": {"_type": "literalExpression", "text": "[\n  \"jabber.org\"\n]"}, "loc": ["services", "prosody", "s2sSecureDomains"], "readOnly": false, "type": "list of string"}, "services.prosody.ssl": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Paths to SSL files", "loc": ["services", "prosody", "ssl"], "readOnly": false, "type": "null or (submodule)"}, "services.prosody.ssl.cert": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Path to the certificate file.", "loc": ["services", "prosody", "ssl", "cert"], "readOnly": false, "type": "absolute path"}, "services.prosody.ssl.extraOptions": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra SSL configuration options.", "loc": ["services", "prosody", "ssl", "extraOptions"], "readOnly": false, "type": "attribute set"}, "services.prosody.ssl.key": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Path to the key file.", "loc": ["services", "prosody", "ssl", "key"], "readOnly": false, "type": "absolute path"}, "services.prosody.user": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"prosody\""}, "description": "User account under which prosody runs.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the prosody service starts.\n:::\n", "loc": ["services", "prosody", "user"], "readOnly": false, "type": "string"}, "services.prosody.virtualHosts": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "{\n  localhost = {\n    domain = \"localhost\";\n    enabled = true;\n  };\n}"}, "description": "Define the virtual hosts", "example": {"_type": "literalExpression", "text": "{\n  myhost = {\n    domain = \"my-xmpp-example-host.org\";\n    enabled = true;\n  };\n}"}, "loc": ["services", "prosody", "virtualHosts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.prosody.virtualHosts.<name>.domain": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Domain name", "loc": ["services", "prosody", "virtualHosts", "<name>", "domain"], "readOnly": false, "type": "string"}, "services.prosody.virtualHosts.<name>.enabled": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the virtual host", "loc": ["services", "prosody", "virtualHosts", "<name>", "enabled"], "readOnly": false, "type": "boolean"}, "services.prosody.virtualHosts.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional virtual host specific configuration", "loc": ["services", "prosody", "virtualHosts", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.prosody.virtualHosts.<name>.ssl": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Paths to SSL files", "loc": ["services", "prosody", "virtualHosts", "<name>", "ssl"], "readOnly": false, "type": "null or (submodule)"}, "services.prosody.virtualHosts.<name>.ssl.cert": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Path to the certificate file.", "loc": ["services", "prosody", "virtualHosts", "<name>", "ssl", "cert"], "readOnly": false, "type": "absolute path"}, "services.prosody.virtualHosts.<name>.ssl.extraOptions": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra SSL configuration options.", "loc": ["services", "prosody", "virtualHosts", "<name>", "ssl", "extraOptions"], "readOnly": false, "type": "attribute set"}, "services.prosody.virtualHosts.<name>.ssl.key": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "description": "Path to the key file.", "loc": ["services", "prosody", "virtualHosts", "<name>", "ssl", "key"], "readOnly": false, "type": "absolute path"}, "services.prosody.xmppComplianceSuite": {"declarations": ["nixos/modules/services/networking/prosody.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "The XEP-0423 defines a set of recommended XEPs to implement\nfor a server. It's generally a good idea to implement this\nset of extensions if you want to provide your users with a\ngood XMPP experience.\n\nThis NixOS module aims to provide a \"advanced server\"\nexperience as per defined in the XEP-0423[1] specification.\n\nSetting this option to true will prevent you from building a\nNixOS configuration which won't comply with this standard.\nYou can explicitly decide to ignore this standard if you\nknow what you are doing by setting this option to false.\n\n[1] https://xmpp.org/extensions/xep-0423.html\n", "loc": ["services", "prosody", "xmppComplianceSuite"], "readOnly": false, "type": "boolean"}, "services.protonmail-bridge.enable": {"declarations": ["nixos/modules/services/mail/protonmail-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable protonmail bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "protonmail-bridge", "enable"], "readOnly": false, "type": "boolean"}, "services.protonmail-bridge.logLevel": {"declarations": ["nixos/modules/services/mail/protonmail-bridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log level of the Proton Mail Bridge service. If set to null then the service uses it's default log level.", "loc": ["services", "protonmail-bridge", "logLevel"], "readOnly": false, "type": "null or one of \"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\""}, "services.protonmail-bridge.package": {"declarations": ["nixos/modules/services/mail/protonmail-bridge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.protonmail-bridge"}, "description": "The protonmail-bridge package to use.", "loc": ["services", "protonmail-bridge", "package"], "readOnly": false, "type": "package"}, "services.protonmail-bridge.path": {"declarations": ["nixos/modules/services/mail/protonmail-bridge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of derivations to put in protonmail-bridge's path.", "example": {"_type": "literalExpression", "text": "with pkgs; [ pass gnome-keyring ]"}, "loc": ["services", "protonmail-bridge", "path"], "readOnly": false, "type": "list of absolute path"}, "services.prowlarr.dataDir": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/prowlarr\""}, "description": "The directory where Prowlarr stores its data files.\n\nNote: A bind mount will be used to mount the directory at the expected location\nif a different value than `/var/lib/prowlarr` is used.\n", "loc": ["services", "prowlarr", "dataDir"], "readOnly": false, "type": "string"}, "services.prowlarr.enable": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Prowlarr, an indexer manager/proxy for Torrent trackers and Usenet indexers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "prowlarr", "enable"], "readOnly": false, "type": "boolean"}, "services.prowlarr.environmentFiles": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment file to pass secret configuration values.\nEach line must follow the `PROWLARR__SECTION__KEY=value` pattern.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n", "loc": ["services", "prowlarr", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.prowlarr.openFirewall": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Prowlarr web interface.", "loc": ["services", "prowlarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.prowlarr.package": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.prowlarr"}, "description": "The prowlarr package to use.", "loc": ["services", "prowlarr", "package"], "readOnly": false, "type": "package"}, "services.prowlarr.settings": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n\nWARNING: this configuration is stored in the world-readable Nix store!\nFor secrets use [](#opt-services.prowlarr.environmentFiles).\n", "example": {"_type": "literalExpression", "text": "{\n  update.mechanism = \"internal\";\n  server = {\n    urlbase = \"localhost\";\n    port = 9696;\n    bindaddress = \"*\";\n  };\n}\n"}, "loc": ["services", "prowlarr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.prowlarr.settings.log.analyticsEnabled": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send Anonymous Usage Data", "loc": ["services", "prowlarr", "settings", "log", "analyticsEnabled"], "readOnly": false, "type": "boolean"}, "services.prowlarr.settings.server.port": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "9696"}, "description": "Port Number", "loc": ["services", "prowlarr", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.prowlarr.settings.update.automatically": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically download and install updates.", "loc": ["services", "prowlarr", "settings", "update", "automatically"], "readOnly": false, "type": "boolean"}, "services.prowlarr.settings.update.mechanism": {"declarations": ["nixos/modules/services/misc/servarr/prowlarr.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "which update mechanism to use", "loc": ["services", "prowlarr", "settings", "update", "mechanism"], "readOnly": false, "type": "null or one of \"external\", \"builtIn\", \"script\""}, "services.psd.enable": {"declarations": ["nixos/modules/services/desktops/profile-sync-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Profile Sync daemon.\n", "loc": ["services", "psd", "enable"], "readOnly": false, "type": "boolean"}, "services.psd.resyncTimer": {"declarations": ["nixos/modules/services/desktops/profile-sync-daemon.nix"], "default": {"_type": "literalExpression", "text": "\"1h\""}, "description": "The amount of time to wait before syncing browser profiles back to the\ndisk.\n\nTakes a systemd.unit time span. The time unit defaults to seconds if\nomitted.\n", "example": {"_type": "literalExpression", "text": "\"1h 30min\""}, "loc": ["services", "psd", "resyncTimer"], "readOnly": false, "type": "string"}, "services.public-inbox.enable": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the public-inbox mail archiver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "enable"], "readOnly": false, "type": "boolean"}, "services.public-inbox.http.args": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command-line arguments to pass to {manpage}`public-inbox-httpd(1)`.", "loc": ["services", "public-inbox", "http", "args"], "readOnly": false, "type": "list of string"}, "services.public-inbox.http.enable": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the public-inbox HTTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "http", "enable"], "readOnly": false, "type": "boolean"}, "services.public-inbox.http.mounts": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/\"\n]"}, "description": "Root paths or URLs that public-inbox will be served on.\nIf domain parts are present, only requests to those\ndomains will be accepted.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/lists/archives\"\n]"}, "loc": ["services", "public-inbox", "http", "mounts"], "readOnly": false, "type": "list of string"}, "services.public-inbox.http.port": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "Listening port or systemd's ListenStream= entry\nto be used as a reverse proxy, eg. in nginx:\n`locations.\"/inbox\".proxyPass = \"http://unix:${config.services.public-inbox.http.port}:/inbox\";`\nSet to null and use `systemd.sockets.public-inbox-httpd.listenStreams`\nif you need a more advanced listening.\n", "example": {"_type": "literalExpression", "text": "\"/run/public-inbox-httpd.sock\""}, "loc": ["services", "public-inbox", "http", "port"], "readOnly": false, "type": "null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.public-inbox.imap.args": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command-line arguments to pass to {manpage}`public-inbox-imapd(1)`.", "loc": ["services", "public-inbox", "imap", "args"], "readOnly": false, "type": "list of string"}, "services.public-inbox.imap.cert": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to TLS certificate to use for connections to {manpage}`public-inbox-imapd(1)`.", "example": {"_type": "literalExpression", "text": "\"/path/to/fullchain.pem\""}, "loc": ["services", "public-inbox", "imap", "cert"], "readOnly": false, "type": "null or string"}, "services.public-inbox.imap.enable": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the public-inbox IMAP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "imap", "enable"], "readOnly": false, "type": "boolean"}, "services.public-inbox.imap.key": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to TLS key to use for connections to {manpage}`public-inbox-imapd(1)`.", "example": {"_type": "literalExpression", "text": "\"/path/to/key.pem\""}, "loc": ["services", "public-inbox", "imap", "key"], "readOnly": false, "type": "null or string"}, "services.public-inbox.imap.port": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "993"}, "description": "Listening port.\nBeware that public-inbox uses well-known ports number to decide whether to enable TLS or not.\nSet to null and use `systemd.sockets.public-inbox-imapd.listenStreams`\nif you need a more advanced listening.\n", "loc": ["services", "public-inbox", "imap", "port"], "readOnly": false, "type": "null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.public-inbox.inboxes": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Inboxes to configure, where attribute names are inbox names.\n", "loc": ["services", "public-inbox", "inboxes"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))"}, "services.public-inbox.inboxes.<name>.address": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "description": "The email addresses of the public-inbox.", "example": {"_type": "literalExpression", "text": "\"example-discuss@example.org\""}, "loc": ["services", "public-inbox", "inboxes", "<name>", "address"], "readOnly": false, "type": "list of string"}, "services.public-inbox.inboxes.<name>.coderepo": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Nicknames of a 'coderepo' section associated with the inbox.", "loc": ["services", "public-inbox", "inboxes", "<name>", "coderepo"], "readOnly": false, "type": "list of coderepo names"}, "services.public-inbox.inboxes.<name>.description": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "description": "User-visible description for the repository.", "example": {"_type": "literalExpression", "text": "\"user/dev discussion of public-inbox itself\""}, "loc": ["services", "public-inbox", "inboxes", "<name>", "description"], "readOnly": false, "type": "string"}, "services.public-inbox.inboxes.<name>.inboxdir": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/public-inbox/inboxes/\u2039name\u203a\""}, "description": "The absolute path to the directory which hosts the public-inbox.", "loc": ["services", "public-inbox", "inboxes", "<name>", "inboxdir"], "readOnly": false, "type": "string"}, "services.public-inbox.inboxes.<name>.newsgroup": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "NNTP group name for the inbox.", "loc": ["services", "public-inbox", "inboxes", "<name>", "newsgroup"], "readOnly": false, "type": "null or string"}, "services.public-inbox.inboxes.<name>.url": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "description": "URL where this inbox can be accessed over HTTP.", "example": {"_type": "literalExpression", "text": "\"https://example.org/lists/example-discuss\""}, "loc": ["services", "public-inbox", "inboxes", "<name>", "url"], "readOnly": false, "type": "non-empty string"}, "services.public-inbox.inboxes.<name>.watch": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths for {manpage}`public-inbox-watch(1)` to monitor for new mail.", "example": {"_type": "literalExpression", "text": "[\n  \"maildir:/path/to/test.example.com.git\"\n]"}, "loc": ["services", "public-inbox", "inboxes", "<name>", "watch"], "readOnly": false, "type": "list of string"}, "services.public-inbox.inboxes.<name>.watchheader": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, {manpage}`public-inbox-watch(1)` will only process\nmail containing a matching header.\n", "example": {"_type": "literalExpression", "text": "\"List-Id:<test@example.com>\""}, "loc": ["services", "public-inbox", "inboxes", "<name>", "watchheader"], "readOnly": false, "type": "null or string"}, "services.public-inbox.mda.args": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command-line arguments to pass to {manpage}`public-inbox-mda(1)`.", "loc": ["services", "public-inbox", "mda", "args"], "readOnly": false, "type": "list of string"}, "services.public-inbox.mda.enable": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the public-inbox Mail Delivery Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "mda", "enable"], "readOnly": false, "type": "boolean"}, "services.public-inbox.nntp.args": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command-line arguments to pass to {manpage}`public-inbox-nntpd(1)`.", "loc": ["services", "public-inbox", "nntp", "args"], "readOnly": false, "type": "list of string"}, "services.public-inbox.nntp.cert": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to TLS certificate to use for connections to {manpage}`public-inbox-nntpd(1)`.", "example": {"_type": "literalExpression", "text": "\"/path/to/fullchain.pem\""}, "loc": ["services", "public-inbox", "nntp", "cert"], "readOnly": false, "type": "null or string"}, "services.public-inbox.nntp.enable": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the public-inbox NNTP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "nntp", "enable"], "readOnly": false, "type": "boolean"}, "services.public-inbox.nntp.key": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to TLS key to use for connections to {manpage}`public-inbox-nntpd(1)`.", "example": {"_type": "literalExpression", "text": "\"/path/to/key.pem\""}, "loc": ["services", "public-inbox", "nntp", "key"], "readOnly": false, "type": "null or string"}, "services.public-inbox.nntp.port": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "563"}, "description": "Listening port.\nBeware that public-inbox uses well-known ports number to decide whether to enable TLS or not.\nSet to null and use `systemd.sockets.public-inbox-nntpd.listenStreams`\nif you need a more advanced listening.\n", "loc": ["services", "public-inbox", "nntp", "port"], "readOnly": false, "type": "null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.public-inbox.openFirewall": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the firewall when using a port option.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.public-inbox.package": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "pkgs.public-inbox"}, "description": "The public-inbox package to use.", "loc": ["services", "public-inbox", "package"], "readOnly": false, "type": "package"}, "services.public-inbox.path": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to place in the path of public-inbox-mda,\npublic-inbox-watch, etc.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ spamassassin ]"}, "loc": ["services", "public-inbox", "path"], "readOnly": false, "type": "list of package"}, "services.public-inbox.postfix.enable": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the integration into Postfix.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "public-inbox", "postfix", "enable"], "readOnly": false, "type": "boolean"}, "services.public-inbox.settings": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for the [public-inbox config file](https://public-inbox.org/public-inbox-config.html).\n", "loc": ["services", "public-inbox", "settings"], "readOnly": false, "type": "open submodule of attribute set of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys or attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))"}, "services.public-inbox.settings.coderepo": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "code repositories", "loc": ["services", "public-inbox", "settings", "coderepo"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))"}, "services.public-inbox.settings.coderepo.<name>.cgitUrl": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "description": "URL of a cgit instance", "loc": ["services", "public-inbox", "settings", "coderepo", "<name>", "cgitUrl"], "readOnly": false, "type": "string"}, "services.public-inbox.settings.coderepo.<name>.dir": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "description": "Path to a git repository", "loc": ["services", "public-inbox", "settings", "coderepo", "<name>", "dir"], "readOnly": false, "type": "string"}, "services.public-inbox.settings.publicinbox": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "public inboxes", "loc": ["services", "public-inbox", "settings", "publicinbox"], "readOnly": false, "type": "open submodule of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys or attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))"}, "services.public-inbox.settings.publicinbox.css": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The local path name of a CSS file for the PSGI web interface.", "loc": ["services", "public-inbox", "settings", "publicinbox", "css"], "readOnly": false, "type": "list of string"}, "services.public-inbox.settings.publicinbox.imapserver": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "IMAP URLs to this public-inbox instance", "example": {"_type": "literalExpression", "text": "[\n  \"imap.public-inbox.org\"\n]"}, "loc": ["services", "public-inbox", "settings", "publicinbox", "imapserver"], "readOnly": false, "type": "list of string"}, "services.public-inbox.settings.publicinbox.nntpserver": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "NNTP URLs to this public-inbox instance", "example": {"_type": "literalExpression", "text": "[\n  \"nntp://news.public-inbox.org\"\n  \"nntps://news.public-inbox.org\"\n]"}, "loc": ["services", "public-inbox", "settings", "publicinbox", "nntpserver"], "readOnly": false, "type": "list of string"}, "services.public-inbox.settings.publicinbox.pop3server": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "POP3 URLs to this public-inbox instance", "example": {"_type": "literalExpression", "text": "[\n  \"pop.public-inbox.org\"\n]"}, "loc": ["services", "public-inbox", "settings", "publicinbox", "pop3server"], "readOnly": false, "type": "list of string"}, "services.public-inbox.settings.publicinbox.wwwlisting": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "\"404\""}, "description": "Controls which lists (if any) are listed for when the root\npublic-inbox URL is accessed over HTTP.\n", "loc": ["services", "public-inbox", "settings", "publicinbox", "wwwlisting"], "readOnly": false, "type": "one of \"all\", \"404\", \"match=domain\""}, "services.public-inbox.settings.publicinboxmda.spamcheck": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "If set to spamc, {manpage}`public-inbox-watch(1)` will filter spam\nusing SpamAssassin.\n", "loc": ["services", "public-inbox", "settings", "publicinboxmda", "spamcheck"], "readOnly": false, "type": "one of \"spamc\", \"none\""}, "services.public-inbox.settings.publicinboxwatch.spamcheck": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "If set to spamc, {manpage}`public-inbox-watch(1)` will filter spam\nusing SpamAssassin.\n", "loc": ["services", "public-inbox", "settings", "publicinboxwatch", "spamcheck"], "readOnly": false, "type": "one of \"spamc\", \"none\""}, "services.public-inbox.settings.publicinboxwatch.watchspam": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, mail in this maildir will be trained as spam and\ndeleted from all watched inboxes\n", "example": {"_type": "literalExpression", "text": "\"maildir:/path/to/spam\""}, "loc": ["services", "public-inbox", "settings", "publicinboxwatch", "watchspam"], "readOnly": false, "type": "null or string"}, "services.public-inbox.spamAssassinRules": {"declarations": ["nixos/modules/services/mail/public-inbox.nix"], "default": {"_type": "literalExpression", "text": "${cfg.package.sa_config}/user/.spamassassin/user_prefs"}, "description": "SpamAssassin configuration specific to public-inbox.", "loc": ["services", "public-inbox", "spamAssassinRules"], "readOnly": false, "type": "null or absolute path"}, "services.pufferpanel.enable": {"declarations": ["nixos/modules/services/misc/pufferpanel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PufferPanel game management server.\n\nNote that [PufferPanel templates] and binaries downloaded by PufferPanel\nexpect [FHS environment]. It is possible to set {option}`package` option\nto use PufferPanel wrapper with FHS environment. For example, to use\n`Download Game from Steam` and `Download Java` template operations:\n```Nix\n{ lib, pkgs, ... }: {\n  services.pufferpanel = {\n    enable = true;\n    extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];\n    package = pkgs.buildFHSEnv {\n      name = \"pufferpanel-fhs\";\n      runScript = lib.getExe pkgs.pufferpanel;\n      targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];\n    };\n  };\n}\n```\n\n[PufferPanel templates]: https://github.com/PufferPanel/templates\n[FHS environment]: https://wikipedia.org/wiki/Filesystem_Hierarchy_Standard\n", "loc": ["services", "pufferpanel", "enable"], "readOnly": false, "type": "boolean"}, "services.pufferpanel.environment": {"declarations": ["nixos/modules/services/misc/pufferpanel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the service. Secrets should be\nspecified using {option}`environmentFile`.\n\nRefer to the [PufferPanel source code][] for the list of available\nconfiguration options. Variable name is an upper-cased configuration\nentry name with underscores instead of dots, prefixed with `PUFFER_`.\nFor example, `panel.settings.companyName` entry can be set using\n{env}`PUFFER_PANEL_SETTINGS_COMPANYNAME`.\n\nWhen running with panel enabled (configured with `PUFFER_PANEL_ENABLE`\nenvironment variable), it is recommended disable registration using\n`PUFFER_PANEL_REGISTRATIONENABLED` environment variable (registration is\nenabled by default). To create the initial administrator user, run\n{command}`pufferpanel --workDir /var/lib/pufferpanel user add --admin`.\n\nSome options override corresponding settings set via web interface (e.g.\n`PUFFER_PANEL_REGISTRATIONENABLED`). Those options can be temporarily\ntoggled or set in settings but do not persist between restarts.\n\n[PufferPanel source code]: https://github.com/PufferPanel/PufferPanel/blob/master/config/entries.go\n", "example": {"_type": "literalExpression", "text": "{\n  PUFFER_WEB_HOST = \":8080\";\n  PUFFER_DAEMON_SFTP_HOST = \":5657\";\n  PUFFER_DAEMON_CONSOLE_BUFFER = \"1000\";\n  PUFFER_DAEMON_CONSOLE_FORWARD = \"true\";\n  PUFFER_PANEL_REGISTRATIONENABLED = \"false\";\n}\n"}, "loc": ["services", "pufferpanel", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.pufferpanel.environmentFile": {"declarations": ["nixos/modules/services/misc/pufferpanel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to load environment variables from. Loaded variables override\nvalues set in {option}`environment`.\n", "loc": ["services", "pufferpanel", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.pufferpanel.extraGroups": {"declarations": ["nixos/modules/services/misc/pufferpanel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional groups for the systemd service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"podman\"\n]"}, "loc": ["services", "pufferpanel", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.pufferpanel.extraPackages": {"declarations": ["nixos/modules/services/misc/pufferpanel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages to add to the PATH environment variable. Both the {file}`bin`\nand {file}`sbin` subdirectories of each package are added.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.jre ]"}, "loc": ["services", "pufferpanel", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.pufferpanel.package": {"declarations": ["nixos/modules/services/misc/pufferpanel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pufferpanel"}, "description": "The pufferpanel package to use.", "loc": ["services", "pufferpanel", "package"], "readOnly": false, "type": "package"}, "services.pulseaudio.configFile": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "description": "The path to the default configuration options the PulseAudio server\nshould use. By default, the \"default.pa\" configuration\nfrom the PulseAudio distribution is used.\n", "loc": ["services", "pulseaudio", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.pulseaudio.daemon.config": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config of the pulse daemon. See `man pulse-daemon.conf`.", "example": {"_type": "literalExpression", "text": "{ realtime-scheduling = \"yes\"; }"}, "loc": ["services", "pulseaudio", "daemon", "config"], "readOnly": false, "type": "attribute set of unspecified value"}, "services.pulseaudio.daemon.logLevel": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "The log level that the system-wide pulseaudio daemon should use,\nif activated.\n", "loc": ["services", "pulseaudio", "daemon", "logLevel"], "readOnly": false, "type": "string"}, "services.pulseaudio.enable": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the PulseAudio sound server.\n", "loc": ["services", "pulseaudio", "enable"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.extraClientConf": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration appended to pulse/client.conf file.\n", "loc": ["services", "pulseaudio", "extraClientConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pulseaudio.extraConfig": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Literal string to append to `configFile`\nand the config file generated by the pulseaudio module.\n", "loc": ["services", "pulseaudio", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.pulseaudio.extraModules": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra pulseaudio modules to use. This is intended for out-of-tree\npulseaudio modules like extra bluetooth codecs.\n\nExtra modules take precedence over built-in pulseaudio modules.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.pulseaudio-modules-bt ]"}, "loc": ["services", "pulseaudio", "extraModules"], "readOnly": false, "type": "list of package"}, "services.pulseaudio.package": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pulseaudio"}, "description": "The PulseAudio derivation to use.  This can be used to enable\nfeatures (such as JACK support, Bluetooth) via the\n`pulseaudioFull` package.\n", "example": {"_type": "literalExpression", "text": "pkgs.pulseaudioFull"}, "loc": ["services", "pulseaudio", "package"], "readOnly": false, "type": "package"}, "services.pulseaudio.support32Bit": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to include the 32-bit pulseaudio libraries in the system or not.\nThis is only useful on 64-bit systems and currently limited to x86_64-linux.\n", "loc": ["services", "pulseaudio", "support32Bit"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.systemWide": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If false, a PulseAudio server is launched automatically for\neach user that tries to use the sound system. The server runs\nwith user privileges. If true, one system-wide PulseAudio\nserver is launched on boot, running as the user \"pulse\", and\nonly users in the \"pulse-access\" group will have access to the server.\nPlease read the PulseAudio documentation for more details.\n\nDon't enable this option unless you know what you are doing.\n", "loc": ["services", "pulseaudio", "systemWide"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.tcp.anonymousClients.allowAll": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable all anonymous clients to stream to the server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pulseaudio", "tcp", "anonymousClients", "allowAll"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.tcp.anonymousClients.allowedIpRanges": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of IP subnets that are allowed to stream to the server.\n", "example": {"_type": "literalExpression", "text": "[ \"127.0.0.1\" \"192.168.1.0/24\" ]"}, "loc": ["services", "pulseaudio", "tcp", "anonymousClients", "allowedIpRanges"], "readOnly": false, "type": "list of string"}, "services.pulseaudio.tcp.enable": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tcp streaming support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pulseaudio", "tcp", "enable"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.tcp.openFirewall": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Open firewall for the specified port.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pulseaudio", "tcp", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.tcp.port": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TCP connection port. The default `null` value, means\npulseaudio will try to use the default 4713 port, but if it is\noccupied, it will fallback to a random port.\n", "example": {"_type": "literalExpression", "text": "4713"}, "loc": ["services", "pulseaudio", "tcp", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pulseaudio.zeroconf.discovery.enable": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable discovery of pulseaudio sinks in the local network.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pulseaudio", "zeroconf", "discovery", "enable"], "readOnly": false, "type": "boolean"}, "services.pulseaudio.zeroconf.publish.enable": {"declarations": ["nixos/modules/services/audio/pulseaudio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable publishing the pulseaudio sink in the local network.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pulseaudio", "zeroconf", "publish", "enable"], "readOnly": false, "type": "boolean"}, "services.pykms.enable": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the PyKMS service.", "loc": ["services", "pykms", "enable"], "readOnly": false, "type": "boolean"}, "services.pykms.extraArgs": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments", "loc": ["services", "pykms", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.pykms.listenAddress": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The IP address on which to listen.", "example": {"_type": "literalExpression", "text": "\"::\""}, "loc": ["services", "pykms", "listenAddress"], "readOnly": false, "type": "string"}, "services.pykms.logLevel": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "How much to log", "loc": ["services", "pykms", "logLevel"], "readOnly": false, "type": "one of \"CRITICAL\", \"ERROR\", \"WARNING\", \"INFO\", \"DEBUG\", \"MININFO\""}, "services.pykms.memoryLimit": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "\"64M\""}, "description": "How much memory to use at most.", "loc": ["services", "pykms", "memoryLimit"], "readOnly": false, "type": "string"}, "services.pykms.openFirewallPort": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the listening port should be opened automatically.", "loc": ["services", "pykms", "openFirewallPort"], "readOnly": false, "type": "boolean"}, "services.pykms.package": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pykms"}, "description": "The pykms package to use.", "loc": ["services", "pykms", "package"], "readOnly": false, "type": "package"}, "services.pykms.port": {"declarations": ["nixos/modules/services/misc/pykms.nix"], "default": {"_type": "literalExpression", "text": "1688"}, "description": "The port on which to listen.", "loc": ["services", "pykms", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pyload.credentialsFile": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing {env}`PYLOAD_DEFAULT_USERNAME` and\n{env}`PYLOAD_DEFAULT_PASSWORD` in the format of an `EnvironmentFile=`,\nas described by {manpage}`systemd.exec(5)`.\n\nIf not given, they default to the username/password combo of\npyload/pyload.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/pyload-credentials.env\""}, "loc": ["services", "pyload", "credentialsFile"], "readOnly": false, "type": "null or absolute path"}, "services.pyload.downloadDirectory": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/pyload/downloads\""}, "description": "Directory to store downloads.", "example": {"_type": "literalExpression", "text": "\"/mnt/downloads\""}, "loc": ["services", "pyload", "downloadDirectory"], "readOnly": false, "type": "absolute path"}, "services.pyload.enable": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pyLoad download manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pyload", "enable"], "readOnly": false, "type": "boolean"}, "services.pyload.group": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "\"pyload\""}, "description": "Group under which pyLoad runs, and which owns the download directory.", "loc": ["services", "pyload", "group"], "readOnly": false, "type": "string"}, "services.pyload.listenAddress": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address to listen on for the web UI.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "pyload", "listenAddress"], "readOnly": false, "type": "string"}, "services.pyload.package": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pyload-ng"}, "description": "The pyLoad package to use.", "loc": ["services", "pyload", "package"], "readOnly": false, "type": "package"}, "services.pyload.port": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "Port to listen on for the web UI.", "example": {"_type": "literalExpression", "text": "9876"}, "loc": ["services", "pyload", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pyload.user": {"declarations": ["nixos/modules/services/networking/pyload.nix"], "default": {"_type": "literalExpression", "text": "\"pyload\""}, "description": "User under which pyLoad runs, and which owns the download directory.", "loc": ["services", "pyload", "user"], "readOnly": false, "type": "string"}, "services.qbittorrent.enable": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable qbittorrent, BitTorrent client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "qbittorrent", "enable"], "readOnly": false, "type": "boolean"}, "services.qbittorrent.extraArgs": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to qbittorrent. See `qbittorrent -h`, or the [source code](https://github.com/qbittorrent/qBittorrent/blob/master/src/app/cmdoptions.cpp), for the available arguments.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--confirm-legal-notice\"\n]"}, "loc": ["services", "qbittorrent", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.qbittorrent.group": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "\"qbittorrent\""}, "description": "Group under which qbittorrent runs.", "loc": ["services", "qbittorrent", "group"], "readOnly": false, "type": "string"}, "services.qbittorrent.openFirewall": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening both the webuiPort and torrentPort over TCP in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "qbittorrent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.qbittorrent.package": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qbittorrent-nox"}, "description": "The qbittorrent-nox package to use.", "loc": ["services", "qbittorrent", "package"], "readOnly": false, "type": "package"}, "services.qbittorrent.profileDir": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/qBittorrent/\""}, "description": "the path passed to qbittorrent via --profile.", "loc": ["services", "qbittorrent", "profileDir"], "readOnly": false, "type": "absolute path"}, "services.qbittorrent.serverConfig": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings mapped to the {file}`qBittorrent.conf` file in the profile.\nRefer to [Explanation-of-Options-in-qBittorrent](https://github.com/qbittorrent/qBittorrent/wiki/Explanation-of-Options-in-qBittorrent).\nThe Password_PBKDF2 format is oddly unique, you will likely want to use [this tool](https://codeberg.org/feathecutie/qbittorrent_password) to generate the format.\nAlternatively you can run qBittorrent independently first and use its webUI to generate the format.\n\nOptionally an alternative webUI can be easily set. VueTorrent for example:\n```nix\n{\n  Preferences = {\n    WebUI = {\n      AlternativeUIEnabled = true;\n      RootFolder = \"${pkgs.vuetorrent}/share/vuetorrent\";\n    };\n  };\n}\n];\n```\n", "example": {"_type": "literalExpression", "text": "{\n  LegalNotice.Accepted = true;\n  Preferences = {\n    WebUI = {\n      Username = \"user\";\n      Password_PBKDF2 = \"generated ByteArray.\";\n    };\n    General.Locale = \"en\";\n  };\n}\n"}, "loc": ["services", "qbittorrent", "serverConfig"], "readOnly": false, "type": "open submodule of attribute set of attribute set of anything"}, "services.qbittorrent.torrentingPort": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "the port passed to qbittorrent via `--torrenting-port`", "loc": ["services", "qbittorrent", "torrentingPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.qbittorrent.user": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "\"qbittorrent\""}, "description": "User account under which qbittorrent runs.", "loc": ["services", "qbittorrent", "user"], "readOnly": false, "type": "string"}, "services.qbittorrent.webuiPort": {"declarations": ["nixos/modules/services/torrent/qbittorrent.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "the port passed to qbittorrent via `--webui-port`", "loc": ["services", "qbittorrent", "webuiPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.qdrant.enable": {"declarations": ["nixos/modules/services/search/qdrant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Vector Search Engine for the next generation of AI applications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "qdrant", "enable"], "readOnly": false, "type": "boolean"}, "services.qdrant.package": {"declarations": ["nixos/modules/services/search/qdrant.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qdrant"}, "description": "The qdrant package to use.", "loc": ["services", "qdrant", "package"], "readOnly": false, "type": "package"}, "services.qdrant.settings": {"declarations": ["nixos/modules/services/search/qdrant.nix"], "default": {"_type": "literalExpression", "text": "{\n  storage = {\n    storage_path = \"/var/lib/qdrant/storage\";\n    snapshots_path = \"/var/lib/qdrant/snapshots\";\n  };\n  hsnw_index = {\n    on_disk = true;\n  };\n  service = {\n    host = \"127.0.0.1\";\n    http_port = 6333;\n    grpc_port = 6334;\n  };\n  telemetry_disabled = true;\n}\n"}, "description": "Configuration for Qdrant\nRefer to <https://github.com/qdrant/qdrant/blob/master/config/config.yaml> for details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  hsnw_index = {\n    on_disk = true;\n  };\n  service = {\n    grpc_port = 6334;\n    host = \"127.0.0.1\";\n    http_port = 6333;\n  };\n  storage = {\n    snapshots_path = \"/var/lib/qdrant/snapshots\";\n    storage_path = \"/var/lib/qdrant/storage\";\n  };\n  telemetry_disabled = true;\n}"}, "loc": ["services", "qdrant", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.qdrant.webUIPackage": {"declarations": ["nixos/modules/services/search/qdrant.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qdrant-web-ui"}, "description": "The qdrant-web-ui package to use.", "loc": ["services", "qdrant", "webUIPackage"], "readOnly": false, "type": "package"}, "services.qemuGuest.enable": {"declarations": ["nixos/modules/virtualisation/qemu-guest-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the qemu guest agent.", "loc": ["services", "qemuGuest", "enable"], "readOnly": false, "type": "boolean"}, "services.qemuGuest.package": {"declarations": ["nixos/modules/virtualisation/qemu-guest-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qemu_kvm.ga"}, "description": "The ga package to use.", "loc": ["services", "qemuGuest", "package"], "readOnly": false, "type": "package"}, "services.quake3-server.baseq3": {"declarations": ["nixos/modules/services/games/quake3-server.nix"], "default": {"_type": "literalMD", "text": "Manually downloaded Quake 3 installation directory."}, "description": "Path to the baseq3 files (pak*.pk3). If this is on the nix store (type = package) all .pk3 files should be saved\nin the top-level directory. If this is on another filesystem (e.g /var/lib/baseq3) the .pk3 files are searched in\n$baseq3/.q3a/baseq3/\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/q3ds\""}, "loc": ["services", "quake3-server", "baseq3"], "readOnly": false, "type": "package or absolute path"}, "services.quake3-server.enable": {"declarations": ["nixos/modules/services/games/quake3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Quake 3 dedicated server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "quake3-server", "enable"], "readOnly": false, "type": "boolean"}, "services.quake3-server.extraConfig": {"declarations": ["nixos/modules/services/games/quake3-server.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options. Note that options changed via RCON will not be persisted. To list all possible\noptions, use \"cvarlist 1\" via RCON.\n", "example": {"_type": "literalExpression", "text": "''\n  seta rconPassword \"superSecret\"      // sets RCON password for remote console\n  seta sv_hostname \"My Quake 3 server\"      // name that appears in server list\n''"}, "loc": ["services", "quake3-server", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.quake3-server.openFirewall": {"declarations": ["nixos/modules/services/games/quake3-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the firewall.\n", "loc": ["services", "quake3-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.quake3-server.package": {"declarations": ["nixos/modules/services/games/quake3-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ioquake3"}, "description": "The ioquake3 package to use.", "loc": ["services", "quake3-server", "package"], "readOnly": false, "type": "package"}, "services.quake3-server.port": {"declarations": ["nixos/modules/services/games/quake3-server.nix"], "default": {"_type": "literalExpression", "text": "27960"}, "description": "UDP Port the server should listen on.\n", "loc": ["services", "quake3-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.quassel.certificateFile": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the certificate used for SSL connections with clients.\n", "loc": ["services", "quassel", "certificateFile"], "readOnly": false, "type": "null or string"}, "services.quassel.dataDir": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "\"/home/${config.services.quassel.user}/.config/quassel-irc.org\"\n"}, "description": "The directory holding configuration files, the SQlite database and the SSL Cert.\n", "loc": ["services", "quassel", "dataDir"], "readOnly": false, "type": "string"}, "services.quassel.enable": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Quassel IRC client daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "quassel", "enable"], "readOnly": false, "type": "boolean"}, "services.quassel.interfaces": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "description": "The interfaces the Quassel daemon will be listening to.  If `[ 127.0.0.1 ]`,\nonly clients on the local host can connect to it; if `[ 0.0.0.0 ]`, clients\ncan access it from any network interface.\n", "loc": ["services", "quassel", "interfaces"], "readOnly": false, "type": "list of string"}, "services.quassel.package": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.quasselDaemon"}, "description": "The quasselDaemon package to use.", "loc": ["services", "quassel", "package"], "readOnly": false, "type": "package"}, "services.quassel.portNumber": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "4242"}, "description": "The port number the Quassel daemon will be listening to.\n", "loc": ["services", "quassel", "portNumber"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.quassel.requireSSL": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Require SSL for connections from clients.\n", "loc": ["services", "quassel", "requireSSL"], "readOnly": false, "type": "boolean"}, "services.quassel.user": {"declarations": ["nixos/modules/services/networking/quassel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The existing user the Quassel daemon should run as. If left empty, a default \"quassel\" user will be created.\n", "loc": ["services", "quassel", "user"], "readOnly": false, "type": "null or string"}, "services.qui.enable": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable qui.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "qui", "enable"], "readOnly": false, "type": "boolean"}, "services.qui.group": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "\"qui\""}, "description": "Group to run qui as.", "example": {"_type": "literalExpression", "text": "\"torrents\""}, "loc": ["services", "qui", "group"], "readOnly": false, "type": "string"}, "services.qui.openFirewall": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to open ports in the firewall for qui.", "loc": ["services", "qui", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.qui.package": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qui"}, "description": "The qui package to use.", "loc": ["services", "qui", "package"], "readOnly": false, "type": "package"}, "services.qui.secretFile": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "description": "Path to a file that contains the session secret. The session secret\ncan be generated with `openssl rand -hex 32`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/qui-session.txt\""}, "loc": ["services", "qui", "secretFile"], "readOnly": false, "type": "absolute path"}, "services.qui.settings": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "qui configuration options.\n\nRefer to the [template config](https://github.com/autobrr/qui/blob/main/internal/config/config.go)\nin the source code for the available options.\nThe documentation contains the available [environment variables](https://getqui.com/docs/configuration/environment/),\nthis can be used to get an overview.\n", "example": {"_type": "literalExpression", "text": "{\n  logLevel = \"DEBUG\";\n  metricsEnabled = true;\n  port = 7777;\n}"}, "loc": ["services", "qui", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.qui.settings.host": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address qui listens on.", "loc": ["services", "qui", "settings", "host"], "readOnly": false, "type": "string"}, "services.qui.settings.port": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "7476"}, "description": "The port qui listens on.", "loc": ["services", "qui", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.qui.user": {"declarations": ["nixos/modules/services/torrent/qui.nix"], "default": {"_type": "literalExpression", "text": "\"qui\""}, "description": "User to run qui as.", "loc": ["services", "qui", "user"], "readOnly": false, "type": "string"}, "services.quicktun": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "QuickTun tunnels.\n\nSee <http://wiki.ucis.nl/QuickTun> for more information about available options.\n", "loc": ["services", "quicktun"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.quicktun.<name>.localAddress": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP address or hostname of the local end.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "quicktun", "<name>", "localAddress"], "readOnly": false, "type": "null or string"}, "services.quicktun.<name>.localPort": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "2998"}, "description": "Local UDP port.", "loc": ["services", "quicktun", "<name>", "localPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.quicktun.<name>.privateKey": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Local secret key in hexadecimal form.\n\n::: {.warning}\nThis option is deprecated. Please use {var}`services.quicktun.<name>.privateKeyFile` instead.\n:::\n\n::: {.note}\nNot needed when {var}`services.quicktun.<name>.protocol` is set to `raw`.\n:::\n", "loc": ["services", "quicktun", "<name>", "privateKey"], "readOnly": false, "type": "null or string"}, "services.quicktun.<name>.privateKeyFile": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "\"null\""}, "description": "Path to file containing local secret key in binary or hexadecimal form.\n\n::: {.note}\nNot needed when {var}`services.quicktun.<name>.protocol` is set to `raw`.\n:::\n", "loc": ["services", "quicktun", "<name>", "privateKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.quicktun.<name>.protocol": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "\"nacltai\""}, "description": "Which protocol to use.", "loc": ["services", "quicktun", "<name>", "protocol"], "readOnly": false, "type": "one of \"raw\", \"nacl0\", \"nacltai\", \"salty\""}, "services.quicktun.<name>.publicKey": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Remote public key in hexadecimal form.\n\n::: {.note}\nNot needed when {var}`services.quicktun.<name>.protocol` is set to `raw`.\n:::\n", "loc": ["services", "quicktun", "<name>", "publicKey"], "readOnly": false, "type": "null or string"}, "services.quicktun.<name>.remoteAddress": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address or hostname of the remote end (use `0.0.0.0` for a floating/dynamic remote endpoint).\n", "example": {"_type": "literalExpression", "text": "\"tunnel.example.com\""}, "loc": ["services", "quicktun", "<name>", "remoteAddress"], "readOnly": false, "type": "string"}, "services.quicktun.<name>.remoteFloat": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow the remote address and port to change when properly encrypted packets are received.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "quicktun", "<name>", "remoteFloat"], "readOnly": false, "type": "integer between 0 and 1 (both inclusive) or boolean convertible to it"}, "services.quicktun.<name>.remotePort": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "config.services.quicktun.<name>.localPort"}, "description": "Remote UDP port", "loc": ["services", "quicktun", "<name>", "remotePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.quicktun.<name>.timeWindow": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Allowed time window for first received packet in seconds (positive number allows packets from history)\n", "loc": ["services", "quicktun", "<name>", "timeWindow"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.quicktun.<name>.tunMode": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to operate in tun (IP) or tap (Ethernet) mode.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "quicktun", "<name>", "tunMode"], "readOnly": false, "type": "integer between 0 and 1 (both inclusive) or boolean convertible to it"}, "services.quicktun.<name>.upScript": {"declarations": ["nixos/modules/services/networking/quicktun.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Run specified command or script after the tunnel device has been opened.\n", "loc": ["services", "quicktun", "<name>", "upScript"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.quickwit.dataDir": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/quickwit\""}, "description": "Data directory for Quickwit. If you change this, you need to\nmanually create the directory. You also need to create the\n`quickwit` user and group, or change\n[](#opt-services.quickwit.user) and\n[](#opt-services.quickwit.group) to existing ones with\naccess to the directory.\n", "loc": ["services", "quickwit", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.quickwit.enable": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Quickwit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "quickwit", "enable"], "readOnly": false, "type": "boolean"}, "services.quickwit.extraFlags": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options to pass to Quickwit.", "loc": ["services", "quickwit", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.quickwit.group": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "\"quickwit\""}, "description": "The group quickwit runs as. Should be left at default unless\nyou have very specific needs.\n", "loc": ["services", "quickwit", "group"], "readOnly": false, "type": "string"}, "services.quickwit.package": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.quickwit"}, "description": "The Quickwit package to use.", "loc": ["services", "quickwit", "package"], "readOnly": false, "type": "package"}, "services.quickwit.restartIfChanged": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on a server or cluster.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "quickwit", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.quickwit.settings": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Quickwit configuration.\n", "loc": ["services", "quickwit", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.quickwit.settings.grpc_listen_port": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "7281"}, "description": "The port to listen on for gRPC traffic.\n", "loc": ["services", "quickwit", "settings", "grpc_listen_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.quickwit.settings.listen_address": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Listen address of Quickwit.\n", "loc": ["services", "quickwit", "settings", "listen_address"], "readOnly": false, "type": "string"}, "services.quickwit.settings.rest": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Rest server configuration for Quickwit\n", "loc": ["services", "quickwit", "settings", "rest"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.quickwit.settings.rest.listen_port": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "7280"}, "description": "The port to listen on for HTTP REST traffic.\n", "loc": ["services", "quickwit", "settings", "rest", "listen_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.quickwit.settings.version": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "0.7"}, "description": "Configuration file version.\n", "loc": ["services", "quickwit", "settings", "version"], "readOnly": false, "type": "floating point number"}, "services.quickwit.user": {"declarations": ["nixos/modules/services/search/quickwit.nix"], "default": {"_type": "literalExpression", "text": "\"quickwit\""}, "description": "The user Quickwit runs as. Should be left at default unless\nyou have very specific needs.\n", "loc": ["services", "quickwit", "user"], "readOnly": false, "type": "string"}, "services.r53-ddns.domain": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "description": "The name of your domain in Route53", "loc": ["services", "r53-ddns", "domain"], "readOnly": false, "type": "string"}, "services.r53-ddns.enable": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable r53-ddyns.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "r53-ddns", "enable"], "readOnly": false, "type": "boolean"}, "services.r53-ddns.environmentFile": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "description": "File containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY\nin the format of an EnvironmentFile as described by {manpage}`systemd.exec(5)`\n", "loc": ["services", "r53-ddns", "environmentFile"], "readOnly": false, "type": "string"}, "services.r53-ddns.hostname": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "description": "Manually specify the hostname. Otherwise the tool will try to use the name\nreturned by the OS (Call to gethostname)\n", "loc": ["services", "r53-ddns", "hostname"], "readOnly": false, "type": "string"}, "services.r53-ddns.interval": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "default": {"_type": "literalExpression", "text": "\"15min\""}, "description": "How often to update the entry", "loc": ["services", "r53-ddns", "interval"], "readOnly": false, "type": "string"}, "services.r53-ddns.ttl": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "description": "The TTL for the generated record", "loc": ["services", "r53-ddns", "ttl"], "readOnly": false, "type": "signed integer"}, "services.r53-ddns.zoneID": {"declarations": ["nixos/modules/services/networking/r53-ddns.nix"], "description": "The ID of your zone in Route53", "loc": ["services", "r53-ddns", "zoneID"], "readOnly": false, "type": "string"}, "services.rabbitmq.config": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim advanced configuration file contents using the Erlang syntax.\nThis is also known as the {file}`advanced.config` file or the old config format.\n\n`configItems` is preferred whenever possible. However, nested\ndata structures can only be expressed properly using the `config` option.\n\nThe contents of this option will be merged into the `configItems`\nby RabbitMQ at runtime to form the final configuration.\n\nSee the second table on <https://www.rabbitmq.com/configure.html#config-items>\nFor the distinct formats, see <https://www.rabbitmq.com/configure.html#config-file-formats>\n", "loc": ["services", "rabbitmq", "config"], "readOnly": false, "type": "string"}, "services.rabbitmq.configItems": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options in RabbitMQ's new config file format,\nwhich is a simple key-value format that can not express nested\ndata structures. This is known as the {file}`rabbitmq.conf` file,\nalthough outside NixOS that filename may have Erlang syntax, particularly\nprior to RabbitMQ 3.7.0.\n\nIf you do need to express nested data structures, you can use\n`config` option. Configuration from `config`\nwill be merged into these options by RabbitMQ at runtime to\nform the final configuration.\n\nSee <https://www.rabbitmq.com/configure.html#config-items>\nFor the distinct formats, see <https://www.rabbitmq.com/configure.html#config-file-formats>\n", "example": {"_type": "literalExpression", "text": "{\n  \"auth_backends.1.authn\" = \"rabbit_auth_backend_ldap\";\n  \"auth_backends.1.authz\" = \"rabbit_auth_backend_internal\";\n}\n"}, "loc": ["services", "rabbitmq", "configItems"], "readOnly": false, "type": "attribute set of string"}, "services.rabbitmq.dataDir": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rabbitmq\""}, "description": "Data directory for rabbitmq.\n", "loc": ["services", "rabbitmq", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.rabbitmq.enable": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the RabbitMQ server, an Advanced Message\nQueuing Protocol (AMQP) broker.\n", "loc": ["services", "rabbitmq", "enable"], "readOnly": false, "type": "boolean"}, "services.rabbitmq.listenAddress": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP address on which RabbitMQ will listen for AMQP\nconnections.  Set to the empty string to listen on all\ninterfaces.  Note that RabbitMQ creates a user named\n`guest` with password\n`guest` by default, so you should delete\nthis user if you intend to allow external access.\n\nTogether with 'port' setting it's mostly an alias for\nconfigItems.\"listeners.tcp.1\" and it's left for backwards\ncompatibility with previous version of this module.\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["services", "rabbitmq", "listenAddress"], "readOnly": false, "type": "string"}, "services.rabbitmq.managementPlugin.enable": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the management plugin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rabbitmq", "managementPlugin", "enable"], "readOnly": false, "type": "boolean"}, "services.rabbitmq.managementPlugin.port": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "15672"}, "description": "On which port to run the management plugin\n", "loc": ["services", "rabbitmq", "managementPlugin", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rabbitmq.package": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rabbitmq-server"}, "description": "The rabbitmq-server package to use.", "loc": ["services", "rabbitmq", "package"], "readOnly": false, "type": "package"}, "services.rabbitmq.pluginDirs": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of directories containing external plugins", "loc": ["services", "rabbitmq", "pluginDirs"], "readOnly": false, "type": "list of absolute path"}, "services.rabbitmq.plugins": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The names of plugins to enable", "loc": ["services", "rabbitmq", "plugins"], "readOnly": false, "type": "list of string"}, "services.rabbitmq.port": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "5672"}, "description": "Port on which RabbitMQ will listen for AMQP connections.\n", "loc": ["services", "rabbitmq", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rabbitmq.unsafeCookie": {"declarations": ["nixos/modules/services/amqp/rabbitmq.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Erlang cookie is a string of arbitrary length which must\nbe the same for several nodes to be allowed to communicate.\nLeave empty to generate automatically.\n\nSetting the cookie via this option exposes the cookie to the store, which\nis not recommended for security reasons.\nOnly use this option in an isolated non-production environment such as\nNixOS VM tests.\n", "loc": ["services", "rabbitmq", "unsafeCookie"], "readOnly": false, "type": "string"}, "services.radarr.dataDir": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/radarr/.config/Radarr\""}, "description": "The directory where Radarr stores its data files.", "loc": ["services", "radarr", "dataDir"], "readOnly": false, "type": "string"}, "services.radarr.enable": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Radarr, a UsetNet/BitTorrent movie downloader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radarr", "enable"], "readOnly": false, "type": "boolean"}, "services.radarr.environmentFiles": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment file to pass secret configuration values.\nEach line must follow the `RADARR__SECTION__KEY=value` pattern.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n", "loc": ["services", "radarr", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.radarr.group": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "\"radarr\""}, "description": "Group under which Radarr runs.", "loc": ["services", "radarr", "group"], "readOnly": false, "type": "string"}, "services.radarr.openFirewall": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Radarr web interface.", "loc": ["services", "radarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.radarr.package": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radarr"}, "description": "The radarr package to use.", "loc": ["services", "radarr", "package"], "readOnly": false, "type": "package"}, "services.radarr.settings": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n\nWARNING: this configuration is stored in the world-readable Nix store!\nFor secrets use [](#opt-services.radarr.environmentFiles).\n", "example": {"_type": "literalExpression", "text": "{\n  update.mechanism = \"internal\";\n  server = {\n    urlbase = \"localhost\";\n    port = 7878;\n    bindaddress = \"*\";\n  };\n}\n"}, "loc": ["services", "radarr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.radarr.settings.log.analyticsEnabled": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send Anonymous Usage Data", "loc": ["services", "radarr", "settings", "log", "analyticsEnabled"], "readOnly": false, "type": "boolean"}, "services.radarr.settings.server.port": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "7878"}, "description": "Port Number", "loc": ["services", "radarr", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.radarr.settings.update.automatically": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically download and install updates.", "loc": ["services", "radarr", "settings", "update", "automatically"], "readOnly": false, "type": "boolean"}, "services.radarr.settings.update.mechanism": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "which update mechanism to use", "loc": ["services", "radarr", "settings", "update", "mechanism"], "readOnly": false, "type": "null or one of \"external\", \"builtIn\", \"script\""}, "services.radarr.user": {"declarations": ["nixos/modules/services/misc/servarr/radarr.nix"], "default": {"_type": "literalExpression", "text": "\"radarr\""}, "description": "User account under which Radarr runs.", "loc": ["services", "radarr", "user"], "readOnly": false, "type": "string"}, "services.radicale.config": {"declarations": ["nixos/modules/services/networking/radicale.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Radicale configuration, this will set the service\nconfiguration file.\nThis option is mutually exclusive with {option}`settings`.\nThis option is deprecated.  Use {option}`settings` instead.\n", "loc": ["services", "radicale", "config"], "readOnly": false, "type": "string"}, "services.radicale.enable": {"declarations": ["nixos/modules/services/networking/radicale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Radicale CalDAV and CardDAV server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicale", "enable"], "readOnly": false, "type": "boolean"}, "services.radicale.extraArgs": {"declarations": ["nixos/modules/services/networking/radicale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to the Radicale daemon.", "loc": ["services", "radicale", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.radicale.package": {"declarations": ["nixos/modules/services/networking/radicale.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radicale"}, "description": "Radicale package to use.", "loc": ["services", "radicale", "package"], "readOnly": false, "type": "package"}, "services.radicale.rights": {"declarations": ["nixos/modules/services/networking/radicale.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Radicale's rights file. See\n<https://radicale.org/v3.html#authentication-and-rights>.\nThis option only works in conjunction with {option}`settings`.\nSetting this will also set {option}`settings.rights.type` and\n{option}`settings.rights.file` to appropriate values.\n", "example": {"_type": "literalExpression", "text": "root = {\n  user = \".+\";\n  collection = \"\";\n  permissions = \"R\";\n};\nprincipal = {\n  user = \".+\";\n  collection = \"{user}\";\n  permissions = \"RW\";\n};\ncalendars = {\n  user = \".+\";\n  collection = \"{user}/[^/]+\";\n  permissions = \"rw\";\n};\n"}, "loc": ["services", "radicale", "rights"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.radicale.settings": {"declarations": ["nixos/modules/services/networking/radicale.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Radicale. See\n<https://radicale.org/v3.html#configuration>.\nThis option is mutually exclusive with {option}`config`.\n", "example": {"_type": "literalExpression", "text": "server = {\n  hosts = [ \"0.0.0.0:5232\" \"[::]:5232\" ];\n};\nauth = {\n  type = \"htpasswd\";\n  htpasswd_filename = \"/etc/radicale/users\";\n  htpasswd_encryption = \"bcrypt\";\n};\nstorage = {\n  filesystem_folder = \"/var/lib/radicale/collections\";\n};\n"}, "loc": ["services", "radicale", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.radicle.checkConfig": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable checking the {file}`config.json` file resulting from {option}`services.radicle.settings`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicle", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.radicle.ci.adapters.native.instances": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "radicle-native-ci adapter instances.", "loc": ["services", "radicle", "ci", "adapters", "native", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.radicle.ci.adapters.native.instances.<name>.enable": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this radicle-native-ci instance.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.radicle.ci.adapters.native.instances.<name>.name": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "description": "Adapter name that is used in the radicle-ci-broker configuration.\nDefaults to the attribute name.\n", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "name"], "readOnly": false, "type": "string"}, "services.radicle.ci.adapters.native.instances.<name>.package": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radicle-native-ci"}, "description": "The radicle-native-ci package to use.", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "package"], "readOnly": false, "type": "package"}, "services.radicle.ci.adapters.native.instances.<name>.runtimePackages": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [\n  bash\n  coreutils\n  curl\n  gawk\n  gitMinimal\n  gnused\n  wget\n]\n"}, "description": "Packages added to the adapter's {env}`PATH`.", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "runtimePackages"], "readOnly": false, "type": "list of package"}, "services.radicle.ci.adapters.native.instances.<name>.settings": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of radicle-native-ci.\nSee <https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE#configuration> for more information.\n", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.radicle.ci.adapters.native.instances.<name>.settings.base_url": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base URL for build logs (mandatory for access from CI broker page).", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "settings", "base_url"], "readOnly": false, "type": "null or string"}, "services.radicle.ci.adapters.native.instances.<name>.settings.log": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.radicle.ci.broker.logDir}/adapters/native/\u2039name\u203a.log\""}, "description": "File where radicle-native-ci should write the run log.", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "settings", "log"], "readOnly": false, "type": "absolute path"}, "services.radicle.ci.adapters.native.instances.<name>.settings.state": {"declarations": ["nixos/modules/services/continuous-integration/radicle/adapters/native.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.radicle.ci.broker.stateDir}/adapters/native/\u2039name\u203a\""}, "description": "Directory where per-run directories are stored.", "loc": ["services", "radicle", "ci", "adapters", "native", "instances", "<name>", "settings", "state"], "readOnly": false, "type": "absolute path"}, "services.radicle.ci.broker.checkConfig": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable checking the {file}`ci-broker.yaml` file resulting from [](#opt-services.radicle.ci.broker.settings).", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "radicle", "ci", "broker", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.radicle.ci.broker.enable": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable radicle-ci-broker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicle", "ci", "broker", "enable"], "readOnly": false, "type": "boolean"}, "services.radicle.ci.broker.enableHardening": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable systemd hardening.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "radicle", "ci", "broker", "enableHardening"], "readOnly": false, "type": "boolean"}, "services.radicle.ci.broker.logDir": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/radicle-ci\""}, "description": "Log directory of radicle-ci-broker.", "loc": ["services", "radicle", "ci", "broker", "logDir"], "readOnly": false, "type": "absolute path"}, "services.radicle.ci.broker.package": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radicle-ci-broker"}, "description": "The radicle-ci-broker package to use.", "loc": ["services", "radicle", "ci", "broker", "package"], "readOnly": false, "type": "package"}, "services.radicle.ci.broker.settings": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of radicle-ci-broker.\nSee <https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:zwTxygwuz5LDGBq255RA2CbNGrz8/tree/doc/userguide.md#configuration> for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  adapters.native = {\n    command = lib.getExe pkgs.radicle-native-ci;\n    config = { };\n    config_env = \"RADICLE_NATIVE_CI\";\n    env.PATH = lib.makeBinPath (with pkgs; [ bash coreutils ]);\n  };\n\n  triggers = [\n    {\n      adapter = \"native\";\n      filters = [\n        {\n          And = [\n            { HasFile = \".radicle/native.yaml\"; }\n            { Node = \"z6MkgEMYod7Hxfy9qCvDv5hYHkZ4ciWmLFgfvm3Wn1b2w2FV\"; }\n            {\n              Or = [\n                \"DefaultBranch\"\n                \"PatchCreated\"\n                \"PatchUpdated\"\n              ];\n            }\n          ];\n        }\n      ];\n    }\n  ];\n}\n"}, "loc": ["services", "radicle", "ci", "broker", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.radicle.ci.broker.settings.adapters": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "CI adapters.\nSee also the options under [services.radicle.ci.adapters](#opt-services.radicle.ci.adapters.native.instances).\n", "loc": ["services", "radicle", "ci", "broker", "settings", "adapters"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.radicle.ci.broker.settings.adapters.<name>.command": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "description": "Adapter command to run.", "loc": ["services", "radicle", "ci", "broker", "settings", "adapters", "<name>", "command"], "readOnly": false, "type": "string"}, "services.radicle.ci.broker.settings.adapters.<name>.env": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to add when running the adapter.", "loc": ["services", "radicle", "ci", "broker", "settings", "adapters", "<name>", "env"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.radicle.ci.broker.settings.db": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.radicle.ci.broker.stateDir}/ci-broker.db\""}, "description": "Database file path.", "loc": ["services", "radicle", "ci", "broker", "settings", "db"], "readOnly": false, "type": "absolute path"}, "services.radicle.ci.broker.settings.report_dir": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.radicle.ci.broker.stateDir}/reports\""}, "description": "Directory where HTML and JSON report pages are written.", "loc": ["services", "radicle", "ci", "broker", "settings", "report_dir"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.ci.broker.settings.triggers": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "CI triggers.", "loc": ["services", "radicle", "ci", "broker", "settings", "triggers"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.radicle.ci.broker.settings.triggers.*.adapter": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "description": "Adapter name.", "loc": ["services", "radicle", "ci", "broker", "settings", "triggers", "*", "adapter"], "readOnly": false, "type": "string"}, "services.radicle.ci.broker.settings.triggers.*.filters": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "description": "Trigger filter.", "loc": ["services", "radicle", "ci", "broker", "settings", "triggers", "*", "filters"], "readOnly": false, "type": "list of (JSON value)"}, "services.radicle.ci.broker.stateDir": {"declarations": ["nixos/modules/services/continuous-integration/radicle/ci-broker.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/radicle-ci\""}, "description": "State directory of radicle-ci-broker.", "loc": ["services", "radicle", "ci", "broker", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.radicle.enable": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Radicle Seed Node.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicle", "enable"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.aliases": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Alias and RID pairs to shorten git clone commands for repositories.", "example": {"_type": "literalExpression", "text": "{\n  heartwood = \"rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5\";\n}\n"}, "loc": ["services", "radicle", "httpd", "aliases"], "readOnly": false, "type": "attribute set of string"}, "services.radicle.httpd.enable": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Radicle HTTP gateway to radicle-node.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicle", "httpd", "enable"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.extraArgs": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments for `radicle-httpd`", "loc": ["services", "radicle", "httpd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.radicle.httpd.listenAddress": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP address on which `radicle-httpd` listens.", "loc": ["services", "radicle", "httpd", "listenAddress"], "readOnly": false, "type": "string"}, "services.radicle.httpd.listenPort": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port on which `radicle-httpd` listens.", "loc": ["services", "radicle", "httpd", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.radicle.httpd.nginx": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "With this option, you can customize an nginx virtual host which already has sensible defaults for `radicle-httpd`.\nSet to `{}` if you do not need any customization to the virtual host.\nIf enabled, then by default, the {option}`serverName` is\n`radicle-${config.networking.hostName}.${config.networking.domain}`,\nTLS is active, and certificates are acquired via ACME.\nIf this is set to null (the default), no nginx virtual host will be configured.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"seed.${config.networking.domain}\"\n  ];\n  enableACME = false;\n  useACMEHost = config.networking.domain;\n}\n"}, "loc": ["services", "radicle", "httpd", "nginx"], "readOnly": false, "type": "null or (submodule)"}, "services.radicle.httpd.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "radicle", "httpd", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.acmeRoot": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "radicle", "httpd", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.addSSL": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "radicle", "httpd", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.basicAuth": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "radicle", "httpd", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.radicle.httpd.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "radicle", "httpd", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.httpd.nginx.default": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "radicle", "httpd", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.enableACME": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "radicle", "httpd", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.extraConfig": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "radicle", "httpd", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.radicle.httpd.nginx.forceSSL": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "radicle", "httpd", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.globalRedirect": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "radicle", "httpd", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.http2": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "radicle", "httpd", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.http3": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "radicle", "httpd", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.http3_hq": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "radicle", "httpd", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.kTLS": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "radicle", "httpd", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.listen": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "radicle", "httpd", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.radicle.httpd.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "description": "Listen address.", "loc": ["services", "radicle", "httpd", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.radicle.httpd.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "radicle", "httpd", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.radicle.httpd.nginx.listen.*.port": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "radicle", "httpd", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.radicle.httpd.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "radicle", "httpd", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "radicle", "httpd", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.listenAddresses": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "radicle", "httpd", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.radicle.httpd.nginx.locations": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "radicle", "httpd", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.radicle.httpd.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.httpd.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.radicle.httpd.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.httpd.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.radicle.httpd.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.radicle.httpd.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.radicle.httpd.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.radicle.httpd.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.httpd.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "radicle", "httpd", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.onlySSL": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "radicle", "httpd", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.quic": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "radicle", "httpd", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.redirectCode": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "radicle", "httpd", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.radicle.httpd.nginx.rejectSSL": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "radicle", "httpd", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.reuseport": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "radicle", "httpd", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.radicle.httpd.nginx.root": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "radicle", "httpd", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.httpd.nginx.serverAliases": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "radicle", "httpd", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.radicle.httpd.nginx.serverName": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "\"radicle-\\${config.networking.hostName}.\\${config.networking.domain}\""}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "radicle", "httpd", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.nginx.sslCertificate": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "radicle", "httpd", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.radicle.httpd.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "radicle", "httpd", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.radicle.httpd.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "radicle", "httpd", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.radicle.httpd.nginx.useACMEHost": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "radicle", "httpd", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.radicle.httpd.package": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radicle-httpd"}, "description": "The radicle-httpd package to use.", "loc": ["services", "radicle", "httpd", "package"], "readOnly": false, "type": "package"}, "services.radicle.node.extraArgs": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments for `radicle-node`", "loc": ["services", "radicle", "node", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.radicle.node.listenAddress": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "The IP address on which `radicle-node` listens.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "radicle", "node", "listenAddress"], "readOnly": false, "type": "string"}, "services.radicle.node.listenPort": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "8776"}, "description": "The port on which `radicle-node` listens.", "loc": ["services", "radicle", "node", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.radicle.node.openFirewall": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the firewall for `radicle-node`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "radicle", "node", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.radicle.package": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radicle-node"}, "description": "The radicle-node package to use.", "loc": ["services", "radicle", "package"], "readOnly": false, "type": "package"}, "services.radicle.privateKeyFile": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "description": "Absolute file path to an SSH private key,\nusually generated by `rad auth`.\n\nIf it contains a colon (`:`) the string before the colon\nis taken as the credential name\nand the string after as a path encrypted with `systemd-creds`.\n", "loc": ["services", "radicle", "privateKeyFile"], "readOnly": false, "type": "absolute path or string"}, "services.radicle.publicKey": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "description": "An SSH public key (as an absolute file path or directly as a string),\nusually generated by `rad auth`.\n\nMake sure to not include a comment if your key comes with a comment.\n", "loc": ["services", "radicle", "publicKey"], "readOnly": false, "type": "absolute path or string"}, "services.radicle.settings": {"declarations": ["nixos/modules/services/misc/radicle.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See <https://app.radicle.xyz/nodes/seed.radicle.garden/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/tree/radicle/src/node/config.rs#L275>\n", "example": {"_type": "literalExpression", "text": "{\n  web.pinned.repositories = [\n    \"rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5\" # heartwood\n    \"rad:z3trNYnLWS11cJWC6BbxDs5niGo82\" # rips\n  ];\n}\n"}, "loc": ["services", "radicle", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.radvd.config": {"declarations": ["nixos/modules/services/networking/radvd.nix"], "description": "The contents of the radvd configuration file.\n", "example": {"_type": "literalExpression", "text": "''\n  interface eth0 {\n    AdvSendAdvert on;\n    prefix 2001:db8:1234:5678::/64 { };\n  };\n''"}, "loc": ["services", "radvd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.radvd.debugLevel": {"declarations": ["nixos/modules/services/networking/radvd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The debugging level is an integer in the range from 1 to 5,\nfrom quiet to very verbose. A debugging level of 0 completely\nturns off debugging.\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "radvd", "debugLevel"], "readOnly": false, "type": "integer between 0 and 5 (both inclusive)"}, "services.radvd.enable": {"declarations": ["nixos/modules/services/networking/radvd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Router Advertisement Daemon\n({command}`radvd`), which provides link-local\nadvertisements of IPv6 router addresses and prefixes using\nthe Neighbor Discovery Protocol (NDP).  This enables\nstateless address autoconfiguration in IPv6 clients on the\nnetwork.\n", "loc": ["services", "radvd", "enable"], "readOnly": false, "type": "boolean"}, "services.radvd.package": {"declarations": ["nixos/modules/services/networking/radvd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.radvd"}, "description": "The radvd package to use.", "loc": ["services", "radvd", "package"], "readOnly": false, "type": "package"}, "services.ratbagd.enable": {"declarations": ["nixos/modules/services/hardware/ratbagd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ratbagd for configuring gaming mice.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ratbagd", "enable"], "readOnly": false, "type": "boolean"}, "services.ratbagd.package": {"declarations": ["nixos/modules/services/hardware/ratbagd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libratbag"}, "description": "The libratbag package to use.", "loc": ["services", "ratbagd", "package"], "readOnly": false, "type": "package"}, "services.rathole.credentialsFile": {"declarations": ["nixos/modules/services/networking/rathole.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Path to a TOML file to be merged with the settings.\nUseful to set secret config parameters like tokens, which\nshould not appear in the Nix Store.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/rathole/config.toml\""}, "loc": ["services", "rathole", "credentialsFile"], "readOnly": false, "type": "absolute path"}, "services.rathole.enable": {"declarations": ["nixos/modules/services/networking/rathole.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Rathole.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rathole", "enable"], "readOnly": false, "type": "boolean"}, "services.rathole.package": {"declarations": ["nixos/modules/services/networking/rathole.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rathole"}, "description": "The rathole package to use.", "loc": ["services", "rathole", "package"], "readOnly": false, "type": "package"}, "services.rathole.role": {"declarations": ["nixos/modules/services/networking/rathole.nix"], "description": "Select whether rathole needs to be run as a `client` or a `server`.\nServer is a machine with a public IP and client is a device behind NAT,\nbut running some services that need to be exposed to the Internet.\n", "loc": ["services", "rathole", "role"], "readOnly": false, "type": "one of \"server\", \"client\""}, "services.rathole.settings": {"declarations": ["nixos/modules/services/networking/rathole.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Rathole configuration, for options reference\nsee the [example](https://github.com/rapiz1/rathole?tab=readme-ov-file#configuration) on GitHub.\nBoth server and client configurations can be specified at the same time, regardless of the selected role.\n", "example": {"_type": "literalExpression", "text": "{\n  server = {\n    bind_addr = \"0.0.0.0:2333\";\n    services = {\n      my_nas_ssh = {\n        bind_addr = \"0.0.0.0:5202\";\n        token = \"use_a_secret_that_only_you_know\";\n      };\n    };\n  };\n}"}, "loc": ["services", "rathole", "settings"], "readOnly": false, "type": "TOML value"}, "services.rauc.bootloader": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "description": "The bootloader backend for RAUC.", "example": {"_type": "literalExpression", "text": "\"grub\""}, "loc": ["services", "rauc", "bootloader"], "readOnly": false, "type": "one of \"barebox\", \"grub\", \"uboot\", \"efi\", \"custom\", \"noop\""}, "services.rauc.bundleFormats": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-plain\"\n  \"+verity\"\n]"}, "description": "Allowable formats for the RAUC bundle.", "example": {"_type": "literalExpression", "text": "[\n  \"-plain\"\n  \"+verity\"\n]"}, "loc": ["services", "rauc", "bundleFormats"], "readOnly": false, "type": "list of string"}, "services.rauc.client.enable": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RAUC client in the system environment.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rauc", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.rauc.compatible": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "description": "The compatibility string for this system. Can be any format so long as you are consistent.", "example": {"_type": "literalExpression", "text": "\"nix/appliance/foo\""}, "loc": ["services", "rauc", "compatible"], "readOnly": false, "type": "string"}, "services.rauc.dataDir": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rauc\""}, "description": "The state directory for RAUC.", "loc": ["services", "rauc", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.rauc.enable": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RAUC A/B update service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rauc", "enable"], "readOnly": false, "type": "boolean"}, "services.rauc.mark-good.enable": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RAUC Good-marking service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rauc", "mark-good", "enable"], "readOnly": false, "type": "boolean"}, "services.rauc.package": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rauc"}, "description": "The rauc package to use.", "loc": ["services", "rauc", "package"], "readOnly": false, "type": "package"}, "services.rauc.settings": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Rauc configuration that will be converted to INI. Refer to:\n<https://rauc.readthedocs.io/en/latest/reference.html#sec-ref-slot-config>\nfor details on supported values.\n\nAll module-specific options override these.\n", "loc": ["services", "rauc", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.rauc.slots": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "RAUC slot definitions. Every key is a slot class and every value is a list of slot indexes.", "loc": ["services", "rauc", "slots"], "readOnly": false, "type": "attribute set of list of (submodule)"}, "services.rauc.slots.<name>.*.device": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "description": "The device to update.", "loc": ["services", "rauc", "slots", "<name>", "*", "device"], "readOnly": false, "type": "string"}, "services.rauc.slots.<name>.*.enable": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable this RAUC slot.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rauc", "slots", "<name>", "*", "enable"], "readOnly": false, "type": "boolean"}, "services.rauc.slots.<name>.*.settings": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for this slot.", "loc": ["services", "rauc", "slots", "<name>", "*", "settings"], "readOnly": false, "type": "attribute set"}, "services.rauc.slots.<name>.*.type": {"declarations": ["nixos/modules/services/hardware/rauc.nix"], "default": {"_type": "literalExpression", "text": "\"raw\""}, "description": "The type of the device.", "loc": ["services", "rauc", "slots", "<name>", "*", "type"], "readOnly": false, "type": "one of \"raw\", \"nand\", \"nor\", \"ubivol\", \"ubifs\", \"ext4\", \"vfat\""}, "services.rdnssd.enable": {"declarations": ["nixos/modules/services/networking/rdnssd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the RDNSS daemon\n({command}`rdnssd`), which configures DNS servers in\n{file}`/etc/resolv.conf` from RDNSS\nadvertisements sent by IPv6 routers.\n", "loc": ["services", "rdnssd", "enable"], "readOnly": false, "type": "boolean"}, "services.reaction.checkConfig": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check the syntax of the configuration files at build time", "loc": ["services", "reaction", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.reaction.enable": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable enable reaction.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "reaction", "enable"], "readOnly": false, "type": "boolean"}, "services.reaction.loglevel": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "reaction's loglevel. One of DEBUG, INFO, WARN, ERROR.\n", "loc": ["services", "reaction", "loglevel"], "readOnly": false, "type": "null or one of \"DEBUG\", \"INFO\", \"WARN\", \"ERROR\""}, "services.reaction.package": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "pkgs.reaction"}, "description": "The reaction package to use.", "loc": ["services", "reaction", "package"], "readOnly": false, "type": "package"}, "services.reaction.runAsRoot": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run reaction as root.\nDefaults to false, where an unprivileged reaction user is created.\n\nBe sure to give it sufficient permissions.\nExample config permitting `iptables` and `journalctl` use\n\n```nix\n{\n  # allows reading journal logs of processess\n  users.users.reaction.extraGroups = [ \"systemd-journal\" ];\n\n  # allows modifying ip firewall rules\n  systemd.services.reaction.unitConfig.ConditionCapability = \"CAP_NET_ADMIN\";\n  systemd.services.reaction.serviceConfig = {\n    CapabilityBoundingSet = [ \"CAP_NET_ADMIN\" ];\n    AmbientCapabilities = [ \"CAP_NET_ADMIN\" ];\n  };\n\n  # optional, if more control over ssh logs is needed\n  services.openssh.settings.LogLevel = lib.mkDefault \"VERBOSE\";\n}\n```\n", "loc": ["services", "reaction", "runAsRoot"], "readOnly": false, "type": "boolean"}, "services.reaction.settings": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for reaction. See the [wiki](https://framagit.org/ppom/reaction-wiki).\n\nThe settings are written as a YAML file.\n\nCan be used in combination with `settingsFiles` option, both will be present in the configuration directory.\n", "loc": ["services", "reaction", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.reaction.settingsFiles": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configuration for reaction, see the [wiki](https://framagit.org/ppom/reaction-wiki).\n\nreaction supports JSON, YAML and JSONnet. For those who prefer to take advantage of JSONnet rather than Nix.\n\nCan be used in combination with `settings` option, both will be present in the configuration directory.\n", "loc": ["services", "reaction", "settingsFiles"], "readOnly": false, "type": "list of absolute path"}, "services.reaction.stopForFirewall": {"declarations": ["nixos/modules/services/security/reaction.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to stop reaction when reloading the firewall.\n\nThe presence of a reaction chain in the INPUT table may cause the firewall\nreload to fail.\nOne can alternatively cherry-pick the right iptables commands to execute before and after the firewall\n```nix\n{\n  systemd.services.firewall.serviceConfig = {\n    ExecStopPre = [ \"${pkgs.iptables}/bin/iptables -w -D INPUT -p all -j reaction\" ];\n    ExecStartPost = [ \"${pkgs.iptables}/bin/iptables -w -I INPUT -p all -j reaction\" ];\n  };\n}\n```\n", "loc": ["services", "reaction", "stopForFirewall"], "readOnly": false, "type": "boolean"}, "services.readarr.dataDir": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/readarr/\""}, "description": "The directory where Readarr stores its data files.", "loc": ["services", "readarr", "dataDir"], "readOnly": false, "type": "string"}, "services.readarr.enable": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Readarr, a Usenet/BitTorrent ebook downloader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "readarr", "enable"], "readOnly": false, "type": "boolean"}, "services.readarr.environmentFiles": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment file to pass secret configuration values.\nEach line must follow the `READARR__SECTION__KEY=value` pattern.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n", "loc": ["services", "readarr", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.readarr.group": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "\"readarr\""}, "description": "Group under which Readarr runs.\n", "loc": ["services", "readarr", "group"], "readOnly": false, "type": "string"}, "services.readarr.openFirewall": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Readarr\n", "loc": ["services", "readarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.readarr.package": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.readarr"}, "description": "The readarr package to use.", "loc": ["services", "readarr", "package"], "readOnly": false, "type": "package"}, "services.readarr.settings": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n\nWARNING: this configuration is stored in the world-readable Nix store!\nFor secrets use [](#opt-services.readarr.environmentFiles).\n", "example": {"_type": "literalExpression", "text": "{\n  update.mechanism = \"internal\";\n  server = {\n    urlbase = \"localhost\";\n    port = 8787;\n    bindaddress = \"*\";\n  };\n}\n"}, "loc": ["services", "readarr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.readarr.settings.log.analyticsEnabled": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send Anonymous Usage Data", "loc": ["services", "readarr", "settings", "log", "analyticsEnabled"], "readOnly": false, "type": "boolean"}, "services.readarr.settings.server.port": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "8787"}, "description": "Port Number", "loc": ["services", "readarr", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.readarr.settings.update.automatically": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically download and install updates.", "loc": ["services", "readarr", "settings", "update", "automatically"], "readOnly": false, "type": "boolean"}, "services.readarr.settings.update.mechanism": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "which update mechanism to use", "loc": ["services", "readarr", "settings", "update", "mechanism"], "readOnly": false, "type": "null or one of \"external\", \"builtIn\", \"script\""}, "services.readarr.user": {"declarations": ["nixos/modules/services/misc/servarr/readarr.nix"], "default": {"_type": "literalExpression", "text": "\"readarr\""}, "description": "User account under which Readarr runs.\n", "loc": ["services", "readarr", "user"], "readOnly": false, "type": "string"}, "services.readeck.enable": {"declarations": ["nixos/modules/services/web-apps/readeck.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Readeck.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "readeck", "enable"], "readOnly": false, "type": "boolean"}, "services.readeck.environmentFile": {"declarations": ["nixos/modules/services/web-apps/readeck.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to Readeck.\nMay be used to provide the Readeck secret key by setting the READECK_SECRET_KEY variable.\n", "loc": ["services", "readeck", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.readeck.package": {"declarations": ["nixos/modules/services/web-apps/readeck.nix"], "default": {"_type": "literalExpression", "text": "pkgs.readeck"}, "description": "The readeck package to use.", "loc": ["services", "readeck", "package"], "readOnly": false, "type": "package"}, "services.readeck.settings": {"declarations": ["nixos/modules/services/web-apps/readeck.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for Readeck, see\n<https://readeck.org/en/docs/configuration>\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  main = {\n    log_level = \"debug\";\n  };\n  server = {\n    port = 9000;\n  };\n}"}, "loc": ["services", "readeck", "settings"], "readOnly": false, "type": "TOML value"}, "services.realm.config": {"declarations": ["nixos/modules/services/networking/realm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The realm configuration, see <https://github.com/zhboner/realm#overview> for documentation.\n", "loc": ["services", "realm", "config"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.realm.enable": {"declarations": ["nixos/modules/services/networking/realm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable A simple, high performance relay server written in rust.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "realm", "enable"], "readOnly": false, "type": "boolean"}, "services.realm.package": {"declarations": ["nixos/modules/services/networking/realm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.realm"}, "description": "The realm package to use.", "loc": ["services", "realm", "package"], "readOnly": false, "type": "package"}, "services.realmd.enable": {"declarations": ["nixos/modules/services/misc/realmd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable realmd service for managing system enrollment in Active Directory domains.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "realmd", "enable"], "readOnly": false, "type": "boolean"}, "services.realmd.package": {"declarations": ["nixos/modules/services/misc/realmd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.realmd"}, "description": "The realmd package to use.", "loc": ["services", "realmd", "package"], "readOnly": false, "type": "package"}, "services.rebuilderd.enable": {"declarations": ["nixos/modules/services/misc/rebuilderd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rebuilderd service for independent verification of binary packages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rebuilderd", "enable"], "readOnly": false, "type": "boolean"}, "services.rebuilderd.package": {"declarations": ["nixos/modules/services/misc/rebuilderd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rebuilderd"}, "description": "The rebuilderd package to use.", "loc": ["services", "rebuilderd", "package"], "readOnly": false, "type": "package"}, "services.rebuilderd.settings": {"declarations": ["nixos/modules/services/misc/rebuilderd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for rebuilderd (rebuilderd.conf)\n", "loc": ["services", "rebuilderd", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.recyclarr.command": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "\"sync\""}, "description": "The recyclarr command to run (e.g., sync).", "loc": ["services", "recyclarr", "command"], "readOnly": false, "type": "string"}, "services.recyclarr.configuration": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Recyclarr YAML configuration as a Nix attribute set.\n\nFor detailed configuration options and examples, see the\n[official configuration reference](https://recyclarr.dev/wiki/yaml/config-reference/).\n\nThe configuration is processed using [utils.genJqSecretsReplacement](https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/utils.nix#L232-L331) to handle secret substitution.\n```\n", "example": {"_type": "literalExpression", "text": "{\n  radarr = [\n    {\n      api_key = {\n        _secret = \"/run/credentials/recyclarr.service/radarr-api_key\";\n      };\n      base_url = \"http://localhost:7878\";\n      instance_name = \"main\";\n    }\n  ];\n  sonarr = [\n    {\n      api_key = {\n        _secret = \"/run/credentials/recyclarr.service/sonarr-api_key\";\n      };\n      base_url = \"http://localhost:8989\";\n      instance_name = \"main\";\n    }\n  ];\n}"}, "loc": ["services", "recyclarr", "configuration"], "readOnly": false, "type": "YAML 1.1 value"}, "services.recyclarr.enable": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable recyclarr service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "recyclarr", "enable"], "readOnly": false, "type": "boolean"}, "services.recyclarr.group": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "\"recyclarr\""}, "description": "Group under which recyclarr runs.", "loc": ["services", "recyclarr", "group"], "readOnly": false, "type": "string"}, "services.recyclarr.package": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.recyclarr"}, "description": "The recyclarr package to use.", "loc": ["services", "recyclarr", "package"], "readOnly": false, "type": "package"}, "services.recyclarr.schedule": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "When to run recyclarr in systemd calendar format.", "loc": ["services", "recyclarr", "schedule"], "readOnly": false, "type": "string"}, "services.recyclarr.user": {"declarations": ["nixos/modules/services/misc/recyclarr.nix"], "default": {"_type": "literalExpression", "text": "\"recyclarr\""}, "description": "User account under which recyclarr runs.", "loc": ["services", "recyclarr", "user"], "readOnly": false, "type": "string"}, "services.redis.package": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "pkgs.redis"}, "description": "The redis package to use.", "loc": ["services", "redis", "package"], "readOnly": false, "type": "package"}, "services.redis.servers": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of multiple `redis-server` instances.", "loc": ["services", "redis", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.redis.servers.<name>.appendFsync": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "\"everysec\""}, "description": "How often to fsync the append-only log, options: no, always, everysec.", "loc": ["services", "redis", "servers", "<name>", "appendFsync"], "readOnly": false, "type": "string"}, "services.redis.servers.<name>.appendOnly": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.", "loc": ["services", "redis", "servers", "<name>", "appendOnly"], "readOnly": false, "type": "boolean"}, "services.redis.servers.<name>.bind": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP interface to bind to.\n`null` means \"all interfaces\".\n", "example": {"_type": "literalExpression", "text": "\"192.0.2.1\""}, "loc": ["services", "redis", "servers", "<name>", "bind"], "readOnly": false, "type": "null or string"}, "services.redis.servers.<name>.databases": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Set the number of databases.", "loc": ["services", "redis", "servers", "<name>", "databases"], "readOnly": false, "type": "signed integer"}, "services.redis.servers.<name>.enable": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Redis server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redis", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.redis.servers.<name>.extraParams": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters to append to redis-server invocation", "example": {"_type": "literalExpression", "text": "[\n  \"--sentinel\"\n]"}, "loc": ["services", "redis", "servers", "<name>", "extraParams"], "readOnly": false, "type": "list of string"}, "services.redis.servers.<name>.group": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "config.user"}, "description": "Group account under which this instance of redis-server runs.\n\n::: {.note}\nIf left as the default value this group will automatically be\ncreated on system activation, otherwise you are responsible for\nensuring the group exists before the redis service starts.\n", "loc": ["services", "redis", "servers", "<name>", "group"], "readOnly": false, "type": "string"}, "services.redis.servers.<name>.logLevel": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Specify the server verbosity level, options: debug, verbose, notice, warning.", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "redis", "servers", "<name>", "logLevel"], "readOnly": false, "type": "string"}, "services.redis.servers.<name>.logfile": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.", "example": {"_type": "literalExpression", "text": "\"/var/log/redis.log\""}, "loc": ["services", "redis", "servers", "<name>", "logfile"], "readOnly": false, "type": "string"}, "services.redis.servers.<name>.masterAuth": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If the master is password protected (using the requirePass configuration)\nit is possible to tell the slave to authenticate before starting the replication synchronization\nprocess, otherwise the master will refuse the slave request.\n(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)", "loc": ["services", "redis", "servers", "<name>", "masterAuth"], "readOnly": false, "type": "null or string"}, "services.redis.servers.<name>.maxclients": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "10000"}, "description": "Set the max number of connected clients at the same time.", "loc": ["services", "redis", "servers", "<name>", "maxclients"], "readOnly": false, "type": "signed integer"}, "services.redis.servers.<name>.openFirewall": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for the server.\n", "loc": ["services", "redis", "servers", "<name>", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.redis.servers.<name>.port": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "if name == \"\" then 6379 else 0"}, "description": "The TCP port to accept connections.\nIf port 0 is specified Redis will not listen on a TCP socket.\n", "loc": ["services", "redis", "servers", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.redis.servers.<name>.requirePass": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).\nUse requirePassFile to store it outside of the nix store in a dedicated file.\n", "example": {"_type": "literalExpression", "text": "\"letmein!\""}, "loc": ["services", "redis", "servers", "<name>", "requirePass"], "readOnly": false, "type": "null or string"}, "services.redis.servers.<name>.requirePassFile": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File with password for the database.", "example": {"_type": "literalExpression", "text": "\"/run/keys/redis-password\""}, "loc": ["services", "redis", "servers", "<name>", "requirePassFile"], "readOnly": false, "type": "null or absolute path"}, "services.redis.servers.<name>.save": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "[\n  [\n    900\n    1\n  ]\n  [\n    300\n    10\n  ]\n  [\n    60\n    10000\n  ]\n]"}, "description": "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.\n\nIf set to the empty list (`[]`) then RDB persistence will be disabled (useful if you are using AOF or don't want any persistence).\n", "loc": ["services", "redis", "servers", "<name>", "save"], "readOnly": false, "type": "list of list of signed integer"}, "services.redis.servers.<name>.settings": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Redis configuration. Refer to\n<https://redis.io/topics/config>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  loadmodule = [ \"/path/to/my_module.so\" \"/path/to/other_module.so\" ];\n}\n"}, "loc": ["services", "redis", "servers", "<name>", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string or list of string)"}, "services.redis.servers.<name>.slaveOf": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP and port to which this redis instance acts as a slave.", "example": {"_type": "literalExpression", "text": "{\n  ip = \"192.168.1.100\";\n  port = 6379;\n}"}, "loc": ["services", "redis", "servers", "<name>", "slaveOf"], "readOnly": false, "type": "null or (submodule)"}, "services.redis.servers.<name>.slaveOf.ip": {"declarations": ["nixos/modules/services/databases/redis.nix"], "description": "IP of the Redis master", "example": {"_type": "literalExpression", "text": "\"192.168.1.100\""}, "loc": ["services", "redis", "servers", "<name>", "slaveOf", "ip"], "readOnly": false, "type": "string"}, "services.redis.servers.<name>.slaveOf.port": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "port of the Redis master", "loc": ["services", "redis", "servers", "<name>", "slaveOf", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.redis.servers.<name>.slowLogLogSlowerThan": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "10000"}, "description": "Log queries whose execution take longer than X in milliseconds.", "example": {"_type": "literalExpression", "text": "1000"}, "loc": ["services", "redis", "servers", "<name>", "slowLogLogSlowerThan"], "readOnly": false, "type": "signed integer"}, "services.redis.servers.<name>.slowLogMaxLen": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "128"}, "description": "Maximum number of items to keep in slow log.", "loc": ["services", "redis", "servers", "<name>", "slowLogMaxLen"], "readOnly": false, "type": "signed integer"}, "services.redis.servers.<name>.syslog": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable logging to the system logger.", "loc": ["services", "redis", "servers", "<name>", "syslog"], "readOnly": false, "type": "boolean"}, "services.redis.servers.<name>.unixSocket": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "if name == \"\" then \"/run/redis/redis.sock\" else \"/run/redis-${name}/redis.sock\"\n"}, "description": "The path to the socket to bind to.", "loc": ["services", "redis", "servers", "<name>", "unixSocket"], "readOnly": false, "type": "null or absolute path"}, "services.redis.servers.<name>.unixSocketPerm": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "660"}, "description": "Change permissions for the socket", "example": {"_type": "literalExpression", "text": "600"}, "loc": ["services", "redis", "servers", "<name>", "unixSocketPerm"], "readOnly": false, "type": "signed integer"}, "services.redis.servers.<name>.user": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "if name == \"\" then \"redis\" else \"redis-${name}\"\n"}, "description": "User account under which this instance of redis-server runs.\n\n::: {.note}\nIf left as the default value this user will automatically be\ncreated on system activation, otherwise you are responsible for\nensuring the user exists before the redis service starts.\n", "loc": ["services", "redis", "servers", "<name>", "user"], "readOnly": false, "type": "string"}, "services.redis.vmOverCommit": {"declarations": ["nixos/modules/services/databases/redis.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable set `vm.overcommit_memory` sysctl to 1\n(Suggested for Background Saving: <https://redis.io/docs/get-started/faq/>)\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redis", "vmOverCommit"], "readOnly": false, "type": "boolean"}, "services.redlib.address": {"declarations": ["nixos/modules/services/misc/redlib.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address to listen on", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "redlib", "address"], "readOnly": false, "type": "string"}, "services.redlib.enable": {"declarations": ["nixos/modules/services/misc/redlib.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Private front-end for Reddit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redlib", "enable"], "readOnly": false, "type": "boolean"}, "services.redlib.openFirewall": {"declarations": ["nixos/modules/services/misc/redlib.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the redlib web interface", "loc": ["services", "redlib", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.redlib.package": {"declarations": ["nixos/modules/services/misc/redlib.nix"], "default": {"_type": "literalExpression", "text": "pkgs.redlib"}, "description": "The redlib package to use.", "loc": ["services", "redlib", "package"], "readOnly": false, "type": "package"}, "services.redlib.port": {"declarations": ["nixos/modules/services/misc/redlib.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port to listen on", "example": {"_type": "literalExpression", "text": "8000"}, "loc": ["services", "redlib", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.redlib.settings": {"declarations": ["nixos/modules/services/misc/redlib.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [GitHub](https://github.com/redlib-org/redlib/tree/main?tab=readme-ov-file#configuration) for available settings.\n", "loc": ["services", "redlib", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or boolean or signed integer or string)"}, "services.redmine.address": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address Redmine should bind to.", "loc": ["services", "redmine", "address"], "readOnly": false, "type": "string"}, "services.redmine.components.breezy": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bazaar integration..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "breezy"], "readOnly": false, "type": "boolean"}, "services.redmine.components.cvs": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cvs integration..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "cvs"], "readOnly": false, "type": "boolean"}, "services.redmine.components.ghostscript": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exporting Gant diagrams as PDF..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "ghostscript"], "readOnly": false, "type": "boolean"}, "services.redmine.components.git": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable git integration..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "git"], "readOnly": false, "type": "boolean"}, "services.redmine.components.imagemagick": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exporting Gant diagrams as PNG..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "imagemagick"], "readOnly": false, "type": "boolean"}, "services.redmine.components.mercurial": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Mercurial integration..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "mercurial"], "readOnly": false, "type": "boolean"}, "services.redmine.components.minimagick_font_path": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "MiniMagick font path", "example": {"_type": "literalExpression", "text": "\"/run/current-system/sw/share/X11/fonts/LiberationSans-Regular.ttf\""}, "loc": ["services", "redmine", "components", "minimagick_font_path"], "readOnly": false, "type": "string"}, "services.redmine.components.subversion": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Subversion integration..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "components", "subversion"], "readOnly": false, "type": "boolean"}, "services.redmine.database.createLocally": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "redmine", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.redmine.database.host": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "redmine", "database", "host"], "readOnly": false, "type": "string"}, "services.redmine.database.name": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"redmine\""}, "description": "Database name.", "loc": ["services", "redmine", "database", "name"], "readOnly": false, "type": "string"}, "services.redmine.database.passwordFile": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/redmine-dbpassword\""}, "loc": ["services", "redmine", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.redmine.database.port": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "redmine", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.redmine.database.socket": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/mysqld/mysqld.sock\""}, "loc": ["services", "redmine", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.redmine.database.type": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"mysql2\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"postgresql\""}, "loc": ["services", "redmine", "database", "type"], "readOnly": false, "type": "one of \"mysql2\", \"postgresql\", \"sqlite3\""}, "services.redmine.database.user": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"redmine\""}, "description": "Database user.", "loc": ["services", "redmine", "database", "user"], "readOnly": false, "type": "string"}, "services.redmine.enable": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Redmine, a project management web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "redmine", "enable"], "readOnly": false, "type": "boolean"}, "services.redmine.extraEnv": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration in additional_environment.rb.\n\nSee <https://svn.redmine.org/redmine/trunk/config/additional_environment.rb.example>\nfor details.\n", "example": {"_type": "literalExpression", "text": "''\n  config.logger.level = Logger::DEBUG\n''"}, "loc": ["services", "redmine", "extraEnv"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.redmine.group": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"redmine\""}, "description": "Group under which Redmine is ran.", "loc": ["services", "redmine", "group"], "readOnly": false, "type": "string"}, "services.redmine.package": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "pkgs.redmine"}, "description": "The redmine package to use.", "example": {"_type": "literalExpression", "text": "redmine.override { ruby = pkgs.ruby_3_3; }"}, "loc": ["services", "redmine", "package"], "readOnly": false, "type": "package"}, "services.redmine.plugins": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of plugins.", "example": {"_type": "literalExpression", "text": "{\n  redmine_env_auth = builtins.fetchurl {\n    url = \"https://github.com/Intera/redmine_env_auth/archive/0.6.zip\";\n    sha256 = \"0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak\";\n  };\n}\n"}, "loc": ["services", "redmine", "plugins"], "readOnly": false, "type": "attribute set of absolute path"}, "services.redmine.port": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port on which Redmine is ran.", "loc": ["services", "redmine", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.redmine.settings": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Redmine configuration ({file}`configuration.yml`). Refer to\n<https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>\nfor details.\n", "example": {"_type": "literalExpression", "text": "{\n  email_delivery = {\n    delivery_method = \"smtp\";\n    smtp_settings = {\n      address = \"mail.example.com\";\n      port = 25;\n    };\n  };\n}\n"}, "loc": ["services", "redmine", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.redmine.stateDir": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/redmine\""}, "description": "The state directory, logs and plugins are stored here.", "loc": ["services", "redmine", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.redmine.themes": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of themes.", "example": {"_type": "literalExpression", "text": "{\n  dkuk-redmine_alex_skin = builtins.fetchurl {\n    url = \"https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip\";\n    sha256 = \"0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl\";\n  };\n}\n"}, "loc": ["services", "redmine", "themes"], "readOnly": false, "type": "attribute set of absolute path"}, "services.redmine.user": {"declarations": ["nixos/modules/services/misc/redmine.nix"], "default": {"_type": "literalExpression", "text": "\"redmine\""}, "description": "User under which Redmine is ran.", "loc": ["services", "redmine", "user"], "readOnly": false, "type": "string"}, "services.redshift.brightness.day": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "\"1\""}, "description": "Screen brightness to apply during the day,\nbetween `0.1` and `1.0`.\n", "loc": ["services", "redshift", "brightness", "day"], "readOnly": false, "type": "string"}, "services.redshift.brightness.night": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "\"1\""}, "description": "Screen brightness to apply during the night,\nbetween `0.1` and `1.0`.\n", "loc": ["services", "redshift", "brightness", "night"], "readOnly": false, "type": "string"}, "services.redshift.enable": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Redshift to change your screen's colour temperature depending on\nthe time of day.\n", "loc": ["services", "redshift", "enable"], "readOnly": false, "type": "boolean"}, "services.redshift.executable": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "\"/bin/redshift\""}, "description": "Redshift executable to use within the package.\n", "example": {"_type": "literalExpression", "text": "\"/bin/redshift-gtk\""}, "loc": ["services", "redshift", "executable"], "readOnly": false, "type": "string"}, "services.redshift.extraOptions": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments to pass to\n{command}`redshift`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-v\"\n  \"-m randr\"\n]"}, "loc": ["services", "redshift", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.redshift.package": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "pkgs.redshift"}, "description": "The redshift package to use.", "loc": ["services", "redshift", "package"], "readOnly": false, "type": "package"}, "services.redshift.temperature.day": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "5500"}, "description": "Colour temperature to use during the day, between\n`1000` and `25000` K.\n", "loc": ["services", "redshift", "temperature", "day"], "readOnly": false, "type": "integer between 1000 and 25000 (both inclusive)"}, "services.redshift.temperature.night": {"declarations": ["nixos/modules/services/x11/redshift.nix"], "default": {"_type": "literalExpression", "text": "3700"}, "description": "Colour temperature to use at night, between\n`1000` and `25000` K.\n", "loc": ["services", "redshift", "temperature", "night"], "readOnly": false, "type": "integer between 1000 and 25000 (both inclusive)"}, "services.redsocks.chroot": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Chroot under which to run redsocks. Log file is opened before\nchroot, but if logging to syslog /etc/localtime may be required.\n", "loc": ["services", "redsocks", "chroot"], "readOnly": false, "type": "null or string"}, "services.redsocks.enable": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable redsocks.", "loc": ["services", "redsocks", "enable"], "readOnly": false, "type": "boolean"}, "services.redsocks.log": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "\"stderr\""}, "description": "Where to send logs.\n\nPossible values are:\n  - stderr\n  - file:/path/to/file\n  - syslog:FACILITY where FACILITY is any of \"daemon\", \"local0\",\n    etc.\n", "loc": ["services", "redsocks", "log"], "readOnly": false, "type": "string"}, "services.redsocks.log_debug": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log connection progress.", "loc": ["services", "redsocks", "log_debug"], "readOnly": false, "type": "boolean"}, "services.redsocks.log_info": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log start and end of client sessions.", "loc": ["services", "redsocks", "log_info"], "readOnly": false, "type": "boolean"}, "services.redsocks.redsocks": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "description": "Local port to proxy associations to be performed.\n\nThe example shows how to configure a proxy to handle port 80 as HTTP\nrelay, and all other ports as HTTP connect.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    doNotRedirect = [\n      \"-d 1.2.0.0/16\"\n    ];\n    port = 23456;\n    proxy = \"1.2.3.4:8080\";\n    redirectCondition = \"--dport 80\";\n    type = \"http-relay\";\n  }\n  {\n    doNotRedirect = [\n      \"-d 1.2.0.0/16\"\n    ];\n    port = 23457;\n    proxy = \"1.2.3.4:8080\";\n    redirectCondition = true;\n    type = \"http-connect\";\n  }\n]"}, "loc": ["services", "redsocks", "redsocks"], "readOnly": false, "type": "list of (submodule)"}, "services.redsocks.redsocks.*.disclose_src": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "\"false\""}, "description": "Way to disclose client IP to the proxy.\n  - \"false\": do not disclose\n\nhttp-connect supports the following ways:\n  - \"X-Forwarded-For\": add header \"X-Forwarded-For: IP\"\n  - \"Forwarded_ip\": add header \"Forwarded: for=IP\" (see RFC7239)\n  - \"Forwarded_ipport\": add header 'Forwarded: for=\"IP:port\"'\n", "loc": ["services", "redsocks", "redsocks", "*", "disclose_src"], "readOnly": false, "type": "one of \"false\", \"X-Forwarded-For\", \"Forwarded_ip\", \"Forwarded_ipport\""}, "services.redsocks.redsocks.*.doNotRedirect": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Iptables filters that if matched will get the packet off of\nredsocks.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-d 1.2.3.4\"\n]"}, "loc": ["services", "redsocks", "redsocks", "*", "doNotRedirect"], "readOnly": false, "type": "list of string"}, "services.redsocks.redsocks.*.ip": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP on which redsocks should listen. Defaults to 127.0.0.1 for\nsecurity reasons.\n", "loc": ["services", "redsocks", "redsocks", "*", "ip"], "readOnly": false, "type": "string"}, "services.redsocks.redsocks.*.login": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Login to send to proxy.", "loc": ["services", "redsocks", "redsocks", "*", "login"], "readOnly": false, "type": "null or string"}, "services.redsocks.redsocks.*.password": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password to send to proxy. WARNING, this will end up\nworld-readable in the store! Awaiting\nhttps://github.com/NixOS/nix/issues/8 to be able to fix.\n", "loc": ["services", "redsocks", "redsocks", "*", "password"], "readOnly": false, "type": "null or string"}, "services.redsocks.redsocks.*.port": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "12345"}, "description": "Port on which redsocks should listen.", "loc": ["services", "redsocks", "redsocks", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.redsocks.redsocks.*.proxy": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "description": "Proxy through which redsocks should forward incoming traffic.\nExample: \"example.org:8080\"\n", "loc": ["services", "redsocks", "redsocks", "*", "proxy"], "readOnly": false, "type": "string"}, "services.redsocks.redsocks.*.redirectCondition": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Conditions to make outbound packets go through this redsocks\ninstance.\n\nIf set to false, no packet will be forwarded. If set to true,\nall packets will be forwarded (except packets excluded by\nredirectInternetOnly).\n\nIf set to a string, this is an iptables filter that will be\nmatched against packets before getting them into redsocks. For\nexample, setting it to \"--dport 80\" will only send\npackets to port 80 to redsocks. Note \"-p tcp\" is always\nimplicitly added, as udp can only be proxied through redudp or\nthe like.\n", "loc": ["services", "redsocks", "redsocks", "*", "redirectCondition"], "readOnly": false, "type": "boolean or string"}, "services.redsocks.redsocks.*.redirectInternetOnly": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Exclude all non-globally-routable IPs from redsocks", "loc": ["services", "redsocks", "redsocks", "*", "redirectInternetOnly"], "readOnly": false, "type": "boolean"}, "services.redsocks.redsocks.*.type": {"declarations": ["nixos/modules/services/networking/redsocks.nix"], "description": "Type of proxy.", "loc": ["services", "redsocks", "redsocks", "*", "type"], "readOnly": false, "type": "one of \"socks4\", \"socks5\", \"http-connect\", \"http-relay\""}, "services.remark42.dataDir": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/remark42\""}, "description": "Working directory for Remark42. Data files are stored here and\nautomatic backups will be created in this directory by default.\n", "loc": ["services", "remark42", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.remark42.enable": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Remark42 commenting server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "remark42", "enable"], "readOnly": false, "type": "boolean"}, "services.remark42.environmentFile": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional environment file in systemd `EnvironmentFile=` format.\nUse this for secrets to avoid storing them in the Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/remark42.env\""}, "loc": ["services", "remark42", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.remark42.listenAddress": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Bind address (`REMARK_ADDRESS`).", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "remark42", "listenAddress"], "readOnly": false, "type": "string"}, "services.remark42.openFirewall": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for `port`.", "loc": ["services", "remark42", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.remark42.package": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "pkgs.remark42"}, "description": "The remark42 package to use.", "loc": ["services", "remark42", "package"], "readOnly": false, "type": "package"}, "services.remark42.port": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Listen port (`REMARK_PORT`).", "loc": ["services", "remark42", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.remark42.remarkUrl": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "description": "Public URL of this Remark42 instance. This is passed to the backend as\n`REMARK_URL` and should match the frontend embed config `host`.\n", "example": {"_type": "literalExpression", "text": "\"https://comments.example.com\""}, "loc": ["services", "remark42", "remarkUrl"], "readOnly": false, "type": "string"}, "services.remark42.settings": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables passed to Remark42.", "example": {"_type": "literalExpression", "text": "{\n  AUTH_ANON = \"true\";\n}"}, "loc": ["services", "remark42", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.remark42.sites": {"declarations": ["nixos/modules/services/web-apps/remark42.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"remark\"\n]"}, "description": "Site IDs served by this instance (passed as `SITE`, comma-separated).\nThe frontend embed config `site_id` must match one of these values.\n", "example": {"_type": "literalExpression", "text": "[\n  \"blog\"\n  \"docs\"\n]"}, "loc": ["services", "remark42", "sites"], "readOnly": false, "type": "list of string"}, "services.renovate.credentials": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Allows configuring environment variable credentials for renovate, read from files.\nThis should always be used for passing confidential data to renovate.\n", "example": {"_type": "literalExpression", "text": "{\n  RENOVATE_TOKEN = \"/etc/renovate/token\";\n}"}, "loc": ["services", "renovate", "credentials"], "readOnly": false, "type": "attribute set of absolute path"}, "services.renovate.enable": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable renovate.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "renovate", "enable"], "readOnly": false, "type": "boolean"}, "services.renovate.environment": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to export to the Renovate process\nfrom the systemd unit configuration.\n\nSee <https://docs.renovatebot.com/config-overview> for available environment variables.\n", "example": {"_type": "literalExpression", "text": "{\n  LOG_LEVEL = \"debug\";\n}"}, "loc": ["services", "renovate", "environment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "services.renovate.package": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.renovate"}, "description": "The renovate package to use.", "loc": ["services", "renovate", "package"], "readOnly": false, "type": "package"}, "services.renovate.runtimePackages": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages available to renovate.", "loc": ["services", "renovate", "runtimePackages"], "readOnly": false, "type": "list of package"}, "services.renovate.schedule": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How often to run renovate. See {manpage}`systemd.time(7)` for the format.", "example": {"_type": "literalExpression", "text": "\"*:0/10\""}, "loc": ["services", "renovate", "schedule"], "readOnly": false, "type": "null or string"}, "services.renovate.settings": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Renovate's global configuration.\nIf you want to pass secrets to renovate, please use {option}`services.renovate.credentials` for that.\n\nSee <https://docs.renovatebot.com/config-overview> for available settings.\n", "example": {"_type": "literalExpression", "text": "{\n  endpoint = \"https://git.example.com\";\n  gitAuthor = \"Renovate <renovate@example.com>\";\n  platform = \"gitea\";\n}"}, "loc": ["services", "renovate", "settings"], "readOnly": false, "type": "JSON value"}, "services.renovate.validateSettings": {"declarations": ["nixos/modules/services/misc/renovate.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run renovate's config validator on the built configuration.", "loc": ["services", "renovate", "validateSettings"], "readOnly": false, "type": "boolean"}, "services.reposilite.database": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Database options.", "loc": ["services", "reposilite", "database"], "readOnly": false, "type": "submodule"}, "services.reposilite.database.dbname": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"reposilite\""}, "description": "Database name.\n", "loc": ["services", "reposilite", "database", "dbname"], "readOnly": false, "type": "string"}, "services.reposilite.database.host": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Database host address.\n", "loc": ["services", "reposilite", "database", "host"], "readOnly": false, "type": "string"}, "services.reposilite.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the password for the database connection.\nThis file must be readable by {option}`services.reposilite.user`.\n", "loc": ["services", "reposilite", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.reposilite.database.path": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"reposilite.db\""}, "description": "Path to the embedded database file. Set to `--temporary` to use an in-memory database.\n", "loc": ["services", "reposilite", "database", "path"], "readOnly": false, "type": "string"}, "services.reposilite.database.port": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "if type == \"postgresql\" then 5432 else 3306\n"}, "description": "Database TCP port.\n", "loc": ["services", "reposilite", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.reposilite.database.type": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.\n", "loc": ["services", "reposilite", "database", "type"], "readOnly": false, "type": "one of \"h2\", \"mariadb\", \"mysql\", \"postgresql\", \"sqlite\""}, "services.reposilite.database.user": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"reposilite\""}, "description": "Database user.\n", "loc": ["services", "reposilite", "database", "user"], "readOnly": false, "type": "string"}, "services.reposilite.enable": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Reposilite.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "reposilite", "enable"], "readOnly": false, "type": "boolean"}, "services.reposilite.extraArgs": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments/parameters passed to the Reposilite. Can be used for first token generation.\n", "example": {"_type": "literalExpression", "text": "[ \"--token\" \"name:tempsecrettoken\" ]"}, "loc": ["services", "reposilite", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.reposilite.group": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"reposilite\""}, "description": "The group to run Reposilite under.\n", "loc": ["services", "reposilite", "group"], "readOnly": false, "type": "string"}, "services.reposilite.keyPasswordFile": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path the the file containing the password used to unlock the Java KeyStore file specified in {option}`services.reposilite.settings.keyPath`.\nThis file must be readable my {option}`services.reposilite.user`.\n", "loc": ["services", "reposilite", "keyPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.reposilite.openFirewall": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall ports for Reposilite. If SSL is enabled, its port will be opened too.\n", "loc": ["services", "reposilite", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.reposilite.package": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "pkgs.reposilite"}, "description": "The reposilite package to use.", "loc": ["services", "reposilite", "package"], "readOnly": false, "type": "package"}, "services.reposilite.plugins": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of plugins to add to Reposilite.\n", "example": {"_type": "literalExpression", "text": "\"with reposilitePlugins; [ checksum groovy ]\""}, "loc": ["services", "reposilite", "plugins"], "readOnly": false, "type": "list of package"}, "services.reposilite.settings": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration written to the reposilite.cdn file", "loc": ["services", "reposilite", "settings"], "readOnly": false, "type": "open submodule of (CDN value)"}, "services.reposilite.settings.basePath": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Custom base path for this Reposilite instance.\nIt is not recommended changing this, you should instead prioritize using a different subdomain.\n", "loc": ["services", "reposilite", "settings", "basePath"], "readOnly": false, "type": "string"}, "services.reposilite.settings.bypassExternalCache": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Add cache bypass headers to responses from /api/* to avoid issues with proxies such as Cloudflare.\n", "loc": ["services", "reposilite", "settings", "bypassExternalCache"], "readOnly": false, "type": "boolean"}, "services.reposilite.settings.cachedLogSize": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "50"}, "description": "Amount of messages stored in the cache logger.\n", "loc": ["services", "reposilite", "settings", "cachedLogSize"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.reposilite.settings.compressionStrategy": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Compression algorithm used by this instance of Reposilite.\n`none` reduces usage of CPU & memory, but requires transfering more data.\n", "loc": ["services", "reposilite", "settings", "compressionStrategy"], "readOnly": false, "type": "one of \"none\", \"gzip\""}, "services.reposilite.settings.database": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database connection string. Please use {option}`services.reposilite.database` instead.\nSee <https://reposilite.com/guide/general#local-configuration> for valid values.\n", "loc": ["services", "reposilite", "settings", "database"], "readOnly": false, "type": "null or string"}, "services.reposilite.settings.databaseThreadPool": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Maximum amount of concurrent connections to the database. (one per thread)\nEmbedded databases (sqlite, h2) do not support truly concurrent connections, so the value will always be `1` if they are used.\n", "loc": ["services", "reposilite", "settings", "databaseThreadPool"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.reposilite.settings.debugEnabled": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug mode.\n", "loc": ["services", "reposilite", "settings", "debugEnabled"], "readOnly": false, "type": "boolean"}, "services.reposilite.settings.defaultFrontend": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the default included frontend with a dashboard.\n", "loc": ["services", "reposilite", "settings", "defaultFrontend"], "readOnly": false, "type": "boolean"}, "services.reposilite.settings.enforceSsl": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to redirect all traffic to SSL.\n", "loc": ["services", "reposilite", "settings", "enforceSsl"], "readOnly": false, "type": "boolean"}, "services.reposilite.settings.hostname": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The hostname to bind to. Set to `0.0.0.0` to accept connections from everywhere, or `127.0.0.1` to restrict to localhost.\"\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "reposilite", "settings", "hostname"], "readOnly": false, "type": "string"}, "services.reposilite.settings.idleTimeout": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "30000"}, "description": "Default idle timeout used by Jetty.\n", "loc": ["services", "reposilite", "settings", "idleTimeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.reposilite.settings.ioThreadPool": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "The IO thread pool handles all tasks that may benefit from non-blocking IO. (min: 2)\nBecause most tasks are redirected to IO thread pool, it might be a good idea to keep it at least equal to web thread pool.\n", "loc": ["services", "reposilite", "settings", "ioThreadPool"], "readOnly": false, "type": "integer between 2 and 65535 (both inclusive)"}, "services.reposilite.settings.keyPassword": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Plaintext password used to unlock the Java KeyStore set in {option}`services.reposilite.settings.keyPath`.\nWARNING: this option is insecure and should not be used to store the password.\nConsider using {option}`services.reposilite.keyPasswordFile` instead.\n", "loc": ["services", "reposilite", "settings", "keyPassword"], "readOnly": false, "type": "null or string"}, "services.reposilite.settings.keyPath": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example).\nYou can use `${WORKING_DIRECTORY}` to refer to paths relative to Reposilite's working directory.\nIf you are using a Java KeyStore, don't forget to specify the password via the {var}`REPOSILITE_LOCAL_KEYPASSWORD` environment variable.\nSee <https://reposilite.com/guide/ssl> for more information on how to set SSL up.\n", "example": {"_type": "literalExpression", "text": "\"\\${WORKING_DIRECTORY}/cert.pem \\${WORKING_DIRECTORY}/key.pem\""}, "loc": ["services", "reposilite", "settings", "keyPath"], "readOnly": false, "type": "null or string"}, "services.reposilite.settings.port": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The TCP port to bind to.\n", "loc": ["services", "reposilite", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.reposilite.settings.sslEnabled": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for encrypted connections on {option}`settings.sslPort`.\n", "loc": ["services", "reposilite", "settings", "sslEnabled"], "readOnly": false, "type": "boolean"}, "services.reposilite.settings.sslPort": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "SSL port to bind to. SSL needs to be enabled explicitly via {option}`settings.enableSsl`.", "loc": ["services", "reposilite", "settings", "sslPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.reposilite.settings.webThreadPool": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Maximum amount of threads used by the core thread pool. (min: 5)\nThe web thread pool handles the first few steps of incoming HTTP connections, tasks are redirected as soon as possible to the IO thread pool.\n", "loc": ["services", "reposilite", "settings", "webThreadPool"], "readOnly": false, "type": "integer between 5 and 65535 (both inclusive)"}, "services.reposilite.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host of an existing Let's Encrypt certificate to use for SSL.\nMake sure that the certificate directory is readable by the `reposilite` user or group, for example via {option}`security.acme.certs.<cert>.group`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using {option}`security.acme.certs`*\n", "loc": ["services", "reposilite", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.reposilite.user": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"reposilite\""}, "description": "The user to run Reposilite under.\n", "loc": ["services", "reposilite", "user"], "readOnly": false, "type": "string"}, "services.reposilite.workingDirectory": {"declarations": ["nixos/modules/services/web-apps/reposilite.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/reposilite\""}, "description": "Working directory for Reposilite.\n", "loc": ["services", "reposilite", "workingDirectory"], "readOnly": false, "type": "absolute path"}, "services.resilio.apiKey": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "API key, which enables the developer API.", "loc": ["services", "resilio", "apiKey"], "readOnly": false, "type": "string"}, "services.resilio.checkForUpdates": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Determines whether to check for updates and alert the user\nabout them in the UI.\n", "loc": ["services", "resilio", "checkForUpdates"], "readOnly": false, "type": "boolean"}, "services.resilio.deviceName": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Name of the Resilio Sync device.\n", "example": {"_type": "literalExpression", "text": "\"Voltron\""}, "loc": ["services", "resilio", "deviceName"], "readOnly": false, "type": "string"}, "services.resilio.directoryRoot": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Default directory to add folders in the web UI.", "example": {"_type": "literalExpression", "text": "\"/media\""}, "loc": ["services", "resilio", "directoryRoot"], "readOnly": false, "type": "string"}, "services.resilio.downloadLimit": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Download speed limit. 0 is unlimited (default).\n", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["services", "resilio", "downloadLimit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.resilio.enable": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, start the Resilio Sync daemon. Once enabled, you can\ninteract with the service through the Web UI, or configure it in your\nNixOS configuration.\n", "loc": ["services", "resilio", "enable"], "readOnly": false, "type": "boolean"}, "services.resilio.enableWebUI": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Web UI for administration. Bound to the specified\n`httpListenAddress` and\n`httpListenPort`.\n", "loc": ["services", "resilio", "enableWebUI"], "readOnly": false, "type": "boolean"}, "services.resilio.encryptLAN": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Encrypt LAN data.", "loc": ["services", "resilio", "encryptLAN"], "readOnly": false, "type": "boolean"}, "services.resilio.httpListenAddr": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "\"[::1]\""}, "description": "HTTP address to bind to.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "resilio", "httpListenAddr"], "readOnly": false, "type": "string"}, "services.resilio.httpListenPort": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "HTTP port to bind on.\n", "loc": ["services", "resilio", "httpListenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.resilio.httpLogin": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "HTTP web login username.\n", "example": {"_type": "literalExpression", "text": "\"allyourbase\""}, "loc": ["services", "resilio", "httpLogin"], "readOnly": false, "type": "string"}, "services.resilio.httpPass": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "HTTP web login password.\n", "example": {"_type": "literalExpression", "text": "\"arebelongtous\""}, "loc": ["services", "resilio", "httpPass"], "readOnly": false, "type": "string"}, "services.resilio.listeningPort": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Listening port. Defaults to 0 which randomizes the port.\n", "example": {"_type": "literalExpression", "text": "44444"}, "loc": ["services", "resilio", "listeningPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.resilio.package": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "pkgs.resilio-sync"}, "description": "The resilio-sync package to use.", "loc": ["services", "resilio", "package"], "readOnly": false, "type": "package"}, "services.resilio.sharedFolders": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Shared folder list. If enabled, web UI must be\ndisabled. Secrets can be generated using `rslsync --generate-secret`.\n\nIf you would like to be able to modify the contents of this\ndirectories, it is recommended that you make your user a\nmember of the `rslsync` group.\n\nDirectories in this list should be in the\n`rslsync` group, and that group must have\nwrite access to the directory. It is also recommended that\n`chmod g+s` is applied to the directory\nso that any sub directories created will also belong to\nthe `rslsync` group. Also,\n`setfacl -d -m group:rslsync:rwx` and\n`setfacl -m group:rslsync:rwx` should also\nbe applied so that the sub directories are writable by\nthe group.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    directory = \"/home/user/sync_test\";\n    knownHosts = [\n      \"192.168.1.2:4444\"\n      \"192.168.1.3:4444\"\n    ];\n    searchLAN = true;\n    secretFile = \"/run/resilio-secret\";\n    useDHT = false;\n    useRelayServer = true;\n    useSyncTrash = true;\n    useTracker = true;\n  }\n]"}, "loc": ["services", "resilio", "sharedFolders"], "readOnly": false, "type": "list of attribute set of anything"}, "services.resilio.storagePath": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/resilio-sync/\""}, "description": "Where BitTorrent Sync will store it's database files (containing\nthings like username info and licenses). Generally, you should not\nneed to ever change this.\n", "loc": ["services", "resilio", "storagePath"], "readOnly": false, "type": "absolute path"}, "services.resilio.uploadLimit": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Upload speed limit. 0 is unlimited (default).\n", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["services", "resilio", "uploadLimit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.resilio.useUpnp": {"declarations": ["nixos/modules/services/networking/resilio.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use Universal Plug-n-Play (UPnP)\n", "loc": ["services", "resilio", "useUpnp"], "readOnly": false, "type": "boolean"}, "services.resolved.enable": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Systemd DNS resolver daemon (systemd-resolved).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "resolved", "enable"], "readOnly": false, "type": "boolean"}, "services.resolved.settings.Resolve": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings option for systemd-resolved.\nSee {manpage}`resolved.conf(5)` for all available options.\n", "loc": ["services", "resolved", "settings", "Resolve"], "readOnly": false, "type": "open submodule of attribute set of (systemd option)"}, "services.resolved.settings.Resolve.DNS": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "config.networking.nameservers"}, "description": "List of IP addresses to query as recursive DNS resolvers.\n", "loc": ["services", "resolved", "settings", "Resolve", "DNS"], "readOnly": false, "type": "systemd option"}, "services.resolved.settings.Resolve.DNSOverTLS": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use TLS encryption for DNS queries. Requires\nnameservers that support DNS-over-TLS.\n", "loc": ["services", "resolved", "settings", "Resolve", "DNSOverTLS"], "readOnly": false, "type": "systemd option"}, "services.resolved.settings.Resolve.DNSSEC": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to validate DNSSEC for DNS lookups.\n", "loc": ["services", "resolved", "settings", "Resolve", "DNSSEC"], "readOnly": false, "type": "systemd option"}, "services.resolved.settings.Resolve.Domains": {"declarations": ["nixos/modules/system/boot/resolved.nix"], "default": {"_type": "literalExpression", "text": "config.networking.search"}, "description": "List of search domains used to complete unqualified name lookups.\n", "example": {"_type": "literalExpression", "text": "[\n  \"scope.example.com\"\n  \"example.com\"\n]"}, "loc": ["services", "resolved", "settings", "Resolve", "Domains"], "readOnly": false, "type": "systemd option"}, "services.restic.backups": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Periodic backups to create with Restic.\n", "example": {"_type": "literalExpression", "text": "{\n  commandbackup = {\n    command = [\n      \"\\${lib.getExe pkgs.sudo}\"\n      \"-u postgres\"\n      \"\\${pkgs.postgresql}/bin/pg_dumpall\"\n    ];\n    environmentFile = \"/etc/nixos/secrets/restic-environment\";\n    extraBackupArgs = [\n      \"--tag database\"\n    ];\n    passwordFile = \"/etc/nixos/secrets/restic-password\";\n    pruneOpts = [\n      \"--keep-daily 14\"\n      \"--keep-weekly 4\"\n      \"--keep-monthly 2\"\n      \"--group-by tags\"\n    ];\n    repository = \"s3:example.com/mybucket\";\n  };\n  localbackup = {\n    exclude = [\n      \"/home/*/.cache\"\n    ];\n    initialize = true;\n    passwordFile = \"/etc/nixos/secrets/restic-password\";\n    paths = [\n      \"/home\"\n    ];\n    repository = \"/mnt/backup-hdd\";\n  };\n  remotebackup = {\n    extraOptions = [\n      \"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'\"\n    ];\n    passwordFile = \"/etc/nixos/secrets/restic-password\";\n    paths = [\n      \"/home\"\n    ];\n    repository = \"sftp:backup@host:/backups/home\";\n    timerConfig = {\n      OnCalendar = \"00:05\";\n      RandomizedDelaySec = \"5h\";\n    };\n  };\n}"}, "loc": ["services", "restic", "backups"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.restic.backups.<name>.backupCleanupCommand": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A script that must run after finishing the backup process.\n", "loc": ["services", "restic", "backups", "<name>", "backupCleanupCommand"], "readOnly": false, "type": "null or string"}, "services.restic.backups.<name>.backupPrepareCommand": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A script that must run before starting the backup process.\n", "loc": ["services", "restic", "backups", "<name>", "backupPrepareCommand"], "readOnly": false, "type": "null or string"}, "services.restic.backups.<name>.checkOpts": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of options for 'restic check'.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--with-cache\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "checkOpts"], "readOnly": false, "type": "list of string"}, "services.restic.backups.<name>.command": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command to pass to --stdin-from-command. If null or an empty array, and `paths`/`dynamicFilesFrom`\nare also null, no backup command will be run.\n", "example": {"_type": "literalExpression", "text": "[\n  \"sudo\"\n  \"-u\"\n  \"postgres\"\n  \"pg_dumpall\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "command"], "readOnly": false, "type": "list of string"}, "services.restic.backups.<name>.createWrapper": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to generate and add a script to the system path, that has the same environment variables set\nas the systemd service. This can be used to e.g. mount snapshots or perform other opterations, without\nhaving to manually specify most options.\n", "loc": ["services", "restic", "backups", "<name>", "createWrapper"], "readOnly": false, "type": "boolean"}, "services.restic.backups.<name>.dynamicFilesFrom": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A script that produces a list of files to back up.  The\nresults of this command are given to the '--files-from'\noption. The result is merged with paths specified via `paths`.\n", "example": {"_type": "literalExpression", "text": "\"find /home/matt/git -type d -name .git\""}, "loc": ["services", "restic", "backups", "<name>", "dynamicFilesFrom"], "readOnly": false, "type": "null or string"}, "services.restic.backups.<name>.environmentFile": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "file containing the credentials to access the repository, in the\nformat of an EnvironmentFile as described by {manpage}`systemd.exec(5)`\n", "loc": ["services", "restic", "backups", "<name>", "environmentFile"], "readOnly": false, "type": "null or string"}, "services.restic.backups.<name>.exclude": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Patterns to exclude when backing up. See\nhttps://restic.readthedocs.io/en/latest/040_backup.html#excluding-files for\ndetails on syntax.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/cache\"\n  \"/home/*/.cache\"\n  \".git\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "exclude"], "readOnly": false, "type": "list of string"}, "services.restic.backups.<name>.extraBackupArgs": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to restic backup.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--cleanup-cache\"\n  \"--exclude-file=/etc/nixos/restic-ignore\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "extraBackupArgs"], "readOnly": false, "type": "list of string"}, "services.restic.backups.<name>.extraOptions": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra extended options to be passed to the restic --option flag.\n", "example": {"_type": "literalExpression", "text": "[\n  \"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.restic.backups.<name>.inhibitsSleep": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Prevents the system from sleeping while backing up.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "restic", "backups", "<name>", "inhibitsSleep"], "readOnly": false, "type": "boolean"}, "services.restic.backups.<name>.initialize": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create the repository if it doesn't exist.\n", "loc": ["services", "restic", "backups", "<name>", "initialize"], "readOnly": false, "type": "boolean"}, "services.restic.backups.<name>.package": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "pkgs.restic"}, "description": "The restic package to use.", "loc": ["services", "restic", "backups", "<name>", "package"], "readOnly": false, "type": "package"}, "services.restic.backups.<name>.passwordFile": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Read the repository password from a file.\n", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/restic-password\""}, "loc": ["services", "restic", "backups", "<name>", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.restic.backups.<name>.paths": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which paths to backup, in addition to ones specified via\n`dynamicFilesFrom`.  If null or an empty array and\n`dynamicFilesFrom` is also null, no backup command will be run.\n This can be used to create a prune-only job.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/lib/postgresql\"\n  \"/home/user/backup\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "paths"], "readOnly": false, "type": "null or (list of string)"}, "services.restic.backups.<name>.progressFps": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Controls the frequency of progress reporting.\n", "example": {"_type": "literalExpression", "text": "0.1"}, "loc": ["services", "restic", "backups", "<name>", "progressFps"], "readOnly": false, "type": "null or (nonnegative integer or floating point number, meaning >=0)"}, "services.restic.backups.<name>.pruneOpts": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of options (--keep-\\* et al.) for 'restic forget\n--prune', to automatically prune old snapshots.  The\n'forget' command is run *after* the 'backup' command, so\nkeep that in mind when constructing the --keep-\\* options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--keep-daily 7\"\n  \"--keep-weekly 5\"\n  \"--keep-monthly 12\"\n  \"--keep-yearly 75\"\n]"}, "loc": ["services", "restic", "backups", "<name>", "pruneOpts"], "readOnly": false, "type": "list of string"}, "services.restic.backups.<name>.rcloneConfig": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for the rclone remote being used for backup.\nSee the remote's specific options under rclone's docs at\n<https://rclone.org/docs/>. When specifying\noption names, use the \"config\" name specified in the docs.\nFor example, to set `--b2-hard-delete` for a B2\nremote, use `hard_delete = true` in the\nattribute set.\nWarning: Secrets set in here will be world-readable in the Nix\nstore! Consider using the `rcloneConfigFile`\noption instead to specify secret values separately. Note that\noptions set here will override those set in the config file.\n", "example": {"_type": "literalExpression", "text": "{\n  account = \"xxx\";\n  hard_delete = true;\n  key = \"xxx\";\n  type = \"b2\";\n}"}, "loc": ["services", "restic", "backups", "<name>", "rcloneConfig"], "readOnly": false, "type": "null or (attribute set of (string or boolean))"}, "services.restic.backups.<name>.rcloneConfigFile": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing rclone configuration. This file\nmust contain configuration for the remote specified in this backup\nset and also must be readable by root. Options set in\n`rcloneConfig` will override those set in this\nfile.\n", "loc": ["services", "restic", "backups", "<name>", "rcloneConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.restic.backups.<name>.rcloneOptions": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Options to pass to rclone to control its behavior.\nSee <https://rclone.org/docs/#options> for\navailable options. When specifying option names, strip the\nleading `--`. To set a flag such as\n`--drive-use-trash`, which does not take a value,\nset the value to the Boolean `true`.\n", "example": {"_type": "literalExpression", "text": "{\n  bwlimit = \"10M\";\n  drive-use-trash = \"true\";\n}"}, "loc": ["services", "restic", "backups", "<name>", "rcloneOptions"], "readOnly": false, "type": "null or (attribute set of (string or boolean))"}, "services.restic.backups.<name>.repository": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "repository to backup to.\n", "example": {"_type": "literalExpression", "text": "\"sftp:backup@192.168.1.100:/backups/\u2039name\u203a\""}, "loc": ["services", "restic", "backups", "<name>", "repository"], "readOnly": false, "type": "null or string"}, "services.restic.backups.<name>.repositoryFile": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the repository location to backup to.\n", "loc": ["services", "restic", "backups", "<name>", "repositoryFile"], "readOnly": false, "type": "null or absolute path"}, "services.restic.backups.<name>.runCheck": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "builtins.length config.services.backups.\u2039name\u203a.checkOpts > 0"}, "description": "Whether to run the `check` command with the provided `checkOpts` options.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "restic", "backups", "<name>", "runCheck"], "readOnly": false, "type": "boolean"}, "services.restic.backups.<name>.timerConfig": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"daily\";\n  Persistent = true;\n}"}, "description": "When to run the backup. See {manpage}`systemd.timer(5)` for\ndetails. If null no timer is created and the backup will only\nrun when explicitly started.\n", "example": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"00:05\";\n  Persistent = true;\n  RandomizedDelaySec = \"5h\";\n}"}, "loc": ["services", "restic", "backups", "<name>", "timerConfig"], "readOnly": false, "type": "null or (attribute set of (systemd option))"}, "services.restic.backups.<name>.user": {"declarations": ["nixos/modules/services/backup/restic.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "As which user the backup should run.\n", "example": {"_type": "literalExpression", "text": "\"postgresql\""}, "loc": ["services", "restic", "backups", "<name>", "user"], "readOnly": false, "type": "string"}, "services.restic.server.appendOnly": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable append only mode.\nThis mode allows creation of new backups but prevents deletion and modification of existing backups.\nThis can be useful when backing up systems that have a potential of being hacked.\n", "loc": ["services", "restic", "server", "appendOnly"], "readOnly": false, "type": "boolean"}, "services.restic.server.dataDir": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/restic\""}, "description": "The directory for storing the restic repository.", "loc": ["services", "restic", "server", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.restic.server.enable": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Restic REST Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "restic", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.restic.server.extraFlags": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra commandline options to pass to Restic REST server.\n", "loc": ["services", "restic", "server", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.restic.server.htpasswd-file": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the servers .htpasswd file. Defaults to `${dataDir}/.htpasswd`.", "loc": ["services", "restic", "server", "htpasswd-file"], "readOnly": false, "type": "null or absolute path"}, "services.restic.server.listenAddress": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "\"8000\""}, "description": "Listen on a specific IP address and port or unix socket.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8080\""}, "loc": ["services", "restic", "server", "listenAddress"], "readOnly": false, "type": "string"}, "services.restic.server.package": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.restic-rest-server"}, "description": "The restic-rest-server package to use.", "loc": ["services", "restic", "server", "package"], "readOnly": false, "type": "package"}, "services.restic.server.privateRepos": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable private repos.\nGrants access only when a subdirectory with the same name as the user is specified in the repository URL.\n", "loc": ["services", "restic", "server", "privateRepos"], "readOnly": false, "type": "boolean"}, "services.restic.server.prometheus": {"declarations": ["nixos/modules/services/backup/restic-rest-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Prometheus metrics at /metrics.", "loc": ["services", "restic", "server", "prometheus"], "readOnly": false, "type": "boolean"}, "services.rethinkdb.dbpath": {"declarations": ["nixos/modules/services/databases/rethinkdb.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/rethinkdb\""}, "description": "Location where RethinkDB stores its data, 1 data directory per instance.", "loc": ["services", "rethinkdb", "dbpath"], "readOnly": false, "type": "unspecified value"}, "services.rethinkdb.enable": {"declarations": ["nixos/modules/services/databases/rethinkdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RethinkDB server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rethinkdb", "enable"], "readOnly": false, "type": "boolean"}, "services.rethinkdb.group": {"declarations": ["nixos/modules/services/databases/rethinkdb.nix"], "default": {"_type": "literalExpression", "text": "\"rethinkdb\""}, "description": "Group which rethinkdb user belongs to.", "loc": ["services", "rethinkdb", "group"], "readOnly": false, "type": "unspecified value"}, "services.rethinkdb.pidpath": {"declarations": ["nixos/modules/services/databases/rethinkdb.nix"], "default": {"_type": "literalExpression", "text": "\"/run/rethinkdb\""}, "description": "Location where each instance's pid file is located.", "loc": ["services", "rethinkdb", "pidpath"], "readOnly": false, "type": "unspecified value"}, "services.rethinkdb.user": {"declarations": ["nixos/modules/services/databases/rethinkdb.nix"], "default": {"_type": "literalExpression", "text": "\"rethinkdb\""}, "description": "User account under which RethinkDB runs.", "loc": ["services", "rethinkdb", "user"], "readOnly": false, "type": "unspecified value"}, "services.riemann-dash.config": {"declarations": ["nixos/modules/services/monitoring/riemann-dash.nix"], "description": "Contents added to the end of the riemann-dash configuration file.\n", "loc": ["services", "riemann-dash", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.riemann-dash.dataDir": {"declarations": ["nixos/modules/services/monitoring/riemann-dash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/riemann-dash\""}, "description": "Location of the riemann-base dir. The dashboard configuration file is\nis stored to this directory. The directory is created automatically on\nservice start, and owner is set to the riemanndash user.\n", "loc": ["services", "riemann-dash", "dataDir"], "readOnly": false, "type": "string"}, "services.riemann-dash.enable": {"declarations": ["nixos/modules/services/monitoring/riemann-dash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the riemann-dash dashboard daemon.\n", "loc": ["services", "riemann-dash", "enable"], "readOnly": false, "type": "boolean"}, "services.riemann-tools.enableHealth": {"declarations": ["nixos/modules/services/monitoring/riemann-tools.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the riemann-health daemon.\n", "loc": ["services", "riemann-tools", "enableHealth"], "readOnly": false, "type": "boolean"}, "services.riemann-tools.extraArgs": {"declarations": ["nixos/modules/services/monitoring/riemann-tools.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of commandline-switches forwarded to a riemann-tool.\nSee for example `riemann-health --help` for available options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-p 5555\"\n  \"--timeout=30\"\n  \"--attribute=myattribute=42\"\n]"}, "loc": ["services", "riemann-tools", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.riemann-tools.riemannHost": {"declarations": ["nixos/modules/services/monitoring/riemann-tools.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address of the host riemann node. Defaults to localhost.\n", "loc": ["services", "riemann-tools", "riemannHost"], "readOnly": false, "type": "string"}, "services.riemann.config": {"declarations": ["nixos/modules/services/monitoring/riemann.nix"], "description": "Contents of the Riemann configuration file. For more complicated\nconfig you should use configFile.\n", "loc": ["services", "riemann", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.riemann.configFile": {"declarations": ["nixos/modules/services/monitoring/riemann.nix"], "description": "A Riemann config file. Any files in the same directory as this file\nwill be added to the classpath by Riemann.\n", "loc": ["services", "riemann", "configFile"], "readOnly": false, "type": "string"}, "services.riemann.configFiles": {"declarations": ["nixos/modules/services/monitoring/riemann.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra files containing Riemann configuration. These files will be\nloaded at runtime by Riemann (with Clojure's\n`load-file` function) at the end of the\nconfiguration if you use the config option, this is ignored if you\nuse configFile.\n", "loc": ["services", "riemann", "configFiles"], "readOnly": false, "type": "list of absolute path"}, "services.riemann.enable": {"declarations": ["nixos/modules/services/monitoring/riemann.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Riemann network monitoring daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "riemann", "enable"], "readOnly": false, "type": "boolean"}, "services.riemann.extraClasspathEntries": {"declarations": ["nixos/modules/services/monitoring/riemann.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra entries added to the Java classpath when running Riemann.\n", "loc": ["services", "riemann", "extraClasspathEntries"], "readOnly": false, "type": "list of string"}, "services.riemann.extraJavaOpts": {"declarations": ["nixos/modules/services/monitoring/riemann.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra Java options used when launching Riemann.\n", "loc": ["services", "riemann", "extraJavaOpts"], "readOnly": false, "type": "list of string"}, "services.rimgo.enable": {"declarations": ["nixos/modules/services/web-apps/rimgo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rimgo.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rimgo", "enable"], "readOnly": false, "type": "boolean"}, "services.rimgo.package": {"declarations": ["nixos/modules/services/web-apps/rimgo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rimgo"}, "description": "The rimgo package to use.", "loc": ["services", "rimgo", "package"], "readOnly": false, "type": "package"}, "services.rimgo.settings": {"declarations": ["nixos/modules/services/web-apps/rimgo.nix"], "description": "Settings for rimgo, see [the official documentation](https://rimgo.codeberg.page/docs/usage/configuration/) for supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  PORT = 69420;\n  FORCE_WEBP = \"1\";\n}\n"}, "loc": ["services", "rimgo", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.rimgo.settings.ADDRESS": {"declarations": ["nixos/modules/services/web-apps/rimgo.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address to listen on.", "example": {"_type": "literalExpression", "text": "\"1.1.1.1\""}, "loc": ["services", "rimgo", "settings", "ADDRESS"], "readOnly": false, "type": "string"}, "services.rimgo.settings.PORT": {"declarations": ["nixos/modules/services/web-apps/rimgo.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port to use.", "example": {"_type": "literalExpression", "text": "69420"}, "loc": ["services", "rimgo", "settings", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ringboard.wayland.enable": {"declarations": ["nixos/modules/services/misc/ringboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wayland support for Ringboard.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ringboard", "wayland", "enable"], "readOnly": false, "type": "boolean"}, "services.ringboard.wayland.package": {"declarations": ["nixos/modules/services/misc/ringboard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ringboard-wayland"}, "description": "The ringboard-wayland package to use.", "loc": ["services", "ringboard", "wayland", "package"], "readOnly": false, "type": "package"}, "services.ringboard.x11.enable": {"declarations": ["nixos/modules/services/misc/ringboard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable X11 support for Ringboard.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ringboard", "x11", "enable"], "readOnly": false, "type": "boolean"}, "services.ringboard.x11.package": {"declarations": ["nixos/modules/services/misc/ringboard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ringboard"}, "description": "The ringboard package to use.", "loc": ["services", "ringboard", "x11", "package"], "readOnly": false, "type": "package"}, "services.rkvm.client.enable": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the rkvm client daemon (input receiver).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rkvm", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.rkvm.client.settings": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structured client daemon configuration", "loc": ["services", "rkvm", "client", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.rkvm.client.settings.certificate": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/rkvm/certificate.pem\""}, "description": "TLS ceritficate path.\n\n::: {.note}\nThis should be generated with {command}`rkvm-certificate-gen`.\n:::\n", "loc": ["services", "rkvm", "client", "settings", "certificate"], "readOnly": false, "type": "absolute path"}, "services.rkvm.client.settings.password": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "description": "Shared secret token to authenticate the client.\nMake sure this matches your server's config.\n", "loc": ["services", "rkvm", "client", "settings", "password"], "readOnly": false, "type": "string"}, "services.rkvm.client.settings.server": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "description": "An RKVM server's internet socket address, either IPv4 or IPv6.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.123:5258\""}, "loc": ["services", "rkvm", "client", "settings", "server"], "readOnly": false, "type": "string"}, "services.rkvm.enable": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "config.services.rkvm.server.enable || config.services.rkvm.client.enable"}, "description": "Whether to enable rkvm, a Virtual KVM switch for Linux machines.\n", "loc": ["services", "rkvm", "enable"], "readOnly": false, "type": "boolean"}, "services.rkvm.package": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rkvm"}, "description": "The rkvm package to use.", "loc": ["services", "rkvm", "package"], "readOnly": false, "type": "package"}, "services.rkvm.server.enable": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the rkvm server daemon (input transmitter).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rkvm", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.rkvm.server.settings": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structured server daemon configuration", "loc": ["services", "rkvm", "server", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.rkvm.server.settings.certificate": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/rkvm/certificate.pem\""}, "description": "TLS certificate path.\n\n::: {.note}\nThis should be generated with {command}`rkvm-certificate-gen`.\n:::\n", "loc": ["services", "rkvm", "server", "settings", "certificate"], "readOnly": false, "type": "absolute path"}, "services.rkvm.server.settings.key": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/rkvm/key.pem\""}, "description": "TLS key path.\n\n::: {.note}\nThis should be generated with {command}`rkvm-certificate-gen`.\n:::\n", "loc": ["services", "rkvm", "server", "settings", "key"], "readOnly": false, "type": "absolute path"}, "services.rkvm.server.settings.listen": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:5258\""}, "description": "An internet socket address to listen on, either IPv4 or IPv6.\n", "loc": ["services", "rkvm", "server", "settings", "listen"], "readOnly": false, "type": "string"}, "services.rkvm.server.settings.password": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "description": "Shared secret token to authenticate the client.\nMake sure this matches your client's config.\n", "loc": ["services", "rkvm", "server", "settings", "password"], "readOnly": false, "type": "string"}, "services.rkvm.server.settings.switch-keys": {"declarations": ["nixos/modules/services/misc/rkvm.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"left-alt\"\n  \"left-ctrl\"\n]"}, "description": "A key list specifying a host switch combination.\n\n_A list of key names is available in <https://github.com/htrefil/rkvm/blob/master/switch-keys.md>._\n", "loc": ["services", "rkvm", "server", "settings", "switch-keys"], "readOnly": false, "type": "list of string"}, "services.rmfakecloud.enable": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rmfakecloud remarkable self-hosted cloud.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rmfakecloud", "enable"], "readOnly": false, "type": "boolean"}, "services.rmfakecloud.environmentFile": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an environment file loaded for the rmfakecloud service.\n\nThis can be used to securely store tokens and secrets outside of the\nworld-readable Nix store. Since this file is read by systemd, it may\nhave permission 0400 and be owned by root.\n", "example": {"_type": "literalExpression", "text": "\"/etc/secrets/rmfakecloud.env\""}, "loc": ["services", "rmfakecloud", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.rmfakecloud.extraSettings": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra settings in the form of a set of key-value pairs.\nFor tokens and secrets, use `environmentFile` instead.\n\nAvailable settings are listed on\nhttps://ddvk.github.io/rmfakecloud/install/configuration/.\n", "example": {"_type": "literalExpression", "text": "{\n  DATADIR = \"/custom/path/for/rmfakecloud/data\";\n}"}, "loc": ["services", "rmfakecloud", "extraSettings"], "readOnly": false, "type": "attribute set of string"}, "services.rmfakecloud.logLevel": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Logging level.\n", "loc": ["services", "rmfakecloud", "logLevel"], "readOnly": false, "type": "one of \"info\", \"debug\", \"warn\", \"error\""}, "services.rmfakecloud.package": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rmfakecloud"}, "description": "The rmfakecloud package to use.", "loc": ["services", "rmfakecloud", "package"], "readOnly": false, "type": "package"}, "services.rmfakecloud.port": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Listening port number.\n", "loc": ["services", "rmfakecloud", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rmfakecloud.storageUrl": {"declarations": ["nixos/modules/services/misc/rmfakecloud.nix"], "description": "URL used by the tablet to access the rmfakecloud service.\n", "example": {"_type": "literalExpression", "text": "\"https://local.appspot.com\""}, "loc": ["services", "rmfakecloud", "storageUrl"], "readOnly": false, "type": "string"}, "services.robustirc-bridge.enable": {"declarations": ["nixos/modules/services/networking/robustirc-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RobustIRC bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "robustirc-bridge", "enable"], "readOnly": false, "type": "boolean"}, "services.robustirc-bridge.extraFlags": {"declarations": ["nixos/modules/services/networking/robustirc-bridge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the {command}`robustirc-bridge` command. See [RobustIRC Documentation](https://robustirc.net/docs/adminguide.html#_bridge) or {manpage}`robustirc-bridge(1)` for details.", "example": {"_type": "literalExpression", "text": "[\n  \"-network robustirc.net\"\n]"}, "loc": ["services", "robustirc-bridge", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.roon-bridge.enable": {"declarations": ["nixos/modules/services/audio/roon-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Roon Bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "roon-bridge", "enable"], "readOnly": false, "type": "boolean"}, "services.roon-bridge.group": {"declarations": ["nixos/modules/services/audio/roon-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"roon-bridge\""}, "description": "Group to run the Roon Bridge as.\n", "loc": ["services", "roon-bridge", "group"], "readOnly": false, "type": "string"}, "services.roon-bridge.openFirewall": {"declarations": ["nixos/modules/services/audio/roon-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the bridge.\n", "loc": ["services", "roon-bridge", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.roon-bridge.user": {"declarations": ["nixos/modules/services/audio/roon-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"roon-bridge\""}, "description": "User to run the Roon bridge as.\n", "loc": ["services", "roon-bridge", "user"], "readOnly": false, "type": "string"}, "services.roon-server.enable": {"declarations": ["nixos/modules/services/audio/roon-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Roon Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "roon-server", "enable"], "readOnly": false, "type": "boolean"}, "services.roon-server.group": {"declarations": ["nixos/modules/services/audio/roon-server.nix"], "default": {"_type": "literalExpression", "text": "\"roon-server\""}, "description": "Group to run the Roon Server as.\n", "loc": ["services", "roon-server", "group"], "readOnly": false, "type": "string"}, "services.roon-server.openFirewall": {"declarations": ["nixos/modules/services/audio/roon-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the server.\n", "loc": ["services", "roon-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.roon-server.package": {"declarations": ["nixos/modules/services/audio/roon-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.roon-server"}, "description": "The roon-server package to use.", "loc": ["services", "roon-server", "package"], "readOnly": false, "type": "package"}, "services.roon-server.user": {"declarations": ["nixos/modules/services/audio/roon-server.nix"], "default": {"_type": "literalExpression", "text": "\"roon-server\""}, "description": "User to run the Roon Server as.\n", "loc": ["services", "roon-server", "user"], "readOnly": false, "type": "string"}, "services.rosenpass.defaultDevice": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "description": "Name of the network interface to use for all peers by default.", "example": {"_type": "literalExpression", "text": "\"wg0\""}, "loc": ["services", "rosenpass", "defaultDevice"], "readOnly": false, "type": "null or string"}, "services.rosenpass.enable": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Rosenpass.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rosenpass", "enable"], "readOnly": false, "type": "boolean"}, "services.rosenpass.package": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rosenpass"}, "description": "The rosenpass package to use.", "loc": ["services", "rosenpass", "package"], "readOnly": false, "type": "package"}, "services.rosenpass.settings": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Rosenpass, see <https://rosenpass.eu/> for further information.", "loc": ["services", "rosenpass", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.rosenpass.settings.listen": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of local endpoints to listen for connections.", "example": {"_type": "literalExpression", "text": "[ \"0.0.0.0:10000\" ]"}, "loc": ["services", "rosenpass", "settings", "listen"], "readOnly": false, "type": "list of string"}, "services.rosenpass.settings.peers": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of peers to exchange keys with.", "loc": ["services", "rosenpass", "settings", "peers"], "readOnly": false, "type": "list of (open submodule of (TOML value))"}, "services.rosenpass.settings.peers.*.device": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "config.services.rosenpass.defaultDevice"}, "description": "Name of the local WireGuard interface to use for this peer.", "loc": ["services", "rosenpass", "settings", "peers", "*", "device"], "readOnly": false, "type": "string"}, "services.rosenpass.settings.peers.*.endpoint": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint of the remote Rosenpass peer.", "loc": ["services", "rosenpass", "settings", "peers", "*", "endpoint"], "readOnly": false, "type": "null or string"}, "services.rosenpass.settings.peers.*.peer": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "description": "WireGuard public key corresponding to the remote Rosenpass peer.", "loc": ["services", "rosenpass", "settings", "peers", "*", "peer"], "readOnly": false, "type": "string"}, "services.rosenpass.settings.peers.*.public_key": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "description": "Path to a file containing the public key of the remote Rosenpass peer.", "loc": ["services", "rosenpass", "settings", "peers", "*", "public_key"], "readOnly": false, "type": "absolute path"}, "services.rosenpass.settings.public_key": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "description": "Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`.", "loc": ["services", "rosenpass", "settings", "public_key"], "readOnly": false, "type": "absolute path"}, "services.rosenpass.settings.secret_key": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "description": "Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`.", "loc": ["services", "rosenpass", "settings", "secret_key"], "readOnly": false, "type": "absolute path"}, "services.rosenpass.settings.verbosity": {"declarations": ["nixos/modules/services/networking/rosenpass.nix"], "default": {"_type": "literalExpression", "text": "\"Quiet\""}, "description": "Verbosity of output produced by the service.", "loc": ["services", "rosenpass", "settings", "verbosity"], "readOnly": false, "type": "one of \"Verbose\", \"Quiet\""}, "services.roundcube.configureNginx": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Configure nginx as a reverse proxy for roundcube.", "loc": ["services", "roundcube", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.roundcube.database.dbname": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "\"roundcube\""}, "description": "Name of the postgresql database", "loc": ["services", "roundcube", "database", "dbname"], "readOnly": false, "type": "string"}, "services.roundcube.database.host": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host of the postgresql server. If this is not set to\n`localhost`, you have to create the\npostgresql user and database yourself, with appropriate\npermissions.\n", "loc": ["services", "roundcube", "database", "host"], "readOnly": false, "type": "string"}, "services.roundcube.database.password": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Password for the postgresql connection. Do not use: the password will be stored world readable in the store; use `passwordFile` instead.", "loc": ["services", "roundcube", "database", "password"], "readOnly": false, "type": "string"}, "services.roundcube.database.passwordFile": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "description": "Password file for the postgresql connection.\nMust be formatted according to PostgreSQL .pgpass standard (see <https://www.postgresql.org/docs/current/libpq-pgpass.html>)\nbut only one line, no comments and readable by user `nginx`.\nIgnored if `database.host` is set to `localhost`, as peer authentication will be used.\n", "example": {"_type": "literalExpression", "text": "pkgs.writeText \"roundcube-postgres-passwd.txt\" ''\n  hostname:port:database:username:password\n''\n"}, "loc": ["services", "roundcube", "database", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.roundcube.database.username": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "\"roundcube\""}, "description": "Username for the postgresql connection.\nIf `database.host` is set to `localhost`, a unix user and group of the same name will be created as well.\n", "loc": ["services", "roundcube", "database", "username"], "readOnly": false, "type": "string"}, "services.roundcube.dicts": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of aspell dictionaries for spell checking. If empty, spell checking is disabled.\n", "example": {"_type": "literalExpression", "text": "with pkgs.aspellDicts; [ en fr de ]"}, "loc": ["services", "roundcube", "dicts"], "readOnly": false, "type": "list of package"}, "services.roundcube.enable": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable roundcube.\n\nAlso enables nginx virtual host management.\nFurther nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n", "loc": ["services", "roundcube", "enable"], "readOnly": false, "type": "boolean"}, "services.roundcube.extraConfig": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for roundcube webmail instance", "loc": ["services", "roundcube", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.roundcube.hostName": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "description": "Hostname to use for the nginx vhost", "example": {"_type": "literalExpression", "text": "\"webmail.example.com\""}, "loc": ["services", "roundcube", "hostName"], "readOnly": false, "type": "string"}, "services.roundcube.maxAttachmentSize": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "18"}, "description": "The maximum attachment size in MB.\n[upstream issue comment]: https://github.com/roundcube/roundcubemail/issues/7979#issuecomment-808879209\n::: {.note}\nSince there is some overhead in base64 encoding applied to attachments, + 37% will be added\nto the value set in this option in order to offset the overhead. For example, setting\n`maxAttachmentSize` to `100` would result in `137M` being the real value in the configuration.\nSee [upstream issue comment] for more details on the motivations behind this.\n:::\n", "loc": ["services", "roundcube", "maxAttachmentSize"], "readOnly": false, "type": "signed integer"}, "services.roundcube.package": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "pkgs.roundcube"}, "description": "The roundcube package to use.", "example": {"_type": "literalExpression", "text": "roundcube.withPlugins (plugins: [ plugins.persistent_login ])"}, "loc": ["services", "roundcube", "package"], "readOnly": false, "type": "package"}, "services.roundcube.plugins": {"declarations": ["nixos/modules/services/mail/roundcube.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of roundcube plugins to enable. Currently, only those directly shipped with Roundcube are supported.\n", "loc": ["services", "roundcube", "plugins"], "readOnly": false, "type": "list of string"}, "services.routedns.configFile": {"declarations": ["nixos/modules/services/networking/routedns.nix"], "default": {"_type": "literalExpression", "text": "\"A RouteDNS configuration file automatically generated by values from services.routedns.*\""}, "description": "Path to RouteDNS TOML configuration file.", "example": {"_type": "literalExpression", "text": "\"${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml\""}, "loc": ["services", "routedns", "configFile"], "readOnly": false, "type": "absolute path"}, "services.routedns.enable": {"declarations": ["nixos/modules/services/networking/routedns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RouteDNS - DNS stub resolver, proxy and router.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "routedns", "enable"], "readOnly": false, "type": "boolean"}, "services.routedns.package": {"declarations": ["nixos/modules/services/networking/routedns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.routedns"}, "description": "The routedns package to use.", "loc": ["services", "routedns", "package"], "readOnly": false, "type": "package"}, "services.routedns.settings": {"declarations": ["nixos/modules/services/networking/routedns.nix"], "description": "Configuration for RouteDNS, see <https://github.com/folbricht/routedns/blob/master/doc/configuration.md>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  resolvers.cloudflare-dot = {\n    address = \"1.1.1.1:853\";\n    protocol = \"dot\";\n  };\n  groups.cloudflare-cached = {\n    type = \"cache\";\n    resolvers = [\"cloudflare-dot\"];\n  };\n  listeners.local-udp = {\n    address = \"127.0.0.1:53\";\n    protocol = \"udp\";\n    resolver = \"cloudflare-cached\";\n  };\n  listeners.local-tcp = {\n    address = \"127.0.0.1:53\";\n    protocol = \"tcp\";\n    resolver = \"cloudflare-cached\";\n  };\n}\n"}, "loc": ["services", "routedns", "settings"], "readOnly": false, "type": "TOML value"}, "services.routinator.enable": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Routinator 3000.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "routinator", "enable"], "readOnly": false, "type": "boolean"}, "services.routinator.extraArgs": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to routinator, see <https://routinator.docs.nlnetlabs.nl/en/stable/manual-page.html#options> for options.\";\n", "example": {"_type": "literalExpression", "text": "[\n  \"--no-rir-tals\"\n]"}, "loc": ["services", "routinator", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.routinator.extraServerArgs": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to the server subcommand, see <https://routinator.docs.nlnetlabs.nl/en/stable/manual-page.html#subcmd-server> for options.\";\n", "example": {"_type": "literalExpression", "text": "[\n  \"--rtr-client-metrics\"\n]"}, "loc": ["services", "routinator", "extraServerArgs"], "readOnly": false, "type": "list of string"}, "services.routinator.package": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "pkgs.routinator"}, "description": "The routinator package to use.", "loc": ["services", "routinator", "package"], "readOnly": false, "type": "package"}, "services.routinator.settings": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Routinator 3000, see <https://routinator.docs.nlnetlabs.nl/en/stable/manual-page.html#configuration-file> for options.\n", "loc": ["services", "routinator", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.routinator.settings.expire": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "7200"}, "description": "An integer value specifying the number of seconds an RTR client is requested to use a data set if it cannot get an update before throwing it away and continuing with no data at all.\n", "loc": ["services", "routinator", "settings", "expire"], "readOnly": false, "type": "null or signed integer"}, "services.routinator.settings.http-listen": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An array of string values each providing an address and port on which the HTTP server should listen. Address and port should be separated by a colon. IPv6 address should be enclosed in square brackets.\n", "loc": ["services", "routinator", "settings", "http-listen"], "readOnly": false, "type": "null or (list of string)"}, "services.routinator.settings.log": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "A string specifying where to send log messages to.\nSee, <https://routinator.docs.nlnetlabs.nl/en/stable/manual-page.html#term-log>\n", "loc": ["services", "routinator", "settings", "log"], "readOnly": false, "type": "null or one of \"default\", \"stderr\", \"syslog\", \"file\""}, "services.routinator.settings.log-file": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string value containing the path to a file to which log messages will be appended if the log configuration value is set to file. In this case, the value is mandatory.\n", "loc": ["services", "routinator", "settings", "log-file"], "readOnly": false, "type": "null or absolute path"}, "services.routinator.settings.log-level": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "\"warn\""}, "description": "A string value specifying the maximum log level for which log messages should be emitted.\nSee, <https://routinator.docs.nlnetlabs.nl/en/stable/manual-page.html#logging>\n", "loc": ["services", "routinator", "settings", "log-level"], "readOnly": false, "type": "null or one of \"error\", \"warn\", \"info\", \"debug\""}, "services.routinator.settings.refresh": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "An integer value specifying the number of seconds Routinator should wait between consecutive validation runs in server mode. The next validation run will happen earlier, if objects expire earlier.\n", "loc": ["services", "routinator", "settings", "refresh"], "readOnly": false, "type": "null or signed integer"}, "services.routinator.settings.repository-dir": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/routinator/rpki-cache\""}, "description": "The path where the collected RPKI data is stored.\n", "loc": ["services", "routinator", "settings", "repository-dir"], "readOnly": false, "type": "absolute path"}, "services.routinator.settings.retry": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "An integer value specifying the number of seconds an RTR client is requested to wait after it failed to receive a data set.\n", "loc": ["services", "routinator", "settings", "retry"], "readOnly": false, "type": "null or signed integer"}, "services.routinator.settings.rtr-listen": {"declarations": ["nixos/modules/services/networking/routinator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An array of string values each providing an address and port on which the RTR server should listen in TCP mode. Address and port should be separated by a colon. IPv6 address should be enclosed in square brackets.\n", "loc": ["services", "routinator", "settings", "rtr-listen"], "readOnly": false, "type": "null or (list of string)"}, "services.rpcbind.enable": {"declarations": ["nixos/modules/services/networking/rpcbind.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable `rpcbind`, an ONC RPC directory service\nnotably used by NFS and NIS, and which can be queried\nusing the {manpage}`rpcinfo(1)` command. `rpcbind` is a replacement for\n`portmap`.\n", "loc": ["services", "rpcbind", "enable"], "readOnly": false, "type": "boolean"}, "services.rqbit.downloadDir": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rqbit/downloads\""}, "description": "Directory where to download torrents.", "example": {"_type": "literalExpression", "text": "\"/mnt/storage/torrents\""}, "loc": ["services", "rqbit", "downloadDir"], "readOnly": false, "type": "absolute path"}, "services.rqbit.enable": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rqbit BitTorrent daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rqbit", "enable"], "readOnly": false, "type": "boolean"}, "services.rqbit.group": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "\"rqbit\""}, "description": "Group account under which rqbit runs.", "loc": ["services", "rqbit", "group"], "readOnly": false, "type": "string"}, "services.rqbit.httpHost": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The listen host for the HTTP API.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "rqbit", "httpHost"], "readOnly": false, "type": "string"}, "services.rqbit.httpPort": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "3030"}, "description": "The listen port for the HTTP API.", "loc": ["services", "rqbit", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rqbit.openFirewall": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening of the HTTP and Peer ports in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rqbit", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.rqbit.package": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rqbit"}, "description": "The rqbit package to use.", "loc": ["services", "rqbit", "package"], "readOnly": false, "type": "package"}, "services.rqbit.peerPort": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "4240"}, "description": "The port to listen for incoming BitTorrent peer connections (TCP and uTP).", "loc": ["services", "rqbit", "peerPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rqbit.user": {"declarations": ["nixos/modules/services/torrent/rqbit.nix"], "default": {"_type": "literalExpression", "text": "\"rqbit\""}, "description": "User account under which rqbit runs.", "loc": ["services", "rqbit", "user"], "readOnly": false, "type": "string"}, "services.rshim.backend": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the backend to attach. If not specified, the driver will scan\nall rshim backends unless the `device` option is given with a device\nname specified.\n", "example": {"_type": "literalExpression", "text": "\"pcie\""}, "loc": ["services", "rshim", "backend"], "readOnly": false, "type": "null or one of \"usb\", \"pcie\", \"pcie_lf\""}, "services.rshim.config": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structural setting for the rshim configuration file\n(`/etc/rshim.conf`). It can be used to specify the static mapping\nbetween rshim devices and rshim names. It can also be used to ignore\nsome rshim devices.\n", "example": {"_type": "literalExpression", "text": "{\n  DISPLAY_LEVEL = 0;\n  none = \"usb-1-1.4\";\n  rshim0 = \"usb-2-1.7\";\n}"}, "loc": ["services", "rshim", "config"], "readOnly": false, "type": "attribute set of (signed integer or string)"}, "services.rshim.device": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the device name to attach. The backend driver can be deduced\nfrom the device name, thus the `backend` option is not needed.\n", "example": {"_type": "literalExpression", "text": "\"pcie-04:00.2\""}, "loc": ["services", "rshim", "device"], "readOnly": false, "type": "null or string"}, "services.rshim.enable": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable user-space rshim driver for the BlueField SoC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rshim", "enable"], "readOnly": false, "type": "boolean"}, "services.rshim.index": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the index to create device path `/dev/rshim<index>`. It's also\nused to create network interface name `tmfifo_net<index>`. This option\nis needed when multiple rshim instances are running.\n", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "rshim", "index"], "readOnly": false, "type": "null or signed integer"}, "services.rshim.log-level": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Specify the log level (0:none, 1:error, 2:warning, 3:notice, 4:debug).\n", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "rshim", "log-level"], "readOnly": false, "type": "integer between 0 and 4 (both inclusive)"}, "services.rshim.package": {"declarations": ["nixos/modules/services/misc/rshim.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rshim-user-space"}, "description": "The rshim-user-space package to use.", "loc": ["services", "rshim", "package"], "readOnly": false, "type": "package"}, "services.rsnapshot.cronIntervals": {"declarations": ["nixos/modules/services/backup/rsnapshot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Periodicity at which intervals should be run by cron.\nNote that the intervals also have to exist in configuration\nas retain options.\n", "example": {"_type": "literalExpression", "text": "{\n  daily = \"50 21 * * *\";\n  hourly = \"0 * * * *\";\n}"}, "loc": ["services", "rsnapshot", "cronIntervals"], "readOnly": false, "type": "attribute set of string"}, "services.rsnapshot.enable": {"declarations": ["nixos/modules/services/backup/rsnapshot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rsnapshot backups.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rsnapshot", "enable"], "readOnly": false, "type": "boolean"}, "services.rsnapshot.enableManualRsnapshot": {"declarations": ["nixos/modules/services/backup/rsnapshot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable manual usage of the rsnapshot command with this module.", "loc": ["services", "rsnapshot", "enableManualRsnapshot"], "readOnly": false, "type": "boolean"}, "services.rsnapshot.extraConfig": {"declarations": ["nixos/modules/services/backup/rsnapshot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "rsnapshot configuration option in addition to the defaults from\nrsnapshot and this module.\n\nNote that tabs are required to separate option arguments, and\ndirectory names require trailing slashes.\n\nThe \"extra\" in the option name might be a little misleading right\nnow, as it is required to get a functional configuration.\n", "example": {"_type": "literalExpression", "text": "''\n  retains\thourly\t24\n  retain\tdaily\t365\n  backup\t/home/\tlocalhost/\n''"}, "loc": ["services", "rsnapshot", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.rspamd-trainer.enable": {"declarations": ["nixos/modules/services/mail/rspamd-trainer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Spam/ham trainer for rspamd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rspamd-trainer", "enable"], "readOnly": false, "type": "boolean"}, "services.rspamd-trainer.secrets": {"declarations": ["nixos/modules/services/mail/rspamd-trainer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files containing the various secrets. Should be in the\nformat expected by systemd's `EnvironmentFile` directory. For the\nIMAP account password use `PASSWORD = mypassword`.\n", "loc": ["services", "rspamd-trainer", "secrets"], "readOnly": false, "type": "list of absolute path"}, "services.rspamd-trainer.settings": {"declarations": ["nixos/modules/services/mail/rspamd-trainer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "IMAP authentication configuration for rspamd-trainer. For supplying\nthe IMAP password, use the `secrets` option.\n", "example": {"_type": "literalExpression", "text": "{\n  HOST = \"localhost\";\n  USERNAME = \"spam@example.com\";\n  INBOXPREFIX = \"INBOX/\";\n}\n"}, "loc": ["services", "rspamd-trainer", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.rspamd.debug": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the rspamd daemon in debug mode.", "loc": ["services", "rspamd", "debug"], "readOnly": false, "type": "boolean"}, "services.rspamd.enable": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rspamd, the Rapid spam filtering system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rspamd", "enable"], "readOnly": false, "type": "boolean"}, "services.rspamd.extraConfig": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to add at the end of the rspamd configuration\nfile.\n", "loc": ["services", "rspamd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.rspamd.group": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "\"rspamd\""}, "description": "Group to use when no root privileges are required.\n", "loc": ["services", "rspamd", "group"], "readOnly": false, "type": "string"}, "services.rspamd.localLuaRules": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of file to link to {file}`/etc/rspamd/rspamd.local.lua` for local\nrules written in Lua\n", "loc": ["services", "rspamd", "localLuaRules"], "readOnly": false, "type": "null or absolute path"}, "services.rspamd.locals": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Local configuration files, written into {file}`/etc/rspamd/local.d/{name}`.\n", "example": {"_type": "literalExpression", "text": "{ \"redis.conf\".source = \"/nix/store/.../etc/dir/redis.conf\";\n  \"arc.conf\".text = \"allow_envfrom_empty = true;\";\n}\n"}, "loc": ["services", "rspamd", "locals"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rspamd.locals.<name>.enable": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this file locals should be generated.  This\noption allows specific locals files to be disabled.\n", "loc": ["services", "rspamd", "locals", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.rspamd.locals.<name>.source": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "description": "Path of the source file.", "loc": ["services", "rspamd", "locals", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "services.rspamd.locals.<name>.text": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "rspamd", "locals", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.rspamd.overrides": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Overridden configuration files, written into {file}`/etc/rspamd/override.d/{name}`.\n", "example": {"_type": "literalExpression", "text": "{ \"redis.conf\".source = \"/nix/store/.../etc/dir/redis.conf\";\n  \"arc.conf\".text = \"allow_envfrom_empty = true;\";\n}\n"}, "loc": ["services", "rspamd", "overrides"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rspamd.overrides.<name>.enable": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this file overrides should be generated.  This\noption allows specific overrides files to be disabled.\n", "loc": ["services", "rspamd", "overrides", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.rspamd.overrides.<name>.source": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "description": "Path of the source file.", "loc": ["services", "rspamd", "overrides", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "services.rspamd.overrides.<name>.text": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "rspamd", "overrides", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.rspamd.package": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rspamd"}, "description": "The rspamd package to use.", "loc": ["services", "rspamd", "package"], "readOnly": false, "type": "package"}, "services.rspamd.postfix.config": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "{\n  non_smtpd_milters = [\n    \"unix:/run/rspamd/rspamd-milter.sock\"\n  ];\n  smtpd_milters = [\n    \"unix:/run/rspamd/rspamd-milter.sock\"\n  ];\n}"}, "description": "Addon to postfix configuration\n", "loc": ["services", "rspamd", "postfix", "config"], "readOnly": false, "type": "attribute set of (boolean or string or list of string)"}, "services.rspamd.postfix.enable": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add rspamd milter to postfix main.conf", "loc": ["services", "rspamd", "postfix", "enable"], "readOnly": false, "type": "boolean"}, "services.rspamd.user": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "\"rspamd\""}, "description": "User to use when no root privileges are required.\n", "loc": ["services", "rspamd", "user"], "readOnly": false, "type": "string"}, "services.rspamd.workers": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "{\n  controller = { };\n  normal = { };\n}"}, "description": "Attribute set of workers to start.\n", "example": {"_type": "literalExpression", "text": "{\n  normal = {\n    includes = [ \"$CONFDIR/worker-normal.inc\" ];\n    bindSockets = [{\n      socket = \"/run/rspamd/rspamd.sock\";\n      mode = \"0660\";\n      owner = \"${config.services.rspamd.user}\";\n      group = \"${config.services.rspamd.group}\";\n    }];\n  };\n  controller = {\n    includes = [ \"$CONFDIR/worker-controller.inc\" ];\n    bindSockets = [ \"[::1]:11334\" ];\n  };\n}\n"}, "loc": ["services", "rspamd", "workers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rspamd.workers.<name>.bindSockets": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of sockets to listen, in format acceptable by rspamd\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    mode = \"0666\";\n    owner = \"rspamd\";\n    socket = \"/run/rspamd.sock\";\n  }\n  \"*:11333\"\n]"}, "loc": ["services", "rspamd", "workers", "<name>", "bindSockets"], "readOnly": false, "type": "list of (string or (submodule))"}, "services.rspamd.workers.<name>.count": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of worker instances to run\n", "loc": ["services", "rspamd", "workers", "<name>", "count"], "readOnly": false, "type": "null or signed integer"}, "services.rspamd.workers.<name>.enable": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to run the rspamd worker.", "loc": ["services", "rspamd", "workers", "<name>", "enable"], "readOnly": false, "type": "null or boolean"}, "services.rspamd.workers.<name>.extraConfig": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional entries to put verbatim into worker section of rspamd config file.", "loc": ["services", "rspamd", "workers", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.rspamd.workers.<name>.includes": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of files to include in configuration\n", "loc": ["services", "rspamd", "workers", "<name>", "includes"], "readOnly": false, "type": "list of string"}, "services.rspamd.workers.<name>.name": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Name of the worker", "loc": ["services", "rspamd", "workers", "<name>", "name"], "readOnly": false, "type": "null or string"}, "services.rspamd.workers.<name>.type": {"declarations": ["nixos/modules/services/mail/rspamd.nix"], "description": "The type of this worker. The type `proxy` is\ndeprecated and only kept for backwards compatibility and should be\nreplaced with `rspamd_proxy`.\n", "loc": ["services", "rspamd", "workers", "<name>", "type"], "readOnly": false, "type": "null or one of \"normal\", \"controller\", \"fuzzy\", \"rspamd_proxy\", \"lua\", \"proxy\""}, "services.rss-bridge.config": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://rss-bridge.github.io/rss-bridge/For_Hosts/Custom_Configuration.html)\nand [sample config](https://github.com/RSS-Bridge/rss-bridge/blob/master/config.default.ini.php) to see a list of available options.\n", "example": {"_type": "literalExpression", "text": "{\n  system.enabled_bridges = [ \"*\" ];\n  error = {\n    output = \"http\";\n    report_limit = 5;\n  };\n  FileCache = {\n    enable_purge = true;\n  };\n}\n"}, "loc": ["services", "rss-bridge", "config"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.rss-bridge.config.FileCache.path": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "${config.services.rss-bridge.dataDir}/cache/"}, "description": "Directory where to store cache files (if cache.type = \"file\").", "loc": ["services", "rss-bridge", "config", "FileCache", "path"], "readOnly": false, "type": "string"}, "services.rss-bridge.config.system.enabled_bridges": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only enabled bridges are available for feed production", "loc": ["services", "rss-bridge", "config", "system", "enabled_bridges"], "readOnly": false, "type": "null or string or list of string"}, "services.rss-bridge.dataDir": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rss-bridge\""}, "description": "Location in which cache directory will be created.\nYou can put `config.ini.php` in here.\n", "loc": ["services", "rss-bridge", "dataDir"], "readOnly": false, "type": "string"}, "services.rss-bridge.enable": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rss-bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rss-bridge", "enable"], "readOnly": false, "type": "boolean"}, "services.rss-bridge.group": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"{option}`config.services.rss-bridge.webserver` or \\\"rss-bridge\\\"\""}, "description": "The group under which the web application runs.\n", "loc": ["services", "rss-bridge", "group"], "readOnly": false, "type": "string"}, "services.rss-bridge.package": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rss-bridge"}, "description": "The rss-bridge package to use.", "loc": ["services", "rss-bridge", "package"], "readOnly": false, "type": "package"}, "services.rss-bridge.pool": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"rss-bridge\""}, "description": "Name of phpfpm pool that is used to run web-application.\nIf `null` specified none will be created, otherwise automatically created with default values.\n", "loc": ["services", "rss-bridge", "pool"], "readOnly": false, "type": "null or string"}, "services.rss-bridge.user": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"{option}`config.services.rss-bridge.webserver` or \\\"rss-bridge\\\"\""}, "description": "The user account under which both the service and the web application run.\n", "loc": ["services", "rss-bridge", "user"], "readOnly": false, "type": "string"}, "services.rss-bridge.virtualHost": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"rss-bridge\""}, "description": "Name of the nginx or caddy virtualhost to use and setup. If null, do not setup any virtualhost.\n", "loc": ["services", "rss-bridge", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.rss-bridge.webserver": {"declarations": ["nixos/modules/services/web-apps/rss-bridge.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "Type of virtualhost to use and setup. If null, do not setup any virtualhost.\n", "loc": ["services", "rss-bridge", "webserver"], "readOnly": false, "type": "null or one of \"nginx\", \"caddy\""}, "services.rss2email.config": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration to give rss2email.\n\nDefault will use system-wide `sendmail` to send the\nemail. This is rss2email's default when running\n`r2e new`.\n\nThis set contains key-value associations that will be set in the\n`[DEFAULT]` block along with the\n`to` parameter.\n\nSee `man r2e` for more information on which\nparameters are accepted.\n", "loc": ["services", "rss2email", "config"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.rss2email.enable": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rss2email.", "loc": ["services", "rss2email", "enable"], "readOnly": false, "type": "boolean"}, "services.rss2email.feeds": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "description": "The feeds to watch.", "loc": ["services", "rss2email", "feeds"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rss2email.feeds.<name>.to": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Email address to which to send feed items.\n\nIf `null`, this will not be set in the\nconfiguration file, and rss2email will make it default to\n`rss2email.to`.\n", "loc": ["services", "rss2email", "feeds", "<name>", "to"], "readOnly": false, "type": "null or string"}, "services.rss2email.feeds.<name>.url": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "description": "The URL at which to fetch the feed.", "loc": ["services", "rss2email", "feeds", "<name>", "url"], "readOnly": false, "type": "string"}, "services.rss2email.interval": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "default": {"_type": "literalExpression", "text": "\"12h\""}, "description": "How often to check the feeds, in systemd interval format", "loc": ["services", "rss2email", "interval"], "readOnly": false, "type": "string"}, "services.rss2email.to": {"declarations": ["nixos/modules/services/mail/rss2email.nix"], "description": "Mail address to which to send emails", "loc": ["services", "rss2email", "to"], "readOnly": false, "type": "string"}, "services.rstudio-server.enable": {"declarations": ["nixos/modules/services/development/rstudio-server/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RStudio server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rstudio-server", "enable"], "readOnly": false, "type": "boolean"}, "services.rstudio-server.listenAddr": {"declarations": ["nixos/modules/services/development/rstudio-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on (www-address in rserver.conf).\n", "loc": ["services", "rstudio-server", "listenAddr"], "readOnly": false, "type": "string"}, "services.rstudio-server.package": {"declarations": ["nixos/modules/services/development/rstudio-server/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rstudio-server"}, "description": "The rstudio-server package to use.", "example": {"_type": "literalExpression", "text": "rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; }"}, "loc": ["services", "rstudio-server", "package"], "readOnly": false, "type": "package"}, "services.rstudio-server.rserverExtraConfig": {"declarations": ["nixos/modules/services/development/rstudio-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents for rserver.conf.\n", "loc": ["services", "rstudio-server", "rserverExtraConfig"], "readOnly": false, "type": "string"}, "services.rstudio-server.rsessionExtraConfig": {"declarations": ["nixos/modules/services/development/rstudio-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents for resssion.conf.\n", "loc": ["services", "rstudio-server", "rsessionExtraConfig"], "readOnly": false, "type": "string"}, "services.rstudio-server.serverWorkingDir": {"declarations": ["nixos/modules/services/development/rstudio-server/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rstudio-server\""}, "description": "Default working directory for server (server-working-dir in rserver.conf).\n", "loc": ["services", "rstudio-server", "serverWorkingDir"], "readOnly": false, "type": "string"}, "services.rsync.enable": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable periodic directory syncing via rsync.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rsync", "enable"], "readOnly": false, "type": "boolean"}, "services.rsync.jobs": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Synchronization jobs to run.\n", "loc": ["services", "rsync", "jobs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rsync.jobs.<name>.destination": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "description": "Destination directory.\n", "example": {"_type": "literalExpression", "text": "\"/srv/dst\""}, "loc": ["services", "rsync", "jobs", "<name>", "destination"], "readOnly": false, "type": "string"}, "services.rsync.jobs.<name>.group": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The name of an existing user group under which the rsync process should run.\n", "loc": ["services", "rsync", "jobs", "<name>", "group"], "readOnly": false, "type": "string"}, "services.rsync.jobs.<name>.inhibit": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Run the rsync process with an inhibition lock taken;\nsee {manpage}`systemd-inhibit(1)` for a list of possible operations.\n", "example": {"_type": "literalExpression", "text": "[\n  \"sleep\"\n]"}, "loc": ["services", "rsync", "jobs", "<name>", "inhibit"], "readOnly": false, "type": "list of string matching the pattern ^[^:]+$"}, "services.rsync.jobs.<name>.settings": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings that should be passed to rsync via long options.\nSee {manpage}`rsync(1)` for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  archive = true;\n  delete = true;\n  mkpath = true;\n  verbose = true;\n}"}, "loc": ["services", "rsync", "jobs", "<name>", "settings"], "readOnly": false, "type": "attribute set of (boolean or string or signed integer or floating point number or list of (boolean or string or signed integer or floating point number))"}, "services.rsync.jobs.<name>.sources": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "description": "Source directories.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/srv/src1/\"\n  \"/srv/src2/\"\n]"}, "loc": ["services", "rsync", "jobs", "<name>", "sources"], "readOnly": false, "type": "non-empty (list of string)"}, "services.rsync.jobs.<name>.timerConfig": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"daily\";\n  Persistent = true;\n}"}, "description": "When to run the job.\n", "loc": ["services", "rsync", "jobs", "<name>", "timerConfig"], "readOnly": false, "type": "null or (attribute set of (systemd option))"}, "services.rsync.jobs.<name>.user": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The name of an existing user account under which the rsync process should run.\n", "loc": ["services", "rsync", "jobs", "<name>", "user"], "readOnly": false, "type": "string"}, "services.rsync.package": {"declarations": ["nixos/modules/services/misc/rsync.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rsync"}, "description": "The rsync package to use.", "loc": ["services", "rsync", "package"], "readOnly": false, "type": "package"}, "services.rsyncd.enable": {"declarations": ["nixos/modules/services/network-filesystems/rsyncd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the rsync daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rsyncd", "enable"], "readOnly": false, "type": "boolean"}, "services.rsyncd.port": {"declarations": ["nixos/modules/services/network-filesystems/rsyncd.nix"], "default": {"_type": "literalExpression", "text": "873"}, "description": "TCP port the daemon will listen on.", "loc": ["services", "rsyncd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rsyncd.settings": {"declarations": ["nixos/modules/services/network-filesystems/rsyncd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for rsyncd. See\n{manpage}`rsyncd.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "{\n  globalSection = {\n    address = \"0.0.0.0\";\n    gid = \"nobody\";\n    \"max connections\" = 4;\n    uid = \"nobody\";\n    \"use chroot\" = true;\n  };\n  sections = {\n    cvs = {\n      \"auth users\" = [\n        \"tridge\"\n        \"susan\"\n      ];\n      comment = \"CVS repository (requires authentication)\";\n      path = \"/data/cvs\";\n      \"secrets file\" = \"/etc/rsyncd.secrets\";\n    };\n    ftp = {\n      comment = \"whole ftp area\";\n      path = \"/var/ftp/./pub\";\n    };\n  };\n}"}, "loc": ["services", "rsyncd", "settings"], "readOnly": false, "type": "submodule"}, "services.rsyncd.settings.globalSection": {"declarations": ["nixos/modules/services/network-filesystems/rsyncd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "global section of an INI file (attrs of INI atom (null, bool, int, float or string))", "loc": ["services", "rsyncd", "settings", "globalSection"], "readOnly": false, "type": "section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.rsyncd.settings.sections": {"declarations": ["nixos/modules/services/network-filesystems/rsyncd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))", "loc": ["services", "rsyncd", "settings", "sections"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.rsyncd.socketActivated": {"declarations": ["nixos/modules/services/network-filesystems/rsyncd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled Rsync will be socket-activated rather than run persistently.", "loc": ["services", "rsyncd", "socketActivated"], "readOnly": false, "type": "boolean"}, "services.rsyslogd.defaultConfig": {"declarations": ["nixos/modules/services/logging/rsyslogd.nix"], "default": {"_type": "literalExpression", "text": "''\n  # \"local1\" is used for dhcpd messages.\n  local1.*                     -/var/log/dhcpd\n  \n  mail.*                       -/var/log/mail\n  \n  *.=warning;*.=err            -/var/log/warn\n  *.crit                        /var/log/warn\n  \n  *.*;mail.none;local1.none    -/var/log/messages\n''"}, "description": "The default {file}`syslog.conf` file configures a\nfairly standard setup of log files, which can be extended by\nmeans of {var}`extraConfig`.\n", "loc": ["services", "rsyslogd", "defaultConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.rsyslogd.enable": {"declarations": ["nixos/modules/services/logging/rsyslogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable syslogd.  Note that systemd also logs\nsyslog messages, so you normally don't need to run syslogd.\n", "loc": ["services", "rsyslogd", "enable"], "readOnly": false, "type": "boolean"}, "services.rsyslogd.extraConfig": {"declarations": ["nixos/modules/services/logging/rsyslogd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional text appended to {file}`syslog.conf`,\ni.e. the contents of {var}`defaultConfig`.\n", "example": {"_type": "literalExpression", "text": "\"news.* -/var/log/news\""}, "loc": ["services", "rsyslogd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.rsyslogd.extraParams": {"declarations": ["nixos/modules/services/logging/rsyslogd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional parameters passed to {command}`rsyslogd`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-m 0\"\n]"}, "loc": ["services", "rsyslogd", "extraParams"], "readOnly": false, "type": "list of string"}, "services.rtorrent.configText": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The content of {file}`rtorrent.rc`. The [modernized configuration template](https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template) with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completely.\n", "loc": ["services", "rtorrent", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.rtorrent.dataDir": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rtorrent\""}, "description": "The directory where rtorrent stores its data files.\n", "loc": ["services", "rtorrent", "dataDir"], "readOnly": false, "type": "string"}, "services.rtorrent.dataPermissions": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"0750\""}, "description": "Unix Permissions in octal on the rtorrent directory.\n", "example": {"_type": "literalExpression", "text": "\"0755\""}, "loc": ["services", "rtorrent", "dataPermissions"], "readOnly": false, "type": "string"}, "services.rtorrent.downloadDir": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.rtorrent.dataDir}/download\""}, "description": "Where to put downloaded files.\n", "loc": ["services", "rtorrent", "downloadDir"], "readOnly": false, "type": "string"}, "services.rtorrent.enable": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rtorrent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rtorrent", "enable"], "readOnly": false, "type": "boolean"}, "services.rtorrent.group": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"rtorrent\""}, "description": "Group under which rtorrent runs.\n", "loc": ["services", "rtorrent", "group"], "readOnly": false, "type": "string"}, "services.rtorrent.openFirewall": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.rtorrent.port`.\n", "loc": ["services", "rtorrent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.rtorrent.package": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rtorrent"}, "description": "The rtorrent package to use.", "loc": ["services", "rtorrent", "package"], "readOnly": false, "type": "package"}, "services.rtorrent.port": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "50000"}, "description": "The rtorrent port.\n", "loc": ["services", "rtorrent", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rtorrent.rpcSocket": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"/run/rtorrent/rpc.sock\""}, "description": "RPC socket path.\n", "loc": ["services", "rtorrent", "rpcSocket"], "readOnly": true, "type": "string"}, "services.rtorrent.user": {"declarations": ["nixos/modules/services/torrent/rtorrent.nix"], "default": {"_type": "literalExpression", "text": "\"rtorrent\""}, "description": "User account under which rtorrent runs.\n", "loc": ["services", "rtorrent", "user"], "readOnly": false, "type": "string"}, "services.rumno.enable": {"declarations": ["nixos/modules/services/misc/rumno.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rumno visual pop-up notification manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rumno", "enable"], "readOnly": false, "type": "boolean"}, "services.rumno.extraArgs": {"declarations": ["nixos/modules/services/misc/rumno.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to the rumno daemon.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--verbose\"\n  \"--config\"\n  \"/etc/rumno/config.toml\"\n]"}, "loc": ["services", "rumno", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.rumno.package": {"declarations": ["nixos/modules/services/misc/rumno.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rumno"}, "description": "The rumno package to use.", "loc": ["services", "rumno", "package"], "readOnly": false, "type": "package"}, "services.rustdesk-server.enable": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rustdesk-server", "enable"], "readOnly": false, "type": "boolean"}, "services.rustdesk-server.openFirewall": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the connection ports.\nTCP (21115, 21116, 21117, 21118, 21119)\nUDP (21116)\n", "loc": ["services", "rustdesk-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.rustdesk-server.package": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rustdesk-server"}, "description": "The rustdesk-server package to use.", "loc": ["services", "rustdesk-server", "package"], "readOnly": false, "type": "package"}, "services.rustdesk-server.relay.enable": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the RustDesk relay server.\n", "loc": ["services", "rustdesk-server", "relay", "enable"], "readOnly": false, "type": "boolean"}, "services.rustdesk-server.relay.extraArgs": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra command line arguments to pass to the `hbbr` process.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-k\"\n  \"_\"\n]"}, "loc": ["services", "rustdesk-server", "relay", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.rustdesk-server.signal.enable": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the RustDesk signal server.\n", "loc": ["services", "rustdesk-server", "signal", "enable"], "readOnly": false, "type": "boolean"}, "services.rustdesk-server.signal.extraArgs": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra command line arguments to pass to the `hbbs` process.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-k\"\n  \"_\"\n]"}, "loc": ["services", "rustdesk-server", "signal", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.rustdesk-server.signal.relayHosts": {"declarations": ["nixos/modules/services/monitoring/rustdesk-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The relay server IP addresses or DNS names of the RustDesk relay.\n", "loc": ["services", "rustdesk-server", "signal", "relayHosts"], "readOnly": false, "type": "list of string"}, "services.rustus.cors": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "list of origins allowed to upload\n", "example": {"_type": "literalExpression", "text": "[\n  \"*.staging.domain\"\n  \"*.prod.domain\"\n]"}, "loc": ["services", "rustus", "cors"], "readOnly": false, "type": "list of string"}, "services.rustus.disable_health_access_logs": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "disable access log for /health endpoint\n", "loc": ["services", "rustus", "disable_health_access_logs"], "readOnly": false, "type": "boolean"}, "services.rustus.enable": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TUS protocol implementation in Rust.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rustus", "enable"], "readOnly": false, "type": "boolean"}, "services.rustus.host": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host that rustus will connect to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "rustus", "host"], "readOnly": false, "type": "string"}, "services.rustus.info_storage": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Info storages are used to store information about file uploads. These storages must be persistent, because every time chunk is uploaded rustus updates information about upload. And when someone wants to download file, information about it requested from storage to get actual path of an upload.\n", "loc": ["services", "rustus", "info_storage"], "readOnly": false, "type": "submodule"}, "services.rustus.info_storage.dir": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rustus\""}, "description": "directory to store info about uploads", "loc": ["services", "rustus", "info_storage", "dir"], "readOnly": false, "type": "string"}, "services.rustus.info_storage.type": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"file-info-storage\""}, "description": "Type of info storage to use", "loc": ["services", "rustus", "info_storage", "type"], "readOnly": false, "type": "value \"file-info-storage\" (singular enum)"}, "services.rustus.log_level": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Desired log level\n", "example": {"_type": "literalExpression", "text": "\"ERROR\""}, "loc": ["services", "rustus", "log_level"], "readOnly": false, "type": "one of \"DEBUG\", \"INFO\", \"ERROR\""}, "services.rustus.max_body_size": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"10000000\""}, "description": "Maximum body size in bytes\n", "example": {"_type": "literalExpression", "text": "\"100000000\""}, "loc": ["services", "rustus", "max_body_size"], "readOnly": false, "type": "string"}, "services.rustus.port": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "1081"}, "description": "The port that rustus will connect to.\n", "example": {"_type": "literalExpression", "text": "1081"}, "loc": ["services", "rustus", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.rustus.remove_parts": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "remove parts files after successful concatenation\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "rustus", "remove_parts"], "readOnly": false, "type": "boolean"}, "services.rustus.storage": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Storages are used to actually store your files. You can configure where you want to store files.\n", "example": {"_type": "literalExpression", "text": "{\n  type = \"hybrid-s3\"\n  s3_access_key_file = konfig.age.secrets.R2_ACCESS_KEY.path;\n  s3_secret_key_file = konfig.age.secrets.R2_SECRET_KEY.path;\n  s3_bucket = \"my_bucket\";\n  s3_url = \"https://s3.example.com\";\n}\n"}, "loc": ["services", "rustus", "storage"], "readOnly": false, "type": "submodule"}, "services.rustus.storage.data_dir": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rustus\""}, "description": "path to the local directory where all files are stored", "loc": ["services", "rustus", "storage", "data_dir"], "readOnly": false, "type": "string"}, "services.rustus.storage.dir_structure": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"{year}/{month}/{day}\""}, "description": "pattern of a directory structure locally and on s3", "loc": ["services", "rustus", "storage", "dir_structure"], "readOnly": false, "type": "string"}, "services.rustus.storage.force_sync": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "calls fsync system call after every write to disk in local storage", "loc": ["services", "rustus", "storage", "force_sync"], "readOnly": false, "type": "boolean"}, "services.rustus.storage.s3_access_key_file": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "description": "File path that contains the S3 access key.", "loc": ["services", "rustus", "storage", "s3_access_key_file"], "readOnly": false, "type": "string"}, "services.rustus.storage.s3_bucket": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "description": "S3 bucket.", "loc": ["services", "rustus", "storage", "s3_bucket"], "readOnly": false, "type": "string"}, "services.rustus.storage.s3_region": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"us-east-1\""}, "description": "S3 region name.", "loc": ["services", "rustus", "storage", "s3_region"], "readOnly": false, "type": "string"}, "services.rustus.storage.s3_secret_key_file": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "description": "File path that contains the S3 secret key.", "loc": ["services", "rustus", "storage", "s3_secret_key_file"], "readOnly": false, "type": "absolute path"}, "services.rustus.storage.s3_url": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "description": "S3 url.", "loc": ["services", "rustus", "storage", "s3_url"], "readOnly": false, "type": "string"}, "services.rustus.storage.type": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "description": "Type of storage to use", "loc": ["services", "rustus", "storage", "type"], "readOnly": false, "type": "one of \"file-storage\", \"hybrid-s3\""}, "services.rustus.tus_extensions": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"getting\"\n  \"creation\"\n  \"termination\"\n  \"creation-with-upload\"\n  \"creation-defer-length\"\n  \"concatenation\"\n  \"checksum\"\n]"}, "description": "Since TUS protocol offers extensibility you can turn off some protocol extensions.\n", "loc": ["services", "rustus", "tus_extensions"], "readOnly": false, "type": "list of (one of \"getting\", \"creation\", \"termination\", \"creation-with-upload\", \"creation-defer-length\", \"concatenation\", \"checksum\")"}, "services.rustus.url": {"declarations": ["nixos/modules/services/web-servers/rustus.nix"], "default": {"_type": "literalExpression", "text": "\"/files\""}, "description": "url path for uploads\n", "loc": ["services", "rustus", "url"], "readOnly": false, "type": "string"}, "services.rutorrent.dataDir": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/rutorrent\""}, "description": "Storage path of ruTorrent.", "loc": ["services", "rutorrent", "dataDir"], "readOnly": false, "type": "string"}, "services.rutorrent.enable": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ruTorrent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rutorrent", "enable"], "readOnly": false, "type": "boolean"}, "services.rutorrent.group": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "\"rutorrent\""}, "description": "Group which runs the ruTorrent service.\n", "loc": ["services", "rutorrent", "group"], "readOnly": false, "type": "string"}, "services.rutorrent.hostName": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "description": "FQDN for the ruTorrent instance.", "loc": ["services", "rutorrent", "hostName"], "readOnly": false, "type": "string"}, "services.rutorrent.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nginx virtual host management.\nFurther nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>.\nSee <xref linkend=\"opt-services.nginx.virtualHosts\"/> for further information.\n", "loc": ["services", "rutorrent", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.rutorrent.nginx.exposeInsecureRPC2mount": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If you do not enable one of the <literal>rpc</literal> or <literal>httprpc</literal> plugins you need to expose an RPC mount through scgi using this option.\nWarning: This allow to run arbitrary commands, as the rtorrent user, so make sure to use authentification. The simplest way would be to use the <literal>services.nginx.virtualHosts.&lt;name&gt;.basicAuth</literal> option.\n", "loc": ["services", "rutorrent", "nginx", "exposeInsecureRPC2mount"], "readOnly": false, "type": "boolean"}, "services.rutorrent.plugins": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"httprpc\"\n]"}, "description": "List of plugins to enable. See the list of <link xlink:href=\"https://github.com/Novik/ruTorrent/wiki/Plugins#currently-there-are-the-following-plugins\">available plugins</link>. Note: the <literal>unpack</literal> plugin needs the nonfree <literal>unrar</literal> package.\nYou need to either enable one of the <literal>rpc</literal> or <literal>httprpc</literal> plugin or enable the <xref linkend=\"opt-services.rutorrent.nginx.exposeInsecureRPC2mount\"/> option.\n", "example": {"_type": "literalExpression", "text": "[ \"httprpc\" \"data\" \"diskspace\" \"edit\" \"erasedata\" \"theme\" \"trafic\" ]"}, "loc": ["services", "rutorrent", "plugins"], "readOnly": false, "type": "list of (string or package)"}, "services.rutorrent.poolSettings": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for ruTorrent's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.\n", "loc": ["services", "rutorrent", "poolSettings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.rutorrent.rpcSocket": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "\"config.services.rtorrent.rpcSocket\""}, "description": "Path to rtorrent rpc socket.\n", "loc": ["services", "rutorrent", "rpcSocket"], "readOnly": false, "type": "string"}, "services.rutorrent.user": {"declarations": ["nixos/modules/services/web-apps/rutorrent.nix"], "default": {"_type": "literalExpression", "text": "\"rutorrent\""}, "description": "User which runs the ruTorrent service.\n", "loc": ["services", "rutorrent", "user"], "readOnly": false, "type": "string"}, "services.sabnzbd.allowConfigWrite": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default we create the sabnzbd configuration read-only,\nwhich keeps the nixos configuration as the single source\nof truth. If you want to enable configuration of\nsabnzbd via the web interface or use options that require\na writeable configuration, such as quota tracking, enable\nthis option.\n", "loc": ["services", "sabnzbd", "allowConfigWrite"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.configFile": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to config file (deprecated, use `settings` instead and set this value to null)", "loc": ["services", "sabnzbd", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.sabnzbd.enable": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the sabnzbd server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sabnzbd", "enable"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.group": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"sabnzbd\""}, "description": "Group to run the service as", "loc": ["services", "sabnzbd", "group"], "readOnly": false, "type": "string"}, "services.sabnzbd.openFirewall": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the sabnzbd web interface\n", "loc": ["services", "sabnzbd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.package": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "pkgs.sabnzbd"}, "description": "The sabnzbd package to use.", "loc": ["services", "sabnzbd", "package"], "readOnly": false, "type": "package"}, "services.sabnzbd.secretFiles": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Path to a list of ini file containing confidential settings such as credentials.\nSettings here will be merged with the rest of the configuration (with\nthe secret settings taking precedence in case of conflicts, and files\nthat occur later in this list taking precedence over those that\noccur earlier).\nRecommended settings:\n- misc.api_key, misc.nzb_key, misc.username, misc.password\n- misc.email_account, misc.email_pwd if email alerts are enabled\n- servers.<name>.username, servers.<name>.password\n", "loc": ["services", "sabnzbd", "secretFiles"], "readOnly": false, "type": "list of absolute path"}, "services.sabnzbd.settings": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The sabnzbd configuration (see also\n[sabnzbd's wiki](https://sabnzbd.org/wiki/configuration/4.5/configure)\nfor extra documentation)\n", "loc": ["services", "sabnzbd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (ConfigObj type)"}, "services.sabnzbd.settings.misc.bandwidth_max": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Maximum bandwidth in bytes(!)/sec (supports prefixes). Use\nin conjunction with `bandwidth_perc` to set a bandwidth\nlimit. Empty string disables limit.\n", "example": {"_type": "literalExpression", "text": "\"50MB/s\""}, "loc": ["services", "sabnzbd", "settings", "misc", "bandwidth_max"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.misc.bandwidth_perc": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Percentage of `bandwidth_max` that sabnzbd is allowed to use.\n0 means no limit.\n", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["services", "sabnzbd", "settings", "misc", "bandwidth_perc"], "readOnly": false, "type": "signed integer"}, "services.sabnzbd.settings.misc.cache_limit": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Size of the RAM cache, in bytes (prefixes supported).\nSabnzbd recommends 25% of available RAM. Empty means\nno cache.\n", "example": {"_type": "literalExpression", "text": "\"500M\""}, "loc": ["services", "sabnzbd", "settings", "misc", "cache_limit"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.misc.email_endjob": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"if cfg.settings.misc.email_server != \\\"\\\" then \\\"on error\\\" else \\\"never\\\"\""}, "description": "Whether to send emails on job completion. Values are:\n0, 'never'    -- Never\n1, 'always'   -- Always\n2, 'on error' -- On error\n", "loc": ["services", "sabnzbd", "settings", "misc", "email_endjob"], "readOnly": false, "type": "(one of 1, 0, 2) or (one of \"always\", \"never\", \"on error\") convertible to it"}, "services.sabnzbd.settings.misc.email_from": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "'From:' field for emails (needs to be an address)", "loc": ["services", "sabnzbd", "settings", "misc", "email_from"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.misc.email_full": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"cfg.settings.misc.email_server != \\\"\\\"\""}, "description": "Whether to send alerts for full disks", "loc": ["services", "sabnzbd", "settings", "misc", "email_full"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.misc.email_rss": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to send alerts for jobs added by RSS feeds", "loc": ["services", "sabnzbd", "settings", "misc", "email_rss"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.misc.email_server": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "SMTP server for email alerts (server:host)", "loc": ["services", "sabnzbd", "settings", "misc", "email_server"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.misc.email_to": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Receiving address for email alerts", "loc": ["services", "sabnzbd", "settings", "misc", "email_to"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.misc.enable_https": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"cfg.settings.misc.https_cert != null\""}, "description": "Whether to enable HTTPS for the web UI", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sabnzbd", "settings", "misc", "enable_https"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.misc.host": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address for the Web UI to listen on for incoming connections.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "sabnzbd", "settings", "misc", "host"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.misc.html_login": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Prompt for login with an html login mask if enabled,\notherwise prompt for basic auth (useful for SSO)\n", "loc": ["services", "sabnzbd", "settings", "misc", "html_login"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.misc.https_cert": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS certificate for the web UI. If not set\nand https is enabled, a self-signed certificate will\nbe generated.\n", "example": {"_type": "literalExpression", "text": "${config.acme.certs.${domain}.directory}/fullchain.pem"}, "loc": ["services", "sabnzbd", "settings", "misc", "https_cert"], "readOnly": false, "type": "null or absolute path"}, "services.sabnzbd.settings.misc.https_key": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS key for the web UI. If not set and\nhttps is enabled, a self-signed certificate will be\ngenerated\n", "example": {"_type": "literalExpression", "text": "${config.acme.certs.${domain}.directory}/key.pem"}, "loc": ["services", "sabnzbd", "settings", "misc", "https_key"], "readOnly": false, "type": "null or absolute path"}, "services.sabnzbd.settings.misc.inet_exposure": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Restrictions for access from non-local IP addresses.\nValues are:\n0, 'none'                      -- no access\n1, 'api (add nzbs)'            -- api access only, only add nzb files\n2, 'api (no config)'           -- api access only, config changes not allowed\n3, 'api (full)'                -- api access only, full api access\n4, 'api+web (auth needed)'     -- api and web ui, login required always\n5, 'api+web (locally no auth)' -- api and web ui, login required from non-local IPs only\n", "loc": ["services", "sabnzbd", "settings", "misc", "inet_exposure"], "readOnly": false, "type": "(one of 1, 3, 2, 4, 5, 0) or (one of \"api (add nzbs)\", \"api (full)\", \"api (no config)\", \"api+web (auth needed)\", \"api+web (locally no auth)\", \"none\") convertible to it"}, "services.sabnzbd.settings.misc.port": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port for the Web UI to listen on for incoming connections.\n", "example": {"_type": "literalExpression", "text": "12345"}, "loc": ["services", "sabnzbd", "settings", "misc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sabnzbd.settings.ntfosd": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "NotifyOSD settings", "loc": ["services", "sabnzbd", "settings", "ntfosd"], "readOnly": false, "type": "open submodule of attribute set of (ConfigObj type)"}, "services.sabnzbd.settings.ntfosd.ntfosd_enable": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable NotifyOSD alerts. Does not really make sense\nin a server environment, hence we default to false despite\nupstream's default true.\n", "loc": ["services", "sabnzbd", "settings", "ntfosd", "ntfosd_enable"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.servers": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Usenet provider specification", "loc": ["services", "sabnzbd", "settings", "servers"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of (ConfigObj type))"}, "services.sabnzbd.settings.servers.<name>.connections": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Number of parallel connections permitted by\nthe server.\n", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "connections"], "readOnly": false, "type": "signed integer"}, "services.sabnzbd.settings.servers.<name>.displayname": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "description": "Human-friendly description of the server\n", "example": {"_type": "literalExpression", "text": "\"Example News Provider\""}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "displayname"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.servers.<name>.enable": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable this server by default", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.servers.<name>.expire_date": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If Notifications are enabled and an expiry date is\nset, warn 5 days before expiry. This setting\ndoes not automatically disable the server.\nExpected format: yyyy-mm-dd\n", "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "expire_date"], "readOnly": false, "type": "null or string"}, "services.sabnzbd.settings.servers.<name>.host": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "description": "Hostname of the server\n", "example": {"_type": "literalExpression", "text": "\"news.example.com\""}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "host"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.servers.<name>.name": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "description": "The name of the server\n", "example": {"_type": "literalExpression", "text": "\"Example News Provider\""}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "name"], "readOnly": false, "type": "string"}, "services.sabnzbd.settings.servers.<name>.optional": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "In case of connection failures, temporarily\ndisable this server. (See sabnzbd's documentation\nfor usage guides).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "optional"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.servers.<name>.port": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "563"}, "description": "Port of the server", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sabnzbd.settings.servers.<name>.priority": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Priority of this servers. Servers are queried in\norder of priority, from highest (0) to lowest (100).\n", "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.sabnzbd.settings.servers.<name>.required": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "false"}, "description": "In case of connection failures, wait for the\nserver to come back online instead of skipping\nit.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "required"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.servers.<name>.ssl": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the server supports TLS\n", "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "ssl"], "readOnly": false, "type": "boolean"}, "services.sabnzbd.settings.servers.<name>.ssl_verify": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"strict\""}, "description": "Level of TLS verification. Supported values:\n3, 'strict'          -- strict (normal) verification\n2, 'allow injection' -- allow locally injected certificates\n0, 'none'            -- no verification\n", "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "ssl_verify"], "readOnly": false, "type": "(one of 2, 0, 3) or (one of \"allow injection\", \"none\", \"strict\") convertible to it"}, "services.sabnzbd.settings.servers.<name>.timeout": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Time, in seconds, to wait for a response before\nattempting error recovery.\n", "loc": ["services", "sabnzbd", "settings", "servers", "<name>", "timeout"], "readOnly": false, "type": "signed integer"}, "services.sabnzbd.stateDir": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"sabnzbd\""}, "description": "State directory of the service under /var/lib/", "loc": ["services", "sabnzbd", "stateDir"], "readOnly": false, "type": "string"}, "services.sabnzbd.user": {"declarations": ["nixos/modules/services/networking/sabnzbd"], "default": {"_type": "literalExpression", "text": "\"sabnzbd\""}, "description": "User to run the service as", "loc": ["services", "sabnzbd", "user"], "readOnly": false, "type": "string"}, "services.safeeyes.enable": {"declarations": ["nixos/modules/services/misc/safeeyes.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the safeeyes OSGi service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "safeeyes", "enable"], "readOnly": false, "type": "boolean"}, "services.salt.master.configuration": {"declarations": ["nixos/modules/services/admin/salt/master.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Salt master configuration as Nix attribute set.", "loc": ["services", "salt", "master", "configuration"], "readOnly": false, "type": "attribute set"}, "services.salt.master.enable": {"declarations": ["nixos/modules/services/admin/salt/master.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Salt configuration management system master service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "salt", "master", "enable"], "readOnly": false, "type": "boolean"}, "services.salt.minion.configuration": {"declarations": ["nixos/modules/services/admin/salt/minion.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Salt minion configuration as Nix attribute set.\nSee <https://docs.saltstack.com/en/latest/ref/configuration/minion.html>\nfor details.\n", "loc": ["services", "salt", "minion", "configuration"], "readOnly": false, "type": "attribute set"}, "services.salt.minion.enable": {"declarations": ["nixos/modules/services/admin/salt/minion.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Salt configuration management system minion service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "salt", "minion", "enable"], "readOnly": false, "type": "boolean"}, "services.samba-wsdd.discovery": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable discovery operation mode.", "loc": ["services", "samba-wsdd", "discovery"], "readOnly": false, "type": "boolean"}, "services.samba-wsdd.domain": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set domain name (disables workgroup).", "loc": ["services", "samba-wsdd", "domain"], "readOnly": false, "type": "null or string"}, "services.samba-wsdd.enable": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,\nto be found by Web Service Discovery Clients like Windows\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "samba-wsdd", "enable"], "readOnly": false, "type": "boolean"}, "services.samba-wsdd.extraOptions": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--shortlog\"\n]"}, "description": "Additional wsdd options.", "example": {"_type": "literalExpression", "text": "[\n  \"--verbose\"\n  \"--no-http\"\n  \"--ipv4only\"\n  \"--no-host\"\n]"}, "loc": ["services", "samba-wsdd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.samba-wsdd.hoplimit": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hop limit for multicast packets (default = 1).", "example": {"_type": "literalExpression", "text": "2"}, "loc": ["services", "samba-wsdd", "hoplimit"], "readOnly": false, "type": "null or signed integer"}, "services.samba-wsdd.hostname": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override (NetBIOS) hostname to be used (default hostname).", "example": {"_type": "literalExpression", "text": "\"FILESERVER\""}, "loc": ["services", "samba-wsdd", "hostname"], "readOnly": false, "type": "null or string"}, "services.samba-wsdd.interface": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interface or address to use.", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["services", "samba-wsdd", "interface"], "readOnly": false, "type": "null or string"}, "services.samba-wsdd.listen": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "\"/run/wsdd/wsdd.sock\""}, "description": "Listen on path or localhost port in discovery mode.", "loc": ["services", "samba-wsdd", "listen"], "readOnly": false, "type": "string"}, "services.samba-wsdd.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the required firewall ports in the firewall.\n", "loc": ["services", "samba-wsdd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.samba-wsdd.workgroup": {"declarations": ["nixos/modules/services/network-filesystems/samba-wsdd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set workgroup name (default WORKGROUP).", "example": {"_type": "literalExpression", "text": "\"HOME\""}, "loc": ["services", "samba-wsdd", "workgroup"], "readOnly": false, "type": "null or string"}, "services.samba.enable": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Samba, the SMB/CIFS protocol.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "samba", "enable"], "readOnly": false, "type": "boolean"}, "services.samba.nmbd.enable": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Samba's nmbd, which replies to NetBIOS over IP name\nservice requests. It also participates in the browsing protocols\nwhich make up the Windows \"Network Neighborhood\" view.\n", "loc": ["services", "samba", "nmbd", "enable"], "readOnly": false, "type": "boolean"}, "services.samba.nmbd.extraArgs": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the nmbd service.", "loc": ["services", "samba", "nmbd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.samba.nsswins": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable WINS NSS (Name Service Switch) plug-in.\n\nEnabling it allows applications to resolve WINS/NetBIOS names (a.k.a.\nWindows machine names) by transparently querying the winbindd daemon\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "samba", "nsswins"], "readOnly": false, "type": "boolean"}, "services.samba.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the default ports in the firewall for Samba.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "samba", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.samba.package": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "pkgs.samba"}, "description": "The samba package to use.", "example": {"_type": "literalExpression", "text": "samba4Full"}, "loc": ["services", "samba", "package"], "readOnly": false, "type": "package"}, "services.samba.settings": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "{\n  global = {\n    \"invalid users\" = [\n      \"root\"\n    ];\n    \"passwd program\" = \"/run/wrappers/bin/passwd %u\";\n    security = \"user\";\n  };\n}"}, "description": "Configuration file for the Samba suite in ini format.\nThis file is located in /etc/samba/smb.conf\n\nRefer to <https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html>\nfor all available options.\n", "example": {"_type": "literalExpression", "text": "{\n  global = {\n    \"invalid users\" = [\n      \"root\"\n    ];\n    \"passwd program\" = \"/run/wrappers/bin/passwd %u\";\n    security = \"user\";\n  };\n  public = {\n    browseable = \"yes\";\n    comment = \"Public samba share.\";\n    \"guest ok\" = \"yes\";\n    path = \"/srv/public\";\n    \"read only\" = \"yes\";\n  };\n}"}, "loc": ["services", "samba", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.samba.settings.global.\"invalid users\"": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"root\"\n]"}, "description": "List of users who are denied to login via Samba.", "loc": ["services", "samba", "settings", "global", "invalid users"], "readOnly": false, "type": "list of string"}, "services.samba.settings.global.\"passwd program\"": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "\"/run/wrappers/bin/passwd %u\""}, "description": "Path to a program that can be used to set UNIX user passwords.", "loc": ["services", "samba", "settings", "global", "passwd program"], "readOnly": false, "type": "string"}, "services.samba.settings.global.security": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "\"user\""}, "description": "Samba security type.", "loc": ["services", "samba", "settings", "global", "security"], "readOnly": false, "type": "one of \"auto\", \"user\", \"domain\", \"ads\""}, "services.samba.smbd.enable": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Samba's smbd daemon.", "loc": ["services", "samba", "smbd", "enable"], "readOnly": false, "type": "boolean"}, "services.samba.smbd.extraArgs": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the smbd service.", "loc": ["services", "samba", "smbd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.samba.usershares.enable": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable user-configurable Samba shares.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "samba", "usershares", "enable"], "readOnly": false, "type": "boolean"}, "services.samba.usershares.group": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "\"samba\""}, "description": "Name of the group members of which will be allowed to create usershares.\n\nThe group will be created automatically.\n", "loc": ["services", "samba", "usershares", "group"], "readOnly": false, "type": "string"}, "services.samba.winbindd.enable": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Samba's winbindd, which provides a number of services\nto the Name Service Switch capability found in most modern C libraries,\nto arbitrary applications via PAM and ntlm_auth and to Samba itself.\n", "loc": ["services", "samba", "winbindd", "enable"], "readOnly": false, "type": "boolean"}, "services.samba.winbindd.extraArgs": {"declarations": ["nixos/modules/services/network-filesystems/samba.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the winbindd service.", "loc": ["services", "samba", "winbindd", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.saned.enable": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable saned network daemon for remote connection to scanners.\n\nsaned would be run from `scanner` user; to allow\naccess to hardware that doesn't have `scanner` group\nyou should add needed groups to this user.\n", "loc": ["services", "saned", "enable"], "readOnly": false, "type": "boolean"}, "services.saned.extraConfig": {"declarations": ["nixos/modules/services/hardware/sane.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra saned configuration lines.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.0/24\""}, "loc": ["services", "saned", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.sanoid.datasets": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Datasets to snapshot.", "loc": ["services", "sanoid", "datasets"], "readOnly": false, "type": "attribute set of (open submodule of dataset/template options)"}, "services.sanoid.datasets.<name>.autoprune": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to automatically prune old snapshots.", "loc": ["services", "sanoid", "datasets", "<name>", "autoprune"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.datasets.<name>.autosnap": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to automatically take snapshots.", "loc": ["services", "sanoid", "datasets", "<name>", "autosnap"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.datasets.<name>.daily": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of daily snapshots.", "loc": ["services", "sanoid", "datasets", "<name>", "daily"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.datasets.<name>.force_post_snapshot_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to run the post script if the pre script fails", "loc": ["services", "sanoid", "datasets", "<name>", "force_post_snapshot_script"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.datasets.<name>.hourly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of hourly snapshots.", "loc": ["services", "sanoid", "datasets", "<name>", "hourly"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.datasets.<name>.monthly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of monthly snapshots.", "loc": ["services", "sanoid", "datasets", "<name>", "monthly"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.datasets.<name>.no_inconsistent_snapshot": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to take a snapshot if the pre script fails", "loc": ["services", "sanoid", "datasets", "<name>", "no_inconsistent_snapshot"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.datasets.<name>.post_snapshot_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to run after taking snapshot.", "loc": ["services", "sanoid", "datasets", "<name>", "post_snapshot_script"], "readOnly": false, "type": "null or string"}, "services.sanoid.datasets.<name>.pre_snapshot_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to run before taking snapshot.", "loc": ["services", "sanoid", "datasets", "<name>", "pre_snapshot_script"], "readOnly": false, "type": "null or string"}, "services.sanoid.datasets.<name>.processChildrenOnly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to only snapshot child datasets if recursing.", "loc": ["services", "sanoid", "datasets", "<name>", "processChildrenOnly"], "readOnly": false, "type": "boolean"}, "services.sanoid.datasets.<name>.process_children_only": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to only snapshot child datasets if recursing.", "loc": ["services", "sanoid", "datasets", "<name>", "process_children_only"], "readOnly": false, "type": "boolean"}, "services.sanoid.datasets.<name>.pruning_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to run after pruning snapshot.", "loc": ["services", "sanoid", "datasets", "<name>", "pruning_script"], "readOnly": false, "type": "null or string"}, "services.sanoid.datasets.<name>.recursive": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to recursively snapshot dataset children.\nYou can also set this to `\"zfs\"` to handle datasets\nrecursively in an atomic way without the possibility to\noverride settings for child datasets.\n", "loc": ["services", "sanoid", "datasets", "<name>", "recursive"], "readOnly": false, "type": "boolean or value \"zfs\" (singular enum)"}, "services.sanoid.datasets.<name>.script_timeout": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Time limit for pre/post/pruning script execution time (<=0 for infinite).", "loc": ["services", "sanoid", "datasets", "<name>", "script_timeout"], "readOnly": false, "type": "null or signed integer"}, "services.sanoid.datasets.<name>.useTemplate": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Names of the templates to use for this dataset.", "loc": ["services", "sanoid", "datasets", "<name>", "useTemplate"], "readOnly": false, "type": "list of configured template name"}, "services.sanoid.datasets.<name>.use_template": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Names of the templates to use for this dataset.", "loc": ["services", "sanoid", "datasets", "<name>", "use_template"], "readOnly": false, "type": "list of configured template name"}, "services.sanoid.datasets.<name>.yearly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of yearly snapshots.", "loc": ["services", "sanoid", "datasets", "<name>", "yearly"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.enable": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sanoid ZFS snapshotting service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sanoid", "enable"], "readOnly": false, "type": "boolean"}, "services.sanoid.extraArgs": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to sanoid. See\n<https://github.com/jimsalterjrs/sanoid/#sanoid-command-line-options>\nfor allowed options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--verbose\"\n  \"--readonly\"\n  \"--debug\"\n]"}, "loc": ["services", "sanoid", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.sanoid.interval": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "Run sanoid at this interval. The default is to run hourly.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["services", "sanoid", "interval"], "readOnly": false, "type": "string"}, "services.sanoid.package": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sanoid"}, "description": "The sanoid package to use.", "loc": ["services", "sanoid", "package"], "readOnly": false, "type": "package"}, "services.sanoid.settings": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "description": "Free-form settings written directly to the config file. See\n<https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf>\nfor allowed values.\n", "loc": ["services", "sanoid", "settings"], "readOnly": false, "type": "attribute set of dataset/template options"}, "services.sanoid.templates": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Templates for datasets.", "loc": ["services", "sanoid", "templates"], "readOnly": false, "type": "attribute set of (open submodule of dataset/template options)"}, "services.sanoid.templates.<name>.autoprune": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to automatically prune old snapshots.", "loc": ["services", "sanoid", "templates", "<name>", "autoprune"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.templates.<name>.autosnap": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to automatically take snapshots.", "loc": ["services", "sanoid", "templates", "<name>", "autosnap"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.templates.<name>.daily": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of daily snapshots.", "loc": ["services", "sanoid", "templates", "<name>", "daily"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.templates.<name>.force_post_snapshot_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to run the post script if the pre script fails", "loc": ["services", "sanoid", "templates", "<name>", "force_post_snapshot_script"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.templates.<name>.hourly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of hourly snapshots.", "loc": ["services", "sanoid", "templates", "<name>", "hourly"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.templates.<name>.monthly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of monthly snapshots.", "loc": ["services", "sanoid", "templates", "<name>", "monthly"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.sanoid.templates.<name>.no_inconsistent_snapshot": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to take a snapshot if the pre script fails", "loc": ["services", "sanoid", "templates", "<name>", "no_inconsistent_snapshot"], "readOnly": false, "type": "null or boolean"}, "services.sanoid.templates.<name>.post_snapshot_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to run after taking snapshot.", "loc": ["services", "sanoid", "templates", "<name>", "post_snapshot_script"], "readOnly": false, "type": "null or string"}, "services.sanoid.templates.<name>.pre_snapshot_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to run before taking snapshot.", "loc": ["services", "sanoid", "templates", "<name>", "pre_snapshot_script"], "readOnly": false, "type": "null or string"}, "services.sanoid.templates.<name>.pruning_script": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to run after pruning snapshot.", "loc": ["services", "sanoid", "templates", "<name>", "pruning_script"], "readOnly": false, "type": "null or string"}, "services.sanoid.templates.<name>.script_timeout": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Time limit for pre/post/pruning script execution time (<=0 for infinite).", "loc": ["services", "sanoid", "templates", "<name>", "script_timeout"], "readOnly": false, "type": "null or signed integer"}, "services.sanoid.templates.<name>.yearly": {"declarations": ["nixos/modules/services/backup/sanoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of yearly snapshots.", "loc": ["services", "sanoid", "templates", "<name>", "yearly"], "readOnly": false, "type": "null or (unsigned integer, meaning >=0)"}, "services.saslauthd.config": {"declarations": ["nixos/modules/services/system/saslauthd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration to use for Cyrus SASL authentication daemon.", "loc": ["services", "saslauthd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.saslauthd.enable": {"declarations": ["nixos/modules/services/system/saslauthd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable saslauthd, the Cyrus SASL authentication daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "saslauthd", "enable"], "readOnly": false, "type": "boolean"}, "services.saslauthd.mechanism": {"declarations": ["nixos/modules/services/system/saslauthd.nix"], "default": {"_type": "literalExpression", "text": "\"pam\""}, "description": "Auth mechanism to use", "loc": ["services", "saslauthd", "mechanism"], "readOnly": false, "type": "string"}, "services.saslauthd.package": {"declarations": ["nixos/modules/services/system/saslauthd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.cyrus_sasl.bin"}, "description": "The bin package to use.", "loc": ["services", "saslauthd", "package"], "readOnly": false, "type": "package"}, "services.saunafs.chunkserver.enable": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Saunafs chunkserver daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "saunafs", "chunkserver", "enable"], "readOnly": false, "type": "boolean"}, "services.saunafs.chunkserver.hdds": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mount points to be used by chunkserver for storage (see {manpage}`sfshdd.cfg(5)`).\n\nNote, that these mount points must writeable by the user defined by the saunafs user.\n", "example": {"_type": "literalExpression", "text": "[ \"/mnt/hdd1\" ];\n"}, "loc": ["services", "saunafs", "chunkserver", "hdds"], "readOnly": false, "type": "list of string"}, "services.saunafs.chunkserver.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the necessary ports in the firewall.", "loc": ["services", "saunafs", "chunkserver", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.saunafs.chunkserver.settings": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "description": "Contents of chunkserver config file (see {manpage}`sfschunkserver.cfg(5)`).", "loc": ["services", "saunafs", "chunkserver", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.saunafs.chunkserver.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/saunafs/chunkserver\""}, "description": "Directory for chunck meta data", "loc": ["services", "saunafs", "chunkserver", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.saunafs.client.enable": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Saunafs client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "saunafs", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.saunafs.master.enable": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Saunafs master daemon.\n\nYou need to run `sfsmaster-init` on a freshly installed master server to\ninitialize the `DATA_PATH` directory.\n", "loc": ["services", "saunafs", "master", "enable"], "readOnly": false, "type": "boolean"}, "services.saunafs.master.exports": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Paths to exports file (see {manpage}`sfsexports.cfg(5)`).", "example": {"_type": "literalExpression", "text": "[ \"* / rw,alldirs,admin,maproot=0:0\" ];\n"}, "loc": ["services", "saunafs", "master", "exports"], "readOnly": false, "type": "list of string"}, "services.saunafs.master.openFirewall": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the necessary ports in the firewall.", "loc": ["services", "saunafs", "master", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.saunafs.master.settings": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "description": "Contents of config file ({manpage}`sfsmaster.cfg(5)`).", "loc": ["services", "saunafs", "master", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.saunafs.master.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/saunafs/master\""}, "description": "Data storage directory.", "loc": ["services", "saunafs", "master", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.saunafs.masterHost": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP or hostname name of master host.", "loc": ["services", "saunafs", "masterHost"], "readOnly": false, "type": "string"}, "services.saunafs.metalogger.enable": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Saunafs metalogger daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "saunafs", "metalogger", "enable"], "readOnly": false, "type": "boolean"}, "services.saunafs.metalogger.settings": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "description": "Contents of metalogger config file (see {manpage}`sfsmetalogger.cfg(5)`).", "loc": ["services", "saunafs", "metalogger", "settings"], "readOnly": false, "type": "open submodule of attribute set of (Flat key-value file)"}, "services.saunafs.metalogger.settings.DATA_PATH": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/saunafs/metalogger\""}, "description": "Data storage directory", "loc": ["services", "saunafs", "metalogger", "settings", "DATA_PATH"], "readOnly": false, "type": "string"}, "services.saunafs.sfsUser": {"declarations": ["nixos/modules/services/network-filesystems/saunafs.nix"], "default": {"_type": "literalExpression", "text": "\"saunafs\""}, "description": "Run daemons as user.", "loc": ["services", "saunafs", "sfsUser"], "readOnly": false, "type": "string"}, "services.scanservjs.enable": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable scanservjs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scanservjs", "enable"], "readOnly": false, "type": "boolean"}, "services.scanservjs.extraActions": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Actions to add to config.local.js's `actions`.", "loc": ["services", "scanservjs", "extraActions"], "readOnly": false, "type": "list of strings concatenated with \"\\n\""}, "services.scanservjs.extraConfig": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra code to add to config.local.js's `afterConfig`.\n", "loc": ["services", "scanservjs", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.scanservjs.extraDevicesConfig": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra code to add to config.local.js's `afterDevices`.\n", "loc": ["services", "scanservjs", "extraDevicesConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.scanservjs.runAfterScan": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra code to add to config.local.js's `afterScan`.\n", "loc": ["services", "scanservjs", "runAfterScan"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.scanservjs.settings": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config to set in config.local.js's `afterConfig`.\n", "loc": ["services", "scanservjs", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.scanservjs.settings.host": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP to listen on.", "loc": ["services", "scanservjs", "settings", "host"], "readOnly": false, "type": "string"}, "services.scanservjs.settings.port": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port to listen on.", "loc": ["services", "scanservjs", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.scanservjs.stateDir": {"declarations": ["nixos/modules/services/hardware/scanservjs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/scanservjs\""}, "description": "State directory for scanservjs.\n", "loc": ["services", "scanservjs", "stateDir"], "readOnly": false, "type": "string"}, "services.schleuder.enable": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Schleuder secure remailer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "schleuder", "enable"], "readOnly": false, "type": "boolean"}, "services.schleuder.enablePostfix": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable automatic postfix integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "schleuder", "enablePostfix"], "readOnly": false, "type": "boolean"}, "services.schleuder.extraSettingsFile": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "YAML file to merge into the schleuder config at runtime. This can be used for secrets such as API keys.", "loc": ["services", "schleuder", "extraSettingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.schleuder.listDefaults": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Default settings for lists (list-defaults.yml).\n\nCheck the [example configuration](https://0xacab.org/schleuder/schleuder/-/blob/master/etc/list-defaults.yml) for possible values.\n", "loc": ["services", "schleuder", "listDefaults"], "readOnly": false, "type": "YAML 1.1 value"}, "services.schleuder.lists": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of list addresses that should be handled by Schleuder.\n\nNote that this is only handled by the postfix integration, and\nthe setup of the lists, their members and their keys has to be\nperformed separately via schleuder's API, using a tool such as\nschleuder-cli.\n", "example": {"_type": "literalExpression", "text": "[\n  \"widget-team@example.com\"\n  \"security@example.com\"\n]"}, "loc": ["services", "schleuder", "lists"], "readOnly": false, "type": "list of string"}, "services.schleuder.settings": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for schleuder.yml.\n\nCheck the [example configuration](https://0xacab.org/schleuder/schleuder/blob/master/etc/schleuder.yml) for possible values.\n", "loc": ["services", "schleuder", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.schleuder.settings.keyserver": {"declarations": ["nixos/modules/services/mail/schleuder.nix"], "default": {"_type": "literalExpression", "text": "\"keys.openpgp.org\""}, "description": "Key server from which to fetch and update keys.\n\nNote that NixOS uses a different default from upstream, since the upstream default sks-keyservers.net is deprecated.\n", "loc": ["services", "schleuder", "settings", "keyserver"], "readOnly": false, "type": "string"}, "services.scion.bypassBootstrapWarning": {"declarations": ["nixos/modules/services/networking/scion/scion.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "bypass Nix warning about SCION PKI bootstrapping\n", "loc": ["services", "scion", "bypassBootstrapWarning"], "readOnly": false, "type": "boolean"}, "services.scion.enable": {"declarations": ["nixos/modules/services/networking/scion/scion.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable all of the scion components and services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scion", "enable"], "readOnly": false, "type": "boolean"}, "services.scion.package": {"declarations": ["nixos/modules/services/networking/scion/scion.nix"], "default": {"_type": "literalExpression", "text": "pkgs.scion"}, "description": "The scion package to use.", "loc": ["services", "scion", "package"], "readOnly": false, "type": "package"}, "services.scion.scion-control.enable": {"declarations": ["nixos/modules/services/networking/scion/scion-control.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the scion-control service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scion", "scion-control", "enable"], "readOnly": false, "type": "boolean"}, "services.scion.scion-control.settings": {"declarations": ["nixos/modules/services/networking/scion/scion-control.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "scion-control configuration. Refer to\n<https://docs.scion.org/en/latest/manuals/common.html>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  path_db = {\n    connection = \"/run/scion-control/control.path.db\";\n  };\n  log.console = {\n    level = \"info\";\n  };\n}\n"}, "loc": ["services", "scion", "scion-control", "settings"], "readOnly": false, "type": "TOML value"}, "services.scion.scion-daemon.enable": {"declarations": ["nixos/modules/services/networking/scion/scion-daemon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the scion-daemon service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scion", "scion-daemon", "enable"], "readOnly": false, "type": "boolean"}, "services.scion.scion-daemon.settings": {"declarations": ["nixos/modules/services/networking/scion/scion-daemon.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "scion-daemon configuration. Refer to\n<https://docs.scion.org/en/latest/manuals/common.html>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  path_db = {\n    connection = \"/run/scion-daemon/sd.path.db\";\n  };\n  log.console = {\n    level = \"info\";\n  };\n}\n"}, "loc": ["services", "scion", "scion-daemon", "settings"], "readOnly": false, "type": "TOML value"}, "services.scion.scion-dispatcher.enable": {"declarations": ["nixos/modules/services/networking/scion/scion-dispatcher.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the scion-dispatcher service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scion", "scion-dispatcher", "enable"], "readOnly": false, "type": "boolean"}, "services.scion.scion-dispatcher.settings": {"declarations": ["nixos/modules/services/networking/scion/scion-dispatcher.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "scion-dispatcher configuration. Refer to\n<https://docs.scion.org/en/latest/manuals/common.html>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  dispatcher = {\n    id = \"dispatcher\";\n    socket_file_mode = \"0770\";\n    application_socket = \"/dev/shm/dispatcher/default.sock\";\n  };\n  log.console = {\n    level = \"info\";\n  };\n}\n"}, "loc": ["services", "scion", "scion-dispatcher", "settings"], "readOnly": false, "type": "TOML value"}, "services.scion.scion-ip-gateway.config": {"declarations": ["nixos/modules/services/networking/scion/scion-ip-gateway.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "scion-ip-gateway daemon configuration\n", "example": {"_type": "literalExpression", "text": "{\n  tunnel = {\n    src_ipv4 = \"172.16.100.1\";\n  };\n}\n"}, "loc": ["services", "scion", "scion-ip-gateway", "config"], "readOnly": false, "type": "TOML value"}, "services.scion.scion-ip-gateway.enable": {"declarations": ["nixos/modules/services/networking/scion/scion-ip-gateway.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the scion-ip-gateway service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scion", "scion-ip-gateway", "enable"], "readOnly": false, "type": "boolean"}, "services.scion.scion-ip-gateway.trafficConfig": {"declarations": ["nixos/modules/services/networking/scion/scion-ip-gateway.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "scion-ip-gateway traffic configuration\n", "example": {"_type": "literalExpression", "text": "{\n  ASes = {\n    \"2-ffaa:0:b\" = {\n      Nets = [\n          \"172.16.1.0/24\"\n      ];\n    };\n  };\n  ConfigVersion = 9001;\n}\n"}, "loc": ["services", "scion", "scion-ip-gateway", "trafficConfig"], "readOnly": false, "type": "JSON value"}, "services.scion.scion-router.enable": {"declarations": ["nixos/modules/services/networking/scion/scion-router.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the scion-router service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scion", "scion-router", "enable"], "readOnly": false, "type": "boolean"}, "services.scion.scion-router.settings": {"declarations": ["nixos/modules/services/networking/scion/scion-router.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "scion-router configuration. Refer to\n<https://docs.scion.org/en/latest/manuals/common.html>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  general.id = \"br\";\n}\n"}, "loc": ["services", "scion", "scion-router", "settings"], "readOnly": false, "type": "TOML value"}, "services.scion.stateless": {"declarations": ["nixos/modules/services/networking/scion/scion.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Setting this value to false (stateful) can lead to improved caching and\nperformance.\n\nThis option decides whether to persist the SCION path sqlite databases\non disk or not. Persisting this data can lead to database corruption in\nextreme cases such as power outage, meaning SCION fails to work on the\nnext boot. This is being investigated.\n\nIf true, /run/scion-* is used for data\nIf false, use /var/lib/scion-* is used for data\n", "loc": ["services", "scion", "stateless"], "readOnly": false, "type": "boolean"}, "services.scollector.bosunHost": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:8070\""}, "description": "Host and port of the bosun server that will store the collected\ndata.\n", "loc": ["services", "scollector", "bosunHost"], "readOnly": false, "type": "string"}, "services.scollector.collectors": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set mapping the frequency of collection to a list of\nbinaries that should be executed at that frequency. You can use \"0\"\nto run a binary forever.\n", "example": {"_type": "literalExpression", "text": "{ \"0\" = [ \"${postgresStats}/bin/collect-stats\" ]; }"}, "loc": ["services", "scollector", "collectors"], "readOnly": false, "type": "attribute set of list of absolute path"}, "services.scollector.enable": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run scollector.\n", "loc": ["services", "scollector", "enable"], "readOnly": false, "type": "boolean"}, "services.scollector.extraConfig": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra scollector configuration added to the end of scollector.toml\n", "loc": ["services", "scollector", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.scollector.extraOpts": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra scollector command line options\n", "example": {"_type": "literalExpression", "text": "[\n  \"-d\"\n]"}, "loc": ["services", "scollector", "extraOpts"], "readOnly": false, "type": "list of string"}, "services.scollector.group": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "\"scollector\""}, "description": "Group account under which scollector runs.\n", "loc": ["services", "scollector", "group"], "readOnly": false, "type": "string"}, "services.scollector.package": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "pkgs.scollector"}, "description": "The scollector package to use.", "loc": ["services", "scollector", "package"], "readOnly": false, "type": "package"}, "services.scollector.user": {"declarations": ["nixos/modules/services/monitoring/scollector.nix"], "default": {"_type": "literalExpression", "text": "\"scollector\""}, "description": "User account under which scollector runs.\n", "loc": ["services", "scollector", "user"], "readOnly": false, "type": "string"}, "services.screego.enable": {"declarations": ["nixos/modules/services/web-apps/screego.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable screego screen-sharing server for developers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "screego", "enable"], "readOnly": false, "type": "boolean"}, "services.screego.environmentFile": {"declarations": ["nixos/modules/services/web-apps/screego.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file (see {manpage}`systemd.exec(5)` \"EnvironmentFile=\"\nsection for the syntax) passed to the service. This option can be\nused to safely include secrets in the configuration.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/screego-envfile\""}, "loc": ["services", "screego", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.screego.openFirewall": {"declarations": ["nixos/modules/services/web-apps/screego.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the firewall port(s).\n", "loc": ["services", "screego", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.screego.settings": {"declarations": ["nixos/modules/services/web-apps/screego.nix"], "default": {"_type": "literalExpression", "text": "{\n  SCREEGO_AUTH_MODE = \"turn\";\n  SCREEGO_CLOSE_ROOM_WHEN_OWNER_LEAVES = \"true\";\n  SCREEGO_LOG_LEVEL = \"info\";\n  SCREEGO_SERVER_ADDRESS = \"127.0.0.1:5050\";\n  SCREEGO_SESSION_TIMEOUT_SECONDS = \"0\";\n  SCREEGO_TURN_ADDRESS = \"0.0.0.0:3478\";\n  SCREEGO_TURN_PORT_RANGE = \"50000:55000\";\n}"}, "description": "Screego settings passed as Nix attribute set, they will be merged with\nthe defaults. Settings will be passed as environment variables.\n\nSee <https://screego.net/#/config> for possible values\n", "example": {"_type": "literalExpression", "text": "{\n  SCREEGO_EXTERNAL_IP = \"dns:example.com\";\n}"}, "loc": ["services", "screego", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.scrutiny.collector.enable": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "config.services.scrutiny.enable"}, "description": "Whether to enable the Scrutiny metrics collector.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scrutiny", "collector", "enable"], "readOnly": false, "type": "boolean"}, "services.scrutiny.collector.package": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "pkgs.scrutiny-collector"}, "description": "The scrutiny-collector package to use.", "loc": ["services", "scrutiny", "collector", "package"], "readOnly": false, "type": "package"}, "services.scrutiny.collector.schedule": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"daily\""}, "description": "How often to run the collector in systemd calendar format.\n", "loc": ["services", "scrutiny", "collector", "schedule"], "readOnly": false, "type": "string"}, "services.scrutiny.collector.settings": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Collector settings to be rendered into the collector configuration file.\n\nSee <https://github.com/AnalogJ/scrutiny/blob/master/example.collector.yaml>.\n\nOptions containing secret data should be set to an attribute set\ncontaining the attribute `_secret`. This attribute should be a string\nor structured JSON with `quote = false;`, pointing to a file that\ncontains the value the option should be set to.\n", "loc": ["services", "scrutiny", "collector", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.scrutiny.collector.settings.api.endpoint": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"http://${config.services.scrutiny.settings.web.listen.host}:${config.services.scrutiny.settings.web.listen.port}${config.services.scrutiny.settings.web.listen.basepath}\""}, "description": "Scrutiny app API endpoint for sending metrics to.", "loc": ["services", "scrutiny", "collector", "settings", "api", "endpoint"], "readOnly": false, "type": "string"}, "services.scrutiny.collector.settings.host.id": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host ID for identifying/labelling groups of disks", "loc": ["services", "scrutiny", "collector", "settings", "host", "id"], "readOnly": false, "type": "null or string"}, "services.scrutiny.collector.settings.log.level": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level for Scrutiny collector.", "loc": ["services", "scrutiny", "collector", "settings", "log", "level"], "readOnly": false, "type": "one of \"INFO\", \"DEBUG\""}, "services.scrutiny.enable": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Scrutiny, a web application for drive monitoring.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scrutiny", "enable"], "readOnly": false, "type": "boolean"}, "services.scrutiny.influxdb.enable": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enables InfluxDB on the host system using the `services.influxdb2` NixOS module\nwith default options.\n\nIf you already have InfluxDB configured, or wish to connect to an external InfluxDB\ninstance, disable this option.\n", "loc": ["services", "scrutiny", "influxdb", "enable"], "readOnly": false, "type": "boolean"}, "services.scrutiny.openFirewall": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the default ports in the firewall for Scrutiny.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scrutiny", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.scrutiny.package": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "pkgs.scrutiny"}, "description": "The scrutiny package to use.", "loc": ["services", "scrutiny", "package"], "readOnly": false, "type": "package"}, "services.scrutiny.settings": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Scrutiny settings to be rendered into the configuration file.\n\nSee <https://github.com/AnalogJ/scrutiny/blob/master/example.scrutiny.yaml>.\n\nOptions containing secret data should be set to an attribute set\ncontaining the attribute `_secret`. This attribute should be a string\nor structured JSON with `quote = false;`, pointing to a file that\ncontains the value the option should be set to.\n", "loc": ["services", "scrutiny", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.scrutiny.settings.log.level": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"INFO\""}, "description": "Log level for Scrutiny.", "loc": ["services", "scrutiny", "settings", "log", "level"], "readOnly": false, "type": "one of \"INFO\", \"DEBUG\""}, "services.scrutiny.settings.web.influxdb.bucket": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "InfluxDB bucket in which to store data.", "loc": ["services", "scrutiny", "settings", "web", "influxdb", "bucket"], "readOnly": false, "type": "null or string"}, "services.scrutiny.settings.web.influxdb.host": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP or hostname of the InfluxDB instance.", "loc": ["services", "scrutiny", "settings", "web", "influxdb", "host"], "readOnly": false, "type": "string"}, "services.scrutiny.settings.web.influxdb.org": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "InfluxDB organisation under which to store data.", "loc": ["services", "scrutiny", "settings", "web", "influxdb", "org"], "readOnly": false, "type": "null or string"}, "services.scrutiny.settings.web.influxdb.port": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "8086"}, "description": "The port of the InfluxDB instance.", "loc": ["services", "scrutiny", "settings", "web", "influxdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.scrutiny.settings.web.influxdb.scheme": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "URL scheme to use when connecting to InfluxDB.", "loc": ["services", "scrutiny", "settings", "web", "influxdb", "scheme"], "readOnly": false, "type": "string"}, "services.scrutiny.settings.web.influxdb.tls.insecure_skip_verify": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable skipping TLS verification when connecting to InfluxDB.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scrutiny", "settings", "web", "influxdb", "tls", "insecure_skip_verify"], "readOnly": false, "type": "boolean"}, "services.scrutiny.settings.web.influxdb.token": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication token for connecting to InfluxDB.", "loc": ["services", "scrutiny", "settings", "web", "influxdb", "token"], "readOnly": false, "type": "null or string"}, "services.scrutiny.settings.web.listen.basepath": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If Scrutiny will be behind a path prefixed reverse proxy, you can override this\nvalue to serve Scrutiny on a subpath.\n", "example": {"_type": "literalExpression", "text": "\"/scrutiny\""}, "loc": ["services", "scrutiny", "settings", "web", "listen", "basepath"], "readOnly": false, "type": "string"}, "services.scrutiny.settings.web.listen.host": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Interface address for web application to bind to.", "loc": ["services", "scrutiny", "settings", "web", "listen", "host"], "readOnly": false, "type": "string"}, "services.scrutiny.settings.web.listen.port": {"declarations": ["nixos/modules/services/monitoring/scrutiny.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port for web application to listen on.", "loc": ["services", "scrutiny", "settings", "web", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.scx.enable": {"declarations": ["nixos/modules/services/scheduling/scx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SCX service, a daemon to run schedulers from userspace.\n\n::: {.note}\nThis service requires a kernel with the Sched-ext feature.\nGenerally, kernel version 6.12 and later are supported.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "scx", "enable"], "readOnly": false, "type": "boolean"}, "services.scx.extraArgs": {"declarations": ["nixos/modules/services/scheduling/scx.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Parameters passed to the chosen scheduler at runtime.\n\n::: {.note}\nRun `chosen-scx-scheduler --help` to see the available options. Generally,\neach scheduler has its own set of options, and they are incompatible with each other.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  \"--slice-us 5000\"\n  \"--verbose\"\n]"}, "loc": ["services", "scx", "extraArgs"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "services.scx.package": {"declarations": ["nixos/modules/services/scheduling/scx.nix"], "default": {"_type": "literalExpression", "text": "pkgs.scx.full"}, "description": "`scx` package to use. `scx.full`, which includes all schedulers, is the default.\nYou may choose a minimal package, such as `pkgs.scx.rustscheds`.\n\n::: {.note}\nOverriding this does not change the default scheduler; you should set `services.scx.scheduler` for it.\n:::\n", "example": {"_type": "literalExpression", "text": "pkgs.scx.rustscheds"}, "loc": ["services", "scx", "package"], "readOnly": false, "type": "package"}, "services.scx.scheduler": {"declarations": ["nixos/modules/services/scheduling/scx.nix"], "default": {"_type": "literalExpression", "text": "\"scx_rustland\""}, "description": "Which scheduler to use. See [SCX documentation](https://github.com/sched-ext/scx/tree/main/scheds)\nfor details on each scheduler and guidance on selecting the most suitable one.\n", "example": {"_type": "literalExpression", "text": "\"scx_bpfland\""}, "loc": ["services", "scx", "scheduler"], "readOnly": false, "type": "one of \"scx_beerland\", \"scx_bpfland\", \"scx_chaos\", \"scx_cosmos\", \"scx_central\", \"scx_flash\", \"scx_flatcg\", \"scx_lavd\", \"scx_layered\", \"scx_mitosis\", \"scx_nest\", \"scx_p2dq\", \"scx_pair\", \"scx_prev\", \"scx_qmap\", \"scx_rlfifo\", \"scx_rustland\", \"scx_rusty\", \"scx_sdt\", \"scx_simple\", \"scx_tickless\", \"scx_userland\", \"scx_wd40\""}, "services.sdrplayApi.enable": {"declarations": ["nixos/modules/services/misc/sdrplay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the SDRplay API service and udev rules.\n\n::: {.note}\nTo enable integration with SoapySDR and GUI applications like gqrx create an overlay containing\n`soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };`\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sdrplayApi", "enable"], "readOnly": false, "type": "boolean"}, "services.searx.configureNginx": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure nginx as an frontend to uwsgi.\n", "loc": ["services", "searx", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.searx.configureUwsgi": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run searx in uWSGI as a \"vassal\", instead of using its\nbuilt-in HTTP server. This is the recommended mode for public or\nlarge instances, but is unnecessary for LAN or local-only use.\n\n::: {.warning}\nThe built-in HTTP server logs all queries by default.\n:::\n", "loc": ["services", "searx", "configureUwsgi"], "readOnly": false, "type": "boolean"}, "services.searx.domain": {"declarations": ["nixos/modules/services/networking/searx.nix"], "description": "The domain under which searxng will be served.\nRight now this is only used with the configureNginx option.\n", "loc": ["services", "searx", "domain"], "readOnly": false, "type": "string"}, "services.searx.enable": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Searx, the meta search engine.", "loc": ["services", "searx", "enable"], "readOnly": false, "relatedPackages": "- [`pkgs.searx`](\n    https://search.nixos.org/packages?show=searx&sort=relevance&query=searx\n  )\n", "type": "boolean"}, "services.searx.environmentFile": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file (see {manpage}`systemd.exec(5)` \"EnvironmentFile=\" section for the syntax) to define variables for Searx.\nThis option can be used to safely include secret keys into the Searx configuration.\n", "loc": ["services", "searx", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.searx.faviconsSettings": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Favicons settings for SearXNG.\n\n::: {.note}\nFor available settings, see the SearXNG\n[schema file](https://github.com/searxng/searxng/blob/master/searx/favicons/favicons.toml).\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  favicons = {\n    cfg_schema = 1;\n    cache = {\n      db_url = \"/var/cache/searx/faviconcache.db\";\n      HOLD_TIME = 5184000;\n      LIMIT_TOTAL_BYTES = 2147483648;\n      BLOB_MAX_BYTES = 40960;\n      MAINTENANCE_MODE = \"auto\";\n      MAINTENANCE_PERIOD = 600;\n    };\n  };\n}\n"}, "loc": ["services", "searx", "faviconsSettings"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.searx.limiterSettings": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Limiter settings for SearXNG.\n\n::: {.note}\nFor available settings, see the SearXNG [schema file](https://github.com/searxng/searxng/blob/master/searx/limiter.toml).\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  real_ip = {\n    x_for = 1;\n    ipv4_prefix = 32;\n    ipv6_prefix = 56;\n  }\n  botdetection.ip_lists.block_ip = [\n    # \"93.184.216.34\" # example.org\n  ];\n}\n"}, "loc": ["services", "searx", "limiterSettings"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.searx.package": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "pkgs.searxng"}, "description": "The searxng package to use.", "loc": ["services", "searx", "package"], "readOnly": false, "type": "package"}, "services.searx.redisCreateLocally": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure a local Redis server for SearXNG.\nThis is required if you want to enable the rate limiter and bot protection of SearXNG.\n", "loc": ["services", "searx", "redisCreateLocally"], "readOnly": false, "type": "boolean"}, "services.searx.settings": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Searx settings.\nThese will be merged with (taking precedence over) the default configuration.\nIt's also possible to refer to environment variables (defined in [](#opt-services.searx.environmentFile)) using the syntax `$VARIABLE_NAME`.\n\n::: {.note}\nFor available settings, see the Searx [docs](https://docs.searxng.org/admin/settings/index.html).\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  server.port = 8080;\n  server.bind_address = \"0.0.0.0\";\n  server.secret_key = \"$SEARX_SECRET_KEY\";\n\n  engines = [ {\n    name = \"wolframalpha\";\n    shortcut = \"wa\";\n    api_key = \"$WOLFRAM_API_KEY\";\n    engine = \"wolframalpha_api\";\n  } ];\n}\n"}, "loc": ["services", "searx", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.searx.settingsFile": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "\"/run/searx/settings.yml\""}, "description": "The path of the Searx server settings.yml file.\nIf no file is specified, a default file is used (default config file has debug mode enabled).\n\n::: {.note}\nSetting this options overrides [](#opt-services.searx.settings).\n:::\n\n::: {.warning}\nThis file, along with any secret key it contains, will be copied into the world-readable Nix store.\n:::\n", "loc": ["services", "searx", "settingsFile"], "readOnly": false, "type": "absolute path"}, "services.searx.uwsgiConfig": {"declarations": ["nixos/modules/services/networking/searx.nix"], "default": {"_type": "literalExpression", "text": "{\n  http = \":8080\";\n}"}, "description": "Additional configuration of the uWSGI vassal running searx. It\nshould notably specify on which interfaces and ports the vassal\nshould listen.\n", "example": {"_type": "literalExpression", "text": "{\n  disable-logging = true;\n  http = \":8080\";                   # serve via HTTP...\n  socket = \"/run/searx/searx.sock\"; # ...or UNIX socket\n  chmod-socket = \"660\";             # allow the searx group to read/write to the socket\n}\n"}, "loc": ["services", "searx", "uwsgiConfig"], "readOnly": false, "type": "Json value or lambda"}, "services.seatd.enable": {"declarations": ["nixos/modules/services/desktops/seatd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable seatd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "seatd", "enable"], "readOnly": false, "type": "boolean"}, "services.seatd.group": {"declarations": ["nixos/modules/services/desktops/seatd.nix"], "default": {"_type": "literalExpression", "text": "\"seat\""}, "description": "Group to own the seatd socket", "loc": ["services", "seatd", "group"], "readOnly": false, "type": "string"}, "services.seatd.logLevel": {"declarations": ["nixos/modules/services/desktops/seatd.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Logging verbosity", "loc": ["services", "seatd", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"error\", \"silent\""}, "services.seatd.user": {"declarations": ["nixos/modules/services/desktops/seatd.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "User to own the seatd socket", "loc": ["services", "seatd", "user"], "readOnly": false, "type": "string"}, "services.self-deploy.branch": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "\"master\""}, "description": "Branch to track\n\nTechnically speaking any ref can be specified here, as this is\npassed directly to a `git fetch`, but for the use-case of\ncontinuous deployment you're likely to want to specify a branch.\n", "loc": ["services", "self-deploy", "branch"], "readOnly": false, "type": "string"}, "services.self-deploy.enable": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable self-deploy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "self-deploy", "enable"], "readOnly": false, "type": "boolean"}, "services.self-deploy.nixArgs": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Arguments to `nix-build` passed as `--argstr` or `--arg` depending on\nthe type.\n", "loc": ["services", "self-deploy", "nixArgs"], "readOnly": false, "type": "attribute set"}, "services.self-deploy.nixAttribute": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Attribute of `nixFile` that builds the current system.\n", "loc": ["services", "self-deploy", "nixAttribute"], "readOnly": false, "type": "null or string"}, "services.self-deploy.nixFile": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "\"/default.nix\""}, "description": "Path to nix file in repository. Leading '/' refers to root of\ngit repository.\n", "loc": ["services", "self-deploy", "nixFile"], "readOnly": false, "type": "absolute path"}, "services.self-deploy.repository": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "description": "The repository to fetch from. Must be properly formatted for git.\n\nIf this value is set to a path (must begin with `/`) then it's\nassumed that the repository is local and the resulting service\nwon't wait for the network to be up.\n\nIf the repository will be fetched over SSH, you must add an\nentry to `programs.ssh.knownHosts` for the SSH host for the fetch\nto be successful.\n", "loc": ["services", "self-deploy", "repository"], "readOnly": false, "type": "absolute path or string"}, "services.self-deploy.sshKeyFile": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to SSH private key used to fetch private repositories over\nSSH.\n", "loc": ["services", "self-deploy", "sshKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.self-deploy.startAt": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "The schedule on which to run the `self-deploy` service. Format\nspecified by `systemd.time 7`.\n\nThis value can also be a list of `systemd.time 7` formatted\nstrings, in which case the service will be started on multiple\nschedules.\n", "loc": ["services", "self-deploy", "startAt"], "readOnly": false, "type": "string or list of string"}, "services.self-deploy.switchCommand": {"declarations": ["nixos/modules/services/system/self-deploy.nix"], "default": {"_type": "literalExpression", "text": "\"switch\""}, "description": "The `switch-to-configuration` subcommand used.\n", "loc": ["services", "self-deploy", "switchCommand"], "readOnly": false, "type": "one of \"boot\", \"switch\", \"dry-activate\", \"test\""}, "services.selfoss.database.host": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host of the database (has no effect if type is \"sqlite\").\n", "loc": ["services", "selfoss", "database", "host"], "readOnly": false, "type": "string"}, "services.selfoss.database.name": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"tt_rss\""}, "description": "Name of the existing database (has no effect if type is \"sqlite\").\n", "loc": ["services", "selfoss", "database", "name"], "readOnly": false, "type": "string"}, "services.selfoss.database.password": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database user's password (has no effect if type is \"sqlite\").\n", "loc": ["services", "selfoss", "database", "password"], "readOnly": false, "type": "null or string"}, "services.selfoss.database.port": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database's port. If not set, the default ports will be\nprovided (5432 and 3306 for pgsql and mysql respectively)\n(has no effect if type is \"sqlite\").\n", "loc": ["services", "selfoss", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.selfoss.database.type": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database to store feeds. Supported are sqlite, pgsql and mysql.\n", "loc": ["services", "selfoss", "database", "type"], "readOnly": false, "type": "one of \"pgsql\", \"mysql\", \"sqlite\""}, "services.selfoss.database.user": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"tt_rss\""}, "description": "The database user. The user must exist and has access to\nthe specified database (has no effect if type is \"sqlite\").\n", "loc": ["services", "selfoss", "database", "user"], "readOnly": false, "type": "string"}, "services.selfoss.enable": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable selfoss.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "selfoss", "enable"], "readOnly": false, "type": "boolean"}, "services.selfoss.extraConfig": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration added to config.ini\n", "loc": ["services", "selfoss", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.selfoss.pool": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"selfoss_pool\""}, "description": "Name of existing phpfpm pool that is used to run web-application.\nIf not specified a pool will be created automatically with\ndefault values.\n", "loc": ["services", "selfoss", "pool"], "readOnly": false, "type": "string"}, "services.selfoss.user": {"declarations": ["nixos/modules/services/web-apps/selfoss.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "User account under which both the service and the web-application run.\n", "loc": ["services", "selfoss", "user"], "readOnly": false, "type": "string"}, "services.send.baseUrl": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base URL for the Send service.\nLeave it blank to automatically detect the base url.\n", "loc": ["services", "send", "baseUrl"], "readOnly": false, "type": "null or string"}, "services.send.dataDir": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/send\""}, "description": "Directory for uploaded files.\nDue to limitations in {option}`systemd.services.send.serviceConfig.DynamicUser`, this item is read only.\n", "loc": ["services", "send", "dataDir"], "readOnly": true, "type": "absolute path"}, "services.send.enable": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Send, a file sharing web sevice for ffsend..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "send", "enable"], "readOnly": false, "type": "boolean"}, "services.send.environment": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "description": "All the available config options and their defaults can be found here: <https://github.com/timvisee/send/blob/master/server/config.js>,\nsome descriptions can found here: <https://github.com/timvisee/send/blob/master/docs/docker.md#environment-variables>\n\nValues under {option}`services.send.environment` will override the predefined values in the Send service.\n  - Time/duration should be in seconds\n  - Filesize values should be in bytes\n", "example": {"_type": "literalExpression", "text": "{\n  DEFAULT_DOWNLOADS = 1;\n  DETECT_BASE_URL = true;\n  EXPIRE_TIMES_SECONDS = [\n    300\n    3600\n    86400\n    604800\n  ];\n}"}, "loc": ["services", "send", "environment"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or string or list of signed integer)"}, "services.send.host": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The hostname or IP address for Send to bind to.", "loc": ["services", "send", "host"], "readOnly": false, "type": "string"}, "services.send.openFirewall": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open firewall ports for send", "loc": ["services", "send", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.send.package": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "pkgs.send"}, "description": "The send package to use.", "loc": ["services", "send", "package"], "readOnly": false, "type": "package"}, "services.send.port": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "1443"}, "description": "Port the Send service listens on.", "loc": ["services", "send", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.send.redis.createLocally": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local redis automatically.", "loc": ["services", "send", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.send.redis.host": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Redis server address.", "loc": ["services", "send", "redis", "host"], "readOnly": false, "type": "string"}, "services.send.redis.name": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "\"send\""}, "description": "Name of the redis server.\nOnly used if {option}`services.send.redis.createLocally` is set to true.\n", "loc": ["services", "send", "redis", "name"], "readOnly": false, "type": "string"}, "services.send.redis.passwordFile": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the file containing the Redis password.\n\nIf {option}`services.send.redis.createLocally` is set to true,\nthe content of this file will be used as the password for the locally created Redis instance.\n\nLeave it blank if no password is required.\n", "example": {"_type": "literalExpression", "text": "\"/run/agenix/send-redis-password\""}, "loc": ["services", "send", "redis", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.send.redis.port": {"declarations": ["nixos/modules/services/web-servers/send.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "Port of the redis server.", "loc": ["services", "send", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.serviio.dataDir": {"declarations": ["nixos/modules/services/misc/serviio.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/serviio\""}, "description": "The directory where serviio stores its state, data, etc.\n", "loc": ["services", "serviio", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.serviio.enable": {"declarations": ["nixos/modules/services/misc/serviio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Serviio Media Server.\n", "loc": ["services", "serviio", "enable"], "readOnly": false, "type": "boolean"}, "services.serviio.openFirewall": {"declarations": ["nixos/modules/services/misc/serviio.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Serviio Media Server.\n", "loc": ["services", "serviio", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.sftpgo.dataDir": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sftpgo\""}, "description": "The directory where SFTPGo stores its data files.\n", "loc": ["services", "sftpgo", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.sftpgo.enable": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "sftpgo", "loc": ["services", "sftpgo", "enable"], "readOnly": false, "type": "boolean"}, "services.sftpgo.extraArgs": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass to the sftpgo daemon.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--log-level\"\n  \"info\"\n]"}, "loc": ["services", "sftpgo", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.sftpgo.extraReadWriteDirs": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra directories where SFTPGo is allowed to write to.\n", "loc": ["services", "sftpgo", "extraReadWriteDirs"], "readOnly": false, "type": "list of absolute path"}, "services.sftpgo.group": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"sftpgo\""}, "description": "Group name under which SFTPGo runs.\n", "loc": ["services", "sftpgo", "group"], "readOnly": false, "type": "string"}, "services.sftpgo.loadDataFile": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a json file containing users and folders to load (or update) on startup.\nCheck the [documentation](https://sftpgo.github.io/latest/config-file/)\nfor the `--loaddata-from` command line argument for more info.\n", "loc": ["services", "sftpgo", "loadDataFile"], "readOnly": false, "type": "null or absolute path"}, "services.sftpgo.package": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sftpgo"}, "description": "The sftpgo package to use.", "loc": ["services", "sftpgo", "package"], "readOnly": false, "type": "package"}, "services.sftpgo.settings": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The primary sftpgo configuration. See the\n[configuration reference](https://sftpgo.github.io/latest/config-file/)\nfor possible values.\n", "loc": ["services", "sftpgo", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.sftpgo.settings.ftpd.bindings": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configure listen addresses and ports for ftpd.\n", "loc": ["services", "sftpgo", "settings", "ftpd", "bindings"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.sftpgo.settings.ftpd.bindings.*.address": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Network listen address. Leave blank to listen on all available network interfaces.\nOn *NIX you can specify an absolute path to listen on a Unix-domain socket.\n", "loc": ["services", "sftpgo", "settings", "ftpd", "bindings", "*", "address"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.ftpd.bindings.*.port": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The port for serving FTP requests.\n\nSetting the port to `0` disables listening on this interface binding.\n", "loc": ["services", "sftpgo", "settings", "ftpd", "bindings", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sftpgo.settings.httpd.bindings": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configure listen addresses and ports for httpd.\n", "loc": ["services", "sftpgo", "settings", "httpd", "bindings"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.sftpgo.settings.httpd.bindings.*.address": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Network listen address. Leave blank to listen on all available network interfaces.\nOn *NIX you can specify an absolute path to listen on a Unix-domain socket.\n", "loc": ["services", "sftpgo", "settings", "httpd", "bindings", "*", "address"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.httpd.bindings.*.enable_web_admin": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the built-in web admin for this interface binding.\n", "loc": ["services", "sftpgo", "settings", "httpd", "bindings", "*", "enable_web_admin"], "readOnly": false, "type": "boolean"}, "services.sftpgo.settings.httpd.bindings.*.enable_web_client": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the built-in web client for this interface binding.\n", "loc": ["services", "sftpgo", "settings", "httpd", "bindings", "*", "enable_web_client"], "readOnly": false, "type": "boolean"}, "services.sftpgo.settings.httpd.bindings.*.port": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port for serving HTTP(S) requests.\n\nSetting the port to `0` disables listening on this interface binding.\n", "loc": ["services", "sftpgo", "settings", "httpd", "bindings", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sftpgo.settings.sftpd.bindings": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configure listen addresses and ports for sftpd.\n", "loc": ["services", "sftpgo", "settings", "sftpd", "bindings"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.sftpgo.settings.sftpd.bindings.*.address": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Network listen address. Leave blank to listen on all available network interfaces.\nOn *NIX you can specify an absolute path to listen on a Unix-domain socket.\n", "loc": ["services", "sftpgo", "settings", "sftpd", "bindings", "*", "address"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.sftpd.bindings.*.port": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The port for serving SFTP requests.\n\nSetting the port to `0` disables listening on this interface binding.\n", "loc": ["services", "sftpgo", "settings", "sftpd", "bindings", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sftpgo.settings.smtp": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "SMTP configuration section.\n", "loc": ["services", "sftpgo", "settings", "smtp"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.sftpgo.settings.smtp.auth_type": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "- `0`: Plain\n- `1`: Login\n- `2`: CRAM-MD5\n", "loc": ["services", "sftpgo", "settings", "smtp", "auth_type"], "readOnly": false, "type": "one of 0, 1, 2"}, "services.sftpgo.settings.smtp.encryption": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Encryption scheme:\n- `0`: No encryption\n- `1`: TLS\n- `2`: STARTTLS\n", "loc": ["services", "sftpgo", "settings", "smtp", "encryption"], "readOnly": false, "type": "one of 0, 1, 2"}, "services.sftpgo.settings.smtp.from": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"SFTPGo <sftpgo@example.com>\""}, "description": "From address.\n", "loc": ["services", "sftpgo", "settings", "smtp", "from"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.smtp.host": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Location of SMTP email server. Leave empty to disable email sending capabilities.\n", "loc": ["services", "sftpgo", "settings", "smtp", "host"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.smtp.port": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "465"}, "description": "Port of the SMTP Server.", "loc": ["services", "sftpgo", "settings", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sftpgo.settings.smtp.user": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"sftpgo\""}, "description": "SMTP username.", "loc": ["services", "sftpgo", "settings", "smtp", "user"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.webdavd.bindings": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configure listen addresses and ports for webdavd.\n", "loc": ["services", "sftpgo", "settings", "webdavd", "bindings"], "readOnly": false, "type": "list of (open submodule of (JSON value))"}, "services.sftpgo.settings.webdavd.bindings.*.address": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Network listen address. Leave blank to listen on all available network interfaces.\nOn *NIX you can specify an absolute path to listen on a Unix-domain socket.\n", "loc": ["services", "sftpgo", "settings", "webdavd", "bindings", "*", "address"], "readOnly": false, "type": "string"}, "services.sftpgo.settings.webdavd.bindings.*.port": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The port for serving WebDAV requests.\n\nSetting the port to `0` disables listening on this interface binding.\n", "loc": ["services", "sftpgo", "settings", "webdavd", "bindings", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sftpgo.user": {"declarations": ["nixos/modules/services/web-apps/sftpgo.nix"], "default": {"_type": "literalExpression", "text": "\"sftpgo\""}, "description": "User account name under which SFTPGo runs.\n", "loc": ["services", "sftpgo", "user"], "readOnly": false, "type": "string"}, "services.shadowsocks.enable": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run shadowsocks-libev shadowsocks server.\n", "loc": ["services", "shadowsocks", "enable"], "readOnly": false, "type": "boolean"}, "services.shadowsocks.encryptionMethod": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "\"chacha20-ietf-poly1305\""}, "description": "Encryption method. See <https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers>.\n", "loc": ["services", "shadowsocks", "encryptionMethod"], "readOnly": false, "type": "string"}, "services.shadowsocks.extraConfig": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for shadowsocks that is not covered by the\nprovided options. The provided attrset will be serialized to JSON and\nhas to contain valid shadowsocks options. Unfortunately most\nadditional options are undocumented but it's easy to find out what is\navailable by looking into the source code of\n<https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/jconf.c>\n", "example": {"_type": "literalExpression", "text": "{\n  nameserver = \"8.8.8.8\";\n}"}, "loc": ["services", "shadowsocks", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.shadowsocks.fastOpen": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "use TCP fast-open\n", "loc": ["services", "shadowsocks", "fastOpen"], "readOnly": false, "type": "boolean"}, "services.shadowsocks.localAddress": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"[::0]\"\n  \"0.0.0.0\"\n]"}, "description": "Local addresses to which the server binds.\n", "loc": ["services", "shadowsocks", "localAddress"], "readOnly": false, "type": "(list of string) or string convertible to it"}, "services.shadowsocks.mode": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "\"tcp_and_udp\""}, "description": "Relay protocols.\n", "loc": ["services", "shadowsocks", "mode"], "readOnly": false, "type": "one of \"tcp_only\", \"tcp_and_udp\", \"udp_only\""}, "services.shadowsocks.password": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password for connecting clients.\n", "loc": ["services", "shadowsocks", "password"], "readOnly": false, "type": "null or string"}, "services.shadowsocks.passwordFile": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password file with a password for connecting clients.\n", "loc": ["services", "shadowsocks", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.shadowsocks.plugin": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SIP003 plugin for shadowsocks\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin\""}, "loc": ["services", "shadowsocks", "plugin"], "readOnly": false, "type": "null or string"}, "services.shadowsocks.pluginOpts": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options to pass to the plugin if one was specified\n", "example": {"_type": "literalExpression", "text": "\"server;host=example.com\""}, "loc": ["services", "shadowsocks", "pluginOpts"], "readOnly": false, "type": "string"}, "services.shadowsocks.port": {"declarations": ["nixos/modules/services/networking/shadowsocks.nix"], "default": {"_type": "literalExpression", "text": "8388"}, "description": "Port which the server uses.\n", "loc": ["services", "shadowsocks", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.shairport-sync.arguments": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to the daemon. Defaults to a local pulseaudio\nserver.\n", "loc": ["services", "shairport-sync", "arguments"], "readOnly": false, "type": "string"}, "services.shairport-sync.enable": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the shairport-sync daemon.\n\nRunning with a local system-wide or remote pulseaudio server\nis recommended.\n", "loc": ["services", "shairport-sync", "enable"], "readOnly": false, "type": "boolean"}, "services.shairport-sync.group": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "\"shairport\""}, "description": "Group account name under which to run shairport-sync. The account\nwill be created.\n", "loc": ["services", "shairport-sync", "group"], "readOnly": false, "type": "string"}, "services.shairport-sync.openFirewall": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open ports in the firewall.\n", "loc": ["services", "shairport-sync", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.shairport-sync.package": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shairport-sync"}, "description": "The shairport-sync package to use.", "loc": ["services", "shairport-sync", "package"], "readOnly": false, "type": "package"}, "services.shairport-sync.settings": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "{\n  diagnostics = {\n    log_verbosity = 1;\n  };\n  general = {\n    output_backend = \"pa\";\n  };\n}"}, "description": "Configuration options for Shairport-Sync.\n\nSee the example [shairport-sync.conf][example-file] for possible options.\n\n[example-file]: https://github.com/mikebrady/shairport-sync/blob/master/scripts/shairport-sync.conf\n", "example": {"_type": "literalExpression", "text": "{\n  general = {\n    name = \"NixOS Shairport\";\n    output_backend = \"pw\";\n  };\n  metadata = {\n    cover_art_cache_directory = \"/tmp/shairport-sync/.cache/coverart\";\n    enabled = \"yes\";\n    include_cover_art = \"yes\";\n    pipe_name = \"/tmp/shairport-sync-metadata\";\n    pipe_timeout = 5000;\n  };\n  mqtt = {\n    enabled = \"yes\";\n    hostname = \"mqtt.server.domain.example\";\n    port = 1883;\n    publish_cover = \"yes\";\n    publish_parsed = \"yes\";\n  };\n}"}, "loc": ["services", "shairport-sync", "settings"], "readOnly": false, "type": "attribute set of (libconfig value)"}, "services.shairport-sync.user": {"declarations": ["nixos/modules/services/networking/shairport-sync.nix"], "default": {"_type": "literalExpression", "text": "\"shairport\""}, "description": "User account name under which to run shairport-sync. The account\nwill be created.\n", "loc": ["services", "shairport-sync", "user"], "readOnly": false, "type": "string"}, "services.sharkey.enable": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sharkey, a Sharkish microblogging platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sharkey", "enable"], "readOnly": false, "type": "boolean"}, "services.sharkey.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths to files containing environment variables for Sharkey to use at runtime.\n\nThis is useful for keeping secrets out of the Nix store. See\n<https://docs.joinsharkey.org/docs/install/configuration/> for how to configure Sharkey using environment\nvariables.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/sharkey-env\"\n]"}, "loc": ["services", "sharkey", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.sharkey.openFirewall": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the NixOS firewall for Sharkey.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sharkey", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.sharkey.package": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sharkey"}, "description": "The sharkey package to use.", "loc": ["services", "sharkey", "package"], "readOnly": false, "type": "package"}, "services.sharkey.settings": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for Sharkey.\n\nSee <https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/.config/example.yml> for a list of all\navailable configuration options.\n", "loc": ["services", "sharkey", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.sharkey.settings.address": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address that Sharkey binds to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "sharkey", "settings", "address"], "readOnly": false, "type": "string"}, "services.sharkey.settings.fulltextSearch.provider": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "\"sqlLike\""}, "description": "Which provider to use for full text search.\n\nAll options other than `sqlLike` require extra setup - see the comments in\n<https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/.config/example.yml> for details.\n\nIf `sqlPgroonga` is set, and `services.sharkey.setupPostgres` is `true`, the pgroonga extension will\nautomatically be setup. You still need to create an index manually.\n\nIf using Meilisearch, consider setting `services.sharkey.setupMeilisearch` instead, which will\nconfigure Meilisearch for you.\n", "example": {"_type": "literalExpression", "text": "\"sqlPgroonga\""}, "loc": ["services", "sharkey", "settings", "fulltextSearch", "provider"], "readOnly": false, "type": "one of \"sqlLike\", \"sqlPgroonga\", \"sqlTsvector\", \"meilisearch\""}, "services.sharkey.settings.id": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "\"aidx\""}, "description": "The ID generation method for Sharkey to use.\n\nDo NOT change this after initial setup!\n", "loc": ["services", "sharkey", "settings", "id"], "readOnly": false, "type": "one of \"aid\", \"aidx\", \"meid\", \"ulid\", \"objectid\""}, "services.sharkey.settings.mediaDirectory": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sharkey\""}, "description": "Path to the folder where Sharkey stores uploaded media such as images and attachments.\n", "loc": ["services", "sharkey", "settings", "mediaDirectory"], "readOnly": false, "type": "absolute path"}, "services.sharkey.settings.port": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port that Sharkey will listen on.\n", "loc": ["services", "sharkey", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sharkey.settings.socket": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If specified, creates a UNIX socket at the given path that Sharkey listens on.\n", "example": {"_type": "literalExpression", "text": "\"/run/sharkey/sharkey.sock\""}, "loc": ["services", "sharkey", "settings", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.sharkey.settings.url": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "description": "The full URL that the Sharkey instance will be publically accessible on.\n\nDo NOT change this after initial setup!\n", "example": {"_type": "literalExpression", "text": "\"https://blahaj.social/\""}, "loc": ["services", "sharkey", "settings", "url"], "readOnly": false, "type": "string"}, "services.sharkey.setupMeilisearch": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically set up a local Meilisearch instance and configure Sharkey to use it.\n\nYou need to ensure `services.meilisearch.masterKeyFile` is correctly configured for a working\nMeilisearch setup. You also need to configure Sharkey to use an API key obtained from Meilisearch with the\n`MK_CONFIG_MEILISEARCH_APIKEY` environment variable, and set `services.sharkey.settings.meilisearch.index` to\nthe created index. See <https://docs.joinsharkey.org/docs/customisation/search/meilisearch/> for how to create\nan API key and index.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sharkey", "setupMeilisearch"], "readOnly": false, "type": "boolean"}, "services.sharkey.setupPostgresql": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically set up a local PostgreSQL database and configure Sharkey to use it.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "sharkey", "setupPostgresql"], "readOnly": false, "type": "boolean"}, "services.sharkey.setupRedis": {"declarations": ["nixos/modules/services/web-apps/sharkey.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically set up a local Redis cache and configure Sharkey to use it.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "sharkey", "setupRedis"], "readOnly": false, "type": "boolean"}, "services.shellhub-agent.enable": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ShellHub Agent daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "shellhub-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.shellhub-agent.keepAliveInterval": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Determine the interval to send the keep alive message to\nthe server. This has a direct impact of the bandwidth\nused by the device.\n", "loc": ["services", "shellhub-agent", "keepAliveInterval"], "readOnly": false, "type": "signed integer"}, "services.shellhub-agent.package": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shellhub-agent"}, "description": "The shellhub-agent package to use.", "loc": ["services", "shellhub-agent", "package"], "readOnly": false, "type": "package"}, "services.shellhub-agent.preferredHostname": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Set the device preferred hostname. This provides a hint to\nthe server to use this as hostname if it is available.\n", "loc": ["services", "shellhub-agent", "preferredHostname"], "readOnly": false, "type": "string"}, "services.shellhub-agent.privateKey": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/shellhub-agent/private.key\""}, "description": "Location where to store the ShellHub Agent private\nkey.\n", "loc": ["services", "shellhub-agent", "privateKey"], "readOnly": false, "type": "absolute path"}, "services.shellhub-agent.server": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "default": {"_type": "literalExpression", "text": "\"https://cloud.shellhub.io\""}, "description": "Server address of ShellHub Gateway to connect.\n", "loc": ["services", "shellhub-agent", "server"], "readOnly": false, "type": "string"}, "services.shellhub-agent.tenantId": {"declarations": ["nixos/modules/services/networking/shellhub-agent.nix"], "description": "The tenant ID to use when connecting to the ShellHub\nGateway.\n", "example": {"_type": "literalExpression", "text": "\"ba0a880c-2ada-11eb-a35e-17266ef329d6\""}, "loc": ["services", "shellhub-agent", "tenantId"], "readOnly": false, "type": "string"}, "services.shibboleth-sp.configFile": {"declarations": ["nixos/modules/services/security/shibboleth-sp.nix"], "description": "Path to shibboleth config file", "example": {"_type": "literalExpression", "text": "\"${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml\""}, "loc": ["services", "shibboleth-sp", "configFile"], "readOnly": false, "type": "absolute path"}, "services.shibboleth-sp.enable": {"declarations": ["nixos/modules/services/security/shibboleth-sp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the shibboleth service", "loc": ["services", "shibboleth-sp", "enable"], "readOnly": false, "type": "boolean"}, "services.shibboleth-sp.fastcgi.enable": {"declarations": ["nixos/modules/services/security/shibboleth-sp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to include the shibauthorizer and shibresponder FastCGI processes", "loc": ["services", "shibboleth-sp", "fastcgi", "enable"], "readOnly": false, "type": "boolean"}, "services.shibboleth-sp.fastcgi.shibAuthorizerPort": {"declarations": ["nixos/modules/services/security/shibboleth-sp.nix"], "default": {"_type": "literalExpression", "text": "9100"}, "description": "Port for shibauthorizer FastCGI process to bind to", "loc": ["services", "shibboleth-sp", "fastcgi", "shibAuthorizerPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.shibboleth-sp.fastcgi.shibResponderPort": {"declarations": ["nixos/modules/services/security/shibboleth-sp.nix"], "default": {"_type": "literalExpression", "text": "9101"}, "description": "Port for shibauthorizer FastCGI process to bind to", "loc": ["services", "shibboleth-sp", "fastcgi", "shibResponderPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.shiori.address": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The IP address on which Shiori will listen.\nIf empty, listens on all interfaces.\n", "loc": ["services", "shiori", "address"], "readOnly": false, "type": "string"}, "services.shiori.databaseUrl": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The connection URL to connect to MySQL or PostgreSQL", "example": {"_type": "literalExpression", "text": "\"postgres:///shiori?host=/run/postgresql\""}, "loc": ["services", "shiori", "databaseUrl"], "readOnly": false, "type": "null or string"}, "services.shiori.enable": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Shiori simple bookmarks manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "shiori", "enable"], "readOnly": false, "type": "boolean"}, "services.shiori.environmentFile": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing environment variables.\nUseful for passing down secrets.\n<https://github.com/go-shiori/shiori/blob/master/docs/Configuration.md#overall-configuration>\n", "example": {"_type": "literalExpression", "text": "\"/path/to/environmentFile\""}, "loc": ["services", "shiori", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.shiori.package": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shiori"}, "description": "The shiori package to use.", "loc": ["services", "shiori", "package"], "readOnly": false, "type": "package"}, "services.shiori.port": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port of the Shiori web application", "loc": ["services", "shiori", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.shiori.webRoot": {"declarations": ["nixos/modules/services/web-apps/shiori.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "The root of the Shiori web application", "example": {"_type": "literalExpression", "text": "\"/shiori\""}, "loc": ["services", "shiori", "webRoot"], "readOnly": false, "type": "string"}, "services.shoko.enable": {"declarations": ["nixos/modules/services/misc/shoko.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Shoko.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "shoko", "enable"], "readOnly": false, "type": "boolean"}, "services.shoko.openFirewall": {"declarations": ["nixos/modules/services/misc/shoko.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the ShokoAnime api and web interface.\n", "loc": ["services", "shoko", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.shoko.package": {"declarations": ["nixos/modules/services/misc/shoko.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shoko"}, "description": "The shoko package to use.", "loc": ["services", "shoko", "package"], "readOnly": false, "type": "package"}, "services.shoko.plugins": {"declarations": ["nixos/modules/services/misc/shoko.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The plugins to install.\n\nNote that if there are plugins installed imperatively when this\noption is used, they will be deleted.\n", "loc": ["services", "shoko", "plugins"], "readOnly": false, "type": "list of package"}, "services.shoko.webui": {"declarations": ["nixos/modules/services/misc/shoko.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shoko-webui"}, "description": "The shoko-webui package to use.", "loc": ["services", "shoko", "webui"], "readOnly": false, "type": "null or package"}, "services.shorewall.configs": {"declarations": ["nixos/modules/services/networking/shorewall.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines the Shorewall configs.\nThe attribute name defines the name of the config,\nand the attribute value defines the content of the config.\n", "loc": ["services", "shorewall", "configs"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.shorewall.enable": {"declarations": ["nixos/modules/services/networking/shorewall.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Shorewall IPv4 Firewall.\n\n::: {.warning}\nEnabling this service WILL disable the existing NixOS\nfirewall! Default firewall rules provided by packages are not\nconsidered at the moment.\n:::\n", "loc": ["services", "shorewall", "enable"], "readOnly": false, "type": "boolean"}, "services.shorewall.package": {"declarations": ["nixos/modules/services/networking/shorewall.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shorewall"}, "description": "The shorewall package to use.", "loc": ["services", "shorewall", "package"], "readOnly": false, "type": "package"}, "services.shorewall6.configs": {"declarations": ["nixos/modules/services/networking/shorewall6.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option defines the Shorewall configs.\nThe attribute name defines the name of the config,\nand the attribute value defines the content of the config.\n", "loc": ["services", "shorewall6", "configs"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.shorewall6.enable": {"declarations": ["nixos/modules/services/networking/shorewall6.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Shorewall IPv6 Firewall.\n\n::: {.warning}\nEnabling this service WILL disable the existing NixOS\nfirewall! Default firewall rules provided by packages are not\nconsidered at the moment.\n:::\n", "loc": ["services", "shorewall6", "enable"], "readOnly": false, "type": "boolean"}, "services.shorewall6.package": {"declarations": ["nixos/modules/services/networking/shorewall6.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shorewall"}, "description": "The shorewall package to use.", "loc": ["services", "shorewall6", "package"], "readOnly": false, "type": "package"}, "services.sickbeard.configFile": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.sickbeard.dataDir}/config.ini\""}, "description": "Path to config file.", "loc": ["services", "sickbeard", "configFile"], "readOnly": false, "type": "absolute path"}, "services.sickbeard.dataDir": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sickbeard\""}, "description": "Path where to store data files.", "loc": ["services", "sickbeard", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.sickbeard.enable": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the sickbeard server.", "loc": ["services", "sickbeard", "enable"], "readOnly": false, "type": "boolean"}, "services.sickbeard.group": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "\"sickbeard\""}, "description": "Group to run the service as", "loc": ["services", "sickbeard", "group"], "readOnly": false, "type": "string"}, "services.sickbeard.package": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sickbeard"}, "description": "The sickbeard package to use. Enable `pkgs.sickrage` or `pkgs.sickgear`\nas an alternative to SickBeard\n", "example": {"_type": "literalExpression", "text": "sickrage"}, "loc": ["services", "sickbeard", "package"], "readOnly": false, "type": "package"}, "services.sickbeard.port": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Port to bind to.", "loc": ["services", "sickbeard", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sickbeard.user": {"declarations": ["nixos/modules/services/misc/sickbeard.nix"], "default": {"_type": "literalExpression", "text": "\"sickbeard\""}, "description": "User to run the service as", "loc": ["services", "sickbeard", "user"], "readOnly": false, "type": "string"}, "services.sillytavern.configFile": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "${pkgs.sillytavern}/lib/node_modules/sillytavern/config.yaml"}, "description": "Path to the SillyTavern configuration file.\n", "loc": ["services", "sillytavern", "configFile"], "readOnly": false, "type": "absolute path"}, "services.sillytavern.enable": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sillytavern.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sillytavern", "enable"], "readOnly": false, "type": "boolean"}, "services.sillytavern.group": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "\"sillytavern\""}, "description": "Group account under which the web-application run.\n", "loc": ["services", "sillytavern", "group"], "readOnly": false, "type": "string"}, "services.sillytavern.listen": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to listen on all network interfaces.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sillytavern", "listen"], "readOnly": false, "type": "null or boolean"}, "services.sillytavern.listenAddressIPv4": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specific IPv4 address to listen to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "sillytavern", "listenAddressIPv4"], "readOnly": false, "type": "null or string"}, "services.sillytavern.listenAddressIPv6": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specific IPv6 address to listen to.\n", "example": {"_type": "literalExpression", "text": "\"::1\""}, "loc": ["services", "sillytavern", "listenAddressIPv6"], "readOnly": false, "type": "null or string"}, "services.sillytavern.package": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sillytavern"}, "description": "The sillytavern package to use.", "loc": ["services", "sillytavern", "package"], "readOnly": false, "type": "package"}, "services.sillytavern.port": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port on which SillyTavern will listen.\n", "example": {"_type": "literalExpression", "text": "8045"}, "loc": ["services", "sillytavern", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sillytavern.user": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "\"sillytavern\""}, "description": "User account under which the web-application run.\n", "loc": ["services", "sillytavern", "user"], "readOnly": false, "type": "string"}, "services.sillytavern.whitelist": {"declarations": ["nixos/modules/services/web-apps/sillytavern.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables whitelist mode.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sillytavern", "whitelist"], "readOnly": false, "type": "null or boolean"}, "services.silverbullet.enable": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Silverbullet, an open-source, self-hosted, offline-capable Personal Knowledge Management (PKM) web application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "silverbullet", "enable"], "readOnly": false, "type": "boolean"}, "services.silverbullet.envFile": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing extra environment variables. For example:\n\n```\nSB_USER=user:password\nSB_AUTH_TOKEN=abcdefg12345\n```\n", "example": {"_type": "literalExpression", "text": "\"/etc/silverbullet.env\""}, "loc": ["services", "silverbullet", "envFile"], "readOnly": false, "type": "null or absolute path"}, "services.silverbullet.extraArgs": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to silverbullet.", "example": {"_type": "literalExpression", "text": "[\n  \"--db /path/to/silverbullet.db\"\n]"}, "loc": ["services", "silverbullet", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.silverbullet.group": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "\"silverbullet\""}, "description": "The group to run Silverbullet under.\nBy default, a group named `silverbullet` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourGroup\""}, "loc": ["services", "silverbullet", "group"], "readOnly": false, "type": "string"}, "services.silverbullet.listenAddress": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address or hostname to listen on. Defaults to 127.0.0.1.", "loc": ["services", "silverbullet", "listenAddress"], "readOnly": false, "type": "string"}, "services.silverbullet.listenPort": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port to listen on.", "loc": ["services", "silverbullet", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.silverbullet.openFirewall": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in the firewall.", "loc": ["services", "silverbullet", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.silverbullet.package": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.silverbullet"}, "description": "The silverbullet package to use.", "loc": ["services", "silverbullet", "package"], "readOnly": false, "type": "package"}, "services.silverbullet.spaceDir": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/silverbullet\""}, "description": "Folder to store Silverbullet's space/workspace.\nBy default it is located at `/var/lib/silverbullet`.\n", "example": {"_type": "literalExpression", "text": "\"/home/yourUser/silverbullet\""}, "loc": ["services", "silverbullet", "spaceDir"], "readOnly": false, "type": "absolute path"}, "services.silverbullet.user": {"declarations": ["nixos/modules/services/web-apps/silverbullet.nix"], "default": {"_type": "literalExpression", "text": "\"silverbullet\""}, "description": "The user to run Silverbullet as.\nBy default, a user named `silverbullet` will be created whose space\ndirectory is [spaceDir](#opt-services.silverbullet.spaceDir).\n", "example": {"_type": "literalExpression", "text": "\"yourUser\""}, "loc": ["services", "silverbullet", "user"], "readOnly": false, "type": "string"}, "services.sing-box.enable": {"declarations": ["nixos/modules/services/networking/sing-box.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sing-box universal proxy platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sing-box", "enable"], "readOnly": false, "type": "boolean"}, "services.sing-box.package": {"declarations": ["nixos/modules/services/networking/sing-box.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sing-box"}, "description": "The sing-box package to use.", "loc": ["services", "sing-box", "package"], "readOnly": false, "type": "package"}, "services.sing-box.settings": {"declarations": ["nixos/modules/services/networking/sing-box.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The sing-box configuration, see <https://sing-box.sagernet.org/configuration/> for documentation.\n\nOptions containing secret data should be set to an attribute set\ncontaining the attribute `_secret` - a string pointing to a file\ncontaining the value the option should be set to.\n", "loc": ["services", "sing-box", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.sitespeed-io.dataDir": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sitespeed-io\""}, "description": "The base sitespeed-io data directory.", "loc": ["services", "sitespeed-io", "dataDir"], "readOnly": false, "type": "string"}, "services.sitespeed-io.enable": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sitespeed.io.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sitespeed-io", "enable"], "readOnly": false, "type": "boolean"}, "services.sitespeed-io.package": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sitespeed-io"}, "description": "The sitespeed-io package to use.", "loc": ["services", "sitespeed-io", "package"], "readOnly": false, "type": "package"}, "services.sitespeed-io.period": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "Systemd calendar expression when to run. See {manpage}`systemd.time(7)`.\n", "loc": ["services", "sitespeed-io", "period"], "readOnly": false, "type": "string"}, "services.sitespeed-io.runs": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of run configurations. The service will call sitespeed-io once\nfor every run listed here. This lets you examine different websites\nwith different sitespeed-io settings.\n", "loc": ["services", "sitespeed-io", "runs"], "readOnly": false, "type": "list of (submodule)"}, "services.sitespeed-io.runs.*.extraArgs": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to the program.\n", "loc": ["services", "sitespeed-io", "runs", "*", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.sitespeed-io.runs.*.settings": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for sitespeed-io, see\n<https://www.sitespeed.io/documentation/sitespeed.io/configuration/>\nfor available options. The value here will be directly transformed to\nJSON and passed as `--config` to the program.\n", "loc": ["services", "sitespeed-io", "runs", "*", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.sitespeed-io.runs.*.urls": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "URLs the service should monitor.\n", "loc": ["services", "sitespeed-io", "runs", "*", "urls"], "readOnly": false, "type": "list of string"}, "services.sitespeed-io.user": {"declarations": ["nixos/modules/services/networking/sitespeed-io.nix"], "default": {"_type": "literalExpression", "text": "\"sitespeed-io\""}, "description": "User account under which sitespeed-io runs.", "loc": ["services", "sitespeed-io", "user"], "readOnly": false, "type": "string"}, "services.sks.dataDir": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/sks\""}, "description": "Data directory (-basedir) for SKS, where the database and all\nconfiguration files are located (e.g. KDB, PTree, membership and\nsksconf).\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/sks\""}, "loc": ["services", "sks", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.sks.enable": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SKS (synchronizing key server for OpenPGP) and start the database\nserver. You need to create \"${dataDir}/dump/*.gpg\" for the initial\nimport.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sks", "enable"], "readOnly": false, "type": "boolean"}, "services.sks.extraDbConfig": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Set contents of the files \"KDB/DB_CONFIG\" and \"PTree/DB_CONFIG\" within\nthe ${dataDir} directory. This is used to configure options for the\ndatabase for the sks key server.\n\nDocumentation of available options are available in the file named\n\"sampleConfig/DB_CONFIG\" in the following repository:\nhttps://bitbucket.org/skskeyserver/sks-keyserver/src\n", "loc": ["services", "sks", "extraDbConfig"], "readOnly": false, "type": "string"}, "services.sks.hkpAddress": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"::1\"\n]"}, "description": "Domain names, IPv4 and/or IPv6 addresses to listen on for HKP\nrequests.\n", "loc": ["services", "sks", "hkpAddress"], "readOnly": false, "type": "list of string"}, "services.sks.hkpPort": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "11371"}, "description": "HKP port to listen on.", "loc": ["services", "sks", "hkpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sks.package": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sks"}, "description": "The sks package to use.", "loc": ["services", "sks", "package"], "readOnly": false, "type": "package"}, "services.sks.webroot": {"declarations": ["nixos/modules/services/security/sks.nix"], "default": {"_type": "literalExpression", "text": "\"${package.webSamples}/OpenPKG\""}, "description": "Source directory (will be symlinked, if not null) for the files the\nbuilt-in webserver should serve. SKS (${pkgs.sks.webSamples})\nprovides the following examples: \"HTML5\", \"OpenPKG\", and \"XHTML+ES\".\nThe index file can be named index.html, index.htm, index.xhtm, or\nindex.xhtml. Files with the extensions .css, .es, .js, .jpg, .jpeg,\n.png, or .gif are supported. Subdirectories and filenames with\nanything other than alphanumeric characters and the '.' character\nwill be ignored.\n", "loc": ["services", "sks", "webroot"], "readOnly": false, "type": "null or absolute path"}, "services.skydns.address": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:53\""}, "description": "Skydns address to bind to.", "loc": ["services", "skydns", "address"], "readOnly": false, "type": "string"}, "services.skydns.domain": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "\"skydns.local.\""}, "description": "Skydns default domain if not specified by etcd config.", "loc": ["services", "skydns", "domain"], "readOnly": false, "type": "string"}, "services.skydns.enable": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable skydns service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "skydns", "enable"], "readOnly": false, "type": "boolean"}, "services.skydns.etcd.caCert": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Skydns path of TLS certificate authority public key.", "loc": ["services", "skydns", "etcd", "caCert"], "readOnly": false, "type": "null or absolute path"}, "services.skydns.etcd.machines": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:2379\"\n]"}, "description": "Skydns list of etcd endpoints to connect to.", "loc": ["services", "skydns", "etcd", "machines"], "readOnly": false, "type": "list of string"}, "services.skydns.etcd.tlsKey": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Skydns path of TLS client certificate - private key.", "loc": ["services", "skydns", "etcd", "tlsKey"], "readOnly": false, "type": "null or absolute path"}, "services.skydns.etcd.tlsPem": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Skydns path of TLS client certificate - public key.", "loc": ["services", "skydns", "etcd", "tlsPem"], "readOnly": false, "type": "null or absolute path"}, "services.skydns.extraConfig": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Skydns attribute set of extra config options passed as environment variables.", "loc": ["services", "skydns", "extraConfig"], "readOnly": false, "type": "attribute set of string"}, "services.skydns.nameservers": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "map (n: n + \":53\") config.networking.nameservers"}, "description": "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.", "example": {"_type": "literalExpression", "text": "[\n  \"8.8.8.8:53\"\n  \"8.8.4.4:53\"\n]"}, "loc": ["services", "skydns", "nameservers"], "readOnly": false, "type": "list of string"}, "services.skydns.package": {"declarations": ["nixos/modules/services/networking/skydns.nix"], "default": {"_type": "literalExpression", "text": "pkgs.skydns"}, "description": "The skydns package to use.", "loc": ["services", "skydns", "package"], "readOnly": false, "type": "package"}, "services.slimserver.dataDir": {"declarations": ["nixos/modules/services/audio/slimserver.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/slimserver\""}, "description": "The directory where slimserver stores its state, tag cache,\nplaylists etc.\n", "loc": ["services", "slimserver", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.slimserver.enable": {"declarations": ["nixos/modules/services/audio/slimserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable slimserver.\n", "loc": ["services", "slimserver", "enable"], "readOnly": false, "type": "boolean"}, "services.slimserver.package": {"declarations": ["nixos/modules/services/audio/slimserver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.slimserver"}, "description": "The slimserver package to use.", "loc": ["services", "slimserver", "package"], "readOnly": false, "type": "package"}, "services.slskd.domain": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "If non-null, enables an nginx reverse proxy virtual host at this FQDN,\nat the path configurated with `services.slskd.web.url_base`.\n", "example": {"_type": "literalExpression", "text": "\"slskd.example.com\""}, "loc": ["services", "slskd", "domain"], "readOnly": false, "type": "null or string"}, "services.slskd.enable": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable slskd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "slskd", "enable"], "readOnly": false, "type": "boolean"}, "services.slskd.environmentFile": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Path to the environment file sourced on startup.\nIt must at least contain the variables `SLSKD_SLSK_USERNAME` and `SLSKD_SLSK_PASSWORD`.\nWeb interface credentials should also be set here in `SLSKD_USERNAME` and `SLSKD_PASSWORD`.\nOther, optional credentials like SOCKS5 with `SLSKD_SLSK_PROXY_USERNAME` and `SLSKD_SLSK_PROXY_PASSWORD`\nshould all reside here instead of in the world-readable nix store.\nVariables are documented at <https://github.com/slskd/slskd/blob/master/docs/config.md>\n", "loc": ["services", "slskd", "environmentFile"], "readOnly": false, "type": "absolute path"}, "services.slskd.group": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"slskd\""}, "description": "Group under which slskd runs.", "loc": ["services", "slskd", "group"], "readOnly": false, "type": "string"}, "services.slskd.nginx": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "This option customizes the nginx virtual host set up for slskd.\n", "example": {"_type": "literalExpression", "text": "{\n  enableACME = true;\n  forceSSL = true;\n}\n"}, "loc": ["services", "slskd", "nginx"], "readOnly": false, "type": "submodule"}, "services.slskd.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "slskd", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "slskd", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "slskd", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "slskd", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.slskd.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "slskd", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.nginx.default": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "slskd", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "slskd", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "slskd", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slskd.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "slskd", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "slskd", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "slskd", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "slskd", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "slskd", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "slskd", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "slskd", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.slskd.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Listen address.", "loc": ["services", "slskd", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.slskd.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "slskd", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.slskd.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "slskd", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.slskd.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "slskd", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "slskd", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "slskd", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.slskd.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "slskd", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.slskd.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.slskd.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "slskd", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "slskd", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slskd.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "slskd", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.slskd.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "slskd", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.slskd.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "slskd", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "slskd", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.slskd.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "slskd", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "slskd", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "slskd", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "slskd", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.slskd.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "slskd", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "slskd", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.slskd.nginx.root": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "slskd", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "slskd", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.slskd.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "slskd", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.slskd.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "slskd", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.slskd.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "slskd", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.slskd.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "slskd", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "slskd", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.slskd.openFirewall": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the soulseek network listen port (not the web interface port).", "loc": ["services", "slskd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.slskd.package": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.slskd"}, "description": "The slskd package to use.", "loc": ["services", "slskd", "package"], "readOnly": false, "type": "package"}, "services.slskd.settings": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Application configuration for slskd. See\n[documentation](https://github.com/slskd/slskd/blob/master/docs/config.md).\n", "loc": ["services", "slskd", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.slskd.settings.directories.downloads": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/slskd/downloads\""}, "description": "Directory where downloaded files are stored.", "loc": ["services", "slskd", "settings", "directories", "downloads"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.settings.directories.incomplete": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/slskd/incomplete\""}, "description": "Directory where incomplete downloading files are stored.", "loc": ["services", "slskd", "settings", "directories", "incomplete"], "readOnly": false, "type": "null or absolute path"}, "services.slskd.settings.filters.search.request": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Incoming search requests which match this filter are ignored.", "example": {"_type": "literalExpression", "text": "[ \"^.{1,2}$\" ]"}, "loc": ["services", "slskd", "settings", "filters", "search", "request"], "readOnly": false, "type": "list of string"}, "services.slskd.settings.flags.force_share_scan": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Force a rescan of shares on every startup.", "loc": ["services", "slskd", "settings", "flags", "force_share_scan"], "readOnly": false, "type": "boolean"}, "services.slskd.settings.global.download.slots": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Limit of the number of concurrent download slots.", "loc": ["services", "slskd", "settings", "global", "download", "slots"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.global.download.speed_limit": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Total upload download limit", "loc": ["services", "slskd", "settings", "global", "download", "speed_limit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.global.upload.slots": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Limit of the number of concurrent upload slots.", "loc": ["services", "slskd", "settings", "global", "upload", "slots"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.global.upload.speed_limit": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Total upload speed limit.", "loc": ["services", "slskd", "settings", "global", "upload", "speed_limit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.remote_file_management": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable modification of share contents through the web ui.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "slskd", "settings", "remote_file_management"], "readOnly": false, "type": "boolean"}, "services.slskd.settings.retention.files.complete": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of completely downloaded files in minutes.", "example": {"_type": "literalExpression", "text": "20160"}, "loc": ["services", "slskd", "settings", "retention", "files", "complete"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.files.incomplete": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of incomplete downloading files in minutes.", "loc": ["services", "slskd", "settings", "retention", "files", "incomplete"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.transfers.download.cancelled": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of cancelled download tasks.", "loc": ["services", "slskd", "settings", "retention", "transfers", "download", "cancelled"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.transfers.download.errored": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of errored download tasks.", "loc": ["services", "slskd", "settings", "retention", "transfers", "download", "errored"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.transfers.download.succeeded": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of succeeded download tasks.", "loc": ["services", "slskd", "settings", "retention", "transfers", "download", "succeeded"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.transfers.upload.cancelled": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of cancelled upload tasks.", "loc": ["services", "slskd", "settings", "retention", "transfers", "upload", "cancelled"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.transfers.upload.errored": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of errored upload tasks.", "loc": ["services", "slskd", "settings", "retention", "transfers", "upload", "errored"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.retention.transfers.upload.succeeded": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"(indefinite)\""}, "description": "Lifespan of succeeded upload tasks.", "loc": ["services", "slskd", "settings", "retention", "transfers", "upload", "succeeded"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.slskd.settings.rooms": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Chat rooms to join on startup.", "loc": ["services", "slskd", "settings", "rooms"], "readOnly": false, "type": "list of string"}, "services.slskd.settings.shares.directories": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Paths to shared directories. See\n[documentation](https://github.com/slskd/slskd/blob/master/docs/config.md#directories)\nfor advanced usage.\n", "example": {"_type": "literalExpression", "text": "[ \"/home/John/Music\" \"!/home/John/Music/Recordings\" \"[Music Drive]/mnt\" ]"}, "loc": ["services", "slskd", "settings", "shares", "directories"], "readOnly": false, "type": "list of string"}, "services.slskd.settings.shares.filters": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "description": "Regular expressions of files to exclude from sharing.", "example": {"_type": "literalExpression", "text": "[ \"\\.ini$\" \"Thumbs.db$\" \"\\.DS_Store$\" ]"}, "loc": ["services", "slskd", "settings", "shares", "filters"], "readOnly": false, "type": "list of string"}, "services.slskd.settings.soulseek.description": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"A slskd user. https://github.com/slskd/slskd\""}, "description": "The user description for the Soulseek network.", "loc": ["services", "slskd", "settings", "soulseek", "description"], "readOnly": false, "type": "string"}, "services.slskd.settings.soulseek.listen_port": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "50300"}, "description": "The port on which to listen for incoming connections.", "loc": ["services", "slskd", "settings", "soulseek", "listen_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.slskd.settings.web.https.disabled": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disable the built-in HTTPS server", "loc": ["services", "slskd", "settings", "web", "https", "disabled"], "readOnly": false, "type": "boolean"}, "services.slskd.settings.web.port": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "5030"}, "description": "The HTTP listen port.", "loc": ["services", "slskd", "settings", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.slskd.settings.web.url_base": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "The base path in the url for web requests.", "loc": ["services", "slskd", "settings", "web", "url_base"], "readOnly": false, "type": "absolute path"}, "services.slskd.user": {"declarations": ["nixos/modules/services/web-apps/slskd.nix"], "default": {"_type": "literalExpression", "text": "\"slskd\""}, "description": "User account under which slskd runs.", "loc": ["services", "slskd", "user"], "readOnly": false, "type": "string"}, "services.slurm.client.enable": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable slurm client daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "slurm", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.slurm.clusterName": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "Necessary to distinguish accounting records in a multi-cluster environment.\n", "example": {"_type": "literalExpression", "text": "\"myCluster\""}, "loc": ["services", "slurm", "clusterName"], "readOnly": false, "type": "string"}, "services.slurm.controlAddr": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "config.services.slurm.controlMachine"}, "description": "Name that ControlMachine should be referred to in establishing a\ncommunications path.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "slurm", "controlAddr"], "readOnly": false, "type": "null or string"}, "services.slurm.controlMachine": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The short hostname of the machine where SLURM control functions are\nexecuted (i.e. the name returned by the command \"hostname -s\", use \"tux001\"\nrather than \"tux001.my.com\").\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "slurm", "controlMachine"], "readOnly": false, "type": "null or string"}, "services.slurm.dbdserver.dbdHost": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Hostname of the machine where `slurmdbd`\nis running (i.e. name returned by `hostname -s`).\n", "loc": ["services", "slurm", "dbdserver", "dbdHost"], "readOnly": false, "type": "string"}, "services.slurm.dbdserver.enable": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SlurmDBD service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "slurm", "dbdserver", "enable"], "readOnly": false, "type": "boolean"}, "services.slurm.dbdserver.extraConfig": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for {file}`slurmdbd.conf` See also:\n{manpage}`slurmdbd.conf(8)`.\n", "loc": ["services", "slurm", "dbdserver", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slurm.dbdserver.storagePassFile": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file with database password. The content of this will be used to\ncreate the password for the `StoragePass` option.\n", "loc": ["services", "slurm", "dbdserver", "storagePassFile"], "readOnly": false, "type": "null or string"}, "services.slurm.dbdserver.storageUser": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "config.services.slurm.user"}, "description": "Database user name.\n", "loc": ["services", "slurm", "dbdserver", "storageUser"], "readOnly": false, "type": "string"}, "services.slurm.enableSrunX11": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled srun will accept the option \"--x11\" to allow for X11 forwarding\nfrom within an interactive session or a batch job. This activates the\nslurm-spank-x11 module. Note that this option also enables\n{option}`services.openssh.forwardX11` on the client.\n\nThis option requires slurm to be compiled without native X11 support.\nThe default behavior is to re-compile the slurm package with native X11\nsupport disabled if this option is set to true.\n\nTo use the native X11 support add `PrologFlags=X11` in {option}`extraConfig`.\nNote that this method will only work RSA SSH host keys.\n", "loc": ["services", "slurm", "enableSrunX11"], "readOnly": false, "type": "boolean"}, "services.slurm.enableStools": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to provide a {file}`slurm.conf` file.\nEnable this option if you do not run a slurm daemon on this host\n(i.e. `server.enable` and `client.enable` are `false`)\nbut you still want to run slurm commands from this host.\n", "loc": ["services", "slurm", "enableStools"], "readOnly": false, "type": "boolean"}, "services.slurm.extraCgroupConfig": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for {file}`cgroup.conf`. This file is\nused when `procTrackType=proctrack/cgroup`.\n", "loc": ["services", "slurm", "extraCgroupConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slurm.extraConfig": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options that will be added verbatim at\nthe end of the slurm configuration file.\n", "loc": ["services", "slurm", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slurm.extraConfigPaths": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Slurm expects config files for plugins in the same path\nas {file}`slurm.conf`. Add extra nix store\npaths that should be merged into same directory as\n{file}`slurm.conf`.\n", "loc": ["services", "slurm", "extraConfigPaths"], "readOnly": false, "type": "list of absolute path"}, "services.slurm.extraPlugstackConfig": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration that will be added to the end of {file}`plugstack.conf`.\n", "loc": ["services", "slurm", "extraPlugstackConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slurm.mpi.PmixCliTmpDirBase": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"/tmp/pmix\""}, "description": "Base path for PMIx temporary files.\n", "loc": ["services", "slurm", "mpi", "PmixCliTmpDirBase"], "readOnly": false, "type": "string"}, "services.slurm.mpi.extraMpiConfig": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration for that will be added to {file}`mpi.conf`.\n", "loc": ["services", "slurm", "mpi", "extraMpiConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.slurm.nodeName": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Name that SLURM uses to refer to a node (or base partition for BlueGene\nsystems). Typically this would be the string that \"/bin/hostname -s\"\nreturns. Note that now you have to write node's parameters after the name.\n", "example": {"_type": "literalExpression", "text": "[ \"linux[1-32] CPUs=1 State=UNKNOWN\" ];"}, "loc": ["services", "slurm", "nodeName"], "readOnly": false, "type": "list of string"}, "services.slurm.package": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.slurm"}, "description": "The slurm package to use.", "example": {"_type": "literalExpression", "text": "slurm-full"}, "loc": ["services", "slurm", "package"], "readOnly": false, "type": "package"}, "services.slurm.partitionName": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Name by which the partition may be referenced. Note that now you have\nto write the partition's parameters after the name.\n", "example": {"_type": "literalExpression", "text": "[ \"debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP\" ];"}, "loc": ["services", "slurm", "partitionName"], "readOnly": false, "type": "list of string"}, "services.slurm.procTrackType": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"proctrack/linuxproc\""}, "description": "Plugin to be used for process tracking on a job step basis.\nThe slurmd daemon uses this mechanism to identify all processes\nwhich are children of processes it spawns for a user job step.\n", "loc": ["services", "slurm", "procTrackType"], "readOnly": false, "type": "string"}, "services.slurm.rest.enable": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable slurm REST daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "slurm", "rest", "enable"], "readOnly": false, "type": "boolean"}, "services.slurm.rest.environment": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for the slurmrestd daemon, see slurmrestd(8).", "loc": ["services", "slurm", "rest", "environment"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.slurm.rest.environment.SLURMRESTD_DEBUG": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Set debug level explicitly. Valid values are 0-9, or the same\nstring values as the debug options such as SlurmctldDebug in\nslurm.conf(5).\n", "loc": ["services", "slurm", "rest", "environment", "SLURMRESTD_DEBUG"], "readOnly": false, "type": "string"}, "services.slurm.rest.environment.SLURMRESTD_LISTEN": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\":6820\""}, "description": "Comma-delimited list of host:port pairs or unix sockets to listen on.", "loc": ["services", "slurm", "rest", "environment", "SLURMRESTD_LISTEN"], "readOnly": false, "type": "string"}, "services.slurm.rest.environment.SLURM_JWT": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"daemon\""}, "description": "This variable must be set to use JWT token authentication.", "loc": ["services", "slurm", "rest", "environment", "SLURM_JWT"], "readOnly": false, "type": "string"}, "services.slurm.rest.options": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra command-line options to pass to slurmrestd.", "loc": ["services", "slurm", "rest", "options"], "readOnly": false, "type": "string"}, "services.slurm.server.enable": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the slurm control daemon.\nNote that the standard authentication method is \"munge\".\nThe \"munge\" service needs to be provided with a password file in order for\nslurm to work properly (see `services.munge.password`).\n", "loc": ["services", "slurm", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.slurm.server.flags": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Flags passed to `slurmctld` daemon, see {manpage}`slurmctld(8)`.\nSpecial characters are properly escaped.\n", "example": {"_type": "literalExpression", "text": "{\n  L = \"/var/log/file with space.log\";\n  i = true;\n  n = 10;\n  systemd = true;\n}"}, "loc": ["services", "slurm", "server", "flags"], "readOnly": false, "type": "attribute set of (string or boolean or floating point number or signed integer)"}, "services.slurm.stateSaveLocation": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/slurmctld\""}, "description": "Directory into which the Slurm controller, slurmctld, saves its state.\n", "loc": ["services", "slurm", "stateSaveLocation"], "readOnly": false, "type": "string"}, "services.slurm.user": {"declarations": ["nixos/modules/services/computing/slurm/slurm.nix"], "default": {"_type": "literalExpression", "text": "\"slurm\""}, "description": "Set this option when you want to run the slurmctld daemon\nas something else than the default slurm user \"slurm\".\nNote that the UID of this user needs to be the same\non all nodes.\n", "loc": ["services", "slurm", "user"], "readOnly": false, "type": "string"}, "services.smartd.autodetect": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whenever smartd should monitor all devices connected to the\nmachine at the time it's being started (the default).\n\nSet to false to monitor the devices listed in\n{option}`services.smartd.devices` only.\n", "loc": ["services", "smartd", "autodetect"], "readOnly": false, "type": "boolean"}, "services.smartd.defaults.autodetected": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "config.services.smartd.defaults.monitored"}, "description": "Like {option}`services.smartd.defaults.monitored`, but for the\nautodetected devices.\n", "loc": ["services", "smartd", "defaults", "autodetected"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.smartd.defaults.monitored": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "\"-a\""}, "description": "Common default options for explicitly monitored (listed in\n{option}`services.smartd.devices`) devices.\n\nThe default value turns on monitoring of all the things (see\n`man 5 smartd.conf`).\n\nThe example also turns on SMART Automatic Offline Testing on\nstartup, and schedules short self-tests daily, and long\nself-tests weekly.\n", "example": {"_type": "literalExpression", "text": "\"-a -o on -s (S/../.././02|L/../../7/04)\""}, "loc": ["services", "smartd", "defaults", "monitored"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.smartd.devices": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of devices to monitor.", "example": {"_type": "literalExpression", "text": "[\n  {\n    device = \"/dev/sda\";\n  }\n  {\n    device = \"/dev/sdb\";\n    options = \"-d sat\";\n  }\n]"}, "loc": ["services", "smartd", "devices"], "readOnly": false, "type": "list of (submodule)"}, "services.smartd.devices.*.device": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "description": "Location of the device.", "example": {"_type": "literalExpression", "text": "\"/dev/sda\""}, "loc": ["services", "smartd", "devices", "*", "device"], "readOnly": false, "type": "string"}, "services.smartd.devices.*.options": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options that determine how smartd monitors the device.", "example": {"_type": "literalExpression", "text": "\"-d sat\""}, "loc": ["services", "smartd", "devices", "*", "options"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.smartd.enable": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable smartd daemon from `smartmontools` package.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "smartd", "enable"], "readOnly": false, "type": "boolean"}, "services.smartd.extraOptions": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line options passed to the `smartd`\ndaemon on startup.\n\n(See `man 8 smartd`.)\n", "example": {"_type": "literalExpression", "text": "[\n  \"-A /var/log/smartd/\"\n  \"--interval=3600\"\n]"}, "loc": ["services", "smartd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.smartd.notifications.mail.enable": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "config.services.mail.sendmailSetuidWrapper != null"}, "description": "Whenever to send e-mail notifications.", "loc": ["services", "smartd", "notifications", "mail", "enable"], "readOnly": false, "type": "boolean"}, "services.smartd.notifications.mail.mailer": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "\"/run/wrappers/bin/sendmail\""}, "description": "Sendmail-compatible binary to be used to send the messages.\n\nYou should probably enable\n{option}`services.postfix` or some other MTA for\nthis to work.\n", "loc": ["services", "smartd", "notifications", "mail", "mailer"], "readOnly": false, "type": "absolute path"}, "services.smartd.notifications.mail.recipient": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Recipient of the notification messages.", "loc": ["services", "smartd", "notifications", "mail", "recipient"], "readOnly": false, "type": "string"}, "services.smartd.notifications.mail.sender": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Sender of the notification messages.\nActs as the value of `email` in the emails' `From: ...` field.\n", "example": {"_type": "literalExpression", "text": "\"example@domain.tld\""}, "loc": ["services", "smartd", "notifications", "mail", "sender"], "readOnly": false, "type": "string"}, "services.smartd.notifications.systembus-notify.enable": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whenever to send systembus-notify notifications.\n\nWARNING: enabling this option (while convenient) should *not* be done on a\nmachine where you do not trust the other users as it allows any other\nlocal user to DoS your session by spamming notifications.\n\nTo actually see the notifications in your GUI session, you need to have\n`systembus-notify` running as your user, which this\noption handles by enabling {option}`services.systembus-notify`.\n", "loc": ["services", "smartd", "notifications", "systembus-notify", "enable"], "readOnly": false, "type": "boolean"}, "services.smartd.notifications.test": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whenever to send a test notification on startup.", "loc": ["services", "smartd", "notifications", "test"], "readOnly": false, "type": "boolean"}, "services.smartd.notifications.wall.enable": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whenever to send wall notifications to all users.", "loc": ["services", "smartd", "notifications", "wall", "enable"], "readOnly": false, "type": "boolean"}, "services.smartd.notifications.x11.display": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "\":${toString config.services.xserver.display}\""}, "description": "DISPLAY to send X11 notifications to.", "loc": ["services", "smartd", "notifications", "x11", "display"], "readOnly": false, "type": "string"}, "services.smartd.notifications.x11.enable": {"declarations": ["nixos/modules/services/monitoring/smartd.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.enable"}, "description": "Whenever to send X11 xmessage notifications.", "loc": ["services", "smartd", "notifications", "x11", "enable"], "readOnly": false, "type": "boolean"}, "services.smartdns.bindPort": {"declarations": ["nixos/modules/services/networking/smartdns.nix"], "default": {"_type": "literalExpression", "text": "53"}, "description": "DNS listening port number.", "loc": ["services", "smartdns", "bindPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.smartdns.enable": {"declarations": ["nixos/modules/services/networking/smartdns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SmartDNS DNS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "smartdns", "enable"], "readOnly": false, "type": "boolean"}, "services.smartdns.settings": {"declarations": ["nixos/modules/services/networking/smartdns.nix"], "description": "A set that will be generated into configuration file, see the [SmartDNS README](https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter) for details of configuration parameters.\nYou could override the options here like {option}`services.smartdns.bindPort` by writing `settings.bind = \":5353 -no-rule -group example\";`.\n", "example": {"_type": "literalExpression", "text": "{\n  bind = \":5353 -no-rule -group example\";\n  cache-size = 4096;\n  server-tls = [ \"8.8.8.8:853\" \"1.1.1.1:853\" ];\n  server-https = \"https://cloudflare-dns.com/dns-query -exclude-default-group\";\n  prefetch-domain = true;\n  speed-check-mode = \"ping,tcp:80\";\n};\n"}, "loc": ["services", "smartdns", "settings"], "readOnly": false, "type": "attribute set of ((list of (string or signed integer or boolean)) or (string or signed integer or boolean) convertible to it)"}, "services.smokeping.alertConfig": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "''\n  to = root@localhost\n  from = smokeping@localhost\n''"}, "description": "Configuration for alerts.", "example": {"_type": "literalExpression", "text": "''\n  to = alertee@address.somewhere\n  from = smokealert@company.xy\n  \n  +someloss\n  type = loss\n  # in percent\n  pattern = >0%,*12*,>0%,*12*,>0%\n  comment = loss 3 times  in a row;\n''"}, "loc": ["services", "smokeping", "alertConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.smokeping.cgiUrl": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"http://${hostName}/smokeping.cgi\""}, "description": "URL to the smokeping cgi.", "example": {"_type": "literalExpression", "text": "\"https://somewhere.example.com/smokeping.cgi\""}, "loc": ["services", "smokeping", "cgiUrl"], "readOnly": false, "type": "string"}, "services.smokeping.config": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Full smokeping config supplied by the user. Overrides\nand replaces any other configuration supplied.\n", "loc": ["services", "smokeping", "config"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.smokeping.databaseConfig": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "''\n  step     = 300\n  pings    = 20\n  # consfn mrhb steps total\n  AVERAGE  0.5   1  1008\n  AVERAGE  0.5  12  4320\n      MIN  0.5  12  4320\n      MAX  0.5  12  4320\n  AVERAGE  0.5 144   720\n      MAX  0.5 144   720\n      MIN  0.5 144   720\n  \n''"}, "description": "Configure the ping frequency and retention of the rrd files.\nOnce set, changing the interval will require deletion or migration of all\nthe collected data.", "example": {"_type": "literalExpression", "text": "''\n  # near constant pings.\n  step     = 30\n  pings    = 20\n  # consfn mrhb steps total\n  AVERAGE  0.5   1  10080\n  AVERAGE  0.5  12  43200\n      MIN  0.5  12  43200\n      MAX  0.5  12  43200\n  AVERAGE  0.5 144   7200\n      MAX  0.5 144   7200\n      MIN  0.5 144   7200\n''"}, "loc": ["services", "smokeping", "databaseConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.smokeping.enable": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable smokeping service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "smokeping", "enable"], "readOnly": false, "type": "boolean"}, "services.smokeping.extraConfig": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional customization not already included.", "loc": ["services", "smokeping", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.smokeping.host": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host/IP to bind to for the web server.\n\nSetting it to `null` skips passing the -h option to thttpd,\nwhich makes it bind to all interfaces.\n", "example": {"_type": "literalExpression", "text": "\"192.0.2.1\""}, "loc": ["services", "smokeping", "host"], "readOnly": false, "type": "null or string"}, "services.smokeping.hostName": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdn"}, "description": "DNS name for the urls generated in the cgi.", "example": {"_type": "literalExpression", "text": "\"somewhere.example.com\""}, "loc": ["services", "smokeping", "hostName"], "readOnly": false, "type": "string"}, "services.smokeping.imgUrl": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"cache\""}, "description": "Base url for images generated in the cgi.\n\nThe default is a relative URL to ensure it works also when e.g. forwarding\nthe GUI port via SSH.\n", "example": {"_type": "literalExpression", "text": "\"https://somewhere.example.com/cache\""}, "loc": ["services", "smokeping", "imgUrl"], "readOnly": false, "type": "string"}, "services.smokeping.linkStyle": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"relative\""}, "description": "DNS name for the urls generated in the cgi.", "example": {"_type": "literalExpression", "text": "\"absolute\""}, "loc": ["services", "smokeping", "linkStyle"], "readOnly": false, "type": "one of \"original\", \"absolute\", \"relative\""}, "services.smokeping.mailHost": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Use this SMTP server to send alerts", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "smokeping", "mailHost"], "readOnly": false, "type": "string"}, "services.smokeping.owner": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "Real name of the owner of the instance", "example": {"_type": "literalExpression", "text": "\"Bob Foobawr\""}, "loc": ["services", "smokeping", "owner"], "readOnly": false, "type": "string"}, "services.smokeping.ownerEmail": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"no-reply@${hostName}\""}, "description": "Email contact for owner", "example": {"_type": "literalExpression", "text": "\"no-reply@yourdomain.com\""}, "loc": ["services", "smokeping", "ownerEmail"], "readOnly": false, "type": "string"}, "services.smokeping.package": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "pkgs.smokeping"}, "description": "The smokeping package to use.", "loc": ["services", "smokeping", "package"], "readOnly": false, "type": "package"}, "services.smokeping.presentationConfig": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "''\n  + charts\n  menu = Charts\n  title = The most interesting destinations\n  ++ stddev\n  sorter = StdDev(entries=>4)\n  title = Top Standard Deviation\n  menu = Std Deviation\n  format = Standard Deviation %f\n  ++ max\n  sorter = Max(entries=>5)\n  title = Top Max Roundtrip Time\n  menu = by Max\n  format = Max Roundtrip Time %f seconds\n  ++ loss\n  sorter = Loss(entries=>5)\n  title = Top Packet Loss\n  menu = Loss\n  format = Packets Lost %f\n  ++ median\n  sorter = Median(entries=>5)\n  title = Top Median Roundtrip Time\n  menu = by Median\n  format = Median RTT %f seconds\n  + overview\n  width = 600\n  height = 50\n  range = 10h\n  + detail\n  width = 600\n  height = 200\n  unison_tolerance = 2\n  \"Last 3 Hours\"    3h\n  \"Last 30 Hours\"   30h\n  \"Last 10 Days\"    10d\n  \"Last 360 Days\"   360d\n''"}, "description": "presentation graph style", "loc": ["services", "smokeping", "presentationConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.smokeping.presentationTemplate": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.smokeping}/etc/basepage.html.dist\""}, "description": "Default page layout for the web UI.", "loc": ["services", "smokeping", "presentationTemplate"], "readOnly": false, "type": "string"}, "services.smokeping.probeConfig": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "''\n  + FPing\n  binary = ${config.security.wrapperDir}/fping\n''\n"}, "description": "Probe configuration", "loc": ["services", "smokeping", "probeConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.smokeping.sendmail": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use this sendmail compatible script to deliver alerts", "example": {"_type": "literalExpression", "text": "\"/run/wrappers/bin/sendmail\""}, "loc": ["services", "smokeping", "sendmail"], "readOnly": false, "type": "null or absolute path"}, "services.smokeping.smokeMailTemplate": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"${package}/etc/smokemail.dist\""}, "description": "Specify the smokemail template for alerts.", "loc": ["services", "smokeping", "smokeMailTemplate"], "readOnly": false, "type": "string"}, "services.smokeping.targetConfig": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "''\n  probe = FPing\n  menu = Top\n  title = Network Latency Grapher\n  remark = Welcome to the SmokePing website of xxx Company. \\\n           Here you will learn all about the latency of our network.\n  + Local\n  menu = Local\n  title = Local Network\n  ++ LocalMachine\n  menu = Local Machine\n  title = This host\n  host = localhost\n''"}, "description": "Target configuration", "loc": ["services", "smokeping", "targetConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.smokeping.user": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "\"smokeping\""}, "description": "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well.", "loc": ["services", "smokeping", "user"], "readOnly": false, "type": "string"}, "services.smokeping.webService": {"declarations": ["nixos/modules/services/networking/smokeping.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable a smokeping web interface", "loc": ["services", "smokeping", "webService"], "readOnly": false, "type": "boolean"}, "services.snapper.cleanupInterval": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "\"1d\""}, "description": "Cleanup interval.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "loc": ["services", "snapper", "cleanupInterval"], "readOnly": false, "type": "string"}, "services.snapper.configs": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Subvolume configuration. Any option mentioned in man:snapper-configs(5)\nis valid here, even if NixOS doesn't document it.\n", "example": {"_type": "literalExpression", "text": "{\n  home = {\n    SUBVOLUME = \"/home\";\n    ALLOW_USERS = [ \"alice\" ];\n    TIMELINE_CREATE = true;\n    TIMELINE_CLEANUP = true;\n  };\n}\n"}, "loc": ["services", "snapper", "configs"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of ((list of (string without line breaks or quotes)) or boolean or string without line breaks or quotes or signed integer or floating point number))"}, "services.snapper.configs.<name>.ALLOW_GROUPS": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of groups allowed to operate with the config.\n\nAlso see the PERMISSIONS section in man:snapper(8).\n", "loc": ["services", "snapper", "configs", "<name>", "ALLOW_GROUPS"], "readOnly": false, "type": "list of (string without line breaks or quotes)"}, "services.snapper.configs.<name>.ALLOW_USERS": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of users allowed to operate with the config. \"root\" is always\nimplicitly included.\n\nAlso see the PERMISSIONS section in man:snapper(8).\n", "example": {"_type": "literalExpression", "text": "[\n  \"alice\"\n]"}, "loc": ["services", "snapper", "configs", "<name>", "ALLOW_USERS"], "readOnly": false, "type": "list of (string without line breaks or quotes)"}, "services.snapper.configs.<name>.FSTYPE": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "\"btrfs\""}, "description": "Filesystem type. Only btrfs is stable and tested.\n\nbcachefs support is experimental.\n", "loc": ["services", "snapper", "configs", "<name>", "FSTYPE"], "readOnly": false, "type": "one of \"btrfs\", \"bcachefs\""}, "services.snapper.configs.<name>.SUBVOLUME": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "description": "Path of the subvolume or mount point.\nThis path is a subvolume and has to contain a subvolume named\n.snapshots.\nSee also man:snapper(8) section PERMISSIONS.\n", "loc": ["services", "snapper", "configs", "<name>", "SUBVOLUME"], "readOnly": false, "type": "absolute path"}, "services.snapper.configs.<name>.TIMELINE_CLEANUP": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Defines whether the timeline cleanup algorithm should be run for the config.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_CLEANUP"], "readOnly": false, "type": "boolean"}, "services.snapper.configs.<name>.TIMELINE_CREATE": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Defines whether hourly snapshots should be created.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_CREATE"], "readOnly": false, "type": "boolean"}, "services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Limits for timeline cleanup.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_LIMIT_DAILY"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string containing either a number or a range"}, "services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Limits for timeline cleanup.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_LIMIT_HOURLY"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string containing either a number or a range"}, "services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Limits for timeline cleanup.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_LIMIT_MONTHLY"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string containing either a number or a range"}, "services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Limits for timeline cleanup.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_LIMIT_QUARTERLY"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string containing either a number or a range"}, "services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Limits for timeline cleanup.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_LIMIT_WEEKLY"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string containing either a number or a range"}, "services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Limits for timeline cleanup.\n", "loc": ["services", "snapper", "configs", "<name>", "TIMELINE_LIMIT_YEARLY"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string containing either a number or a range"}, "services.snapper.filters": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Global display difference filter. See man:snapper(8) for more details.\n", "loc": ["services", "snapper", "filters"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.snapper.persistentTimer": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set the `Persistent` option for the\n{manpage}`systemd.timer(5)`\nwhich triggers the snapshot immediately if the last trigger\nwas missed (e.g. if the system was powered down).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snapper", "persistentTimer"], "readOnly": false, "type": "boolean"}, "services.snapper.snapshotInterval": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "Snapshot interval.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "loc": ["services", "snapper", "snapshotInterval"], "readOnly": false, "type": "string"}, "services.snapper.snapshotRootOnBoot": {"declarations": ["nixos/modules/services/misc/snapper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to snapshot root on boot\n", "loc": ["services", "snapper", "snapshotRootOnBoot"], "readOnly": false, "type": "boolean"}, "services.snapraid.contentFiles": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "SnapRAID content list files.", "example": {"_type": "literalExpression", "text": "[\n  \"/var/snapraid.content\"\n  \"/mnt/disk1/snapraid.content\"\n  \"/mnt/disk2/snapraid.content\"\n]"}, "loc": ["services", "snapraid", "contentFiles"], "readOnly": false, "type": "list of string"}, "services.snapraid.dataDisks": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "SnapRAID data disks.", "example": {"_type": "literalExpression", "text": "{\n  d1 = \"/mnt/disk1/\";\n  d2 = \"/mnt/disk2/\";\n  d3 = \"/mnt/disk3/\";\n}"}, "loc": ["services", "snapraid", "dataDisks"], "readOnly": false, "type": "attribute set of string"}, "services.snapraid.enable": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SnapRAID.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snapraid", "enable"], "readOnly": false, "type": "boolean"}, "services.snapraid.exclude": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "SnapRAID exclude directives.", "example": {"_type": "literalExpression", "text": "[\n  \"*.unrecoverable\"\n  \"/tmp/\"\n  \"/lost+found/\"\n]"}, "loc": ["services", "snapraid", "exclude"], "readOnly": false, "type": "list of string"}, "services.snapraid.extraConfig": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config options for SnapRAID.", "example": {"_type": "literalExpression", "text": "''\n  nohidden\n  blocksize 256\n  hashsize 16\n  autosave 500\n  pool /pool\n''"}, "loc": ["services", "snapraid", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.snapraid.parityFiles": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "SnapRAID parity files.", "example": {"_type": "literalExpression", "text": "[\n  \"/mnt/diskp/snapraid.parity\"\n  \"/mnt/diskq/snapraid.2-parity\"\n  \"/mnt/diskr/snapraid.3-parity\"\n  \"/mnt/disks/snapraid.4-parity\"\n  \"/mnt/diskt/snapraid.5-parity\"\n  \"/mnt/disku/snapraid.6-parity\"\n]"}, "loc": ["services", "snapraid", "parityFiles"], "readOnly": false, "type": "list of string"}, "services.snapraid.scrub.interval": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "\"Mon *-*-* 02:00:00\""}, "description": "How often to run {command}`snapraid scrub`.", "example": {"_type": "literalExpression", "text": "\"weekly\""}, "loc": ["services", "snapraid", "scrub", "interval"], "readOnly": false, "type": "string"}, "services.snapraid.scrub.olderThan": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Number of days since data was last scrubbed before it can be scrubbed again.", "example": {"_type": "literalExpression", "text": "20"}, "loc": ["services", "snapraid", "scrub", "olderThan"], "readOnly": false, "type": "signed integer"}, "services.snapraid.scrub.plan": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "Percent of the array that should be checked by {command}`snapraid scrub`.", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "snapraid", "scrub", "plan"], "readOnly": false, "type": "signed integer"}, "services.snapraid.sync.interval": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "\"01:00\""}, "description": "How often to run {command}`snapraid sync`.", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["services", "snapraid", "sync", "interval"], "readOnly": false, "type": "string"}, "services.snapraid.touchBeforeSync": {"declarations": ["nixos/modules/services/backup/snapraid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether {command}`snapraid touch` should be run before {command}`snapraid sync`.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "snapraid", "touchBeforeSync"], "readOnly": false, "type": "boolean"}, "services.snapserver.enable": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable snapserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snapserver", "enable"], "readOnly": false, "type": "boolean"}, "services.snapserver.openFirewall": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the specified ports in the firewall.\n", "loc": ["services", "snapserver", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.snapserver.package": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.snapcast"}, "description": "The snapcast package to use.", "loc": ["services", "snapserver", "package"], "readOnly": false, "type": "package"}, "services.snapserver.settings": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Snapserver configuration.\n\nRefer to the [example configuration](https://github.com/badaix/snapcast/blob/develop/server/etc/snapserver.conf) for possible options.\n", "loc": ["services", "snapserver", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.snapserver.settings.http.bind_to_address": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "Address to listen on for snapclient connections.\n", "loc": ["services", "snapserver", "settings", "http", "bind_to_address"], "readOnly": false, "type": "unspecified value"}, "services.snapserver.settings.http.doc_root": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.snapweb"}, "description": "Path to serve from the HTTP servers root.\n", "loc": ["services", "snapserver", "settings", "http", "doc_root"], "readOnly": false, "type": "null or absolute path"}, "services.snapserver.settings.http.enabled": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP JSON-RPC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snapserver", "settings", "http", "enabled"], "readOnly": false, "type": "boolean"}, "services.snapserver.settings.http.port": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "1780"}, "description": "Port to listen on for snapclient connections.\n", "loc": ["services", "snapserver", "settings", "http", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snapserver.settings.stream.source": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "description": "One or multiple URIs to PCM input streams.\n", "example": {"_type": "literalExpression", "text": "\"pipe:///tmp/snapfifo?name=default\""}, "loc": ["services", "snapserver", "settings", "stream", "source"], "readOnly": false, "type": "string or list of string"}, "services.snapserver.settings.tcp-control.bind_to_address": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "Address to listen on for snapclient connections.\n", "loc": ["services", "snapserver", "settings", "tcp-control", "bind_to_address"], "readOnly": false, "type": "unspecified value"}, "services.snapserver.settings.tcp-control.enabled": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the TCP JSON-RPC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snapserver", "settings", "tcp-control", "enabled"], "readOnly": false, "type": "boolean"}, "services.snapserver.settings.tcp-control.port": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "1705"}, "description": "Port to listen on for snapclient connections.\n", "loc": ["services", "snapserver", "settings", "tcp-control", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snapserver.settings.tcp-streaming.bind_to_address": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "Address to listen on for snapclient connections.\n", "loc": ["services", "snapserver", "settings", "tcp-streaming", "bind_to_address"], "readOnly": false, "type": "unspecified value"}, "services.snapserver.settings.tcp-streaming.enabled": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable streaming via TCP.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snapserver", "settings", "tcp-streaming", "enabled"], "readOnly": false, "type": "boolean"}, "services.snapserver.settings.tcp-streaming.port": {"declarations": ["nixos/modules/services/audio/snapserver.nix"], "default": {"_type": "literalExpression", "text": "1704"}, "description": "Port to listen on for snapclient connections.\n", "loc": ["services", "snapserver", "settings", "tcp-streaming", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snipe-it.appKeyFile": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "description": "A file containing the Laravel APP_KEY - a 32 character long,\nbase64 encoded key used for encryption where needed. Can be\ngenerated with `head -c 32 /dev/urandom | base64`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/snipe-it/appkey\""}, "loc": ["services", "snipe-it", "appKeyFile"], "readOnly": false, "type": "absolute path"}, "services.snipe-it.appURL": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "''\n  http''${lib.optionalString tlsEnabled \"s\"}://''${cfg.hostName}\n''"}, "description": "The root URL that you want to host Snipe-IT on. All URLs in Snipe-IT will be generated using this value.\nIf you change this in the future you may need to run a command to update stored URLs in the database.\nCommand example: `snipe-it snipe-it:update-url https://old.example.com https://new.example.com`\n", "example": {"_type": "literalExpression", "text": "\"https://example.com\""}, "loc": ["services", "snipe-it", "appURL"], "readOnly": false, "type": "string"}, "services.snipe-it.config": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Snipe-IT configuration options to set in the\n{file}`.env` file.\nRefer to <https://snipe-it.readme.io/docs/configuration>\nfor details on supported values.\n\nSettings containing secret data should be set to an attribute\nset containing the attribute `_secret` - a\nstring pointing to a file containing the value the option\nshould be set to. See the example to get a better picture of\nthis: in the resulting {file}`.env` file, the\n`OIDC_CLIENT_SECRET` key will be set to the\ncontents of the {file}`/run/keys/oidc_secret`\nfile.\n", "example": {"_type": "literalExpression", "text": "{\n  ALLOWED_IFRAME_HOSTS = \"https://example.com\";\n  WKHTMLTOPDF = \"${pkgs.wkhtmltopdf}/bin/wkhtmltopdf\";\n  AUTH_METHOD = \"oidc\";\n  OIDC_NAME = \"MyLogin\";\n  OIDC_DISPLAY_NAME_CLAIMS = \"name\";\n  OIDC_CLIENT_ID = \"snipe-it\";\n  OIDC_CLIENT_SECRET = {_secret = \"/run/keys/oidc_secret\"};\n  OIDC_ISSUER = \"https://keycloak.example.com/auth/realms/My%20Realm\";\n  OIDC_ISSUER_DISCOVER = true;\n}\n"}, "loc": ["services", "snipe-it", "config"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))"}, "services.snipe-it.dataDir": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/snipe-it\""}, "description": "snipe-it data directory", "loc": ["services", "snipe-it", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.snipe-it.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create the database and database user locally.", "loc": ["services", "snipe-it", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.snipe-it.database.host": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "snipe-it", "database", "host"], "readOnly": false, "type": "string"}, "services.snipe-it.database.name": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"snipeit\""}, "description": "Database name.", "loc": ["services", "snipe-it", "database", "name"], "readOnly": false, "type": "string"}, "services.snipe-it.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/snipe-it/dbpassword\""}, "loc": ["services", "snipe-it", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.database.port": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "snipe-it", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snipe-it.database.user": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "user"}, "description": "Database username.", "loc": ["services", "snipe-it", "database", "user"], "readOnly": false, "type": "string"}, "services.snipe-it.enable": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable snipe-it, a free open source IT asset/license management system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snipe-it", "enable"], "readOnly": false, "type": "boolean"}, "services.snipe-it.group": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"snipeit\""}, "description": "Group snipe-it runs as.", "loc": ["services", "snipe-it", "group"], "readOnly": false, "type": "string"}, "services.snipe-it.hostName": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "The hostname to serve Snipe-IT on.\n", "example": {"_type": "literalExpression", "text": "\"snipe-it.example.com\""}, "loc": ["services", "snipe-it", "hostName"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.backupNotificationAddress": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"backup@example.com\""}, "description": "Email Address to send Backup Notifications to.", "loc": ["services", "snipe-it", "mail", "backupNotificationAddress"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.driver": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"smtp\""}, "description": "Mail driver to use.", "loc": ["services", "snipe-it", "mail", "driver"], "readOnly": false, "type": "one of \"smtp\", \"sendmail\""}, "services.snipe-it.mail.encryption": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP encryption mechanism to use.", "loc": ["services", "snipe-it", "mail", "encryption"], "readOnly": false, "type": "null or one of \"tls\", \"ssl\""}, "services.snipe-it.mail.from.address": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"mail@example.com\""}, "description": "Mail \"from\" address.", "loc": ["services", "snipe-it", "mail", "from", "address"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.from.name": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"Snipe-IT Asset Management\""}, "description": "Mail \"from\" name.", "loc": ["services", "snipe-it", "mail", "from", "name"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.host": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Mail host address.", "loc": ["services", "snipe-it", "mail", "host"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.passwordFile": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`mail.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/snipe-it/mailpassword\""}, "loc": ["services", "snipe-it", "mail", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.mail.port": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "1025"}, "description": "Mail host port.", "loc": ["services", "snipe-it", "mail", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snipe-it.mail.replyTo.address": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"mail@example.com\""}, "description": "Mail \"reply-to\" address.", "loc": ["services", "snipe-it", "mail", "replyTo", "address"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.replyTo.name": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"Snipe-IT Asset Management\""}, "description": "Mail \"reply-to\" name.", "loc": ["services", "snipe-it", "mail", "replyTo", "name"], "readOnly": false, "type": "string"}, "services.snipe-it.mail.user": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Mail username.", "example": {"_type": "literalExpression", "text": "\"snipeit\""}, "loc": ["services", "snipe-it", "mail", "user"], "readOnly": false, "type": "null or string"}, "services.snipe-it.maxUploadSize": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"18M\""}, "description": "The maximum size for uploads (e.g. images).", "example": {"_type": "literalExpression", "text": "\"1G\""}, "loc": ["services", "snipe-it", "maxUploadSize"], "readOnly": false, "type": "string"}, "services.snipe-it.nginx": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "With this option, you can customize the nginx virtualHost settings.\n", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [\n    \"snipe-it.${config.networking.domain}\"\n  ];\n  # To enable encryption and let let's encrypt take care of certificate\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "snipe-it", "nginx"], "readOnly": false, "type": "submodule"}, "services.snipe-it.nginx.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "snipe-it", "nginx", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "snipe-it", "nginx", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.addSSL": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "snipe-it", "nginx", "addSSL"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.basicAuth": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "snipe-it", "nginx", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.snipe-it.nginx.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "snipe-it", "nginx", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.nginx.default": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "snipe-it", "nginx", "default"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.enableACME": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "snipe-it", "nginx", "enableACME"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.extraConfig": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "snipe-it", "nginx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.snipe-it.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "snipe-it", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "snipe-it", "nginx", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.http2": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "snipe-it", "nginx", "http2"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.http3": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "snipe-it", "nginx", "http3"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.http3_hq": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "snipe-it", "nginx", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.kTLS": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "snipe-it", "nginx", "kTLS"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.listen": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "snipe-it", "nginx", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.snipe-it.nginx.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "description": "Listen address.", "loc": ["services", "snipe-it", "nginx", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.snipe-it.nginx.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "snipe-it", "nginx", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.snipe-it.nginx.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "snipe-it", "nginx", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snipe-it.nginx.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "snipe-it", "nginx", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "snipe-it", "nginx", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "snipe-it", "nginx", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.snipe-it.nginx.locations": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "snipe-it", "nginx", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.snipe-it.nginx.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.nginx.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.snipe-it.nginx.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.nginx.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.snipe-it.nginx.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.snipe-it.nginx.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.snipe-it.nginx.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.snipe-it.nginx.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.nginx.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "snipe-it", "nginx", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.onlySSL": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "snipe-it", "nginx", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.quic": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "snipe-it", "nginx", "quic"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.redirectCode": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "snipe-it", "nginx", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.snipe-it.nginx.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "snipe-it", "nginx", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.reuseport": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "snipe-it", "nginx", "reuseport"], "readOnly": false, "type": "boolean"}, "services.snipe-it.nginx.root": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "snipe-it", "nginx", "root"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.nginx.serverAliases": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "snipe-it", "nginx", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.snipe-it.nginx.serverName": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "snipe-it", "nginx", "serverName"], "readOnly": false, "type": "null or string"}, "services.snipe-it.nginx.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "snipe-it", "nginx", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.snipe-it.nginx.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "snipe-it", "nginx", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.snipe-it.nginx.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "snipe-it", "nginx", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.snipe-it.nginx.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "snipe-it", "nginx", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.snipe-it.poolConfig": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the snipe-it PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "snipe-it", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.snipe-it.user": {"declarations": ["nixos/modules/services/web-apps/snipe-it.nix"], "default": {"_type": "literalExpression", "text": "\"snipeit\""}, "description": "User snipe-it runs as.", "loc": ["services", "snipe-it", "user"], "readOnly": false, "type": "string"}, "services.sniproxy.config": {"declarations": ["nixos/modules/services/networking/sniproxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "sniproxy.conf configuration excluding the daemon username and pid file.", "example": {"_type": "literalExpression", "text": "''\n  error_log {\n    filename /var/log/sniproxy/error.log\n  }\n  access_log {\n    filename /var/log/sniproxy/access.log\n  }\n  listen 443 {\n    proto tls\n  }\n  table {\n    example.com 192.0.2.10\n    example.net 192.0.2.20\n  }\n''"}, "loc": ["services", "sniproxy", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.sniproxy.enable": {"declarations": ["nixos/modules/services/networking/sniproxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sniproxy server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sniproxy", "enable"], "readOnly": false, "type": "boolean"}, "services.sniproxy.group": {"declarations": ["nixos/modules/services/networking/sniproxy.nix"], "default": {"_type": "literalExpression", "text": "\"sniproxy\""}, "description": "Group under which sniproxy runs.", "loc": ["services", "sniproxy", "group"], "readOnly": false, "type": "string"}, "services.sniproxy.user": {"declarations": ["nixos/modules/services/networking/sniproxy.nix"], "default": {"_type": "literalExpression", "text": "\"sniproxy\""}, "description": "User account under which sniproxy runs.", "loc": ["services", "sniproxy", "user"], "readOnly": false, "type": "string"}, "services.snips-sh.enable": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable snips.sh.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snips-sh", "enable"], "readOnly": false, "type": "boolean"}, "services.snips-sh.environmentFile": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Additional environment file as defined in {manpage}`systemd.exec(5)`.\n\nSensitive secrets such as {env}`SNIPS_SSH_HOSTKEYPATH` and {env}`SNIPS_METRICS_STATSD`\nmay be passed to the service while avoiding potentially making them world-readable in the nix store or\nto convert an existing non-nix installation with minimum hassle.\n\nNote that this file needs to be available on the host on which\n`snips-sh` is running.\n", "example": {"_type": "literalExpression", "text": "\"/etc/snips-sh.env\""}, "loc": ["services", "snips-sh", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.snips-sh.package": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.snips-sh"}, "description": "The snips-sh package to use.", "example": {"_type": "literalExpression", "text": "pkgs.snips-sh.override {withTensorflow = true;}"}, "loc": ["services", "snips-sh", "package"], "readOnly": false, "type": "package"}, "services.snips-sh.settings": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The configuration of snips-sh is done through environment variables,\ntherefore you must use upper snake case (e.g. {env}`SNIPS_HTTP_INTERNAL`).\n\nBased on the attributes passed to this config option an environment file will be generated\nthat is passed to snips-sh's systemd service.\n\nThe available configuration options can be found in\n[self-hosting guide](https://github.com/robherley/snips.sh/blob/main/docs/self-hosting.md#configuration) to\nfind about the environment variables you can use.\n", "example": {"_type": "literalExpression", "text": "{\n  SNIPS_HTTP_INTERNAL = \"http://0.0.0.0:8080\";\n  SNIPS_SSH_INTERNAL = \"ssh://0.0.0.0:2222\";\n}"}, "loc": ["services", "snips-sh", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or signed integer or boolean)"}, "services.snips-sh.settings.SNIPS_HTTP_INTERNAL": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "description": "The internal HTTP address of the service", "loc": ["services", "snips-sh", "settings", "SNIPS_HTTP_INTERNAL"], "readOnly": false, "type": "string"}, "services.snips-sh.settings.SNIPS_SSH_INTERNAL": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "description": "The internal SSH address of the service", "loc": ["services", "snips-sh", "settings", "SNIPS_SSH_INTERNAL"], "readOnly": false, "type": "string"}, "services.snips-sh.stateDir": {"declarations": ["nixos/modules/services/web-apps/snips-sh.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/snips-sh\""}, "description": "The state directory of the service.", "loc": ["services", "snips-sh", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.snmpd.configFile": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalMD", "text": "The value of {option}`configText`."}, "description": "Path to the snmpd.conf file. By default, if {option}`configText` is set,\na config file will be automatically generated.\n", "loc": ["services", "snmpd", "configFile"], "readOnly": false, "type": "absolute path"}, "services.snmpd.configText": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The contents of the snmpd.conf. If the {option}`configFile` option\nis set, this value will be ignored.\n\nNote that the contents of this option will be added to the Nix\nstore as world-readable plain text, {option}`configFile` can be used in\naddition to a secret management tool to protect sensitive data.\n", "loc": ["services", "snmpd", "configText"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.snmpd.enable": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable snmpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snmpd", "enable"], "readOnly": false, "type": "boolean"}, "services.snmpd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address to listen on for SNMP and AgentX messages.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "snmpd", "listenAddress"], "readOnly": false, "type": "string"}, "services.snmpd.openFirewall": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open port in firewall for snmpd.\n", "loc": ["services", "snmpd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.snmpd.package": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.net-snmp"}, "description": "The net-snmp package to use.", "loc": ["services", "snmpd", "package"], "readOnly": false, "type": "package"}, "services.snmpd.port": {"declarations": ["nixos/modules/services/monitoring/snmpd.nix"], "default": {"_type": "literalExpression", "text": "161"}, "description": "The port to listen on for SNMP and AgentX messages.\n", "loc": ["services", "snmpd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.snowflake-proxy.broker": {"declarations": ["nixos/modules/services/networking/snowflake-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Broker URL (default \"https://snowflake-broker.torproject.net/\")", "loc": ["services", "snowflake-proxy", "broker"], "readOnly": false, "type": "null or string"}, "services.snowflake-proxy.capacity": {"declarations": ["nixos/modules/services/networking/snowflake-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Limits the amount of maximum concurrent clients allowed.", "loc": ["services", "snowflake-proxy", "capacity"], "readOnly": false, "type": "null or signed integer"}, "services.snowflake-proxy.enable": {"declarations": ["nixos/modules/services/networking/snowflake-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable snowflake-proxy, a system to defeat internet censorship.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "snowflake-proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.snowflake-proxy.extraFlags": {"declarations": ["nixos/modules/services/networking/snowflake-proxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to snowflake-proxy", "example": {"_type": "literalExpression", "text": "[\n  \"-metrics\"\n]"}, "loc": ["services", "snowflake-proxy", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.snowflake-proxy.relay": {"declarations": ["nixos/modules/services/networking/snowflake-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "websocket relay URL (default \"wss://snowflake.bamsoftware.com/\")", "loc": ["services", "snowflake-proxy", "relay"], "readOnly": false, "type": "null or string"}, "services.snowflake-proxy.stun": {"declarations": ["nixos/modules/services/networking/snowflake-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "STUN broker URL (default \"stun:stun.stunprotocol.org:3478\")", "loc": ["services", "snowflake-proxy", "stun"], "readOnly": false, "type": "null or string"}, "services.soft-serve.enable": {"declarations": ["nixos/modules/services/misc/soft-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable soft-serve.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "soft-serve", "enable"], "readOnly": false, "type": "boolean"}, "services.soft-serve.package": {"declarations": ["nixos/modules/services/misc/soft-serve.nix"], "default": {"_type": "literalExpression", "text": "pkgs.soft-serve"}, "description": "The soft-serve package to use.", "loc": ["services", "soft-serve", "package"], "readOnly": false, "type": "package"}, "services.soft-serve.settings": {"declarations": ["nixos/modules/services/misc/soft-serve.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The contents of the configuration file for soft-serve.\n\nSee <https://charm.sh/blog/self-hosted-soft-serve/>.\n", "example": {"_type": "literalExpression", "text": "{\n  name = \"dadada's repos\";\n  log_format = \"text\";\n  ssh = {\n    listen_addr = \":23231\";\n    public_url = \"ssh://localhost:23231\";\n    max_timeout = 30;\n    idle_timeout = 120;\n  };\n  stats.listen_addr = \":23233\";\n}\n"}, "loc": ["services", "soft-serve", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.softether.dataDir": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/softether\""}, "description": "Data directory for SoftEther VPN.\n", "loc": ["services", "softether", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.softether.enable": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SoftEther VPN services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "softether", "enable"], "readOnly": false, "type": "boolean"}, "services.softether.package": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "pkgs.softether"}, "description": "The softether package to use.", "loc": ["services", "softether", "package"], "readOnly": false, "type": "package"}, "services.softether.vpnbridge.enable": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SoftEther VPN Bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "softether", "vpnbridge", "enable"], "readOnly": false, "type": "boolean"}, "services.softether.vpnclient.down": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed when the Virtual Network Adapter(s) is/are shutting down.\n", "loc": ["services", "softether", "vpnclient", "down"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.softether.vpnclient.enable": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SoftEther VPN Client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "softether", "vpnclient", "enable"], "readOnly": false, "type": "boolean"}, "services.softether.vpnclient.up": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed when the Virtual Network Adapter(s) is/are starting.\n", "loc": ["services", "softether", "vpnclient", "up"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.softether.vpnserver.enable": {"declarations": ["nixos/modules/services/networking/softether.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SoftEther VPN Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "softether", "vpnserver", "enable"], "readOnly": false, "type": "boolean"}, "services.sogo.configReplaces": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Replacement-filepath mapping for sogo.conf.\nEvery key is replaced with the contents of the file specified as value.\n\nIn the example, every occurrence of LDAP_BINDPW will be replaced with the text of the\nspecified file.\n", "example": {"_type": "literalExpression", "text": "{\n  LDAP_BINDPW = \"/var/lib/secrets/sogo/ldappw\";\n}"}, "loc": ["services", "sogo", "configReplaces"], "readOnly": false, "type": "attribute set of string"}, "services.sogo.ealarmsCredFile": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional path to a credentials file for email alarms", "loc": ["services", "sogo", "ealarmsCredFile"], "readOnly": false, "type": "null or string"}, "services.sogo.enable": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SOGo groupware.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sogo", "enable"], "readOnly": false, "type": "boolean"}, "services.sogo.extraConfig": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra sogo.conf configuration lines", "loc": ["services", "sogo", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.sogo.language": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "default": {"_type": "literalExpression", "text": "\"English\""}, "description": "Language of SOGo", "loc": ["services", "sogo", "language"], "readOnly": false, "type": "string"}, "services.sogo.timezone": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "description": "Timezone of your SOGo instance", "example": {"_type": "literalExpression", "text": "\"America/Montreal\""}, "loc": ["services", "sogo", "timezone"], "readOnly": false, "type": "string"}, "services.sogo.vhostName": {"declarations": ["nixos/modules/services/web-apps/sogo.nix"], "default": {"_type": "literalExpression", "text": "\"sogo\""}, "description": "Name of the nginx vhost", "loc": ["services", "sogo", "vhostName"], "readOnly": false, "type": "string"}, "services.soju.acceptProxyIP": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow the specified IPs to act as a proxy. Proxys have the ability to\noverwrite the remote and local connection addresses (via the X-Forwarded-\\*\nHTTP header fields). The special name \"localhost\" accepts the loopback\naddresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.\n", "loc": ["services", "soju", "acceptProxyIP"], "readOnly": false, "type": "list of string"}, "services.soju.adminSocket.enable": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Listen for admin connections from sojuctl at /run/soju/admin.\n", "loc": ["services", "soju", "adminSocket", "enable"], "readOnly": false, "type": "boolean"}, "services.soju.configFile": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "\"Config file generated from other options.\""}, "description": "Path to config file. If this option is set, it will override any\nconfiguration done using other options, including {option}`extraConfig`.\n", "example": {"_type": "literalExpression", "text": "./soju.conf"}, "loc": ["services", "soju", "configFile"], "readOnly": false, "type": "absolute path"}, "services.soju.enable": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable soju.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "soju", "enable"], "readOnly": false, "type": "boolean"}, "services.soju.enableMessageLogging": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable message logging.", "loc": ["services", "soju", "enableMessageLogging"], "readOnly": false, "type": "boolean"}, "services.soju.extraConfig": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Lines added verbatim to the generated configuration file.", "loc": ["services", "soju", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.soju.hostName": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Server hostname.", "loc": ["services", "soju", "hostName"], "readOnly": false, "type": "string"}, "services.soju.httpOrigins": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of allowed HTTP origins for WebSocket listeners. The parameters are\ninterpreted as shell patterns, see\n{manpage}`glob(7)`.\n", "loc": ["services", "soju", "httpOrigins"], "readOnly": false, "type": "list of string"}, "services.soju.listen": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "[\n  \":6697\"\n]"}, "description": "Where soju should listen for incoming connections. See the\n`listen` directive in\n{manpage}`soju(1)`.\n", "loc": ["services", "soju", "listen"], "readOnly": false, "type": "list of string"}, "services.soju.package": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "pkgs.soju"}, "description": "The soju package to use.", "loc": ["services", "soju", "package"], "readOnly": false, "type": "package"}, "services.soju.tlsCertificate": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server TLS certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "soju", "tlsCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.soju.tlsCertificateKey": {"declarations": ["nixos/modules/services/networking/soju.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server TLS certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "soju", "tlsCertificateKey"], "readOnly": false, "type": "null or absolute path"}, "services.solanum.config": {"declarations": ["nixos/modules/services/networking/solanum.nix"], "default": {"_type": "literalExpression", "text": "''\n  serverinfo {\n    name = \"irc.example.com\";\n    sid = \"1ix\";\n    description = \"irc!\";\n  \n    vhost = \"0.0.0.0\";\n    vhost6 = \"::\";\n  };\n  \n  listen {\n    host = \"0.0.0.0\";\n    port = 6667;\n  };\n  \n  auth {\n    user = \"*@*\";\n    class = \"users\";\n    flags = exceed_limit;\n  };\n  channel {\n    default_split_user_count = 0;\n  };\n''"}, "description": "Solanum IRC daemon configuration file.\ncheck <https://github.com/solanum-ircd/solanum/blob/main/doc/reference.conf> for all options.\n", "loc": ["services", "solanum", "config"], "readOnly": false, "type": "string"}, "services.solanum.enable": {"declarations": ["nixos/modules/services/networking/solanum.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Solanum IRC daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "solanum", "enable"], "readOnly": false, "type": "boolean"}, "services.solanum.motd": {"declarations": ["nixos/modules/services/networking/solanum.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Solanum MOTD text.\n\nSolanum will read its MOTD from `/etc/solanum/ircd.motd`.\nIf set, the value of this option will be written to this path.\n", "loc": ["services", "solanum", "motd"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.solanum.openFilesLimit": {"declarations": ["nixos/modules/services/networking/solanum.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Maximum number of open files. Limits the clients and server connections.\n", "loc": ["services", "solanum", "openFilesLimit"], "readOnly": false, "type": "signed integer"}, "services.sonarr.dataDir": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sonarr/.config/NzbDrone\""}, "description": "The Sonarr home directory used to store all data. If left as the default value\nthis directory will automatically be created before the Sonarr server starts, otherwise\nyou are responsible for ensuring the directory exists with appropriate ownership\nand permissions.\n", "loc": ["services", "sonarr", "dataDir"], "readOnly": false, "type": "string"}, "services.sonarr.enable": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sonarr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sonarr", "enable"], "readOnly": false, "type": "boolean"}, "services.sonarr.environmentFiles": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment file to pass secret configuration values.\nEach line must follow the `SONARR__SECTION__KEY=value` pattern.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n", "loc": ["services", "sonarr", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.sonarr.group": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "\"sonarr\""}, "description": "Group account under which Sonarr runs.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise you are responsible for\nensuring the group exists before the Sonarr service starts.\n:::\n", "loc": ["services", "sonarr", "group"], "readOnly": false, "type": "string"}, "services.sonarr.openFirewall": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Sonarr web interface\n", "loc": ["services", "sonarr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.sonarr.package": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sonarr"}, "description": "The sonarr package to use.", "loc": ["services", "sonarr", "package"], "readOnly": false, "type": "package"}, "services.sonarr.settings": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n\nWARNING: this configuration is stored in the world-readable Nix store!\nFor secrets use [](#opt-services.sonarr.environmentFiles).\n", "example": {"_type": "literalExpression", "text": "{\n  update.mechanism = \"internal\";\n  server = {\n    urlbase = \"localhost\";\n    port = 8989;\n    bindaddress = \"*\";\n  };\n}\n"}, "loc": ["services", "sonarr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.sonarr.settings.log.analyticsEnabled": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send Anonymous Usage Data", "loc": ["services", "sonarr", "settings", "log", "analyticsEnabled"], "readOnly": false, "type": "boolean"}, "services.sonarr.settings.server.port": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "8989"}, "description": "Port Number", "loc": ["services", "sonarr", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sonarr.settings.update.automatically": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically download and install updates.", "loc": ["services", "sonarr", "settings", "update", "automatically"], "readOnly": false, "type": "boolean"}, "services.sonarr.settings.update.mechanism": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "which update mechanism to use", "loc": ["services", "sonarr", "settings", "update", "mechanism"], "readOnly": false, "type": "null or one of \"external\", \"builtIn\", \"script\""}, "services.sonarr.user": {"declarations": ["nixos/modules/services/misc/servarr/sonarr.nix"], "default": {"_type": "literalExpression", "text": "\"sonarr\""}, "description": "User account under which Sonarr runs.\";\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise you are responsible for\nensuring the user exists before the Sonarr service starts.\n:::\n", "loc": ["services", "sonarr", "user"], "readOnly": false, "type": "string"}, "services.sonic-server.enable": {"declarations": ["nixos/modules/services/search/sonic-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sonic Search Index.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sonic-server", "enable"], "readOnly": false, "type": "boolean"}, "services.sonic-server.package": {"declarations": ["nixos/modules/services/search/sonic-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sonic-server"}, "description": "The sonic-server package to use.", "loc": ["services", "sonic-server", "package"], "readOnly": false, "type": "package"}, "services.sonic-server.settings": {"declarations": ["nixos/modules/services/search/sonic-server.nix"], "default": {"_type": "literalExpression", "text": "{\n  store = {\n    fst = {\n      path = \"/var/lib/sonic/fst\";\n    };\n    kv = {\n      path = \"/var/lib/sonic/kv\";\n    };\n  };\n}"}, "description": "Sonic Server configuration options.\n\nRefer to\n<https://github.com/valeriansaliou/sonic/blob/master/CONFIGURATION.md>\nfor a full list of available options.\n", "example": {"_type": "literalExpression", "text": "{\n  channel = {\n    inet = \"[::1]:1491\";\n  };\n  server = {\n    log_level = \"debug\";\n  };\n}"}, "loc": ["services", "sonic-server", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.spacecookie.address": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "Address to listen on. Must be in the\n`ListenStream=` syntax of\n{manpage}`systemd.socket(5)`.\n", "loc": ["services", "spacecookie", "address"], "readOnly": false, "type": "string"}, "services.spacecookie.enable": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable spacecookie.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spacecookie", "enable"], "readOnly": false, "type": "boolean"}, "services.spacecookie.openFirewall": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the necessary port in the firewall for spacecookie.\n", "loc": ["services", "spacecookie", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.spacecookie.package": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "pkgs.spacecookie"}, "description": "The spacecookie package to use.", "example": {"_type": "literalExpression", "text": "haskellPackages.spacecookie"}, "loc": ["services", "spacecookie", "package"], "readOnly": false, "type": "package"}, "services.spacecookie.port": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "70"}, "description": "Port the gopher service should be exposed on.\n", "loc": ["services", "spacecookie", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.spacecookie.settings": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "description": "Settings for spacecookie. The settings set here are\ndirectly translated to the spacecookie JSON config\nfile. See\n[spacecookie.json(5)](https://sternenseemann.github.io/spacecookie/spacecookie.json.5.html)\nfor explanations of all options.\n", "loc": ["services", "spacecookie", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.spacecookie.settings.hostname": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The hostname the service is reachable via. Clients\nwill use this hostname for further requests after\nloading the initial gopher menu.\n", "loc": ["services", "spacecookie", "settings", "hostname"], "readOnly": false, "type": "string"}, "services.spacecookie.settings.log.enable": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable logging for spacecookie.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "spacecookie", "settings", "log", "enable"], "readOnly": false, "type": "boolean"}, "services.spacecookie.settings.log.hide-ips": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, spacecookie will hide personal\ninformation of users like IP addresses from\nlog output.\n", "loc": ["services", "spacecookie", "settings", "log", "hide-ips"], "readOnly": false, "type": "boolean"}, "services.spacecookie.settings.log.hide-time": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, spacecookie will not print timestamps\nat the beginning of every log line.\n", "loc": ["services", "spacecookie", "settings", "log", "hide-time"], "readOnly": false, "type": "boolean"}, "services.spacecookie.settings.log.level": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level for the spacecookie service.\n", "loc": ["services", "spacecookie", "settings", "log", "level"], "readOnly": false, "type": "one of \"info\", \"warn\", \"error\""}, "services.spacecookie.settings.root": {"declarations": ["nixos/modules/services/networking/spacecookie.nix"], "default": {"_type": "literalExpression", "text": "\"/srv/gopher\""}, "description": "The directory spacecookie should serve via gopher.\nFiles in there need to be world-readable since\nthe spacecookie service file sets\n`DynamicUser=true`.\n", "loc": ["services", "spacecookie", "settings", "root"], "readOnly": false, "type": "absolute path"}, "services.spamassassin.config": {"declarations": ["nixos/modules/services/mail/spamassassin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The SpamAssassin local.cf config\n\nIf you are using this configuration:\n\n    add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_\n\nThen you can Use this sieve filter:\n\n    require [\"fileinto\", \"reject\", \"envelope\"];\n\n    if header :contains \"X-Spam-Flag\" \"YES\" {\n      fileinto \"spam\";\n    }\n\nOr this procmail filter:\n\n    :0:\n    * ^X-Spam-Flag: YES\n    /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new\n\nTo filter your messages based on the additional mail headers added by spamassassin.\n", "example": {"_type": "literalExpression", "text": "''\n  #rewrite_header Subject [***** SPAM _SCORE_ *****]\n  required_score          5.0\n  use_bayes               1\n  bayes_auto_learn        1\n  add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_\n''"}, "loc": ["services", "spamassassin", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.spamassassin.debug": {"declarations": ["nixos/modules/services/mail/spamassassin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the SpamAssassin daemon in debug mode", "loc": ["services", "spamassassin", "debug"], "readOnly": false, "type": "boolean"}, "services.spamassassin.enable": {"declarations": ["nixos/modules/services/mail/spamassassin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the SpamAssassin daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spamassassin", "enable"], "readOnly": false, "type": "boolean"}, "services.spamassassin.initPreConf": {"declarations": ["nixos/modules/services/mail/spamassassin.nix"], "default": {"_type": "literalExpression", "text": "''\n  #\n  # to update this list, run this command in the rules directory:\n  # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq\n  #\n  \n  #loadplugin Mail::SpamAssassin::Plugin::AccessDB\n  #loadplugin Mail::SpamAssassin::Plugin::AntiVirus\n  loadplugin Mail::SpamAssassin::Plugin::AskDNS\n  # loadplugin Mail::SpamAssassin::Plugin::ASN\n  loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold\n  #loadplugin Mail::SpamAssassin::Plugin::AWL\n  loadplugin Mail::SpamAssassin::Plugin::Bayes\n  loadplugin Mail::SpamAssassin::Plugin::BodyEval\n  loadplugin Mail::SpamAssassin::Plugin::Check\n  #loadplugin Mail::SpamAssassin::Plugin::DCC\n  loadplugin Mail::SpamAssassin::Plugin::DKIM\n  loadplugin Mail::SpamAssassin::Plugin::DMARC\n  loadplugin Mail::SpamAssassin::Plugin::DNSEval\n  loadplugin Mail::SpamAssassin::Plugin::FreeMail\n  loadplugin Mail::SpamAssassin::Plugin::HeaderEval\n  loadplugin Mail::SpamAssassin::Plugin::HTMLEval\n  loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch\n  loadplugin Mail::SpamAssassin::Plugin::ImageInfo\n  loadplugin Mail::SpamAssassin::Plugin::MIMEEval\n  loadplugin Mail::SpamAssassin::Plugin::MIMEHeader\n  # loadplugin Mail::SpamAssassin::Plugin::PDFInfo\n  #loadplugin Mail::SpamAssassin::Plugin::PhishTag\n  loadplugin Mail::SpamAssassin::Plugin::Pyzor\n  loadplugin Mail::SpamAssassin::Plugin::Razor2\n  # loadplugin Mail::SpamAssassin::Plugin::RelayCountry\n  loadplugin Mail::SpamAssassin::Plugin::RelayEval\n  loadplugin Mail::SpamAssassin::Plugin::ReplaceTags\n  # loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody\n  # loadplugin Mail::SpamAssassin::Plugin::Shortcircuit\n  loadplugin Mail::SpamAssassin::Plugin::SpamCop\n  loadplugin Mail::SpamAssassin::Plugin::SPF\n  loadplugin Mail::SpamAssassin::Plugin::TextCat\n  # loadplugin Mail::SpamAssassin::Plugin::TxRep\n  loadplugin Mail::SpamAssassin::Plugin::URIDetail\n  loadplugin Mail::SpamAssassin::Plugin::URIDNSBL\n  loadplugin Mail::SpamAssassin::Plugin::URIEval\n  # loadplugin Mail::SpamAssassin::Plugin::URILocalBL\n  loadplugin Mail::SpamAssassin::Plugin::VBounce\n  loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject\n  loadplugin Mail::SpamAssassin::Plugin::WLBLEval\n''"}, "description": "The SpamAssassin init.pre config.", "loc": ["services", "spamassassin", "initPreConf"], "readOnly": false, "type": "string or absolute path"}, "services.spark.confDir": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "\"${package}/conf\""}, "description": "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory.", "loc": ["services", "spark", "confDir"], "readOnly": false, "type": "absolute path"}, "services.spark.logDir": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/spark\""}, "description": "Spark log directory.", "loc": ["services", "spark", "logDir"], "readOnly": false, "type": "absolute path"}, "services.spark.master.bind": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address the spark master binds to.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "spark", "master", "bind"], "readOnly": false, "type": "string"}, "services.spark.master.enable": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Spark master service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spark", "master", "enable"], "readOnly": false, "type": "boolean"}, "services.spark.master.extraEnvironment": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to spark master. See spark-standalone documentation.", "example": {"_type": "literalExpression", "text": "{\n  SPARK_MASTER_OPTS = \"-Dspark.deploy.defaultCores=5\";\n  SPARK_MASTER_WEBUI_PORT = 8181;\n}"}, "loc": ["services", "spark", "master", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.spark.master.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically restart master service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "spark", "master", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.spark.package": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.spark"}, "description": "The spark package to use.", "example": {"_type": "literalExpression", "text": "spark.overrideAttrs (super: rec {\n  pname = \"spark\";\n  version = \"2.4.4\";\n\n  src = pkgs.fetchzip {\n    url    = \"mirror://apache/spark/\"${pname}-${version}/${pname}-${version}-bin-without-hadoop.tgz\";\n    sha256 = \"1a9w5k0207fysgpxx6db3a00fs5hdc2ncx99x4ccy2s0v5ndc66g\";\n  };\n})\n"}, "loc": ["services", "spark", "package"], "readOnly": false, "type": "package"}, "services.spark.worker.enable": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Spark worker service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spark", "worker", "enable"], "readOnly": false, "type": "boolean"}, "services.spark.worker.extraEnvironment": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to spark worker.", "example": {"_type": "literalExpression", "text": "{\n  SPARK_WORKER_CORES = 5;\n  SPARK_WORKER_MEMORY = \"2g\";\n}"}, "loc": ["services", "spark", "worker", "extraEnvironment"], "readOnly": false, "type": "attribute set of string"}, "services.spark.worker.master": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:7077\""}, "description": "Address of the spark master.", "loc": ["services", "spark", "worker", "master"], "readOnly": false, "type": "string"}, "services.spark.worker.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically restart worker service on config change.\nThis can be set to false to defer restarts on clusters running critical applications.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "spark", "worker", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.spark.worker.workDir": {"declarations": ["nixos/modules/services/cluster/spark/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/spark\""}, "description": "Spark worker work dir.", "loc": ["services", "spark", "worker", "workDir"], "readOnly": false, "type": "absolute path"}, "services.speechd.clients": {"declarations": ["nixos/modules/services/accessibility/speechd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Client specific configuration.\n", "example": {"_type": "literalExpression", "text": "{\n  emacs = ''\n    BeginClient \"emacs:*\"\n    # Example:\n    #   DefaultPunctuationMode \"some\"\n    EndClient\n  '';\n}"}, "loc": ["services", "speechd", "clients"], "readOnly": false, "type": "open submodule of attribute set of strings concatenated with \"\\n\""}, "services.speechd.config": {"declarations": ["nixos/modules/services/accessibility/speechd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "System wide configuration file for Speech Dispatcher. This will be used if no user configuration file is found.\n", "example": {"_type": "literalExpression", "text": "''\n  AddModule \"module_name\" \"module_binary\" \"module_config\"\n''"}, "loc": ["services", "speechd", "config"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.speechd.enable": {"declarations": ["nixos/modules/services/accessibility/speechd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable speech-dispatcher speech synthesizer daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "speechd", "enable"], "readOnly": false, "type": "boolean"}, "services.speechd.modules": {"declarations": ["nixos/modules/services/accessibility/speechd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration files of output modules.\n", "example": {"_type": "literalExpression", "text": "{\n  generic-epos = ''\n    AddVoice        \"cs\"  \"male1\"   \"kadlec\"\n    AddVoice        \"sk\"  \"male1\"   \"bob\"\n  '';\n}"}, "loc": ["services", "speechd", "modules"], "readOnly": false, "type": "open submodule of attribute set of strings concatenated with \"\\n\""}, "services.speechd.package": {"declarations": ["nixos/modules/services/accessibility/speechd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.speechd"}, "description": "The speechd package to use.", "loc": ["services", "speechd", "package"], "readOnly": false, "type": "package"}, "services.speedify.enable": {"declarations": ["nixos/modules/services/networking/speedify.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables Speedify daemon.\nThis sets {option}`networking.firewall.checkReversePath` to \"loose\", which might be undesirable for security.\n", "loc": ["services", "speedify", "enable"], "readOnly": false, "type": "boolean"}, "services.speedify.package": {"declarations": ["nixos/modules/services/networking/speedify.nix"], "default": {"_type": "literalExpression", "text": "pkgs.speedify"}, "description": "The speedify package to use.", "loc": ["services", "speedify", "package"], "readOnly": false, "type": "package"}, "services.spice-autorandr.enable": {"declarations": ["nixos/modules/services/misc/spice-autorandr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable spice-autorandr service that will automatically resize display to match SPICE client window size.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spice-autorandr", "enable"], "readOnly": false, "type": "boolean"}, "services.spice-autorandr.package": {"declarations": ["nixos/modules/services/misc/spice-autorandr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.spice-autorandr"}, "description": "The spice-autorandr package to use.", "loc": ["services", "spice-autorandr", "package"], "readOnly": false, "type": "package"}, "services.spice-vdagentd.enable": {"declarations": ["nixos/modules/services/misc/spice-vdagentd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Spice guest vdagent daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spice-vdagentd", "enable"], "readOnly": false, "type": "boolean"}, "services.spice-webdavd.enable": {"declarations": ["nixos/modules/services/misc/spice-webdavd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the spice guest webdav proxy daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spice-webdavd", "enable"], "readOnly": false, "type": "boolean"}, "services.spice-webdavd.package": {"declarations": ["nixos/modules/services/misc/spice-webdavd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.phodav"}, "description": "The phodav package to use.", "loc": ["services", "spice-webdavd", "package"], "readOnly": false, "type": "package"}, "services.spiped.config": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for a secure pipe daemon. The daemon can be\nstarted, stopped, or examined using\n`systemctl`, under the name\n`spiped@foo`.\n", "example": {"_type": "literalExpression", "text": "{\n  pipe1 =\n    { keyfile = \"/var/lib/spiped/pipe1.key\";\n      encrypt = true;\n      source  = \"localhost:6000\";\n      target  = \"endpoint.example.com:7000\";\n    };\n  pipe2 =\n    { keyfile = \"/var/lib/spiped/pipe2.key\";\n      decrypt = true;\n      source  = \"0.0.0.0:7000\";\n      target  = \"localhost:3000\";\n    };\n}\n"}, "loc": ["services", "spiped", "config"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.spiped.config.<name>.decrypt": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Take encrypted connections from the\n`source` socket and send unencrypted\nconnections to the `target` socket.\n", "loc": ["services", "spiped", "config", "<name>", "decrypt"], "readOnly": false, "type": "boolean"}, "services.spiped.config.<name>.disableKeepalives": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable transport layer keep-alives.", "loc": ["services", "spiped", "config", "<name>", "disableKeepalives"], "readOnly": false, "type": "boolean"}, "services.spiped.config.<name>.disableReresolution": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable target address re-resolution.", "loc": ["services", "spiped", "config", "<name>", "disableReresolution"], "readOnly": false, "type": "boolean"}, "services.spiped.config.<name>.encrypt": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Take unencrypted connections from the\n`source` socket and send encrypted\nconnections to the `target` socket.\n", "loc": ["services", "spiped", "config", "<name>", "encrypt"], "readOnly": false, "type": "boolean"}, "services.spiped.config.<name>.keyfile": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "description": "Name of a file containing the spiped key.\nAs the daemon runs as the `spiped` user,\nthe key file must be readable by that user.\nTo securely manage the file within your configuration\nconsider a tool such as agenix or sops-nix.\n", "loc": ["services", "spiped", "config", "<name>", "keyfile"], "readOnly": false, "type": "absolute path"}, "services.spiped.config.<name>.maxConns": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Limit on the number of simultaneous connections allowed.\n", "loc": ["services", "spiped", "config", "<name>", "maxConns"], "readOnly": false, "type": "signed integer"}, "services.spiped.config.<name>.resolveRefresh": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Resolution refresh time for the target socket, in seconds.\n", "loc": ["services", "spiped", "config", "<name>", "resolveRefresh"], "readOnly": false, "type": "signed integer"}, "services.spiped.config.<name>.source": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "description": "Address on which spiped should listen for incoming\nconnections.  Must be in one of the following formats:\n`/absolute/path/to/unix/socket`,\n`host.name:port`,\n`[ip.v4.ad.dr]:port` or\n`[ipv6::addr]:port` - note that\nhostnames are resolved when spiped is launched and are\nnot re-resolved later; thus if DNS entries change\nspiped will continue to connect to the expired\naddress.\n", "loc": ["services", "spiped", "config", "<name>", "source"], "readOnly": false, "type": "string"}, "services.spiped.config.<name>.target": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "description": "Address to which spiped should connect.", "loc": ["services", "spiped", "config", "<name>", "target"], "readOnly": false, "type": "string"}, "services.spiped.config.<name>.timeout": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Timeout, in seconds, after which an attempt to connect to\nthe target or a protocol handshake will be aborted (and the\nconnection dropped) if not completed\n", "loc": ["services", "spiped", "config", "<name>", "timeout"], "readOnly": false, "type": "signed integer"}, "services.spiped.config.<name>.waitForDNS": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Wait for DNS. Normally when `spiped` is\nlaunched it resolves addresses and binds to its source\nsocket before the parent process returns; with this option\nit will daemonize first and retry failed DNS lookups until\nthey succeed. This allows `spiped` to\nlaunch even if DNS isn't set up yet, but at the expense of\nlosing the guarantee that once `spiped` has\nfinished launching it will be ready to create pipes.\n", "loc": ["services", "spiped", "config", "<name>", "waitForDNS"], "readOnly": false, "type": "boolean"}, "services.spiped.config.<name>.weakHandshake": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use fast/weak handshaking: This reduces the CPU time spent\nin the initial connection setup, at the expense of losing\nperfect forward secrecy.\n", "loc": ["services", "spiped", "config", "<name>", "weakHandshake"], "readOnly": false, "type": "boolean"}, "services.spiped.enable": {"declarations": ["nixos/modules/services/networking/spiped.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the spiped service module.", "loc": ["services", "spiped", "enable"], "readOnly": false, "type": "boolean"}, "services.spoolman.enable": {"declarations": ["nixos/modules/services/misc/spoolman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Spoolman, a filament spool inventory management system..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spoolman", "enable"], "readOnly": false, "type": "boolean"}, "services.spoolman.environment": {"declarations": ["nixos/modules/services/misc/spoolman.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to be passed to the spoolman service.\nRefer to https://github.com/Donkie/Spoolman/blob/master/.env.example for details on supported variables.\n", "example": {"_type": "literalExpression", "text": "{\n  SPOOLMAN_AUTOMATIC_BACKUP = \"TRUE\";\n  SPOOLMAN_BASE_PATH = \"/spoolman\";\n  SPOOLMAN_CORS_ORIGIN = \"source1.domain.com:p1, source2.domain.com:p2\";\n  SPOOLMAN_DB_TYPE = \"sqlite\";\n  SPOOLMAN_LOGGING_LEVEL = \"DEBUG\";\n  SPOOLMAN_METRICS_ENABLED = \"TRUE\";\n}"}, "loc": ["services", "spoolman", "environment"], "readOnly": false, "type": "attribute set"}, "services.spoolman.listen": {"declarations": ["nixos/modules/services/misc/spoolman.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The IP address to bind the spoolman server to.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "spoolman", "listen"], "readOnly": false, "type": "string"}, "services.spoolman.openFirewall": {"declarations": ["nixos/modules/services/misc/spoolman.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the appropriate ports in the firewall for spoolman.\n", "loc": ["services", "spoolman", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.spoolman.port": {"declarations": ["nixos/modules/services/misc/spoolman.nix"], "default": {"_type": "literalExpression", "text": "7912"}, "description": "TCP port where spoolman web-gui listens.\n", "loc": ["services", "spoolman", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.spotifyd.config": {"declarations": ["nixos/modules/services/audio/spotifyd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "(Deprecated) Configuration for Spotifyd. For syntax and directives, see\n<https://docs.spotifyd.rs/configuration/index.html#config-file>.\n", "loc": ["services", "spotifyd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.spotifyd.enable": {"declarations": ["nixos/modules/services/audio/spotifyd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable spotifyd, a Spotify playing daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "spotifyd", "enable"], "readOnly": false, "type": "boolean"}, "services.spotifyd.package": {"declarations": ["nixos/modules/services/audio/spotifyd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.spotifyd"}, "description": "The spotifyd package to use.", "loc": ["services", "spotifyd", "package"], "readOnly": false, "type": "package"}, "services.spotifyd.settings": {"declarations": ["nixos/modules/services/audio/spotifyd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Spotifyd. For syntax and directives, see\n<https://docs.spotifyd.rs/configuration/index.html#config-file>.\n", "example": {"_type": "literalExpression", "text": "{\n  global = {\n    bitrate = 320;\n  };\n}"}, "loc": ["services", "spotifyd", "settings"], "readOnly": false, "type": "TOML value"}, "services.squeezelite.enable": {"declarations": ["nixos/modules/services/audio/squeezelite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Squeezelite, a software Squeezebox emulator.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "squeezelite", "enable"], "readOnly": false, "type": "boolean"}, "services.squeezelite.extraArguments": {"declarations": ["nixos/modules/services/audio/squeezelite.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional command line arguments to pass to Squeezelite.\n", "loc": ["services", "squeezelite", "extraArguments"], "readOnly": false, "type": "string"}, "services.squeezelite.pulseAudio": {"declarations": ["nixos/modules/services/audio/squeezelite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pulseaudio support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "squeezelite", "pulseAudio"], "readOnly": false, "type": "boolean"}, "services.squid.configText": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Verbatim contents of squid.conf. If null (default), use the\nautogenerated file from NixOS instead.\n", "loc": ["services", "squid", "configText"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.squid.enable": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run squid web proxy.", "loc": ["services", "squid", "enable"], "readOnly": false, "type": "boolean"}, "services.squid.extraConfig": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Squid configuration. Contents will be added\nverbatim to the configuration file.\n", "loc": ["services", "squid", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.squid.package": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "pkgs.squid"}, "description": "The squid package to use.", "loc": ["services", "squid", "package"], "readOnly": false, "type": "package"}, "services.squid.proxyAddress": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP address on which squid will listen.", "loc": ["services", "squid", "proxyAddress"], "readOnly": false, "type": "null or string"}, "services.squid.proxyPort": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "3128"}, "description": "TCP port on which squid will listen.", "loc": ["services", "squid", "proxyPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.squid.validateConfig": {"declarations": ["nixos/modules/services/networking/squid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Validate config syntax.", "loc": ["services", "squid", "validateConfig"], "readOnly": false, "type": "boolean"}, "services.ssh-agent-switcher.enable": {"declarations": ["nixos/modules/services/security/ssh-agent-switcher.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ssh-agent-switcher, a daemon that proxies SSH agent\nconnections to forwarded agents. This allows tmux/screen sessions to\naccess SSH agents across reconnections.\n\nThis is a per-user service that automatically starts when you log in\nvia SSH and sets SSH_AUTH_SOCK to point to a stable socket location.\n\nNote: This only activates for SSH sessions, not graphical or console logins.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ssh-agent-switcher", "enable"], "readOnly": false, "type": "boolean"}, "services.ssh-agent-switcher.package": {"declarations": ["nixos/modules/services/security/ssh-agent-switcher.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ssh-agent-switcher"}, "description": "The ssh-agent-switcher package to use.", "loc": ["services", "ssh-agent-switcher", "package"], "readOnly": false, "type": "package"}, "services.sshd.enable": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "description": "Alias of {option}`services.openssh.enable`.", "loc": ["services", "sshd", "enable"], "readOnly": false, "type": "boolean"}, "services.sshguard.attack_threshold": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.\n", "loc": ["services", "sshguard", "attack_threshold"], "readOnly": false, "type": "signed integer"}, "services.sshguard.blacklist_file": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/sshguard/blacklist.db\""}, "description": "Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.\n", "loc": ["services", "sshguard", "blacklist_file"], "readOnly": false, "type": "absolute path"}, "services.sshguard.blacklist_threshold": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.\n", "example": {"_type": "literalExpression", "text": "120"}, "loc": ["services", "sshguard", "blacklist_threshold"], "readOnly": false, "type": "null or signed integer"}, "services.sshguard.blocktime": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.\n\nsshguard unblocks attacks at random intervals, so actual block times will be longer.\n", "loc": ["services", "sshguard", "blocktime"], "readOnly": false, "type": "signed integer"}, "services.sshguard.detection_time": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "1800"}, "description": "Remember potential attackers for up to detection_time seconds before resetting their score.\n", "loc": ["services", "sshguard", "detection_time"], "readOnly": false, "type": "signed integer"}, "services.sshguard.enable": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the sshguard service.", "loc": ["services", "sshguard", "enable"], "readOnly": false, "type": "boolean"}, "services.sshguard.services": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"sshd\"\n]"}, "description": "Systemd services sshguard should receive logs of.\n", "example": {"_type": "literalExpression", "text": "[\n  \"sshd\"\n  \"exim\"\n]"}, "loc": ["services", "sshguard", "services"], "readOnly": false, "type": "list of string"}, "services.sshguard.whitelist": {"declarations": ["nixos/modules/services/security/sshguard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Whitelist a list of addresses, hostnames, or address blocks.\n", "example": {"_type": "literalExpression", "text": "[\n  \"198.51.100.56\"\n  \"198.51.100.2\"\n]"}, "loc": ["services", "sshguard", "whitelist"], "readOnly": false, "type": "list of string"}, "services.sshwifty.enable": {"declarations": ["nixos/modules/services/web-apps/sshwifty.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sshwifty.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sshwifty", "enable"], "readOnly": false, "type": "boolean"}, "services.sshwifty.package": {"declarations": ["nixos/modules/services/web-apps/sshwifty.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sshwifty"}, "description": "The sshwifty package to use.", "loc": ["services", "sshwifty", "package"], "readOnly": false, "type": "package"}, "services.sshwifty.settings": {"declarations": ["nixos/modules/services/web-apps/sshwifty.nix"], "description": "Configuration for Sshwifty. See\n[the Sshwifty documentation](https://github.com/nirui/sshwifty/tree/master?tab=readme-ov-file#configuration)\nfor possible options.\n", "loc": ["services", "sshwifty", "settings"], "readOnly": false, "type": "JSON value"}, "services.sshwifty.sharedKeyFile": {"declarations": ["nixos/modules/services/web-apps/sshwifty.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the shared key.", "loc": ["services", "sshwifty", "sharedKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.sshwifty.socks5PasswordFile": {"declarations": ["nixos/modules/services/web-apps/sshwifty.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the SOCKS5 password.", "loc": ["services", "sshwifty", "socks5PasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.sslmate-agent.enable": {"declarations": ["nixos/modules/services/security/sslmate-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sslmate-agent, a daemon for managing SSL/TLS certificates on a server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sslmate-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.sssd.config": {"declarations": ["nixos/modules/services/misc/sssd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of {file}`sssd.conf`.", "example": {"_type": "literalExpression", "text": "''\n  [sssd]\n  services = nss, pam\n  domains = shadowutils\n  \n  [nss]\n  \n  [pam]\n  \n  [domain/shadowutils]\n  id_provider = proxy\n  proxy_lib_name = files\n  auth_provider = proxy\n  proxy_pam_target = sssd-shadowutils\n  proxy_fast_alias = True\n''"}, "loc": ["services", "sssd", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.sssd.enable": {"declarations": ["nixos/modules/services/misc/sssd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the System Security Services Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sssd", "enable"], "readOnly": false, "type": "boolean"}, "services.sssd.environmentFile": {"declarations": ["nixos/modules/services/misc/sssd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the world-readable\nNix store, by specifying placeholder variables as the option value in Nix and\nsetting these variables accordingly in the environment file.\n\n```\n  # snippet of sssd-related config\n  [domain/LDAP]\n  ldap_default_authtok = $SSSD_LDAP_DEFAULT_AUTHTOK\n```\n\n```\n  # contents of the environment file\n  SSSD_LDAP_DEFAULT_AUTHTOK=verysecretpassword\n```\n", "loc": ["services", "sssd", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.sssd.kcm": {"declarations": ["nixos/modules/services/misc/sssd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use SSS as a Kerberos Cache Manager (KCM).\nKerberos will be configured to cache credentials in SSS.\n", "loc": ["services", "sssd", "kcm"], "readOnly": false, "type": "boolean"}, "services.sssd.settings": {"declarations": ["nixos/modules/services/misc/sssd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of {file}`sssd.conf`.", "example": {"_type": "literalExpression", "text": "{\n  \"domain/shadowutils\" = {\n    auth_provider = \"proxy\";\n    id_provider = \"proxy\";\n    proxy_fast_alias = true;\n    proxy_lib_name = \"files\";\n    proxy_pam_target = \"sssd-shadowutils\";\n  };\n  nss = { };\n  pam = { };\n  sssd = {\n    domains = \"shadowutils\";\n    services = \"nss, pam\";\n  };\n}"}, "loc": ["services", "sssd", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.sssd.sshAuthorizedKeysIntegration": {"declarations": ["nixos/modules/services/misc/sssd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to make sshd look up authorized keys from SSS.\nFor this to work, the `ssh` SSS service must be enabled in the sssd configuration.\n", "loc": ["services", "sssd", "sshAuthorizedKeysIntegration"], "readOnly": false, "type": "boolean"}, "services.stalwart.credentials": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Credentials envs used to configure Stalwart secrets.\nThese secrets can be accessed in configuration values with\nthe macros such as\n`%{file:/run/credentials/stalwart.service/VAR_NAME}%`.\n", "example": {"_type": "literalExpression", "text": "{\n  user_admin_password = \"/run/keys/stalwart_admin_password\";\n}"}, "loc": ["services", "stalwart", "credentials"], "readOnly": false, "type": "attribute set of string"}, "services.stalwart.dataDir": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stalwart\""}, "description": "Data directory for stalwart\n", "loc": ["services", "stalwart", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.stalwart.enable": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the all-in-one collaboration and mail server, Stalwart.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stalwart", "enable"], "readOnly": false, "type": "boolean"}, "services.stalwart.group": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "\"stalwart\""}, "description": "Group ownership of service\n", "loc": ["services", "stalwart", "group"], "readOnly": false, "type": "string"}, "services.stalwart.openFirewall": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open TCP firewall ports, which are specified in\n{option}`services.stalwart.settings.server.listener` on all interfaces.\n", "loc": ["services", "stalwart", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.stalwart.package": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stalwart"}, "description": "The stalwart package to use.", "loc": ["services", "stalwart", "package"], "readOnly": false, "type": "package"}, "services.stalwart.settings": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for the Stalwart server.\nSee <https://stalw.art/docs/category/configuration> for available options.\n\nBy default, the module is configured to store everything locally.\n", "loc": ["services", "stalwart", "settings"], "readOnly": false, "type": "TOML value"}, "services.stalwart.user": {"declarations": ["nixos/modules/services/mail/stalwart.nix"], "default": {"_type": "literalExpression", "text": "\"stalwart\""}, "description": "User ownership of service\n", "loc": ["services", "stalwart", "user"], "readOnly": false, "type": "string"}, "services.stargazer.allowCgiUser": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, the stargazer process will be given `CAP_SETGID`\nand `CAP_SETUID` so that it can run cgi processes as a different\nuser. This is required if the `cgi-user` option is used for a route.\nNote that these capabilities could allow privilege escalation so be\ncareful. For that reason, this is disabled by default.\n\nYou will need to create the user mentioned `cgi-user` if it does not\nalready exist.\n", "loc": ["services", "stargazer", "allowCgiUser"], "readOnly": false, "type": "boolean"}, "services.stargazer.certLifetime": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "How long certs generated by Stargazer should live for.\nCerts live forever by default.\n", "example": {"_type": "literalExpression", "text": "\"1y\""}, "loc": ["services", "stargazer", "certLifetime"], "readOnly": false, "type": "string"}, "services.stargazer.certOrg": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "\"stargazer\""}, "description": "The name of the organization responsible for the X.509\ncertificate's /O name.\n", "loc": ["services", "stargazer", "certOrg"], "readOnly": false, "type": "string"}, "services.stargazer.connectionLogging": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether or not to log connections to stdout.", "loc": ["services", "stargazer", "connectionLogging"], "readOnly": false, "type": "boolean"}, "services.stargazer.debugMode": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run Stargazer in debug mode.", "loc": ["services", "stargazer", "debugMode"], "readOnly": false, "type": "boolean"}, "services.stargazer.enable": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Stargazer Gemini server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stargazer", "enable"], "readOnly": false, "type": "boolean"}, "services.stargazer.genCerts": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to false to disable automatic certificate generation.\nUse if you want to provide your own certs.\n", "loc": ["services", "stargazer", "genCerts"], "readOnly": false, "type": "boolean"}, "services.stargazer.group": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "\"stargazer\""}, "description": "Group account under which stargazer runs.", "loc": ["services", "stargazer", "group"], "readOnly": false, "type": "string"}, "services.stargazer.ipLog": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log client IP addresses in the connection log.", "loc": ["services", "stargazer", "ipLog"], "readOnly": false, "type": "boolean"}, "services.stargazer.ipLogPartial": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Log partial client IP addresses in the connection log.", "loc": ["services", "stargazer", "ipLogPartial"], "readOnly": false, "type": "boolean"}, "services.stargazer.listen": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "[ \"0.0.0.0\" ] ++ lib.optional config.networking.enableIPv6 \"[::0]\""}, "description": "Address and port to listen on.\n", "example": {"_type": "literalExpression", "text": "[ \"10.0.0.12\" \"[2002:a00:1::]\" ]"}, "loc": ["services", "stargazer", "listen"], "readOnly": false, "type": "list of string"}, "services.stargazer.regenCerts": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Set to false to turn off automatic regeneration of expired certificates.\nUse if you want to provide your own certs.\n", "loc": ["services", "stargazer", "regenCerts"], "readOnly": false, "type": "boolean"}, "services.stargazer.requestTimeout": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Number of seconds to wait for the client to send a complete\nrequest. Set to 0 to disable.\n", "loc": ["services", "stargazer", "requestTimeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.stargazer.responseTimeout": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of seconds to wait for the client to send a complete\nrequest and for stargazer to finish sending the response.\nSet to 0 to disable.\n", "loc": ["services", "stargazer", "responseTimeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.stargazer.routes": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Routes that Stargazer should server.\n\nExpressed as a list of attribute sets. Each set must have a key `route`\nthat becomes the section name for that route in the stargazer ini cofig.\nThe remaining keys and values become the parameters for that route.\n\n[Refer to upstream docs for other params](https://git.sr.ht/~zethra/stargazer/tree/main/item/doc/stargazer.ini.5.txt)\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    route = \"example.com\";\n    root = \"/srv/gemini/example.com\"\n  }\n  {\n    route = \"example.com:/man\";\n    root = \"/cgi-bin\";\n    cgi = true;\n  }\n  {\n    route = \"other.org~(.*)\";\n    redirect = \"gemini://example.com\";\n    rewrite = \"\\1\";\n  }\n]\n"}, "loc": ["services", "stargazer", "routes"], "readOnly": false, "type": "list of (open submodule of attribute set of (INI atom (null, bool, int, float or string)))"}, "services.stargazer.routes.*.route": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "description": "Route section name", "loc": ["services", "stargazer", "routes", "*", "route"], "readOnly": false, "type": "string"}, "services.stargazer.store": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "/var/lib/gemini/certs"}, "description": "Path to the certificate store on disk. This should be a\npersistent directory writable by Stargazer.\n", "loc": ["services", "stargazer", "store"], "readOnly": false, "type": "absolute path"}, "services.stargazer.user": {"declarations": ["nixos/modules/services/web-servers/stargazer.nix"], "default": {"_type": "literalExpression", "text": "\"stargazer\""}, "description": "User account under which stargazer runs.", "loc": ["services", "stargazer", "user"], "readOnly": false, "type": "string"}, "services.static-web-server.configuration": {"declarations": ["nixos/modules/services/web-servers/static-web-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Static Web Server. See\n<https://static-web-server.net/configuration/config-file/>.\nNOTE: Don't set \"host\", \"port\", or \"root\" here. They will be ignored.\nUse the top-level \"listen\" and \"root\" options instead.\n", "example": {"_type": "literalExpression", "text": "{\n  general = {\n    directory-listing = true;\n    log-level = \"error\";\n  };\n}"}, "loc": ["services", "static-web-server", "configuration"], "readOnly": false, "type": "TOML value"}, "services.static-web-server.enable": {"declarations": ["nixos/modules/services/web-servers/static-web-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Static Web Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "static-web-server", "enable"], "readOnly": false, "type": "boolean"}, "services.static-web-server.listen": {"declarations": ["nixos/modules/services/web-servers/static-web-server.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:8787\""}, "description": "The {manpage}`systemd.socket(5)` \"ListenStream\" used in static-web-server.socket.\nThis is equivalent to SWS's \"host\" and \"port\" options.\nSee here for specific syntax: <https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=>\n", "loc": ["services", "static-web-server", "listen"], "readOnly": false, "type": "string"}, "services.static-web-server.root": {"declarations": ["nixos/modules/services/web-servers/static-web-server.nix"], "description": "The location of files for SWS to serve. Equivalent to SWS's \"root\" config value.\nNOTE: This folder must exist before starting SWS.\n", "loc": ["services", "static-web-server", "root"], "readOnly": false, "type": "absolute path"}, "services.statsd.backends": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of backends statsd will use for data persistence", "example": {"_type": "literalExpression", "text": "[\n  \"graphite\"\n  \"console\"\n  \"repeater\"\n  \"statsd-librato-backend\"\n  \"statsd-influxdb-backend\"\n]"}, "loc": ["services", "statsd", "backends"], "readOnly": false, "type": "list of string"}, "services.statsd.enable": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable statsd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "statsd", "enable"], "readOnly": false, "type": "boolean"}, "services.statsd.extraConfig": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options for statsd", "loc": ["services", "statsd", "extraConfig"], "readOnly": false, "type": "null or string"}, "services.statsd.graphiteHost": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname or IP of Graphite server", "loc": ["services", "statsd", "graphiteHost"], "readOnly": false, "type": "null or string"}, "services.statsd.graphitePort": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port of Graphite server (i.e. carbon-cache).", "loc": ["services", "statsd", "graphitePort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.statsd.listenAddress": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address that statsd listens on over UDP", "loc": ["services", "statsd", "listenAddress"], "readOnly": false, "type": "string"}, "services.statsd.mgmt_address": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to run management TCP interface on", "loc": ["services", "statsd", "mgmt_address"], "readOnly": false, "type": "string"}, "services.statsd.mgmt_port": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "8126"}, "description": "Port to run the management TCP interface on", "loc": ["services", "statsd", "mgmt_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.statsd.port": {"declarations": ["nixos/modules/services/monitoring/statsd.nix"], "default": {"_type": "literalExpression", "text": "8125"}, "description": "Port that stats listens for messages on over UDP", "loc": ["services", "statsd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.step-ca.address": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "description": "The address (without port) the certificate authority should listen at.\nThis combined with {option}`services.step-ca.port` overrides {option}`services.step-ca.settings.address`.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "step-ca", "address"], "readOnly": false, "type": "string"}, "services.step-ca.enable": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the smallstep certificate authority server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "step-ca", "enable"], "readOnly": false, "type": "boolean"}, "services.step-ca.intermediatePasswordFile": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the password for the intermediate\ncertificate private key.\n\n::: {.warning}\nMake sure to use a quoted absolute path instead of a path literal\nto prevent it from being copied to the globally readable Nix\nstore.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/smallstep-password\""}, "loc": ["services", "step-ca", "intermediatePasswordFile"], "readOnly": false, "type": "null or absolute path not in the Nix store"}, "services.step-ca.openFirewall": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the certificate authority server port.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "step-ca", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.step-ca.package": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "default": {"_type": "literalExpression", "text": "pkgs.step-ca"}, "description": "The step-ca package to use.", "loc": ["services", "step-ca", "package"], "readOnly": false, "type": "package"}, "services.step-ca.port": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "description": "The port the certificate authority should listen on.\nThis combined with {option}`services.step-ca.address` overrides {option}`services.step-ca.settings.address`.\n", "example": {"_type": "literalExpression", "text": "8443"}, "loc": ["services", "step-ca", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.step-ca.settings": {"declarations": ["nixos/modules/services/security/step-ca.nix"], "description": "Settings that go into {file}`ca.json`. See\n[the step-ca manual](https://smallstep.com/docs/step-ca/configuration)\nfor more information. The easiest way to\nconfigure this module would be to run `step ca init`\nto generate {file}`ca.json` and then import it using\n`builtins.fromJSON`.\n[This article](https://smallstep.com/docs/step-cli/basic-crypto-operations#run-an-offline-x509-certificate-authority)\nmay also be useful if you want to customize certain aspects of\ncertificate generation for your CA.\nYou need to change the database storage path to {file}`/var/lib/step-ca/db`.\n\n::: {.warning}\nThe {option}`services.step-ca.settings.address` option\nwill be ignored and overwritten by\n{option}`services.step-ca.address` and\n{option}`services.step-ca.port`.\n:::\n", "loc": ["services", "step-ca", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.stirling-pdf.enable": {"declarations": ["nixos/modules/services/web-apps/stirling-pdf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the stirling-pdf service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stirling-pdf", "enable"], "readOnly": false, "type": "boolean"}, "services.stirling-pdf.environment": {"declarations": ["nixos/modules/services/web-apps/stirling-pdf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for the stirling-pdf app.\nSee <https://github.com/Stirling-Tools/Stirling-PDF#customisation> for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  INSTALL_BOOK_AND_ADVANCED_HTML_OPS = \"true\";\n  SERVER_PORT = 8080;\n}"}, "loc": ["services", "stirling-pdf", "environment"], "readOnly": false, "type": "attribute set of (string or signed integer)"}, "services.stirling-pdf.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/stirling-pdf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files containing additional environment variables to pass to Stirling PDF.\nSecrets should be added in environmentFiles instead of environment.\n", "loc": ["services", "stirling-pdf", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.stirling-pdf.package": {"declarations": ["nixos/modules/services/web-apps/stirling-pdf.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stirling-pdf"}, "description": "The stirling-pdf package to use.", "loc": ["services", "stirling-pdf", "package"], "readOnly": false, "type": "package"}, "services.stratis.enable": {"declarations": ["nixos/modules/tasks/stratis.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Stratis Storage - Easy to use local storage management for Linux.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stratis", "enable"], "readOnly": false, "type": "boolean"}, "services.strfry.enable": {"declarations": ["nixos/modules/services/web-apps/strfry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable strfry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "strfry", "enable"], "readOnly": false, "type": "boolean"}, "services.strfry.package": {"declarations": ["nixos/modules/services/web-apps/strfry.nix"], "default": {"_type": "literalExpression", "text": "pkgs.strfry"}, "description": "The strfry package to use.", "loc": ["services", "strfry", "package"], "readOnly": false, "type": "package"}, "services.strfry.settings": {"declarations": ["nixos/modules/services/web-apps/strfry.nix"], "default": {"_type": "literalExpression", "text": "{\n  db = \"/var/lib/strfry\";\n  dbParams = {\n    mapsize = 10995116277760;\n    maxreaders = 256;\n    noReadAhead = false;\n  };\n  events = {\n    ephemeralEventsLifetimeSeconds = 300;\n    maxEventSize = 65536;\n    maxNumTags = 2000;\n    maxTagValSize = 1024;\n    rejectEphemeralEventsOlderThanSeconds = 60;\n    rejectEventsNewerThanSeconds = 900;\n    rejectEventsOlderThanSeconds = 94608000;\n  };\n  relay = {\n    autoPingSeconds = 55;\n    bind = \"127.0.0.1\";\n    compression = {\n      enabled = true;\n      slidingWindow = true;\n    };\n    enableTcpKeepalive = false;\n    info = {\n      contact = \"\";\n      description = \"This is a strfry instance.\";\n      icon = \"\";\n      name = \"strfry default\";\n      nips = \"\";\n      pubkey = \"\";\n    };\n    logging = {\n      dbScanPerf = false;\n      dumpInAll = false;\n      dumpInEvents = false;\n      dumpInReqs = false;\n      invalidEvents = true;\n    };\n    maxFilterLimit = 500;\n    maxReqFilterSize = 200;\n    maxSubsPerConnection = 20;\n    maxWebsocketPayloadSize = 131072;\n    negentropy = {\n      enabled = true;\n      maxSyncEvents = 1000000;\n    };\n    nofiles = 1000000;\n    numThreads = {\n      ingester = 3;\n      negentropy = 2;\n      reqMonitor = 3;\n      reqWorker = 3;\n    };\n    port = 7777;\n    queryTimesliceBudgetMicroseconds = 10000;\n    realIpHeader = \"\";\n    writePolicy = {\n      plugin = \"\";\n    };\n  };\n}"}, "description": "Configuration options to set for the Strfry service. See <https://github.com/hoytech/strfry> for documentation.", "example": {"_type": "literalExpression", "text": "dbParams = {\n  maxreaders = 256;\n  mapsize = 10995116277760;\n  noReadAhead = false;\n};\n"}, "loc": ["services", "strfry", "settings"], "readOnly": false, "type": "JSON value"}, "services.strongswan-swanctl.enable": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable strongswan-swanctl service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "strongswan-swanctl", "enable"], "readOnly": false, "type": "boolean"}, "services.strongswan-swanctl.includes": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra configuration files to include in the swanctl configuration. This can be used to provide secret values from outside the nix store.\n", "loc": ["services", "strongswan-swanctl", "includes"], "readOnly": false, "type": "list of absolute path"}, "services.strongswan-swanctl.package": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "pkgs.strongswan"}, "description": "The strongswan package to use.", "loc": ["services", "strongswan-swanctl", "package"], "readOnly": false, "type": "package"}, "services.strongswan-swanctl.strongswan.extraConfig": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the {file}`strongswan.conf` file.\n", "loc": ["services", "strongswan-swanctl", "strongswan", "extraConfig"], "readOnly": false, "type": "string"}, "services.strongswan-swanctl.swanctl.authorities": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section defining complementary attributes of certification authorities, each\nin its own subsection with an arbitrary yet unique name\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.authorities.<name>.cacert": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The certificates may use a relative path from the swanctl\n`x509ca` directory or an absolute path.\n\nConfigure one of {option}`cacert`,\n{option}`file`, or\n{option}`handle` per section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "cacert"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Defines the base URI for the Hash and URL feature supported by\nIKEv2. Instead of exchanging complete certificates, IKEv2 allows one to\nsend an URI that resolves to the DER encoded certificate. The certificate\nURIs are built by appending the SHA1 hash of the DER encoded certificates\nto this base URI.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "cert_uri_base"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of CRL distribution points (ldap, http, or file URI).\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "crl_uris"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.authorities.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to the certificate to load. Passed as-is to the daemon, so\nit must be readable by it.\n\nConfigure either this or {option}`handle`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.authorities.<name>.handle": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hex-encoded CKA_ID or handle of the certificate on a token or TPM,\nrespectively.\n\nConfigure either this or {option}`file`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "handle"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.authorities.<name>.module": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional PKCS#11 module name.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "module"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of OCSP URIs.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "ocsp_uris"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.authorities.<name>.slot": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional slot number of the token that stores the certificate.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "authorities", "<name>", "slot"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section defining IKE connection configurations, each in its own subsection\nwith an arbitrary yet unique name\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.aggressive": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables Aggressive Mode instead of Main Mode with Identity\nProtection. Aggressive Mode is considered less secure, because the ID and\nHASH payloads are exchanged unprotected. This allows a passive attacker to\nsnoop peer identities, and even worse, start dictionary attacks on the\nPreshared Key.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "aggressive"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.childless": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use childless IKE_SA initiation (_allow_, _prefer_, _force_ or _never_).\n\nUse childless IKE_SA initiation (RFC 6023) for IKEv2, with the first\nCHILD_SA created with a separate CREATE_CHILD_SA exchange (e.g. to use an\nindependent key exchange for all CHILD_SAs).  Acceptable values are _allow_\n(the default), _prefer_, _force_ and _never_. If set to _allow_, responders\nwill accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT\nresponse) while initiators continue to create regular IKE_SAs with the first\nCHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated explicitly\nwithout any children (which will fail if the responder does not support or\nhas disabled this extension). The effect of _prefer_ is the same as _allow_\non responders, but as initiator a childless IKE_SA is initiated if the\nresponder supports it. If set to _force_, only childless initiation is\naccepted in either role.  Finally, setting the option to _never_ disables\nsupport for childless IKE_SAs as responder.\n\n\nStrongSwan default: ````\"allow\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "childless"], "readOnly": false, "type": "null or one of \"allow\", \"prefer\", \"force\", \"never\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "CHILD_SA configuration sub-section. Each connection definition may have\none or more sections in its {option}`children` subsection. The\nsection name defines the name of the CHILD_SA configuration, which must be\nunique within the connection (denoted \\<child\\> below).\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms.\nFor AH, this includes an integrity algorithm and an optional key exchange\nmethod. If a KE method is specified, CHILD_SA/Quick Mode rekeying and\ninitial negotiation uses a separate key exchange using the negotiated method\n(refer to _esp_proposals_ for details).\n\nWith peers that support multiple IKEv2 key exchanges (RFC 9370), up to seven\nadditional key exchanges may be negotiated. They can be configured by\nprefixing the algorithm keyword with **keX_** (where X is a number between\n1 and 7).\n\nFor IKEv2, multiple algorithms of the same kind can be specified in a single\nproposal, from which one gets selected. For IKEv1, only one algorithm per\nkind is allowed per proposal, more algorithms get implicitly stripped. Use\nmultiple proposals to offer different algorithm combinations with IKEv1.\n\nAlgorithm keywords get separated using dashes. The special value _default_\nforms a default proposal of supported algorithms considered safe, and is\nusually a good choice for interoperability. By default no AH proposals\nare included, instead ESP is proposed.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "ah_proposals"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Action to perform after a CHILD_SA gets closed by the peer.\n\n- The default of `none` does not take any action,\n- `trap` installs a trap policy for the CHILD_SA.\n- `start` tries to re-create the CHILD_SA.\n\n{option}`close_action` does not provide any guarantee that the\nCHILD_SA is kept alive. It acts on explicit close messages only, but not\non negotiation failures. Use trap policies to reliably re-create failed\nCHILD_SAs.\n\n\nStrongSwan default: ````\"none\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "close_action"], "readOnly": false, "type": "null or one of \"none\", \"trap\", \"start\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This\neffectively disables Path MTU discovery (PMTUD). Controlling this\nbehavior is not supported by all kernel interfaces.\n\n\nStrongSwan default: ````true````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "copy_df"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to copy the DSCP (Differentiated Services Field Codepoint)\nheader field to/from the outer IP header in tunnel mode. The value\n`out` only copies the field from the inner to the outer\nheader, the value `in` does the opposite and only\ncopies the field from the outer to the inner header when decapsulating,\nthe value `yes` copies the field in both directions,\nand the value `no` disables copying the field\naltogether. Setting this to `yes` or\n`in` could allow an attacker to adversely affect other\ntraffic at the receiver, which is why the default is\n`out`. Controlling this behavior is not supported by\nall kernel interfaces.\n\n\nStrongSwan default: ````\"out\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "copy_dscp"], "readOnly": false, "type": "null or one of \"out\", \"in\", \"yes\", \"no\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to copy the ECN (Explicit Congestion Notification) header field\nto/from the outer IP header in tunnel mode. Controlling this behavior is\nnot supported by all kernel interfaces.\n\n\nStrongSwan default: ````true````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "copy_ecn"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Action to perform for this CHILD_SA on DPD timeout. The default clear\ncloses the CHILD_SA and does not take further action. trap installs a\ntrap policy, which will catch matching traffic and tries to re-negotiate\nthe tunnel on-demand. restart immediately tries to re-negotiate the\nCHILD_SA under a fresh IKE_SA.\n\n\nStrongSwan default: ````\"clear\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "dpd_action"], "readOnly": false, "type": "null or one of \"clear\", \"trap\", \"restart\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms.\nFor non-AEAD ESP proposals, this includes an integrity algorithm, an\nencryption algorithm, an optional key exchange method and an optional\nExtended Sequence Number Mode indicator. For AEAD proposals, a combined\nmode algorithm is used instead of the separate encryption/integrity\nalgorithms.\n\nIf a key exchange method is specified, CHILD_SA/Quick Mode rekeying and\ninitial negotiation use a separate key exchange using the specified method.\nHowever, for IKEv2, the keys of the CHILD_SA created implicitly with the\nIKE_SA will always be derived from the IKE_SA's key material. So any key\nexchange method specified here will only apply when the CHILD_SA is later\nrekeyed or is created with a separate CREATE_CHILD_SA exchange. A proposal\nmismatch might, therefore, not immediately be noticed when the SA is\nestablished, but may later cause rekeying to fail.\n\nWith peers that support multiple IKEv2 key exchanges (RFC 9370), up to seven\nadditional key exchanges may be negotiated. They can be configured by\nprefixing the algorithm keyword with **keX_** (where X is a number between\n1 and 7).\n\nExtended Sequence Number support may be indicated with the _esn_ and _noesn_\nvalues, both may be included to indicate support for both modes. If omitted,\n_noesn_ is assumed.\n\nFor IKEv2, multiple algorithms of the same kind can be specified in a single\nproposal, from which one gets selected. For IKEv1, only one algorithm per\nkind is allowed per proposal, more algorithms get implicitly stripped. Use\nmultiple proposals to offer different algorithm combinations with IKEv1.\n\nAlgorithm keywords get separated using dashes. The special value _default_\nforms a default proposal of supported algorithms considered safe, and is\nusually a good choice for interoperability. If no algorithms are specified\nfor AH nor ESP, the _default_ set of algorithms for ESP is included.\n\n\nStrongSwan default: ````[\"default\"]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "esp_proposals"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostaccess variable to pass to `updown` script.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "hostaccess"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable hardware offload for this CHILD_SA, if supported by the IPsec\nimplementation. The values `crypto` or `packet` enforce crypto or full\npacket offloading and the installation will fail if the selected mode is not\nsupported by either kernel or device. On Linux, `packet` also offloads\npolicies, including trap policies. The value `auto` enables full packet\nor crypto offloading, if either is supported, but the installation does not\nfail otherwise.\n\n\nStrongSwan default: ````\"no\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "hw_offload"], "readOnly": false, "type": "null or one of \"yes\", \"no\", \"auto\", \"crypto\", \"packet\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "XFRM interface ID set on inbound policies/SA. This allows installing\nduplicate policies/SAs and associates them with an interface with the\nsame ID. The special value `%unique` sets a unique\ninterface ID on each CHILD_SA instance, beyond that the value\n`%unique-dir` assigns a different unique interface ID\nfor each CHILD_SA direction (in/out).\n\n\nStrongSwan default: ````\"0\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "if_id_in"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "XFRM interface ID set on outbound policies/SA. This allows installing\nduplicate policies/SAs and associates them with an interface with the\nsame ID. The special value `%unique` sets a unique\ninterface ID on each CHILD_SA instance, beyond that the value\n`%unique-dir` assigns a different unique interface ID\nfor each CHILD_SA direction (in/out).\n\nThe daemon will not install routes for CHILD_SAs that have this option set.\n\n\nStrongSwan default: ````\"0\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "if_id_out"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout before closing CHILD_SA after inactivity. If no traffic has been\nprocessed in either direction for the configured timeout, the CHILD_SA\ngets closed due to inactivity. The default value of 0 disables inactivity\nchecks.\n\n\nStrongSwan default: ````\"0s\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "inactivity"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional interface name to restrict outbound IPsec policies.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "interface"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable IPComp compression before encryption. If enabled, IKE tries to\nnegotiate IPComp compression to compress ESP payload data prior to\nencryption.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "ipcomp"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum bytes processed before CHILD_SA gets closed. Usually this hard\nvolume limit is never reached, because the CHILD_SA gets rekeyed\nbefore. If that fails for whatever reason, this limit closes the\nCHILD_SA.  The default is 10% more than {option}`rekey_bytes`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "life_bytes"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of packets processed before CHILD_SA gets closed. Usually\nthis hard packets limit is never reached, because the CHILD_SA gets\nrekeyed before. If that fails for whatever reason, this limit closes the\nCHILD_SA.\n\nThe default is 10% more than {option}`rekey_bytes`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "life_packets"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime\nis never reached, because the CHILD_SA gets rekeyed before. If that fails\nfor whatever reason, this limit closes the CHILD_SA.  The default is 10%\nmore than the {option}`rekey_time`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "life_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of local traffic selectors to include in CHILD_SA.\nEach selector is a CIDR subnet definition, followed by an optional\nproto/port selector. The special value _dynamic_ may be used instead of a\nsubnet definition, which gets replaced by the tunnel outer address or the\nvirtual IP, if negotiated. This is the default.\n\nA protocol/port selector is surrounded by opening and closing square\nbrackets. Between these brackets, a numeric or **getservent**(3) protocol\nname may be specified. After the optional protocol restriction, an optional\nport restriction may be specified, separated by a slash. The port\nrestriction may be numeric, a **getservent**(3) service name, or the special\nvalue _opaque_ for RFC 4301 OPAQUE selectors. Port ranges may be specified\nas well, none of the kernel backends currently support port ranges, though.\nIf the protocol is _icmp_ or _ipv6-icmp_, the port is interpreted as ICMP\nmessage type if it is less than 256 or as type and code if it is greater or\nequal to 256, with the type in the most significant 8 bits and the code in\nthe least significant 8 bits.\n\nWhen IKEv1 is used only the first selector is interpreted, except if\nthe Cisco Unity extension plugin is used. This is due to a limitation of the\nIKEv1 protocol, which only allows a single pair of selectors per CHILD_SA.\nSo to tunnel traffic matched by several pairs of selectors when using IKEv1\nseveral children (CHILD_SAs) have to be defined that cover the selectors.\n\nThe IKE daemon uses traffic selector narrowing for IKEv1, the same way it is\nstandardized and implemented for IKEv2. However, this may lead to problems\nwith other implementations. To avoid that, configure identical selectors in\nsuch scenarios.\n\n\nStrongSwan default: ````[\"dynamic\"]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "local_ts"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Netfilter mark and mask for input traffic. On Linux, Netfilter may\nrequire marks on each packet to match an SA/policy having that option\nset. This allows installing duplicate policies and enables Netfilter\nrules to select specific SAs/policies for incoming traffic. Note that\ninbound marks are only set on policies, by default, unless\n{option}`mark_in_sa` is enabled. The special value\n`%unique` sets a unique mark on each CHILD_SA instance,\nbeyond that the value `%unique-dir` assigns a different\nunique mark for each\n\nAn additional mask may be appended to the mark, separated by\n`/`. The default mask if omitted is\n`0xffffffff`.\n\n\nStrongSwan default: ````\"0/0x00000000\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "mark_in"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to set {option}`mark_in` on the inbound SA. By default,\nthe inbound mark is only set on the inbound policy. The tuple destination\naddress, protocol and SPI is unique and the mark is not required to find\nthe correct SA, allowing to mark traffic after decryption instead (where\nmore specific selectors may be used) to match different policies. Marking\npackets before decryption is still possible, even if no mark is set on\nthe SA.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "mark_in_sa"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Netfilter mark and mask for output traffic. On Linux, Netfilter may\nrequire marks on each packet to match a policy/SA having that option\nset. This allows installing duplicate policies and enables Netfilter\nrules to select specific policies/SAs for outgoing traffic. The special\nvalue `%unique` sets a unique mark on each CHILD_SA\ninstance, beyond that the value `%unique-dir` assigns a\ndifferent unique mark for each CHILD_SA direction (in/out).\n\nAn additional mask may be appended to the mark, separated by\n`/`. The default mask if omitted is\n`0xffffffff`.\n\n\nStrongSwan default: ````\"0/0x00000000\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "mark_out"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPsec Mode to establish CHILD_SA with.\n\n- `tunnel` negotiates the CHILD_SA in IPsec Tunnel Mode,\n- whereas `transport` uses IPsec Transport Mode.\n- `transport_proxy` signifying the special Mobile IPv6\n  Transport Proxy Mode.\n- `beet` is the Bound End to End Tunnel mixture mode,\n  working with fixed inner addresses without the need to include them in\n  each packet.\n- Both `transport` and `beet` modes are\n  subject to mode negotiation; `tunnel` mode is\n  negotiated if the preferred mode is not available.\n- `pass` and `drop` are used to install\n  shunt policies which explicitly bypass the defined traffic from IPsec\n  processing or drop it, respectively.\n\n\nStrongSwan default: ````\"tunnel\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "mode"], "readOnly": false, "type": "null or one of \"tunnel\", \"transport\", \"transport_proxy\", \"beet\", \"pass\", \"drop\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enable per-CPU CHILD_SAs. Requires `trap` in `start_action`.\nThe value `encap` enables a special type of UDP encapsulation\n(requires enabling `encap` for the connection if there is no NAT),\nwhere a random source port is used for each outbound per-CPU SA\n(the destination port for all of them remains 4500). This allows\nusing the port for RSS if the SPI can\u2019t be used. Note that this type\nof behavior is not standardized and not negotiated. So regardless\nof whether the option is enabled, inbound per-CPU SAs\nwith UDP-encapsulation always have the source port set to 0\nas the peer\u2019s random port is unknown if it has this option enabled.\n\n\nStrongSwan default: ````\"no\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "per_cpu_sas"], "readOnly": false, "type": "null or one of \"yes\", \"no\", \"encap\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to install IPsec policies or not. Disabling this can be useful in\nsome scenarios e.g. MIPv6, where policies are not managed by the IKE\ndaemon. Since 5.3.3.\n\n\nStrongSwan default: ````true````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "policies"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to install outbound FWD IPsec policies or not. Enabling this is\nrequired in case there is a drop policy that would match and block\nforwarded traffic for this CHILD_SA. Since 5.5.1.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "policies_fwd_out"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional fixed priority for IPsec policies. This could be useful to\ninstall high-priority drop policies. The default of 0 uses dynamically\ncalculated priorities based on the size of the traffic selectors.\n\n\nStrongSwan default: ````0````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "priority"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Byte range from which to choose a random value to subtract from\n{option}`rekey_bytes`. The default is the difference between\n{option}`life_bytes` and {option}`rekey_bytes`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "rand_bytes"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Packet range from which to choose a random value to subtract from\n{option}`rekey_packets`. The default is the difference between\n{option}`life_packets` and {option}`rekey_packets`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "rand_packets"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Time range from which to choose a random value to subtract from\n{option}`rekey_time`. The default is the difference between\n{option}`life_time` and {option}`rekey_time`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "rand_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of bytes processed before initiating CHILD_SA rekeying.\n\nNumber of bytes processed before initiating CHILD_SA rekeying. CHILD_SA\nrekeying refreshes key material, optionally using a Diffie-Hellman exchange\nif a group is specified in the proposal.\n\nTo avoid rekey collisions initiated by both ends simultaneously, a value\nin the range of {option}`rand_bytes` gets subtracted to form the effective soft\nvolume limit.\n\nVolume based CHILD_SA rekeying is disabled by default. If {option}`life_bytes`\nis explicitly configured, {option}`rekey_bytes` defaults to 10% less than that.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "rekey_bytes"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of packets processed before initiating CHILD_SA rekeying.\n\nNumber of packets processed before initiating CHILD_SA rekeying. CHILD_SA\nrekeying refreshes key material, optionally using a Diffie-Hellman exchange\nif a group is specified in the proposal.\n\nTo avoid rekey collisions initiated by both ends simultaneously, a value\nin the range of {option}`rand_packets` gets subtracted to form the effective soft\npacket count limit.\n\nPacket count based CHILD_SA rekeying is disabled by default. If\n{option}`life_packets` is explicitly configured, {option}`rekey_packets` defaults to\n10% less than that.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "rekey_packets"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key\nmaterial, optionally using a Diffie-Hellman exchange if a group is\nspecified in the proposal.\n\nTo avoid rekey collisions initiated by both ends simultaneously, a value\nin the range of {option}`rand_time` gets subtracted to form the effective soft\nlifetime.\n\nIf {option}`life_time` is explicitly configured, {option}`rekey_time` defaults to 10%\nless than that, otherwise, CHILD_SA rekeying is scheduled every hour, minus\n{option}`rand_time`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "rekey_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of remote selectors to include in CHILD_SA. See\n{option}`local_ts` for a description of the selector syntax.\n\n\nStrongSwan default: ````[\"dynamic\"]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "remote_ts"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_window": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPsec replay window to configure for this CHILD_SA. Larger values than\nthe default of `32` are supported using the Netlink\nbackend only, a value of `0` disables IPsec replay\nprotection.\n\n\nStrongSwan default: ````32````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "replay_window"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fixed reqid to use for this CHILD_SA. This might be helpful in some\nscenarios, but works only if each CHILD_SA configuration is instantiated\nnot more than once. The default of 0 uses dynamic reqids, allocated\nincrementally.\n\n\nStrongSwan default: ````0````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "reqid"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Netfilter mark applied to packets after the inbound IPsec SA processed\nthem. This way it's not necessary to mark packets via Netfilter before\ndecryption or right afterwards to match policies or process them\ndifferently (e.g. via policy routing).\n\nAn additional mask may be appended to the mark, separated by\n`/`. The default mask if omitted is 0xffffffff. The\nspecial value `%same` uses the value (but not the mask)\nfrom {option}`mark_in` as mark value, which can be fixed,\n`%unique` or `%unique-dir`.\n\nSetting marks in XFRM input requires Linux 4.19 or higher.\n\n\nStrongSwan default: ````\"0/0x00000000\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "set_mark_in"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Netfilter mark applied to packets after the outbound IPsec SA processed\nthem. This allows processing ESP packets differently than the original\ntraffic (e.g. via policy routing).\n\nAn additional mask may be appended to the mark, separated by\n`/`. The default mask if omitted is 0xffffffff. The\nspecial value `%same` uses the value (but not the mask)\nfrom {option}`mark_out` as mark value, which can be fixed,\n`%unique_` or `%unique-dir`.\n\nSetting marks in XFRM output is supported since Linux 4.14. Setting a\nmask requires at least Linux 4.19.\n\n\nStrongSwan default: ````\"0/0x00000000\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "set_mark_out"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HMAC-SHA-256 is used with 128-bit truncation with IPsec. For\ncompatibility with implementations that incorrectly use 96-bit truncation\nthis option may be enabled to configure the shorter truncation length in\nthe kernel. This is not negotiated, so this only works with peers that\nuse the incorrect truncation length (or have this option enabled).\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "sha256_96"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Action to perform after loading the configuration.\n\n- The default of `none` loads the connection only, which\n  then can be manually initiated or used as a responder configuration.\n- The value `trap` installs a trap policy, which triggers\n  the tunnel as soon as matching traffic has been detected.\n- The value `start` initiates the connection actively.\n- Since version 5.9.6 two modes above can be combined with `trap|start`,\n  to immediately initiate a connection for which trap policies have been installed.\n\nWhen unloading or replacing a CHILD_SA configuration having a\n{option}`start_action` different from `none`,\nthe inverse action is performed. Configurations with\n`start` get closed, while such with\n`trap` get uninstalled.\n\n\nStrongSwan default: ````\"none\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "start_action"], "readOnly": false, "type": "null or one of \"none\", \"trap\", \"start\", \"trap|start\""}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Pads ESP packets with additional data to have a consistent ESP packet\nsize for improved Traffic Flow Confidentiality. The padding defines the\nminimum size of all ESP packets sent.  The default value of\n`0` disables TFC padding, the special value\n`mtu` adds TFC padding to create a packet size equal to\nthe Path Maximum Transfer Unit.\n\n\nStrongSwan default: ````0````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "tfc_padding"], "readOnly": false, "type": "null or signed integer or value \"mtu\" (singular enum)"}, "services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Updown script to invoke on CHILD_SA up and down events.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "children", "<name>", "updown"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interval to check the liveness of a peer actively using IKEv2\nINFORMATIONAL exchanges or IKEv1 R_U_THERE messages. Active DPD checking\nis only enforced if no IKE or ESP/AH packet has been received for the\nconfigured DPD delay.\n\n\nStrongSwan default: ````\"0s\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "dpd_delay"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Charon by default uses the normal retransmission mechanism and timeouts to\ncheck the liveness of a peer, as all messages are used for liveness\nchecking. For compatibility reasons, with IKEv1 a custom interval may be\nspecified; this option has no effect on connections using IKEv2.\n\n\nStrongSwan default: ````\"0s\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "dpd_timeout"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.dscp": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Differentiated Services Field Codepoint to set on outgoing IKE packets for\nthis connection. The value is a six digit binary encoded string specifying\nthe Codepoint to set, as defined in RFC 2474.\n\n\nStrongSwan default: ````\"000000\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "dscp"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.encap": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the\nNAT detection payloads. This makes the peer believe that NAT takes place\non the path, forcing it to encapsulate ESP packets in UDP.\n\nUsually this is not required, but it can help to work around connectivity\nissues with too restrictive intermediary firewalls.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "encap"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.fragmentation": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2\nfragmentation). Acceptable values are `yes` (the default\nsince 5.5.1), `accept` (since versions:5.5.3),\n`force` and `no`.\n\n- If set to `yes`, and the peer\n  supports it, oversized IKE messages will be sent in fragments.\n- If set to\n  `accept`, support for fragmentation is announced to the peer but the daemon\n  does not send its own messages in fragments.\n- If set to `force` (only\n  supported for IKEv1) the initial IKE message will already be fragmented if\n  required.\n- Finally, setting the option to `no` will disable announcing\n  support for this feature.\n\nNote that fragmented IKE messages sent by a peer are always processed\nirrespective of the value of this option (even when set to no).\n\n\nStrongSwan default: ````\"yes\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "fragmentation"], "readOnly": false, "type": "null or one of \"yes\", \"accept\", \"force\", \"no\""}, "services.strongswan-swanctl.swanctl.connections.<name>.if_id_in": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "XFRM interface ID set on inbound policies/SA, can be overridden by child\nconfig, see there for details.\n\nThe special value `%unique` allocates a unique interface ID per IKE_SA,\nwhich is inherited by all its CHILD_SAs (unless overridden there), beyond\nthat the value `%unique-dir` assigns a different unique interface ID for\neach direction (in/out).\n\n\n\nStrongSwan default: ````\"0\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "if_id_in"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.if_id_out": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "XFRM interface ID set on outbound policies/SA, can be overridden by child\nconfig, see there for details.\n\nThe special value `%unique` allocates a unique interface ID per IKE_SA,\nwhich is inherited by all its CHILD_SAs (unless overridden there), beyond\nthat the value `%unique-dir` assigns a different unique interface ID for\neach direction (in/out).\n\n\nStrongSwan default: ````\"0\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "if_id_out"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.keyingtries": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of retransmission sequences to perform during initial\nconnect. Instead of giving up initiation after the first retransmission\nsequence with the default value of `1`, additional\nsequences may be started according to the configured value. A value of\n`0` initiates a new sequence until the connection\nestablishes or fails with a permanent error.\n\n\nStrongSwan default: ````1````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "keyingtries"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.local": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section for a local authentication round. A local authentication round\ndefines the rules how authentication is performed for the local\npeer. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple\nAuthentication or IKEv1 XAuth.\n\nEach round is defined in a section having `local` as\nprefix, and an optional unique suffix. To define a single authentication\nround, the suffix may be omitted.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Server side EAP-Identity to expect in the EAP method. Some EAP methods,\nsuch as EAP-TLS, use an identity for the server to perform mutual\nauthentication. This identity may differ from the IKE identity,\nespecially when EAP authentication is delegated from the IKE responder\nto an AAA backend.\n\nFor EAP-(T)TLS, this defines the identity for which the server must\nprovide a certificate in the TLS exchange.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "aaa_id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication to perform locally.\n\n- The default `pubkey` uses public key authentication\n  using a private key associated to a usable certificate.\n- `psk` uses pre-shared key authentication.\n- The IKEv1 specific `xauth` is used for XAuth or Hybrid\n  authentication,\n- while the IKEv2 specific `eap` keyword defines EAP\n  authentication.\n- For `xauth`, a specific backend name may be appended,\n  separated by a dash. The appropriate `xauth` backend is\n  selected to perform the XAuth exchange. For traditional XAuth, the\n  `xauth` method is usually defined in the second\n  authentication round following an initial `pubkey` (or\n  `psk`) round. Using `xauth` in the\n  first round performs Hybrid Mode client authentication.\n- For `eap`, a specific EAP method name may be appended, separated by a\n  dash. An EAP module implementing the appropriate method is selected to\n  perform the EAP conversation.\n- Since 5.4.0, if both peers support RFC 7427 (\"Signature Authentication\n  in IKEv2\") specific hash algorithms to be used during IKEv2\n  authentication may be configured. To do so use `ike:`\n  followed by a trust chain signature scheme constraint (see description\n  of the {option}`remote` section's {option}`auth`\n  keyword). For example, with `ike:pubkey-sha384-sha256`\n  a public key signature scheme with either SHA-384 or SHA-256 would get\n  used for authentication, in that order and depending on the hash\n  algorithms supported by the peer. If no specific hash algorithms are\n  configured, the default is to prefer an algorithm that matches or\n  exceeds the strength of the signature key. If no constraints with\n  `ike:` prefix are configured any signature scheme\n  constraint (without `ike:` prefix) will also apply to\n  IKEv2 authentication, unless this is disabled in\n  {file}`strongswan.conf`. To use RSASSA-PSS signatures use\n  `rsa/pss` instead of `pubkey` or\n  `rsa` as in e.g.\n  `ike:rsa/pss-sha256`. If `pubkey` or\n  `rsa` constraints are configured RSASSA-PSS signatures\n  will only be used if enabled in `strongswan.conf`(5).\n\n\nStrongSwan default: ````\"pubkey\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "auth"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section for a certificate candidate to use for\nauthentication. Certificates in certs are transmitted as binary blobs,\nthese sections offer more flexibility.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "cert"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to the certificate to load. Passed as-is to the daemon, so\nit must be readable by it.\n\nConfigure either this or {option}`handle`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "cert", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hex-encoded CKA_ID or handle of the certificate on a token or TPM,\nrespectively.\n\nConfigure either this or {option}`file`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "cert", "<name>", "handle"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional PKCS#11 module name.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "cert", "<name>", "module"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional slot number of the token that stores the certificate.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "cert", "<name>", "slot"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of certificate candidates to use for\nauthentication. The certificates may use a relative path from the\nswanctl `x509` directory or an absolute path.\n\nThe certificate used for authentication is selected based on the\nreceived certificate request payloads. If no appropriate CA can be\nlocated, the first certificate is used.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "certs"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Client EAP-Identity to use in EAP-Identity exchange and the EAP method.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "eap_id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IKE identity to use for authentication round. When using certificate\nauthentication, the IKE identity must be contained in the certificate,\neither as subject or as subjectAltName.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of raw public key candidates to use for\nauthentication. The public keys may use a relative path from the swanctl\n`pubkey` directory or an absolute path.\n\nEven though multiple local public keys could be defined in principle,\nonly the first public key in the list is used for authentication.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "pubkeys"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional numeric identifier by which authentication rounds are\nsorted. If not specified rounds are ordered by their position in the\nconfig file/vici message.\n\n\nStrongSwan default: ````0````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "round"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Client XAuth username used in the XAuth exchange.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local", "<name>", "xauth_id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.local_addrs": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Local address(es) to use for IKE communication. Takes\nsingle IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.\n\nAs initiator, the first non-range/non-subnet is used to initiate the\nconnection from. As responder, the local destination address must match at\nleast to one of the specified addresses, subnets or ranges.\n\nIf FQDNs are assigned they are resolved every time a configuration lookup\nis done. If DNS resolution times out, the lookup is delayed for that time.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local_addrs"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.local_port": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Local UDP port for IKE communication. By default the port of the socket\nbackend is used, which is usually `500`. If port\n`500` is used, automatic IKE port floating to port\n`4500` is used to work around NAT issues.\n\nUsing a non-default local IKE port requires support from the socket\nbackend in use (socket-dynamic).\n\n\nStrongSwan default: ````500````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "local_port"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.mediated_by": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the connection to mediate this connection through. If given,\nthe connection will be mediated through the named mediation\nconnection. The mediation connection must have mediation enabled.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "mediated_by"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.mediation": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether this connection is a mediation connection, that is, whether this\nconnection is used to mediate other connections using the IKEv2 Mediation\nExtension. Mediation connections create no CHILD_SA.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "mediation"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Identity under which the peer is registered at the mediation server, that\nis, the IKE identity the other end of this connection uses as its local\nidentity on its connection to the mediation server. This is the identity\nwe request the mediation server to mediate us with. Only relevant on\nconnections that set mediated_by. If it is not given, the remote IKE\nidentity of the first authentication round of this connection will be\nused.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "mediation_peer"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.mobike": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2\nconnections, and allows mobility of clients and multi-homing on servers by\nmigrating active IPsec tunnels.\n\nUsually keeping MOBIKE enabled is unproblematic, as it is not used if the\npeer does not indicate support for it. However, due to the design of\nMOBIKE, IKEv2 always floats to port 4500 starting from the second\nexchange. Some implementations don't like this behavior, hence it can be\ndisabled.\n\n\nStrongSwan default: ````true````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "mobike"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.over_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid\nhaving an IKE/ISAKMP kept alive if IKE reauthentication or rekeying fails\nperpetually, a maximum hard lifetime may be specified. If the IKE_SA fails\nto rekey or reauthenticate within the specified time, the IKE_SA gets\nclosed.\n\nIn contrast to CHILD_SA rekeying, over_time is relative in time to the\nrekey_time and reauth_time values, as it applies to both.\n\nThe default is 10% of the longer of {option}`rekey_time` and\n{option}`reauth_time`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "over_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.pools": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of named IP pools to allocate virtual IP addresses\nand other configuration attributes from. Each name references a pool by\nname from either the pools section or an external pool.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "pools"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.ppk_id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "String identifying the Postquantum Preshared Key (PPK) to be used.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "ppk_id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.ppk_required": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether a Postquantum Preshared Key (PPK) is required for this connection.\n\n\nStrongSwan default: ````false````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "ppk_required"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.proposals": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A proposal is a set of algorithms. For non-AEAD IKE proposals, this includes\nan encryption algorithm, an integrity algorithm, a pseudo-random function\nand a key exchange method. For AEAD proposals, instead of encryption and\nintegrity algorithms, a combined mode algorithm is used.\n\nWith peers that support multiple IKEv2 key exchanges (RFC 9370), up to seven\nadditional key exchanges may be negotiated. They can be configured by\nprefixing the algorithm keyword with **keX_** (where X is a number between\n1 and 7).\n\nFor IKEv2, multiple algorithms of the same kind can be specified in a single\nproposal, from which one gets selected. For IKEv1, only one algorithm per\nkind is allowed per proposal, more algorithms get implicitly stripped. Use\nmultiple proposals to offer different algorithm combinations with IKEv1.\n\nAlgorithm keywords get separated using dashes. The special value _default_\nforms a default proposal of supported algorithms considered safe, and is\nusually a good choice for interoperability.\n\n\nStrongSwan default: ````[\"default\"]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "proposals"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.pull": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If the default of yes is used, Mode Config works in pull mode, where the\ninitiator actively requests a virtual IP. With no, push mode is used,\nwhere the responder pushes down a virtual IP to the initiating peer.\n\nPush mode is currently supported for IKEv1, but not in IKEv2. It is used\nby a few implementations only, pull mode is recommended.\n\n\nStrongSwan default: ````true````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "pull"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.rand_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Time range from which to choose a random value to subtract from\nrekey/reauth times. To avoid having both peers initiating the rekey/reauth\nprocedure simultaneously, a random time gets subtracted from the\nrekey/reauth times.\n\nThe default is equal to the configured {option}`over_time`.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "rand_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.reauth_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Time to schedule IKE reauthentication. IKE reauthentication recreates the\nIKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric\nconfigurations (with EAP or configuration payloads) it might not be\npossible to actively reauthenticate as responder. The IKEv2\nreauthentication lifetime negotiation can instruct the client to perform\nreauthentication.\n\nReauthentication is disabled by default. Enabling it can usually result in\nshort connection interruptions, even when using make-before-break\nreauthentication, which is now the default. However, they are significantly\nshorter than when using the legacy break-before-make approach.\n\n\nStrongSwan default: ````\"0s\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "reauth_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.rekey_time": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IKE rekeying refreshes key material using a Diffie-Hellman exchange, but\ndoes not re-check associated credentials. It is supported in IKEv2 only,\nIKEv1 performs a reauthentication procedure instead.\n\nWith the default value IKE rekeying is scheduled every 4 hours, minus the\nconfigured rand_time. If a reauth_time is configured, rekey_time defaults\nto zero, disabling rekeying; explicitly set both to enforce rekeying and\nreauthentication.\n\n\nStrongSwan default: ````\"4h\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "rekey_time"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section for a remote authentication round. A remote authentication round\ndefines the constraints how the peers must authenticate to use this\nconnection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple\nAuthentication or IKEv1 XAuth.\n\nEach round is defined in a section having `remote` as\nprefix, and an optional unique suffix. To define a single authentication\nround, the suffix may be omitted.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authentication to expect from remote. See the {option}`local`\nsection's {option}`auth` keyword description about the details of\nsupported mechanisms.\n\nSince 5.4.0, to require a trustchain public key strength for the remote\nside, specify the key type followed by the minimum strength in bits (for\nexample `ecdsa-384` or\n`rsa-2048-ecdsa-256`). To limit the acceptable set of\nhashing algorithms for trustchain validation, append hash algorithms to\npubkey or a key strength definition (for example\n`pubkey-sha256-sha512`,\n`rsa-2048-sha256-sha384-sha512` or\n`rsa-2048-sha256-ecdsa-256-sha256-sha384`).\nUnless disabled in {file}`strongswan.conf`, or explicit IKEv2\nsignature constraints are configured (refer to the description of the\n{option}`local` section's {option}`auth` keyword for\ndetails), such key types and hash algorithms are also applied as\nconstraints against IKEv2 signature authentication schemes used by the\nremote side. To require RSASSA-PSS signatures use\n`rsa/pss` instead of `pubkey` or\n`rsa` as in e.g. `rsa/pss-sha256`. If\n`pubkey` or `rsa` constraints are\nconfigured RSASSA-PSS signatures will only be accepted if enabled in\n`strongswan.conf`(5).\n\nTo specify trust chain constraints for EAP-(T)TLS, append a colon to the\nEAP method, followed by the key type/size and hash algorithm as\ndiscussed above (e.g. `eap-tls:ecdsa-384-sha384`).\n\n\nStrongSwan default: ````\"pubkey\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "auth"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Identity in CA certificate to accept for authentication. The specified\nidentity must be contained in one (intermediate) CA of the remote peer\ntrustchain, either as subject or as subjectAltName. This has the same\neffect as specifying `cacerts` to force clients under\na CA to specific connections; it does not require the CA certificate\nto be available locally, and can be received from the peer during the\nIKE exchange.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "ca_id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section for a CA certificate to accept for authentication. Certificates\nin cacerts are transmitted as binary blobs, these sections offer more\nflexibility.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cacert"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to the certificate to load. Passed as-is to the daemon, so\nit must be readable by it.\n\nConfigure either this or {option}`handle`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cacert", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hex-encoded CKA_ID or handle of the certificate on a token or TPM,\nrespectively.\n\nConfigure either this or {option}`file`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cacert", "<name>", "handle"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional PKCS#11 module name.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cacert", "<name>", "module"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional slot number of the token that stores the certificate.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cacert", "<name>", "slot"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of CA certificates to accept for\nauthentication. The certificates may use a relative path from the\nswanctl `x509ca` directory or an absolute path.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cacerts"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section for a certificate candidate to use for\nauthentication. Certificates in certs are transmitted as binary blobs,\nthese sections offer more flexibility.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cert"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Absolute path to the certificate to load. Passed as-is to the daemon, so\nit must be readable by it.\n\nConfigure either this or {option}`handle`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cert", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hex-encoded CKA_ID or handle of the certificate on a token or TPM,\nrespectively.\n\nConfigure either this or {option}`file`, but not both, in one section.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cert", "<name>", "handle"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional PKCS#11 module name.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cert", "<name>", "module"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional slot number of the token that stores the certificate.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cert", "<name>", "slot"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of certificate policy OIDs the peer's certificate\nmust have. OIDs are specified using the numerical dotted representation.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "cert_policy"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of certificates to accept for authentication. The certificates may\nuse a relative path from the swanctl `x509` directory\nor an absolute path.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "certs"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Identity to use as peer identity during EAP authentication. If set to\n`%any` the EAP-Identity method will be used to ask the\nclient for an EAP identity.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "eap_id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Authorization group memberships to require. The peer\nmust prove membership to at least one of the specified groups. Group\nmembership can be certified by different means, for example by\nappropriate Attribute Certificates or by an AAA backend involved in the\nauthentication.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "groups"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IKE identity to expect for authentication round. When using certificate\nauthentication, the IKE identity must be contained in the certificate,\neither as subject or as subjectAltName.\n\n\nStrongSwan default: ````\"%any\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "id"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of raw public keys to accept for\nauthentication. The public keys may use a relative path from the swanctl\n`pubkey` directory or an absolute path.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "pubkeys"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Certificate revocation policy for CRL or OCSP revocation.\n\n- A `strict` revocation policy fails if no revocation information is\n  available, i.e. the certificate is not known to be unrevoked.\n- `ifuri` fails only if a CRL/OCSP URI is available, but certificate\n  revocation checking fails, i.e. there should be revocation information\n  available, but it could not be obtained.\n- The default revocation policy `relaxed` fails only if a certificate is\n  revoked, i.e. it is explicitly known that it is bad.\n\n\nStrongSwan default: ````\"relaxed\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "revocation"], "readOnly": false, "type": "null or one of \"strict\", \"ifuri\", \"relaxed\""}, "services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional numeric identifier by which authentication rounds are\nsorted. If not specified rounds are ordered by their position in the\nconfig file/vici message.\n\n\nStrongSwan default: ````0````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote", "<name>", "round"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Remote address(es) to use for IKE communication. Takes\nsingle IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.\n\nAs initiator, the first non-range/non-subnet is used to initiate the\nconnection to. As responder, the initiator source address must match at\nleast to one of the specified addresses, subnets or ranges.\n\nIf FQDNs are assigned they are resolved every time a configuration lookup\nis done. If DNS resolution times out, the lookup is delayed for that time.\nTo initiate a connection, at least one specific address or DNS name must\nbe specified.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote_addrs"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.connections.<name>.remote_port": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Remote UDP port for IKE communication. If the default of port\n`500` is used, automatic IKE port floating to port\n`4500` is used to work around NAT issues.\n\n\nStrongSwan default: ````500````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "remote_port"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.send_cert": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Send certificate payloads when using certificate authentication.\n\n- With the default of `ifasked` the daemon sends\n  certificate payloads only if certificate requests have been received.\n- `never` disables sending of certificate payloads\n  altogether,\n- `always` causes certificate payloads to be sent\n  unconditionally whenever certificate authentication is used.\n\n\nStrongSwan default: ````\"ifasked\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "send_cert"], "readOnly": false, "type": "null or one of \"always\", \"never\", \"ifasked\""}, "services.strongswan-swanctl.swanctl.connections.<name>.send_certreq": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Send certificate request payloads to offer trusted root CA certificates to\nthe peer. Certificate requests help the peer to choose an appropriate\ncertificate/private key for authentication and are enabled by default.\nDisabling certificate requests can be useful if too many trusted root CA\ncertificates are installed, as each certificate request increases the size\nof the initial IKE packets.\n\n\nStrongSwan default: ````true````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "send_certreq"], "readOnly": false, "type": "null or boolean"}, "services.strongswan-swanctl.swanctl.connections.<name>.unique": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Connection uniqueness policy to enforce. To avoid multiple connections\nfrom the same user, a uniqueness policy can be enforced.\n\n- The value `never` does never enforce such a policy, even\n  if a peer included INITIAL_CONTACT notification messages,\n- whereas `no` replaces existing connections for the same\n  identity if a new one has the INITIAL_CONTACT notify.\n- `keep` rejects new connection attempts if the same user\n  already has an active connection,\n- `replace` deletes any existing connection if a new one\n  for the same user gets established.\n\nTo compare connections for uniqueness, the remote IKE identity is used. If\nEAP or XAuth authentication is involved, the EAP-Identity or XAuth\nusername is used to enforce the uniqueness policy instead.\n\nOn initiators this setting specifies whether an INITIAL_CONTACT notify is\nsent during IKE_AUTH if no existing connection is found with the remote\npeer (determined by the identities of the first authentication\nround). Unless set to `never` the client will send a notify.\n\n\nStrongSwan default: ````\"no\"````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "unique"], "readOnly": false, "type": "null or one of \"no\", \"never\", \"keep\", \"replace\""}, "services.strongswan-swanctl.swanctl.connections.<name>.version": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IKE major version to use for connection.\n\n- 1 uses IKEv1 aka ISAKMP,\n- 2 uses IKEv2.\n- A connection using the default of 0 accepts both IKEv1 and IKEv2 as\n  responder, and initiates the connection actively with IKEv2.\n\n\nStrongSwan default: ````0````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "version"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.connections.<name>.vips": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of virtual IPs to request in IKEv2 configuration payloads or IKEv1\nMode Config. The wildcard addresses `0.0.0.0` and\n`::` request an arbitrary address, specific addresses may\nbe defined. The responder may return a different address, though, or none\nat all.\n\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "connections", "<name>", "vips"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Section defining named pools. Named pools may be referenced by connections\nwith the pools option to assign virtual IPs and other configuration\nattributes. Each pool must have a unique name (denoted \\<name\\> below).\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.pools.<name>.addrs": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Addresses allocated in pool.\n\nSubnet or range defining addresses allocated in pool. Accepts a single CIDR\nsubnet defining the pool to allocate addresses from or an address range\n(<from>-<to>). If the address in CIDR notation is not the network ID of the\nsubnet (e.g. 10.1.0.5/24 instead of 10.1.0.0/24), addresses below it won't\nbe allocated to clients (they could e.g. be assigned manually to internal\nhosts like the VPN server itself). Pools must be unique and non-overlapping\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "addrs"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.pools.<name>.dhcp": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "dhcp"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.dns": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "dns"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.nbns": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "nbns"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.netmask": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "netmask"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.p_cscf": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "p_cscf"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.server": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "server"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.split_exclude": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "split_exclude"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.split_include": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "split_include"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.pools.<name>.subnet": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address or CIDR subnets\n\nStrongSwan default: ````[]````\n", "loc": ["services", "strongswan-swanctl", "swanctl", "pools", "<name>", "subnet"], "readOnly": false, "type": "null or (list of string)"}, "services.strongswan-swanctl.swanctl.secrets.eap": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "EAP secret section for a specific secret. Each EAP secret is defined in a\nunique section having the `eap` prefix. EAP secrets are\nused for XAuth authentication as well.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "eap"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.eap.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Identity the EAP/XAuth secret belongs to. Multiple unique identities may\nbe specified, each having an `id` prefix, if a secret\nis shared between multiple users.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "eap", "<name>", "id"], "readOnly": false, "type": "attribute set of (null or string)"}, "services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of the EAP/XAuth secret. It may either be an ASCII string, a hex\nencoded string if it has a 0x prefix or a Base64 encoded string if it\nhas a 0s prefix in its value.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "eap", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.ecdsa": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Private key decryption passphrase for a key in the\n`ecdsa` folder.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ecdsa"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File name in the `ecdsa` folder for which this\npassphrase should be used.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ecdsa", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of decryption passphrase for ECDSA key.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ecdsa", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.ike": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "IKE preshared secret section for a specific secret. Each IKE PSK is\ndefined in a unique section having the `ike` prefix.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ike"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.ike.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "IKE identity the IKE preshared secret belongs to. Multiple unique\nidentities may be specified, each having an `id`\nprefix, if a secret is shared between multiple peers.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ike", "<name>", "id"], "readOnly": false, "type": "attribute set of (null or string)"}, "services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of the IKE preshared secret. It may either be an ASCII string, a\nhex encoded string if it has a 0x prefix or a Base64 encoded string if\nit has a 0s prefix in its value.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ike", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.ntlm": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "NTLM secret section for a specific secret. Each NTLM secret is defined in\na unique section having the `ntlm` prefix. NTLM secrets\nmay only be used for EAP-MSCHAPv2 authentication.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ntlm"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Identity the NTLM secret belongs to. Multiple unique identities may be\nspecified, each having an id prefix, if a secret is shared between\nmultiple users.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ntlm", "<name>", "id"], "readOnly": false, "type": "attribute set of (null or string)"}, "services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of the NTLM secret, which is the NT Hash of the actual secret,\nthat is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either\nbe given as a hex encoded string with a 0x prefix or as a Base64 encoded\nstring with a 0s prefix.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ntlm", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.pkcs12": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PKCS#12 decryption passphrase for a container in the\n`pkcs12` folder.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "pkcs12"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File name in the `pkcs12` folder for which this\npassphrase should be used.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "pkcs12", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of decryption passphrase for PKCS#12 container.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "pkcs12", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.pkcs8": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Private key decryption passphrase for a key in the\n`pkcs8` folder.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "pkcs8"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File name in the `pkcs8` folder for which this\npassphrase should be used.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "pkcs8", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of decryption passphrase for PKCS#8 key.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "pkcs8", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.ppk": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is\ndefined in a unique section having the `ppk` prefix.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ppk"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PPK identity the PPK belongs to. Multiple unique identities may be\nspecified, each having an `id` prefix, if a secret is\nshared between multiple peers.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ppk", "<name>", "id"], "readOnly": false, "type": "attribute set of (null or string)"}, "services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of the PPK. It may either be an ASCII string, a hex encoded string\nif it has a `0x` prefix or a Base64 encoded string if\nit has a `0s` prefix in its value. Should have at least\n256 bits of entropy for 128-bit security.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "ppk", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.private": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Private key decryption passphrase for a key in the\n`private` folder.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "private"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.private.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File name in the private folder for which this passphrase should be used.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "private", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.private.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of decryption passphrase for private key.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "private", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.rsa": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Private key decryption passphrase for a key in the `rsa`\nfolder.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "rsa"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File name in the `rsa` folder for which this passphrase\nshould be used.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "rsa", "<name>", "file"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of decryption passphrase for RSA key.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "rsa", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.token": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition for a private key that's stored on a token/smartcard/TPM.", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "token"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.token.<name>.handle": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hex-encoded CKA_ID or handle of the private key on the token or TPM,\nrespectively.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "token", "<name>", "handle"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.token.<name>.module": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional PKCS#11 module name to access the token.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "token", "<name>", "module"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.token.<name>.pin": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional PIN required to access the key on the token. If none is\nprovided the user is prompted during an interactive\n`--load-creds` call.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "token", "<name>", "pin"], "readOnly": false, "type": "null or string"}, "services.strongswan-swanctl.swanctl.secrets.token.<name>.slot": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional slot number to access the token.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "token", "<name>", "slot"], "readOnly": false, "type": "null or signed integer"}, "services.strongswan-swanctl.swanctl.secrets.xauth": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "EAP secret section for a specific secret. Each EAP secret is defined in a\nunique section having the `eap` prefix. EAP secrets are\nused for XAuth authentication as well.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "xauth"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Identity the EAP/XAuth secret belongs to. Multiple unique identities may\nbe specified, each having an `id` prefix, if a secret\nis shared between multiple users.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "xauth", "<name>", "id"], "readOnly": false, "type": "attribute set of (null or string)"}, "services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret": {"declarations": ["nixos/modules/services/networking/strongswan-swanctl/module.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Value of the EAP/XAuth secret. It may either be an ASCII string, a hex\nencoded string if it has a 0x prefix or a Base64 encoded string if it\nhas a 0s prefix in its value.\n", "loc": ["services", "strongswan-swanctl", "swanctl", "secrets", "xauth", "<name>", "secret"], "readOnly": false, "type": "null or string"}, "services.strongswan.ca": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of CAs (certification authorities) and their options for\nthe \u2018ca xxx\u2019 sections of the {file}`ipsec.conf`\nfile.\n", "example": {"_type": "literalExpression", "text": "{\n  strongswan = {\n    auto = \"add\";\n    cacert = \"/run/keys/strongswanCert.pem\";\n    crluri = \"http://crl2.strongswan.org/strongswan.crl\";\n  };\n}"}, "loc": ["services", "strongswan", "ca"], "readOnly": false, "type": "attribute set of attribute set of string"}, "services.strongswan.connections": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of connections and their options for the \u2018conn xxx\u2019\nsections of the {file}`ipsec.conf` file.\n", "example": {"_type": "literalExpression", "text": "{\n  \"%default\" = {\n    keyexchange = \"ikev2\";\n    keyingtries = \"1\";\n  };\n  roadwarrior = {\n    auto       = \"add\";\n    leftcert   = \"/run/keys/moonCert.pem\";\n    leftid     = \"@moon.strongswan.org\";\n    leftsubnet = \"10.1.0.0/16\";\n    right      = \"%any\";\n  };\n}\n"}, "loc": ["services", "strongswan", "connections"], "readOnly": false, "type": "attribute set of attribute set of string"}, "services.strongswan.enable": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable strongSwan.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "strongswan", "enable"], "readOnly": false, "type": "boolean"}, "services.strongswan.enabledPlugins": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of additional plugins to enable if\n{option}`managePlugins` is true.\n", "loc": ["services", "strongswan", "enabledPlugins"], "readOnly": false, "type": "list of string"}, "services.strongswan.managePlugins": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to true, this option will disable automatic plugin loading and\nthen tell strongSwan to enable the plugins specified in the\n{option}`enabledPlugins` option.\n", "loc": ["services", "strongswan", "managePlugins"], "readOnly": false, "type": "boolean"}, "services.strongswan.secrets": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths to IPSec secret files. These\nfiles will be included into the main ipsec.secrets file with\nthe `include` directive. It is safer if these\npaths are absolute.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/keys/ipsec-foo.secret\"\n]"}, "loc": ["services", "strongswan", "secrets"], "readOnly": false, "type": "list of string"}, "services.strongswan.setup": {"declarations": ["nixos/modules/services/networking/strongswan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of options for the \u2018config setup\u2019 section of the\n{file}`ipsec.conf` file. Defines general\nconfiguration parameters.\n", "example": {"_type": "literalExpression", "text": "{\n  cachecrls = \"yes\";\n  strictcrlpolicy = \"yes\";\n}"}, "loc": ["services", "strongswan", "setup"], "readOnly": false, "type": "attribute set of string"}, "services.stubby.enable": {"declarations": ["nixos/modules/services/networking/stubby.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Stubby DNS resolver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stubby", "enable"], "readOnly": false, "type": "boolean"}, "services.stubby.logLevel": {"declarations": ["nixos/modules/services/networking/stubby.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log verbosity (syslog keyword or level).", "loc": ["services", "stubby", "logLevel"], "readOnly": false, "type": "null or one of \"alert\", \"crit\", \"debug\", \"emerg\", \"error\", \"info\", \"notice\", \"warning\", 1, 2, 7, 0, 3, 6, 5, 4"}, "services.stubby.settings": {"declarations": ["nixos/modules/services/networking/stubby.nix"], "description": "Content of the Stubby configuration file. All Stubby settings may be set or queried\nhere. The default settings are available at\n`pkgs.stubby.passthru.settingsExample`. See\n<https://dnsprivacy.org/wiki/display/DP/Configuring+Stubby>.\nA list of the public recursive servers can be found here:\n<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers>.\n", "example": {"_type": "literalExpression", "text": "pkgs.stubby.passthru.settingsExample // {\n  upstream_recursive_servers = [{\n    address_data = \"158.64.1.29\";\n    tls_auth_name = \"kaitain.restena.lu\";\n    tls_pubkey_pinset = [{\n      digest = \"sha256\";\n      value = \"7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4=\";\n    }];\n  }];\n};\n"}, "loc": ["services", "stubby", "settings"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.stunnel.clients": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Define the client configurations.\n\nBy default, verifyChain and OCSPaia are enabled and CAFile is set to `security.pki.caBundle`.\n\nSee \"SERVICE-LEVEL OPTIONS\" in {manpage}`stunnel(8)`.\n", "example": {"_type": "literalExpression", "text": "{\n  foobar = {\n    accept = \"0.0.0.0:8080\";\n    connect = \"nixos.org:443\";\n    verifyChain = false;\n  };\n}"}, "loc": ["services", "stunnel", "clients"], "readOnly": false, "type": "attribute set of attribute set of (null or boolean or signed integer or string)"}, "services.stunnel.enable": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the stunnel TLS tunneling service.", "loc": ["services", "stunnel", "enable"], "readOnly": false, "type": "boolean"}, "services.stunnel.enableInsecureSSLv3": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable support for the insecure SSLv3 protocol.", "loc": ["services", "stunnel", "enableInsecureSSLv3"], "readOnly": false, "type": "boolean"}, "services.stunnel.fipsMode": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable FIPS 140-2 mode required for compliance.", "loc": ["services", "stunnel", "fipsMode"], "readOnly": false, "type": "boolean"}, "services.stunnel.group": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "\"nogroup\""}, "description": "The group under which stunnel runs.", "loc": ["services", "stunnel", "group"], "readOnly": false, "type": "null or string"}, "services.stunnel.logLevel": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Verbosity of stunnel output.", "loc": ["services", "stunnel", "logLevel"], "readOnly": false, "type": "one of \"emerg\", \"alert\", \"crit\", \"err\", \"warning\", \"notice\", \"info\", \"debug\""}, "services.stunnel.servers": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Define the server configurations.\n\nSee \"SERVICE-LEVEL OPTIONS\" in {manpage}`stunnel(8)`.\n", "example": {"_type": "literalExpression", "text": "{\n  fancyWebserver = {\n    accept = 443;\n    cert = \"/path/to/pem/file\";\n    connect = 8080;\n  };\n}"}, "loc": ["services", "stunnel", "servers"], "readOnly": false, "type": "attribute set of attribute set of (null or boolean or signed integer or string)"}, "services.stunnel.user": {"declarations": ["nixos/modules/services/networking/stunnel.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "The user under which stunnel runs.", "loc": ["services", "stunnel", "user"], "readOnly": false, "type": "null or string"}, "services.subsonic.contextPath": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "The context path, i.e., the last part of the Subsonic\nURL. Typically '/' or '/subsonic'. Default '/'\n", "loc": ["services", "subsonic", "contextPath"], "readOnly": false, "type": "absolute path"}, "services.subsonic.defaultMusicFolder": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/var/music\""}, "description": "Configure Subsonic to use this folder for music.  This option\nonly has effect the first time Subsonic is started.\n", "loc": ["services", "subsonic", "defaultMusicFolder"], "readOnly": false, "type": "absolute path"}, "services.subsonic.defaultPlaylistFolder": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/var/playlists\""}, "description": "Configure Subsonic to use this folder for playlists.  This option\nonly has effect the first time Subsonic is started.\n", "loc": ["services", "subsonic", "defaultPlaylistFolder"], "readOnly": false, "type": "absolute path"}, "services.subsonic.defaultPodcastFolder": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/var/music/Podcast\""}, "description": "Configure Subsonic to use this folder for Podcasts.  This option\nonly has effect the first time Subsonic is started.\n", "loc": ["services", "subsonic", "defaultPodcastFolder"], "readOnly": false, "type": "absolute path"}, "services.subsonic.enable": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Subsonic daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "subsonic", "enable"], "readOnly": false, "type": "boolean"}, "services.subsonic.home": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/subsonic\""}, "description": "The directory where Subsonic will create files.\nMake sure it is writable.\n", "loc": ["services", "subsonic", "home"], "readOnly": false, "type": "absolute path"}, "services.subsonic.httpsPort": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The port on which Subsonic will listen for\nincoming HTTPS traffic. Set to 0 to disable.\n", "loc": ["services", "subsonic", "httpsPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.subsonic.listenAddress": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The host name or IP address on which to bind Subsonic.\nOnly relevant if you have multiple network interfaces and want\nto make Subsonic available on only one of them. The default value\nwill bind Subsonic to all available network interfaces.\n", "loc": ["services", "subsonic", "listenAddress"], "readOnly": false, "type": "string"}, "services.subsonic.maxMemory": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "The memory limit (max Java heap size) in megabytes.\nDefault: 100\n", "loc": ["services", "subsonic", "maxMemory"], "readOnly": false, "type": "signed integer"}, "services.subsonic.port": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "4040"}, "description": "The port on which Subsonic will listen for\nincoming HTTP traffic. Set to 0 to disable.\n", "loc": ["services", "subsonic", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.subsonic.transcoders": {"declarations": ["nixos/modules/services/misc/subsonic.nix"], "default": {"_type": "literalExpression", "text": "[ \"${pkgs.ffmpeg.bin}/bin/ffmpeg\" ]"}, "description": "List of paths to transcoder executables that should be accessible\nfrom Subsonic. Symlinks will be created to each executable inside\n${config.services.subsonic.home}/transcoders.\n", "loc": ["services", "subsonic", "transcoders"], "readOnly": false, "type": "list of absolute path"}, "services.sundtek.enable": {"declarations": ["nixos/modules/services/misc/sundtek.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sundtek driver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sundtek", "enable"], "readOnly": false, "type": "boolean"}, "services.sunshine.applications": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for applications to be exposed to Moonlight. If this is set, no configuration is possible from the web UI, and must be by the `settings` option.\n", "example": {"_type": "literalExpression", "text": "{\n  env = {\n    PATH = \"$(PATH):$(HOME)/.local/bin\";\n  };\n  apps = [\n    {\n      name = \"1440p Desktop\";\n      prep-cmd = [\n        {\n          do = \"${pkgs.kdePackages.libkscreen}/bin/kscreen-doctor output.DP-4.mode.2560x1440@144\";\n          undo = \"${pkgs.kdePackages.libkscreen}/bin/kscreen-doctor output.DP-4.mode.3440x1440@144\";\n        }\n      ];\n      exclude-global-prep-cmd = \"false\";\n      auto-detach = \"true\";\n    }\n  ];\n}\n"}, "loc": ["services", "sunshine", "applications"], "readOnly": false, "type": "submodule"}, "services.sunshine.applications.apps": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Applications to be exposed to Moonlight.\n", "loc": ["services", "sunshine", "applications", "apps"], "readOnly": false, "type": "list of (attribute set)"}, "services.sunshine.applications.env": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to be set for the applications.\n", "loc": ["services", "sunshine", "applications", "env"], "readOnly": false, "type": "attribute set of string"}, "services.sunshine.autoStart": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether sunshine should be started automatically.\n", "loc": ["services", "sunshine", "autoStart"], "readOnly": false, "type": "boolean"}, "services.sunshine.capSysAdmin": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to give the Sunshine binary CAP_SYS_ADMIN, required for DRM/KMS screen capture.\n", "loc": ["services", "sunshine", "capSysAdmin"], "readOnly": false, "type": "boolean"}, "services.sunshine.enable": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sunshine, a self-hosted game stream host for Moonlight.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sunshine", "enable"], "readOnly": false, "type": "boolean"}, "services.sunshine.openFirewall": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open ports in the firewall.\n", "loc": ["services", "sunshine", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.sunshine.package": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sunshine"}, "description": "The sunshine package to use.", "loc": ["services", "sunshine", "package"], "readOnly": false, "type": "package"}, "services.sunshine.settings": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to be rendered into the configuration file. If this is set, no configuration is possible from the web UI.\n\nSee <https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#configuration for syntax>.\n", "example": {"_type": "literalExpression", "text": "{\n  sunshine_name = \"nixos\";\n}\n"}, "loc": ["services", "sunshine", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string))"}, "services.sunshine.settings.port": {"declarations": ["nixos/modules/services/networking/sunshine.nix"], "default": {"_type": "literalExpression", "text": "47989"}, "description": "Base port -- others used are offset from this one, see <https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#port> for details.\n", "loc": ["services", "sunshine", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.supergfxd.enable": {"declarations": ["nixos/modules/services/hardware/supergfxd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the supergfxd service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "supergfxd", "enable"], "readOnly": false, "type": "boolean"}, "services.supergfxd.settings": {"declarations": ["nixos/modules/services/hardware/supergfxd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The content of /etc/supergfxd.conf.\nSee <https://gitlab.com/asus-linux/supergfxctl/#config-options-etcsupergfxdconf>.\n", "loc": ["services", "supergfxd", "settings"], "readOnly": false, "type": "null or JSON value"}, "services.supybot.configFile": {"declarations": ["nixos/modules/services/networking/supybot.nix"], "description": "Path to initial supybot config file. This can be generated by\nrunning supybot-wizard.\n\nNote: all paths should include the full path to the stateDir\ndirectory (backup conf data logs logs/plugins plugins tmp web).\n", "loc": ["services", "supybot", "configFile"], "readOnly": false, "type": "absolute path"}, "services.supybot.enable": {"declarations": ["nixos/modules/services/networking/supybot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Supybot, an IRC bot (also known as Limnoria).", "loc": ["services", "supybot", "enable"], "readOnly": false, "type": "boolean"}, "services.supybot.extraPackages": {"declarations": ["nixos/modules/services/networking/supybot.nix"], "default": {"_type": "literalExpression", "text": "p: []"}, "description": "Extra Python packages available to supybot plugins. The\nvalue must be a function which receives the attrset defined\nin {var}`python3Packages` as the sole argument.\n", "example": {"_type": "literalExpression", "text": "p: [ p.lxml p.requests ]"}, "loc": ["services", "supybot", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.supybot.plugins": {"declarations": ["nixos/modules/services/networking/supybot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of additional plugins that will be symlinked to the\n{file}`plugin` subdirectory.\n\nPlease note that you still need to add the plugins to the config\nfile (or with `!load`) using their attribute name.\n", "example": {"_type": "literalExpression", "text": "let\n  plugins = pkgs.fetchzip {\n    url = \"https://github.com/ProgVal/Supybot-plugins/archive/57c2450c.zip\";\n    sha256 = \"077snf84ibnva3sbpzdfpfma6hcdw7dflwnhg6pw7mgnf0nd84qd\";\n  };\nin\n{\n  Wikipedia = \"${plugins}/Wikipedia\";\n  Decide = ./supy-decide;\n}\n"}, "loc": ["services", "supybot", "plugins"], "readOnly": false, "type": "attribute set of absolute path"}, "services.supybot.stateDir": {"declarations": ["nixos/modules/services/networking/supybot.nix"], "default": {"_type": "literalExpression", "text": "/var/lib/supybot"}, "description": "The root directory, logs and plugins are stored here", "loc": ["services", "supybot", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.suricata.disabledRules": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"2270000\"\n  \"2270001\"\n  \"2270002\"\n  \"2270003\"\n  \"2270004\"\n]"}, "description": "List of rules that should be disabled.\n", "loc": ["services", "suricata", "disabledRules"], "readOnly": false, "type": "list of string"}, "services.suricata.enable": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Suricata.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "suricata", "enable"], "readOnly": false, "type": "boolean"}, "services.suricata.enabledSources": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"et/open\"\n  \"etnetera/aggressive\"\n  \"stamus/lateral\"\n  \"oisf/trafficid\"\n  \"tgreen/hunting\"\n  \"sslbl/ja3-fingerprints\"\n  \"sslbl/ssl-fp-blacklist\"\n  \"malsilo/win-malware\"\n  \"pawpatrules\"\n]"}, "description": "List of sources that should be enabled.\nCurrently sources which require a secret-code are not supported.\n", "loc": ["services", "suricata", "enabledSources"], "readOnly": false, "type": "list of string"}, "services.suricata.package": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.suricata"}, "description": "The suricata package to use.", "loc": ["services", "suricata", "package"], "readOnly": false, "type": "package"}, "services.suricata.settings": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "description": "Suricata settings", "example": {"_type": "literalExpression", "text": "vars.address-groups.HOME_NET = \"192.168.178.0/24\";\noutputs = [\n  {\n    fast = {\n      enabled = true;\n      filename = \"fast.log\";\n      append = \"yes\";\n    };\n  }\n  {\n    eve-log = {\n      enabled = true;\n      filetype = \"regular\";\n      filename = \"eve.json\";\n      community-id = true;\n      types = [\n        {\n          alert.tagged-packets = \"yes\";\n        }\n      ];\n    };\n  }\n];\naf-packet = [\n  {\n    interface = \"eth0\";\n    cluster-id = \"99\";\n    cluster-type = \"cluster_flow\";\n    defrag = \"yes\";\n  }\n  {\n    interface = \"default\";\n  }\n];\naf-xdp = [\n  {\n    interface = \"eth1\";\n  }\n];\ndpdk.interfaces = [\n  {\n    interface = \"eth2\";\n  }\n];\npcap = [\n  {\n    interface = \"eth3\";\n  }\n];\napp-layer.protocols = {\n  telnet.enabled = \"yes\";\n  dnp3.enabled = \"yes\";\n  modbus.enabled = \"yes\";\n};\n"}, "loc": ["services", "suricata", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.suricata.settings.af-packet": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Linux high speed capture support.\n", "loc": ["services", "suricata", "settings", "af-packet"], "readOnly": false, "type": "null or (list of (open submodule of (YAML 1.1 value)))"}, "services.suricata.settings.af-packet.*.interface": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "af-packet capture interface, see [upstream docs reagrding tuning](https://docs.suricata.io/en/latest/performance/tuning-considerations.html#af-packet).\n", "loc": ["services", "suricata", "settings", "af-packet", "*", "interface"], "readOnly": false, "type": "string"}, "services.suricata.settings.af-xdp": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Linux high speed af-xdp capture support, see\n[docs/capture-hardware/af-xdp](https://docs.suricata.io/en/suricata-7.0.3/capture-hardware/af-xdp.html).\n", "loc": ["services", "suricata", "settings", "af-xdp"], "readOnly": false, "type": "null or (list of (open submodule of (YAML 1.1 value)))"}, "services.suricata.settings.af-xdp.*.interface": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "af-xdp capture interface, see [upstream docs](https://docs.suricata.io/en/latest/capture-hardware/af-xdp.html).\n", "loc": ["services", "suricata", "settings", "af-xdp", "*", "interface"], "readOnly": false, "type": "string"}, "services.suricata.settings.app-layer": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "app-layer configuration, see [upstream docs](https://docs.suricata.io/en/latest/rules/app-layer.html).\n", "loc": ["services", "suricata", "settings", "app-layer"], "readOnly": false, "type": "null or (submodule)"}, "services.suricata.settings.app-layer.error-policy": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"ignore\""}, "description": "The error-policy setting applies to all app-layer parsers. Values can be\n\"drop-flow\", \"pass-flow\", \"bypass\", \"drop-packet\", \"pass-packet\", \"reject\" or\n\"ignore\" (the default).\n", "loc": ["services", "suricata", "settings", "app-layer", "error-policy"], "readOnly": false, "type": "one of \"drop-flow\", \"pass-flow\", \"bypass\", \"drop-packet\", \"pass-packet\", \"reject\", \"ignore\""}, "services.suricata.settings.app-layer.protocols": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "app-layer protocols, see [upstream docs](https://docs.suricata.io/en/latest/rules/app-layer.html).\n", "loc": ["services", "suricata", "settings", "app-layer", "protocols"], "readOnly": false, "type": "null or (attribute set of (open submodule of (YAML 1.1 value)))"}, "services.suricata.settings.app-layer.protocols.<name>.enabled": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "The option \"enabled\" takes 3 values - \"yes\", \"no\", \"detection-only\".\n\"yes\" enables both detection and the parser, \"no\" disables both, and\n\"detection-only\" enables protocol detection only (parser disabled).\n", "loc": ["services", "suricata", "settings", "app-layer", "protocols", "<name>", "enabled"], "readOnly": false, "type": "one of \"yes\", \"no\", \"detection-only\""}, "services.suricata.settings.classification-file": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/suricata/rules/classification.config\""}, "description": "Suricata classification configuration file.", "loc": ["services", "suricata", "settings", "classification-file"], "readOnly": false, "type": "string"}, "services.suricata.settings.default-log-dir": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/suricata\""}, "description": "The default logging directory. Any log or output file will be placed here if it's\nnot specified with a full path name. This can be overridden with the -l command\nline parameter.\n", "loc": ["services", "suricata", "settings", "default-log-dir"], "readOnly": false, "type": "string"}, "services.suricata.settings.default-rule-path": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/suricata/rules\""}, "description": "Path in which suricata-update managed rules are stored by default.", "loc": ["services", "suricata", "settings", "default-rule-path"], "readOnly": false, "type": "absolute path"}, "services.suricata.settings.dpdk": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Data Plane Development Kit is a framework for fast packet processing in data plane applications running on a wide variety of CPU architectures. DPDK's Environment Abstraction Layer (EAL) provides a generic interface to low-level resources. It is a unique way how DPDK libraries access NICs. EAL creates an API for an application to access NIC resources from the userspace level. In DPDK, packets are not retrieved via interrupt handling. Instead, the application polls the NIC for newly received packets.\n\nDPDK allows the user space application to directly access memory where the NIC stores the packets. As a result, neither DPDK nor the application copies the packets for the inspection. The application directly processes packets via passed packet descriptors.\nSee [docs/capture-hardware/dpdk](https://docs.suricata.io/en/suricata-7.0.7/capture-hardware/dpdk.html) and [docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk](https://docs.suricata.io/en/suricata-7.0.7/configuration/suricata-yaml.html#data-plane-development-kit-dpdk).\n", "loc": ["services", "suricata", "settings", "dpdk"], "readOnly": false, "type": "null or (submodule)"}, "services.suricata.settings.dpdk.eal-params.proc-type": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "dpdk eal-params.proc-type, see [data plane development kit docs](https://doc.dpdk.org/guides/linux_gsg/linux_eal_parameters.html#multiprocessing-related-options).\n", "loc": ["services", "suricata", "settings", "dpdk", "eal-params", "proc-type"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.dpdk.interfaces": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See upstream docs: [docs/capture-hardware/dpdk](https://docs.suricata.io/en/suricata-7.0.7/capture-hardware/dpdk.html) and [docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk](https://docs.suricata.io/en/suricata-7.0.7/configuration/suricata-yaml.html#data-plane-development-kit-dpdk).\n", "loc": ["services", "suricata", "settings", "dpdk", "interfaces"], "readOnly": false, "type": "null or (list of (open submodule of (YAML 1.1 value)))"}, "services.suricata.settings.dpdk.interfaces.*.interface": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See upstream docs: [docs/capture-hardware/dpdk](https://docs.suricata.io/en/suricata-7.0.7/capture-hardware/dpdk.html) and [docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk](https://docs.suricata.io/en/suricata-7.0.7/configuration/suricata-yaml.html#data-plane-development-kit-dpdk).\n", "loc": ["services", "suricata", "settings", "dpdk", "interfaces", "*", "interface"], "readOnly": false, "type": "string"}, "services.suricata.settings.exception-policy": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Define a common behavior for all exception policies.\nIn IPS mode, the default is drop-flow. For cases when that's not possible, the\nengine will fall to drop-packet. To fallback to old behavior (setting each of\nthem individually, or ignoring all), set this to ignore.\nAll values available for exception policies can be used, and there is one\nextra option: auto - which means drop-flow or drop-packet (as explained above)\nin IPS mode, and ignore in IDS mode. Exception policy values are: drop-packet,\ndrop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable).\n", "loc": ["services", "suricata", "settings", "exception-policy"], "readOnly": false, "type": "one of \"auto\", \"drop-packet\", \"drop-flow\", \"reject\", \"bypass\", \"pass-packet\", \"pass-flow\", \"ignore\""}, "services.suricata.settings.host-mode": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "If the Suricata box is a router for the sniffed networks, set it to 'router'. If\nit is a pure sniffing setup, set it to 'sniffer-only'. If set to auto, the variable\nis internally switched to 'router' in IPS mode and 'sniffer-only' in IDS mode.\nThis feature is currently only used by the reject* keywords.\n", "loc": ["services", "suricata", "settings", "host-mode"], "readOnly": false, "type": "one of \"router\", \"sniffer-only\", \"auto\""}, "services.suricata.settings.includes": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Files to include in the suricata configuration. See\n[docs/configuration/suricata-yaml](https://docs.suricata.io/en/suricata-7.0.3/configuration/suricata-yaml.html)\nfor available options.\n", "loc": ["services", "suricata", "settings", "includes"], "readOnly": false, "type": "null or (list of absolute path)"}, "services.suricata.settings.logging.default-log-format": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default output format. Optional parameter, should default to\nsomething reasonable if not provided. Can be overridden in an\noutput section.  You can leave this out to get the default.\n", "loc": ["services", "suricata", "settings", "logging", "default-log-format"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.logging.default-log-level": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "The default log level: can be overridden in an output section.\nNote that debug level logging will only be emitted if Suricata was\ncompiled with the --enable-debug configure option.\n", "loc": ["services", "suricata", "settings", "logging", "default-log-level"], "readOnly": false, "type": "one of \"error\", \"warning\", \"notice\", \"info\", \"perf\", \"config\", \"debug\""}, "services.suricata.settings.logging.default-output-filter": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A regex to filter output.  Can be overridden in an output section.\nDefaults to empty (no filter).\n", "loc": ["services", "suricata", "settings", "logging", "default-output-filter"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.logging.outputs.console.enable": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable logging to console.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "suricata", "settings", "logging", "outputs", "console", "enable"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.logging.outputs.file.enable": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable logging to file.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "suricata", "settings", "logging", "outputs", "file", "enable"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.logging.outputs.file.filename": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"suricata.log\""}, "description": "Filename of the logfile.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "file", "filename"], "readOnly": false, "type": "string"}, "services.suricata.settings.logging.outputs.file.format": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Logformat for logs written to the logfile.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "file", "format"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.logging.outputs.file.level": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Loglevel for logs written to the logfile.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "file", "level"], "readOnly": false, "type": "one of \"error\", \"warning\", \"notice\", \"info\", \"perf\", \"config\", \"debug\""}, "services.suricata.settings.logging.outputs.file.type": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Type of logfile.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "file", "type"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.logging.outputs.syslog.enable": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable logging to syslog.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "suricata", "settings", "logging", "outputs", "syslog", "enable"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.logging.outputs.syslog.facility": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"local5\""}, "description": "Facility to log to.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "syslog", "facility"], "readOnly": false, "type": "string"}, "services.suricata.settings.logging.outputs.syslog.format": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Logformat for logs send to syslog.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "syslog", "format"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.logging.outputs.syslog.type": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Type of logs send to syslog.\n", "loc": ["services", "suricata", "settings", "logging", "outputs", "syslog", "type"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.logging.stacktrace-on-signal": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Requires libunwind to be available when Suricata is configured and built.\nIf a signal unexpectedly terminates Suricata, displays a brief diagnostic\nmessage with the offending stacktrace if enabled.\n", "loc": ["services", "suricata", "settings", "logging", "stacktrace-on-signal"], "readOnly": false, "type": "null or string"}, "services.suricata.settings.outputs": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure the type of alert (and other) logging you would like.\n\nValid values for <NAME> are e. g. `fast`, `eve-log`, `syslog`, `file-store`, ...\n- `fast`: a line based alerts log similar to Snort's fast.log\n- `eve-log`: Extensible Event Format (nicknamed EVE) event log in JSON format\n\nFor more details regarding the configuration, checkout the shipped suricata.yaml\n```shell\nnix-shell -p suricata yq coreutils-full --command 'yq < $(dirname $(which suricata))/../etc/suricata/suricata.yaml'\n```\nand the [suricata documentation](https://docs.suricata.io/en/latest/output/index.html).\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    fast = {\n      enabled = \"yes\";\n      filename = \"fast.log\";\n      append = \"yes\";\n    };\n  }\n  {\n    eve-log = {\n      enabled = \"yes\";\n      filetype = \"regular\";\n      filename = \"eve.json\";\n      community-id = true;\n      types = [\n        {\n          alert.tagged-packets = \"yes\";\n        }\n      ];\n    };\n  }\n];\n"}, "loc": ["services", "suricata", "settings", "outputs"], "readOnly": false, "type": "null or (list of attribute set of (open submodule of (YAML 1.1 value)))"}, "services.suricata.settings.outputs.*.<name>.enabled": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable <NAME>.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "suricata", "settings", "outputs", "*", "<name>", "enabled"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.pcap": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Cross platform libpcap capture support.\n", "loc": ["services", "suricata", "settings", "pcap"], "readOnly": false, "type": "null or (list of (open submodule of (YAML 1.1 value)))"}, "services.suricata.settings.pcap-file.checksum-checks": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Possible values are:\n- yes: checksum validation is forced\n- no: checksum validation is disabled\n- auto: Suricata uses a statistical approach to detect when\nchecksum off-loading is used. (default)\nWarning: 'checksum-validation' must be set to yes to have checksum tested.\n", "loc": ["services", "suricata", "settings", "pcap-file", "checksum-checks"], "readOnly": false, "type": "one of \"yes\", \"no\", \"auto\""}, "services.suricata.settings.pcap.*.interface": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "pcap capture interface, see [upstream docs](https://docs.suricata.io/en/latest/manpages/suricata.html).\n", "loc": ["services", "suricata", "settings", "pcap", "*", "interface"], "readOnly": false, "type": "string"}, "services.suricata.settings.plugins": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Plugins -- Experimental -- specify the filename for each plugin shared object.\n", "loc": ["services", "suricata", "settings", "plugins"], "readOnly": false, "type": "null or (list of absolute path)"}, "services.suricata.settings.reference-config-file": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"\\${config.services.suricata.package}/etc/suricata/reference.config\""}, "description": "Suricata reference configuration file.", "loc": ["services", "suricata", "settings", "reference-config-file"], "readOnly": false, "type": "string"}, "services.suricata.settings.rule-files": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"suricata.rules\"\n]"}, "description": "Files to load suricata-update managed rules, relative to 'default-rule-path'.", "loc": ["services", "suricata", "settings", "rule-files"], "readOnly": false, "type": "list of string"}, "services.suricata.settings.run-as.group": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"suricata\""}, "description": "Run Suricata with a specific group-id.", "loc": ["services", "suricata", "settings", "run-as", "group"], "readOnly": false, "type": "string"}, "services.suricata.settings.run-as.user": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"suricata\""}, "description": "Run Suricata with a specific user-id.", "loc": ["services", "suricata", "settings", "run-as", "user"], "readOnly": false, "type": "string"}, "services.suricata.settings.stats": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Engine statistics such as packet counters, memory use counters and others can be logged in several ways. A separate text log 'stats.log' and an EVE record type 'stats' are enabled by default.\n", "loc": ["services", "suricata", "settings", "stats"], "readOnly": false, "type": "null or (submodule)"}, "services.suricata.settings.stats.decoder-events": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Add decode events to stats\n", "loc": ["services", "suricata", "settings", "stats", "decoder-events"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.stats.decoder-events-prefix": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"decoder.event\""}, "description": "Decoder event prefix in stats. Has been 'decoder' before, but that leads\nto missing events in the eve.stats records.\n", "loc": ["services", "suricata", "settings", "stats", "decoder-events-prefix"], "readOnly": false, "type": "string"}, "services.suricata.settings.stats.enable": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable suricata global stats.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "suricata", "settings", "stats", "enable"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.stats.interval": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"8\""}, "description": "The interval field (in seconds) controls the interval at\nwhich stats are updated in the log.\n", "loc": ["services", "suricata", "settings", "stats", "interval"], "readOnly": false, "type": "string"}, "services.suricata.settings.stats.stream-events": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Add stream events as stats.\n", "loc": ["services", "suricata", "settings", "stats", "stream-events"], "readOnly": false, "type": "boolean"}, "services.suricata.settings.threshold-file": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"\\${config.services.suricata.package}/etc/suricata/threshold.config\""}, "description": "Suricata threshold configuration file.", "loc": ["services", "suricata", "settings", "threshold-file"], "readOnly": false, "type": "string"}, "services.suricata.settings.unix-command": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Unix command socket that can be used to pass commands to Suricata.\nAn external tool can then connect to get information from Suricata\nor trigger some modifications of the engine. Set enabled to yes\nto activate the feature. In auto mode, the feature will only be\nactivated in live capture mode. You can use the filename variable to set\nthe file name of the socket.\n", "loc": ["services", "suricata", "settings", "unix-command"], "readOnly": false, "type": "null or (submodule)"}, "services.suricata.settings.unix-command.enabled": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Enable unix-command socket.\n", "loc": ["services", "suricata", "settings", "unix-command", "enabled"], "readOnly": false, "type": "boolean or value \"auto\" (singular enum)"}, "services.suricata.settings.unix-command.filename": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"/run/suricata/suricata-command.socket\""}, "description": "Filename for unix-command socket.\n", "loc": ["services", "suricata", "settings", "unix-command", "filename"], "readOnly": false, "type": "absolute path"}, "services.suricata.settings.vars": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Variables to be used within the suricata rules.\n", "loc": ["services", "suricata", "settings", "vars"], "readOnly": false, "type": "null or (submodule)"}, "services.suricata.settings.vars.address-groups": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The address group variables for suricata, if not defined the\ndefault value of suricata (see example) will be used.\nYour settings will extend the predefined values in example.\n", "example": {"_type": "literalExpression", "text": "{\n  AIM_SERVERS = \"$EXTERNAL_NET\";\n  DC_SERVERS = \"$HOME_NET\";\n  DNP3_CLIENT = \"$HOME_NET\";\n  DNP3_SERVER = \"$HOME_NET\";\n  DNS_SERVERS = \"$HOME_NET\";\n  ENIP_CLIENT = \"$HOME_NET\";\n  ENIP_SERVER = \"$HOME_NET\";\n  EXTERNAL_NET = \"!$HOME_NET\";\n  HOME_NET = \"[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]\";\n  HTTP_SERVERS = \"$HOME_NET\";\n  MODBUS_CLIENT = \"$HOME_NET\";\n  MODBUS_SERVER = \"$HOME_NET\";\n  SMTP_SERVERS = \"$HOME_NET\";\n  SQL_SERVERS = \"$HOME_NET\";\n  TELNET_SERVERS = \"$HOME_NET\";\n}"}, "loc": ["services", "suricata", "settings", "vars", "address-groups"], "readOnly": false, "type": "submodule"}, "services.suricata.settings.vars.address-groups.AIM_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$EXTERNAL_NET\""}, "description": "AIM_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "AIM_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.DC_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "DC_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "DC_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.DNP3_CLIENT": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "DNP3_CLIENT variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "DNP3_CLIENT"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.DNP3_SERVER": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "DNP3_SERVER variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "DNP3_SERVER"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.DNS_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "DNS_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "DNS_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.ENIP_CLIENT": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "ENIP_CLIENT variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "ENIP_CLIENT"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.ENIP_SERVER": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "ENIP_SERVER variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "ENIP_SERVER"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.EXTERNAL_NET": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"!$HOME_NET\""}, "description": "EXTERNAL_NET variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "EXTERNAL_NET"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.HOME_NET": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]\""}, "description": "HOME_NET variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "HOME_NET"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.HTTP_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "HTTP_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "HTTP_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.MODBUS_CLIENT": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "MODBUS_CLIENT variable\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "MODBUS_CLIENT"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.MODBUS_SERVER": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "MODBUS_SERVER variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "MODBUS_SERVER"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.SMTP_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "SMTP_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "SMTP_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.SQL_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "SQL_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "SQL_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.address-groups.TELNET_SERVERS": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "\"$HOME_NET\""}, "description": "TELNET_SERVERS variable.\n", "loc": ["services", "suricata", "settings", "vars", "address-groups", "TELNET_SERVERS"], "readOnly": false, "type": "unspecified value"}, "services.suricata.settings.vars.port-groups": {"declarations": ["nixos/modules/services/networking/suricata/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  DNP3_PORTS = \"20000\";\n  FILE_DATA_PORTS = \"[$HTTP_PORTS,110,143]\";\n  FTP_PORTS = \"21\";\n  GENEVE_PORTS = \"6081\";\n  HTTP_PORTS = \"80\";\n  MODBUS_PORTS = \"502\";\n  ORACLE_PORTS = \"1521\";\n  SHELLCODE_PORTS = \"!80\";\n  SSH_PORTS = \"22\";\n  TEREDO_PORTS = \"3544\";\n  VXLAN_PORTS = \"4789\";\n}"}, "description": "The port group variables for suricata.\n", "loc": ["services", "suricata", "settings", "vars", "port-groups"], "readOnly": false, "type": "null or (attribute set of string)"}, "services.surrealdb.dbPath": {"declarations": ["nixos/modules/services/databases/surrealdb.nix"], "default": {"_type": "literalExpression", "text": "\"rocksdb:///var/lib/surrealdb/\""}, "description": "The path that surrealdb will write data to. Use null for in-memory.\nCan be one of \"memory\", \"rocksdb://:path\", \"surrealkv://:path\", \"tikv://:addr\", \"fdb://:addr\".\n", "example": {"_type": "literalExpression", "text": "\"memory\""}, "loc": ["services", "surrealdb", "dbPath"], "readOnly": false, "type": "string"}, "services.surrealdb.enable": {"declarations": ["nixos/modules/services/databases/surrealdb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SurrealDB, a scalable, distributed, collaborative, document-graph database, for the realtime web.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "surrealdb", "enable"], "readOnly": false, "type": "boolean"}, "services.surrealdb.extraFlags": {"declarations": ["nixos/modules/services/databases/surrealdb.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify a list of additional command line flags.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--allow-all\"\n  \"--user\"\n  \"root\"\n  \"--pass\"\n  \"root\"\n]"}, "loc": ["services", "surrealdb", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.surrealdb.host": {"declarations": ["nixos/modules/services/databases/surrealdb.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host that surrealdb will connect to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "surrealdb", "host"], "readOnly": false, "type": "string"}, "services.surrealdb.package": {"declarations": ["nixos/modules/services/databases/surrealdb.nix"], "default": {"_type": "literalExpression", "text": "pkgs.surrealdb"}, "description": "The surrealdb package to use.", "loc": ["services", "surrealdb", "package"], "readOnly": false, "type": "package"}, "services.surrealdb.port": {"declarations": ["nixos/modules/services/databases/surrealdb.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "The port that surrealdb will connect to.\n", "example": {"_type": "literalExpression", "text": "8000"}, "loc": ["services", "surrealdb", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.suwayomi-server.dataDir": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/suwayomi-server\""}, "description": "The path to the data directory in which Suwayomi-Server will download scans.\n", "example": {"_type": "literalExpression", "text": "\"/var/data/mangas\""}, "loc": ["services", "suwayomi-server", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.suwayomi-server.enable": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "suwayomi-server", "enable"], "readOnly": false, "type": "boolean"}, "services.suwayomi-server.group": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "\"suwayomi\""}, "description": "Group under which Suwayomi-Server runs.\n", "example": {"_type": "literalExpression", "text": "\"medias\""}, "loc": ["services", "suwayomi-server", "group"], "readOnly": false, "type": "string"}, "services.suwayomi-server.openFirewall": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.suwayomi-server.settings.server.port`.\n", "loc": ["services", "suwayomi-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.suwayomi-server.package": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.suwayomi-server"}, "description": "The suwayomi-server package to use.", "loc": ["services", "suwayomi-server", "package"], "readOnly": false, "type": "package"}, "services.suwayomi-server.settings": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration to write to {file}`server.conf`.\nSee <https://github.com/Suwayomi/Suwayomi-Server/wiki/Configuring-Suwayomi-Server> for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  server = {\n    socksProxyEnabled = true;\n    socksProxyHost = \"yourproxyhost.com\";\n    socksProxyPort = \"8080\";\n  };\n}"}, "loc": ["services", "suwayomi-server", "settings"], "readOnly": false, "type": "open submodule of (HOCON value)"}, "services.suwayomi-server.settings.server.basicAuthEnabled": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable basic access authentication for Suwayomi-Server.\nEnabling this option is useful when hosting on a public network/the Internet\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "suwayomi-server", "settings", "server", "basicAuthEnabled"], "readOnly": false, "type": "boolean"}, "services.suwayomi-server.settings.server.basicAuthPasswordFile": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The password file containing the value that you have to provide when authenticating.\n", "example": {"_type": "literalExpression", "text": "\"/var/secrets/suwayomi-server-password\""}, "loc": ["services", "suwayomi-server", "settings", "server", "basicAuthPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.suwayomi-server.settings.server.basicAuthUsername": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The username value that you have to provide when authenticating.\n", "loc": ["services", "suwayomi-server", "settings", "server", "basicAuthUsername"], "readOnly": false, "type": "null or string"}, "services.suwayomi-server.settings.server.downloadAsCbz": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Download chapters as `.cbz` files.\n", "loc": ["services", "suwayomi-server", "settings", "server", "downloadAsCbz"], "readOnly": false, "type": "boolean"}, "services.suwayomi-server.settings.server.extensionRepos": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "URL of repositories from which the extensions can be installed.\n", "example": {"_type": "literalExpression", "text": "[\n  \"https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json\"\n]"}, "loc": ["services", "suwayomi-server", "settings", "server", "extensionRepos"], "readOnly": false, "type": "list of string"}, "services.suwayomi-server.settings.server.ip": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The ip that Suwayomi will bind to.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "suwayomi-server", "settings", "server", "ip"], "readOnly": false, "type": "string"}, "services.suwayomi-server.settings.server.localSourcePath": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "suwayomi-server.dataDir"}, "description": "Path to the local source folder.\n", "example": {"_type": "literalExpression", "text": "\"/var/data/local_mangas\""}, "loc": ["services", "suwayomi-server", "settings", "server", "localSourcePath"], "readOnly": false, "type": "absolute path"}, "services.suwayomi-server.settings.server.port": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port that Suwayomi will listen to.\n", "example": {"_type": "literalExpression", "text": "4567"}, "loc": ["services", "suwayomi-server", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.suwayomi-server.settings.server.systemTrayEnabled": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a system tray icon, if possible.\n", "loc": ["services", "suwayomi-server", "settings", "server", "systemTrayEnabled"], "readOnly": false, "type": "boolean"}, "services.suwayomi-server.user": {"declarations": ["nixos/modules/services/web-apps/suwayomi-server.nix"], "default": {"_type": "literalExpression", "text": "\"suwayomi\""}, "description": "User account under which Suwayomi-Server runs.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["services", "suwayomi-server", "user"], "readOnly": false, "type": "string"}, "services.svnserve.enable": {"declarations": ["nixos/modules/services/misc/svnserve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable svnserve to serve Subversion repositories through the SVN protocol.", "loc": ["services", "svnserve", "enable"], "readOnly": false, "type": "boolean"}, "services.svnserve.svnBaseDir": {"declarations": ["nixos/modules/services/misc/svnserve.nix"], "default": {"_type": "literalExpression", "text": "\"/repos\""}, "description": "Base directory from which Subversion repositories are accessed.", "loc": ["services", "svnserve", "svnBaseDir"], "readOnly": false, "type": "string"}, "services.swapspace.enable": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Swapspace, a dynamic swap space manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "swapspace", "enable"], "readOnly": false, "type": "boolean"}, "services.swapspace.extraArgs": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any extra arguments to pass to swapspace", "example": {"_type": "literalExpression", "text": "[\n  \"-P\"\n  \"-v\"\n]"}, "loc": ["services", "swapspace", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.swapspace.installWrapper": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "This will add swapspace wrapped with the generated config, to environment.systemPackages\n", "loc": ["services", "swapspace", "installWrapper"], "readOnly": false, "type": "boolean"}, "services.swapspace.package": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "pkgs.swapspace"}, "description": "The swapspace package to use.", "loc": ["services", "swapspace", "package"], "readOnly": false, "type": "package"}, "services.swapspace.settings": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config file for swapspace.\nSee the options here: <https://github.com/Tookmund/Swapspace/blob/master/swapspace.conf>\n", "loc": ["services", "swapspace", "settings"], "readOnly": false, "type": "submodule"}, "services.swapspace.settings.buffer_elasticity": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Percentage of buffer space considered to be \"free\"", "loc": ["services", "swapspace", "settings", "buffer_elasticity"], "readOnly": false, "type": "integer between 0 and 100 (both inclusive)"}, "services.swapspace.settings.cache_elasticity": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "80"}, "description": "Percentage of cache space considered to be \"free\"", "loc": ["services", "swapspace", "settings", "cache_elasticity"], "readOnly": false, "type": "integer between 0 and 100 (both inclusive)"}, "services.swapspace.settings.cooldown": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "Duration (roughly in seconds) of the moratorium on swap allocation that is instated if disk space runs out, or the cooldown time after a new swapfile is successfully allocated before swapspace will consider deallocating swap space again.\nThe default cooldown period is about 10 minutes.\n", "loc": ["services", "swapspace", "settings", "cooldown"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.swapspace.settings.freetarget": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Percentage of free space swapspace should aim for when adding swapspace.\nThis should fall somewhere between lower_freelimit and upper_freelimit.\n", "loc": ["services", "swapspace", "settings", "freetarget"], "readOnly": false, "type": "integer between 2 and 99 (both inclusive)"}, "services.swapspace.settings.lower_freelimit": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Lower free-space threshold: if the percentage of free space drops below this number, additional swapspace is allocated", "loc": ["services", "swapspace", "settings", "lower_freelimit"], "readOnly": false, "type": "integer between 0 and 99 (both inclusive)"}, "services.swapspace.settings.max_swapsize": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "\"2t\""}, "description": "Greatest allowed size for individual swapfiles", "loc": ["services", "swapspace", "settings", "max_swapsize"], "readOnly": false, "type": "string"}, "services.swapspace.settings.min_swapsize": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "\"4m\""}, "description": "Smallest allowed size for individual swapfiles", "loc": ["services", "swapspace", "settings", "min_swapsize"], "readOnly": false, "type": "string"}, "services.swapspace.settings.swappath": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/swapspace\""}, "description": "Location where swapspace may create and delete swapfiles", "loc": ["services", "swapspace", "settings", "swappath"], "readOnly": false, "type": "string"}, "services.swapspace.settings.upper_freelimit": {"declarations": ["nixos/modules/services/system/swapspace.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Upper free-space threshold: if the percentage of free space exceeds this number, swapspace will attempt to free up swapspace", "loc": ["services", "swapspace", "settings", "upper_freelimit"], "readOnly": false, "type": "integer between 0 and 100 (both inclusive)"}, "services.switcherooControl.enable": {"declarations": ["nixos/modules/hardware/video/switcheroo-control.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable switcheroo-control, a D-Bus service to check the availability of dual-GPU.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "switcherooControl", "enable"], "readOnly": false, "type": "boolean"}, "services.switcherooControl.package": {"declarations": ["nixos/modules/hardware/video/switcheroo-control.nix"], "default": {"_type": "literalExpression", "text": "pkgs.switcheroo-control"}, "description": "The switcheroo-control package to use.", "loc": ["services", "switcherooControl", "package"], "readOnly": false, "type": "package"}, "services.sympa.database.createLocally": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "sympa", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.sympa.database.host": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database host address.\n\nFor MySQL, use `localhost` to connect using Unix domain socket.\n\nFor PostgreSQL, use path to directory (e.g. {file}`/run/postgresql`)\nto connect using Unix domain socket located in this directory.\n\nUse `null` to fall back on Sympa default, or when using\n{option}`services.sympa.database.createLocally`.\n", "loc": ["services", "sympa", "database", "host"], "readOnly": false, "type": "null or string"}, "services.sympa.database.name": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "if database.type == \"SQLite\" then \"/var/lib/sympa/sympa.sqlite\" else \"sympa\""}, "description": "Database name. When using SQLite this must be an absolute\npath to the database file.\n", "loc": ["services", "sympa", "database", "name"], "readOnly": false, "type": "string"}, "services.sympa.database.passwordFile": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password for {option}`services.sympa.database.name`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/sympa-dbpassword\""}, "loc": ["services", "sympa", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.sympa.database.port": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database port. Use `null` for default port.", "loc": ["services", "sympa", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sympa.database.type": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "\"SQLite\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"MySQL\""}, "loc": ["services", "sympa", "database", "type"], "readOnly": false, "type": "one of \"SQLite\", \"PostgreSQL\", \"MySQL\""}, "services.sympa.database.user": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "\"sympa\""}, "description": "Database user. The system user name is used as a default.", "loc": ["services", "sympa", "database", "user"], "readOnly": false, "type": "null or string"}, "services.sympa.domains": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "description": "Email domains handled by this instance. There have\nto be MX records for keys of this attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  \"lists.example.org\" = {\n    webHost = \"lists.example.org\";\n    webLocation = \"/\";\n  };\n  \"sympa.example.com\" = {\n    webHost = \"example.com\";\n    webLocation = \"/sympa\";\n  };\n}\n"}, "loc": ["services", "sympa", "domains"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.sympa.domains.<name>.settings": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The {file}`robot.conf` configuration file as key value set.\nSee <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html>\nfor list of configuration parameters.\n", "example": {"_type": "literalExpression", "text": "{\n  default_max_list_members = 3;\n}"}, "loc": ["services", "sympa", "domains", "<name>", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.sympa.domains.<name>.webHost": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Domain part of the web interface URL (no web interface for this domain if `null`).\nDNS record of type A (or AAAA or CNAME) has to exist with this value.\n", "example": {"_type": "literalExpression", "text": "\"archive.example.org\""}, "loc": ["services", "sympa", "domains", "<name>", "webHost"], "readOnly": false, "type": "null or string"}, "services.sympa.domains.<name>.webLocation": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "URL path part of the web interface.", "example": {"_type": "literalExpression", "text": "\"/sympa\""}, "loc": ["services", "sympa", "domains", "<name>", "webLocation"], "readOnly": false, "type": "string"}, "services.sympa.enable": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sympa mailing list manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sympa", "enable"], "readOnly": false, "type": "boolean"}, "services.sympa.lang": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "\"en_US\""}, "description": "Default Sympa language.\nSee <https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa>\nfor available options.\n", "example": {"_type": "literalExpression", "text": "\"cs\""}, "loc": ["services", "sympa", "lang"], "readOnly": false, "type": "string"}, "services.sympa.listMasters": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "description": "The list of the email addresses of the listmasters\n(users authorized to perform global server commands).\n", "example": {"_type": "literalExpression", "text": "[\n  \"postmaster@sympa.example.org\"\n]"}, "loc": ["services", "sympa", "listMasters"], "readOnly": false, "type": "list of string"}, "services.sympa.mainDomain": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Main domain to be used in {file}`sympa.conf`.\nIf `null`, one of the {option}`services.sympa.domains` is chosen for you.\n", "example": {"_type": "literalExpression", "text": "\"lists.example.org\""}, "loc": ["services", "sympa", "mainDomain"], "readOnly": false, "type": "null or string"}, "services.sympa.mta.type": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "\"postfix\""}, "description": "Mail transfer agent (MTA) integration. Use `none` if you want to configure it yourself.\n\nThe `postfix` integration sets up local Postfix instance that will pass incoming\nmessages from configured domains to Sympa. You still need to configure at least outgoing message\nhandling using e.g. {option}`services.postfix.relayHost`.\n", "loc": ["services", "sympa", "mta", "type"], "readOnly": false, "type": "one of \"postfix\", \"none\""}, "services.sympa.settings": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The {file}`sympa.conf` configuration file as key value set.\nSee <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html>\nfor list of configuration parameters.\n", "example": {"_type": "literalExpression", "text": "{\n  default_home = \"lists\";\n  viewlogs_page_size = 50;\n}\n"}, "loc": ["services", "sympa", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.sympa.settingsFile": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set of files to be linked in {file}`/var/lib/sympa`.", "example": {"_type": "literalExpression", "text": "{\n  \"list_data/lists.example.org/help\" = {\n    text = \"subject This list provides help to users\";\n  };\n}\n"}, "loc": ["services", "sympa", "settingsFile"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.sympa.settingsFile.<name>.enable": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this file should be generated. This option allows specific files to be disabled.", "loc": ["services", "sympa", "settingsFile", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.sympa.settingsFile.<name>.source": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "description": "Path of the source file.", "loc": ["services", "sympa", "settingsFile", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "services.sympa.settingsFile.<name>.text": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["services", "sympa", "settingsFile", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.sympa.web.enable": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Sympa web interface.", "loc": ["services", "sympa", "web", "enable"], "readOnly": false, "type": "boolean"}, "services.sympa.web.fcgiProcs": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Number of FastCGI processes to fork.", "loc": ["services", "sympa", "web", "fcgiProcs"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.sympa.web.https": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use HTTPS. When nginx integration is enabled, this option forces SSL and enables ACME.\nPlease note that Sympa web interface always uses https links even when this option is disabled.\n", "loc": ["services", "sympa", "web", "https"], "readOnly": false, "type": "boolean"}, "services.sympa.web.server": {"declarations": ["nixos/modules/services/mail/sympa.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "The webserver used for the Sympa web interface. Set it to `none` if you want to configure it yourself.\nFurther nginx configuration can be done by adapting\n{option}`services.nginx.virtualHosts.\u00abname\u00bb`.\n", "loc": ["services", "sympa", "web", "server"], "readOnly": false, "type": "one of \"nginx\", \"none\""}, "services.synapse-auto-compressor.enable": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable synapse-auto-compressor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "synapse-auto-compressor", "enable"], "readOnly": false, "type": "boolean"}, "services.synapse-auto-compressor.package": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rust-synapse-compress-state"}, "description": "The rust-synapse-compress-state package to use.", "loc": ["services", "synapse-auto-compressor", "package"], "readOnly": false, "type": "package"}, "services.synapse-auto-compressor.postgresUrl": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "let\n  synapseConfig = config.services.matrix-synapse;\n  args = synapseConfig.settings.database.args;\nin\nif synapseConfig.enable then\n  ''postgresql://${args.user}${lib.optionalString (args ? password) (\":\" + args.password)}@${\n    lib.escapeURL (if (args ? host) then args.host else \"/run/postgresql\")\n  }${lib.optionalString (args ? port) (\":\" + args.port)}${args.database}''\nelse\n  null;\n"}, "description": "Connection string to postgresql in the\n[rust `postgres` crate config format](https://docs.rs/postgres/latest/postgres/config/struct.Config.html).\nThe module will attempt to build a URL-style connection string out of the `services.matrix-synapse.settings.database.args`\nif a local synapse is enabled.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://username:password@mydomain.com:port/database\""}, "loc": ["services", "synapse-auto-compressor", "postgresUrl"], "readOnly": false, "type": "string"}, "services.synapse-auto-compressor.settings.chunk_size": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "500"}, "description": "The number of state groups to work on at once. All of the entries from `state_groups_state` are requested\nfrom the database for state groups that are worked on. Therefore small chunk sizes may be needed on\nmachines with low memory.\n\nNote: if the compressor fails to find space savings on the chunk as a whole\n(which may well happen in rooms with lots of backfill in) then the entire chunk is skipped.\n", "loc": ["services", "synapse-auto-compressor", "settings", "chunk_size"], "readOnly": false, "type": "signed integer"}, "services.synapse-auto-compressor.settings.chunks_to_compress": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "`chunks_to_compress` chunks of size `chunk_size` will be compressed. The higher this number is set to,\nthe longer the compressor will run for.\n", "loc": ["services", "synapse-auto-compressor", "settings", "chunks_to_compress"], "readOnly": false, "type": "signed integer"}, "services.synapse-auto-compressor.settings.levels": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "[\n  100\n  50\n  25\n]"}, "description": "Sizes of each new level in the compression algorithm, as a comma-separated list. The first entry in\nthe list is for the lowest, most granular level, with each subsequent entry being for the next highest\nlevel. The number of entries in the list determines the number of levels that will be used. The sum of\nthe sizes of the levels affects the performance of fetching the state from the database, as the sum of\nthe sizes is the upper bound on the number of iterations needed to fetch a given set of state.\n", "loc": ["services", "synapse-auto-compressor", "settings", "levels"], "readOnly": false, "type": "list of signed integer"}, "services.synapse-auto-compressor.startAt": {"declarations": ["nixos/modules/services/matrix/synapse-auto-compressor.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "How often to run this service in systemd calendar syntax (see {manpage}`systemd.time(7)`)", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["services", "synapse-auto-compressor", "startAt"], "readOnly": false, "type": "string or list of string"}, "services.syncoid.commands": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Syncoid commands to run.", "example": {"_type": "literalExpression", "text": "{\n  \"pool/test\".target = \"root@target:pool/test\";\n}\n"}, "loc": ["services", "syncoid", "commands"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.syncoid.commands.<name>.extraArgs": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra syncoid arguments for this command.", "example": {"_type": "literalExpression", "text": "[\n  \"--sshport 2222\"\n]"}, "loc": ["services", "syncoid", "commands", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.syncoid.commands.<name>.localSourceAllow": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "description": "Permissions granted for the {option}`services.syncoid.user` user\nfor local source datasets. See\n<https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html>\nfor available permissions.\nDefaults to {option}`services.syncoid.localSourceAllow` option.\n", "loc": ["services", "syncoid", "commands", "<name>", "localSourceAllow"], "readOnly": false, "type": "list of string"}, "services.syncoid.commands.<name>.localTargetAllow": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "description": "Permissions granted for the {option}`services.syncoid.user` user\nfor local target datasets. See\n<https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html>\nfor available permissions.\nMake sure to include the `change-key` permission if you send raw encrypted datasets,\nthe `compression` permission if you send raw compressed datasets, and so on.\nFor remote target datasets you'll have to set your remote user permissions by yourself.\n", "loc": ["services", "syncoid", "commands", "<name>", "localTargetAllow"], "readOnly": false, "type": "list of string"}, "services.syncoid.commands.<name>.recursive": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the transfer of child datasets.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "syncoid", "commands", "<name>", "recursive"], "readOnly": false, "type": "boolean"}, "services.syncoid.commands.<name>.recvOptions": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Advanced options to pass to zfs recv. Options are specified\nwithout their leading dashes and separated by spaces.\n", "example": {"_type": "literalExpression", "text": "\"ux recordsize o compression=lz4\""}, "loc": ["services", "syncoid", "commands", "<name>", "recvOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.syncoid.commands.<name>.sendOptions": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Advanced options to pass to zfs send. Options are specified\nwithout their leading dashes and separated by spaces.\n", "example": {"_type": "literalExpression", "text": "\"Lc e\""}, "loc": ["services", "syncoid", "commands", "<name>", "sendOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.syncoid.commands.<name>.service": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Systemd configuration specific to this syncoid service.\n", "loc": ["services", "syncoid", "commands", "<name>", "service"], "readOnly": false, "type": "attribute set"}, "services.syncoid.commands.<name>.source": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "description": "Source ZFS dataset. Can be either local or remote. Defaults to\nthe attribute name.\n", "example": {"_type": "literalExpression", "text": "\"pool/dataset\""}, "loc": ["services", "syncoid", "commands", "<name>", "source"], "readOnly": false, "type": "string"}, "services.syncoid.commands.<name>.sshKey": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "description": "SSH private key file to use to login to the remote system.\nDefaults to {option}`services.syncoid.sshKey` option.\n", "loc": ["services", "syncoid", "commands", "<name>", "sshKey"], "readOnly": false, "type": "null or (string or absolute path convertible to it)"}, "services.syncoid.commands.<name>.target": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "description": "Target ZFS dataset. Can be either local\n(\u00abpool/dataset\u00bb) or remote\n(\u00abuser@server:pool/dataset\u00bb).\n", "example": {"_type": "literalExpression", "text": "\"user@server:pool/dataset\""}, "loc": ["services", "syncoid", "commands", "<name>", "target"], "readOnly": false, "type": "string"}, "services.syncoid.commands.<name>.useCommonArgs": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add the configured common arguments to this command.\n", "loc": ["services", "syncoid", "commands", "<name>", "useCommonArgs"], "readOnly": false, "type": "boolean"}, "services.syncoid.commonArgs": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Arguments to add to every syncoid command, unless disabled for that\ncommand. See\n<https://github.com/jimsalterjrs/sanoid/#syncoid-command-line-options>\nfor available options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--no-sync-snap\"\n]"}, "loc": ["services", "syncoid", "commonArgs"], "readOnly": false, "type": "list of string"}, "services.syncoid.enable": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Syncoid ZFS synchronization service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "syncoid", "enable"], "readOnly": false, "type": "boolean"}, "services.syncoid.group": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "\"syncoid\""}, "description": "The group for the service.", "example": {"_type": "literalExpression", "text": "\"backup\""}, "loc": ["services", "syncoid", "group"], "readOnly": false, "type": "string"}, "services.syncoid.interval": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "Run syncoid at this interval. The default is to run hourly.\n\nMust be in the format described in {manpage}`systemd.time(7)`.  This is\nequivalent to adding a corresponding timer unit with\n{option}`OnCalendar` set to the value given here.\n\nSet to an empty list to avoid starting syncoid automatically.\n", "example": {"_type": "literalExpression", "text": "\"*-*-* *:15:00\""}, "loc": ["services", "syncoid", "interval"], "readOnly": false, "type": "string or list of string"}, "services.syncoid.localSourceAllow": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"bookmark\"\n  \"hold\"\n  \"send\"\n  \"snapshot\"\n  \"destroy\"\n  \"mount\"\n]"}, "description": "Permissions granted for the {option}`services.syncoid.user` user\nfor local source datasets. See\n<https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html>\nfor available permissions.\n", "loc": ["services", "syncoid", "localSourceAllow"], "readOnly": false, "type": "list of string"}, "services.syncoid.localTargetAllow": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"change-key\"\n  \"compression\"\n  \"create\"\n  \"mount\"\n  \"mountpoint\"\n  \"receive\"\n  \"rollback\"\n]"}, "description": "Permissions granted for the {option}`services.syncoid.user` user\nfor local target datasets. See\n<https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html>\nfor available permissions.\nMake sure to include the `change-key` permission if you send raw encrypted datasets,\nthe `compression` permission if you send raw compressed datasets, and so on.\nFor remote target datasets you'll have to set your remote user permissions by yourself.\n", "example": {"_type": "literalExpression", "text": "[\n  \"create\"\n  \"mount\"\n  \"receive\"\n  \"rollback\"\n]"}, "loc": ["services", "syncoid", "localTargetAllow"], "readOnly": false, "type": "list of string"}, "services.syncoid.package": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sanoid"}, "description": "The sanoid package to use.", "loc": ["services", "syncoid", "package"], "readOnly": false, "type": "package"}, "services.syncoid.service": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Systemd configuration common to all syncoid services.\n", "loc": ["services", "syncoid", "service"], "readOnly": false, "type": "attribute set"}, "services.syncoid.sshKey": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSH private key file to use to login to the remote system. Can be\noverridden in individual commands.\n", "loc": ["services", "syncoid", "sshKey"], "readOnly": false, "type": "null or (string or absolute path convertible to it)"}, "services.syncoid.user": {"declarations": ["nixos/modules/services/backup/syncoid.nix"], "default": {"_type": "literalExpression", "text": "\"syncoid\""}, "description": "The user for the service. ZFS privilege delegation will be\nautomatically configured for any local pools used by syncoid if this\noption is set to a user other than root. The user will be given the\n\"hold\" and \"send\" privileges on any pool that has datasets being sent\nand the \"create\", \"mount\", \"receive\", and \"rollback\" privileges on\nany pool that has datasets being received.\n", "example": {"_type": "literalExpression", "text": "\"backup\""}, "loc": ["services", "syncoid", "user"], "readOnly": false, "type": "string"}, "services.syncplay.certDir": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS certificates directory to use for encryption. See\n<https://github.com/Syncplay/syncplay/wiki/TLS-support>.\n", "loc": ["services", "syncplay", "certDir"], "readOnly": false, "type": "null or absolute path"}, "services.syncplay.chat": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Chat with users in the same room.\n", "loc": ["services", "syncplay", "chat"], "readOnly": false, "type": "boolean"}, "services.syncplay.enable": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, start the Syncplay server.\n", "loc": ["services", "syncplay", "enable"], "readOnly": false, "type": "boolean"}, "services.syncplay.extraArgs": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional arguments to be passed to the service.\n", "loc": ["services", "syncplay", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.syncplay.interfaceIpv4": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The IP address to bind to for IPv4. Leaving it empty defaults to using all.\n", "loc": ["services", "syncplay", "interfaceIpv4"], "readOnly": false, "type": "string"}, "services.syncplay.interfaceIpv6": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The IP address to bind to for IPv6. Leaving it empty defaults to using all.\n", "loc": ["services", "syncplay", "interfaceIpv6"], "readOnly": false, "type": "string"}, "services.syncplay.ipv4Only": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Listen only on IPv4 when strting the server.\n", "loc": ["services", "syncplay", "ipv4Only"], "readOnly": false, "type": "boolean"}, "services.syncplay.ipv6Only": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Listen only on IPv6 when strting the server.\n", "loc": ["services", "syncplay", "ipv6Only"], "readOnly": false, "type": "boolean"}, "services.syncplay.isolateRooms": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable room isolation.\n", "loc": ["services", "syncplay", "isolateRooms"], "readOnly": false, "type": "boolean"}, "services.syncplay.maxChatMessageLength": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "150"}, "description": "Maximum number of characters in a chat message.\n", "loc": ["services", "syncplay", "maxChatMessageLength"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.syncplay.maxUsernameLength": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Maximum number of characters in a username.\n", "loc": ["services", "syncplay", "maxUsernameLength"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.syncplay.motd": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text to display when users join. The motd will be readable in the nix store\nand the processlist.  If this is not intended use `motdFile` instead.\nWill be overriden by {option}`services.syncplay.motdFile`.\n", "loc": ["services", "syncplay", "motd"], "readOnly": false, "type": "null or string"}, "services.syncplay.motdFile": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "if services.syncplay.motd != null then (builtins.toFile \"motd\" services.syncplay.motd) else null"}, "description": "Path to text to display when users join.\nWill override {option}`services.syncplay.motd`.\n", "loc": ["services", "syncplay", "motdFile"], "readOnly": false, "type": "null or string"}, "services.syncplay.package": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "pkgs.syncplay-nogui"}, "description": "The syncplay-nogui package to use.", "loc": ["services", "syncplay", "package"], "readOnly": false, "type": "package"}, "services.syncplay.passwordFile": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file that contains the server password. If\n`null`, the server doesn't require a password.\n", "loc": ["services", "syncplay", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.syncplay.permanentRooms": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of rooms that will be listed even if the room is empty.\nWill be overriden by {option}`services.syncplay.permanentRoomsFile`.\n", "loc": ["services", "syncplay", "permanentRooms"], "readOnly": false, "type": "list of string"}, "services.syncplay.permanentRoomsFile": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "if services.syncplay.permanentRooms != [ ] then (builtins.toFile \"perm\" (builtins.concatStringsSep \"\\n\" services.syncplay.permanentRooms)) else null"}, "description": "File with list of rooms that will be listed even if the room is empty,\nnewline delimited.\nWill override {option}`services.syncplay.permanentRooms`.\n", "loc": ["services", "syncplay", "permanentRoomsFile"], "readOnly": false, "type": "null or string"}, "services.syncplay.port": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "8999"}, "description": "TCP port to bind to.\n", "loc": ["services", "syncplay", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.syncplay.ready": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check readiness of users.\n", "loc": ["services", "syncplay", "ready"], "readOnly": false, "type": "boolean"}, "services.syncplay.roomsDBFile": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to SQLite database file to store room states.\nRelative to the working directory provided by systemd.\n", "example": {"_type": "literalExpression", "text": "\"rooms.db\""}, "loc": ["services", "syncplay", "roomsDBFile"], "readOnly": false, "type": "null or string"}, "services.syncplay.salt": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Salt to allow room operator passwords generated by this server\ninstance to still work when the server is restarted.  The salt will be\nreadable in the nix store and the processlist.  If this is not\nintended use `saltFile` instead.  Mutually exclusive with\n{option}`services.syncplay.saltFile`.\n", "loc": ["services", "syncplay", "salt"], "readOnly": false, "type": "null or string"}, "services.syncplay.saltFile": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file that contains the server salt.  This allows room\noperator passwords generated by this server instance to still work\nwhen the server is restarted.  `null`, the server doesn't load the\nsalt from a file.  Mutually exclusive with\n{option}`services.syncplay.salt`.\n", "loc": ["services", "syncplay", "saltFile"], "readOnly": false, "type": "null or absolute path"}, "services.syncplay.statsDBFile": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to SQLite database file to store stats.\nRelative to the working directory provided by systemd.\n", "example": {"_type": "literalExpression", "text": "\"stats.db\""}, "loc": ["services", "syncplay", "statsDBFile"], "readOnly": false, "type": "null or string"}, "services.syncplay.useACMEHost": {"declarations": ["nixos/modules/services/networking/syncplay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, use NixOS-generated ACME certificate with the specified name for TLS.\n\nNote that it requires {option}`security.acme` to be setup, e.g., credentials provided if using DNS-01 validation.\n", "example": {"_type": "literalExpression", "text": "\"syncplay.example.com\""}, "loc": ["services", "syncplay", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.syncthing.all_proxy": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Overwrites the all_proxy environment variable for the Syncthing process to\nthe given value. This is normally used to let Syncthing connect\nthrough a SOCKS5 proxy server.\nSee <https://docs.syncthing.net/users/proxying.html>.\n", "example": {"_type": "literalExpression", "text": "\"socks5://address.com:1234\""}, "loc": ["services", "syncthing", "all_proxy"], "readOnly": false, "type": "null or string"}, "services.syncthing.cert": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the `cert.pem` file, which will be copied into Syncthing's\n[configDir](#opt-services.syncthing.configDir).\n", "loc": ["services", "syncthing", "cert"], "readOnly": false, "type": "null or string"}, "services.syncthing.configDir": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalMD", "text": "* if `stateVersion >= 19.03`:\n\n      config.services.syncthing.dataDir + \"/.config/syncthing\"\n* otherwise:\n\n      config.services.syncthing.dataDir\n"}, "description": "The path where the settings and keys will exist.\n", "loc": ["services", "syncthing", "configDir"], "readOnly": false, "type": "absolute path"}, "services.syncthing.dataDir": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/syncthing\""}, "description": "The path where synchronised directories will exist.\n", "example": {"_type": "literalExpression", "text": "\"/home/yourUser\""}, "loc": ["services", "syncthing", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.syncthing.databaseDir": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "config.services.syncthing.configDir"}, "description": "The directory containing the database and logs.\n", "loc": ["services", "syncthing", "databaseDir"], "readOnly": false, "type": "absolute path"}, "services.syncthing.enable": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "syncthing", "enable"], "readOnly": false, "type": "boolean"}, "services.syncthing.extraFlags": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the syncthing command in the service definition.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--reset-deltas\"\n]"}, "loc": ["services", "syncthing", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.syncthing.group": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"syncthing\""}, "description": "The group to run Syncthing under.\nBy default, a group named `syncthing` will be created.\n", "example": {"_type": "literalExpression", "text": "\"yourGroup\""}, "loc": ["services", "syncthing", "group"], "readOnly": false, "type": "string"}, "services.syncthing.guiAddress": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8384\""}, "description": "The address to serve the web interface at.\n", "loc": ["services", "syncthing", "guiAddress"], "readOnly": false, "type": "string"}, "services.syncthing.guiPasswordFile": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing the plaintext password for Syncthing's GUI.\n", "loc": ["services", "syncthing", "guiPasswordFile"], "readOnly": false, "type": "null or string"}, "services.syncthing.key": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the `key.pem` file, which will be copied into Syncthing's\n[configDir](#opt-services.syncthing.configDir).\n", "loc": ["services", "syncthing", "key"], "readOnly": false, "type": "null or string"}, "services.syncthing.openDefaultPorts": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers\nand UDP 21027 for discovery.\n\nIf multiple users are running Syncthing on this machine, you will need\nto manually open a set of ports for each instance and leave this disabled.\nAlternatively, if you are running only a single instance on this machine\nusing the default ports, enable this.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "syncthing", "openDefaultPorts"], "readOnly": false, "type": "boolean"}, "services.syncthing.overrideDevices": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to delete the devices which are not configured via the\n[devices](#opt-services.syncthing.settings.devices) option.\nIf set to `false`, devices added via the web\ninterface will persist and will have to be deleted manually.\n", "loc": ["services", "syncthing", "overrideDevices"], "readOnly": false, "type": "boolean"}, "services.syncthing.overrideFolders": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalMD", "text": "`true` unless any device has the\n[autoAcceptFolders](#opt-services.syncthing.settings.devices._name_.autoAcceptFolders)\noption set to `true`.\n"}, "description": "Whether to delete the folders which are not configured via the\n[folders](#opt-services.syncthing.settings.folders) option.\nIf set to `false`, folders added via the web\ninterface will persist and will have to be deleted manually.\n", "loc": ["services", "syncthing", "overrideFolders"], "readOnly": false, "type": "boolean"}, "services.syncthing.package": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "pkgs.syncthing"}, "description": "The syncthing package to use.", "loc": ["services", "syncthing", "package"], "readOnly": false, "type": "package"}, "services.syncthing.relay.enable": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Syncthing relay service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "syncthing", "relay", "enable"], "readOnly": false, "type": "boolean"}, "services.syncthing.relay.extraOptions": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to strelaysrv.\n", "loc": ["services", "syncthing", "relay", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.syncthing.relay.globalRateBps": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Global bandwidth rate limit in bytes per second.\n", "loc": ["services", "syncthing", "relay", "globalRateBps"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.syncthing.relay.listenAddress": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address to listen on for relay traffic.\n", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "syncthing", "relay", "listenAddress"], "readOnly": false, "type": "string"}, "services.syncthing.relay.perSessionRateBps": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Per session bandwidth rate limit in bytes per second.\n", "loc": ["services", "syncthing", "relay", "perSessionRateBps"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.syncthing.relay.pools": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Relay pools to join. If null, uses the default global pool.\n", "loc": ["services", "syncthing", "relay", "pools"], "readOnly": false, "type": "null or (list of string)"}, "services.syncthing.relay.port": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "22067"}, "description": "Port to listen on for relay traffic. This port should be added to\n`networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "syncthing", "relay", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.syncthing.relay.providedBy": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Human-readable description of the provider of the relay (you).\n", "loc": ["services", "syncthing", "relay", "providedBy"], "readOnly": false, "type": "string"}, "services.syncthing.relay.statusListenAddress": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address to listen on for serving the relay status API.\n", "example": {"_type": "literalExpression", "text": "\"1.2.3.4\""}, "loc": ["services", "syncthing", "relay", "statusListenAddress"], "readOnly": false, "type": "string"}, "services.syncthing.relay.statusPort": {"declarations": ["nixos/modules/services/networking/syncthing-relay.nix"], "default": {"_type": "literalExpression", "text": "22070"}, "description": "Port to listen on for serving the relay status API. This port should be\nadded to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "syncthing", "relay", "statusPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.syncthing.settings": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options for Syncthing.\nSee <https://docs.syncthing.net/users/config.html>.\nNote that this attribute set does not exactly match the documented\nxml format. Instead, this is the format of the json rest api. There\nare slight differences. For example, this xml:\n```xml\n<options>\n  <listenAddress>default</listenAddress>\n  <minHomeDiskFree unit=\"%\">1</minHomeDiskFree>\n</options>\n```\ncorresponds to the json:\n```json\n{\n  options: {\n    listenAddresses = [\n      \"default\"\n    ];\n    minHomeDiskFree = {\n      unit = \"%\";\n      value = 1;\n    };\n  };\n}\n```\n", "example": {"_type": "literalExpression", "text": "{\n  gui = {\n    theme = \"black\";\n  };\n  options = {\n    localAnnounceEnabled = false;\n  };\n}"}, "loc": ["services", "syncthing", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.syncthing.settings.devices": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Peers/devices which Syncthing should communicate with.\n\nNote that you can still add devices manually, but those changes\nwill be reverted on restart if [overrideDevices](#opt-services.syncthing.overrideDevices)\nis enabled.\n", "example": {"_type": "literalExpression", "text": "{\n  bigbox = {\n    addresses = [\n      \"tcp://192.168.0.10:51820\"\n    ];\n    id = \"7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU\";\n  };\n}"}, "loc": ["services", "syncthing", "settings", "devices"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.syncthing.settings.devices.<name>.autoAcceptFolders": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically create or share folders that this device advertises at the default path.\nSee <https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format>.\n", "loc": ["services", "syncthing", "settings", "devices", "<name>", "autoAcceptFolders"], "readOnly": false, "type": "boolean"}, "services.syncthing.settings.devices.<name>.id": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "description": "The device ID. See <https://docs.syncthing.net/dev/device-ids.html>.\n", "loc": ["services", "syncthing", "settings", "devices", "<name>", "id"], "readOnly": false, "type": "string"}, "services.syncthing.settings.devices.<name>.name": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the device.\n", "loc": ["services", "syncthing", "settings", "devices", "<name>", "name"], "readOnly": false, "type": "string"}, "services.syncthing.settings.folders": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Folders which should be shared by Syncthing.\n\nNote that you can still add folders manually, but those changes\nwill be reverted on restart if [overrideFolders](#opt-services.syncthing.overrideFolders)\nis enabled.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/home/user/sync\" = {\n    id = \"syncme\";\n    devices = [ \"bigbox\" ];\n  };\n}\n"}, "loc": ["services", "syncthing", "settings", "folders"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.syncthing.settings.folders.<name>.copyOwnershipFromParent": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it\u2019s located in).\nRequires running Syncthing as a privileged user, or granting it additional capabilities (e.g. CAP_CHOWN on Linux).\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "copyOwnershipFromParent"], "readOnly": false, "type": "boolean"}, "services.syncthing.settings.folders.<name>.devices": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The devices this folder should be shared with. Each device must\nbe defined in the [devices](#opt-services.syncthing.settings.devices) option.\n\nA list of either strings or attribute sets, where values\nare device names or device configurations.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "devices"], "readOnly": false, "type": "list of (string or (open submodule of (JSON value)))"}, "services.syncthing.settings.folders.<name>.enable": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to share this folder.\nThis option is useful when you want to define all folders\nin one place, but not every machine should share all folders.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.syncthing.settings.folders.<name>.id": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The ID of the folder. Must be the same on all devices.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "id"], "readOnly": false, "type": "string"}, "services.syncthing.settings.folders.<name>.ignorePatterns": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Syncthing can be configured to ignore certain files in a folder using ignore patterns.\nEnter them as a list of strings, one string per line.\nSee the Syncthing documentation for syntax: <https://docs.syncthing.net/users/ignoring.html>\nPatterns set using the WebUI will be overridden if you define this option.\nIf you want to override the ignore patterns to be empty, use `ignorePatterns = []`.\nDeleting the `ignorePatterns` option will not remove the patterns from Syncthing automatically\nbecause patterns are only handled by the module if this option is defined. Either use\n`ignorePatterns = []` before deleting the option or remove the patterns afterwards using the WebUI.\n", "example": {"_type": "literalExpression", "text": "[\n  \"// This is a comment\"\n  \"*.part // Firefox downloads and other things\"\n  \"*.crdownload // Chrom(ium|e) downloads\"\n]"}, "loc": ["services", "syncthing", "settings", "folders", "<name>", "ignorePatterns"], "readOnly": false, "type": "null or (list of string)"}, "services.syncthing.settings.folders.<name>.label": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The label of the folder.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "label"], "readOnly": false, "type": "string"}, "services.syncthing.settings.folders.<name>.path": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The path to the folder which should be shared.\nOnly absolute paths (starting with `/`) and paths relative to\nthe [user](#opt-services.syncthing.user)'s home directory\n(starting with `~/`) are allowed.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "path"], "readOnly": false, "type": "string starting with / or ~/"}, "services.syncthing.settings.folders.<name>.type": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"sendreceive\""}, "description": "Controls how the folder is handled by Syncthing.\nSee <https://docs.syncthing.net/users/config.html#config-option-folder.type>.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "type"], "readOnly": false, "type": "one of \"sendreceive\", \"sendonly\", \"receiveonly\", \"receiveencrypted\""}, "services.syncthing.settings.folders.<name>.versioning": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How to keep changed/deleted files with Syncthing.\nThere are 4 different types of versioning with different parameters.\nSee <https://docs.syncthing.net/users/versioning.html>.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    versioning = {\n      type = \"simple\";\n      params.keep = \"10\";\n    };\n  }\n  {\n    versioning = {\n      type = \"trashcan\";\n      params.cleanoutDays = \"1000\";\n    };\n  }\n  {\n    versioning = {\n      type = \"staggered\";\n      fsPath = \"/syncthing/backup\";\n      params = {\n        cleanInterval = \"3600\";\n        maxAge = \"31536000\";\n      };\n    };\n  }\n  {\n    versioning = {\n      type = \"external\";\n      params.versionsPath = pkgs.writers.writeBash \"backup\" ''\n        folderpath=\"$1\"\n        filepath=\"$2\"\n        rm -rf \"$folderpath/$filepath\"\n      '';\n    };\n  }\n]\n"}, "loc": ["services", "syncthing", "settings", "folders", "<name>", "versioning"], "readOnly": false, "type": "null or (open submodule of (JSON value))"}, "services.syncthing.settings.folders.<name>.versioning.type": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "description": "The type of versioning.\nSee <https://docs.syncthing.net/users/versioning.html>.\n", "loc": ["services", "syncthing", "settings", "folders", "<name>", "versioning", "type"], "readOnly": false, "type": "one of \"external\", \"simple\", \"staggered\", \"trashcan\""}, "services.syncthing.settings.options": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The options element contains all other global configuration options\n", "loc": ["services", "syncthing", "settings", "options"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.syncthing.settings.options.limitBandwidthInLan": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.\n", "loc": ["services", "syncthing", "settings", "options", "limitBandwidthInLan"], "readOnly": false, "type": "null or boolean"}, "services.syncthing.settings.options.localAnnounceEnabled": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to send announcements to the local LAN, also use such announcements to find other devices.\n", "loc": ["services", "syncthing", "settings", "options", "localAnnounceEnabled"], "readOnly": false, "type": "null or boolean"}, "services.syncthing.settings.options.localAnnouncePort": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port on which to listen and send IPv4 broadcast announcements to.\n", "loc": ["services", "syncthing", "settings", "options", "localAnnouncePort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.syncthing.settings.options.maxFolderConcurrency": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning.\nThe mechanism is described in detail in a [separate chapter](https://docs.syncthing.net/advanced/option-max-concurrency.html).\n", "loc": ["services", "syncthing", "settings", "options", "maxFolderConcurrency"], "readOnly": false, "type": "null or signed integer"}, "services.syncthing.settings.options.relaysEnabled": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When true, relays will be connected to and potentially used for device to device connections.\n", "loc": ["services", "syncthing", "settings", "options", "relaysEnabled"], "readOnly": false, "type": "null or boolean"}, "services.syncthing.settings.options.urAccepted": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether the user has accepted to submit anonymous usage data.\nThe default, 0, mean the user has not made a choice, and Syncthing will ask at some point in the future.\n\"-1\" means no, a number above zero means that that version of usage reporting has been accepted.\n", "loc": ["services", "syncthing", "settings", "options", "urAccepted"], "readOnly": false, "type": "null or signed integer"}, "services.syncthing.systemService": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to auto-launch Syncthing as a system service.\n", "loc": ["services", "syncthing", "systemService"], "readOnly": false, "type": "boolean"}, "services.syncthing.user": {"declarations": ["nixos/modules/services/networking/syncthing.nix"], "default": {"_type": "literalExpression", "text": "\"syncthing\""}, "description": "The user to run Syncthing as.\nBy default, a user named `syncthing` will be created whose home\ndirectory is [dataDir](#opt-services.syncthing.dataDir).\n", "example": {"_type": "literalExpression", "text": "\"yourUser\""}, "loc": ["services", "syncthing", "user"], "readOnly": false, "type": "string"}, "services.synergy.client.autoStart": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the Synergy client should be started automatically.", "loc": ["services", "synergy", "client", "autoStart"], "readOnly": false, "type": "boolean"}, "services.synergy.client.enable": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "synergy", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.synergy.client.screenName": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Use the given name instead of the hostname to identify\nourselves to the server.\n", "loc": ["services", "synergy", "client", "screenName"], "readOnly": false, "type": "string"}, "services.synergy.client.serverAddress": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "description": "The server address is of the form: [hostname][:port].  The\nhostname must be the address or hostname of the server.  The\nport overrides the default port, 24800.\n", "loc": ["services", "synergy", "client", "serverAddress"], "readOnly": false, "type": "string"}, "services.synergy.server.address": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address on which to listen for clients.", "loc": ["services", "synergy", "server", "address"], "readOnly": false, "type": "string"}, "services.synergy.server.autoStart": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the Synergy server should be started automatically.", "loc": ["services", "synergy", "server", "autoStart"], "readOnly": false, "type": "boolean"}, "services.synergy.server.configFile": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/synergy-server.conf\""}, "description": "The Synergy server configuration file.", "loc": ["services", "synergy", "server", "configFile"], "readOnly": false, "type": "absolute path"}, "services.synergy.server.enable": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Synergy server (send keyboard and mouse events).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "synergy", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.synergy.server.screenName": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Use the given name instead of the hostname to identify\nthis screen in the configuration.\n", "loc": ["services", "synergy", "server", "screenName"], "readOnly": false, "type": "string"}, "services.synergy.server.tls.cert": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The TLS certificate to use for encryption.", "example": {"_type": "literalExpression", "text": "\"~/.synergy/SSL/Synergy.pem\""}, "loc": ["services", "synergy", "server", "tls", "cert"], "readOnly": false, "type": "null or string"}, "services.synergy.server.tls.enable": {"declarations": ["nixos/modules/services/misc/synergy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether TLS encryption should be used.\n\nUsing this requires a TLS certificate that can be\ngenerated by starting the Synergy GUI once and entering\na valid product key.\n", "loc": ["services", "synergy", "server", "tls", "enable"], "readOnly": false, "type": "boolean"}, "services.syslog-ng.configHeader": {"declarations": ["nixos/modules/services/logging/syslog-ng.nix"], "default": {"_type": "literalExpression", "text": "''\n  @version: 4.4\n  @include \"scl.conf\"\n''"}, "description": "The very first lines of the configuration file. Should usually contain\nthe syslog-ng version header.\n", "loc": ["services", "syslog-ng", "configHeader"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.syslog-ng.enable": {"declarations": ["nixos/modules/services/logging/syslog-ng.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the syslog-ng daemon.\n", "loc": ["services", "syslog-ng", "enable"], "readOnly": false, "type": "boolean"}, "services.syslog-ng.extraConfig": {"declarations": ["nixos/modules/services/logging/syslog-ng.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration added to the end of `syslog-ng.conf`.\n", "loc": ["services", "syslog-ng", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.syslog-ng.extraModulePaths": {"declarations": ["nixos/modules/services/logging/syslog-ng.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths that should be included in syslog-ng's\n`--module-path` option. They should usually\nend in `/lib/syslog-ng`\n", "loc": ["services", "syslog-ng", "extraModulePaths"], "readOnly": false, "type": "list of string"}, "services.syslog-ng.package": {"declarations": ["nixos/modules/services/logging/syslog-ng.nix"], "default": {"_type": "literalExpression", "text": "pkgs.syslogng"}, "description": "The syslogng package to use.", "loc": ["services", "syslog-ng", "package"], "readOnly": false, "type": "package"}, "services.syslogd.defaultConfig": {"declarations": ["nixos/modules/services/logging/syslogd.nix"], "default": {"_type": "literalExpression", "text": "''\n  # Send emergency messages to all users.\n  *.emerg                       *\n  \n  # \"local1\" is used for dhcpd messages.\n  local1.*                     -/var/log/dhcpd\n  \n  mail.*                       -/var/log/mail\n  \n  *.=warning;*.=err            -/var/log/warn\n  *.crit                        /var/log/warn\n  \n  *.*;mail.none;local1.none    -/var/log/messages\n''"}, "description": "The default {file}`syslog.conf` file configures a\nfairly standard setup of log files, which can be extended by\nmeans of {var}`extraConfig`.\n", "loc": ["services", "syslogd", "defaultConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.syslogd.enable": {"declarations": ["nixos/modules/services/logging/syslogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable syslogd.  Note that systemd also logs\nsyslog messages, so you normally don't need to run syslogd.\n", "loc": ["services", "syslogd", "enable"], "readOnly": false, "type": "boolean"}, "services.syslogd.enableNetworkInput": {"declarations": ["nixos/modules/services/logging/syslogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Accept logging through UDP. Option -r of {manpage}`syslogd(8)`.\n", "loc": ["services", "syslogd", "enableNetworkInput"], "readOnly": false, "type": "boolean"}, "services.syslogd.extraConfig": {"declarations": ["nixos/modules/services/logging/syslogd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional text appended to {file}`syslog.conf`,\ni.e. the contents of {var}`defaultConfig`.\n", "example": {"_type": "literalExpression", "text": "\"news.* -/var/log/news\""}, "loc": ["services", "syslogd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.syslogd.extraParams": {"declarations": ["nixos/modules/services/logging/syslogd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional parameters passed to {command}`syslogd`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-m 0\"\n]"}, "loc": ["services", "syslogd", "extraParams"], "readOnly": false, "type": "list of string"}, "services.syslogd.tty": {"declarations": ["nixos/modules/services/logging/syslogd.nix"], "default": {"_type": "literalExpression", "text": "\"tty10\""}, "description": "The tty device on which syslogd will print important log\nmessages. Leave this option blank to disable tty logging.\n", "loc": ["services", "syslogd", "tty"], "readOnly": false, "type": "string"}, "services.sysprof.enable": {"declarations": ["nixos/modules/services/misc/sysprof.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sysprof profiling daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sysprof", "enable"], "readOnly": false, "type": "boolean"}, "services.sysstat.collect-args": {"declarations": ["nixos/modules/services/monitoring/sysstat.nix"], "default": {"_type": "literalExpression", "text": "\"1 1\""}, "description": "Arguments to pass sa1 when collecting statistics\n", "loc": ["services", "sysstat", "collect-args"], "readOnly": false, "type": "string"}, "services.sysstat.collect-frequency": {"declarations": ["nixos/modules/services/monitoring/sysstat.nix"], "default": {"_type": "literalExpression", "text": "\"*:00/10\""}, "description": "OnCalendar specification for sysstat-collect\n", "loc": ["services", "sysstat", "collect-frequency"], "readOnly": false, "type": "string"}, "services.sysstat.enable": {"declarations": ["nixos/modules/services/monitoring/sysstat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sar system activity collection.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sysstat", "enable"], "readOnly": false, "type": "boolean"}, "services.system-config-printer.enable": {"declarations": ["nixos/modules/services/desktops/system-config-printer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable system-config-printer, a service for CUPS administration used by printing interfaces.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "system-config-printer", "enable"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.assignments": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Process profile assignments.", "example": {"_type": "literalExpression", "text": "{\n  nix-builds = {\n    nice = 15;\n    class = \"batch\";\n    ioClass = \"idle\";\n    matchers = [\n      \"nix-daemon\"\n    ];\n  };\n}\n"}, "loc": ["services", "system76-scheduler", "assignments"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.system76-scheduler.assignments.<name>.class": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler class.", "example": {"_type": "literalExpression", "text": "\"batch\""}, "loc": ["services", "system76-scheduler", "assignments", "<name>", "class"], "readOnly": false, "type": "null or one of \"idle\", \"batch\", \"other\", \"rr\", \"fifo\""}, "services.system76-scheduler.assignments.<name>.ioClass": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IO scheduler class.", "example": {"_type": "literalExpression", "text": "\"best-effort\""}, "loc": ["services", "system76-scheduler", "assignments", "<name>", "ioClass"], "readOnly": false, "type": "null or one of \"idle\", \"best-effort\", \"realtime\""}, "services.system76-scheduler.assignments.<name>.ioPrio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IO scheduler priority.", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "system76-scheduler", "assignments", "<name>", "ioPrio"], "readOnly": false, "type": "null or integer between 0 and 7 (both inclusive)"}, "services.system76-scheduler.assignments.<name>.matchers": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Process matchers.", "example": {"_type": "literalExpression", "text": "[\n  \"include cgroup=\\\"/user.slice/*.service\\\" parent=\\\"systemd\\\"\"\n  \"emacs\"\n]\n"}, "loc": ["services", "system76-scheduler", "assignments", "<name>", "matchers"], "readOnly": false, "type": "null or (list of string)"}, "services.system76-scheduler.assignments.<name>.nice": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Niceness.", "loc": ["services", "system76-scheduler", "assignments", "<name>", "nice"], "readOnly": false, "type": "null or integer between -20 and 19 (both inclusive)"}, "services.system76-scheduler.assignments.<name>.prio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler priority.", "example": {"_type": "literalExpression", "text": "49"}, "loc": ["services", "system76-scheduler", "assignments", "<name>", "prio"], "readOnly": false, "type": "null or integer between 1 and 99 (both inclusive)"}, "services.system76-scheduler.enable": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable system76-scheduler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "system76-scheduler", "enable"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.exceptions": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Processes that are left alone.", "example": {"_type": "literalExpression", "text": "[\n  \"include descends=\\\"schedtool\\\"\"\n  \"schedtool\"\n]\n"}, "loc": ["services", "system76-scheduler", "exceptions"], "readOnly": false, "type": "list of string"}, "services.system76-scheduler.package": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "pkgs.system76-scheduler"}, "description": "Which System76-Scheduler package to use.", "loc": ["services", "system76-scheduler", "package"], "readOnly": false, "type": "package"}, "services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "`sched_cfs_bandwidth_slice_us`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "default", "bandwidth-size"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.cfsProfiles.default.latency": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "`sched_latency_ns`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "default", "latency"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.cfsProfiles.default.nr-latency": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "`sched_nr_latency`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "default", "nr-latency"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.cfsProfiles.default.preempt": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"voluntary\""}, "description": "Preemption mode.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "default", "preempt"], "readOnly": false, "type": "one of \"none\", \"voluntary\", \"full\""}, "services.system76-scheduler.settings.cfsProfiles.default.wakeup-granularity": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "`sched_wakeup_granularity_ns`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "default", "wakeup-granularity"], "readOnly": false, "type": "floating point number"}, "services.system76-scheduler.settings.cfsProfiles.enable": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Tweak CFS latency parameters when going on/off battery", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "enable"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.settings.cfsProfiles.responsive.bandwidth-size": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "`sched_cfs_bandwidth_slice_us`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "responsive", "bandwidth-size"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.cfsProfiles.responsive.latency": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "`sched_latency_ns`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "responsive", "latency"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.cfsProfiles.responsive.nr-latency": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "`sched_nr_latency`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "responsive", "nr-latency"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.cfsProfiles.responsive.preempt": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"full\""}, "description": "Preemption mode.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "responsive", "preempt"], "readOnly": false, "type": "one of \"none\", \"voluntary\", \"full\""}, "services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "0.5"}, "description": "`sched_wakeup_granularity_ns`.", "loc": ["services", "system76-scheduler", "settings", "cfsProfiles", "responsive", "wakeup-granularity"], "readOnly": false, "type": "floating point number"}, "services.system76-scheduler.settings.processScheduler.enable": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Tweak scheduling of individual processes in real time.", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "enable"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.background.class": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler class.", "example": {"_type": "literalExpression", "text": "\"batch\""}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "background", "class"], "readOnly": false, "type": "null or one of \"idle\", \"batch\", \"other\", \"rr\", \"fifo\""}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.background.ioClass": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"idle\""}, "description": "IO scheduler class.", "example": {"_type": "literalExpression", "text": "\"best-effort\""}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "background", "ioClass"], "readOnly": false, "type": "null or one of \"idle\", \"best-effort\", \"realtime\""}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.background.ioPrio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IO scheduler priority.", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "background", "ioPrio"], "readOnly": false, "type": "null or integer between 0 and 7 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.background.matchers": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Process matchers.", "example": {"_type": "literalExpression", "text": "[\n  \"include cgroup=\\\"/user.slice/*.service\\\" parent=\\\"systemd\\\"\"\n  \"emacs\"\n]\n"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "background", "matchers"], "readOnly": false, "type": "null or (list of string)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.background.nice": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "6"}, "description": "Niceness.", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "background", "nice"], "readOnly": false, "type": "null or integer between -20 and 19 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.background.prio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler priority.", "example": {"_type": "literalExpression", "text": "49"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "background", "prio"], "readOnly": false, "type": "null or integer between 1 and 99 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.enable": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Boost foreground process priorities.\n\n(And de-boost background ones).  Note that this option needs cooperation\nfrom the desktop environment to work.  On Gnome the client side is\nimplemented by the \"System76 Scheduler\" shell extension.\n", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "enable"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.class": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler class.", "example": {"_type": "literalExpression", "text": "\"batch\""}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "foreground", "class"], "readOnly": false, "type": "null or one of \"idle\", \"batch\", \"other\", \"rr\", \"fifo\""}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.ioClass": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"best-effort\""}, "description": "IO scheduler class.", "example": {"_type": "literalExpression", "text": "\"best-effort\""}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "foreground", "ioClass"], "readOnly": false, "type": "null or one of \"idle\", \"best-effort\", \"realtime\""}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.ioPrio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "IO scheduler priority.", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "foreground", "ioPrio"], "readOnly": false, "type": "null or integer between 0 and 7 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.matchers": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Process matchers.", "example": {"_type": "literalExpression", "text": "[\n  \"include cgroup=\\\"/user.slice/*.service\\\" parent=\\\"systemd\\\"\"\n  \"emacs\"\n]\n"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "foreground", "matchers"], "readOnly": false, "type": "null or (list of string)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.nice": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Niceness.", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "foreground", "nice"], "readOnly": false, "type": "null or integer between -20 and 19 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.prio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler priority.", "example": {"_type": "literalExpression", "text": "49"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "foregroundBoost", "foreground", "prio"], "readOnly": false, "type": "null or integer between 1 and 99 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.enable": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Boost Pipewire client priorities.", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "enable"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.class": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler class.", "example": {"_type": "literalExpression", "text": "\"batch\""}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "profile", "class"], "readOnly": false, "type": "null or one of \"idle\", \"batch\", \"other\", \"rr\", \"fifo\""}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioClass": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"best-effort\""}, "description": "IO scheduler class.", "example": {"_type": "literalExpression", "text": "\"best-effort\""}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "profile", "ioClass"], "readOnly": false, "type": "null or one of \"idle\", \"best-effort\", \"realtime\""}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioPrio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "IO scheduler priority.", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "profile", "ioPrio"], "readOnly": false, "type": "null or integer between 0 and 7 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.matchers": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Process matchers.", "example": {"_type": "literalExpression", "text": "[\n  \"include cgroup=\\\"/user.slice/*.service\\\" parent=\\\"systemd\\\"\"\n  \"emacs\"\n]\n"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "profile", "matchers"], "readOnly": false, "type": "null or (list of string)"}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.nice": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "-6"}, "description": "Niceness.", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "profile", "nice"], "readOnly": false, "type": "null or integer between -20 and 19 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.prio": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CPU scheduler priority.", "example": {"_type": "literalExpression", "text": "49"}, "loc": ["services", "system76-scheduler", "settings", "processScheduler", "pipewireBoost", "profile", "prio"], "readOnly": false, "type": "null or integer between 1 and 99 (both inclusive)"}, "services.system76-scheduler.settings.processScheduler.refreshInterval": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Process list poll interval, in seconds", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "refreshInterval"], "readOnly": false, "type": "signed integer"}, "services.system76-scheduler.settings.processScheduler.useExecsnoop": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use execsnoop (otherwise poll the precess list periodically).", "loc": ["services", "system76-scheduler", "settings", "processScheduler", "useExecsnoop"], "readOnly": false, "type": "boolean"}, "services.system76-scheduler.useStockConfig": {"declarations": ["nixos/modules/services/desktops/system76-scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use the (reasonable and featureful) stock configuration.\n\nWhen this option is `true`, `services.system76-scheduler.settings`\nare ignored.\n", "loc": ["services", "system76-scheduler", "useStockConfig"], "readOnly": false, "type": "boolean"}, "services.systembus-notify.enable": {"declarations": ["nixos/modules/services/system/systembus-notify.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable System bus notification support\n\nWARNING: enabling this option (while convenient) should *not* be done on a\nmachine where you do not trust the other users as it allows any other\nlocal user to DoS your session by spamming notifications\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "systembus-notify", "enable"], "readOnly": false, "type": "boolean"}, "services.systemd-lock-handler.enable": {"declarations": ["nixos/modules/services/system/systemd-lock-handler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable systemd-lock-handler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "systemd-lock-handler", "enable"], "readOnly": false, "type": "boolean"}, "services.systemd-lock-handler.package": {"declarations": ["nixos/modules/services/system/systemd-lock-handler.nix"], "default": {"_type": "literalExpression", "text": "pkgs.systemd-lock-handler"}, "description": "The systemd-lock-handler package to use.", "loc": ["services", "systemd-lock-handler", "package"], "readOnly": false, "type": "package"}, "services.szurubooru.client.package": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "pkgs.szurubooru.client"}, "description": "The client package to use.", "loc": ["services", "szurubooru", "client", "package"], "readOnly": false, "type": "package"}, "services.szurubooru.dataDir": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/szurubooru\""}, "description": "The path to the data directory in which Szurubooru will store its data.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/szuru\""}, "loc": ["services", "szurubooru", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.szurubooru.database.host": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Host on which the PostgreSQL database runs.", "example": {"_type": "literalExpression", "text": "\"192.168.1.2\""}, "loc": ["services", "szurubooru", "database", "host"], "readOnly": false, "type": "string"}, "services.szurubooru.database.name": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "szurubooru.database.name"}, "description": "Name of the PostgreSQL database.", "example": {"_type": "literalExpression", "text": "\"szuru\""}, "loc": ["services", "szurubooru", "database", "name"], "readOnly": false, "type": "string"}, "services.szurubooru.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "description": "A file containing the password for the PostgreSQL user.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/szurubooru-db-password\""}, "loc": ["services", "szurubooru", "database", "passwordFile"], "readOnly": false, "type": "absolute path"}, "services.szurubooru.database.port": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "5432"}, "description": "The port under which PostgreSQL listens to.", "loc": ["services", "szurubooru", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.szurubooru.database.user": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"szurubooru\""}, "description": "PostgreSQL user.", "example": {"_type": "literalExpression", "text": "\"szuru\""}, "loc": ["services", "szurubooru", "database", "user"], "readOnly": false, "type": "string"}, "services.szurubooru.enable": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Szurubooru, an image board engine dedicated for small and medium communities.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "szurubooru", "enable"], "readOnly": false, "type": "boolean"}, "services.szurubooru.group": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"szurubooru\""}, "description": "Group under which Szurubooru runs.\n", "loc": ["services", "szurubooru", "group"], "readOnly": false, "type": "string"}, "services.szurubooru.openFirewall": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.szurubooru.server.port`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "szurubooru", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.szurubooru.server.host": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address for Szurubooru to bind to.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "szurubooru", "server", "host"], "readOnly": false, "type": "string"}, "services.szurubooru.server.package": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "pkgs.szurubooru.server"}, "description": "The server package to use.", "loc": ["services", "szurubooru", "server", "package"], "readOnly": false, "type": "package"}, "services.szurubooru.server.port": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Port to expose HTTP service.\n", "example": {"_type": "literalExpression", "text": "9000"}, "loc": ["services", "szurubooru", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.szurubooru.server.settings": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "description": "Configuration to write to {file}`config.yaml`.\nSee <https://github.com/rr-/szurubooru/blob/master/server/config.yaml.dist> for more information.\n", "loc": ["services", "szurubooru", "server", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.szurubooru.server.settings.data_dir": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"${services.szurubooru.dataDir}/data\""}, "description": "Path to the static files.", "example": {"_type": "literalExpression", "text": "\"/srv/szurubooru/data\""}, "loc": ["services", "szurubooru", "server", "settings", "data_dir"], "readOnly": false, "type": "absolute path"}, "services.szurubooru.server.settings.data_url": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"${services.szurubooru.server.settings.domain}/data/\""}, "description": "Full URL to the data endpoint.", "example": {"_type": "literalExpression", "text": "\"http://example.com/content/\""}, "loc": ["services", "szurubooru", "server", "settings", "data_url"], "readOnly": false, "type": "string"}, "services.szurubooru.server.settings.debug": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Whether to generate server logs.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "szurubooru", "server", "settings", "debug"], "readOnly": false, "type": "signed integer"}, "services.szurubooru.server.settings.delete_source_files": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Whether to delete thumbnails and source files on post delete.", "example": {"_type": "literalExpression", "text": "\"yes\""}, "loc": ["services", "szurubooru", "server", "settings", "delete_source_files"], "readOnly": false, "type": "one of \"yes\", \"no\""}, "services.szurubooru.server.settings.domain": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "description": "Full URL to the homepage of this szurubooru site (with no trailing slash).", "example": {"_type": "literalExpression", "text": "\"http://example.com\""}, "loc": ["services", "szurubooru", "server", "settings", "domain"], "readOnly": false, "type": "string"}, "services.szurubooru.server.settings.name": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"szurubooru\""}, "description": "Name shown in the website title and on the front page.", "example": {"_type": "literalExpression", "text": "\"Szuru\""}, "loc": ["services", "szurubooru", "server", "settings", "name"], "readOnly": false, "type": "string"}, "services.szurubooru.server.settings.secretFile": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "description": "File containing a secret used to salt the users' password hashes and generate filenames for static content.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/szurubooru-server-secret\""}, "loc": ["services", "szurubooru", "server", "settings", "secretFile"], "readOnly": false, "type": "absolute path"}, "services.szurubooru.server.settings.show_sql": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Whether to show SQL in server logs.", "example": {"_type": "literalExpression", "text": "1"}, "loc": ["services", "szurubooru", "server", "settings", "show_sql"], "readOnly": false, "type": "signed integer"}, "services.szurubooru.server.settings.smtp.host": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host of the SMTP server used to send reset password.", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["services", "szurubooru", "server", "settings", "smtp", "host"], "readOnly": false, "type": "null or string"}, "services.szurubooru.server.settings.smtp.passFile": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password associated to the given user for the SMTP server.", "example": {"_type": "literalExpression", "text": "\"/run/secrets/szurubooru-smtp-pass\""}, "loc": ["services", "szurubooru", "server", "settings", "smtp", "passFile"], "readOnly": false, "type": "null or absolute path"}, "services.szurubooru.server.settings.smtp.port": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port of the SMTP server.", "example": {"_type": "literalExpression", "text": "25"}, "loc": ["services", "szurubooru", "server", "settings", "smtp", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.szurubooru.server.settings.smtp.user": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User to connect to the SMTP server.", "example": {"_type": "literalExpression", "text": "\"bot\""}, "loc": ["services", "szurubooru", "server", "settings", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.szurubooru.server.threads": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Number of waitress threads to start.", "example": {"_type": "literalExpression", "text": "6"}, "loc": ["services", "szurubooru", "server", "threads"], "readOnly": false, "type": "signed integer"}, "services.szurubooru.user": {"declarations": ["nixos/modules/services/web-apps/szurubooru.nix"], "default": {"_type": "literalExpression", "text": "\"szurubooru\""}, "description": "User account under which Szurubooru runs.\n", "loc": ["services", "szurubooru", "user"], "readOnly": false, "type": "string"}, "services.tabby.acceleration": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the device to use for hardware acceleration.\n\n-   `cpu`: no acceleration just use the CPU\n-  `rocm`: supported by modern AMD GPUs\n-  `cuda`: supported by modern NVIDIA GPUs\n- `metal`: supported on darwin aarch64 machines\n\nTabby will try and determine what type of acceleration that is\nalready enabled in your configuration when `acceleration = null`.\n\n- nixpkgs.config.cudaSupport\n- nixpkgs.config.rocmSupport\n- if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64\n\nIFF multiple acceleration methods are found to be enabled or if you\nhaven't set either `cudaSupport or rocmSupport` you will have to\nspecify the device type manually here otherwise it will default to\nthe first from the list above or to cpu.\n", "example": {"_type": "literalExpression", "text": "\"rocm\""}, "loc": ["services", "tabby", "acceleration"], "readOnly": false, "type": "null or one of \"cpu\", \"rocm\", \"cuda\", \"metal\""}, "services.tabby.enable": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Self-hosted AI coding assistant using large language models.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tabby", "enable"], "readOnly": false, "type": "boolean"}, "services.tabby.host": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Specifies the hostname on which the tabby server HTTP interface listens.\n", "loc": ["services", "tabby", "host"], "readOnly": false, "type": "string"}, "services.tabby.model": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "\"TabbyML/StarCoder-1B\""}, "description": "Specify the model that tabby will use to generate completions.\n\nThis model will be downloaded automatically if it is not already present.\n\nIf you want to utilize an existing model that you've already\ndownloaded you'll need to move it into tabby's state directory which\nlives in `/var/lib/tabby`. Because the tabby.service is configured to\nuse a DynamicUser the service will need to have been started at least\nonce before you can move the locally existing model into\n`/var/lib/tabby`. You can set the model to 'none' and tabby will\nstartup and fail to download a model, but will have created the\n`/var/lib/tabby` directory. You can then copy over the model manually\ninto `/var/lib/tabby`, update the model option to the name you just\ndownloaded and copied over then `nixos-rebuild switch` to start using\nit.\n\n$ tabby download --model TabbyML/DeepseekCoder-6.7B\n$ find ~/.tabby/ | tail -n1\n/home/ghthor/.tabby/models/TabbyML/DeepseekCoder-6.7B/ggml/q8_0.v2.gguf\n$ sudo rsync -r ~/.tabby/models/ /var/lib/tabby/models/\n$ sudo chown -R tabby:tabby /var/lib/tabby/models/\n\nSee for Model Options:\n> <https://github.com/TabbyML/registry-tabby>\n", "loc": ["services", "tabby", "model"], "readOnly": false, "type": "string"}, "services.tabby.package": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tabby"}, "description": "The tabby package to use.", "loc": ["services", "tabby", "package"], "readOnly": false, "type": "package"}, "services.tabby.port": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "11029"}, "description": "Specifies the bind port on which the tabby server HTTP interface listens.\n", "loc": ["services", "tabby", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tabby.usageCollection": {"declarations": ["nixos/modules/services/misc/tabby.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable sending anonymous usage data.\n\nSee for more details:\n> <https://tabby.tabbyml.com/docs/configuration#usage-collection>\n", "loc": ["services", "tabby", "usageCollection"], "readOnly": false, "type": "boolean"}, "services.tahoe.introducers": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The Tahoe introducers.\n", "loc": ["services", "tahoe", "introducers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tahoe.introducers.<name>.nickname": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "description": "The nickname of this Tahoe introducer.\n", "loc": ["services", "tahoe", "introducers", "<name>", "nickname"], "readOnly": false, "type": "string"}, "services.tahoe.introducers.<name>.package": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tahoelafs"}, "description": "The tahoelafs package to use.", "loc": ["services", "tahoe", "introducers", "<name>", "package"], "readOnly": false, "type": "package"}, "services.tahoe.introducers.<name>.tub.location": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The external location that the introducer should listen on.\n\nIf specified, the port should be included.\n", "loc": ["services", "tahoe", "introducers", "<name>", "tub", "location"], "readOnly": false, "type": "null or string"}, "services.tahoe.introducers.<name>.tub.port": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "3458"}, "description": "The port on which the introducer will listen.\n", "loc": ["services", "tahoe", "introducers", "<name>", "tub", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tahoe.nodes": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The Tahoe nodes.\n", "loc": ["services", "tahoe", "nodes"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tahoe.nodes.<name>.client.helper": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The furl for a Tahoe helper node.\n\nLike all furls, keep this safe and don't share it.\n", "loc": ["services", "tahoe", "nodes", "<name>", "client", "helper"], "readOnly": false, "type": "null or string"}, "services.tahoe.nodes.<name>.client.introducer": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The furl for a Tahoe introducer node.\n\nLike all furls, keep this safe and don't share it.\n", "loc": ["services", "tahoe", "nodes", "<name>", "client", "introducer"], "readOnly": false, "type": "null or string"}, "services.tahoe.nodes.<name>.client.shares.happy": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "7"}, "description": "The number of distinct storage nodes required to store\na file.\n", "loc": ["services", "tahoe", "nodes", "<name>", "client", "shares", "happy"], "readOnly": false, "type": "signed integer"}, "services.tahoe.nodes.<name>.client.shares.needed": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "The number of shares required to reconstitute a file.\n", "loc": ["services", "tahoe", "nodes", "<name>", "client", "shares", "needed"], "readOnly": false, "type": "signed integer"}, "services.tahoe.nodes.<name>.client.shares.total": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "The number of shares required to store a file.\n", "loc": ["services", "tahoe", "nodes", "<name>", "client", "shares", "total"], "readOnly": false, "type": "signed integer"}, "services.tahoe.nodes.<name>.helper.enable": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable helper service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tahoe", "nodes", "<name>", "helper", "enable"], "readOnly": false, "type": "boolean"}, "services.tahoe.nodes.<name>.nickname": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "description": "The nickname of this Tahoe node.\n", "loc": ["services", "tahoe", "nodes", "<name>", "nickname"], "readOnly": false, "type": "string"}, "services.tahoe.nodes.<name>.package": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tahoelafs"}, "description": "The tahoelafs package to use.", "loc": ["services", "tahoe", "nodes", "<name>", "package"], "readOnly": false, "type": "package"}, "services.tahoe.nodes.<name>.sftpd.accounts.file": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the accounts file.\n", "loc": ["services", "tahoe", "nodes", "<name>", "sftpd", "accounts", "file"], "readOnly": false, "type": "null or absolute path"}, "services.tahoe.nodes.<name>.sftpd.accounts.url": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the accounts server.\n", "loc": ["services", "tahoe", "nodes", "<name>", "sftpd", "accounts", "url"], "readOnly": false, "type": "null or string"}, "services.tahoe.nodes.<name>.sftpd.enable": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SFTP service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tahoe", "nodes", "<name>", "sftpd", "enable"], "readOnly": false, "type": "boolean"}, "services.tahoe.nodes.<name>.sftpd.hostPrivateKeyFile": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the SSH host private key.\n", "loc": ["services", "tahoe", "nodes", "<name>", "sftpd", "hostPrivateKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the SSH host public key.\n", "loc": ["services", "tahoe", "nodes", "<name>", "sftpd", "hostPublicKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.tahoe.nodes.<name>.sftpd.port": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port on which the SFTP server will listen.\n\nThis is the correct setting to tweak if you want Tahoe's SFTP\ndaemon to listen on a different port.\n", "loc": ["services", "tahoe", "nodes", "<name>", "sftpd", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tahoe.nodes.<name>.storage.enable": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable storage service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tahoe", "nodes", "<name>", "storage", "enable"], "readOnly": false, "type": "boolean"}, "services.tahoe.nodes.<name>.storage.reservedSpace": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "\"1G\""}, "description": "The amount of filesystem space to not use for storage.\n", "loc": ["services", "tahoe", "nodes", "<name>", "storage", "reservedSpace"], "readOnly": false, "type": "string"}, "services.tahoe.nodes.<name>.tub.location": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The external location that the node should listen on.\n\nThis is the setting to tweak if there are multiple interfaces\nand you want to alter which interface Tahoe is advertising.\n\nIf specified, the port should be included.\n", "loc": ["services", "tahoe", "nodes", "<name>", "tub", "location"], "readOnly": false, "type": "null or string"}, "services.tahoe.nodes.<name>.tub.port": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "3457"}, "description": "The port on which the tub will listen.\n\nThis is the correct setting to tweak if you want Tahoe's storage\nsystem to listen on a different port.\n", "loc": ["services", "tahoe", "nodes", "<name>", "tub", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tahoe.nodes.<name>.web.port": {"declarations": ["nixos/modules/services/network-filesystems/tahoe.nix"], "default": {"_type": "literalExpression", "text": "3456"}, "description": "The port on which the Web server will listen.\n\nThis is the correct setting to tweak if you want Tahoe's WUI to\nlisten on a different port.\n", "loc": ["services", "tahoe", "nodes", "<name>", "web", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tailscale.authKeyFile": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the auth key.\nTailscale will be automatically started if provided.\n\nServices that bind to Tailscale IPs should order using {option}`systemd.services.<name>.after` `tailscaled-autoconnect.service`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/tailscale_key\""}, "loc": ["services", "tailscale", "authKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.tailscale.authKeyParameters": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra parameters to pass after the auth key.\nSee <https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials>\n", "loc": ["services", "tailscale", "authKeyParameters"], "readOnly": false, "type": "submodule"}, "services.tailscale.authKeyParameters.baseURL": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base URL for the Tailscale API.", "loc": ["services", "tailscale", "authKeyParameters", "baseURL"], "readOnly": false, "type": "null or string"}, "services.tailscale.authKeyParameters.ephemeral": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to register as an ephemeral node.", "loc": ["services", "tailscale", "authKeyParameters", "ephemeral"], "readOnly": false, "type": "null or boolean"}, "services.tailscale.authKeyParameters.preauthorized": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to skip manual device approval.", "loc": ["services", "tailscale", "authKeyParameters", "preauthorized"], "readOnly": false, "type": "null or boolean"}, "services.tailscale.derper.configureNginx": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable nginx reverse proxy for derper.\nWhen enabled, nginx will proxy requests to the derper service.\n", "loc": ["services", "tailscale", "derper", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.tailscale.derper.domain": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "description": "Domain name under which the derper server is reachable.", "loc": ["services", "tailscale", "derper", "domain"], "readOnly": false, "type": "string"}, "services.tailscale.derper.enable": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tailscale Derper. See upstream doc <https://tailscale.com/kb/1118/custom-derp-servers> how to configure it on clients.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tailscale", "derper", "enable"], "readOnly": false, "type": "boolean"}, "services.tailscale.derper.openFirewall": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to open the firewall for the specified port.\nDerper requires the used ports to be opened, otherwise it doesn't work as expected.\n", "loc": ["services", "tailscale", "derper", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.tailscale.derper.package": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tailscale.derper"}, "description": "The derper package to use.", "loc": ["services", "tailscale", "derper", "package"], "readOnly": false, "type": "package"}, "services.tailscale.derper.port": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "8010"}, "description": "The port the derper process will listen on. This is not the port tailscale will connect to.", "loc": ["services", "tailscale", "derper", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tailscale.derper.stunPort": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "3478"}, "description": "STUN port to listen on.\nSee online docs <https://tailscale.com/kb/1118/custom-derp-servers#prerequisites> on how to configure a different external port.\n", "loc": ["services", "tailscale", "derper", "stunPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tailscale.derper.verifyClients": {"declarations": ["nixos/modules/services/networking/tailscale-derper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to verify clients against a locally running tailscale daemon if they are allowed to connect to this node or not.\n", "loc": ["services", "tailscale", "derper", "verifyClients"], "readOnly": false, "type": "boolean"}, "services.tailscale.disableTaildrop": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the Taildrop feature for sending files between nodes.", "loc": ["services", "tailscale", "disableTaildrop"], "readOnly": false, "type": "boolean"}, "services.tailscale.disableUpstreamLogging": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable Tailscaled from sending debug logging upstream.", "loc": ["services", "tailscale", "disableUpstreamLogging"], "readOnly": false, "type": "boolean"}, "services.tailscale.enable": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tailscale client daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tailscale", "enable"], "readOnly": false, "type": "boolean"}, "services.tailscale.extraDaemonFlags": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to {command}`tailscaled`.", "example": {"_type": "literalExpression", "text": "[\n  \"--no-logs-no-support\"\n]"}, "loc": ["services", "tailscale", "extraDaemonFlags"], "readOnly": false, "type": "list of string"}, "services.tailscale.extraSetFlags": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to {command}`tailscale set`.", "example": {"_type": "literalExpression", "text": "[\n  \"--advertise-exit-node\"\n]"}, "loc": ["services", "tailscale", "extraSetFlags"], "readOnly": false, "type": "list of string"}, "services.tailscale.extraUpFlags": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to {command}`tailscale up`. Only applied if {option}`services.tailscale.authKeyFile` is specified.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--ssh\"\n]"}, "loc": ["services", "tailscale", "extraUpFlags"], "readOnly": false, "type": "list of string"}, "services.tailscale.interfaceName": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "\"tailscale0\""}, "description": "The interface name for tunnel traffic. Use \"userspace-networking\" (beta) to not use TUN.", "loc": ["services", "tailscale", "interfaceName"], "readOnly": false, "type": "string"}, "services.tailscale.openFirewall": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified port.", "loc": ["services", "tailscale", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.tailscale.package": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tailscale"}, "description": "The tailscale package to use.", "loc": ["services", "tailscale", "package"], "readOnly": false, "type": "package"}, "services.tailscale.permitCertUid": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.", "loc": ["services", "tailscale", "permitCertUid"], "readOnly": false, "type": "null or non-empty string"}, "services.tailscale.port": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "41641"}, "description": "The port to listen on for tunnel traffic (0=autoselect).", "loc": ["services", "tailscale", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tailscale.serve.configFile": {"declarations": ["nixos/modules/services/networking/tailscale-serve.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a Tailscale Serve configuration file in JSON format.\nIf set, this takes precedence over {option}`services.tailscale.serve.services`.\n\nSee <https://tailscale.com/kb/1589/tailscale-services-configuration-file> for the configuration format.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/tailscale-serve.json\""}, "loc": ["services", "tailscale", "serve", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.tailscale.serve.enable": {"declarations": ["nixos/modules/services/networking/tailscale-serve.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tailscale Serve configuration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tailscale", "serve", "enable"], "readOnly": false, "type": "boolean"}, "services.tailscale.serve.services": {"declarations": ["nixos/modules/services/networking/tailscale-serve.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Services to configure for Tailscale Serve.\n\nEach attribute name should be the service name (without the `svc:` prefix).\nThe `svc:` prefix will be added automatically.\n\nSee <https://tailscale.com/kb/1589/tailscale-services-configuration-file> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  web-server = {\n    endpoints = {\n      \"tcp:443\" = \"https://localhost:443\";\n    };\n  };\n  api = {\n    endpoints = {\n      \"tcp:8080\" = \"http://localhost:8080\";\n    };\n    advertised = true;\n  };\n}\n"}, "loc": ["services", "tailscale", "serve", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tailscale.serve.services.<name>.advertised": {"declarations": ["nixos/modules/services/networking/tailscale-serve.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether the service should accept new connections.\nDefaults to `true` when not specified.\n", "loc": ["services", "tailscale", "serve", "services", "<name>", "advertised"], "readOnly": false, "type": "null or boolean"}, "services.tailscale.serve.services.<name>.endpoints": {"declarations": ["nixos/modules/services/networking/tailscale-serve.nix"], "description": "Map of incoming traffic patterns to local targets.\n\nKeys should be in the format `<protocol>:<port>` or `<protocol>:<port-range>`.\nCurrently only `tcp` protocol is supported.\n\nValues should be in the format `<protocol>://<host:port>` where protocol\nis `http`, `https`, or `tcp`.\n", "example": {"_type": "literalExpression", "text": "{\n  \"tcp:443\" = \"https://localhost:443\";\n  \"tcp:8080\" = \"http://localhost:8080\";\n}"}, "loc": ["services", "tailscale", "serve", "services", "<name>", "endpoints"], "readOnly": false, "type": "attribute set of string"}, "services.tailscale.useRoutingFeatures": {"declarations": ["nixos/modules/services/networking/tailscale.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "Enables settings required for Tailscale's routing features like subnet routers and exit nodes.\n\nTo use these these features, you will still need to call `sudo tailscale up` with the relevant flags like `--advertise-exit-node` and `--exit-node`.\n\nWhen set to `client` or `both`, reverse path filtering will be set to loose instead of strict.\nWhen set to `server` or `both`, IP forwarding will be enabled.\n", "example": {"_type": "literalExpression", "text": "\"server\""}, "loc": ["services", "tailscale", "useRoutingFeatures"], "readOnly": false, "type": "one of \"none\", \"client\", \"server\", \"both\""}, "services.tailscaleAuth.enable": {"declarations": ["nixos/modules/services/networking/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tailscale.nginx-auth, to authenticate users via tailscale.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tailscaleAuth", "enable"], "readOnly": false, "type": "boolean"}, "services.tailscaleAuth.group": {"declarations": ["nixos/modules/services/networking/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "\"tailscale-nginx-auth\""}, "description": "Group which runs tailscale-nginx-auth", "loc": ["services", "tailscaleAuth", "group"], "readOnly": false, "type": "string"}, "services.tailscaleAuth.package": {"declarations": ["nixos/modules/services/networking/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tailscale-nginx-auth"}, "description": "The tailscale-nginx-auth package to use.", "loc": ["services", "tailscaleAuth", "package"], "readOnly": false, "type": "package"}, "services.tailscaleAuth.socketPath": {"declarations": ["nixos/modules/services/networking/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "\"/run/tailscale-nginx-auth/tailscale-nginx-auth.sock\""}, "description": "Path of the socket listening to authorization requests.\n", "loc": ["services", "tailscaleAuth", "socketPath"], "readOnly": false, "type": "absolute path"}, "services.tailscaleAuth.user": {"declarations": ["nixos/modules/services/networking/tailscale-auth.nix"], "default": {"_type": "literalExpression", "text": "\"tailscale-nginx-auth\""}, "description": "User which runs tailscale-nginx-auth", "loc": ["services", "tailscaleAuth", "user"], "readOnly": false, "type": "string"}, "services.taler.exchange.debug": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "taler", "exchange", "debug"], "readOnly": false, "type": "boolean"}, "services.taler.exchange.denominationConfig": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "\"None, you must set this yourself.\""}, "description": "This option configures the cash denomination for the coins that the exchange offers.\nFor more information, consult the [upstream docs](https://docs.taler.net/taler-exchange-manual.html#coins-denomination-keys).\n\nYou can either write these manually or you can use the `taler-harness deployment gen-coin-config`\ncommand to generate it.\n\nWarning: Do not modify existing denominations after deployment.\nPlease see the upstream docs for how to safely do that.\n", "example": {"_type": "literalExpression", "text": "''\n  [COIN_KUDOS-n1-t1718140083]\n  VALUE = KUDOS:0.1\n  DURATION_WITHDRAW = 7 days\n  DURATION_SPEND = 2 years\n  DURATION_LEGAL = 6 years\n  FEE_WITHDRAW = KUDOS:0\n  FEE_DEPOSIT = KUDOS:0.1\n  FEE_REFRESH = KUDOS:0\n  FEE_REFUND = KUDOS:0\n  RSA_KEYSIZE = 2048\n  CIPHER = RSA\n''"}, "loc": ["services", "taler", "exchange", "denominationConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.taler.exchange.enable": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the GNU Taler exchange.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "taler", "exchange", "enable"], "readOnly": false, "type": "boolean"}, "services.taler.exchange.openFirewall": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall", "loc": ["services", "taler", "exchange", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.taler.exchange.package": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "pkgs.taler-exchange"}, "description": "The taler-exchange package to use.", "loc": ["services", "taler", "exchange", "package"], "readOnly": false, "type": "package"}, "services.taler.exchange.settings": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for the taler exchange config file.\n\nFor a list of all possible options, please see the man page [`taler-exchange.conf(5)`](https://docs.taler.net/manpages/taler-exchange.conf.5.html)\n", "loc": ["services", "taler", "exchange", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.taler.exchange.settings.exchange.CURRENCY": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "description": "The currency which the exchange will operate with. This cannot be changed later.\n", "loc": ["services", "taler", "exchange", "settings", "exchange", "CURRENCY"], "readOnly": false, "type": "non-empty string"}, "services.taler.exchange.settings.exchange.CURRENCY_ROUND_UNIT": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "\"0.01 in {option}`CURRENCY`\""}, "description": "Smallest amount in this currency that can be transferred using the underlying RTGS. For example: \"EUR:0.01\" or \"JPY:1\"\n", "loc": ["services", "taler", "exchange", "settings", "exchange", "CURRENCY_ROUND_UNIT"], "readOnly": false, "type": "string"}, "services.taler.exchange.settings.exchange.DB": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "\"postgres\""}, "description": "Plugin to use for the database.", "loc": ["services", "taler", "exchange", "settings", "exchange", "DB"], "readOnly": false, "type": "value \"postgres\" (singular enum)"}, "services.taler.exchange.settings.exchange.MASTER_PUBLIC_KEY": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Used by the exchange to verify information signed by the offline system.", "loc": ["services", "taler", "exchange", "settings", "exchange", "MASTER_PUBLIC_KEY"], "readOnly": false, "type": "string"}, "services.taler.exchange.settings.exchange.PORT": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "8081"}, "description": "Port on which the HTTP server listens.", "loc": ["services", "taler", "exchange", "settings", "exchange", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.taler.exchange.settings.exchangedb-postgres.CONFIG": {"declarations": ["nixos/modules/services/finance/taler/exchange.nix"], "default": {"_type": "literalExpression", "text": "\"postgres:///taler-exchange-httpd\""}, "description": "Database connection URI.", "loc": ["services", "taler", "exchange", "settings", "exchangedb-postgres", "CONFIG"], "readOnly": false, "type": "non-empty string"}, "services.taler.includes": {"declarations": ["nixos/modules/services/finance/taler/module.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to include into the config file using Taler's `@inline@` directive.\n\nThis allows including arbitrary INI files, including imperatively managed ones.\n", "loc": ["services", "taler", "includes"], "readOnly": false, "type": "list of absolute path"}, "services.taler.merchant.debug": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "taler", "merchant", "debug"], "readOnly": false, "type": "boolean"}, "services.taler.merchant.enable": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the GNU Taler merchant.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "taler", "merchant", "enable"], "readOnly": false, "type": "boolean"}, "services.taler.merchant.openFirewall": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall", "loc": ["services", "taler", "merchant", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.taler.merchant.package": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "pkgs.taler-merchant"}, "description": "The taler-merchant package to use.", "loc": ["services", "taler", "merchant", "package"], "readOnly": false, "type": "package"}, "services.taler.merchant.settings": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for the taler merchant config file.\n\nFor a list of all possible options, please see the man page [`taler-merchant.conf(5)`](https://docs.taler.net/manpages/taler-merchant.conf.5.html)\n", "loc": ["services", "taler", "merchant", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.taler.merchant.settings.merchant.DB": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "\"postgres\""}, "description": "Plugin to use for the database.", "loc": ["services", "taler", "merchant", "settings", "merchant", "DB"], "readOnly": false, "type": "value \"postgres\" (singular enum)"}, "services.taler.merchant.settings.merchant.LEGAL_PRESERVATION": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "\"10 years\""}, "description": "How long to keep data in the database for tax audits after the transaction has completed.", "loc": ["services", "taler", "merchant", "settings", "merchant", "LEGAL_PRESERVATION"], "readOnly": false, "type": "string"}, "services.taler.merchant.settings.merchant.PORT": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "8083"}, "description": "Port on which the HTTP server listens.", "loc": ["services", "taler", "merchant", "settings", "merchant", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.taler.merchant.settings.merchant.SERVE": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "Whether the HTTP server should listen on a UNIX domain socket (\"unix\") or on a TCP socket (\"tcp\").\n", "loc": ["services", "taler", "merchant", "settings", "merchant", "SERVE"], "readOnly": false, "type": "one of \"tcp\", \"unix\""}, "services.taler.merchant.settings.merchantdb-postgres.CONFIG": {"declarations": ["nixos/modules/services/finance/taler/merchant.nix"], "default": {"_type": "literalExpression", "text": "\"postgres:///taler-merchant-httpd\""}, "description": "Database connection URI.", "loc": ["services", "taler", "merchant", "settings", "merchantdb-postgres", "CONFIG"], "readOnly": false, "type": "non-empty string"}, "services.taler.runtimeDir": {"declarations": ["nixos/modules/services/finance/taler/module.nix"], "default": {"_type": "literalExpression", "text": "\"/run/taler-system-runtime/\""}, "description": "Runtime directory shared between the taler services.\n\nCrypto helpers put their sockets here for instance and the httpd\nconnects to them.\n", "loc": ["services", "taler", "runtimeDir"], "readOnly": false, "type": "string"}, "services.taler.settings": {"declarations": ["nixos/modules/services/finance/taler/module.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Global configuration options for the taler config file.\n\nFor a list of all possible options, please see the man page [`taler.conf(5)`](https://docs.taler.net/manpages/taler.conf.5.html)\n", "loc": ["services", "taler", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.taler.settings.taler.CURRENCY": {"declarations": ["nixos/modules/services/finance/taler/module.nix"], "description": "The currency which taler services will operate with. This cannot be changed later.\n", "loc": ["services", "taler", "settings", "taler", "CURRENCY"], "readOnly": false, "type": "non-empty string"}, "services.taler.settings.taler.CURRENCY_ROUND_UNIT": {"declarations": ["nixos/modules/services/finance/taler/module.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.taler.settings.taler.CURRENCY}:0.01\"\n"}, "description": "Smallest amount in this currency that can be transferred using the underlying RTGS.\n\nYou should probably not touch this.\n", "loc": ["services", "taler", "settings", "taler", "CURRENCY_ROUND_UNIT"], "readOnly": false, "type": "string"}, "services.tandoor-recipes.address": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Web interface address.", "loc": ["services", "tandoor-recipes", "address"], "readOnly": false, "type": "string"}, "services.tandoor-recipes.database.createLocally": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local PostgreSQL database server for Tandoor Recipes.\n", "loc": ["services", "tandoor-recipes", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.tandoor-recipes.enable": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Tandoor Recipes.\n\nWhen started, the Tandoor Recipes database is automatically created if\nit doesn't exist and updated if the package has changed. Both tasks are\nachieved by running a Django migration.\n\nA script to manage the instance (by wrapping Django's manage.py) is linked to\n`/var/lib/tandoor-recipes/tandoor-recipes-manage`.\n", "loc": ["services", "tandoor-recipes", "enable"], "readOnly": false, "type": "boolean"}, "services.tandoor-recipes.extraConfig": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra tandoor recipes config options.\n\nSee [the example dot-env file](https://raw.githubusercontent.com/vabene1111/recipes/master/.env.template)\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  ENABLE_SIGNUP = \"1\";\n}"}, "loc": ["services", "tandoor-recipes", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.tandoor-recipes.group": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "\"tandoor_recipes\""}, "description": "Group under which Tandoor runs.", "loc": ["services", "tandoor-recipes", "group"], "readOnly": false, "type": "string"}, "services.tandoor-recipes.package": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tandoor-recipes"}, "description": "The tandoor-recipes package to use.", "loc": ["services", "tandoor-recipes", "package"], "readOnly": false, "type": "package"}, "services.tandoor-recipes.port": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Web interface port.", "loc": ["services", "tandoor-recipes", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tandoor-recipes.user": {"declarations": ["nixos/modules/services/misc/tandoor-recipes.nix"], "default": {"_type": "literalExpression", "text": "\"tandoor_recipes\""}, "description": "User account under which Tandoor runs.", "loc": ["services", "tandoor-recipes", "user"], "readOnly": false, "type": "string"}, "services.tang.enable": {"declarations": ["nixos/modules/services/security/tang.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tang.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tang", "enable"], "readOnly": false, "type": "boolean"}, "services.tang.ipAddressAllow": {"declarations": ["nixos/modules/services/security/tang.nix"], "description": "Whitelist a list of address prefixes.\nPreferably, internal addresses should be used.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.1.0/24\"\n]"}, "loc": ["services", "tang", "ipAddressAllow"], "readOnly": false, "type": "list of string"}, "services.tang.listenStream": {"declarations": ["nixos/modules/services/security/tang.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"7654\"\n]"}, "description": "Addresses and/or ports on which tang should listen.\nFor detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"198.168.100.1:7654\"\n  \"[2001:db8::1]:7654\"\n  \"7654\"\n]"}, "loc": ["services", "tang", "listenStream"], "readOnly": false, "type": "list of string"}, "services.tang.package": {"declarations": ["nixos/modules/services/security/tang.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tang"}, "description": "The tang package to use.", "loc": ["services", "tang", "package"], "readOnly": false, "type": "package"}, "services.target.config": {"declarations": ["nixos/modules/services/networking/iscsi/target.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Content of /etc/target/saveconfig.json\nThis file is normally read and written by targetcli\n", "loc": ["services", "target", "config"], "readOnly": false, "type": "attribute set"}, "services.target.enable": {"declarations": ["nixos/modules/services/networking/iscsi/target.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the kernel's LIO iscsi target.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "target", "enable"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Tarsnap archive configurations. Each attribute names an archive\nto be created at a given time interval, according to the options\nassociated with it. When uploading to the tarsnap server,\narchive names are suffixed by a 1 second resolution timestamp,\nwith the format `%Y%m%d%H%M%S`.\n\nFor each member of the set is created a timer which triggers the\ninstanced `tarsnap-archive-name` service unit. You may use\n{command}`systemctl start tarsnap-archive-name` to\nmanually trigger creation of `archive-name` at\nany time.\n", "example": {"_type": "literalExpression", "text": "{\n  nixos =\n    { directories = [ \"/home\" \"/root/ssl\" ];\n    };\n\n  gamedata =\n    { directories = [ \"/var/lib/minecraft\" ];\n      period      = \"*:30\";\n    };\n}\n"}, "loc": ["services", "tarsnap", "archives"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tarsnap.archives.<name>.aggressiveNetworking": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Upload data over multiple TCP connections, potentially\nincreasing tarsnap's bandwidth utilisation at the cost\nof slowing down all other network traffic. Not\nrecommended unless TCP congestion is the dominant\nlimiting factor.\n", "loc": ["services", "tarsnap", "archives", "<name>", "aggressiveNetworking"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.cachedir": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/tarsnap/${utils.escapeSystemdPath config.services.tarsnap.archives.<name>.keyfile}\"\n"}, "description": "The cache allows tarsnap to identify previously stored data\nblocks, reducing archival time and bandwidth usage.\n\nShould the cache become desynchronized or corrupted, tarsnap\nwill refuse to run until you manually rebuild the cache with\n{command}`tarsnap --fsck`.\n\nSet to `null` to disable caching.\n", "loc": ["services", "tarsnap", "archives", "<name>", "cachedir"], "readOnly": false, "type": "null or absolute path"}, "services.tarsnap.archives.<name>.checkpointBytes": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "\"1GB\""}, "description": "Create a checkpoint every `checkpointBytes`\nof uploaded data (optionally specified using an SI prefix).\n\n1GB is the minimum value. A higher value is recommended,\nas checkpointing is expensive.\n\nSet to `null` to disable checkpointing.\n", "loc": ["services", "tarsnap", "archives", "<name>", "checkpointBytes"], "readOnly": false, "type": "null or string"}, "services.tarsnap.archives.<name>.directories": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of filesystem paths to archive.", "loc": ["services", "tarsnap", "archives", "<name>", "directories"], "readOnly": false, "type": "list of absolute path"}, "services.tarsnap.archives.<name>.excludes": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Exclude files and directories matching these patterns.\n", "loc": ["services", "tarsnap", "archives", "<name>", "excludes"], "readOnly": false, "type": "list of string"}, "services.tarsnap.archives.<name>.explicitSymlinks": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to follow symlinks specified as archives.\n", "loc": ["services", "tarsnap", "archives", "<name>", "explicitSymlinks"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.followSymlinks": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to follow all symlinks in archive trees.\n", "loc": ["services", "tarsnap", "archives", "<name>", "followSymlinks"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.includes": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Include only files and directories matching these\npatterns (the empty list includes everything).\n\nExclusions have precedence over inclusions.\n", "loc": ["services", "tarsnap", "archives", "<name>", "includes"], "readOnly": false, "type": "list of string"}, "services.tarsnap.archives.<name>.keyfile": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "config.services.tarsnap.keyfile"}, "description": "Set a specific keyfile for this archive. This defaults to\n`\"/root/tarsnap.key\"` if left unspecified.\n\nUse this option if you want to run multiple backups\nconcurrently - each archive must have a unique key. You can\ngenerate a write-only key derived from your master key (which\nis recommended) using {manpage}`tarsnap-keymgmt(1)`.\n\nNote: every archive must have an individual master key. You\nmust generate multiple keys with\n{manpage}`tarsnap-keygen(1)`, and then generate write\nonly keys from those.\n\nThe keyfile name should be given as a string and not a path, to\navoid the key being copied into the Nix store.\n", "loc": ["services", "tarsnap", "archives", "<name>", "keyfile"], "readOnly": false, "type": "string"}, "services.tarsnap.archives.<name>.lowmem": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reduce memory consumption by not caching small files.\nPossibly beneficial if the average file size is smaller\nthan 1 MB and the number of files is lower than the\ntotal amount of RAM in KB.\n", "loc": ["services", "tarsnap", "archives", "<name>", "lowmem"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.maxbw": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Abort archival if upstream bandwidth usage in bytes\nexceeds this threshold.\n", "loc": ["services", "tarsnap", "archives", "<name>", "maxbw"], "readOnly": false, "type": "null or signed integer"}, "services.tarsnap.archives.<name>.maxbwRateDown": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Download bandwidth rate limit in bytes.\n", "example": {"_type": "literalExpression", "text": "50 * 1000"}, "loc": ["services", "tarsnap", "archives", "<name>", "maxbwRateDown"], "readOnly": false, "type": "null or signed integer"}, "services.tarsnap.archives.<name>.maxbwRateUp": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Upload bandwidth rate limit in bytes.\n", "example": {"_type": "literalExpression", "text": "25 * 1000"}, "loc": ["services", "tarsnap", "archives", "<name>", "maxbwRateUp"], "readOnly": false, "type": "null or signed integer"}, "services.tarsnap.archives.<name>.nodump": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Exclude files with the `nodump` flag.\n", "loc": ["services", "tarsnap", "archives", "<name>", "nodump"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.period": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "\"01:15\""}, "description": "Create archive at this interval.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"hourly\""}, "loc": ["services", "tarsnap", "archives", "<name>", "period"], "readOnly": false, "type": "string"}, "services.tarsnap.archives.<name>.printStats": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Print global archive statistics upon completion.\nThe output is available via\n{command}`systemctl status tarsnap-archive-name`.\n", "loc": ["services", "tarsnap", "archives", "<name>", "printStats"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.verbose": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to produce verbose logging output.\n", "loc": ["services", "tarsnap", "archives", "<name>", "verbose"], "readOnly": false, "type": "boolean"}, "services.tarsnap.archives.<name>.verylowmem": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reduce memory consumption by a factor of 2 beyond what\n`lowmem` does, at the cost of significantly\nslowing down the archiving process.\n", "loc": ["services", "tarsnap", "archives", "<name>", "verylowmem"], "readOnly": false, "type": "boolean"}, "services.tarsnap.enable": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable periodic tarsnap backups.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tarsnap", "enable"], "readOnly": false, "type": "boolean"}, "services.tarsnap.keyfile": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "\"/root/tarsnap.key\""}, "description": "The keyfile which associates this machine with your tarsnap\naccount.\nCreate the keyfile with {command}`tarsnap-keygen`.\n\nNote that each individual archive (specified below) may also have its\nown individual keyfile specified. Tarsnap does not allow multiple\nconcurrent backups with the same cache directory and key (starting a\nnew backup will cause another one to fail). If you have multiple\narchives specified, you should either spread out your backups to be\nfar apart, or specify a separate key for each archive. By default\nevery archive defaults to using\n`\"/root/tarsnap.key\"`.\n\nIt's recommended for backups that you generate a key for every archive\nusing {manpage}`tarsnap-keygen(1)`, and then generate a\nwrite-only tarsnap key using {manpage}`tarsnap-keymgmt(1)`,\nand keep your master key(s) for a particular machine off-site.\n\nThe keyfile name should be given as a string and not a path, to\navoid the key being copied into the Nix store.\n", "loc": ["services", "tarsnap", "keyfile"], "readOnly": false, "type": "string"}, "services.tarsnap.package": {"declarations": ["nixos/modules/services/backup/tarsnap.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tarsnap"}, "description": "The tarsnap package to use.", "loc": ["services", "tarsnap", "package"], "readOnly": false, "type": "package"}, "services.taskchampion-sync-server.allowClientIds": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Client IDs to allow (can be repeated; if not specified, all clients are allowed)", "loc": ["services", "taskchampion-sync-server", "allowClientIds"], "readOnly": false, "type": "list of string"}, "services.taskchampion-sync-server.dataDir": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/taskchampion-sync-server\""}, "description": "Directory in which to store data", "loc": ["services", "taskchampion-sync-server", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.taskchampion-sync-server.enable": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TaskChampion Sync Server for Taskwarrior 3.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "taskchampion-sync-server", "enable"], "readOnly": false, "type": "boolean"}, "services.taskchampion-sync-server.group": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "\"taskchampion\""}, "description": "Unix Group to run the server under", "loc": ["services", "taskchampion-sync-server", "group"], "readOnly": false, "type": "string"}, "services.taskchampion-sync-server.host": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host address on which to serve", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "taskchampion-sync-server", "host"], "readOnly": false, "type": "string"}, "services.taskchampion-sync-server.openFirewall": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Open firewall port for taskchampion-sync-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "taskchampion-sync-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.taskchampion-sync-server.package": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.taskchampion-sync-server"}, "description": "The taskchampion-sync-server package to use.", "loc": ["services", "taskchampion-sync-server", "package"], "readOnly": false, "type": "package"}, "services.taskchampion-sync-server.port": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "10222"}, "description": "Port on which to serve", "loc": ["services", "taskchampion-sync-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.taskchampion-sync-server.snapshot.days": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "14"}, "description": "Target number of days between snapshots", "loc": ["services", "taskchampion-sync-server", "snapshot", "days"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.taskchampion-sync-server.snapshot.versions": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Target number of versions between snapshots", "loc": ["services", "taskchampion-sync-server", "snapshot", "versions"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.taskchampion-sync-server.user": {"declarations": ["nixos/modules/services/misc/taskchampion-sync-server.nix"], "default": {"_type": "literalExpression", "text": "\"taskchampion\""}, "description": "Unix User to run the server under", "loc": ["services", "taskchampion-sync-server", "user"], "readOnly": false, "type": "string"}, "services.taskserver.allowedClientIDs": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of regular expressions that are matched against the reported\nclient id (such as `task 2.3.0`).\n\nThe values `all` or `none` have\nspecial meaning. Overridden by any entry in the option\n{option}`services.taskserver.disallowedClientIDs`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"[Tt]ask [2-9]+\"\n]"}, "loc": ["services", "taskserver", "allowedClientIDs"], "readOnly": false, "type": "string or list of string"}, "services.taskserver.ciphers": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of GnuTLS ciphers to use. See the GnuTLS documentation about\npriority strings at <https://gnutls.org/manual/html_node/Priority-Strings.html> for full details.\n", "example": {"_type": "literalExpression", "text": "\"NORMAL:-VERS-SSL3.0\""}, "loc": ["services", "taskserver", "ciphers"], "readOnly": false, "type": "null or strings concatenated with \":\""}, "services.taskserver.config": {"declarations": ["nixos/modules/services/misc/taskserver"], "description": "Configuration options to pass to Taskserver.\n\nThe options here are the same as described in\n{manpage}`taskdrc(5)` from the `taskwarrior2` package, but with one difference:\n\nThe `server` option is\n`server.listen` here, because the\n`server` option would collide with other options\nlike `server.cert` and we would run in a type error\n(attribute set versus string).\n\nNix types like integers or booleans are automatically converted to\nthe right values Taskserver would expect.\n", "example": {"_type": "literalExpression", "text": "{\n  client = {\n    cert = \"/tmp/debugging.cert\";\n  };\n}"}, "loc": ["services", "taskserver", "config"], "readOnly": false, "type": "attribute set"}, "services.taskserver.confirmation": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Determines whether certain commands are confirmed.\n", "loc": ["services", "taskserver", "confirmation"], "readOnly": false, "type": "boolean"}, "services.taskserver.dataDir": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "\"/var/lib/taskserver\""}, "description": "Data directory for Taskserver.", "loc": ["services", "taskserver", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.taskserver.debug": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Logs debugging information.\n", "loc": ["services", "taskserver", "debug"], "readOnly": false, "type": "boolean"}, "services.taskserver.disallowedClientIDs": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of regular expressions that are matched against the reported\nclient id (such as `task 2.3.0`).\n\nThe values `all` or `none` have\nspecial meaning. Any entry here overrides those in\n{option}`services.taskserver.allowedClientIDs`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"[Tt]ask [2-9]+\"\n]"}, "loc": ["services", "taskserver", "disallowedClientIDs"], "readOnly": false, "type": "string or list of string"}, "services.taskserver.enable": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Taskwarrior 2 server.\n\nMore instructions about NixOS in conjunction with Taskserver can be\nfound [in the NixOS manual](https://nixos.org/manual/nixos/stable/index.html#module-services-taskserver).\n", "loc": ["services", "taskserver", "enable"], "readOnly": false, "type": "boolean"}, "services.taskserver.extensions": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fully qualified path of the Taskserver extension scripts.\nCurrently there are none.\n", "loc": ["services", "taskserver", "extensions"], "readOnly": false, "type": "null or absolute path"}, "services.taskserver.fqdn": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The fully qualified domain name of this server, which is also used\nas the common name in the certificates.\n", "loc": ["services", "taskserver", "fqdn"], "readOnly": false, "type": "string"}, "services.taskserver.group": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "\"taskd\""}, "description": "Group for Taskserver.", "loc": ["services", "taskserver", "group"], "readOnly": false, "type": "string"}, "services.taskserver.ipLog": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Logs the IP addresses of incoming requests.\n", "loc": ["services", "taskserver", "ipLog"], "readOnly": false, "type": "boolean"}, "services.taskserver.listenHost": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address (IPv4, IPv6 or DNS) to listen on.\n", "example": {"_type": "literalExpression", "text": "\"::\""}, "loc": ["services", "taskserver", "listenHost"], "readOnly": false, "type": "string"}, "services.taskserver.listenPort": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "53589"}, "description": "Port number of the Taskserver.\n", "loc": ["services", "taskserver", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.taskserver.openFirewall": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified Taskserver port.\n", "loc": ["services", "taskserver", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.taskserver.organisations": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attribute set where the keys name the organisation and the values\nare a set of lists of {option}`users` and\n{option}`groups`.\n", "example": {"_type": "literalExpression", "text": "{\n  myShinyOrganisation = {\n    groups = [\n      \"staff\"\n      \"outsiders\"\n    ];\n    users = [\n      \"alice\"\n      \"bob\"\n    ];\n  };\n  yetAnotherOrganisation = {\n    users = [\n      \"foo\"\n      \"bar\"\n    ];\n  };\n}"}, "loc": ["services", "taskserver", "organisations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.taskserver.organisations.<name>.groups": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of group names that belong to the organization.\n", "example": {"_type": "literalExpression", "text": "[\n  \"workers\"\n  \"slackers\"\n]"}, "loc": ["services", "taskserver", "organisations", "<name>", "groups"], "readOnly": false, "type": "list of string"}, "services.taskserver.organisations.<name>.users": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of user names that belong to the organization.\n", "example": {"_type": "literalExpression", "text": "[\n  \"alice\"\n  \"bob\"\n]"}, "loc": ["services", "taskserver", "organisations", "<name>", "users"], "readOnly": false, "type": "list of string"}, "services.taskserver.pki.auto.bits": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "The bit size for generated keys.\n\n::: {.note}\nThis option is for the automatically handled CA and will be ignored if any\nof the {option}`services.taskserver.pki.manual.*` options are set.\n:::\n", "example": {"_type": "literalExpression", "text": "2048"}, "loc": ["services", "taskserver", "pki", "auto", "bits"], "readOnly": false, "type": "signed integer"}, "services.taskserver.pki.auto.expiration.ca": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The expiration time of the CA certificate in days or `null` for no\nexpiration time.\n\n\n::: {.note}\nThis option is for the automatically handled CA and will be ignored if any\nof the {option}`services.taskserver.pki.manual.*` options are set.\n:::\n", "example": {"_type": "literalExpression", "text": "365"}, "loc": ["services", "taskserver", "pki", "auto", "expiration", "ca"], "readOnly": false, "type": "null or signed integer"}, "services.taskserver.pki.auto.expiration.client": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The expiration time of client certificates in days or `null` for no\nexpiration time.\n\n\n::: {.note}\nThis option is for the automatically handled CA and will be ignored if any\nof the {option}`services.taskserver.pki.manual.*` options are set.\n:::\n", "example": {"_type": "literalExpression", "text": "365"}, "loc": ["services", "taskserver", "pki", "auto", "expiration", "client"], "readOnly": false, "type": "null or signed integer"}, "services.taskserver.pki.auto.expiration.crl": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The expiration time of the certificate revocation list (CRL) in days or `null` for no\nexpiration time.\n\n\n::: {.note}\nThis option is for the automatically handled CA and will be ignored if any\nof the {option}`services.taskserver.pki.manual.*` options are set.\n:::\n", "example": {"_type": "literalExpression", "text": "365"}, "loc": ["services", "taskserver", "pki", "auto", "expiration", "crl"], "readOnly": false, "type": "null or signed integer"}, "services.taskserver.pki.auto.expiration.server": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The expiration time of the server certificate in days or `null` for no\nexpiration time.\n\n\n::: {.note}\nThis option is for the automatically handled CA and will be ignored if any\nof the {option}`services.taskserver.pki.manual.*` options are set.\n:::\n", "example": {"_type": "literalExpression", "text": "365"}, "loc": ["services", "taskserver", "pki", "auto", "expiration", "server"], "readOnly": false, "type": "null or signed integer"}, "services.taskserver.pki.manual.ca.cert": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fully qualified path to the CA certificate.\n\n\n::: {.note}\nSetting this option will prevent automatic CA creation and handling.\n:::\n", "loc": ["services", "taskserver", "pki", "manual", "ca", "cert"], "readOnly": false, "type": "null or absolute path"}, "services.taskserver.pki.manual.server.cert": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fully qualified path to the server certificate.\n\n\n::: {.note}\nSetting this option will prevent automatic CA creation and handling.\n:::\n", "loc": ["services", "taskserver", "pki", "manual", "server", "cert"], "readOnly": false, "type": "null or absolute path"}, "services.taskserver.pki.manual.server.crl": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fully qualified path to the server certificate revocation list.\n\n\n::: {.note}\nSetting this option will prevent automatic CA creation and handling.\n:::\n", "loc": ["services", "taskserver", "pki", "manual", "server", "crl"], "readOnly": false, "type": "null or absolute path"}, "services.taskserver.pki.manual.server.key": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Fully qualified path to the server key.\n\n\n::: {.note}\nSetting this option will prevent automatic CA creation and handling.\n:::\n", "loc": ["services", "taskserver", "pki", "manual", "server", "key"], "readOnly": false, "type": "null or absolute path"}, "services.taskserver.queueSize": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Size of the connection backlog, see {manpage}`listen(2)`.\n", "loc": ["services", "taskserver", "queueSize"], "readOnly": false, "type": "signed integer"}, "services.taskserver.requestLimit": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "1048576"}, "description": "Size limit of incoming requests, in bytes.\n", "loc": ["services", "taskserver", "requestLimit"], "readOnly": false, "type": "signed integer"}, "services.taskserver.trust": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "\"strict\""}, "description": "Determines how client certificates are validated.\n\nThe value `allow all` performs no client\ncertificate validation. This is not recommended. The value\n`strict` causes the client certificate to be\nvalidated against a CA.\n", "loc": ["services", "taskserver", "trust"], "readOnly": false, "type": "one of \"allow all\", \"strict\""}, "services.taskserver.user": {"declarations": ["nixos/modules/services/misc/taskserver"], "default": {"_type": "literalExpression", "text": "\"taskd\""}, "description": "User for Taskserver.", "loc": ["services", "taskserver", "user"], "readOnly": false, "type": "string"}, "services.tautulli.configFile": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/plexpy/config.ini\""}, "description": "The location of Tautulli's config file.", "loc": ["services", "tautulli", "configFile"], "readOnly": false, "type": "string"}, "services.tautulli.dataDir": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/plexpy\""}, "description": "The directory where Tautulli stores its data files.", "loc": ["services", "tautulli", "dataDir"], "readOnly": false, "type": "string"}, "services.tautulli.enable": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tautulli Plex Monitor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tautulli", "enable"], "readOnly": false, "type": "boolean"}, "services.tautulli.group": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "\"nogroup\""}, "description": "Group under which Tautulli runs.", "loc": ["services", "tautulli", "group"], "readOnly": false, "type": "string"}, "services.tautulli.openFirewall": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for Tautulli.", "loc": ["services", "tautulli", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.tautulli.package": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tautulli"}, "description": "The tautulli package to use.", "loc": ["services", "tautulli", "package"], "readOnly": false, "type": "package"}, "services.tautulli.port": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "8181"}, "description": "TCP port where Tautulli listens.", "loc": ["services", "tautulli", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tautulli.user": {"declarations": ["nixos/modules/services/misc/tautulli.nix"], "default": {"_type": "literalExpression", "text": "\"plexpy\""}, "description": "User account under which Tautulli runs.", "loc": ["services", "tautulli", "user"], "readOnly": false, "type": "string"}, "services.tayga.dataDir": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tayga\""}, "description": "Directory for persistent data.", "loc": ["services", "tayga", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.tayga.enable": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tayga.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tayga", "enable"], "readOnly": false, "type": "boolean"}, "services.tayga.ipv4": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "IPv4-specific configuration.", "example": {"_type": "literalExpression", "text": "{\n  address = \"192.0.2.0\";\n  router = {\n    address = \"192.0.2.1\";\n  };\n  pool = {\n    address = \"192.0.2.1\";\n    prefixLength = 24;\n  };\n}\n"}, "loc": ["services", "tayga", "ipv4"], "readOnly": false, "type": "submodule"}, "services.tayga.ipv4.address": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The source IPv4 address of the TAYGA server.", "loc": ["services", "tayga", "ipv4", "address"], "readOnly": false, "type": "null or string"}, "services.tayga.ipv4.pool": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "The pool of IPv4 addresses which are used for translation.", "loc": ["services", "tayga", "ipv4", "pool"], "readOnly": false, "type": "null or (submodule)"}, "services.tayga.ipv4.pool.address": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "IPv4 address.", "loc": ["services", "tayga", "ipv4", "pool", "address"], "readOnly": false, "type": "string"}, "services.tayga.ipv4.pool.prefixLength": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "Subnet mask of the interface, specified as the number of\nbits in the prefix (\"24\").\n", "loc": ["services", "tayga", "ipv4", "pool", "prefixLength"], "readOnly": false, "type": "integer between 0 and 32 (both inclusive)"}, "services.tayga.ipv4.router.address": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "The IPv4 address of the router.", "loc": ["services", "tayga", "ipv4", "router", "address"], "readOnly": false, "type": "string"}, "services.tayga.ipv6": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "IPv6-specific configuration.", "example": {"_type": "literalExpression", "text": "{\n  address = \"2001:db8::1\";\n  router = {\n    address = \"64:ff9b::1\";\n  };\n  pool = {\n    address = \"64:ff9b::\";\n    prefixLength = 96;\n  };\n}\n"}, "loc": ["services", "tayga", "ipv6"], "readOnly": false, "type": "submodule"}, "services.tayga.ipv6.address": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The source IPv6 address of the TAYGA server.", "loc": ["services", "tayga", "ipv6", "address"], "readOnly": false, "type": "null or string"}, "services.tayga.ipv6.pool": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "The pool of IPv6 addresses which are used for translation.", "loc": ["services", "tayga", "ipv6", "pool"], "readOnly": false, "type": "null or (submodule)"}, "services.tayga.ipv6.pool.address": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "IPv6 address.", "loc": ["services", "tayga", "ipv6", "pool", "address"], "readOnly": false, "type": "string"}, "services.tayga.ipv6.pool.prefixLength": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "Subnet mask of the interface, specified as the number of\nbits in the prefix (\"64\").\n", "loc": ["services", "tayga", "ipv6", "pool", "prefixLength"], "readOnly": false, "type": "integer between 0 and 128 (both inclusive)"}, "services.tayga.ipv6.router.address": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "description": "The IPv6 address of the router.", "loc": ["services", "tayga", "ipv6", "router", "address"], "readOnly": false, "type": "string"}, "services.tayga.log": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packet errors to log (drop, reject, icmp, self)", "example": {"_type": "literalExpression", "text": "[ \"drop\" \"reject\" \"icmp\" \"self\" ]\n"}, "loc": ["services", "tayga", "log"], "readOnly": false, "type": "list of string"}, "services.tayga.mappings": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Static IPv4 -> IPv6 host mappings.", "example": {"_type": "literalExpression", "text": "{\n  \"192.168.5.42\" = \"2001:db8:1:4444::1\";\n  \"192.168.5.43\" = \"2001:db8:1:4444::2\";\n  \"192.168.255.2\" = \"2001:db8:1:569::143\";\n}\n"}, "loc": ["services", "tayga", "mappings"], "readOnly": false, "type": "attribute set of string"}, "services.tayga.package": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tayga"}, "description": "The tayga package to use.", "loc": ["services", "tayga", "package"], "readOnly": false, "type": "package"}, "services.tayga.tunDevice": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "\"nat64\""}, "description": "Name of the nat64 tun device.", "loc": ["services", "tayga", "tunDevice"], "readOnly": false, "type": "string"}, "services.tayga.wkpfStrict": {"declarations": ["nixos/modules/services/networking/tayga.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable restrictions on the use of the well-known prefix (64:ff9b::/96) - prevents translation of non-global IPv4 ranges when using the well-known prefix. Must be enabled for RFC 6052 compatibility.", "loc": ["services", "tayga", "wkpfStrict"], "readOnly": false, "type": "boolean"}, "services.tcsd.conformanceCred": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.tcsd.stateDir}/conformance.cert\""}, "description": "Path to the conformance credential for your TPM.\nSee also the platformCred option", "loc": ["services", "tcsd", "conformanceCred"], "readOnly": false, "type": "absolute path"}, "services.tcsd.enable": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tcsd, a Trusted Computing management service\nthat provides TCG Software Stack (TSS).  The tcsd daemon is\nthe only portal to the Trusted Platform Module (TPM), a hardware\nchip on the motherboard.\n", "loc": ["services", "tcsd", "enable"], "readOnly": false, "type": "boolean"}, "services.tcsd.endorsementCred": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.tcsd.stateDir}/endorsement.cert\""}, "description": "Path to the endorsement credential for your TPM.\nSee also the platformCred option", "loc": ["services", "tcsd", "endorsementCred"], "readOnly": false, "type": "absolute path"}, "services.tcsd.firmwarePCRs": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"0,1,2,3,4,5,6,7\""}, "description": "PCR indices used in the TPM for firmware measurements.", "loc": ["services", "tcsd", "firmwarePCRs"], "readOnly": false, "type": "string"}, "services.tcsd.group": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"tss\""}, "description": "Group account under which tcsd runs.", "loc": ["services", "tcsd", "group"], "readOnly": false, "type": "string"}, "services.tcsd.kernelPCRs": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"8,9,10,11,12\""}, "description": "PCR indices used in the TPM for kernel measurements.", "loc": ["services", "tcsd", "kernelPCRs"], "readOnly": false, "type": "string"}, "services.tcsd.platformCred": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.tcsd.stateDir}/platform.cert\""}, "description": "Path to the platform credential for your TPM. Your TPM\nmanufacturer may have provided you with a set of credentials\n(certificates) that should be used when creating identities\nusing your TPM. When a user of your TPM makes an identity,\nthis credential will be encrypted as part of that process.\nSee the 1.1b TPM Main specification section 9.3 for information\non this process. ", "loc": ["services", "tcsd", "platformCred"], "readOnly": false, "type": "absolute path"}, "services.tcsd.stateDir": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tpm\""}, "description": "The location of the system persistent storage file.\nThe system persistent storage file holds keys and data across\nrestarts of the TCSD and system reboots.\n", "loc": ["services", "tcsd", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.tcsd.user": {"declarations": ["nixos/modules/services/hardware/tcsd.nix"], "default": {"_type": "literalExpression", "text": "\"tss\""}, "description": "User account under which tcsd runs.", "loc": ["services", "tcsd", "user"], "readOnly": false, "type": "string"}, "services.teamspeak3.dataDir": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/teamspeak3-server\""}, "description": "Directory to store TS3 database and other state/data files.\n", "loc": ["services", "teamspeak3", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.teamspeak3.defaultVoicePort": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "9987"}, "description": "Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.\n", "loc": ["services", "teamspeak3", "defaultVoicePort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teamspeak3.enable": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the Teamspeak3 voice communication server daemon.\n", "loc": ["services", "teamspeak3", "enable"], "readOnly": false, "type": "boolean"}, "services.teamspeak3.fileTransferIP": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "teamspeak3", "fileTransferIP"], "readOnly": false, "type": "null or string"}, "services.teamspeak3.fileTransferPort": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "30033"}, "description": "TCP port opened for file transfers.\n", "loc": ["services", "teamspeak3", "fileTransferPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teamspeak3.logPath": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/teamspeak3-server/\""}, "description": "Directory to store log files in.\n", "loc": ["services", "teamspeak3", "logPath"], "readOnly": false, "type": "absolute path"}, "services.teamspeak3.openFirewall": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the TeamSpeak3 server.", "loc": ["services", "teamspeak3", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.teamspeak3.openFirewallServerQuery": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall.", "loc": ["services", "teamspeak3", "openFirewallServerQuery"], "readOnly": false, "type": "boolean"}, "services.teamspeak3.queryHttpPort": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "10080"}, "description": "TCP port opened for ServerQuery connections using the HTTP protocol.\n", "loc": ["services", "teamspeak3", "queryHttpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teamspeak3.queryIP": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "teamspeak3", "queryIP"], "readOnly": false, "type": "null or string"}, "services.teamspeak3.queryPort": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "10011"}, "description": "TCP port opened for ServerQuery connections using the raw telnet protocol.\n", "loc": ["services", "teamspeak3", "queryPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teamspeak3.querySshPort": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "10022"}, "description": "TCP port opened for ServerQuery connections using the SSH protocol.\n", "loc": ["services", "teamspeak3", "querySshPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teamspeak3.voiceIP": {"declarations": ["nixos/modules/services/networking/teamspeak3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP on which the server instance will listen for incoming voice connections. Defaults to any IP.\n", "example": {"_type": "literalExpression", "text": "\"[::]\""}, "loc": ["services", "teamspeak3", "voiceIP"], "readOnly": false, "type": "null or string"}, "services.teamviewer.enable": {"declarations": ["nixos/modules/services/monitoring/teamviewer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TeamViewer daemon & system package.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "teamviewer", "enable"], "readOnly": false, "type": "boolean"}, "services.teamviewer.package": {"declarations": ["nixos/modules/services/monitoring/teamviewer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.teamviewer"}, "description": "The teamviewer package to use.", "loc": ["services", "teamviewer", "package"], "readOnly": false, "type": "package"}, "services.technitium-dns-server.enable": {"declarations": ["nixos/modules/services/networking/technitium-dns-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Technitium DNS Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "technitium-dns-server", "enable"], "readOnly": false, "type": "boolean"}, "services.technitium-dns-server.firewallTCPPorts": {"declarations": ["nixos/modules/services/networking/technitium-dns-server.nix"], "default": {"_type": "literalExpression", "text": "[\n  53\n  5380\n  53443\n]"}, "description": "List of TCP ports to open in firewall.\nYou might want to open ports 443 and 853 if you intend to use DNS over HTTPS or DNS over TLS.\n", "loc": ["services", "technitium-dns-server", "firewallTCPPorts"], "readOnly": false, "type": "list of signed integer"}, "services.technitium-dns-server.firewallUDPPorts": {"declarations": ["nixos/modules/services/networking/technitium-dns-server.nix"], "default": {"_type": "literalExpression", "text": "[\n  53\n]"}, "description": "List of UDP ports to open in firewall.\n", "loc": ["services", "technitium-dns-server", "firewallUDPPorts"], "readOnly": false, "type": "list of signed integer"}, "services.technitium-dns-server.openFirewall": {"declarations": ["nixos/modules/services/networking/technitium-dns-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall.\nStandard ports are 53 (UDP and TCP, for DNS), 5380 and 53443 (TCP, HTTP and HTTPS for web interface).\nSpecify different or additional ports in options firewallUDPPorts and firewallTCPPorts if necessary.\n", "loc": ["services", "technitium-dns-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.technitium-dns-server.package": {"declarations": ["nixos/modules/services/networking/technitium-dns-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.technitium-dns-server"}, "description": "The technitium-dns-server package to use.", "loc": ["services", "technitium-dns-server", "package"], "readOnly": false, "type": "package"}, "services.tee-supplicant.enable": {"declarations": ["nixos/modules/services/misc/tee-supplicant"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable OP-TEE userspace supplicant.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tee-supplicant", "enable"], "readOnly": false, "type": "boolean"}, "services.tee-supplicant.package": {"declarations": ["nixos/modules/services/misc/tee-supplicant"], "default": {"_type": "literalExpression", "text": "pkgs.optee-client"}, "description": "The optee-client package to use.", "loc": ["services", "tee-supplicant", "package"], "readOnly": false, "type": "package"}, "services.tee-supplicant.pluginPath": {"declarations": ["nixos/modules/services/misc/tee-supplicant"], "default": {"_type": "literalExpression", "text": "\"/run/current-system/sw/lib/tee-supplicant/plugins\""}, "description": "The directory where plugins will be loaded from on startup.\n", "loc": ["services", "tee-supplicant", "pluginPath"], "readOnly": false, "type": "absolute path"}, "services.tee-supplicant.reeFsParentPath": {"declarations": ["nixos/modules/services/misc/tee-supplicant"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tee\""}, "description": "The directory where the secure filesystem will be stored in the rich\nexecution environment (REE FS).\n", "loc": ["services", "tee-supplicant", "reeFsParentPath"], "readOnly": false, "type": "absolute path"}, "services.tee-supplicant.trustedApplications": {"declarations": ["nixos/modules/services/misc/tee-supplicant"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of full paths to trusted applications that will be loaded at\nruntime by tee-supplicant.\n", "loc": ["services", "tee-supplicant", "trustedApplications"], "readOnly": false, "type": "list of absolute path"}, "services.teeworlds.enable": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Teeworlds Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "teeworlds", "enable"], "readOnly": false, "type": "boolean"}, "services.teeworlds.environmentFile": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets may be passed to the service without adding them to the world-readable\nNix store, by specifying placeholder variables as the option value in Nix and\nsetting these variables accordingly in the environment file.\n\n```\n  # snippet of teeworlds-related config\n  services.teeworlds.password = \"$TEEWORLDS_PASSWORD\";\n```\n\n```\n  # content of the environment file\n  TEEWORLDS_PASSWORD=verysecretpassword\n```\n\nNote that this file needs to be available on the host on which\n`teeworlds` is running.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/teeworlds/teeworlds.env\""}, "loc": ["services", "teeworlds", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.teeworlds.extraOptions": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra configuration lines for the {file}`teeworlds.cfg`. See [Teeworlds Documentation](https://www.teeworlds.com/?page=docs&wiki=server_settings).\n", "example": {"_type": "literalExpression", "text": "[\n  \"sv_map dm1\"\n  \"sv_gametype dm\"\n]"}, "loc": ["services", "teeworlds", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.teeworlds.game.enablePowerups": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to allow powerups such as the ninja.\n", "loc": ["services", "teeworlds", "game", "enablePowerups"], "readOnly": false, "type": "boolean"}, "services.teeworlds.game.enableReadyMode": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable \"ready mode\"; where players can pause/unpause the game\nand start the game in warmup, using their ready state.\n", "loc": ["services", "teeworlds", "game", "enableReadyMode"], "readOnly": false, "type": "boolean"}, "services.teeworlds.game.enableTeamDamage": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable team damage; whether to allow team mates to inflict damage on one another.\n", "loc": ["services", "teeworlds", "game", "enableTeamDamage"], "readOnly": false, "type": "boolean"}, "services.teeworlds.game.enableVoteKick": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable voting to kick players.\n", "loc": ["services", "teeworlds", "game", "enableVoteKick"], "readOnly": false, "type": "boolean"}, "services.teeworlds.game.gameType": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "\"dm\""}, "description": "The game type to use on the server.\n\nThe default gametypes are `dm`, `tdm`, `ctf`, `lms`, and `lts`.\n", "example": {"_type": "literalExpression", "text": "\"ctf\""}, "loc": ["services", "teeworlds", "game", "gameType"], "readOnly": false, "type": "string"}, "services.teeworlds.game.map": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "\"dm1\""}, "description": "The map to use on the server.\n", "example": {"_type": "literalExpression", "text": "\"ctf5\""}, "loc": ["services", "teeworlds", "game", "map"], "readOnly": false, "type": "string"}, "services.teeworlds.game.playerSlots": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "8"}, "description": "The amount of slots to reserve for players (as opposed to spectators).\n", "loc": ["services", "teeworlds", "game", "playerSlots"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.game.restrictSpectators": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to restrict access to information such as health, ammo and armour in spectator mode.\n", "loc": ["services", "teeworlds", "game", "restrictSpectators"], "readOnly": false, "type": "boolean"}, "services.teeworlds.game.scoreLimit": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "The score limit needed to win a round.\n", "example": {"_type": "literalExpression", "text": "400"}, "loc": ["services", "teeworlds", "game", "scoreLimit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.game.swapTeams": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to swap teams each round.\n", "loc": ["services", "teeworlds", "game", "swapTeams"], "readOnly": false, "type": "boolean"}, "services.teeworlds.game.timeLimit": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Time limit of the game. In cases of equal points, there will be sudden death.\nSetting this to 0 disables a time limit.\n", "loc": ["services", "teeworlds", "game", "timeLimit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.game.tournamentMode": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "\"disable\""}, "description": "Whether to enable tournament mode. In tournament mode, players join as spectators.\nIf this is set to `restrictSpectators`, tournament mode is enabled but spectator chat is restricted.\n", "loc": ["services", "teeworlds", "game", "tournamentMode"], "readOnly": false, "type": "one of \"disable\", \"enable\", \"restrictSpectators\""}, "services.teeworlds.game.voteKickBanTime": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The amount of minutes that a player is banned for if they get kicked by a vote.\n", "loc": ["services", "teeworlds", "game", "voteKickBanTime"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.game.voteKickMinimumPlayers": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The minimum amount of players required to start a kick vote.\n", "loc": ["services", "teeworlds", "game", "voteKickMinimumPlayers"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.motd": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The server's message of the day text.\n", "loc": ["services", "teeworlds", "motd"], "readOnly": false, "type": "null or string"}, "services.teeworlds.name": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "\"unnamed server\""}, "description": "Name of the server.\n", "loc": ["services", "teeworlds", "name"], "readOnly": false, "type": "string"}, "services.teeworlds.openPorts": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open firewall ports for Teeworlds.", "loc": ["services", "teeworlds", "openPorts"], "readOnly": false, "type": "boolean"}, "services.teeworlds.package": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "pkgs.teeworlds-server"}, "description": "The teeworlds-server package to use.", "loc": ["services", "teeworlds", "package"], "readOnly": false, "type": "package"}, "services.teeworlds.password": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password to connect to the server.\n", "loc": ["services", "teeworlds", "password"], "readOnly": false, "type": "null or string"}, "services.teeworlds.port": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "8303"}, "description": "Port the server will listen on.\n", "loc": ["services", "teeworlds", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teeworlds.rconPassword": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Password to access the remote console. If not set, a randomly generated one is displayed in the server log.\n", "loc": ["services", "teeworlds", "rconPassword"], "readOnly": false, "type": "null or string"}, "services.teeworlds.register": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the server registers as a public server in the global server list. This is disabled by default for privacy reasons.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "teeworlds", "register"], "readOnly": false, "type": "boolean"}, "services.teeworlds.server.bindAddr": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The address the server will bind to.\n", "loc": ["services", "teeworlds", "server", "bindAddr"], "readOnly": false, "type": "null or string"}, "services.teeworlds.server.enableHighBandwidth": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable high bandwidth mode on LAN servers. This will double the amount of bandwidth required for running the server.\n", "loc": ["services", "teeworlds", "server", "enableHighBandwidth"], "readOnly": false, "type": "boolean"}, "services.teeworlds.server.enableSpamProtection": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable chat spam protection.\n", "loc": ["services", "teeworlds", "server", "enableSpamProtection"], "readOnly": false, "type": "boolean"}, "services.teeworlds.server.hostName": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Hostname for the server.\n", "loc": ["services", "teeworlds", "server", "hostName"], "readOnly": false, "type": "null or string"}, "services.teeworlds.server.inactivePenalty": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "\"spectator/kick\""}, "description": "Specify what to do when a client goes inactive (see [](#opt-services.teeworlds.server.inactiveTime)).\n\n- `spectator`: send the client into spectator mode\n\n- `spectator/kick`: send the client into a free spectator slot, otherwise kick the client\n\n- `kick`: kick the client\n", "example": {"_type": "literalExpression", "text": "\"spectator\""}, "loc": ["services", "teeworlds", "server", "inactivePenalty"], "readOnly": false, "type": "one of \"spectator\", \"spectator/kick\", \"kick\""}, "services.teeworlds.server.inactiveTime": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "The amount of minutes a client has to idle before it is considered inactive.\n", "loc": ["services", "teeworlds", "server", "inactiveTime"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.server.kickInactiveSpectators": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to kick inactive spectators.\n", "loc": ["services", "teeworlds", "server", "kickInactiveSpectators"], "readOnly": false, "type": "boolean"}, "services.teeworlds.server.maxClients": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "12"}, "description": "The maximum amount of clients that can be connected to the server at the same time.\n", "loc": ["services", "teeworlds", "server", "maxClients"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.server.maxClientsPerIP": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "12"}, "description": "The maximum amount of clients with the same IP address that can be connected to the server at the same time.\n", "loc": ["services", "teeworlds", "server", "maxClientsPerIP"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.teeworlds.server.skillLevel": {"declarations": ["nixos/modules/services/games/teeworlds.nix"], "default": {"_type": "literalExpression", "text": "\"normal\""}, "description": "The skill level shown in the server browser.\n", "loc": ["services", "teeworlds", "server", "skillLevel"], "readOnly": false, "type": "one of \"casual\", \"normal\", \"competitive\""}, "services.telegraf.enable": {"declarations": ["nixos/modules/services/monitoring/telegraf.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable telegraf server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "telegraf", "enable"], "readOnly": false, "type": "boolean"}, "services.telegraf.environmentFiles": {"declarations": ["nixos/modules/services/monitoring/telegraf.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load as environment file. Environment variables from this file\nwill be interpolated into the config file using envsubst with this\nsyntax: `$ENVIRONMENT` or `${VARIABLE}`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/keys/telegraf.env\"\n]"}, "loc": ["services", "telegraf", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.telegraf.extraConfig": {"declarations": ["nixos/modules/services/monitoring/telegraf.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration options for telegraf", "example": {"_type": "literalExpression", "text": "{\n  inputs = {\n    statsd = {\n      delete_timings = true;\n      service_address = \":8125\";\n    };\n  };\n  outputs = {\n    influxdb = {\n      database = \"telegraf\";\n      urls = [\n        \"http://localhost:8086\"\n      ];\n    };\n  };\n}"}, "loc": ["services", "telegraf", "extraConfig"], "readOnly": false, "type": "TOML value"}, "services.telegraf.package": {"declarations": ["nixos/modules/services/monitoring/telegraf.nix"], "default": {"_type": "literalExpression", "text": "pkgs.telegraf"}, "description": "The telegraf package to use.", "loc": ["services", "telegraf", "package"], "readOnly": false, "type": "package"}, "services.telepathy.enable": {"declarations": ["nixos/modules/services/desktops/telepathy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Telepathy service, a communications framework\nthat enables real-time communication via pluggable protocol backends.\n", "loc": ["services", "telepathy", "enable"], "readOnly": false, "type": "boolean"}, "services.teleport.diag.addr": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Metrics and diagnostics address.", "loc": ["services", "teleport", "diag", "addr"], "readOnly": false, "type": "string"}, "services.teleport.diag.enable": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable endpoints for monitoring purposes.\n\nSee <https://goteleport.com/docs/setup/admin/troubleshooting/#troubleshooting/>\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "teleport", "diag", "enable"], "readOnly": false, "type": "boolean"}, "services.teleport.diag.port": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Metrics and diagnostics port.", "loc": ["services", "teleport", "diag", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.teleport.enable": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Teleport service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "teleport", "enable"], "readOnly": false, "type": "boolean"}, "services.teleport.insecure.enable": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable starting teleport in insecure mode.\n\nThis is dangerous!\nSensitive information will be logged to console and certificates will not be verified.\nProceed with caution!\n\nTeleport starts with disabled certificate validation on Proxy Service, validation still occurs on Auth Service\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "teleport", "insecure", "enable"], "readOnly": false, "type": "boolean"}, "services.teleport.package": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "pkgs.teleport"}, "description": "The teleport package to use.", "example": {"_type": "literalExpression", "text": "teleport_11"}, "loc": ["services", "teleport", "package"], "readOnly": false, "type": "package"}, "services.teleport.settings": {"declarations": ["nixos/modules/services/networking/teleport.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the {file}`teleport.yaml` config file.\nThe `--config` arguments will only be passed if this set is not empty.\n\nSee <https://goteleport.com/docs/setup/reference/config/>.\n", "example": {"_type": "literalExpression", "text": "{\n  teleport = {\n    nodename = \"client\";\n    advertise_ip = \"192.168.1.2\";\n    auth_token = \"60bdc117-8ff4-478d-95e4-9914597847eb\";\n    auth_servers = [ \"192.168.1.1:3025\" ];\n    log.severity = \"DEBUG\";\n  };\n  ssh_service = {\n    enabled = true;\n    labels = {\n      role = \"client\";\n    };\n  };\n  proxy_service.enabled = false;\n  auth_service.enabled = false;\n}\n"}, "loc": ["services", "teleport", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.tempo.configFile": {"declarations": ["nixos/modules/services/tracing/tempo.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify a path to a configuration file that Tempo should use.\n", "loc": ["services", "tempo", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.tempo.enable": {"declarations": ["nixos/modules/services/tracing/tempo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Grafana Tempo.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tempo", "enable"], "readOnly": false, "type": "boolean"}, "services.tempo.extraFlags": {"declarations": ["nixos/modules/services/tracing/tempo.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional flags to pass to the `ExecStart=` in `tempo.service`.\n", "example": {"_type": "literalExpression", "text": "[ \"-config.expand-env=true\" ]\n"}, "loc": ["services", "tempo", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.tempo.settings": {"declarations": ["nixos/modules/services/tracing/tempo.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify the configuration for Tempo in Nix.\n\nSee <https://grafana.com/docs/tempo/latest/configuration/> for available options.\n", "loc": ["services", "tempo", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.temporal.dataDir": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/temporal\""}, "description": "Data directory for Temporal. If you change this, you need to\nmanually create the directory. You also need to create the\n`temporal` user and group, or change\n[](#opt-services.temporal.user) and\n[](#opt-services.temporal.group) to existing ones with\naccess to the directory.\n", "loc": ["services", "temporal", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.temporal.enable": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Temporal.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "temporal", "enable"], "readOnly": false, "type": "boolean"}, "services.temporal.group": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "default": {"_type": "literalExpression", "text": "\"temporal\""}, "description": "The group temporal runs as. Should be left at default unless\nyou have very specific needs.\n", "loc": ["services", "temporal", "group"], "readOnly": false, "type": "string"}, "services.temporal.package": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.temporal"}, "description": "The Temporal package to use.", "loc": ["services", "temporal", "package"], "readOnly": false, "type": "package"}, "services.temporal.restartIfChanged": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically restart the service on config change.\nThis can be set to false to defer restarts on a server or cluster.\nPlease consider the security implications of inadvertently running an older version,\nand the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.\n", "loc": ["services", "temporal", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "services.temporal.settings": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "description": "Temporal configuration.\n\nSee <https://docs.temporal.io/references/configuration> for more\ninformation about Temporal configuration options\n", "loc": ["services", "temporal", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.temporal.user": {"declarations": ["nixos/modules/services/cluster/temporal/default.nix"], "default": {"_type": "literalExpression", "text": "\"temporal\""}, "description": "The user Temporal runs as. Should be left at default unless\nyou have very specific needs.\n", "loc": ["services", "temporal", "user"], "readOnly": false, "type": "string"}, "services.terraria.autoCreatedWorldSize": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "\"medium\""}, "description": "Specifies the size of the auto-created world if `worldPath` does not\npoint to an existing world.\n", "loc": ["services", "terraria", "autoCreatedWorldSize"], "readOnly": false, "type": "one of \"small\", \"medium\", \"large\""}, "services.terraria.banListPath": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the ban list.\n", "loc": ["services", "terraria", "banListPath"], "readOnly": false, "type": "null or absolute path"}, "services.terraria.dataDir": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/terraria\""}, "description": "Path to variable state data directory for terraria.", "example": {"_type": "literalExpression", "text": "\"/srv/terraria\""}, "loc": ["services", "terraria", "dataDir"], "readOnly": false, "type": "string"}, "services.terraria.enable": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, starts a Terraria server. The server can be connected to via `tmux -S ${config.services.terraria.dataDir}/terraria.sock attach`\nfor administration by users who are a part of the `terraria` group (use `C-b d` shortcut to detach again).\n", "loc": ["services", "terraria", "enable"], "readOnly": false, "type": "boolean"}, "services.terraria.maxPlayers": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "255"}, "description": "Sets the max number of players (between 1 and 255).\n", "loc": ["services", "terraria", "maxPlayers"], "readOnly": false, "type": "8 bit unsigned integer; between 0 and 255 (both inclusive)"}, "services.terraria.messageOfTheDay": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the server message of the day text.\n", "loc": ["services", "terraria", "messageOfTheDay"], "readOnly": false, "type": "null or string"}, "services.terraria.noUPnP": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disables automatic Universal Plug and Play.", "loc": ["services", "terraria", "noUPnP"], "readOnly": false, "type": "boolean"}, "services.terraria.openFirewall": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall", "loc": ["services", "terraria", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.terraria.package": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "pkgs.terraria-server"}, "description": "The terraria package to use.", "loc": ["services", "terraria", "package"], "readOnly": false, "type": "package"}, "services.terraria.password": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the server password. Leave `null` for no password.\n", "loc": ["services", "terraria", "password"], "readOnly": false, "type": "null or string"}, "services.terraria.port": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "7777"}, "description": "Specifies the port to listen on.\n", "loc": ["services", "terraria", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.terraria.secure": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Adds additional cheat protection to the server.", "loc": ["services", "terraria", "secure"], "readOnly": false, "type": "boolean"}, "services.terraria.worldPath": {"declarations": ["nixos/modules/services/games/terraria.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the world file (`.wld`) which should be loaded.\nIf no world exists at this path, one will be created with the size\nspecified by `autoCreatedWorldSize`.\n", "loc": ["services", "terraria", "worldPath"], "readOnly": false, "type": "null or absolute path"}, "services.tetrd.enable": {"declarations": ["nixos/modules/services/networking/tetrd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tetrd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tetrd", "enable"], "readOnly": false, "type": "boolean"}, "services.tftpd.enable": {"declarations": ["nixos/modules/services/networking/tftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tftpd, a Trivial File Transfer Protocol server.\nThe server will be run as an xinetd service.\n", "loc": ["services", "tftpd", "enable"], "readOnly": false, "type": "boolean"}, "services.tftpd.path": {"declarations": ["nixos/modules/services/networking/tftpd.nix"], "default": {"_type": "literalExpression", "text": "\"/srv/tftp\""}, "description": "Where the tftp server files are stored.\n", "loc": ["services", "tftpd", "path"], "readOnly": false, "type": "absolute path"}, "services.thanos.compact.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.compact`\n"}, "description": "Arguments to the `thanos compact` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.compact` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "compact", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.compact.compact.concurrency": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of goroutines to use when compacting groups.\n\nDefaults to `1` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "compact", "concurrency"], "readOnly": false, "type": "null or signed integer"}, "services.thanos.compact.consistency-delay": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Minimum age of fresh (non-compacted) blocks before they are being\nprocessed. Malformed blocks older than the maximum of consistency-delay\nand 30m0s will be removed.\n\nDefaults to `30m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "consistency-delay"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.downsampling.disable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disables downsampling.\n\nThis is not recommended as querying long time ranges without\nnon-downsampled data is not efficient and useful e.g it is not possible\nto render all samples for a human eye anyway\n", "loc": ["services", "thanos", "compact", "downsampling", "disable"], "readOnly": false, "type": "boolean"}, "services.thanos.compact.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos compactor which continuously compacts blocks in an object store bucket.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "compact", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.compact.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "compact", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.compact.objstore.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Object store configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`objstore.config-file` will default to its path.\n\nIf {option}`objstore.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "compact", "objstore", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.compact.objstore.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.objstore.config == null then null\nelse toString (format.generate \"objstore.yaml\" config.services.thanos.<cmd>.objstore.config);\n"}, "description": "Path to YAML file that contains object store configuration.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "compact", "objstore", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.retention.resolution-1h": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to retain samples of resolution 2 (1 hour) in bucket.\n\n`0d` - disables this retention\n\nDefaults to `0d` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "retention", "resolution-1h"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.retention.resolution-5m": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to retain samples of resolution 1 (5 minutes) in bucket.\n\n`0d` - disables this retention\n\nDefaults to `0d` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "retention", "resolution-5m"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.retention.resolution-raw": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to retain raw samples in bucket.\n\n`0d` - disables this retention\n\nDefaults to `0d` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "compact", "retention", "resolution-raw"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.startAt": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When this option is set to a `systemd.time`\nspecification the Thanos compactor will run at the specified period.\n\nWhen this option is `null` the Thanos compactor service\nwill run continuously. So it will not exit after all compactions have\nbeen processed but wait for new work.\n", "loc": ["services", "thanos", "compact", "startAt"], "readOnly": false, "type": "null or string"}, "services.thanos.compact.stateDir": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "\"thanos-compact\""}, "description": "Data directory relative to `/var/lib`\nin which to cache blocks and process compactions.\n", "loc": ["services", "thanos", "compact", "stateDir"], "readOnly": false, "type": "string"}, "services.thanos.compact.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "compact", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.compact.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "compact", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.downsample.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.downsample`\n"}, "description": "Arguments to the `thanos downsample` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.downsample` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "downsample", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.downsample.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos downsampler which continuously downsamples blocks in an object store bucket.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "downsample", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.downsample.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "downsample", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.downsample.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "downsample", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.downsample.objstore.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Object store configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`objstore.config-file` will default to its path.\n\nIf {option}`objstore.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "downsample", "objstore", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.downsample.objstore.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.objstore.config == null then null\nelse toString (format.generate \"objstore.yaml\" config.services.thanos.<cmd>.objstore.config);\n"}, "description": "Path to YAML file that contains object store configuration.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "downsample", "objstore", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.downsample.stateDir": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "\"thanos-downsample\""}, "description": "Data directory relative to `/var/lib`\nin which to cache blocks and process downsamplings.\n", "loc": ["services", "thanos", "downsample", "stateDir"], "readOnly": false, "type": "string"}, "services.thanos.downsample.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "downsample", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.downsample.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "downsample", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.package": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "pkgs.thanos"}, "description": "The thanos package to use.", "loc": ["services", "thanos", "package"], "readOnly": false, "type": "package"}, "services.thanos.query-frontend.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.query-frontend`\n"}, "description": "Arguments to the `thanos query-frontend` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.query-frontend` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "query-frontend", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.query-frontend.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos query frontend implements a service deployed in front of queriers to\n          improve query parallelization and caching..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "query-frontend", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.query-frontend.grpc-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `ip:port` address for gRPC endpoints (StoreAPI).\n\nMake sure this address is routable from other components.\n\nDefaults to `0.0.0.0:10901` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query-frontend", "grpc-address"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.grpc-server-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificate for gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "query-frontend", "grpc-server-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.grpc-server-tls-client-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA to verify clients against.\n\nIf no client CA is specified, there is no client verification on server side.\n(tls.NoClientCert)\n", "loc": ["services", "thanos", "query-frontend", "grpc-server-tls-client-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.grpc-server-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "query-frontend", "grpc-server-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query-frontend", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "query-frontend", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query-frontend", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.query-frontend.query-frontend.downstream-url": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of downstream Prometheus Query compatible API.\n\nDefaults to `http://localhost:9090` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query-frontend", "query-frontend", "downstream-url"], "readOnly": false, "type": "null or string"}, "services.thanos.query-frontend.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "query-frontend", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.query-frontend.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "query-frontend", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.query.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.query`\n"}, "description": "Arguments to the `thanos query` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.query` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "query", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.query.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "query", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.query.endpoints": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Addresses of statically configured Thanos API servers (repeatable).\n\nThe scheme may be prefixed with 'dns+' or 'dnssrv+' to detect\nThanos API servers through respective DNS lookups.\n", "loc": ["services", "thanos", "query", "endpoints"], "readOnly": false, "type": "list of string"}, "services.thanos.query.grpc-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `ip:port` address for gRPC endpoints (StoreAPI).\n\nMake sure this address is routable from other components.\n\nDefaults to `0.0.0.0:10901` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "grpc-address"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-client-server-name": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Server name to verify the hostname on the returned gRPC certificates.\nSee <https://tools.ietf.org/html/rfc4366#section-3.1>\n", "loc": ["services", "thanos", "query", "grpc-client-server-name"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-client-tls-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA Certificates to use to verify gRPC servers\n", "loc": ["services", "thanos", "query", "grpc-client-tls-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-client-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificates to use to identify this client to the server\n", "loc": ["services", "thanos", "query", "grpc-client-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-client-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the client's certificate\n", "loc": ["services", "thanos", "query", "grpc-client-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-client-tls-secure": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use TLS when talking to the gRPC server\n", "loc": ["services", "thanos", "query", "grpc-client-tls-secure"], "readOnly": false, "type": "boolean"}, "services.thanos.query.grpc-compression": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Compression algorithm to use for gRPC requests to other clients.\n", "loc": ["services", "thanos", "query", "grpc-compression"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-server-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificate for gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "query", "grpc-server-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-server-tls-client-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA to verify clients against.\n\nIf no client CA is specified, there is no client verification on server side.\n(tls.NoClientCert)\n", "loc": ["services", "thanos", "query", "grpc-server-tls-client-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.query.grpc-server-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "query", "grpc-server-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.query.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.query.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "query", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.query.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.query.query.auto-downsampling": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable automatic adjustment (step / 5) to what source of data should\nbe used in store gateways if no\n`max_source_resolution` param is specified.\n", "loc": ["services", "thanos", "query", "query", "auto-downsampling"], "readOnly": false, "type": "boolean"}, "services.thanos.query.query.default-evaluation-interval": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set default evaluation interval for sub queries.\n\nDefaults to `1m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "query", "default-evaluation-interval"], "readOnly": false, "type": "null or string"}, "services.thanos.query.query.max-concurrent": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of queries processed concurrently by query node.\n\nDefaults to `20` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "query", "max-concurrent"], "readOnly": false, "type": "null or signed integer"}, "services.thanos.query.query.partial-response": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable partial response for queries if no\n`partial_response` param is specified.\n", "loc": ["services", "thanos", "query", "query", "partial-response"], "readOnly": false, "type": "boolean"}, "services.thanos.query.query.replica-labels": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Labels to treat as a replica indicator along which data is\ndeduplicated.\n\nStill you will be able to query without deduplication using\n'dedup=false' parameter. Data includes time series, recording\nrules, and alerting rules.\n", "loc": ["services", "thanos", "query", "query", "replica-labels"], "readOnly": false, "type": "list of string"}, "services.thanos.query.query.timeout": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum time to process query by query node.\n\nDefaults to `2m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "query", "timeout"], "readOnly": false, "type": "null or string"}, "services.thanos.query.selector-labels": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Query selector labels that will be exposed in info endpoint.\n", "loc": ["services", "thanos", "query", "selector-labels"], "readOnly": false, "type": "attribute set of string"}, "services.thanos.query.store.response-timeout": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If a Store doesn't send any data in this specified duration then a\nStore will be ignored and partial data will be returned if it's\nenabled. `0` disables timeout.\n\nDefaults to `0ms` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "store", "response-timeout"], "readOnly": false, "type": "null or string"}, "services.thanos.query.store.sd-dns-interval": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interval between DNS resolutions.\n\nDefaults to `30s` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "store", "sd-dns-interval"], "readOnly": false, "type": "null or string"}, "services.thanos.query.store.sd-files": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Path to files that contain addresses of store API servers. The path\ncan be a glob pattern.\n", "loc": ["services", "thanos", "query", "store", "sd-files"], "readOnly": false, "type": "list of string"}, "services.thanos.query.store.sd-interval": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read file SD files. It is used as a resync fallback.\n\nDefaults to `5m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "store", "sd-interval"], "readOnly": false, "type": "null or string"}, "services.thanos.query.store.unhealthy-timeout": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout before an unhealthy store is cleaned from the store UI page.\n\nDefaults to `5m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "query", "store", "unhealthy-timeout"], "readOnly": false, "type": "null or string"}, "services.thanos.query.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "query", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.query.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "query", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.query.web.external-prefix": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Static prefix for all HTML links and redirect URLs in the UI query web\ninterface.\n\nActual endpoints are still served on / or the\n{option}`web.route-prefix`. This allows thanos UI to be served\nbehind a reverse proxy that strips a URL sub-path.\n", "loc": ["services", "thanos", "query", "web", "external-prefix"], "readOnly": false, "type": "null or string"}, "services.thanos.query.web.prefix-header": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of HTTP request header used for dynamic prefixing of UI links and\nredirects.\n\nThis option is ignored if the option\n`web.external-prefix` is set.\n\nSecurity risk: enable this option only if a reverse proxy in front of\nthanos is resetting the header.\n\nThe setting `web.prefix-header=\"X-Forwarded-Prefix\"`\ncan be useful, for example, if Thanos UI is served via Traefik reverse\nproxy with `PathPrefixStrip` option enabled, which\nsends the stripped prefix value in `X-Forwarded-Prefix`\nheader. This allows thanos UI to be served on a sub-path.\n", "loc": ["services", "thanos", "query", "web", "prefix-header"], "readOnly": false, "type": "null or string"}, "services.thanos.query.web.route-prefix": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Prefix for API and UI endpoints.\n\nThis allows thanos UI to be served on a sub-path. This option is\nanalogous to {option}`web.route-prefix` of Promethus.\n", "loc": ["services", "thanos", "query", "web", "route-prefix"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.receive`\n"}, "description": "Arguments to the `thanos receive` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.receive` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "receive", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.receive.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "receive", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.receive.grpc-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `ip:port` address for gRPC endpoints (StoreAPI).\n\nMake sure this address is routable from other components.\n\nDefaults to `0.0.0.0:10901` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "receive", "grpc-address"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.grpc-server-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificate for gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "receive", "grpc-server-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.grpc-server-tls-client-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA to verify clients against.\n\nIf no client CA is specified, there is no client verification on server side.\n(tls.NoClientCert)\n", "loc": ["services", "thanos", "receive", "grpc-server-tls-client-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.grpc-server-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "receive", "grpc-server-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "receive", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.labels": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "External labels to announce.\n\nThis flag will be removed in the future when handling multiple tsdb\ninstances is added.\n", "loc": ["services", "thanos", "receive", "labels"], "readOnly": false, "type": "attribute set of string"}, "services.thanos.receive.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "receive", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "receive", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.receive.objstore.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Object store configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`objstore.config-file` will default to its path.\n\nIf {option}`objstore.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "receive", "objstore", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.receive.objstore.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.objstore.config == null then null\nelse toString (format.generate \"objstore.yaml\" config.services.thanos.<cmd>.objstore.config);\n"}, "description": "Path to YAML file that contains object store configuration.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "receive", "objstore", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.receive.grpc-compression": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Compression algorithm to use for gRPC requests to other receivers.\n", "loc": ["services", "thanos", "receive", "receive", "grpc-compression"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.remote-write.address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address to listen on for remote write requests.\n\nDefaults to `0.0.0.0:19291` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "receive", "remote-write", "address"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.stateDir": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "\"thanos-receive\""}, "description": "Data directory relative to `/var/lib` of TSDB.\n", "loc": ["services", "thanos", "receive", "stateDir"], "readOnly": false, "type": "string"}, "services.thanos.receive.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "receive", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.receive.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "receive", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.receive.tsdb.retention": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to retain raw samples on local storage.\n\n`0d` - disables this retention\n\nDefaults to `15d` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "receive", "tsdb", "retention"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.alert.label-drop": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Labels by name to drop before sending to alertmanager.\n\nThis allows alert to be deduplicated on replica label.\n\nSimilar Prometheus alert relabelling\n", "loc": ["services", "thanos", "rule", "alert", "label-drop"], "readOnly": false, "type": "list of string"}, "services.thanos.rule.alert.query-url": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The external Thanos Query URL that would be set in all alerts 'Source' field.\n", "loc": ["services", "thanos", "rule", "alert", "query-url"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.alertmanagers.send-timeout": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Timeout for sending alerts to alertmanager.\n\nDefaults to `10s` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "alertmanagers", "send-timeout"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.alertmanagers.urls": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Alertmanager replica URLs to push firing alerts.\n\nRuler claims success if push to at least one alertmanager from\ndiscovered succeeds. The scheme may be prefixed with\n`dns+` or `dnssrv+` to detect\nAlertmanager IPs through respective DNS lookups. The port defaults to\n`9093` or the SRV record's value. The URL path is\nused as a prefix for the regular Alertmanager API path.\n", "loc": ["services", "thanos", "rule", "alertmanagers", "urls"], "readOnly": false, "type": "list of string"}, "services.thanos.rule.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.rule`\n"}, "description": "Arguments to the `thanos rule` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.rule` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "rule", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.rule.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos ruler service which evaluates Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "rule", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.rule.eval-interval": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default evaluation interval to use.\n\nDefaults to `1m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "eval-interval"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.grpc-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `ip:port` address for gRPC endpoints (StoreAPI).\n\nMake sure this address is routable from other components.\n\nDefaults to `0.0.0.0:10901` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "grpc-address"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.grpc-server-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificate for gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "rule", "grpc-server-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.grpc-server-tls-client-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA to verify clients against.\n\nIf no client CA is specified, there is no client verification on server side.\n(tls.NoClientCert)\n", "loc": ["services", "thanos", "rule", "grpc-server-tls-client-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.grpc-server-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "rule", "grpc-server-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.labels": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Labels to be applied to all generated metrics.\n\nSimilar to external labels for Prometheus,\nused to identify ruler and its blocks as unique source.\n", "loc": ["services", "thanos", "rule", "labels"], "readOnly": false, "type": "attribute set of string"}, "services.thanos.rule.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "rule", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.rule.objstore.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Object store configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`objstore.config-file` will default to its path.\n\nIf {option}`objstore.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "rule", "objstore", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.rule.objstore.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.objstore.config == null then null\nelse toString (format.generate \"objstore.yaml\" config.services.thanos.<cmd>.objstore.config);\n"}, "description": "Path to YAML file that contains object store configuration.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "rule", "objstore", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.query.addresses": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Addresses of statically configured query API servers.\n\nThe scheme may be prefixed with `dns+` or\n`dnssrv+` to detect query API servers through\nrespective DNS lookups.\n", "loc": ["services", "thanos", "rule", "query", "addresses"], "readOnly": false, "type": "list of string"}, "services.thanos.rule.query.sd-dns-interval": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Interval between DNS resolutions.\n\nDefaults to `30s` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "query", "sd-dns-interval"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.query.sd-files": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Path to file that contain addresses of query peers.\nThe path can be a glob pattern.\n", "loc": ["services", "thanos", "rule", "query", "sd-files"], "readOnly": false, "type": "list of string"}, "services.thanos.rule.query.sd-interval": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Refresh interval to re-read file SD files. (used as a fallback)\n\nDefaults to `5m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "query", "sd-interval"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.rule-files": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rule files that should be used by rule manager. Can be in glob format.\n", "loc": ["services", "thanos", "rule", "rule-files"], "readOnly": false, "type": "list of string"}, "services.thanos.rule.stateDir": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "\"thanos-rule\""}, "description": "Data directory relative to `/var/lib`.\n", "loc": ["services", "thanos", "rule", "stateDir"], "readOnly": false, "type": "string"}, "services.thanos.rule.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "rule", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.rule.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "rule", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.tsdb.block-duration": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Block duration for TSDB block.\n\nDefaults to `2h` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "tsdb", "block-duration"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.tsdb.retention": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Block retention time on local disk.\n\nDefaults to `48h` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "rule", "tsdb", "retention"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.web.external-prefix": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Static prefix for all HTML links and redirect URLs in the UI query web\ninterface.\n\nActual endpoints are still served on / or the\n{option}`web.route-prefix`. This allows thanos UI to be served\nbehind a reverse proxy that strips a URL sub-path.\n", "loc": ["services", "thanos", "rule", "web", "external-prefix"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.web.prefix-header": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of HTTP request header used for dynamic prefixing of UI links and\nredirects.\n\nThis option is ignored if the option\n{option}`web.external-prefix` is set.\n\nSecurity risk: enable this option only if a reverse proxy in front of\nthanos is resetting the header.\n\nThe header `X-Forwarded-Prefix` can be useful, for\nexample, if Thanos UI is served via Traefik reverse proxy with\n`PathPrefixStrip` option enabled, which sends the\nstripped prefix value in `X-Forwarded-Prefix`\nheader. This allows thanos UI to be served on a sub-path.\n", "loc": ["services", "thanos", "rule", "web", "prefix-header"], "readOnly": false, "type": "null or string"}, "services.thanos.rule.web.route-prefix": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Prefix for API and UI endpoints.\n\nThis allows thanos UI to be served on a sub-path.\n\nThis option is analogous to `--web.route-prefix` of Promethus.\n", "loc": ["services", "thanos", "rule", "web", "route-prefix"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.sidecar`\n"}, "description": "Arguments to the `thanos sidecar` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.sidecar` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "sidecar", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.sidecar.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos sidecar for Prometheus server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "sidecar", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.sidecar.grpc-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `ip:port` address for gRPC endpoints (StoreAPI).\n\nMake sure this address is routable from other components.\n\nDefaults to `0.0.0.0:10901` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "sidecar", "grpc-address"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.grpc-server-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificate for gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "sidecar", "grpc-server-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.grpc-server-tls-client-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA to verify clients against.\n\nIf no client CA is specified, there is no client verification on server side.\n(tls.NoClientCert)\n", "loc": ["services", "thanos", "sidecar", "grpc-server-tls-client-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.grpc-server-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "sidecar", "grpc-server-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "sidecar", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "sidecar", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "sidecar", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.sidecar.objstore.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Object store configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`objstore.config-file` will default to its path.\n\nIf {option}`objstore.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "sidecar", "objstore", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.sidecar.objstore.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.objstore.config == null then null\nelse toString (format.generate \"objstore.yaml\" config.services.thanos.<cmd>.objstore.config);\n"}, "description": "Path to YAML file that contains object store configuration.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "sidecar", "objstore", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.prometheus.url": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL at which to reach Prometheus's API.\n\nFor better performance use local network.\n\nDefaults to `http://localhost:9090` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "sidecar", "prometheus", "url"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.reloader.config-envsubst-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Output file for environment variable substituted config file.\n", "loc": ["services", "thanos", "sidecar", "reloader", "config-envsubst-file"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.reloader.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Config file watched by the reloader.\n", "loc": ["services", "thanos", "sidecar", "reloader", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.reloader.rule-dirs": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rule directories for the reloader to refresh.\n", "loc": ["services", "thanos", "sidecar", "reloader", "rule-dirs"], "readOnly": false, "type": "list of string"}, "services.thanos.sidecar.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "sidecar", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.sidecar.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "sidecar", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.sidecar.tsdb.path": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/${config.services.prometheus.stateDir}/data\""}, "description": "Data directory of TSDB.\n", "loc": ["services", "thanos", "sidecar", "tsdb", "path"], "readOnly": false, "type": "string"}, "services.thanos.store.arguments": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalMD", "text": "calculated from `config.services.thanos.store`\n"}, "description": "Arguments to the `thanos store` command.\n\nDefaults to a list of arguments formed by converting the structured\noptions of {option}`services.thanos.store` to a list of arguments.\n\nOverriding this option will cause none of the structured options to have\nany effect. So only set this if you know what you're doing!\n", "loc": ["services", "thanos", "store", "arguments"], "readOnly": false, "type": "list of string"}, "services.thanos.store.block-sync-concurrency": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Number of goroutines to use when syncing blocks from object storage.\n\nDefaults to `20` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "block-sync-concurrency"], "readOnly": false, "type": "null or signed integer"}, "services.thanos.store.chunk-pool-size": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum size of concurrently allocatable bytes for chunks.\n\nDefaults to `2GB` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "chunk-pool-size"], "readOnly": false, "type": "null or string"}, "services.thanos.store.enable": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Thanos store node giving access to blocks in a bucket provider.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thanos", "store", "enable"], "readOnly": false, "type": "boolean"}, "services.thanos.store.grpc-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `ip:port` address for gRPC endpoints (StoreAPI).\n\nMake sure this address is routable from other components.\n\nDefaults to `0.0.0.0:10901` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "grpc-address"], "readOnly": false, "type": "null or string"}, "services.thanos.store.grpc-server-tls-cert": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Certificate for gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "store", "grpc-server-tls-cert"], "readOnly": false, "type": "null or string"}, "services.thanos.store.grpc-server-tls-client-ca": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS CA to verify clients against.\n\nIf no client CA is specified, there is no client verification on server side.\n(tls.NoClientCert)\n", "loc": ["services", "thanos", "store", "grpc-server-tls-client-ca"], "readOnly": false, "type": "null or string"}, "services.thanos.store.grpc-server-tls-key": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS Key for the gRPC server, leave blank to disable TLS\n", "loc": ["services", "thanos", "store", "grpc-server-tls-key"], "readOnly": false, "type": "null or string"}, "services.thanos.store.http-address": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen `host:port` for HTTP endpoints.\n\nDefaults to `0.0.0.0:10902` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "http-address"], "readOnly": false, "type": "null or string"}, "services.thanos.store.index-cache-size": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum size of items held in the index cache.\n\nDefaults to `250MB` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "index-cache-size"], "readOnly": false, "type": "null or string"}, "services.thanos.store.log.format": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log format to use.\n", "loc": ["services", "thanos", "store", "log", "format"], "readOnly": false, "type": "null or string"}, "services.thanos.store.log.level": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Log filtering level.\n\nDefaults to `info` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "services.thanos.store.max-time": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "End of time range limit to serve.\n\nThanos Store serves only blocks, which happened earlier than this\nvalue. Option can be a constant time in RFC3339 format or time duration\nrelative to current time, such as -1d or 2h45m. Valid duration units are\nms, s, m, h, d, w, y.\n\nDefaults to `9999-12-31T23:59:59Z` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "max-time"], "readOnly": false, "type": "null or string"}, "services.thanos.store.min-time": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Start of time range limit to serve.\n\nThanos Store serves only metrics, which happened later than this\nvalue. Option can be a constant time in RFC3339 format or time duration\nrelative to current time, such as -1d or 2h45m. Valid duration units are\nms, s, m, h, d, w, y.\n\nDefaults to `0000-01-01T00:00:00Z` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "min-time"], "readOnly": false, "type": "null or string"}, "services.thanos.store.objstore.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Object store configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`objstore.config-file` will default to its path.\n\nIf {option}`objstore.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "store", "objstore", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.store.objstore.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.objstore.config == null then null\nelse toString (format.generate \"objstore.yaml\" config.services.thanos.<cmd>.objstore.config);\n"}, "description": "Path to YAML file that contains object store configuration.\n\nSee format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage>\n", "loc": ["services", "thanos", "store", "objstore", "config-file"], "readOnly": false, "type": "null or string"}, "services.thanos.store.stateDir": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "\"thanos-store\""}, "description": "Data directory relative to `/var/lib`\nin which to cache remote blocks.\n", "loc": ["services", "thanos", "store", "stateDir"], "readOnly": false, "type": "string"}, "services.thanos.store.store.grpc.series-max-concurrency": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum number of concurrent Series calls.\n\nDefaults to `20` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "store", "grpc", "series-max-concurrency"], "readOnly": false, "type": "null or signed integer"}, "services.thanos.store.store.limits.request-samples": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum samples allowed for a single Series request.\nThe Series call fails if this limit is exceeded.\n\n`0` means no limit.\n\nNOTE: For efficiency the limit is internally implemented as 'chunks limit'\nconsidering each chunk contains a maximum of 120 samples.\n\nDefaults to `0` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "store", "limits", "request-samples"], "readOnly": false, "type": "null or signed integer"}, "services.thanos.store.sync-block-duration": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Repeat interval for syncing the blocks between local and remote view.\n\nDefaults to `3m` in Thanos\nwhen set to `null`.\n", "loc": ["services", "thanos", "store", "sync-block-duration"], "readOnly": false, "type": "null or string"}, "services.thanos.store.tracing.config": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tracing configuration.\n\nWhen not `null` the attribute set gets converted to\na YAML file and stored in the Nix store. The option\n{option}`tracing.config-file` will default to its path.\n\nIf {option}`tracing.config-file` is set this option has no effect.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "store", "tracing", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.thanos.store.tracing.config-file": {"declarations": ["nixos/modules/services/monitoring/thanos.nix"], "default": {"_type": "literalExpression", "text": "if config.services.thanos.<cmd>.tracing.config == null then null\nelse toString (format.generate \"tracing.yaml\" config.services.thanos.<cmd>.tracing.config);\n"}, "description": "Path to YAML file that contains tracing configuration.\n\nSee format details: <https://thanos.io/tip/thanos/tracing.md/#configuration>\n", "loc": ["services", "thanos", "store", "tracing", "config-file"], "readOnly": false, "type": "null or string"}, "services.thelounge.enable": {"declarations": ["nixos/modules/services/networking/thelounge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable The Lounge web IRC client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thelounge", "enable"], "readOnly": false, "type": "boolean"}, "services.thelounge.extraConfig": {"declarations": ["nixos/modules/services/networking/thelounge.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The Lounge's {file}`config.js` contents as attribute set (will be\nconverted to JSON to generate the configuration file).\n\nThe options defined here will be merged to the default configuration file.\nNote: In case of duplicate configuration, options from {option}`extraConfig` have priority.\n\nDocumentation: <https://thelounge.chat/docs/server/configuration>\n", "example": {"_type": "literalExpression", "text": "{\n  reverseProxy = true;\n  defaults = {\n    name = \"Your Network\";\n    host = \"localhost\";\n    port = 6697;\n  };\n}\n"}, "loc": ["services", "thelounge", "extraConfig"], "readOnly": false, "type": "attribute set"}, "services.thelounge.package": {"declarations": ["nixos/modules/services/networking/thelounge.nix"], "default": {"_type": "literalExpression", "text": "pkgs.thelounge"}, "description": "The thelounge package to use.", "loc": ["services", "thelounge", "package"], "readOnly": false, "type": "package"}, "services.thelounge.plugins": {"declarations": ["nixos/modules/services/networking/thelounge.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The Lounge plugins to install. Plugins can be found in\n`pkgs.theLoungePlugins.plugins` and `pkgs.theLoungePlugins.themes`.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.theLoungePlugins.themes.solarized ]"}, "loc": ["services", "thelounge", "plugins"], "readOnly": false, "type": "list of package"}, "services.thelounge.port": {"declarations": ["nixos/modules/services/networking/thelounge.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "TCP port to listen on for http connections.", "loc": ["services", "thelounge", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.thelounge.public": {"declarations": ["nixos/modules/services/networking/thelounge.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make your The Lounge instance public.\nSetting this to `false` will require you to configure user\naccounts by using the ({command}`thelounge`) command or by adding\nentries in {file}`/var/lib/thelounge/users`. You might need to restart\nThe Lounge after making changes to the state directory.\n", "loc": ["services", "thelounge", "public"], "readOnly": false, "type": "boolean"}, "services.thermald.configFile": {"declarations": ["nixos/modules/services/hardware/thermald.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The thermald manual configuration file.\n\nLeave unspecified to run with the `--adaptive` flag instead which will have thermald use your computer's DPTF adaptive tables.\n\nSee `man thermald` for more information.\n", "loc": ["services", "thermald", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.thermald.debug": {"declarations": ["nixos/modules/services/hardware/thermald.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable debug logging.\n", "loc": ["services", "thermald", "debug"], "readOnly": false, "type": "boolean"}, "services.thermald.enable": {"declarations": ["nixos/modules/services/hardware/thermald.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable thermald, the temperature management daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "thermald", "enable"], "readOnly": false, "type": "boolean"}, "services.thermald.ignoreCpuidCheck": {"declarations": ["nixos/modules/services/hardware/thermald.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ignore the cpuid check to allow running on unsupported platforms", "loc": ["services", "thermald", "ignoreCpuidCheck"], "readOnly": false, "type": "boolean"}, "services.thermald.package": {"declarations": ["nixos/modules/services/hardware/thermald.nix"], "default": {"_type": "literalExpression", "text": "pkgs.thermald"}, "description": "The thermald package to use.", "loc": ["services", "thermald", "package"], "readOnly": false, "type": "package"}, "services.thinkfan.enable": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable thinkfan, a fan control program.\n\n::: {.note}\nThis module targets IBM/Lenovo thinkpads by default, for\nother hardware you will have configure it more carefully.\n:::\n", "loc": ["services", "thinkfan", "enable"], "readOnly": false, "relatedPackages": "- [`pkgs.thinkfan`](\n    https://search.nixos.org/packages?show=thinkfan&sort=relevance&query=thinkfan\n  )\n", "type": "boolean"}, "services.thinkfan.extraArgs": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of extra command line arguments to pass to thinkfan.\nCheck the {manpage}`thinkfan(1)` manpage for available arguments.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-b\"\n  \"0\"\n]"}, "loc": ["services", "thinkfan", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.thinkfan.fans": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    query = \"/proc/acpi/ibm/fan\";\n    type = \"tpacpi\";\n  }\n]"}, "description": "List of fans thinkfan will control.\n\n::: {.note}\nThis section slightly departs from the thinkfan.conf syntax.\nThe type and path must be specified like this:\n```\n  type = \"tpacpi\";\n  query = \"/proc/acpi/ibm/fan\";\n```\ninstead of a single declaration like:\n```\n  - tpacpi: /proc/acpi/ibm/fan\n```\n:::\n\n", "loc": ["services", "thinkfan", "fans"], "readOnly": false, "type": "list of (open submodule of attribute set of (YAML 1.1 value))"}, "services.thinkfan.fans.*.indices": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of fans to pick in case multiple fans match the query.\n\n::: {.note}\nIndices start from 0.\n:::\n", "loc": ["services", "thinkfan", "fans", "*", "indices"], "readOnly": false, "type": "null or (list of (unsigned integer, meaning >=0))"}, "services.thinkfan.fans.*.query": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "description": "The query string used to match one or more fans: can be\na fullpath to the temperature file (single fan) or a fullpath\nto a driver directory (multiple fans).\n\n::: {.note}\nWhen multiple fans match, the query can be restricted using the\n{option}`name` or {option}`indices` options.\n:::\n", "loc": ["services", "thinkfan", "fans", "*", "query"], "readOnly": false, "type": "string"}, "services.thinkfan.fans.*.type": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "description": "The fan type, can be\n`hwmon` for standard fans,\n\n`atasmart` to read the temperature via\nS.M.A.R.T (requires smartSupport to be enabled),\n\n`tpacpi` for the legacy thinkpac_acpi driver, or\n\n`nvml` for the (proprietary) nVidia driver.\n", "loc": ["services", "thinkfan", "fans", "*", "type"], "readOnly": false, "type": "one of \"hwmon\", \"atasmart\", \"tpacpi\", \"nvml\""}, "services.thinkfan.levels": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "[\n  [\n    0\n    0\n    55\n  ]\n  [\n    1\n    48\n    60\n  ]\n  [\n    2\n    50\n    61\n  ]\n  [\n    3\n    52\n    63\n  ]\n  [\n    6\n    56\n    65\n  ]\n  [\n    7\n    60\n    85\n  ]\n  [\n    \"level auto\"\n    80\n    32767\n  ]\n]"}, "description": "[LEVEL LOW HIGH]\n\nLEVEL is the fan level to use: it can be an integer (0-7 with thinkpad_acpi),\n\"level auto\" (to keep the default firmware behavior), \"level full-speed\" or\n\"level disengaged\" (to run the fan as fast as possible).\nLOW is the temperature at which to step down to the previous level.\nHIGH is the temperature at which to step up to the next level.\nAll numbers are integers.\n", "loc": ["services", "thinkfan", "levels"], "readOnly": false, "type": "list of (tuple of (unsigned integer, meaning >=0, or one of \"level auto\", \"level full-speed\", \"level disengaged\") (unsigned integer, meaning >=0) (unsigned integer, meaning >=0))"}, "services.thinkfan.sensors": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    query = \"/proc/acpi/ibm/thermal\";\n    type = \"tpacpi\";\n  }\n]"}, "description": "List of temperature sensors thinkfan will monitor.\n\n::: {.note}\nThis section slightly departs from the thinkfan.conf syntax.\nThe type and path must be specified like this:\n```\n  type = \"tpacpi\";\n  query = \"/proc/acpi/ibm/thermal\";\n```\ninstead of a single declaration like:\n```\n  - tpacpi: /proc/acpi/ibm/thermal\n```\n:::\n\n", "loc": ["services", "thinkfan", "sensors"], "readOnly": false, "type": "list of (open submodule of attribute set of (YAML 1.1 value))"}, "services.thinkfan.sensors.*.correction": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of values to be added to the temperature of each sensor,\ncan be used to equalize small discrepancies in temperature ratings.\n", "loc": ["services", "thinkfan", "sensors", "*", "correction"], "readOnly": false, "type": "null or (list of signed integer)"}, "services.thinkfan.sensors.*.indices": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of sensors to pick in case multiple sensors match the query.\n\n::: {.note}\nIndices start from 0.\n:::\n", "loc": ["services", "thinkfan", "sensors", "*", "indices"], "readOnly": false, "type": "null or (list of (unsigned integer, meaning >=0))"}, "services.thinkfan.sensors.*.query": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "description": "The query string used to match one or more sensors: can be\na fullpath to the temperature file (single sensor) or a fullpath\nto a driver directory (multiple sensors).\n\n::: {.note}\nWhen multiple sensors match, the query can be restricted using the\n{option}`name` or {option}`indices` options.\n:::\n", "loc": ["services", "thinkfan", "sensors", "*", "query"], "readOnly": false, "type": "string"}, "services.thinkfan.sensors.*.type": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "description": "The sensor type, can be\n`hwmon` for standard sensors,\n\n`atasmart` to read the temperature via\nS.M.A.R.T (requires smartSupport to be enabled),\n\n`tpacpi` for the legacy thinkpac_acpi driver, or\n\n`nvml` for the (proprietary) nVidia driver.\n", "loc": ["services", "thinkfan", "sensors", "*", "type"], "readOnly": false, "type": "one of \"hwmon\", \"atasmart\", \"tpacpi\", \"nvml\""}, "services.thinkfan.settings": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Thinkfan settings. Use this option to configure thinkfan\nsettings not exposed in a NixOS option or to bypass one.\nBefore changing this, read the {manpage}`thinkfan.conf(5)`\nmanpage and take a look at the example config file at\n<https://github.com/vmatare/thinkfan/blob/master/examples/thinkfan.yaml>\n", "loc": ["services", "thinkfan", "settings"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.thinkfan.smartSupport": {"declarations": ["nixos/modules/services/hardware/thinkfan.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to build thinkfan with S.M.A.R.T. support to read temperatures\ndirectly from hard disks.\n", "loc": ["services", "thinkfan", "smartSupport"], "readOnly": false, "type": "boolean"}, "services.throttled.enable": {"declarations": ["nixos/modules/services/hardware/throttled.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fix for Intel CPU throttling.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "throttled", "enable"], "readOnly": false, "type": "boolean"}, "services.throttled.extraConfig": {"declarations": ["nixos/modules/services/hardware/throttled.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Alternative configuration", "loc": ["services", "throttled", "extraConfig"], "readOnly": false, "type": "string"}, "services.tiddlywiki.enable": {"declarations": ["nixos/modules/services/misc/tiddlywiki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TiddlyWiki nodejs server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tiddlywiki", "enable"], "readOnly": false, "type": "boolean"}, "services.tiddlywiki.listenOptions": {"declarations": ["nixos/modules/services/misc/tiddlywiki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Parameters passed to `--listen` command.\nRefer to <https://tiddlywiki.com/#WebServer>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  credentials = \"../credentials.csv\";\n  port = 3456;\n  readers = \"(authenticated)\";\n}"}, "loc": ["services", "tiddlywiki", "listenOptions"], "readOnly": false, "type": "attribute set"}, "services.tigerbeetle.addresses": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"3001\"\n]"}, "description": "The addresses of all replicas in the cluster.\nThis should be a list of IPv4/IPv6 addresses with port numbers.\nEither the address or port number (but not both) may be omitted, in which case a default of 127.0.0.1 or 3001 will be used.\nThe first address in the list corresponds to the address for replica 0, the second address for replica 1, and so on.\n", "loc": ["services", "tigerbeetle", "addresses"], "readOnly": false, "type": "list of non-empty string"}, "services.tigerbeetle.cacheGridSize": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "\"1GiB\""}, "description": "The grid cache size.\nThe grid cache acts like a page cache for TigerBeetle.\nIt is recommended to set this as large as possible.\n", "loc": ["services", "tigerbeetle", "cacheGridSize"], "readOnly": false, "type": "string matching the pattern [0-9]+(K|M|G)iB"}, "services.tigerbeetle.clusterId": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The 128-bit cluster ID used to create the replica data file (if needed).\nSince Nix only supports integers up to 64 bits, you need to pass a string to this if the cluster ID can't fit in 64 bits.\nOtherwise, you can pass the cluster ID as either an integer or a string.\n", "loc": ["services", "tigerbeetle", "clusterId"], "readOnly": false, "type": "unsigned integer, meaning >=0, or string matching the pattern [0-9]+"}, "services.tigerbeetle.enable": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TigerBeetle server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tigerbeetle", "enable"], "readOnly": false, "type": "boolean"}, "services.tigerbeetle.package": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tigerbeetle"}, "description": "The tigerbeetle package to use.", "loc": ["services", "tigerbeetle", "package"], "readOnly": false, "type": "package"}, "services.tigerbeetle.replicaCount": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The number of replicas participating in replication of the cluster.\n", "loc": ["services", "tigerbeetle", "replicaCount"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.tigerbeetle.replicaIndex": {"declarations": ["nixos/modules/services/databases/tigerbeetle.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The index (starting at 0) of the replica in the cluster.\n", "loc": ["services", "tigerbeetle", "replicaIndex"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.tika.configFile": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Apache Tika configuration (XML) file to use.\n", "example": {"_type": "literalExpression", "text": "./tika/tika-config.xml"}, "loc": ["services", "tika", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.tika.enable": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Tika server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tika", "enable"], "readOnly": false, "type": "boolean"}, "services.tika.enableOcr": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable OCR support by adding the `tesseract` package as a dependency.\n", "loc": ["services", "tika", "enableOcr"], "readOnly": false, "type": "boolean"}, "services.tika.listenAddress": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The Apache Tika bind address.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "tika", "listenAddress"], "readOnly": false, "type": "string"}, "services.tika.openFirewall": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for Apache Tika.\nThis adds `services.tika.port` to `networking.firewall.allowedTCPPorts`.\n", "loc": ["services", "tika", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.tika.package": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tika"}, "description": "The tika package to use.", "loc": ["services", "tika", "package"], "readOnly": false, "type": "package"}, "services.tika.port": {"declarations": ["nixos/modules/services/search/tika.nix"], "default": {"_type": "literalExpression", "text": "9998"}, "description": "The Apache Tike port to listen on\n", "loc": ["services", "tika", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.timekpr.adminUsers": {"declarations": ["nixos/modules/services/security/timekpr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "All listed users will become part of the `timekpr` group so they can manage timekpr settings without requiring sudo.\n", "example": {"_type": "literalExpression", "text": "[\n  \"alice\"\n  \"bob\"\n]"}, "loc": ["services", "timekpr", "adminUsers"], "readOnly": false, "type": "list of string"}, "services.timekpr.enable": {"declarations": ["nixos/modules/services/security/timekpr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Timekpr-nExT, a screen time managing application that helps optimizing time spent at computer for your subordinates, children or even for yourself.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "timekpr", "enable"], "readOnly": false, "type": "boolean"}, "services.timekpr.package": {"declarations": ["nixos/modules/services/security/timekpr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.timekpr"}, "description": "The timekpr package to use.", "loc": ["services", "timekpr", "package"], "readOnly": false, "type": "package"}, "services.timesyncd.enable": {"declarations": ["nixos/modules/system/boot/timesyncd.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.isContainer"}, "description": "Enables the systemd NTP client daemon.\n", "loc": ["services", "timesyncd", "enable"], "readOnly": false, "type": "boolean"}, "services.timesyncd.extraConfig": {"declarations": ["nixos/modules/system/boot/timesyncd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config options for systemd-timesyncd. See\n{manpage}`timesyncd.conf(5)` for available options.\n", "example": {"_type": "literalExpression", "text": "''\n  PollIntervalMaxSec=180\n''"}, "loc": ["services", "timesyncd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.timesyncd.fallbackServers": {"declarations": ["nixos/modules/system/boot/timesyncd.nix"], "default": {"_type": "literalExpression", "text": "config.networking.timeServers"}, "description": "The set of fallback NTP servers from which to synchronise.\n\nSetting this option to an empty list will write `FallbackNTP=` to the\n{file}`timesyncd.conf` file as opposed to setting this option to null which\nwill remove `FallbackNTP=` entirely.\n\nSee {manpage}`timesyncd.conf(5)` for details.\n", "loc": ["services", "timesyncd", "fallbackServers"], "readOnly": false, "type": "null or (list of string)"}, "services.timesyncd.servers": {"declarations": ["nixos/modules/system/boot/timesyncd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The set of NTP servers from which to synchronise.\n\nSetting this option to an empty list will write `NTP=` to the\n{file}`timesyncd.conf` file as opposed to setting this option to null which\nwill remove `NTP=` entirely.\n\nSee {manpage}`timesyncd.conf(5)` for details.\n", "loc": ["services", "timesyncd", "servers"], "readOnly": false, "type": "null or (list of string)"}, "services.tinc.networks": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines the tinc networks which will be started.\nEach network invokes a different daemon.\n", "loc": ["services", "tinc", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tinc.networks.<name>.bindToAddress": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ip address to bind to (both listen on and send packets from).\n", "loc": ["services", "tinc", "networks", "<name>", "bindToAddress"], "readOnly": false, "type": "null or string"}, "services.tinc.networks.<name>.chroot": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security.\nThe chroot is performed after all the initialization is done, after writing pid files and opening network sockets.\n\nNote that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.\n", "loc": ["services", "tinc", "networks", "<name>", "chroot"], "readOnly": false, "type": "boolean"}, "services.tinc.networks.<name>.debugLevel": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The amount of debugging information to add to the log. 0 means little\nlogging while 5 is the most logging. {command}`man tincd` for\nmore details.\n", "loc": ["services", "tinc", "networks", "<name>", "debugLevel"], "readOnly": false, "type": "integer between 0 and 5 (both inclusive)"}, "services.tinc.networks.<name>.ed25519PrivateKeyFile": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the private ed25519 keyfile.\n", "loc": ["services", "tinc", "networks", "<name>", "ed25519PrivateKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.tinc.networks.<name>.extraConfig": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to add to the tinc service configuration file.\n\nNote that using the declarative {option}`service.tinc.networks.<name>.settings`\noption is preferred.\n", "loc": ["services", "tinc", "networks", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.tinc.networks.<name>.hostSettings": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The name of the host in the network as well as the configuration for that host.\nThis name should only contain alphanumerics and underscores.\n", "example": {"_type": "literalExpression", "text": "{\n  host1 = {\n    addresses = [\n      { address = \"192.168.1.42\"; }\n      { address = \"192.168.1.42\"; port = 1655; }\n    ];\n    subnets = [ { address = \"10.0.0.42\"; } ];\n    rsaPublicKey = \"...\";\n    settings = {\n      Ed25519PublicKey = \"...\";\n    };\n  };\n  host2 = {\n    subnets = [ { address = \"10.0.1.0\"; prefixLength = 24; weight = 2; } ];\n    rsaPublicKey = \"...\";\n    settings = {\n      Compression = 10;\n    };\n  };\n}\n"}, "loc": ["services", "tinc", "networks", "<name>", "hostSettings"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tinc.networks.<name>.hostSettings.<name>.addresses": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The external address where the host can be reached. This will set this\nhost's {option}`settings.Address` option.\n\nThis variable is only required if you want to connect to this host.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "addresses"], "readOnly": false, "type": "list of (submodule)"}, "services.tinc.networks.<name>.hostSettings.<name>.addresses.*.address": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "description": "The external IP address or hostname where the host can be reached.", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "addresses", "*", "address"], "readOnly": false, "type": "string"}, "services.tinc.networks.<name>.hostSettings.<name>.addresses.*.port": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port where the host can be reached.\n\nIf no port is specified, the default Port is used.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "addresses", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Legacy RSA public key of the host in PEM format, including start and\nend markers.\n\nThis will be appended as-is in the host's configuration file.\n\nThe ed25519 public key can be specified using the\n{option}`settings.Ed25519PublicKey` option instead.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "rsaPublicKey"], "readOnly": false, "type": "string"}, "services.tinc.networks.<name>.hostSettings.<name>.settings": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for this host.\n\nSee <https://tinc-vpn.org/documentation-1.1/Host-configuration-variables.html>\nfor supported values.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or string or signed integer or list of (boolean or string or signed integer))"}, "services.tinc.networks.<name>.hostSettings.<name>.subnets": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The subnets which this tinc daemon will serve. This will set this\nhost's {option}`settings.Subnet` option.\n\nTinc tries to look up which other daemon it should send a packet to by\nsearching the appropriate subnet. If the packet matches a subnet, it\nwill be sent to the daemon who has this subnet in his host\nconfiguration file.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "subnets"], "readOnly": false, "type": "list of (submodule)"}, "services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "description": "The subnet of this host.\n\nSubnets can either be single MAC, IPv4 or IPv6 addresses, in which case\na subnet consisting of only that single address is assumed, or they can\nbe a IPv4 or IPv6 network address with a prefix length.\n\nIPv4 subnets are notated like 192.168.1.0/24, IPv6 subnets are notated\nlike fec0:0:0:1::/64. MAC addresses are notated like 0:1a:2b:3c:4d:5e.\n\nNote that subnets like 192.168.1.1/24 are invalid.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "subnets", "*", "address"], "readOnly": false, "type": "string"}, "services.tinc.networks.<name>.hostSettings.<name>.subnets.*.prefixLength": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The prefix length of the subnet.\n\nIf null, a subnet consisting of only that single address is assumed.\n\nThis conforms to standard CIDR notation as described in RFC1519.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "subnets", "*", "prefixLength"], "readOnly": false, "type": "null or integer between 0 and 128 (both inclusive)"}, "services.tinc.networks.<name>.hostSettings.<name>.subnets.*.weight": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Indicates the priority over identical Subnets owned by different nodes.\n\nLower values indicate higher priority. Packets will be sent to the\nnode with the highest priority, unless that node is not reachable, in\nwhich case the node with the next highest priority will be tried, and\nso on.\n", "loc": ["services", "tinc", "networks", "<name>", "hostSettings", "<name>", "subnets", "*", "weight"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.tinc.networks.<name>.hosts": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The name of the host in the network as well as the configuration for that host.\nThis name should only contain alphanumerics and underscores.\n\nNote that using the declarative {option}`service.tinc.networks.<name>.hostSettings`\noption is preferred.\n", "loc": ["services", "tinc", "networks", "<name>", "hosts"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.tinc.networks.<name>.interfaceType": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "\"tun\""}, "description": "The type of virtual interface used for the network connection.\n", "loc": ["services", "tinc", "networks", "<name>", "interfaceType"], "readOnly": false, "type": "one of \"tun\", \"tap\""}, "services.tinc.networks.<name>.listenAddress": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The ip address to listen on for incoming connections.\n", "loc": ["services", "tinc", "networks", "<name>", "listenAddress"], "readOnly": false, "type": "null or string"}, "services.tinc.networks.<name>.name": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the node which is used as an identifier when communicating\nwith the remote nodes in the mesh. If null then the hostname of the system\nis used to derive a name (note that tinc may replace non-alphanumeric characters in\nhostnames by underscores).\n", "loc": ["services", "tinc", "networks", "<name>", "name"], "readOnly": false, "type": "null or string"}, "services.tinc.networks.<name>.package": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tinc_pre"}, "description": "The tinc_pre package to use.", "loc": ["services", "tinc", "networks", "<name>", "package"], "readOnly": false, "type": "package"}, "services.tinc.networks.<name>.rsaPrivateKeyFile": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the private RSA keyfile.\n", "loc": ["services", "tinc", "networks", "<name>", "rsaPrivateKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.tinc.networks.<name>.settings": {"declarations": ["nixos/modules/services/networking/tinc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of the Tinc daemon for this network.\n\nSee <https://tinc-vpn.org/documentation-1.1/Main-configuration-variables.html>\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  Interface = \"custom.interface\";\n  DirectOnly = true;\n  Mode = \"switch\";\n}\n"}, "loc": ["services", "tinc", "networks", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or string or signed integer or list of (boolean or string or signed integer))"}, "services.tinydns.data": {"declarations": ["nixos/modules/services/networking/tinydns.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The DNS data to serve, in the format described by {manpage}`tinydns-data(8)`", "loc": ["services", "tinydns", "data"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.tinydns.enable": {"declarations": ["nixos/modules/services/networking/tinydns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the tinydns dns server", "loc": ["services", "tinydns", "enable"], "readOnly": false, "type": "boolean"}, "services.tinydns.ip": {"declarations": ["nixos/modules/services/networking/tinydns.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IP address on which to listen for connections", "loc": ["services", "tinydns", "ip"], "readOnly": false, "type": "string"}, "services.tinyproxy.enable": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tinyproxy daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tinyproxy", "enable"], "readOnly": false, "type": "boolean"}, "services.tinyproxy.package": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tinyproxy"}, "description": "The tinyproxy package to use.", "loc": ["services", "tinyproxy", "package"], "readOnly": false, "type": "package"}, "services.tinyproxy.settings": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for [tinyproxy](https://tinyproxy.github.io/).", "example": {"_type": "literalExpression", "text": "{\n  Port 8888;\n  Listen 127.0.0.1;\n  Timeout 600;\n  Allow 127.0.0.1;\n  Anonymous = ['\"Host\"' '\"Authorization\"'];\n  ReversePath = '\"/example/\" \"http://www.example.com/\"';\n}\n"}, "loc": ["services", "tinyproxy", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.tinyproxy.settings.Anonymous": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If an `Anonymous` keyword is present, then anonymous proxying is enabled. The headers listed with `Anonymous` are allowed through, while all others are denied. If no Anonymous keyword is present, then all headers are allowed through. You must include quotes around the headers.\n", "loc": ["services", "tinyproxy", "settings", "Anonymous"], "readOnly": false, "type": "list of string"}, "services.tinyproxy.settings.Filter": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line.\n", "loc": ["services", "tinyproxy", "settings", "Filter"], "readOnly": false, "type": "null or absolute path"}, "services.tinyproxy.settings.Listen": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Specify which address to listen to.\n", "loc": ["services", "tinyproxy", "settings", "Listen"], "readOnly": false, "type": "null or string"}, "services.tinyproxy.settings.Port": {"declarations": ["nixos/modules/services/networking/tinyproxy.nix"], "default": {"_type": "literalExpression", "text": "8888"}, "description": "Specify which port to listen to.\n", "loc": ["services", "tinyproxy", "settings", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tlp.enable": {"declarations": ["nixos/modules/services/hardware/tlp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the TLP power management daemon.", "loc": ["services", "tlp", "enable"], "readOnly": false, "type": "boolean"}, "services.tlp.extraConfig": {"declarations": ["nixos/modules/services/hardware/tlp.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim additional configuration variables for TLP.\nDEPRECATED: use services.tlp.settings instead.\n", "loc": ["services", "tlp", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.tlp.package": {"declarations": ["nixos/modules/services/hardware/tlp.nix"], "default": {"_type": "literalExpression", "text": "\"pkgs.tlp.override { enableRDW = config.networking.networkmanager.enable; }\""}, "description": "The tlp package to use.", "loc": ["services", "tlp", "package"], "readOnly": false, "type": "package"}, "services.tlp.pd.enable": {"declarations": ["nixos/modules/services/hardware/tlp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the power-rofiles-daemon like DBus interface for TLP.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tlp", "pd", "enable"], "readOnly": false, "type": "boolean"}, "services.tlp.pd.package": {"declarations": ["nixos/modules/services/hardware/tlp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tlp-pd"}, "description": "The tlp-pd package to use.", "loc": ["services", "tlp", "pd", "package"], "readOnly": false, "type": "package"}, "services.tlp.settings": {"declarations": ["nixos/modules/services/hardware/tlp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options passed to TLP. See <https://linrunner.de/tlp> for all supported options..\n", "example": {"_type": "literalExpression", "text": "{\n  SATA_LINKPWR_ON_BAT = \"med_power_with_dipm\";\n  USB_BLACKLIST_PHONE = 1;\n}"}, "loc": ["services", "tlp", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or floating point number or string or list of string)"}, "services.tlsrpt.collectd.extraFlags": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra flags to pass to the tlsrpt-reportd executable.\n\nSee {manpage}`tlsrpt-collectd(1)` for possible flags.\n", "loc": ["services", "tlsrpt", "collectd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.tlsrpt.collectd.settings": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Flags from {manpage}`tlsrpt-collectd(1)` as key-value pairs.\n", "loc": ["services", "tlsrpt", "collectd", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.tlsrpt.collectd.settings.log_level": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Level of log messages to emit.\n", "loc": ["services", "tlsrpt", "collectd", "settings", "log_level"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"error\", \"critical\""}, "services.tlsrpt.collectd.settings.socketmode": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"0220\""}, "description": "Permissions on the UNIX socket.\n", "loc": ["services", "tlsrpt", "collectd", "settings", "socketmode"], "readOnly": false, "type": "string"}, "services.tlsrpt.collectd.settings.socketname": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"/run/tlsrpt/collectd.sock\""}, "description": "Path at which the UNIX socket will be created.\n", "loc": ["services", "tlsrpt", "collectd", "settings", "socketname"], "readOnly": false, "type": "absolute path"}, "services.tlsrpt.collectd.settings.storage": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:///var/lib/tlsrpt/collectd.sqlite\""}, "description": "Storage backend definition.\n", "loc": ["services", "tlsrpt", "collectd", "settings", "storage"], "readOnly": false, "type": "string"}, "services.tlsrpt.configurePostfix": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure permissions to allow integration with Postfix.\n", "loc": ["services", "tlsrpt", "configurePostfix"], "readOnly": false, "type": "boolean"}, "services.tlsrpt.enable": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the TLSRPT services.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tlsrpt", "enable"], "readOnly": false, "type": "boolean"}, "services.tlsrpt.fetcher.settings": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Flags from {manpage}`tlsrpt-fetcher(1)` as key-value pairs.\n", "loc": ["services", "tlsrpt", "fetcher", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.tlsrpt.fetcher.settings.log_level": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Level of log messages to emit.\n", "loc": ["services", "tlsrpt", "fetcher", "settings", "log_level"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"error\", \"critical\""}, "services.tlsrpt.fetcher.settings.storage": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "config.services.tlsrpt.collectd.settings.storage\n"}, "description": "Path to the collectd sqlite database.\n", "loc": ["services", "tlsrpt", "fetcher", "settings", "storage"], "readOnly": false, "type": "string"}, "services.tlsrpt.package": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tlsrpt-reporter"}, "description": "The tlsrpt-reporter package to use.", "loc": ["services", "tlsrpt", "package"], "readOnly": false, "type": "package"}, "services.tlsrpt.reportd.extraFlags": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra flags to pass to the tlsrpt-reportd executable.\n\nSee {manpage}`tlsrpt-report(1)` for possible flags.\n", "loc": ["services", "tlsrpt", "reportd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.tlsrpt.reportd.settings": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Flags from {manpage}`tlsrpt-reportd(1)` as key-value pairs.\n", "loc": ["services", "tlsrpt", "reportd", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.tlsrpt.reportd.settings.contact_info": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "description": "Contact information embedded into the reports.\n", "example": {"_type": "literalExpression", "text": "\"smtp-tls-reporting@example.com\""}, "loc": ["services", "tlsrpt", "reportd", "settings", "contact_info"], "readOnly": false, "type": "string"}, "services.tlsrpt.reportd.settings.dbname": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tlsrpt/reportd.sqlite\""}, "description": "Path to the sqlite database.\n", "loc": ["services", "tlsrpt", "reportd", "settings", "dbname"], "readOnly": false, "type": "string"}, "services.tlsrpt.reportd.settings.fetchers": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "lib.getExe' cfg.package \"tlsrpt-fetcher\"\n"}, "description": "Comma-separated list of fetcher programs that retrieve collectd data.\n", "loc": ["services", "tlsrpt", "reportd", "settings", "fetchers"], "readOnly": false, "type": "string"}, "services.tlsrpt.reportd.settings.http_script": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "${lib.getExe pkgs.curl} --silent --header 'Content-Type: application/tlsrpt+gzip' --data-binary @-\n"}, "description": "Call to an HTTPS client, that accepts the URL on the commandline and the request body from stdin.\n", "loc": ["services", "tlsrpt", "reportd", "settings", "http_script"], "readOnly": false, "type": "null or string"}, "services.tlsrpt.reportd.settings.log_level": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Level of log messages to emit.\n", "loc": ["services", "tlsrpt", "reportd", "settings", "log_level"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"error\", \"critical\""}, "services.tlsrpt.reportd.settings.organization_name": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "description": "Name of the organization sending out the reports.\n", "example": {"_type": "literalExpression", "text": "\"ACME Corp.\""}, "loc": ["services", "tlsrpt", "reportd", "settings", "organization_name"], "readOnly": false, "type": "string"}, "services.tlsrpt.reportd.settings.sender_address": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "description": "Sender address used for reports.\n", "example": {"_type": "literalExpression", "text": "\"noreply@example.com\""}, "loc": ["services", "tlsrpt", "reportd", "settings", "sender_address"], "readOnly": false, "type": "string"}, "services.tlsrpt.reportd.settings.sendmail_script": {"declarations": ["nixos/modules/services/mail/tlsrpt.nix"], "default": {"_type": "literalExpression", "text": "if config.services.postfix.enable && config.services.postfix.setSendmail then\n  \"/run/wrappers/bin/sendmail -i -t\"\nelse\n  null\n"}, "description": "Path to a sendmail-compatible executable for delivery reports.\n", "loc": ["services", "tlsrpt", "reportd", "settings", "sendmail_script"], "readOnly": false, "type": "null or string"}, "services.tmate-ssh-server.advertisedPort": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "description": "External port advertised to clients", "loc": ["services", "tmate-ssh-server", "advertisedPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tmate-ssh-server.enable": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tmate ssh server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tmate-ssh-server", "enable"], "readOnly": false, "type": "boolean"}, "services.tmate-ssh-server.host": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "default": {"_type": "literalExpression", "text": "config.networking.domain or config.networking.hostName"}, "description": "External host name", "loc": ["services", "tmate-ssh-server", "host"], "readOnly": false, "type": "string"}, "services.tmate-ssh-server.keysDir": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Directory containing ssh keys, defaulting to auto-generation", "loc": ["services", "tmate-ssh-server", "keysDir"], "readOnly": false, "type": "null or string"}, "services.tmate-ssh-server.openFirewall": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically open the specified ports in the firewall.", "loc": ["services", "tmate-ssh-server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.tmate-ssh-server.package": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tmate-ssh-server"}, "description": "The tmate-ssh-server package to use.", "loc": ["services", "tmate-ssh-server", "package"], "readOnly": false, "type": "package"}, "services.tmate-ssh-server.port": {"declarations": ["nixos/modules/services/networking/tmate-ssh-server.nix"], "default": {"_type": "literalExpression", "text": "2222"}, "description": "Listen port for the ssh server", "loc": ["services", "tmate-ssh-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.todesk.enable": {"declarations": ["nixos/modules/services/monitoring/todesk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ToDesk daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "todesk", "enable"], "readOnly": false, "type": "boolean"}, "services.todesk.package": {"declarations": ["nixos/modules/services/monitoring/todesk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.todesk"}, "description": "The todesk package to use.", "loc": ["services", "todesk", "package"], "readOnly": false, "type": "package"}, "services.tomcat.axis2.enable": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Axis2 container.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tomcat", "axis2", "enable"], "readOnly": false, "type": "boolean"}, "services.tomcat.axis2.services": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List containing AAR files or directories with AAR files which are web services to be deployed on Axis2", "loc": ["services", "tomcat", "axis2", "services"], "readOnly": false, "type": "list of string"}, "services.tomcat.baseDir": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "\"/var/tomcat\""}, "description": "Location where Tomcat stores configuration files, web applications\nand logfiles. Note that it is partially cleared on each service startup\nif `purifyOnStart` is enabled.\n", "loc": ["services", "tomcat", "baseDir"], "readOnly": false, "type": "absolute path"}, "services.tomcat.catalinaOpts": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container", "loc": ["services", "tomcat", "catalinaOpts"], "readOnly": false, "type": "(list of string) or string"}, "services.tomcat.commonLibs": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container", "loc": ["services", "tomcat", "commonLibs"], "readOnly": false, "type": "list of string"}, "services.tomcat.enable": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Tomcat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tomcat", "enable"], "readOnly": false, "type": "boolean"}, "services.tomcat.extraConfigFiles": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra configuration files to pull into the tomcat conf directory", "loc": ["services", "tomcat", "extraConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "services.tomcat.extraEnvironment": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment Variables to pass to the tomcat service", "example": {"_type": "literalExpression", "text": "[\n  \"ENVIRONMENT=production\"\n]"}, "loc": ["services", "tomcat", "extraEnvironment"], "readOnly": false, "type": "list of string"}, "services.tomcat.extraGroups": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Defines extra groups to which the tomcat user belongs.", "example": {"_type": "literalExpression", "text": "[\n  \"users\"\n]"}, "loc": ["services", "tomcat", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.tomcat.group": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "\"tomcat\""}, "description": "Group account under which Apache Tomcat runs.", "loc": ["services", "tomcat", "group"], "readOnly": false, "type": "string"}, "services.tomcat.javaOpts": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat", "loc": ["services", "tomcat", "javaOpts"], "readOnly": false, "type": "(list of string) or string"}, "services.tomcat.jdk": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk"}, "description": "The jdk package to use.", "loc": ["services", "tomcat", "jdk"], "readOnly": false, "type": "package"}, "services.tomcat.logDirs": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Directories to create in baseDir/logs/", "loc": ["services", "tomcat", "logDirs"], "readOnly": false, "type": "list of absolute path"}, "services.tomcat.logPerVirtualHost": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable logging per virtual host.", "loc": ["services", "tomcat", "logPerVirtualHost"], "readOnly": false, "type": "boolean"}, "services.tomcat.package": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tomcat9"}, "description": "The tomcat9 package to use.", "example": {"_type": "literalExpression", "text": "tomcat10"}, "loc": ["services", "tomcat", "package"], "readOnly": false, "type": "package"}, "services.tomcat.port": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The TCP port Tomcat should listen on.\n", "loc": ["services", "tomcat", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tomcat.purifyOnStart": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "On startup, the `baseDir` directory is populated with various files,\nsubdirectories and symlinks. If this option is enabled, these items\n(except for the `logs` and `work` subdirectories) are first removed.\nThis prevents interference from remainders of an old configuration\n(libraries, webapps, etc.), so it's recommended to enable this option.\n", "loc": ["services", "tomcat", "purifyOnStart"], "readOnly": false, "type": "boolean"}, "services.tomcat.serverXml": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Verbatim server.xml configuration.\nThis is mutually exclusive with the virtualHosts options.\n", "loc": ["services", "tomcat", "serverXml"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.tomcat.sharedLibs": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List containing JAR files or directories with JAR files which are libraries shared by the web applications", "loc": ["services", "tomcat", "sharedLibs"], "readOnly": false, "type": "list of string"}, "services.tomcat.user": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "\"tomcat\""}, "description": "User account under which Apache Tomcat runs.", "loc": ["services", "tomcat", "user"], "readOnly": false, "type": "string"}, "services.tomcat.virtualHosts": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List consisting of a virtual host name and a list of web applications to deploy on each virtual host", "loc": ["services", "tomcat", "virtualHosts"], "readOnly": false, "type": "list of (submodule)"}, "services.tomcat.virtualHosts.*.aliases": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "aliases of the virtualhost", "loc": ["services", "tomcat", "virtualHosts", "*", "aliases"], "readOnly": false, "type": "list of string"}, "services.tomcat.virtualHosts.*.name": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "description": "name of the virtualhost", "loc": ["services", "tomcat", "virtualHosts", "*", "name"], "readOnly": false, "type": "string"}, "services.tomcat.virtualHosts.*.webapps": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List containing web application WAR files and/or directories containing\nweb applications and configuration files for the virtual host.\n", "loc": ["services", "tomcat", "virtualHosts", "*", "webapps"], "readOnly": false, "type": "list of absolute path"}, "services.tomcat.webapps": {"declarations": ["nixos/modules/services/web-servers/tomcat.nix"], "default": {"_type": "literalExpression", "text": "[ config.services.tomcat.package.webapps ]"}, "description": "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat", "loc": ["services", "tomcat", "webapps"], "readOnly": false, "type": "list of absolute path"}, "services.tor.client.dns.enable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable DNS resolver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "client", "dns", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.client.enable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the routing of application connections.\n          You might want to disable this if you plan running a dedicated Tor relay.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.client.onionServices": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceDir).\n", "example": {"_type": "literalExpression", "text": "{\n  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = {\n    clientAuthorizations = [\n      \"/run/keys/tor/alice.prv.x25519\"\n    ];\n  };\n}"}, "loc": ["services", "tor", "client", "onionServices"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tor.client.onionServices.<name>.clientAuthorizations": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Clients' authorizations for a v3 onion service,\nas a list of files containing each one private key, in the format:\n```\ndescriptor:x25519:<base32-private-key>\n```\nSee [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#_client_authorization).\n\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/keys/tor/alice.prv.x25519\"\n]"}, "loc": ["services", "tor", "client", "onionServices", "<name>", "clientAuthorizations"], "readOnly": false, "type": "list of absolute path"}, "services.tor.client.socksListenAddress": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "{\n  IsolateDestAddr = true;\n  addr = \"127.0.0.1\";\n  port = 9050;\n}"}, "description": "Bind to this address to listen for connections from\nSocks-speaking applications.\n", "example": {"_type": "literalExpression", "text": "{\n  IsolateDestAddr = true;\n  addr = \"192.168.0.1\";\n  port = 9090;\n}"}, "loc": ["services", "tor", "client", "socksListenAddress"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)"}, "services.tor.client.transparentProxy.enable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable transparent proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "client", "transparentProxy", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.controlSocket.enable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable control socket,\n        created in `/run/tor/control`.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "controlSocket", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.enable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tor daemon.\n        By default, the daemon is run without\n        relay, exit, bridge or client connectivity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.enableGeoIP": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable use of GeoIP databases.\n        Disabling this will disable by-country statistics for bridges and relays\n        and some client and third-party software functionality.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "enableGeoIP"], "readOnly": false, "type": "boolean"}, "services.tor.obfs4Package": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "pkgs.obfs4"}, "description": "The obfs4 package to use.", "loc": ["services", "tor", "obfs4Package"], "readOnly": false, "type": "package"}, "services.tor.openFirewall": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening of the relay port(s) in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.tor.package": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tor"}, "description": "The tor package to use.", "loc": ["services", "tor", "package"], "readOnly": false, "type": "package"}, "services.tor.relay.enable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable relaying of Tor traffic for others.\n\nSee <https://www.torproject.org/docs/tor-doc-relay>\nfor details.\n\nSetting this to true requires setting\n{option}`services.tor.relay.role`\nand\n{option}`services.tor.settings.ORPort`\noptions.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tor", "relay", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.relay.onionServices": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceDir).\n:::{.warning}\nBecause `tor.service` runs in its own `RootDirectory=`,\nwhen using a onion service to reverse-proxy to a Unix socket,\nyou need to make that Unix socket available\nwithin the mount namespace of `tor.service`.\n\nWhen you can configure your service to create its socket in `/tmp`,\nthis can be done with:\n```nix\nsystemd.services.${your-service} = {\n  unitConfig.JoinsNamespaceOf = [ \"tor.service\" ];`\n  serviceConfig.PrivateTmp = true;\n};\n```\nOtherwise, you can use:\n```nix\nsystemd.services.tor.serviceConfig.BindPaths = [ \"/path/to/your-service/socket/directory\" ];\n```\nbut you have to be sure that `/path/to/socket/directory`\nexists before `tor.service` is started\nand is not deleted and recreated between restarts of `your-service`,\nor you'll need to restart `tor.service` to refresh the `BindPaths=`.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  \"example.org/www\" = {\n    authorizedClients = [\n      \"descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\"\n    ];\n    map = [\n      80\n    ];\n  };\n}"}, "loc": ["services", "tor", "relay", "onionServices"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tor.relay.onionServices.<name>.authorizeClient": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceAuthorizeClient).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "authorizeClient"], "readOnly": false, "type": "null or (submodule)"}, "services.tor.relay.onionServices.<name>.authorizeClient.authType": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Either `\"basic\"` for a general-purpose authorization protocol\nor `\"stealth\"` for a less scalable protocol\nthat also hides service activity from unauthorized clients.\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "authorizeClient", "authType"], "readOnly": false, "type": "one of \"basic\", \"stealth\""}, "services.tor.relay.onionServices.<name>.authorizeClient.clientNames": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Only clients that are listed here are authorized to access the hidden service.\nGenerated authorization data can be found in {file}`/var/lib/tor/onion/$name/hostname`.\nClients need to put this authorization data in their configuration file using\n[](#opt-services.tor.settings.HidServAuth).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "authorizeClient", "clientNames"], "readOnly": false, "type": "non-empty (list of string matching the pattern [A-Za-z0-9+-_]+)"}, "services.tor.relay.onionServices.<name>.authorizedClients": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Authorized clients for a v3 onion service,\nas a list of public key, in the format:\n```\ndescriptor:x25519:<base32-public-key>\n```\nSee [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#_client_authorization).\n\n", "example": {"_type": "literalExpression", "text": "[\n  \"descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\"\n]"}, "loc": ["services", "tor", "relay", "onionServices", "<name>", "authorizedClients"], "readOnly": false, "type": "list of string"}, "services.tor.relay.onionServices.<name>.map": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "map"], "readOnly": false, "type": "list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule))"}, "services.tor.relay.onionServices.<name>.path": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Path where to store the data files of the hidden service.\nIf the {option}`secretKey` is null\nthis defaults to `/var/lib/tor/onion/$onion`,\notherwise to `/run/tor/onion/$onion`.\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "path"], "readOnly": false, "type": "absolute path"}, "services.tor.relay.onionServices.<name>.secretKey": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secret key of the onion service.\nIf null, Tor reuses any preexisting secret key (in {option}`path`)\nor generates a new one.\nThe associated public key and hostname are deterministically regenerated\nfrom this file if they do not exist.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/tor/onion/expyuzz4wqqyqhjn/hs_ed25519_secret_key\""}, "loc": ["services", "tor", "relay", "onionServices", "<name>", "secretKey"], "readOnly": false, "type": "null or absolute path"}, "services.tor.relay.onionServices.<name>.settings": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings of the onion service.\nSee [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#_hidden_service_options).\n\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings"], "readOnly": false, "type": "open submodule of settings option"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceAllowUnknownPorts).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceAllowUnknownPorts"], "readOnly": false, "type": "null or boolean"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceDirGroupReadable).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceDirGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceExportCircuitID).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceExportCircuitID"], "readOnly": false, "type": "null or value \"haproxy\" (singular enum)"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceMaxStreams).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceMaxStreams"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceMaxStreamsCloseCircuit).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceMaxStreamsCloseCircuit"], "readOnly": false, "type": "null or boolean"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceNumIntroductionPoints).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceNumIntroductionPoints"], "readOnly": false, "type": "null or integer between 0 and 20 (both inclusive)"}, "services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceSingleHopMode).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "HiddenServiceSingleHopMode"], "readOnly": false, "type": "null or boolean"}, "services.tor.relay.onionServices.<name>.settings.RendPostPeriod": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#RendPostPeriod).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "settings", "RendPostPeriod"], "readOnly": false, "type": "null or string"}, "services.tor.relay.onionServices.<name>.version": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceVersion).\n", "loc": ["services", "tor", "relay", "onionServices", "<name>", "version"], "readOnly": false, "type": "null or one of 2, 3"}, "services.tor.relay.role": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Your role in Tor network. There're several options:\n\n- `exit`:\n  An exit relay. This allows Tor users to access regular\n  Internet services through your public IP.\n\n  You can specify which services Tor users may access via\n  your exit relay using {option}`settings.ExitPolicy` option.\n\n- `relay`:\n  Regular relay. This allows Tor users to relay onion\n  traffic to other Tor nodes, but not to public\n  Internet.\n\n  See\n  <https://www.torproject.org/docs/tor-doc-relay.html.en>\n  for more info.\n\n- `bridge`:\n  Regular bridge. Works like a regular relay, but\n  doesn't list you in the public relay directory and\n  hides your Tor node behind obfs4proxy.\n\n  Using this option will make Tor advertise your bridge\n  to users through various mechanisms like\n  <https://bridges.torproject.org/>, though.\n\n  See <https://www.torproject.org/docs/bridges.html.en>\n  for more info.\n\n- `private-bridge`:\n  Private bridge. Works like regular bridge, but does\n  not advertise your node in any way.\n\n  Using this role means that you won't contribute to Tor\n  network in any way unless you advertise your node\n  yourself in some way.\n\n  Use this if you want to run a private bridge, for\n  example because you'll give out your bridge addr\n  manually to your friends.\n\n  Switching to this role after measurable time in\n  \"bridge\" role is pretty useless as some Tor users\n  would have learned about your node already. In the\n  latter case you can still change\n  {option}`port` option.\n\n  See <https://www.torproject.org/docs/bridges.html.en>\n  for more info.\n\n::: {.important}\nRunning an exit relay may expose you to abuse\ncomplaints. See\n<https://www.torproject.org/faq.html.en#ExitPolicies>\nfor more info.\n:::\n\n::: {.important}\nNote that some misconfigured and/or disrespectful\ntowards privacy sites will block you even if your\nrelay is not an exit relay. That is, just being listed\nin a public relay directory can have unwanted\nconsequences.\n\nWhich means you might not want to use\nthis role if you browse public Internet from the same\nnetwork as your relay, unless you want to write\ne-mails to those sites (you should!).\n:::\n\n::: {.important}\nWARNING: THE FOLLOWING PARAGRAPH IS NOT LEGAL ADVICE.\nConsult with your lawyer when in doubt.\n\nThe `bridge` role should be safe to use in most situations\n(unless the act of forwarding traffic for others is\na punishable offence under your local laws, which\nwould be pretty insane as it would make ISP illegal).\n:::\n", "loc": ["services", "tor", "relay", "role"], "readOnly": false, "type": "one of \"exit\", \"relay\", \"bridge\", \"private-bridge\""}, "services.tor.settings": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en)\nfor documentation.\n", "loc": ["services", "tor", "settings"], "readOnly": false, "type": "open submodule of settings option"}, "services.tor.settings.AccountingMax": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AccountingMax).\n", "loc": ["services", "tor", "settings", "AccountingMax"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.AccountingStart": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AccountingStart).\n", "loc": ["services", "tor", "settings", "AccountingStart"], "readOnly": false, "type": "null or string"}, "services.tor.settings.Address": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#Address).\n", "loc": ["services", "tor", "settings", "Address"], "readOnly": false, "type": "null or string"}, "services.tor.settings.AssumeReachable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AssumeReachable).\n", "loc": ["services", "tor", "settings", "AssumeReachable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AuthDirHasIPv6Connectivity": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AuthDirHasIPv6Connectivity).\n", "loc": ["services", "tor", "settings", "AuthDirHasIPv6Connectivity"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AuthDirListBadExits": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AuthDirListBadExits).\n", "loc": ["services", "tor", "settings", "AuthDirListBadExits"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AuthDirPinKeys": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AuthDirPinKeys).\n", "loc": ["services", "tor", "settings", "AuthDirPinKeys"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AuthDirSharedRandomness": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AuthDirSharedRandomness).\n", "loc": ["services", "tor", "settings", "AuthDirSharedRandomness"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AuthDirTestEd25519LinkKeys": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AuthDirTestEd25519LinkKeys).\n", "loc": ["services", "tor", "settings", "AuthDirTestEd25519LinkKeys"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AuthoritativeDirectory": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AuthoritativeDirectory).\n", "loc": ["services", "tor", "settings", "AuthoritativeDirectory"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AutomapHostsOnResolve": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AutomapHostsOnResolve).\n", "loc": ["services", "tor", "settings", "AutomapHostsOnResolve"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.AutomapHostsSuffixes": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[\n  \".onion\"\n  \".exit\"\n]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#AutomapHostsSuffixes).\n", "example": {"_type": "literalExpression", "text": "[\n  \".onion\"\n]"}, "loc": ["services", "tor", "settings", "AutomapHostsSuffixes"], "readOnly": false, "type": "list of string"}, "services.tor.settings.BandwidthBurst": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#BandwidthBurst).\n", "loc": ["services", "tor", "settings", "BandwidthBurst"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.BandwidthRate": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#BandwidthRate).\n", "loc": ["services", "tor", "settings", "BandwidthRate"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.BridgeAuthoritativeDir": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#BridgeAuthoritativeDir).\n", "loc": ["services", "tor", "settings", "BridgeAuthoritativeDir"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.BridgeRecordUsageByCountry": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#BridgeRecordUsageByCountry).\n", "loc": ["services", "tor", "settings", "BridgeRecordUsageByCountry"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.BridgeRelay": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#BridgeRelay).\n", "loc": ["services", "tor", "settings", "BridgeRelay"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.CacheDirectory": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#CacheDirectory).\n", "loc": ["services", "tor", "settings", "CacheDirectory"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.CacheDirectoryGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#CacheDirectoryGroupReadable).\n", "loc": ["services", "tor", "settings", "CacheDirectoryGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.CellStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#CellStatistics).\n", "loc": ["services", "tor", "settings", "CellStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientAutoIPv6ORPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientAutoIPv6ORPort).\n", "loc": ["services", "tor", "settings", "ClientAutoIPv6ORPort"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientDNSRejectInternalAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientDNSRejectInternalAddresses).\n", "loc": ["services", "tor", "settings", "ClientDNSRejectInternalAddresses"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientOnionAuthDir": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientOnionAuthDir).\n", "loc": ["services", "tor", "settings", "ClientOnionAuthDir"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.ClientPreferIPv6DirPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientPreferIPv6DirPort).\n", "loc": ["services", "tor", "settings", "ClientPreferIPv6DirPort"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientPreferIPv6ORPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientPreferIPv6ORPort).\n", "loc": ["services", "tor", "settings", "ClientPreferIPv6ORPort"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientRejectInternalAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientRejectInternalAddresses).\n", "loc": ["services", "tor", "settings", "ClientRejectInternalAddresses"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientUseIPv4": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientUseIPv4).\n", "loc": ["services", "tor", "settings", "ClientUseIPv4"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ClientUseIPv6": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ClientUseIPv6).\n", "loc": ["services", "tor", "settings", "ClientUseIPv6"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ConnDirectionStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ConnDirectionStatistics).\n", "loc": ["services", "tor", "settings", "ConnDirectionStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ConstrainedSockets": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ConstrainedSockets).\n", "loc": ["services", "tor", "settings", "ConstrainedSockets"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ContactInfo": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ContactInfo).\n", "loc": ["services", "tor", "settings", "ContactInfo"], "readOnly": false, "type": "null or string"}, "services.tor.settings.ControlPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ControlPort).\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    port = 9051;\n  }\n]"}, "loc": ["services", "tor", "settings", "ControlPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.ControlPortFileGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ControlPortFileGroupReadable).\n", "loc": ["services", "tor", "settings", "ControlPortFileGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ControlPortWriteToFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ControlPortWriteToFile).\n", "loc": ["services", "tor", "settings", "ControlPortWriteToFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.ControlSocket": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ControlSocket).\n", "loc": ["services", "tor", "settings", "ControlSocket"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.ControlSocketsGroupWritable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ControlSocketsGroupWritable).\n", "loc": ["services", "tor", "settings", "ControlSocketsGroupWritable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.CookieAuthFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#CookieAuthFile).\n", "loc": ["services", "tor", "settings", "CookieAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.CookieAuthFileGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#CookieAuthFileGroupReadable).\n", "loc": ["services", "tor", "settings", "CookieAuthFileGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.CookieAuthentication": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#CookieAuthentication).\n", "loc": ["services", "tor", "settings", "CookieAuthentication"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DNSPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DNSPort).\n", "loc": ["services", "tor", "settings", "DNSPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.DataDirectory": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tor\""}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DataDirectory).\n", "loc": ["services", "tor", "settings", "DataDirectory"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.DataDirectoryGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DataDirectoryGroupReadable).\n", "loc": ["services", "tor", "settings", "DataDirectoryGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DirAllowPrivateAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DirAllowPrivateAddresses).\n", "loc": ["services", "tor", "settings", "DirAllowPrivateAddresses"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DirCache": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DirCache).\n", "loc": ["services", "tor", "settings", "DirCache"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DirPolicy": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DirPolicy).\n", "example": {"_type": "literalExpression", "text": "[\n  \"accept *:*\"\n]"}, "loc": ["services", "tor", "settings", "DirPolicy"], "readOnly": false, "type": "list of string"}, "services.tor.settings.DirPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DirPort).\n", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "tor", "settings", "DirPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.DirPortFrontPage": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DirPortFrontPage).\n", "loc": ["services", "tor", "settings", "DirPortFrontPage"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.DirReqStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DirReqStatistics).\n", "loc": ["services", "tor", "settings", "DirReqStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DisableAllSwap": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DisableAllSwap).\n", "loc": ["services", "tor", "settings", "DisableAllSwap"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DisableDebuggerAttachment": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DisableDebuggerAttachment).\n", "loc": ["services", "tor", "settings", "DisableDebuggerAttachment"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DisableNetwork": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DisableNetwork).\n", "loc": ["services", "tor", "settings", "DisableNetwork"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DisableOOSCheck": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DisableOOSCheck).\n", "loc": ["services", "tor", "settings", "DisableOOSCheck"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DoSCircuitCreationEnabled": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEnabled).\n", "loc": ["services", "tor", "settings", "DoSCircuitCreationEnabled"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DoSConnectionEnabled": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DoSConnectionEnabled).\n", "loc": ["services", "tor", "settings", "DoSConnectionEnabled"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DoSRefuseSingleHopClientRendezvous": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DoSRefuseSingleHopClientRendezvous).\n", "loc": ["services", "tor", "settings", "DoSRefuseSingleHopClientRendezvous"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DormantCanceledByStartup": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DormantCanceledByStartup).\n", "loc": ["services", "tor", "settings", "DormantCanceledByStartup"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DormantOnFirstStartup": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DormantOnFirstStartup).\n", "loc": ["services", "tor", "settings", "DormantOnFirstStartup"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DormantTimeoutDisabledByIdleStreams": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DormantTimeoutDisabledByIdleStreams).\n", "loc": ["services", "tor", "settings", "DormantTimeoutDisabledByIdleStreams"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.DownloadExtraInfo": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#DownloadExtraInfo).\n", "loc": ["services", "tor", "settings", "DownloadExtraInfo"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.EnforceDistinctSubnets": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#EnforceDistinctSubnets).\n", "loc": ["services", "tor", "settings", "EnforceDistinctSubnets"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.EntryStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#EntryStatistics).\n", "loc": ["services", "tor", "settings", "EntryStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExitPolicy": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"reject *:*\"\n]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitPolicy).\n", "example": {"_type": "literalExpression", "text": "[\n  \"accept *:*\"\n]"}, "loc": ["services", "tor", "settings", "ExitPolicy"], "readOnly": false, "type": "list of string"}, "services.tor.settings.ExitPolicyRejectLocalInterfaces": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitPolicyRejectLocalInterfaces).\n", "loc": ["services", "tor", "settings", "ExitPolicyRejectLocalInterfaces"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExitPolicyRejectPrivate": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitPolicyRejectPrivate).\n", "loc": ["services", "tor", "settings", "ExitPolicyRejectPrivate"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExitPortStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitPortStatistics).\n", "loc": ["services", "tor", "settings", "ExitPortStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExitRelay": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitRelay).\n", "loc": ["services", "tor", "settings", "ExitRelay"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExtORPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExtORPort).\n", "loc": ["services", "tor", "settings", "ExtORPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule)"}, "services.tor.settings.ExtORPortCookieAuthFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExtORPortCookieAuthFile).\n", "loc": ["services", "tor", "settings", "ExtORPortCookieAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.ExtORPortCookieAuthFileGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExtORPortCookieAuthFileGroupReadable).\n", "loc": ["services", "tor", "settings", "ExtORPortCookieAuthFileGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExtendAllowPrivateAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExtendAllowPrivateAddresses).\n", "loc": ["services", "tor", "settings", "ExtendAllowPrivateAddresses"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ExtraInfoStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ExtraInfoStatistics).\n", "loc": ["services", "tor", "settings", "ExtraInfoStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.FascistFirewall": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#FascistFirewall).\n", "loc": ["services", "tor", "settings", "FascistFirewall"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.FetchDirInfoEarly": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#FetchDirInfoEarly).\n", "loc": ["services", "tor", "settings", "FetchDirInfoEarly"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.FetchDirInfoExtraEarly": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#FetchDirInfoExtraEarly).\n", "loc": ["services", "tor", "settings", "FetchDirInfoExtraEarly"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.FetchHidServDescriptors": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#FetchHidServDescriptors).\n", "loc": ["services", "tor", "settings", "FetchHidServDescriptors"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.FetchServerDescriptors": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#FetchServerDescriptors).\n", "loc": ["services", "tor", "settings", "FetchServerDescriptors"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.FetchUselessDescriptors": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#FetchUselessDescriptors).\n", "loc": ["services", "tor", "settings", "FetchUselessDescriptors"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.GeoIPFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#GeoIPFile).\n", "loc": ["services", "tor", "settings", "GeoIPFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.GeoIPv6File": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#GeoIPv6File).\n", "loc": ["services", "tor", "settings", "GeoIPv6File"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.GuardfractionFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#GuardfractionFile).\n", "loc": ["services", "tor", "settings", "GuardfractionFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.HSLayer2Nodes": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HSLayer2Nodes).\n", "loc": ["services", "tor", "settings", "HSLayer2Nodes"], "readOnly": false, "type": "list of string"}, "services.tor.settings.HSLayer3Nodes": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HSLayer3Nodes).\n", "loc": ["services", "tor", "settings", "HSLayer3Nodes"], "readOnly": false, "type": "list of string"}, "services.tor.settings.HTTPTunnelPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HTTPTunnelPort).\n", "loc": ["services", "tor", "settings", "HTTPTunnelPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.HidServAuth": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HidServAuth).\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    auth = \"xxxxxxxxxxxxxxxxxxxxxx\";\n    onion = \"xxxxxxxxxxxxxxxx.onion\";\n  }\n]"}, "loc": ["services", "tor", "settings", "HidServAuth"], "readOnly": false, "type": "list of (submodule)"}, "services.tor.settings.HidServAuth.*.auth": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Authentication cookie.", "loc": ["services", "tor", "settings", "HidServAuth", "*", "auth"], "readOnly": false, "type": "string matching the pattern [A-Za-z0-9+/]{22}"}, "services.tor.settings.HidServAuth.*.onion": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Onion address.", "example": {"_type": "literalExpression", "text": "\"xxxxxxxxxxxxxxxx.onion\""}, "loc": ["services", "tor", "settings", "HidServAuth", "*", "onion"], "readOnly": false, "type": "string matching the pattern [a-z2-7]{16}\\.onion"}, "services.tor.settings.HiddenServiceNonAnonymousMode": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceNonAnonymousMode).\n", "loc": ["services", "tor", "settings", "HiddenServiceNonAnonymousMode"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.HiddenServiceStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceStatistics).\n", "loc": ["services", "tor", "settings", "HiddenServiceStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.IPv6Exit": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#IPv6Exit).\n", "loc": ["services", "tor", "settings", "IPv6Exit"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.KeyDirectory": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#KeyDirectory).\n", "loc": ["services", "tor", "settings", "KeyDirectory"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.KeyDirectoryGroupReadable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#KeyDirectoryGroupReadable).\n", "loc": ["services", "tor", "settings", "KeyDirectoryGroupReadable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.LogMessageDomains": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#LogMessageDomains).\n", "loc": ["services", "tor", "settings", "LogMessageDomains"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.LongLivedPorts": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#LongLivedPorts).\n", "loc": ["services", "tor", "settings", "LongLivedPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tor.settings.MainloopStats": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#MainloopStats).\n", "loc": ["services", "tor", "settings", "MainloopStats"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.MaxAdvertisedBandwidth": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#MaxAdvertisedBandwidth).\n", "loc": ["services", "tor", "settings", "MaxAdvertisedBandwidth"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.MaxCircuitDirtiness": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#MaxCircuitDirtiness).\n", "loc": ["services", "tor", "settings", "MaxCircuitDirtiness"], "readOnly": false, "type": "null or signed integer"}, "services.tor.settings.MaxClientCircuitsPending": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#MaxClientCircuitsPending).\n", "loc": ["services", "tor", "settings", "MaxClientCircuitsPending"], "readOnly": false, "type": "null or signed integer"}, "services.tor.settings.NATDPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#NATDPort).\n", "loc": ["services", "tor", "settings", "NATDPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.NewCircuitPeriod": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#NewCircuitPeriod).\n", "loc": ["services", "tor", "settings", "NewCircuitPeriod"], "readOnly": false, "type": "null or signed integer"}, "services.tor.settings.Nickname": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#Nickname).\n", "loc": ["services", "tor", "settings", "Nickname"], "readOnly": false, "type": "null or string matching the pattern ^[a-zA-Z0-9]{1,19}$"}, "services.tor.settings.ORPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ORPort).\n", "example": {"_type": "literalExpression", "text": "443"}, "loc": ["services", "tor", "settings", "ORPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.OfflineMasterKey": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#OfflineMasterKey).\n", "loc": ["services", "tor", "settings", "OfflineMasterKey"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.OptimisticData": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#OptimisticData).\n", "loc": ["services", "tor", "settings", "OptimisticData"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.PaddingStatistics": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#PaddingStatistics).\n", "loc": ["services", "tor", "settings", "PaddingStatistics"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.PerConnBWBurst": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#PerConnBWBurst).\n", "loc": ["services", "tor", "settings", "PerConnBWBurst"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.PerConnBWRate": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#PerConnBWRate).\n", "loc": ["services", "tor", "settings", "PerConnBWRate"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.PidFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#PidFile).\n", "loc": ["services", "tor", "settings", "PidFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.ProtocolWarnings": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ProtocolWarnings).\n", "loc": ["services", "tor", "settings", "ProtocolWarnings"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.PublishHidServDescriptors": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#PublishHidServDescriptors).\n", "loc": ["services", "tor", "settings", "PublishHidServDescriptors"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.PublishServerDescriptor": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#PublishServerDescriptor).\n", "loc": ["services", "tor", "settings", "PublishServerDescriptor"], "readOnly": false, "type": "null or one of false, true, 0, 1, \"0\", \"1\", \"v3\", \"bridge\""}, "services.tor.settings.ReachableAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ReachableAddresses).\n", "loc": ["services", "tor", "settings", "ReachableAddresses"], "readOnly": false, "type": "list of string"}, "services.tor.settings.ReachableDirAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ReachableDirAddresses).\n", "loc": ["services", "tor", "settings", "ReachableDirAddresses"], "readOnly": false, "type": "list of string"}, "services.tor.settings.ReachableORAddresses": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ReachableORAddresses).\n", "loc": ["services", "tor", "settings", "ReachableORAddresses"], "readOnly": false, "type": "list of string"}, "services.tor.settings.ReducedExitPolicy": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ReducedExitPolicy).\n", "loc": ["services", "tor", "settings", "ReducedExitPolicy"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.RefuseUnknownExits": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#RefuseUnknownExits).\n", "loc": ["services", "tor", "settings", "RefuseUnknownExits"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.RejectPlaintextPorts": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#RejectPlaintextPorts).\n", "loc": ["services", "tor", "settings", "RejectPlaintextPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tor.settings.RelayBandwidthBurst": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#RelayBandwidthBurst).\n", "loc": ["services", "tor", "settings", "RelayBandwidthBurst"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.RelayBandwidthRate": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#RelayBandwidthRate).\n", "loc": ["services", "tor", "settings", "RelayBandwidthRate"], "readOnly": false, "type": "null or signed integer or string"}, "services.tor.settings.SOCKSPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "if config.services.tor.settings.HiddenServiceNonAnonymousMode == true\nthen [ { port = 0; } ]\nelse [ ]\n"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#SOCKSPort).\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    port = 9090;\n  }\n]"}, "loc": ["services", "tor", "settings", "SOCKSPort"], "readOnly": false, "type": "list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule))"}, "services.tor.settings.Sandbox": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#Sandbox).\n", "loc": ["services", "tor", "settings", "Sandbox"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ServerDNSAllowBrokenConfig": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerDNSAllowBrokenConfig).\n", "loc": ["services", "tor", "settings", "ServerDNSAllowBrokenConfig"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ServerDNSAllowNonRFC953Hostnames": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerDNSAllowNonRFC953Hostnames).\n", "loc": ["services", "tor", "settings", "ServerDNSAllowNonRFC953Hostnames"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ServerDNSDetectHijacking": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerDNSDetectHijacking).\n", "loc": ["services", "tor", "settings", "ServerDNSDetectHijacking"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ServerDNSRandomizeCase": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerDNSRandomizeCase).\n", "loc": ["services", "tor", "settings", "ServerDNSRandomizeCase"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ServerDNSResolvConfFile": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerDNSResolvConfFile).\n", "loc": ["services", "tor", "settings", "ServerDNSResolvConfFile"], "readOnly": false, "type": "null or absolute path"}, "services.tor.settings.ServerDNSSearchDomains": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerDNSSearchDomains).\n", "loc": ["services", "tor", "settings", "ServerDNSSearchDomains"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.ServerTransportPlugin": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ServerTransportPlugin).\n", "loc": ["services", "tor", "settings", "ServerTransportPlugin"], "readOnly": false, "type": "null or (submodule)"}, "services.tor.settings.ServerTransportPlugin.exec": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "Command of pluggable transport.", "loc": ["services", "tor", "settings", "ServerTransportPlugin", "exec"], "readOnly": false, "type": "string"}, "services.tor.settings.ServerTransportPlugin.transports": {"declarations": ["nixos/modules/services/security/tor.nix"], "description": "List of pluggable transports.", "example": {"_type": "literalExpression", "text": "[\n  \"obfs2\"\n  \"obfs3\"\n  \"obfs4\"\n  \"scramblesuit\"\n]"}, "loc": ["services", "tor", "settings", "ServerTransportPlugin", "transports"], "readOnly": false, "type": "list of string"}, "services.tor.settings.ShutdownWaitLength": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#ShutdownWaitLength).\n", "loc": ["services", "tor", "settings", "ShutdownWaitLength"], "readOnly": false, "type": "signed integer"}, "services.tor.settings.SocksPolicy": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#SocksPolicy).\n", "example": {"_type": "literalExpression", "text": "[\n  \"accept *:*\"\n]"}, "loc": ["services", "tor", "settings", "SocksPolicy"], "readOnly": false, "type": "list of string"}, "services.tor.settings.TestingTorNetwork": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#TestingTorNetwork).\n", "loc": ["services", "tor", "settings", "TestingTorNetwork"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.TransPort": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#TransPort).\n", "loc": ["services", "tor", "settings", "TransPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value \"auto\" (singular enum) or (submodule))"}, "services.tor.settings.TransProxyType": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#TransProxyType).\n", "loc": ["services", "tor", "settings", "TransProxyType"], "readOnly": false, "type": "null or one of \"default\", \"TPROXY\", \"ipfw\", \"pf-divert\""}, "services.tor.settings.UnixSocksGroupWritable": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#UnixSocksGroupWritable).\n", "loc": ["services", "tor", "settings", "UnixSocksGroupWritable"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.UseDefaultFallbackDirs": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#UseDefaultFallbackDirs).\n", "loc": ["services", "tor", "settings", "UseDefaultFallbackDirs"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.UseMicrodescriptors": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#UseMicrodescriptors).\n", "loc": ["services", "tor", "settings", "UseMicrodescriptors"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.V3AuthUseLegacyKey": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#V3AuthUseLegacyKey).\n", "loc": ["services", "tor", "settings", "V3AuthUseLegacyKey"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.V3AuthoritativeDirectory": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#V3AuthoritativeDirectory).\n", "loc": ["services", "tor", "settings", "V3AuthoritativeDirectory"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.VersioningAuthoritativeDirectory": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#VersioningAuthoritativeDirectory).\n", "loc": ["services", "tor", "settings", "VersioningAuthoritativeDirectory"], "readOnly": false, "type": "null or boolean"}, "services.tor.settings.VirtualAddrNetworkIPv4": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#VirtualAddrNetworkIPv4).\n", "loc": ["services", "tor", "settings", "VirtualAddrNetworkIPv4"], "readOnly": false, "type": "null or string"}, "services.tor.settings.VirtualAddrNetworkIPv6": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#VirtualAddrNetworkIPv6).\n", "loc": ["services", "tor", "settings", "VirtualAddrNetworkIPv6"], "readOnly": false, "type": "null or string"}, "services.tor.settings.WarnPlaintextPorts": {"declarations": ["nixos/modules/services/security/tor.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#WarnPlaintextPorts).\n", "loc": ["services", "tor", "settings", "WarnPlaintextPorts"], "readOnly": false, "type": "list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tor.torsocks.allowInbound": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set Torsocks to accept inbound connections. If set to\n`true`, listen() and accept() will be\nallowed to be used with non localhost address.\n", "loc": ["services", "tor", "torsocks", "allowInbound"], "readOnly": false, "type": "boolean"}, "services.tor.torsocks.enable": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to build `/etc/tor/torsocks.conf`\ncontaining the specified global torsocks configuration.\n", "loc": ["services", "tor", "torsocks", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.torsocks.fasterServer": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:9063\""}, "description": "IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP.\nCurrently, hostnames are NOT supported by torsocks.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.20:1234\""}, "loc": ["services", "tor", "torsocks", "fasterServer"], "readOnly": false, "type": "string"}, "services.tor.torsocks.onionAddrRange": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "\"127.42.42.0/24\""}, "description": "Tor hidden sites do not have real IP addresses. This\nspecifies what range of IP addresses will be handed to the\napplication as \"cookies\" for .onion names.  Of course, you\nshould pick a block of addresses which you aren't going to\never need to actually connect to. This is similar to the\nMapAddress feature of the main tor daemon.\n", "loc": ["services", "tor", "torsocks", "onionAddrRange"], "readOnly": false, "type": "string"}, "services.tor.torsocks.server": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:9050\""}, "description": "IP/Port of the Tor SOCKS server. Currently, hostnames are\nNOT supported by torsocks.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.20:1234\""}, "loc": ["services", "tor", "torsocks", "server"], "readOnly": false, "type": "string"}, "services.tor.torsocks.socks5Password": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SOCKS5 password. The `TORSOCKS_PASSWORD`\nenvironment variable overrides this option if it is set.\n", "example": {"_type": "literalExpression", "text": "\"sekret\""}, "loc": ["services", "tor", "torsocks", "socks5Password"], "readOnly": false, "type": "null or string"}, "services.tor.torsocks.socks5Username": {"declarations": ["nixos/modules/services/security/torsocks.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SOCKS5 username. The `TORSOCKS_USERNAME`\nenvironment variable overrides this option if it is set.\n", "example": {"_type": "literalExpression", "text": "\"bob\""}, "loc": ["services", "tor", "torsocks", "socks5Username"], "readOnly": false, "type": "null or string"}, "services.tor.tsocks.config": {"declarations": ["nixos/modules/services/security/torify.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration. Contents will be added verbatim to TSocks\nconfiguration file.\n", "loc": ["services", "tor", "tsocks", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.tor.tsocks.enable": {"declarations": ["nixos/modules/services/security/torify.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to build tsocks wrapper script to relay application traffic via Tor.\n\n::: {.important}\nYou shouldn't use this unless you know what you're\ndoing because your installation of Tor already comes with\nits own superior (doesn't leak DNS queries)\n`torsocks` wrapper which does pretty much\nexactly the same thing as this.\n:::\n", "loc": ["services", "tor", "tsocks", "enable"], "readOnly": false, "type": "boolean"}, "services.tor.tsocks.server": {"declarations": ["nixos/modules/services/security/torify.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:9050\""}, "description": "IP address of TOR client to use.\n", "example": {"_type": "literalExpression", "text": "\"192.168.0.20\""}, "loc": ["services", "tor", "tsocks", "server"], "readOnly": false, "type": "string"}, "services.torque.mom.enable": {"declarations": ["nixos/modules/services/computing/torque/mom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable torque computing node.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "torque", "mom", "enable"], "readOnly": false, "type": "boolean"}, "services.torque.mom.serverNode": {"declarations": ["nixos/modules/services/computing/torque/mom.nix"], "description": "Hostname running pbs server.", "loc": ["services", "torque", "mom", "serverNode"], "readOnly": false, "type": "string"}, "services.torque.server.enable": {"declarations": ["nixos/modules/services/computing/torque/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable torque server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "torque", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.torrentstream.address": {"declarations": ["nixos/modules/services/torrent/torrentstream.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on.\n", "loc": ["services", "torrentstream", "address"], "readOnly": false, "type": "string"}, "services.torrentstream.enable": {"declarations": ["nixos/modules/services/torrent/torrentstream.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TorrentStream daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "torrentstream", "enable"], "readOnly": false, "type": "boolean"}, "services.torrentstream.openFirewall": {"declarations": ["nixos/modules/services/torrent/torrentstream.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for TorrentStream daemon.\n", "loc": ["services", "torrentstream", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.torrentstream.package": {"declarations": ["nixos/modules/services/torrent/torrentstream.nix"], "default": {"_type": "literalExpression", "text": "pkgs.torrentstream"}, "description": "The torrentstream package to use.", "loc": ["services", "torrentstream", "package"], "readOnly": false, "type": "package"}, "services.torrentstream.port": {"declarations": ["nixos/modules/services/torrent/torrentstream.nix"], "default": {"_type": "literalExpression", "text": "5082"}, "description": "TorrentStream port.\n", "loc": ["services", "torrentstream", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.touchegg.enable": {"declarations": ["nixos/modules/services/x11/touchegg.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable touchegg, a multi-touch gesture recognizer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "touchegg", "enable"], "readOnly": false, "type": "boolean"}, "services.touchegg.package": {"declarations": ["nixos/modules/services/x11/touchegg.nix"], "default": {"_type": "literalExpression", "text": "pkgs.touchegg"}, "description": "The touchegg package to use.", "loc": ["services", "touchegg", "package"], "readOnly": false, "type": "package"}, "services.tox-node.enable": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tox Node service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tox-node", "enable"], "readOnly": false, "type": "boolean"}, "services.tox-node.keysFile": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tox-node/keys\""}, "description": "Path to the file where DHT keys are stored.", "loc": ["services", "tox-node", "keysFile"], "readOnly": false, "type": "string"}, "services.tox-node.lanDiscovery": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable local network discovery.", "loc": ["services", "tox-node", "lanDiscovery"], "readOnly": false, "type": "boolean"}, "services.tox-node.logType": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "\"Stderr\""}, "description": "Logging implementation.", "loc": ["services", "tox-node", "logType"], "readOnly": false, "type": "one of \"Stderr\", \"Stdout\", \"Syslog\", \"None\""}, "services.tox-node.motd": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "\"Hi from tox-rs! I'm up {{uptime}}. TCP: incoming {{tcp_packets_in}}, outgoing {{tcp_packets_out}}, UDP: incoming {{udp_packets_in}}, outgoing {{udp_packets_out}}\""}, "description": "Message of the day", "loc": ["services", "tox-node", "motd"], "readOnly": false, "type": "string"}, "services.tox-node.tcpAddresses": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:33445\"\n]"}, "description": "TCP addresses to run TCP relay.", "loc": ["services", "tox-node", "tcpAddresses"], "readOnly": false, "type": "list of string"}, "services.tox-node.tcpConnectionLimit": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "8192"}, "description": "Maximum number of active TCP connections relay can hold", "loc": ["services", "tox-node", "tcpConnectionLimit"], "readOnly": false, "type": "signed integer"}, "services.tox-node.threads": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of threads for execution", "loc": ["services", "tox-node", "threads"], "readOnly": false, "type": "signed integer"}, "services.tox-node.udpAddress": {"declarations": ["nixos/modules/services/networking/tox-node.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:33445\""}, "description": "UDP address to run DHT node.", "loc": ["services", "tox-node", "udpAddress"], "readOnly": false, "type": "string"}, "services.toxBootstrapd.enable": {"declarations": ["nixos/modules/services/networking/tox-bootstrapd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Tox DHT bootstrap daemon.\n", "loc": ["services", "toxBootstrapd", "enable"], "readOnly": false, "type": "boolean"}, "services.toxBootstrapd.extraConfig": {"declarations": ["nixos/modules/services/networking/tox-bootstrapd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration for bootstrap daemon.\nSee <https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf>\nand <https://wiki.tox.chat/users/nodes>.\n", "loc": ["services", "toxBootstrapd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.toxBootstrapd.keysFile": {"declarations": ["nixos/modules/services/networking/tox-bootstrapd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tox-bootstrapd/keys\""}, "description": "Node key file.", "loc": ["services", "toxBootstrapd", "keysFile"], "readOnly": false, "type": "string"}, "services.toxBootstrapd.port": {"declarations": ["nixos/modules/services/networking/tox-bootstrapd.nix"], "default": {"_type": "literalExpression", "text": "33445"}, "description": "Listening port (UDP).", "loc": ["services", "toxBootstrapd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.toxvpn.auto_add_peers": {"declarations": ["nixos/modules/services/networking/toxvpn.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "peers to automatically connect to on startup", "example": {"_type": "literalExpression", "text": "[\n  \"toxid1\"\n  \"toxid2\"\n]"}, "loc": ["services", "toxvpn", "auto_add_peers"], "readOnly": false, "type": "list of string"}, "services.toxvpn.enable": {"declarations": ["nixos/modules/services/networking/toxvpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable toxvpn running on startup.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "toxvpn", "enable"], "readOnly": false, "type": "boolean"}, "services.toxvpn.localip": {"declarations": ["nixos/modules/services/networking/toxvpn.nix"], "default": {"_type": "literalExpression", "text": "\"10.123.123.1\""}, "description": "your ip on the vpn", "loc": ["services", "toxvpn", "localip"], "readOnly": false, "type": "string"}, "services.toxvpn.port": {"declarations": ["nixos/modules/services/networking/toxvpn.nix"], "default": {"_type": "literalExpression", "text": "33445"}, "description": "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT", "loc": ["services", "toxvpn", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tp-auto-kbbl.arguments": {"declarations": ["nixos/modules/services/misc/tp-auto-kbbl.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of arguments appended to `./tp-auto-kbbl --device [device] [arguments]`\n", "loc": ["services", "tp-auto-kbbl", "arguments"], "readOnly": false, "type": "list of string"}, "services.tp-auto-kbbl.device": {"declarations": ["nixos/modules/services/misc/tp-auto-kbbl.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/input/event0\""}, "description": "Device watched for activities.", "loc": ["services", "tp-auto-kbbl", "device"], "readOnly": false, "type": "string"}, "services.tp-auto-kbbl.enable": {"declarations": ["nixos/modules/services/misc/tp-auto-kbbl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tp-auto-kbbl", "enable"], "readOnly": false, "type": "boolean"}, "services.tp-auto-kbbl.package": {"declarations": ["nixos/modules/services/misc/tp-auto-kbbl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tp-auto-kbbl"}, "description": "The tp-auto-kbbl package to use.", "loc": ["services", "tp-auto-kbbl", "package"], "readOnly": false, "type": "package"}, "services.traccar.enable": {"declarations": ["nixos/modules/services/monitoring/traccar.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Traccar, an open source GPS tracking system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "traccar", "enable"], "readOnly": false, "type": "boolean"}, "services.traccar.environmentFile": {"declarations": ["nixos/modules/services/monitoring/traccar.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to substitute in the configuration before starting Traccar.\n\nCan be used for storing the secrets without making them available in the world-readable Nix store.\n\nFor example, you can set {option}`services.traccar.settings.database.password = \"$TRACCAR_DB_PASSWORD\"`\nand then specify `TRACCAR_DB_PASSWORD=\"<secret>\"` in the environment file.\nThis value will get substituted in the configuration file.\n", "loc": ["services", "traccar", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.traccar.settings": {"declarations": ["nixos/modules/services/monitoring/traccar.nix"], "default": {"_type": "literalExpression", "text": "{\n  database = {\n    driver = \"org.h2.Driver\";\n    password = \"\";\n    url = \"jdbc:h2:/var/lib/traccar/traccar\";\n    user = \"sa\";\n  };\n  logger = {\n    console = \"true\";\n  };\n  web = {\n    override = \"/var/lib/traccar/override\";\n  };\n}"}, "description": "{file}`config.xml` configuration as a Nix attribute set.\nThis option is ignored if `settingsFile` is set.\n\nNested attributes get translated to a properties entry in the traccar configuration.\nFor instance: `mail.smtp.port = \"25\"` results in the following entry:\n`<entry key='mail.smtp.port'>25</entry>`\n\nSecrets should be specified using {option}`environmentFile`\ninstead of this world-readable attribute set.\n[Traccar - Configuration File](https://www.traccar.org/configuration-file/).\n", "loc": ["services", "traccar", "settings"], "readOnly": false, "type": "unspecified value"}, "services.traccar.settingsFile": {"declarations": ["nixos/modules/services/monitoring/traccar.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File used as configuration for traccar. When specified, {option}`settings` is ignored.\n", "loc": ["services", "traccar", "settingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.traefik.dataDir": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/traefik\""}, "description": "Location for any persistent data traefik creates, ie. acme\n", "loc": ["services", "traefik", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.traefik.dynamicConfigFile": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to traefik's dynamic configuration to use.\n(Using that option has precedence over `dynamicConfigOptions`)\n", "example": {"_type": "literalExpression", "text": "/path/to/dynamic_config.toml"}, "loc": ["services", "traefik", "dynamicConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.traefik.dynamicConfigOptions": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Dynamic configuration for Traefik.\n", "example": {"_type": "literalExpression", "text": "{\n  http = {\n    routers = {\n      router1 = {\n        rule = \"Host(`localhost`)\";\n        service = \"service1\";\n      };\n    };\n    services = {\n      service1 = {\n        loadBalancer = {\n          servers = [\n            {\n              url = \"http://localhost:8080\";\n            }\n          ];\n        };\n      };\n    };\n  };\n}"}, "loc": ["services", "traefik", "dynamicConfigOptions"], "readOnly": false, "type": "TOML value"}, "services.traefik.enable": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Traefik web server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "traefik", "enable"], "readOnly": false, "type": "boolean"}, "services.traefik.environmentFiles": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load as environment file. Environment variables from this file\nwill be substituted into the static configuration file using envsubst.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/traefik.env\"\n]"}, "loc": ["services", "traefik", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.traefik.group": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "\"traefik\""}, "description": "Set the group that traefik runs under.\nFor the docker backend this needs to be set to `docker` instead.\n", "example": {"_type": "literalExpression", "text": "\"docker\""}, "loc": ["services", "traefik", "group"], "readOnly": false, "type": "string"}, "services.traefik.package": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "pkgs.traefik"}, "description": "The traefik package to use.", "loc": ["services", "traefik", "package"], "readOnly": false, "type": "package"}, "services.traefik.staticConfigFile": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to traefik's static configuration to use.\n(Using that option has precedence over `staticConfigOptions` and `dynamicConfigOptions`)\n", "example": {"_type": "literalExpression", "text": "/path/to/static_config.toml"}, "loc": ["services", "traefik", "staticConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.traefik.staticConfigOptions": {"declarations": ["nixos/modules/services/web-servers/traefik.nix"], "default": {"_type": "literalExpression", "text": "{\n  entryPoints = {\n    http = {\n      address = \":80\";\n    };\n  };\n}"}, "description": "Static configuration for Traefik.\n", "example": {"_type": "literalExpression", "text": "{\n  api = { };\n  entryPoints = {\n    http = {\n      address = \":80\";\n    };\n    web = {\n      address = \":8080\";\n    };\n  };\n}"}, "loc": ["services", "traefik", "staticConfigOptions"], "readOnly": false, "type": "TOML value"}, "services.trafficserver.cache": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Caching rules that overrule the origin's caching policy.\n\nConsult the [upstream\ndocumentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/cache.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "\"dest_domain=example.com suffix=js action=never-cache\""}, "loc": ["services", "trafficserver", "cache"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.enable": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Apache Traffic Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "trafficserver", "enable"], "readOnly": false, "type": "boolean"}, "services.trafficserver.hosting": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Partition the cache according to origin server or domain\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/hosting.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "\"domain=example.com volume=1\""}, "loc": ["services", "trafficserver", "hosting"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.ipAllow": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalMD", "text": "upstream defaults"}, "description": "Control client access to Traffic Server and Traffic Server connections\nto upstream servers.\n\nConsult the [upstream\ndocumentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ip_allow.yaml.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "{\n  ip_allow = [{\n    apply = \"in\";\n    ip_addrs = \"127.0.0.1\";\n    action = \"allow\";\n    methods = \"ALL\";\n  }];\n}\n"}, "loc": ["services", "trafficserver", "ipAllow"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.trafficserver.logging": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalMD", "text": "upstream defaults"}, "description": "Configure logs.\n\nConsult the [upstream\ndocumentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/logging.yaml.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "{ }"}, "loc": ["services", "trafficserver", "logging"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.trafficserver.parent": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Identify the parent proxies used in an cache hierarchy.\n\nConsult the [upstream\ndocumentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/parent.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "''\n  dest_domain=. method=get parent=\"p1.example:8080; p2.example:8080\" round_robin=true\n''"}, "loc": ["services", "trafficserver", "parent"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.plugins": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Controls run-time loadable plugins available to Traffic Server, as\nwell as their configuration.\n\nConsult the [upstream\ndocumentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/plugin.config.en.html) for more details.\n", "loc": ["services", "trafficserver", "plugins"], "readOnly": false, "type": "list of (submodule)"}, "services.trafficserver.plugins.*.arg": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "arguments to pass to the plugin", "example": {"_type": "literalExpression", "text": "\"--header=ATS-My-Debug\""}, "loc": ["services", "trafficserver", "plugins", "*", "arg"], "readOnly": false, "type": "string"}, "services.trafficserver.plugins.*.path": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "description": "Path to plugin. The path can either be absolute, or relative to\nthe plugin directory.\n", "example": {"_type": "literalExpression", "text": "\"xdebug.so\""}, "loc": ["services", "trafficserver", "plugins", "*", "path"], "readOnly": false, "type": "string"}, "services.trafficserver.records": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List of configurable variables used by Traffic Server.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "{\n  proxy = {\n    config = {\n      proxy_name = \"my_server\";\n    };\n  };\n}"}, "loc": ["services", "trafficserver", "records"], "readOnly": false, "type": "Traffic Server records value"}, "services.trafficserver.remap": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL remapping rules used by Traffic Server.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "\"map http://from.example http://origin.example\""}, "loc": ["services", "trafficserver", "remap"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.sni": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure aspects of TLS connection handling for both inbound and\noutbound connections.\n\nConsult the [upstream\ndocumentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/sni.yaml.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "{\n  sni = [{\n    fqdn = \"no-http2.example.com\";\n    https = \"off\";\n  }];\n}\n"}, "loc": ["services", "trafficserver", "sni"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.trafficserver.splitDns": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specify the DNS server that Traffic Server should use under specific\nconditions.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/splitdns.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "''\n  dest_domain=internal.corp.example named=\"255.255.255.255:212 255.255.255.254\" def_domain=corp.example search_list=\"corp.example corp1.example\"\n  dest_domain=!internal.corp.example named=255.255.255.253\n''"}, "loc": ["services", "trafficserver", "splitDns"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.sslMulticert": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configure SSL server certificates to terminate the SSL sessions.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ssl_multicert.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "\"dest_ip=* ssl_cert_name=default.pem\""}, "loc": ["services", "trafficserver", "sslMulticert"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.storage": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/trafficserver 256M\""}, "description": "List all the storage that make up the Traffic Server cache.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-id/XXXXX volume=1\""}, "loc": ["services", "trafficserver", "storage"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.trafficserver.strategies": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the next hop proxies used in an cache hierarchy and the\nalgorithms used to select the next proxy.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/strategies.yaml.en.html) for more details.\n", "loc": ["services", "trafficserver", "strategies"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.trafficserver.volume": {"declarations": ["nixos/modules/services/web-servers/trafficserver/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Manage cache space more efficiently and restrict disk usage by\ncreating cache volumes of different sizes.\n\nConsult the [\nupstream documentation](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/volume.config.en.html) for more details.\n", "example": {"_type": "literalExpression", "text": "\"volume=1 scheme=http size=20%\""}, "loc": ["services", "trafficserver", "volume"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.transfer-sh.enable": {"declarations": ["nixos/modules/services/misc/transfer-sh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Easy and fast file sharing from the command-line.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "transfer-sh", "enable"], "readOnly": false, "type": "boolean"}, "services.transfer-sh.package": {"declarations": ["nixos/modules/services/misc/transfer-sh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.transfer-sh"}, "description": "The transfer-sh package to use.", "loc": ["services", "transfer-sh", "package"], "readOnly": false, "type": "package"}, "services.transfer-sh.provider": {"declarations": ["nixos/modules/services/misc/transfer-sh.nix"], "default": {"_type": "literalExpression", "text": "\"local\""}, "description": "Storage providers to use", "loc": ["services", "transfer-sh", "provider"], "readOnly": false, "type": "one of \"local\", \"s3\", \"storj\", \"gdrive\""}, "services.transfer-sh.secretFile": {"declarations": ["nixos/modules/services/misc/transfer-sh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing environment variables.\nUseful for passing down secrets.\nSome variables that can be considered secrets are:\n - AWS_ACCESS_KEY\n - AWS_ACCESS_KEY\n - TLS_PRIVATE_KEY\n - HTTP_AUTH_HTPASSWD\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/transfer-sh.env\""}, "loc": ["services", "transfer-sh", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.transfer-sh.settings": {"declarations": ["nixos/modules/services/misc/transfer-sh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for transfer-sh, see\n<https://github.com/dutchcoders/transfer.sh#usage-1>\nfor supported values.\n\nFor secrets use secretFile option instead.\n", "example": {"_type": "literalExpression", "text": "{\n  BASEDIR = \"/var/lib/transfer.sh\";\n  LISTENER = \":8080\";\n  TLS_LISTENER_ONLY = false;\n}"}, "loc": ["services", "transfer-sh", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string)"}, "services.transmission.credentialsFile": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Path to a JSON file to be merged with the settings.\nUseful to merge a file which is better kept out of the Nix store\nto set secret config parameters like `rpc-password`.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/transmission/settings.json\""}, "loc": ["services", "transmission", "credentialsFile"], "readOnly": false, "type": "absolute path"}, "services.transmission.downloadDirPermissions": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If not `null`, is used as the permissions\nset by `system.activationScripts.transmission-daemon`\non the directories [](#opt-services.transmission.settings.download-dir),\n[](#opt-services.transmission.settings.incomplete-dir).\nand [](#opt-services.transmission.settings.watch-dir).\nNote that you may also want to change\n[](#opt-services.transmission.settings.umask).\n\nKeep in mind, that if the default user is used, the `home` directory\nis locked behind a `750` permission, which affects all subdirectories\nas well. There are 3 ways to get around this:\n\n1. (Recommended) add the users that should have access to the group\n   set by [](#opt-services.transmission.group)\n2. Change [](#opt-services.transmission.settings.download-dir) to be\n   under a directory that has the right permissions\n3. Change `systemd.services.transmission.serviceConfig.StateDirectoryMode`\n   to the same value as this option\n", "example": {"_type": "literalExpression", "text": "\"770\""}, "loc": ["services", "transmission", "downloadDirPermissions"], "readOnly": false, "type": "null or string"}, "services.transmission.enable": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the headless Transmission BitTorrent daemon.\n\nTransmission daemon can be controlled via the RPC interface using\ntransmission-remote, the WebUI (http://127.0.0.1:9091/ by default),\nor other clients like stig or tremc.\n\nTorrents are downloaded to [](#opt-services.transmission.home)/Downloads by default and are\naccessible to users in the \"transmission\" group.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "transmission", "enable"], "readOnly": false, "type": "boolean"}, "services.transmission.extraFlags": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the transmission command in the service definition.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--log-debug\"\n]"}, "loc": ["services", "transmission", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.transmission.group": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"transmission\""}, "description": "Group account under which Transmission runs.", "loc": ["services", "transmission", "group"], "readOnly": false, "type": "string"}, "services.transmission.home": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/transmission\""}, "description": "The directory where Transmission will create `.config/transmission-daemon`.\nas well as `Downloads/` unless\n[](#opt-services.transmission.settings.download-dir) is changed,\nand `.incomplete/` unless\n[](#opt-services.transmission.settings.incomplete-dir) is changed.\n", "loc": ["services", "transmission", "home"], "readOnly": false, "type": "absolute path"}, "services.transmission.openFirewall": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "description": "Alias of {option}`services.transmission.openPeerPorts`.", "loc": ["services", "transmission", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.transmission.openPeerPorts": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening of the peer port(s) in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "transmission", "openPeerPorts"], "readOnly": false, "type": "boolean"}, "services.transmission.openRPCPort": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening of the RPC port in the firewall.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "transmission", "openRPCPort"], "readOnly": false, "type": "boolean"}, "services.transmission.package": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "''\n  if lib.versionAtLeast config.system.stateVersion \"25.11\" then\n    pkgs.transmission_4\n  else\n    \u00aberror message\u00bb\n''"}, "description": "The transmission package to use.", "example": {"_type": "literalExpression", "text": "pkgs.transmission_4"}, "loc": ["services", "transmission", "package"], "readOnly": false, "type": "package"}, "services.transmission.performanceNetParameters": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tweaking of kernel parameters\nto open many more connections at the same time.\n\nNote that you may also want to increase\n`peer-limit-global`.\nAnd be aware that these settings are quite aggressive\nand might not suite your regular desktop use.\nFor instance, SSH sessions may time out more easily.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "transmission", "performanceNetParameters"], "readOnly": false, "type": "boolean"}, "services.transmission.settings": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings whose options overwrite fields in\n`.config/transmission-daemon/settings.json`\n(each time the service starts).\n\nSee [Transmission's Wiki](https://github.com/transmission/transmission/wiki/Editing-Configuration-Files)\nfor documentation of settings not explicitly covered by this module.\n", "loc": ["services", "transmission", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.transmission.settings.download-dir": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.transmission.home}/Downloads\""}, "description": "Directory where to download torrents.", "loc": ["services", "transmission", "settings", "download-dir"], "readOnly": false, "type": "absolute path"}, "services.transmission.settings.incomplete-dir": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.transmission.home}/.incomplete\""}, "description": "When enabled with\nservices.transmission.home\n[](#opt-services.transmission.settings.incomplete-dir-enabled),\nnew torrents will download the files to this directory.\nWhen complete, the files will be moved to download-dir\n[](#opt-services.transmission.settings.download-dir).\n", "loc": ["services", "transmission", "settings", "incomplete-dir"], "readOnly": false, "type": "absolute path"}, "services.transmission.settings.incomplete-dir-enabled": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "", "loc": ["services", "transmission", "settings", "incomplete-dir-enabled"], "readOnly": false, "type": "boolean"}, "services.transmission.settings.message-level": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Set verbosity of transmission messages.", "loc": ["services", "transmission", "settings", "message-level"], "readOnly": false, "type": "integer between 0 and 6 (both inclusive)"}, "services.transmission.settings.peer-port": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "51413"}, "description": "The peer port to listen for incoming connections.", "loc": ["services", "transmission", "settings", "peer-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.transmission.settings.peer-port-random-high": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "The maximum peer port to listen to for incoming connections\nwhen [](#opt-services.transmission.settings.peer-port-random-on-start) is enabled.\n", "loc": ["services", "transmission", "settings", "peer-port-random-high"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.transmission.settings.peer-port-random-low": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "65535"}, "description": "The minimal peer port to listen to for incoming connections\nwhen [](#opt-services.transmission.settings.peer-port-random-on-start) is enabled.\n", "loc": ["services", "transmission", "settings", "peer-port-random-low"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.transmission.settings.peer-port-random-on-start": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Randomize the peer port.", "loc": ["services", "transmission", "settings", "peer-port-random-on-start"], "readOnly": false, "type": "boolean"}, "services.transmission.settings.rpc-bind-address": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Where to listen for RPC connections.\nUse `0.0.0.0` to listen on all interfaces.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "transmission", "settings", "rpc-bind-address"], "readOnly": false, "type": "string"}, "services.transmission.settings.rpc-port": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "9091"}, "description": "The RPC port to listen to.", "loc": ["services", "transmission", "settings", "rpc-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.transmission.settings.script-torrent-done-enabled": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run\n[](#opt-services.transmission.settings.script-torrent-done-filename)\nat torrent completion.\n", "loc": ["services", "transmission", "settings", "script-torrent-done-enabled"], "readOnly": false, "type": "boolean"}, "services.transmission.settings.script-torrent-done-filename": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Executable to be run at torrent completion.", "loc": ["services", "transmission", "settings", "script-torrent-done-filename"], "readOnly": false, "type": "null or absolute path"}, "services.transmission.settings.trash-original-torrent-files": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to delete torrents added from the\n                [](#opt-services.transmission.settings.watch-dir).\n", "loc": ["services", "transmission", "settings", "trash-original-torrent-files"], "readOnly": false, "type": "boolean"}, "services.transmission.settings.umask": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"022\""}, "description": "Sets transmission's file mode creation mask.\nSee the {manpage}`umask(2)` manpage for more information.\nUsers who want their saved torrents to be world-writable\nmay want to set this value to 0/`\"000\"`.\n", "loc": ["services", "transmission", "settings", "umask"], "readOnly": false, "type": "signed integer or string"}, "services.transmission.settings.utp-enabled": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable [Micro Transport Protocol (\u00b5TP)](https://en.wikipedia.org/wiki/Micro_Transport_Protocol).\n", "loc": ["services", "transmission", "settings", "utp-enabled"], "readOnly": false, "type": "boolean"}, "services.transmission.settings.watch-dir": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.transmission.home}/watchdir\""}, "description": "Watch a directory for torrent files and add them to transmission.", "loc": ["services", "transmission", "settings", "watch-dir"], "readOnly": false, "type": "absolute path"}, "services.transmission.settings.watch-dir-enabled": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the\n                [](#opt-services.transmission.settings.watch-dir).\n", "loc": ["services", "transmission", "settings", "watch-dir-enabled"], "readOnly": false, "type": "boolean"}, "services.transmission.user": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "\"transmission\""}, "description": "User account under which Transmission runs.", "loc": ["services", "transmission", "user"], "readOnly": false, "type": "string"}, "services.transmission.webHome": {"declarations": ["nixos/modules/services/torrent/transmission.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If not `null`, sets the value of the `TRANSMISSION_WEB_HOME`\nenvironment variable used by the service. Useful for overriding\nthe web interface files, without overriding the transmission\npackage and thus requiring rebuilding it locally. Use this if\nyou want to use an alternative web interface, such as\n`pkgs.flood-for-transmission`.\n", "example": {"_type": "literalExpression", "text": "\"pkgs.flood-for-transmission\""}, "loc": ["services", "transmission", "webHome"], "readOnly": false, "type": "null or absolute path"}, "services.tremor-rs.enable": {"declarations": ["nixos/modules/services/monitoring/tremor-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tremor event- or stream-processing system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tremor-rs", "enable"], "readOnly": false, "type": "boolean"}, "services.tremor-rs.host": {"declarations": ["nixos/modules/services/monitoring/tremor-rs.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host tremor should be listening on", "loc": ["services", "tremor-rs", "host"], "readOnly": false, "type": "string"}, "services.tremor-rs.loggerSettings": {"declarations": ["nixos/modules/services/monitoring/tremor-rs.nix"], "default": {"_type": "literalExpression", "text": "{\n  refresh_rate = \"30 seconds\";\n  appenders.stdout.kind = \"console\";\n  root = {\n    level = \"warn\";\n    appenders = [ \"stdout\" ];\n  };\n  loggers = {\n    tremor_runtime = {\n      level = \"debug\";\n      appenders = [ \"stdout\" ];\n      additive = false;\n    };\n    tremor = {\n      level = \"debug\";\n      appenders = [ \"stdout\" ];\n      additive = false;\n    };\n  };\n}\n"}, "description": "Tremor logger configuration", "example": {"_type": "literalExpression", "text": "{\n  appenders = {\n    stdout = {\n      kind = \"console\";\n    };\n  };\n  loggers = {\n    tremor = {\n      additive = false;\n      appenders = [\n        \"stdout\"\n      ];\n      level = \"debug\";\n    };\n    tremor_runtime = {\n      additive = false;\n      appenders = [\n        \"stdout\"\n      ];\n      level = \"debug\";\n    };\n  };\n  refresh_rate = \"30 seconds\";\n  root = {\n    appenders = [\n      \"stdout\"\n    ];\n    level = \"warn\";\n  };\n}"}, "loc": ["services", "tremor-rs", "loggerSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.tremor-rs.port": {"declarations": ["nixos/modules/services/monitoring/tremor-rs.nix"], "default": {"_type": "literalExpression", "text": "9898"}, "description": "the port tremor should be listening on", "loc": ["services", "tremor-rs", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tremor-rs.tremorLibDir": {"declarations": ["nixos/modules/services/monitoring/tremor-rs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Directory where to find /lib containing tremor script files", "loc": ["services", "tremor-rs", "tremorLibDir"], "readOnly": false, "type": "absolute path"}, "services.tremor-rs.troyFileList": {"declarations": ["nixos/modules/services/monitoring/tremor-rs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of troy files to load.", "loc": ["services", "tremor-rs", "troyFileList"], "readOnly": false, "type": "list of absolute path"}, "services.trezord.emulator.enable": {"declarations": ["nixos/modules/services/hardware/trezord.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Trezor emulator support.\n", "loc": ["services", "trezord", "emulator", "enable"], "readOnly": false, "type": "boolean"}, "services.trezord.emulator.port": {"declarations": ["nixos/modules/services/hardware/trezord.nix"], "default": {"_type": "literalExpression", "text": "21324"}, "description": "Listening port for the Trezor emulator.\n", "loc": ["services", "trezord", "emulator", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.trezord.enable": {"declarations": ["nixos/modules/services/hardware/trezord.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets.\n", "loc": ["services", "trezord", "enable"], "readOnly": false, "type": "boolean"}, "services.trickster.configFile": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to configuration file.\n", "loc": ["services", "trickster", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.trickster.enable": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Trickster.\n", "loc": ["services", "trickster", "enable"], "readOnly": false, "type": "boolean"}, "services.trickster.instance-id": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Instance ID for when running multiple processes (default null).\n", "loc": ["services", "trickster", "instance-id"], "readOnly": false, "type": "null or signed integer"}, "services.trickster.log-level": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Level of Logging to use (debug, info, warn, error) (default \"info\").\n", "loc": ["services", "trickster", "log-level"], "readOnly": false, "type": "string"}, "services.trickster.metrics-port": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "8082"}, "description": "Port that the /metrics endpoint will listen on.\n", "loc": ["services", "trickster", "metrics-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.trickster.origin-type": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "\"prometheus\""}, "description": "Type of origin (prometheus, influxdb)\n", "loc": ["services", "trickster", "origin-type"], "readOnly": false, "type": "one of \"prometheus\", \"influxdb\""}, "services.trickster.origin-url": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "\"http://prometheus:9090\""}, "description": "URL to the Origin. Enter it like you would in grafana, e.g., http://prometheus:9090 (default http://prometheus:9090).\n", "loc": ["services", "trickster", "origin-url"], "readOnly": false, "type": "string"}, "services.trickster.package": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "pkgs.trickster"}, "description": "The trickster package to use.", "loc": ["services", "trickster", "package"], "readOnly": false, "type": "package"}, "services.trickster.profiler-port": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port that the /debug/pprof endpoint will listen on.\n", "loc": ["services", "trickster", "profiler-port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.trickster.proxy-port": {"declarations": ["nixos/modules/services/networking/trickster.nix"], "default": {"_type": "literalExpression", "text": "9090"}, "description": "Port that the Proxy server will listen on.\n", "loc": ["services", "trickster", "proxy-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.triggerhappy.bindings": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Key bindings for {command}`triggerhappy`.\n", "example": {"_type": "literalExpression", "text": "[ { keys = [\"PLAYPAUSE\"];  cmd = \"${lib.getExe pkgs.mpc} -q toggle\"; } ]\n"}, "loc": ["services", "triggerhappy", "bindings"], "readOnly": false, "type": "list of (submodule)"}, "services.triggerhappy.bindings.*.cmd": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "description": "What to run.", "loc": ["services", "triggerhappy", "bindings", "*", "cmd"], "readOnly": false, "type": "string"}, "services.triggerhappy.bindings.*.event": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "default": {"_type": "literalExpression", "text": "\"press\""}, "description": "Event to match.", "loc": ["services", "triggerhappy", "bindings", "*", "event"], "readOnly": false, "type": "one of \"press\", \"hold\", \"release\""}, "services.triggerhappy.bindings.*.keys": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "description": "List of keys to match.  Key names as defined in linux/input-event-codes.h", "loc": ["services", "triggerhappy", "bindings", "*", "keys"], "readOnly": false, "type": "list of string"}, "services.triggerhappy.enable": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the {command}`triggerhappy` hotkey daemon.\n", "loc": ["services", "triggerhappy", "enable"], "readOnly": false, "type": "boolean"}, "services.triggerhappy.extraConfig": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Literal contents to append to the end of {command}`triggerhappy` configuration file.\n", "loc": ["services", "triggerhappy", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.triggerhappy.user": {"declarations": ["nixos/modules/services/hardware/triggerhappy.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "User account under which {command}`triggerhappy` runs.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["services", "triggerhappy", "user"], "readOnly": false, "type": "string"}, "services.trilium-server.dataDir": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/trilium\""}, "description": "The directory storing the notes database and the configuration.\n", "loc": ["services", "trilium-server", "dataDir"], "readOnly": false, "type": "string"}, "services.trilium-server.enable": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable trilium-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "trilium-server", "enable"], "readOnly": false, "type": "boolean"}, "services.trilium-server.environmentFile": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File to load as the environment file. This allows you to pass secrets in without writing\nto the nix store.\n", "example": {"_type": "literalExpression", "text": "\"/secrets/trilium.env\""}, "loc": ["services", "trilium-server", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.trilium-server.host": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The host address to bind to (defaults to localhost).\n", "loc": ["services", "trilium-server", "host"], "readOnly": false, "type": "string"}, "services.trilium-server.instanceName": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "\"Trilium\""}, "description": "Instance name used to distinguish between different instances\n", "loc": ["services", "trilium-server", "instanceName"], "readOnly": false, "type": "string"}, "services.trilium-server.nginx": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for nginx reverse proxy.\n", "loc": ["services", "trilium-server", "nginx"], "readOnly": false, "type": "submodule"}, "services.trilium-server.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure the nginx reverse proxy settings.\n", "loc": ["services", "trilium-server", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.trilium-server.nginx.hostName": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "description": "The hostname use to setup the virtualhost configuration\n", "loc": ["services", "trilium-server", "nginx", "hostName"], "readOnly": false, "type": "string"}, "services.trilium-server.noAuthentication": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to true, no password is required to access the web frontend.\n", "loc": ["services", "trilium-server", "noAuthentication"], "readOnly": false, "type": "boolean"}, "services.trilium-server.noBackup": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable periodic database backups.\n", "loc": ["services", "trilium-server", "noBackup"], "readOnly": false, "type": "boolean"}, "services.trilium-server.package": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "pkgs.trilium-server"}, "description": "The trilium-server package to use.", "loc": ["services", "trilium-server", "package"], "readOnly": false, "type": "package"}, "services.trilium-server.port": {"declarations": ["nixos/modules/services/web-apps/trilium.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port number to bind to.\n", "loc": ["services", "trilium-server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tsidp.enable": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tsidp server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tsidp", "enable"], "readOnly": false, "type": "boolean"}, "services.tsidp.environmentFile": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an environment file loaded for the tsidp service.\n\nThis can be used to securely store tokens and secrets outside of the world-readable Nix store.\n\nExample contents of the file:\n```\nTS_AUTH_KEY=YOUR_TAILSCALE_AUTHKEY\n```\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/tsidp\""}, "loc": ["services", "tsidp", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.tsidp.package": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tsidp"}, "description": "The tsidp package to use.", "loc": ["services", "tsidp", "package"], "readOnly": false, "type": "package"}, "services.tsidp.settings.debugAllRequests": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "For development. Prints all requests and responses.\n", "loc": ["services", "tsidp", "settings", "debugAllRequests"], "readOnly": false, "type": "boolean"}, "services.tsidp.settings.debugTsnet": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "For development. Enables debug level logging with tsnet connection.\n", "loc": ["services", "tsidp", "settings", "debugTsnet"], "readOnly": false, "type": "boolean"}, "services.tsidp.settings.enableFunnel": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use Tailscale Funnel to make tsidp available on the public internet so it works with SaaS products.\n", "loc": ["services", "tsidp", "settings", "enableFunnel"], "readOnly": false, "type": "boolean"}, "services.tsidp.settings.enableSts": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable OAuth token exchange using RFC 8693.\n", "loc": ["services", "tsidp", "settings", "enableSts"], "readOnly": false, "type": "boolean"}, "services.tsidp.settings.hostName": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "\"idp\""}, "description": "The hostname to use for the tsnet node.\n", "loc": ["services", "tsidp", "settings", "hostName"], "readOnly": false, "type": "string"}, "services.tsidp.settings.localPort": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Listen on localhost:<port>.", "loc": ["services", "tsidp", "settings", "localPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tsidp.settings.logLevel": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Set logging level: debug, info, warn, error.\n", "loc": ["services", "tsidp", "settings", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warn\", \"error\""}, "services.tsidp.settings.port": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "Port to listen on (default: 443).\n", "loc": ["services", "tsidp", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tsidp.settings.useLocalTailscaled": {"declarations": ["nixos/modules/services/security/tsidp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use local tailscaled instead of tsnet.\n", "loc": ["services", "tsidp", "settings", "useLocalTailscaled"], "readOnly": false, "type": "boolean"}, "services.tsmBackup.autoTime": {"declarations": ["nixos/modules/services/backup/tsm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The backup service will be invoked\nautomatically at the given date/time,\nwhich must be in the format described in\n{manpage}`systemd.time(5)`.\nThe default `null`\ndisables automatic backups.\n", "example": {"_type": "literalExpression", "text": "\"12:00\""}, "loc": ["services", "tsmBackup", "autoTime"], "readOnly": false, "type": "null or non-empty string"}, "services.tsmBackup.command": {"declarations": ["nixos/modules/services/backup/tsm.nix"], "default": {"_type": "literalExpression", "text": "\"backup\""}, "description": "The actual command passed to the\n`dsmc` executable to start the backup.\n", "example": {"_type": "literalExpression", "text": "\"incr\""}, "loc": ["services", "tsmBackup", "command"], "readOnly": false, "type": "non-empty string"}, "services.tsmBackup.enable": {"declarations": ["nixos/modules/services/backup/tsm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic backups with the\nIBM Storage Protect (Tivoli Storage Manager, TSM) client.\nThis also enables\n{option}`programs.tsmClient.enable`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tsmBackup", "enable"], "readOnly": false, "type": "boolean"}, "services.tsmBackup.servername": {"declarations": ["nixos/modules/services/backup/tsm.nix"], "description": "Create a systemd system service\n`tsm-backup.service` that starts\na backup based on the given servername's stanza.\nNote that this server's\n{option}`passwdDir` will default to\n{file}`/var/lib/tsm-backup/password`\n(but may be overridden);\nalso, the service will use\n{file}`/var/lib/tsm-backup` as\n`HOME` when calling\n`dsmc`.\n", "example": {"_type": "literalExpression", "text": "\"mainTsmServer\""}, "loc": ["services", "tsmBackup", "servername"], "readOnly": false, "type": "non-empty string"}, "services.tt-rss.auth.autoCreate": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow authentication modules to auto-create users in tt-rss internal\ndatabase when authenticated successfully.\n", "loc": ["services", "tt-rss", "auth", "autoCreate"], "readOnly": false, "type": "boolean"}, "services.tt-rss.auth.autoLogin": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically login user on remote or other kind of externally supplied\nauthentication, otherwise redirect to login form as normal.\nIf set to true, users won't be able to set application language\nand settings profile.\n", "loc": ["services", "tt-rss", "auth", "autoLogin"], "readOnly": false, "type": "boolean"}, "services.tt-rss.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "tt-rss", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.tt-rss.database.host": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host of the database. Leave null to use Unix domain socket.\n", "loc": ["services", "tt-rss", "database", "host"], "readOnly": false, "type": "null or string"}, "services.tt-rss.database.name": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"tt_rss\""}, "description": "Name of the existing database.\n", "loc": ["services", "tt-rss", "database", "name"], "readOnly": false, "type": "string"}, "services.tt-rss.database.password": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database user's password.\n", "loc": ["services", "tt-rss", "database", "password"], "readOnly": false, "type": "null or string"}, "services.tt-rss.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database user's password.\n", "loc": ["services", "tt-rss", "database", "passwordFile"], "readOnly": false, "type": "null or string"}, "services.tt-rss.database.port": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The database's port. If not set, the default ports will be provided (5432\nand 3306 for pgsql and mysql respectively).\n", "loc": ["services", "tt-rss", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tt-rss.database.type": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"pgsql\""}, "description": "Database to store feeds. Supported are pgsql and mysql.\n", "loc": ["services", "tt-rss", "database", "type"], "readOnly": false, "type": "one of \"pgsql\", \"mysql\""}, "services.tt-rss.database.user": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"tt_rss\""}, "description": "The database user. The user must exist and has access to\nthe specified database.\n", "loc": ["services", "tt-rss", "database", "user"], "readOnly": false, "type": "string"}, "services.tt-rss.email.digestSubject": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"[tt-rss] New headlines for last 24 hours\""}, "description": "Subject line for email digests.\n", "loc": ["services", "tt-rss", "email", "digestSubject"], "readOnly": false, "type": "string"}, "services.tt-rss.email.fromAddress": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Address for sending outgoing mail. This applies to password reset\nnotifications, digest emails and any other mail.\n", "loc": ["services", "tt-rss", "email", "fromAddress"], "readOnly": false, "type": "string"}, "services.tt-rss.email.fromName": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"Tiny Tiny RSS\""}, "description": "Name for sending outgoing mail. This applies to password reset\nnotifications, digest emails and any other mail.\n", "loc": ["services", "tt-rss", "email", "fromName"], "readOnly": false, "type": "string"}, "services.tt-rss.email.login": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "SMTP authentication login used when sending outgoing mail.\n", "loc": ["services", "tt-rss", "email", "login"], "readOnly": false, "type": "string"}, "services.tt-rss.email.password": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "SMTP authentication password used when sending outgoing mail.\n", "loc": ["services", "tt-rss", "email", "password"], "readOnly": false, "type": "string"}, "services.tt-rss.email.security": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Used to select a secure SMTP connection. Allowed values: ssl, tls,\nor empty.\n", "loc": ["services", "tt-rss", "email", "security"], "readOnly": false, "type": "one of \"\", \"ssl\", \"tls\""}, "services.tt-rss.email.server": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Hostname:port combination to send outgoing mail. Blank - use system\nMTA.\n", "example": {"_type": "literalExpression", "text": "\"localhost:25\""}, "loc": ["services", "tt-rss", "email", "server"], "readOnly": false, "type": "string"}, "services.tt-rss.enable": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tt-rss.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tt-rss", "enable"], "readOnly": false, "type": "boolean"}, "services.tt-rss.enableGZipOutput": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Selectively gzip output to improve wire performance. This requires\nPHP Zlib extension on the server.\nEnabling this can break tt-rss in several httpd/php configurations,\nif you experience weird errors and tt-rss failing to start, blank pages\nafter login, or content encoding errors, disable it.\n", "loc": ["services", "tt-rss", "enableGZipOutput"], "readOnly": false, "type": "boolean"}, "services.tt-rss.extraConfig": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional lines to append to `config.php`.\n", "loc": ["services", "tt-rss", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.tt-rss.feedCryptKey": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Key used for encryption of passwords for password-protected feeds\nin the database. A string of 24 random characters. If left blank, encryption\nis not used. Requires mcrypt functions.\nWarning: changing this key will make your stored feed passwords impossible\nto decrypt.\n", "loc": ["services", "tt-rss", "feedCryptKey"], "readOnly": false, "type": "string"}, "services.tt-rss.forceArticlePurge": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "When this option is not 0, users ability to control feed purging\nintervals is disabled and all articles (which are not starred)\nolder than this amount of days are purged.\n", "loc": ["services", "tt-rss", "forceArticlePurge"], "readOnly": false, "type": "signed integer"}, "services.tt-rss.logDestination": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"sql\""}, "description": "Log destination to use. Possible values: sql (uses internal logging\nyou can read in Preferences -> System), syslog - logs to system log.\nSetting this to blank uses PHP logging (usually to http server\nerror.log).\n", "loc": ["services", "tt-rss", "logDestination"], "readOnly": false, "type": "one of \"\", \"sql\", \"syslog\""}, "services.tt-rss.phpPackage": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"pkgs.php\""}, "description": "php package to use for php fpm and update daemon.\n", "loc": ["services", "tt-rss", "phpPackage"], "readOnly": false, "type": "package"}, "services.tt-rss.pluginPackages": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of plugins to install. The list elements are expected to\nbe derivations. All elements in this derivation are automatically\ncopied to the `plugins.local` directory.\n", "loc": ["services", "tt-rss", "pluginPackages"], "readOnly": false, "type": "list of package"}, "services.tt-rss.plugins": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"auth_internal\"\n  \"note\"\n]"}, "description": "List of plugins to load automatically for all users.\nSystem plugins have to be specified here. Please enable at least one\nauthentication plugin here (auth_*).\nUsers may enable other user plugins from Preferences/Plugins but may not\ndisable plugins specified in this list.\nDisabling auth_internal in this list would automatically disable\nreset password link on the login form.\n", "loc": ["services", "tt-rss", "plugins"], "readOnly": false, "type": "list of string"}, "services.tt-rss.pool": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"tt-rss\""}, "description": "Name of existing phpfpm pool that is used to run web-application.\nIf not specified a pool will be created automatically with\ndefault values.\n", "loc": ["services", "tt-rss", "pool"], "readOnly": false, "type": "string"}, "services.tt-rss.pubSubHubbub.enable": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss\nwon't try to subscribe to PUSH feed updates.\n", "loc": ["services", "tt-rss", "pubSubHubbub", "enable"], "readOnly": false, "type": "boolean"}, "services.tt-rss.pubSubHubbub.hub": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL to a PubSubHubbub-compatible hub server. If defined, \"Published\narticles\" generated feed would automatically become PUSH-enabled.\n", "loc": ["services", "tt-rss", "pubSubHubbub", "hub"], "readOnly": false, "type": "string"}, "services.tt-rss.registration.enable": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow users to register themselves. Please be aware that allowing\nrandom people to access your tt-rss installation is a security risk\nand potentially might lead to data loss or server exploit. Disabled\nby default.\n", "loc": ["services", "tt-rss", "registration", "enable"], "readOnly": false, "type": "boolean"}, "services.tt-rss.registration.maxUsers": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum amount of users which will be allowed to register on this\nsystem. 0 - no limit.\n", "loc": ["services", "tt-rss", "registration", "maxUsers"], "readOnly": false, "type": "signed integer"}, "services.tt-rss.registration.notifyAddress": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Email address to send new user notifications to.\n", "loc": ["services", "tt-rss", "registration", "notifyAddress"], "readOnly": false, "type": "string"}, "services.tt-rss.root": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/tt-rss\""}, "description": "Root of the application.\n", "loc": ["services", "tt-rss", "root"], "readOnly": false, "type": "absolute path"}, "services.tt-rss.selfUrlPath": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "description": "Full URL of your tt-rss installation. This should be set to the\nlocation of tt-rss directory, e.g. http://example.org/tt-rss/\nYou need to set this option correctly otherwise several features\nincluding PUSH, bookmarklets and browser integration will not work properly.\n", "example": {"_type": "literalExpression", "text": "\"http://localhost\""}, "loc": ["services", "tt-rss", "selfUrlPath"], "readOnly": false, "type": "string"}, "services.tt-rss.sessionCookieLifetime": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "86400"}, "description": "Default lifetime of a session (e.g. login) cookie. In seconds,\n0 means cookie will be deleted when browser closes.\n", "loc": ["services", "tt-rss", "sessionCookieLifetime"], "readOnly": false, "type": "signed integer"}, "services.tt-rss.simpleUpdateMode": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables fallback update mode where tt-rss tries to update feeds in\nbackground while tt-rss is open in your browser.\nIf you don't have a lot of feeds and don't want to or can't run\nbackground processes while not running tt-rss, this method is generally\nviable to keep your feeds up to date.\nStill, there are more robust (and recommended) updating methods\navailable, you can read about them here: <https://tt-rss.org/wiki/UpdatingFeeds>\n", "loc": ["services", "tt-rss", "simpleUpdateMode"], "readOnly": false, "type": "boolean"}, "services.tt-rss.singleUserMode": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Operate in single user mode, disables all functionality related to\nmultiple users and authentication. Enabling this assumes you have\nyour tt-rss directory protected by other means (e.g. http auth).\n", "loc": ["services", "tt-rss", "singleUserMode"], "readOnly": false, "type": "boolean"}, "services.tt-rss.sphinx.index": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"ttrss\"\n  \"delta\"\n]"}, "description": "Index names in Sphinx configuration. Example configuration\nfiles are available on tt-rss wiki.\n", "loc": ["services", "tt-rss", "sphinx", "index"], "readOnly": false, "type": "list of string"}, "services.tt-rss.sphinx.server": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"localhost:9312\""}, "description": "Hostname:port combination for the Sphinx server.\n", "loc": ["services", "tt-rss", "sphinx", "server"], "readOnly": false, "type": "string"}, "services.tt-rss.themePackages": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of themes to install. The list elements are expected to\nbe derivations. All elements in this derivation are automatically\ncopied to the `themes.local` directory.\n", "loc": ["services", "tt-rss", "themePackages"], "readOnly": false, "type": "list of package"}, "services.tt-rss.updateDaemon.commandFlags": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"--quiet\""}, "description": "Command-line flags passed to the update daemon.\nThe default --quiet flag mutes all logging, including errors.\n", "loc": ["services", "tt-rss", "updateDaemon", "commandFlags"], "readOnly": false, "type": "string"}, "services.tt-rss.user": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"tt_rss\""}, "description": "User account under which both the update daemon and the web-application run.\n", "loc": ["services", "tt-rss", "user"], "readOnly": false, "type": "string"}, "services.tt-rss.virtualHost": {"declarations": ["nixos/modules/services/web-apps/tt-rss.nix"], "default": {"_type": "literalExpression", "text": "\"tt-rss\""}, "description": "Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.\n", "loc": ["services", "tt-rss", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.tts.servers": {"declarations": ["nixos/modules/services/audio/tts.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "TTS server instances.\n", "example": {"_type": "literalExpression", "text": "{\n  english = {\n    port = 5300;\n    model = \"tts_models/en/ljspeech/tacotron2-DDC\";\n  };\n  german = {\n    port = 5301;\n    model = \"tts_models/de/thorsten/tacotron2-DDC\";\n  };\n  dutch = {\n    port = 5302;\n    model = \"tts_models/nl/mai/tacotron2-DDC\";\n  };\n}\n"}, "loc": ["services", "tts", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.tts.servers.<name>.enable": {"declarations": ["nixos/modules/services/audio/tts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Coqui TTS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tts", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.tts.servers.<name>.extraArgs": {"declarations": ["nixos/modules/services/audio/tts.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the server commandline.\n", "loc": ["services", "tts", "servers", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.tts.servers.<name>.model": {"declarations": ["nixos/modules/services/audio/tts.nix"], "default": {"_type": "literalExpression", "text": "\"tts_models/en/ljspeech/tacotron2-DDC\""}, "description": "Name of the model to download and use for speech synthesis.\n\nCheck `tts-server --list_models` for possible values.\n\nSet to `null` to use a custom model.\n", "example": {"_type": "literalExpression", "text": "null"}, "loc": ["services", "tts", "servers", "<name>", "model"], "readOnly": false, "type": "null or string"}, "services.tts.servers.<name>.port": {"declarations": ["nixos/modules/services/audio/tts.nix"], "description": "Port to bind the TTS server to.\n", "example": {"_type": "literalExpression", "text": "5000"}, "loc": ["services", "tts", "servers", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.tts.servers.<name>.useCuda": {"declarations": ["nixos/modules/services/audio/tts.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to offload computation onto a CUDA compatible GPU.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tts", "servers", "<name>", "useCuda"], "readOnly": false, "type": "boolean"}, "services.ttyd.caFile": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSL CA file path for client certificate verification.", "loc": ["services", "ttyd", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.ttyd.certFile": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSL certificate file path.", "loc": ["services", "ttyd", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.ttyd.checkOrigin": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow a websocket connection from a different origin.", "loc": ["services", "ttyd", "checkOrigin"], "readOnly": false, "type": "boolean"}, "services.ttyd.clientOptions": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of client options for xtermjs.\n<https://xtermjs.org/docs/api/terminal/interfaces/iterminaloptions/>\n", "example": {"_type": "literalExpression", "text": "{\n  fontSize = \"16\";\n  fontFamily = \"Fira Code\";\n}\n"}, "loc": ["services", "ttyd", "clientOptions"], "readOnly": false, "type": "attribute set of string"}, "services.ttyd.enable": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ttyd daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ttyd", "enable"], "readOnly": false, "type": "boolean"}, "services.ttyd.enableIPv6": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable IPv6 support.", "loc": ["services", "ttyd", "enableIPv6"], "readOnly": false, "type": "boolean"}, "services.ttyd.enableSSL": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable SSL (https) support.", "loc": ["services", "ttyd", "enableSSL"], "readOnly": false, "type": "boolean"}, "services.ttyd.entrypoint": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "[ \"${pkgs.shadow}/bin/login\" ]\n"}, "description": "Which command ttyd runs.", "example": {"_type": "literalExpression", "text": "[ (lib.getExe pkgs.htop) ]\n"}, "loc": ["services", "ttyd", "entrypoint"], "readOnly": false, "type": "list of string"}, "services.ttyd.indexFile": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Custom index.html path", "loc": ["services", "ttyd", "indexFile"], "readOnly": false, "type": "null or absolute path"}, "services.ttyd.interface": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Network interface to bind.", "example": {"_type": "literalExpression", "text": "\"eth0\""}, "loc": ["services", "ttyd", "interface"], "readOnly": false, "type": "null or string"}, "services.ttyd.keyFile": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SSL key file path.\nFor insecurely putting the keyFile in the globally readable store use\n`pkgs.writeText \"ttydKeyFile\" \"SSLKEY\"`.\n", "loc": ["services", "ttyd", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.ttyd.logLevel": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "7"}, "description": "Set log level.", "loc": ["services", "ttyd", "logLevel"], "readOnly": false, "type": "signed integer"}, "services.ttyd.maxClients": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum clients to support (0, no limit)", "loc": ["services", "ttyd", "maxClients"], "readOnly": false, "type": "signed integer"}, "services.ttyd.passwordFile": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing the password to use for basic http authentication.\nFor insecurely putting the password in the globally readable store use\n`pkgs.writeText \"ttydpw\" \"MyPassword\"`.\n", "loc": ["services", "ttyd", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.ttyd.port": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "7681"}, "description": "Port to listen on (use 0 for random port)", "loc": ["services", "ttyd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ttyd.signal": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Signal to send to the command on session close.", "loc": ["services", "ttyd", "signal"], "readOnly": false, "type": "8 bit unsigned integer; between 0 and 255 (both inclusive)"}, "services.ttyd.socket": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "UNIX domain socket path to bind.", "example": {"_type": "literalExpression", "text": "\"/var/run/ttyd.sock\""}, "loc": ["services", "ttyd", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.ttyd.terminalType": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "\"xterm-256color\""}, "description": "Terminal type to report.", "loc": ["services", "ttyd", "terminalType"], "readOnly": false, "type": "string"}, "services.ttyd.user": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Which unix user ttyd should run as.", "loc": ["services", "ttyd", "user"], "readOnly": false, "type": "string"}, "services.ttyd.username": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for basic http authentication.", "loc": ["services", "ttyd", "username"], "readOnly": false, "type": "null or string"}, "services.ttyd.writeable": {"declarations": ["nixos/modules/services/web-servers/ttyd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Allow clients to write to the TTY.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ttyd", "writeable"], "readOnly": false, "type": "null or boolean"}, "services.tuliprox.apiProxySettings": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "description": "Users and proxy configuration\n\nRefer to the [Tuliprox documentation] for available attributes\n\n[Tuliprox documentation]: https://github.com/euzu/tuliprox?tab=readme-ov-file#3-api-proxy-config\n", "example": {"_type": "literalExpression", "text": "{\n  server = [\n    {\n      host = \"192.169.1.9\";\n      message = \"Welcome to tuliprox\";\n      name = \"default\";\n      port = 8901;\n      protocol = \"http\";\n      timezone = \"Europe/Paris\";\n    }\n    {\n      host = \"tuliprox.mydomain.tv\";\n      message = \"Welcome to tuliprox\";\n      name = \"external\";\n      port = 443;\n      protocol = \"https\";\n      timezone = \"Europe/Paris\";\n    }\n  ];\n  user = [\n    {\n      credentials = [\n        {\n          exp_date = 1672705545;\n          max_connections = 1;\n          password = \"secret1\";\n          proxy = \"reverse\";\n          server = \"default\";\n          status = \"Active\";\n          token = \"token1\";\n          username = \"test1\";\n        }\n      ];\n      target = \"xc_m3u\";\n    }\n  ];\n}"}, "loc": ["services", "tuliprox", "apiProxySettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.tuliprox.enable": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tuliprox IPTV playlist processor & proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuliprox", "enable"], "readOnly": false, "type": "boolean"}, "services.tuliprox.extraArgs": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments for the systemd service.\n\nRefer to the [Tuliprox documentation] for available arguments.\n\n[Tuliprox documentation]: https://github.com/euzu/tuliprox?tab=readme-ov-file#command-line-arguments\n", "loc": ["services", "tuliprox", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.tuliprox.mappingSettings": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "description": "Templates configuration\n\nRefer to the [Tuliprox documentation] for available attributes\n\n[Tuliprox documentation]: https://github.com/euzu/tuliprox?tab=readme-ov-file#2-mappingyml\n", "example": {"_type": "literalExpression", "text": "{\n  mappings = {\n    mapping = [\n      {\n        id = \"iptv-org\";\n        mapper = [\n          {\n            filter = \"!bbc!\";\n            script = ''\n              @Group = \"BBC\"\n            '';\n          }\n          {\n            filter = \"!documentary!\";\n            script = ''\n              @Group = \"Documentary\"\n            '';\n          }\n          {\n            filter = \"!entertainment!\";\n            script = ''\n              @Group = \"Entertainment\"\n            '';\n          }\n          {\n            filter = \"!pluto_tv!\";\n            script = ''\n              @Group = \"Pluto TV\"\n            '';\n          }\n          {\n            filter = \"!business!\";\n            script = ''\n              @Group = \"News\"\n            '';\n          }\n          {\n            filter = \"Input ~ \\\"iptv-org\\\"\";\n            script = ''\n              @Caption = concat(@Caption, \" (iptv-org)\")\n            '';\n          }\n        ];\n        match_as_ascii = true;\n      }\n    ];\n    templates = [\n      {\n        name = \"bbc\";\n        value = \"Title ~ \\\"^BBC\\\"\";\n      }\n      {\n        name = \"documentary\";\n        value = \"(Group ~ \\\"(Documentary|Outdoor)\\\")\";\n      }\n      {\n        name = \"entertainment\";\n        value = \"Group ~ \\\"Entertainment\\\"\";\n      }\n      {\n        name = \"pluto_tv\";\n        value = \"(Caption ~ \\\"Pluto TV\\\") AND NOT(Caption ~ \\\"Sports\\\")\";\n      }\n      {\n        name = \"business\";\n        value = \"Group ~ \\\"Business\\\"\";\n      }\n    ];\n  };\n}"}, "loc": ["services", "tuliprox", "mappingSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.tuliprox.package": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tuliprox"}, "description": "The tuliprox package to use.", "loc": ["services", "tuliprox", "package"], "readOnly": false, "type": "package"}, "services.tuliprox.sourceSettings": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "description": "Source definitions\n\nRefer to the [Tuliprox documentation] for available attributes\n\n[Tuliprox documentation]: https://github.com/euzu/tuliprox?tab=readme-ov-file#2-sourceyml\n", "example": {"_type": "literalExpression", "text": "{\n  sources = [\n    {\n      inputs = [\n        {\n          name = \"iptv-org\";\n          type = \"m3u\";\n          url = \"https://iptv-org.github.io/iptv/countries/uk.m3u\";\n        }\n      ];\n      targets = [\n        {\n          filter = \"!final_channel_lineup!\";\n          mapping = [\n            \"iptv-org\"\n          ];\n          name = \"iptv-org\";\n          options = {\n            ignore_logo = false;\n            share_live_streams = true;\n          };\n          output = [\n            {\n              type = \"xtream\";\n            }\n            {\n              filename = \"iptv.m3u\";\n              type = \"m3u\";\n            }\n            {\n              device = \"hdhr1\";\n              type = \"hdhomerun\";\n              username = \"local\";\n            }\n          ];\n        }\n      ];\n    }\n  ];\n  templates = [\n    {\n      name = \"not_red_button\";\n      value = \"NOT (Title ~ \\\"(?i).*red button.*\\\")\";\n    }\n    {\n      name = \"not_low_resolution\";\n      value = \"NOT (Title ~ \\\"(?i).*(360p|240p).*\\\")\";\n    }\n    {\n      name = \"all_channels\";\n      value = \"Title ~ \\\".*\\\"\";\n    }\n    {\n      name = \"final_channel_lineup\";\n      value = \"!all_channels! AND !not_red_button! AND !not_low_resolution!\";\n    }\n  ];\n}"}, "loc": ["services", "tuliprox", "sourceSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.tuliprox.systemSettings": {"declarations": ["nixos/modules/services/web-apps/tuliprox.nix"], "description": "Main config file\n\nRefer to the [Tuliprox documentation] for available attributes\n\n[Tuliprox documentation]: https://github.com/euzu/tuliprox?tab=readme-ov-file#1-configyml\n", "example": {"_type": "literalExpression", "text": "{\n  api = {\n    host = \"0.0.0.0\";\n    port = 8901;\n  };\n}"}, "loc": ["services", "tuliprox", "systemSettings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.tumbler.enable": {"declarations": ["nixos/modules/services/desktops/tumbler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Tumbler, A D-Bus thumbnailer service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tumbler", "enable"], "readOnly": false, "type": "boolean"}, "services.tuned.enable": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TuneD.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "enable"], "readOnly": false, "type": "boolean"}, "services.tuned.package": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tuned"}, "description": "The tuned package to use.", "loc": ["services", "tuned", "package"], "readOnly": false, "type": "package"}, "services.tuned.ppdSettings": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for TuneD's power-profiles-daemon compatibility service.\n", "loc": ["services", "tuned", "ppdSettings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.tuned.ppdSettings.battery": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "{\n  balanced = \"balanced-battery\";\n}"}, "description": "Map of PPD battery states to TuneD profiles.", "loc": ["services", "tuned", "ppdSettings", "battery"], "readOnly": false, "type": "attribute set of string"}, "services.tuned.ppdSettings.main": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Core configuration for power-profiles-daemon support.", "loc": ["services", "tuned", "ppdSettings", "main"], "readOnly": false, "type": "submodule"}, "services.tuned.ppdSettings.main.battery_detection": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable battery detection.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "ppdSettings", "main", "battery_detection"], "readOnly": false, "type": "boolean"}, "services.tuned.ppdSettings.main.default": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "\"balanced\""}, "description": "Default PPD profile.", "example": {"_type": "literalExpression", "text": "\"performance\""}, "loc": ["services", "tuned", "ppdSettings", "main", "default"], "readOnly": false, "type": "string"}, "services.tuned.ppdSettings.profiles": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "{\n  balanced = \"balanced\";\n  performance = \"throughput-performance\";\n  power-saver = \"powersave\";\n}"}, "description": "Map of PPD profiles to native TuneD profiles.", "loc": ["services", "tuned", "ppdSettings", "profiles"], "readOnly": false, "type": "attribute set of string"}, "services.tuned.ppdSupport": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable translation of power-profiles-daemon API calls to TuneD.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "ppdSupport"], "readOnly": false, "type": "boolean"}, "services.tuned.profiles": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Profiles for TuneD.\nSee {manpage}`tuned.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "{\n  my-cool-profile = {\n    main = {\n      include = \"my-other-cool-profile\";\n    };\n    my_sysctl = {\n      \"net.core.rmem_default\" = 262144;\n      \"net.core.wmem_default\" = 262144;\n      replace = true;\n      type = \"sysctl\";\n    };\n  };\n}"}, "loc": ["services", "tuned", "profiles"], "readOnly": false, "type": "attribute set of (open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)))"}, "services.tuned.settings": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for TuneD.\nSee {manpage}`tuned-main.conf(5)`.\n", "loc": ["services", "tuned", "settings"], "readOnly": false, "type": "open submodule of (submodule)"}, "services.tuned.settings.daemon": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the use of a daemon for TuneD.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "settings", "daemon"], "readOnly": false, "type": "boolean"}, "services.tuned.settings.default_instance_priority": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Default instance (unit) priority.", "loc": ["services", "tuned", "settings", "default_instance_priority"], "readOnly": false, "type": "signed integer"}, "services.tuned.settings.dynamic_tuning": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dynamic tuning.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "settings", "dynamic_tuning"], "readOnly": false, "type": "boolean"}, "services.tuned.settings.globalSection": {"declarations": [], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "global section of an INI file (attrs of INI atom (null, bool, int, float or string))", "loc": ["services", "tuned", "settings", "globalSection"], "readOnly": false, "type": "section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.tuned.settings.profile_dirs": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/tuned/profiles\""}, "description": "Directories to search for profiles, separated by `,` or `;`.", "loc": ["services", "tuned", "settings", "profile_dirs"], "readOnly": false, "type": "string"}, "services.tuned.settings.reapply_sysctl": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the reapplying of global sysctls after TuneD sysctls are applied.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "settings", "reapply_sysctl"], "readOnly": false, "type": "boolean"}, "services.tuned.settings.recommend_command": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable recommend functionality.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuned", "settings", "recommend_command"], "readOnly": false, "type": "boolean"}, "services.tuned.settings.sections": {"declarations": [], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))", "loc": ["services", "tuned", "settings", "sections"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.tuned.settings.sleep_interval": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Interval in which the TuneD daemon is waken up and checks for events (in seconds).", "loc": ["services", "tuned", "settings", "sleep_interval"], "readOnly": false, "type": "signed integer"}, "services.tuned.settings.update_interval": {"declarations": ["nixos/modules/services/hardware/tuned.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Update interval for dynamic tuning (in seconds).", "loc": ["services", "tuned", "settings", "update_interval"], "readOnly": false, "type": "signed integer"}, "services.tuptime.enable": {"declarations": ["nixos/modules/services/monitoring/tuptime.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the total uptime service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "tuptime", "enable"], "readOnly": false, "type": "boolean"}, "services.tuptime.timer.enable": {"declarations": ["nixos/modules/services/monitoring/tuptime.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to regularly log uptime to detect bad shutdowns.", "loc": ["services", "tuptime", "timer", "enable"], "readOnly": false, "type": "boolean"}, "services.tuptime.timer.period": {"declarations": ["nixos/modules/services/monitoring/tuptime.nix"], "default": {"_type": "literalExpression", "text": "\"*:0/5\""}, "description": "systemd calendar event", "loc": ["services", "tuptime", "timer", "period"], "readOnly": false, "type": "string"}, "services.turn-rs.enable": {"declarations": ["nixos/modules/services/misc/turn-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable turn-rs server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "turn-rs", "enable"], "readOnly": false, "type": "boolean"}, "services.turn-rs.package": {"declarations": ["nixos/modules/services/misc/turn-rs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.turn-rs"}, "description": "The turn-rs package to use.", "loc": ["services", "turn-rs", "package"], "readOnly": false, "type": "package"}, "services.turn-rs.secretFile": {"declarations": ["nixos/modules/services/misc/turn-rs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment variables from this file will be interpolated into the\nfinal config file using envsubst with this syntax: `$ENVIRONMENT` or\n`${VARIABLE}`.\nThe file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.\nThis is useful to avoid putting secrets into the nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/turn-rs.env\""}, "loc": ["services", "turn-rs", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.turn-rs.settings": {"declarations": ["nixos/modules/services/misc/turn-rs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Turn-rs server config file", "example": {"_type": "literalExpression", "text": "{\n  auth = {\n    static_credentials = {\n      user1 = \"test\";\n      user2 = \"test\";\n    };\n  };\n  turn = {\n    interfaces = [\n      {\n        bind = \"127.0.0.1:3478\";\n        external = \"127.0.0.1:3478\";\n        transport = \"udp\";\n      }\n      {\n        bind = \"127.0.0.1:3478\";\n        external = \"127.0.0.1:3478\";\n        transport = \"tcp\";\n      }\n    ];\n    realm = \"localhost\";\n  };\n}"}, "loc": ["services", "turn-rs", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.twingate.enable": {"declarations": ["nixos/modules/services/networking/twingate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Twingate Client daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "twingate", "enable"], "readOnly": false, "type": "boolean"}, "services.twingate.package": {"declarations": ["nixos/modules/services/networking/twingate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.twingate"}, "description": "The twingate package to use.", "loc": ["services", "twingate", "package"], "readOnly": false, "type": "package"}, "services.typesense.apiKeyFile": {"declarations": ["nixos/modules/services/search/typesense.nix"], "description": "Sets the admin api key for typesense. Always use this option\ninstead of {option}`settings.server.api-key` to prevent the key\nfrom being written to the world-readable nix store.\n", "loc": ["services", "typesense", "apiKeyFile"], "readOnly": false, "type": "absolute path"}, "services.typesense.enable": {"declarations": ["nixos/modules/services/search/typesense.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable typesense.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "typesense", "enable"], "readOnly": false, "type": "boolean"}, "services.typesense.package": {"declarations": ["nixos/modules/services/search/typesense.nix"], "default": {"_type": "literalExpression", "text": "pkgs.typesense"}, "description": "The typesense package to use.", "loc": ["services", "typesense", "package"], "readOnly": false, "type": "package"}, "services.typesense.settings": {"declarations": ["nixos/modules/services/search/typesense.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Typesense configuration. Refer to [the documentation](https://typesense.org/docs/0.24.1/api/server-configuration.html) for supported values.", "loc": ["services", "typesense", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.typesense.settings.server.api-address": {"declarations": ["nixos/modules/services/search/typesense.nix"], "description": "Address to which Typesense API service binds.", "loc": ["services", "typesense", "settings", "server", "api-address"], "readOnly": false, "type": "string"}, "services.typesense.settings.server.api-port": {"declarations": ["nixos/modules/services/search/typesense.nix"], "default": {"_type": "literalExpression", "text": "8108"}, "description": "Port on which the Typesense API service listens.", "loc": ["services", "typesense", "settings", "server", "api-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.typesense.settings.server.data-dir": {"declarations": ["nixos/modules/services/search/typesense.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/typesense\""}, "description": "Path to the directory where data will be stored on disk.", "loc": ["services", "typesense", "settings", "server", "data-dir"], "readOnly": false, "type": "string"}, "services.tzupdate.enable": {"declarations": ["nixos/modules/services/misc/tzupdate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the tzupdate timezone updating service. This provides\na one-shot service which can be activated with systemctl to\nupdate the timezone.\n", "loc": ["services", "tzupdate", "enable"], "readOnly": false, "type": "boolean"}, "services.tzupdate.package": {"declarations": ["nixos/modules/services/misc/tzupdate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.tzupdate"}, "description": "The tzupdate package to use.", "loc": ["services", "tzupdate", "package"], "readOnly": false, "type": "package"}, "services.tzupdate.timer.enable": {"declarations": ["nixos/modules/services/misc/tzupdate.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the tzupdate timer to update the timezone automatically.\n", "loc": ["services", "tzupdate", "timer", "enable"], "readOnly": false, "type": "boolean"}, "services.tzupdate.timer.interval": {"declarations": ["nixos/modules/services/misc/tzupdate.nix"], "default": {"_type": "literalExpression", "text": "\"hourly\""}, "description": "The interval at which the tzupdate timer should run. See\n{manpage}`systemd.time(7)` to understand the format.\n", "loc": ["services", "tzupdate", "timer", "interval"], "readOnly": false, "type": "string"}, "services.u9fs.enable": {"declarations": ["nixos/modules/services/network-filesystems/u9fs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run the u9fs 9P server for Unix.", "loc": ["services", "u9fs", "enable"], "readOnly": false, "type": "boolean"}, "services.u9fs.extraArgs": {"declarations": ["nixos/modules/services/network-filesystems/u9fs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra arguments to pass on invocation,\nsee {command}`man 4 u9fs`\n", "example": {"_type": "literalExpression", "text": "\"-a none\""}, "loc": ["services", "u9fs", "extraArgs"], "readOnly": false, "type": "string"}, "services.u9fs.listenStreams": {"declarations": ["nixos/modules/services/network-filesystems/u9fs.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"564\"\n]"}, "description": "Sockets to listen for clients on.\nSee {command}`man 5 systemd.socket` for socket syntax.\n", "example": {"_type": "literalExpression", "text": "[\n  \"192.168.16.1:564\"\n]"}, "loc": ["services", "u9fs", "listenStreams"], "readOnly": false, "type": "list of string"}, "services.u9fs.user": {"declarations": ["nixos/modules/services/network-filesystems/u9fs.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "User to run u9fs under.", "loc": ["services", "u9fs", "user"], "readOnly": false, "type": "string"}, "services.udev.enable": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable udev, a device manager for the Linux kernel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "udev", "enable"], "readOnly": false, "type": "boolean"}, "services.udev.extraHwdb": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional {command}`hwdb` files. They'll be written\ninto file {file}`99-local.hwdb`. Thus they are\nread after all other files.\n", "example": {"_type": "literalExpression", "text": "''\n  evdev:input:b0003v05AFp8277*\n    KEYBOARD_KEY_70039=leftalt\n    KEYBOARD_KEY_700e2=leftctrl\n''"}, "loc": ["services", "udev", "extraHwdb"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.udev.extraRules": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional {command}`udev` rules. They'll be written\ninto file {file}`99-local.rules`. Thus they are\nread and applied after all other rules.\n", "example": {"_type": "literalExpression", "text": "''\n  ENV{ID_VENDOR_ID}==\"046d\", ENV{ID_MODEL_ID}==\"0825\", ENV{PULSE_IGNORE}=\"1\"\n''"}, "loc": ["services", "udev", "extraRules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.udev.packages": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages containing {command}`udev` rules.\nAll files found in\n{file}`\u00abpkg\u00bb/etc/udev/rules.d` and\n{file}`\u00abpkg\u00bb/lib/udev/rules.d`\nwill be included.\n", "loc": ["services", "udev", "packages"], "readOnly": false, "type": "list of absolute path"}, "services.udev.path": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages added to the {env}`PATH` environment variable when\nexecuting programs from Udev rules.\n\ncoreutils, gnu{sed,grep}, util-linux and config.systemd.package are\nautomatically included.\n", "loc": ["services", "udev", "path"], "readOnly": false, "type": "list of absolute path"}, "services.udisks2.enable": {"declarations": ["nixos/modules/services/hardware/udisks2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable udisks2, a DBus service that allows applications to query and manipulate storage devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "udisks2", "enable"], "readOnly": false, "type": "boolean"}, "services.udisks2.mountOnMedia": {"declarations": ["nixos/modules/services/hardware/udisks2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When enabled, instructs udisks2 to mount removable drives under `/media/` directory, instead of the\ndefault, ACL-controlled `/run/media/$USER/`. Since `/media/` is not mounted as tmpfs by default, it\nrequires cleanup to get rid of stale mountpoints; enabling this option will take care of this at boot.\n", "loc": ["services", "udisks2", "mountOnMedia"], "readOnly": false, "type": "boolean"}, "services.udisks2.package": {"declarations": ["nixos/modules/services/hardware/udisks2.nix"], "default": {"_type": "literalExpression", "text": "pkgs.udisks"}, "description": "The udisks package to use.", "loc": ["services", "udisks2", "package"], "readOnly": false, "type": "package"}, "services.udisks2.settings": {"declarations": ["nixos/modules/services/hardware/udisks2.nix"], "default": {"_type": "literalExpression", "text": "{\n  \"udisks2.conf\" = {\n    defaults = {\n      encryption = \"luks2\";\n    };\n    udisks2 = {\n      modules = [\n        \"*\"\n      ];\n      modules_load_preference = \"ondemand\";\n    };\n  };\n}"}, "description": "Options passed to udisksd.\nSee [here](http://manpages.ubuntu.com/manpages/latest/en/man5/udisks2.conf.5.html) and\ndrive configuration in [here](http://manpages.ubuntu.com/manpages/latest/en/man8/udisks.8.html) for supported options.\n", "example": {"_type": "literalExpression", "text": "{\n  \"WDC-WD10EZEX-60M2NA0-WD-WCC3F3SJ0698.conf\" = {\n    ATA = {\n      StandbyTimeout = 50;\n    };\n  };\n};\n"}, "loc": ["services", "udisks2", "settings"], "readOnly": false, "type": "attribute set of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "services.udp-over-tcp.package": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.udp-over-tcp"}, "description": "The udp-over-tcp package to use.", "loc": ["services", "udp-over-tcp", "package"], "readOnly": false, "type": "package"}, "services.udp-over-tcp.tcp2udp": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Mapping of TCP listening ports to UDP forwarding ports or configurations.\n", "example": {"_type": "literalExpression", "text": "{\n  \"0.0.0.0:443\" = {\n    forward = \"127.0.0.1:51820\";\n    openFirewall = true;\n  };\n  \"0.0.0.0:444\" = {\n    threads = 2;\n    forward = \"127.0.0.1:51821\";\n    bind = \"127.0.0.1\";\n    recvBufferSize = 16384;\n    sendBufferSize = 16384;\n    recvTimeout = 10;\n    fwmark = 1337;\n    nodelay = true;\n  };\n}\n"}, "loc": ["services", "udp-over-tcp", "tcp2udp"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.udp-over-tcp.tcp2udp.<name>.bind": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Which local IP to bind the UDP socket to.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "bind"], "readOnly": false, "type": "null or string"}, "services.udp-over-tcp.tcp2udp.<name>.forward": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "description": "The IP and port to forward all traffic to.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "forward"], "readOnly": false, "type": "string"}, "services.udp-over-tcp.tcp2udp.<name>.fwmark": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If given, sets the SO_MARK option on the TCP socket.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "fwmark"], "readOnly": false, "type": "null or 32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "services.udp-over-tcp.tcp2udp.<name>.nodelay": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables TCP_NODELAY on the TCP socket.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "nodelay"], "readOnly": false, "type": "boolean"}, "services.udp-over-tcp.tcp2udp.<name>.openFirewall": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the appropriate ports in the firewall.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.udp-over-tcp.tcp2udp.<name>.recvBufferSize": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes.\nChanges the size of the operating system's receive buffer associated with the socket.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "recvBufferSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.udp-over-tcp.tcp2udp.<name>.recvTimeout": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An application timeout on receiving data from the TCP socket.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "recvTimeout"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.udp-over-tcp.tcp2udp.<name>.sendBufferSize": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes.\nChanges the size of the operating system's send buffer associated with the socket.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "sendBufferSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.udp-over-tcp.tcp2udp.<name>.threads": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the number of worker threads to use.\nThe default value is the number of cores available to the system.\n", "loc": ["services", "udp-over-tcp", "tcp2udp", "<name>", "threads"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.udp-over-tcp.udp2tcp": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Mapping of UDP listening ports to TCP forwarding ports or configurations.\n", "example": {"_type": "literalExpression", "text": "{\n  \"0.0.0.0:51820\" = {\n    forward = \"10.0.0.1:443\";\n    openFirewall = true;\n  };\n  \"0.0.0.0:51821\" = {\n    forward = \"10.0.0.1:444\";\n    recvBufferSize = 16384;\n    sendBufferSize = 16384;\n    recvTimeout = 10;\n    fwmark = 1337;\n    nodelay = true;\n  };\n}\n"}, "loc": ["services", "udp-over-tcp", "udp2tcp"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.udp-over-tcp.udp2tcp.<name>.forward": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "description": "The IP and port to forward all traffic to.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "forward"], "readOnly": false, "type": "string"}, "services.udp-over-tcp.udp2tcp.<name>.fwmark": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If given, sets the SO_MARK option on the TCP socket.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "fwmark"], "readOnly": false, "type": "null or 32 bit unsigned integer; between 0 and 4294967295 (both inclusive)"}, "services.udp-over-tcp.udp2tcp.<name>.nodelay": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables TCP_NODELAY on the TCP socket.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "nodelay"], "readOnly": false, "type": "boolean"}, "services.udp-over-tcp.udp2tcp.<name>.openFirewall": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the appropriate ports in the firewall.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.udp-over-tcp.udp2tcp.<name>.recvBufferSize": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes.\nChanges the size of the operating system's receive buffer associated with the socket.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "recvBufferSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.udp-over-tcp.udp2tcp.<name>.recvTimeout": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An application timeout on receiving data from the TCP socket.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "recvTimeout"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.udp-over-tcp.udp2tcp.<name>.sendBufferSize": {"declarations": ["nixos/modules/services/networking/udp-over-tcp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes.\nChanges the size of the operating system's send buffer associated with the socket.\n", "loc": ["services", "udp-over-tcp", "udp2tcp", "<name>", "sendBufferSize"], "readOnly": false, "type": "null or (positive integer, meaning >0)"}, "services.uhub": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Uhub ADC hub instances", "loc": ["services", "uhub"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.uhub.<name>.enable": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable hub instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "uhub", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.uhub.<name>.enableTLS": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable TLS support.", "loc": ["services", "uhub", "<name>", "enableTLS"], "readOnly": false, "type": "boolean"}, "services.uhub.<name>.plugins": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Uhub plugin configuration.", "loc": ["services", "uhub", "<name>", "plugins"], "readOnly": false, "type": "list of (submodule)"}, "services.uhub.<name>.plugins.*.plugin": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "description": "Path to plugin file.", "example": {"_type": "literalExpression", "text": "$${pkgs.uhub}/plugins/mod_auth_sqlite.so"}, "loc": ["services", "uhub", "<name>", "plugins", "*", "plugin"], "readOnly": false, "type": "absolute path"}, "services.uhub.<name>.plugins.*.settings": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "description": "Settings specific to this plugin.", "example": {"_type": "literalExpression", "text": "{\n  file = \"/etc/uhub/users.db\";\n}"}, "loc": ["services", "uhub", "<name>", "plugins", "*", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.uhub.<name>.settings": {"declarations": ["nixos/modules/services/misc/uhub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of uhub.\nSee <https://www.uhub.org/doc/config.php> for a list of options.\n", "example": {"_type": "literalExpression", "text": "{\n  hub_description = \"Yet another ADC hub\";\n  hub_name = \"My Public Hub\";\n  max_users = 150;\n  server_bind_addr = \"any\";\n  server_port = 1511;\n}"}, "loc": ["services", "uhub", "<name>", "settings"], "readOnly": false, "type": "attribute set of (boolean or signed integer or string)"}, "services.ulogd.enable": {"declarations": ["nixos/modules/services/logging/ulogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ulogd, a userspace logging daemon for netfilter/iptables related logging.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ulogd", "enable"], "readOnly": false, "type": "boolean"}, "services.ulogd.logLevel": {"declarations": ["nixos/modules/services/logging/ulogd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Log level (1 = debug, 3 = info, 5 = notice, 7 = error, 8 = fatal)", "loc": ["services", "ulogd", "logLevel"], "readOnly": false, "type": "one of 1, 3, 5, 7, 8"}, "services.ulogd.settings": {"declarations": ["nixos/modules/services/logging/ulogd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ulogd. See {file}`/share/doc/ulogd/` in `pkgs.ulogd.doc`.", "example": {"_type": "literalExpression", "text": "{\n  emu1 = {\n    file = \"/var/log/ulogd_pkts.log\";\n    sync = 1;\n  };\n  global = {\n    stack = [\n      \"log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU\"\n      \"log1:NFLOG,base1:BASE,pcap1:PCAP\"\n    ];\n  };\n  log1 = {\n    group = 2;\n  };\n  pcap1 = {\n    file = \"/var/log/ulogd.pcap\";\n    sync = 1;\n  };\n}"}, "loc": ["services", "ulogd", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)"}, "services.umami.createPostgresqlDatabase": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically create the database for Umami using PostgreSQL.\nBoth the database name and username will be `umami`, and the connection is\nmade through unix sockets using peer authentication.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "umami", "createPostgresqlDatabase"], "readOnly": false, "type": "boolean"}, "services.umami.enable": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable umami.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "umami", "enable"], "readOnly": false, "type": "boolean"}, "services.umami.package": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "pkgs.umami"}, "description": "The umami package to use.", "loc": ["services", "umami", "package"], "readOnly": false, "type": "package"}, "services.umami.settings": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration (environment variables) for Umami, see\n<https://umami.is/docs/environment-variables> for supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  APP_SECRET_FILE = \"/run/secrets/umamiAppSecret\";\n  DISABLE_TELEMETRY = true;\n}"}, "loc": ["services", "umami", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string)"}, "services.umami.settings.APP_SECRET_FILE": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a secure random string. This is used for signing user sessions.\nThe contents of the file are read through systemd credentials, therefore the\nuser running umami does not need permissions to read the file.\nIf you wish to set this to a string instead (not recommended since it will be\nplaced world-readable in the Nix store), you can use the APP_SECRET option.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/umamiAppSecret\""}, "loc": ["services", "umami", "settings", "APP_SECRET_FILE"], "readOnly": false, "type": "null or string"}, "services.umami.settings.BASE_PATH": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Allows you to host Umami under a subdirectory.\nYou may need to update your reverse proxy settings to correctly handle the BASE_PATH prefix.\n", "example": {"_type": "literalExpression", "text": "\"/analytics\""}, "loc": ["services", "umami", "settings", "BASE_PATH"], "readOnly": false, "type": "string"}, "services.umami.settings.COLLECT_API_ENDPOINT": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Allows you to send metrics to a location different than the default `/api/send`.\n", "example": {"_type": "literalExpression", "text": "\"/api/alternate-send\""}, "loc": ["services", "umami", "settings", "COLLECT_API_ENDPOINT"], "readOnly": false, "type": "null or string"}, "services.umami.settings.DATABASE_URL": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "if config.services.umami.createPostgresqlDatabase then \"postgresql://umami@localhost/umami?host=/run/postgresql\" else null"}, "description": "Connection string for the database. Must start with `postgresql://` or `postgres://`.\n", "example": {"_type": "literalExpression", "text": "\"postgresql://root:root@localhost/umami\""}, "loc": ["services", "umami", "settings", "DATABASE_URL"], "readOnly": false, "type": "null or string"}, "services.umami.settings.DATABASE_URL_FILE": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing a connection string for the database. The connection string\nmust start with `postgresql://` or `postgres://`.\nThe contents of the file are read through systemd credentials, therefore the\nuser running umami does not need permissions to read the file.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/umamiDatabaseUrl\""}, "loc": ["services", "umami", "settings", "DATABASE_URL_FILE"], "readOnly": false, "type": "null or string"}, "services.umami.settings.DISABLE_TELEMETRY": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Umami collects completely anonymous telemetry data in order help improve the application.\nYou can choose to disable this if you don't want to participate.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "umami", "settings", "DISABLE_TELEMETRY"], "readOnly": false, "type": "boolean"}, "services.umami.settings.DISABLE_UPDATES": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disables the check for new versions of Umami.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "umami", "settings", "DISABLE_UPDATES"], "readOnly": false, "type": "boolean"}, "services.umami.settings.HOSTNAME": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The address to listen on.\n", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "umami", "settings", "HOSTNAME"], "readOnly": false, "type": "string"}, "services.umami.settings.PORT": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port to listen on.\n", "example": {"_type": "literalExpression", "text": "3010"}, "loc": ["services", "umami", "settings", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.umami.settings.TRACKER_SCRIPT_NAME": {"declarations": ["nixos/modules/services/web-apps/umami.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allows you to assign a custom name to the tracker script different from the default `script.js`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tracker.js\"\n]"}, "loc": ["services", "umami", "settings", "TRACKER_SCRIPT_NAME"], "readOnly": false, "type": "list of string"}, "services.umurmur.configFile": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"Configuration file, default is generated from config.service.umurmur.settings\""}, "description": "Configuration file, default is generated from config.service.umurmur.settings", "loc": ["services", "umurmur", "configFile"], "readOnly": false, "type": "absolute path"}, "services.umurmur.enable": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uMurmur Mumble server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "umurmur", "enable"], "readOnly": false, "type": "boolean"}, "services.umurmur.openFirewall": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the uMurmur Mumble server.\n", "loc": ["services", "umurmur", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.umurmur.package": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "pkgs.umurmur"}, "description": "The umurmur package to use.", "loc": ["services", "umurmur", "package"], "readOnly": false, "type": "package"}, "services.umurmur.settings": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings of uMurmur. For reference see <https://github.com/umurmur/umurmur/blob/master/umurmur.conf.example>", "loc": ["services", "umurmur", "settings"], "readOnly": false, "type": "open submodule of uMurmur config value"}, "services.umurmur.settings.bindaddr": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IPv4 address to bind to. Defaults binding on all addresses.", "loc": ["services", "umurmur", "settings", "bindaddr"], "readOnly": false, "type": "string"}, "services.umurmur.settings.bindaddr6": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"::\""}, "description": "IPv6 address to bind to. Defaults binding on all addresses.", "loc": ["services", "umurmur", "settings", "bindaddr6"], "readOnly": false, "type": "string"}, "services.umurmur.settings.bindport": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "64739"}, "description": "Port to bind to (UDP and TCP).", "loc": ["services", "umurmur", "settings", "bindport"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.umurmur.settings.ca_path": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to your SSL CA certificate.", "loc": ["services", "umurmur", "settings", "ca_path"], "readOnly": false, "type": "null or string"}, "services.umurmur.settings.certificate": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/private/umurmur/cert.crt\""}, "description": "Path to your SSL certificate. Generates self-signed automatically if not exists.", "loc": ["services", "umurmur", "settings", "certificate"], "readOnly": false, "type": "string"}, "services.umurmur.settings.channel_links": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Channel tree definitions.", "example": {"_type": "literalExpression", "text": "[\n  {\n    destination = \"Red team\";\n    source = \"Lobby\";\n  }\n]"}, "loc": ["services", "umurmur", "settings", "channel_links"], "readOnly": false, "type": "list of (attribute set)"}, "services.umurmur.settings.channels": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    description = \"Root channel.\";\n    name = \"root\";\n    noenter = false;\n    parent = \"\";\n  }\n]"}, "description": "Channel tree definitions.", "loc": ["services", "umurmur", "settings", "channels"], "readOnly": false, "type": "list of (attribute set)"}, "services.umurmur.settings.default_channel": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The channel in which users will appear in when connecting.", "loc": ["services", "umurmur", "settings", "default_channel"], "readOnly": false, "type": "string"}, "services.umurmur.settings.max_bandwidth": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "48000"}, "description": "Maximum bandwidth (in bits per second) that clients may send\nspeech at.\n", "loc": ["services", "umurmur", "settings", "max_bandwidth"], "readOnly": false, "type": "signed integer"}, "services.umurmur.settings.max_users": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Maximum number of concurrent clients allowed.", "loc": ["services", "umurmur", "settings", "max_users"], "readOnly": false, "type": "signed integer"}, "services.umurmur.settings.password": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Required password to join server, if specified.", "loc": ["services", "umurmur", "settings", "password"], "readOnly": false, "type": "null or string"}, "services.umurmur.settings.private_key": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/private/umurmur/key.key\""}, "description": "Path to your SSL key. Generates self-signed automatically if not exists.", "loc": ["services", "umurmur", "settings", "private_key"], "readOnly": false, "type": "string"}, "services.umurmur.settings.welcometext": {"declarations": ["nixos/modules/services/networking/umurmur.nix"], "default": {"_type": "literalExpression", "text": "\"Welcome to uMurmur!\""}, "description": "Welcome message for connected clients.", "loc": ["services", "umurmur", "settings", "welcometext"], "readOnly": false, "type": "null or string"}, "services.unbound.checkconf": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "\"!services.unbound.settings ? include && !services.unbound.settings ? remote-control\""}, "description": "Whether to check the resulting config file with unbound checkconf for syntax errors.\n\nIf settings.include is used, this options is disabled, as the import can likely not be accessed at build time.\nIf settings.remote-control is used, this option is disabled, too as the control-key-file, server-cert-file and server-key-file cannot be accessed at build time.\n", "loc": ["services", "unbound", "checkconf"], "readOnly": false, "type": "boolean"}, "services.unbound.enable": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Unbound domain name server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "unbound", "enable"], "readOnly": false, "type": "boolean"}, "services.unbound.enableRootTrustAnchor": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use and update root trust anchor for DNSSEC validation.", "loc": ["services", "unbound", "enableRootTrustAnchor"], "readOnly": false, "type": "boolean"}, "services.unbound.group": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "\"unbound\""}, "description": "Group under which unbound runs.", "loc": ["services", "unbound", "group"], "readOnly": false, "type": "string"}, "services.unbound.localControlSocketPath": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "When not set to `null` this option defines the path\nat which the unbound remote control socket should be created at. The\nsocket will be owned by the unbound user (`unbound`)\nand group will be `nogroup`.\n\nUsers that should be permitted to access the socket must be in the\n`config.services.unbound.group` group.\n\nIf this option is `null` remote control will not be\nenabled. Unbounds default values apply.\n", "example": {"_type": "literalExpression", "text": "\"/run/unbound/unbound.ctl\""}, "loc": ["services", "unbound", "localControlSocketPath"], "readOnly": false, "type": "null or string"}, "services.unbound.package": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "pkgs.unbound-with-systemd"}, "description": "The unbound-with-systemd package to use.", "loc": ["services", "unbound", "package"], "readOnly": false, "type": "package"}, "services.unbound.resolveLocalQueries": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether unbound should resolve local queries (i.e. add 127.0.0.1 to\n/etc/resolv.conf).\n", "loc": ["services", "unbound", "resolveLocalQueries"], "readOnly": false, "type": "boolean"}, "services.unbound.settings": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative Unbound configuration\nSee the {manpage}`unbound.conf(5)` manpage for a list of\navailable options.\n", "example": {"_type": "literalExpression", "text": "{\n  server = {\n    interface = [ \"127.0.0.1\" ];\n  };\n  forward-zone = [\n    {\n      name = \".\";\n      forward-addr = \"1.1.1.1@853#cloudflare-dns.com\";\n    }\n    {\n      name = \"example.org.\";\n      forward-addr = [\n        \"1.1.1.1@853#cloudflare-dns.com\"\n        \"1.0.0.1@853#cloudflare-dns.com\"\n      ];\n    }\n  ];\n  remote-control.control-enable = true;\n};\n"}, "loc": ["services", "unbound", "settings"], "readOnly": false, "type": "open submodule of unbound.conf configuration type. The format consist of an attribute\nset of settings. Each settings can be either one value, a list of\nvalues or an attribute set. The allowed values are integers,\nstrings, booleans or floats.\n"}, "services.unbound.stateDir": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/unbound\""}, "description": "Directory holding all state for unbound to run.", "loc": ["services", "unbound", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.unbound.user": {"declarations": ["nixos/modules/services/networking/unbound.nix"], "default": {"_type": "literalExpression", "text": "\"unbound\""}, "description": "User account under which unbound runs.", "loc": ["services", "unbound", "user"], "readOnly": false, "type": "string"}, "services.unclutter-xfixes.enable": {"declarations": ["nixos/modules/services/x11/unclutter-xfixes.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable unclutter-xfixes to hide your mouse cursor when inactive.", "loc": ["services", "unclutter-xfixes", "enable"], "readOnly": false, "type": "boolean"}, "services.unclutter-xfixes.extraOptions": {"declarations": ["nixos/modules/services/x11/unclutter-xfixes.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "More arguments to pass to the unclutter-xfixes command.", "example": {"_type": "literalExpression", "text": "[\n  \"exclude-root\"\n  \"ignore-scrolling\"\n  \"fork\"\n]"}, "loc": ["services", "unclutter-xfixes", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.unclutter-xfixes.package": {"declarations": ["nixos/modules/services/x11/unclutter-xfixes.nix"], "default": {"_type": "literalExpression", "text": "pkgs.unclutter-xfixes"}, "description": "The unclutter-xfixes package to use.", "loc": ["services", "unclutter-xfixes", "package"], "readOnly": false, "type": "package"}, "services.unclutter-xfixes.threshold": {"declarations": ["nixos/modules/services/x11/unclutter-xfixes.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Minimum number of pixels considered cursor movement.", "loc": ["services", "unclutter-xfixes", "threshold"], "readOnly": false, "type": "signed integer"}, "services.unclutter-xfixes.timeout": {"declarations": ["nixos/modules/services/x11/unclutter-xfixes.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of seconds before the cursor is marked inactive.", "loc": ["services", "unclutter-xfixes", "timeout"], "readOnly": false, "type": "signed integer"}, "services.unclutter.enable": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable unclutter to hide your mouse cursor when inactive", "loc": ["services", "unclutter", "enable"], "readOnly": false, "type": "boolean"}, "services.unclutter.excluded": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Names of windows where unclutter should not apply", "example": {"_type": "literalExpression", "text": "[\n  \"\"\n]"}, "loc": ["services", "unclutter", "excluded"], "readOnly": false, "type": "list of string"}, "services.unclutter.extraOptions": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "More arguments to pass to the unclutter command", "example": {"_type": "literalExpression", "text": "[\n  \"noevent\"\n  \"grab\"\n]"}, "loc": ["services", "unclutter", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.unclutter.keystroke": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Wait for a keystroke before hiding the cursor", "loc": ["services", "unclutter", "keystroke"], "readOnly": false, "type": "boolean"}, "services.unclutter.package": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "pkgs.unclutter"}, "description": "The unclutter package to use.", "loc": ["services", "unclutter", "package"], "readOnly": false, "type": "package"}, "services.unclutter.threshold": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Minimum number of pixels considered cursor movement", "loc": ["services", "unclutter", "threshold"], "readOnly": false, "type": "signed integer"}, "services.unclutter.timeout": {"declarations": ["nixos/modules/services/x11/unclutter.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of seconds before the cursor is marked inactive", "loc": ["services", "unclutter", "timeout"], "readOnly": false, "type": "signed integer"}, "services.undervolt.analogioOffset": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The amount of voltage in mV to offset analogio by.\n", "loc": ["services", "undervolt", "analogioOffset"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.coreOffset": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The amount of voltage in mV to offset the CPU cores by.\n", "loc": ["services", "undervolt", "coreOffset"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.enable": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Undervolting service for Intel CPUs.\n\nWarning: This service is not endorsed by Intel and may permanently damage your hardware. Use at your own risk\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "undervolt", "enable"], "readOnly": false, "type": "boolean"}, "services.undervolt.gpuOffset": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The amount of voltage in mV to offset the GPU by.\n", "loc": ["services", "undervolt", "gpuOffset"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.p1.limit": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The P1 Power Limit in Watts.\nBoth limit and window must be set.\n", "loc": ["services", "undervolt", "p1", "limit"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.p1.window": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The P1 Time Window in seconds.\nBoth limit and window must be set.\n", "loc": ["services", "undervolt", "p1", "window"], "readOnly": false, "type": "null or floating point number or signed integer"}, "services.undervolt.p2.limit": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The P2 Power Limit in Watts.\nBoth limit and window must be set.\n", "loc": ["services", "undervolt", "p2", "limit"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.p2.window": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The P2 Time Window in seconds.\nBoth limit and window must be set.\n", "loc": ["services", "undervolt", "p2", "window"], "readOnly": false, "type": "null or floating point number or signed integer"}, "services.undervolt.package": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.undervolt"}, "description": "The undervolt package to use.", "loc": ["services", "undervolt", "package"], "readOnly": false, "type": "package"}, "services.undervolt.temp": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The temperature target in Celsius degrees.\n", "loc": ["services", "undervolt", "temp"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.tempAc": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The temperature target on AC power in Celsius degrees.\n", "loc": ["services", "undervolt", "tempAc"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.tempBat": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The temperature target on battery power in Celsius degrees.\n", "loc": ["services", "undervolt", "tempBat"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.turbo": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Changes the Intel Turbo feature status (1 is disabled and 0 is enabled).\n", "loc": ["services", "undervolt", "turbo"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.uncoreOffset": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The amount of voltage in mV to offset uncore by.\n", "loc": ["services", "undervolt", "uncoreOffset"], "readOnly": false, "type": "null or signed integer"}, "services.undervolt.useTimer": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set a timer that applies the undervolt settings every 30s.\nThis will cause spam in the journal but might be required for some\nhardware under specific conditions.\nEnable this if your undervolt settings don't hold.\n", "loc": ["services", "undervolt", "useTimer"], "readOnly": false, "type": "boolean"}, "services.undervolt.verbose": {"declarations": ["nixos/modules/services/hardware/undervolt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable verbose logging.\n", "loc": ["services", "undervolt", "verbose"], "readOnly": false, "type": "boolean"}, "services.unifi.enable": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable the unifi controller service.\n", "loc": ["services", "unifi", "enable"], "readOnly": false, "type": "boolean"}, "services.unifi.extraJvmOptions": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Set extra options to pass to the JVM.\n", "example": {"_type": "literalExpression", "text": "[\"-Xlog:gc\"]"}, "loc": ["services", "unifi", "extraJvmOptions"], "readOnly": false, "type": "list of string"}, "services.unifi.initialJavaHeapSize": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the initial heap size for the JVM in MB. If this option isn't set, the\nJVM will decide this value at runtime.\n", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["services", "unifi", "initialJavaHeapSize"], "readOnly": false, "type": "null or signed integer"}, "services.unifi.jrePackage": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk17_headless"}, "description": "The jdk package to use. Check the UniFi controller release notes to ensure it is supported.\n", "loc": ["services", "unifi", "jrePackage"], "readOnly": false, "type": "package"}, "services.unifi.maximumJavaHeapSize": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the maximum heap size for the JVM in MB. If this option isn't set, the\nJVM will decide this value at runtime.\n", "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["services", "unifi", "maximumJavaHeapSize"], "readOnly": false, "type": "null or signed integer"}, "services.unifi.mongodbPackage": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mongodb-7_0"}, "description": "The mongodb package to use.", "loc": ["services", "unifi", "mongodbPackage"], "readOnly": false, "type": "package"}, "services.unifi.openFirewall": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to open the minimum required ports on the firewall.\n\nThis is necessary to allow firmware upgrades and device discovery to\nwork. For remote login, you should additionally open (or forward) port\n8443.\n", "loc": ["services", "unifi", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.unifi.unifiPackage": {"declarations": ["nixos/modules/services/networking/unifi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.unifi"}, "description": "The unifi package to use.", "loc": ["services", "unifi", "unifiPackage"], "readOnly": false, "type": "package"}, "services.unit.config": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "''\n  {\n    \"listeners\": {},\n    \"applications\": {}\n  }\n''"}, "description": "Unit configuration in JSON format. More details here <https://unit.nginx.org/configuration>", "example": {"_type": "literalExpression", "text": "''\n  {\n    \"listeners\": {\n      \"*:8300\": {\n        \"application\": \"example-php-72\"\n      }\n    },\n    \"applications\": {\n      \"example-php-72\": {\n        \"type\": \"php 7.2\",\n        \"processes\": 4,\n        \"user\": \"nginx\",\n        \"group\": \"nginx\",\n        \"root\": \"/var/www\",\n        \"index\": \"index.php\",\n        \"options\": {\n          \"file\": \"/etc/php.d/default.ini\",\n          \"admin\": {\n            \"max_execution_time\": \"30\",\n            \"max_input_time\": \"30\",\n            \"display_errors\": \"off\",\n            \"display_startup_errors\": \"off\",\n            \"open_basedir\": \"/dev/urandom:/proc/cpuinfo:/proc/meminfo:/etc/ssl/certs:/var/www\",\n            \"disable_functions\": \"exec,passthru,shell_exec,system\"\n          }\n        }\n      }\n    }\n  }\n''"}, "loc": ["services", "unit", "config"], "readOnly": false, "type": "string"}, "services.unit.enable": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Unit App Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "unit", "enable"], "readOnly": false, "type": "boolean"}, "services.unit.group": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "\"unit\""}, "description": "Group account under which unit runs.", "loc": ["services", "unit", "group"], "readOnly": false, "type": "string"}, "services.unit.logDir": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/unit\""}, "description": "Unit log directory.", "loc": ["services", "unit", "logDir"], "readOnly": false, "type": "absolute path"}, "services.unit.package": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.unit"}, "description": "The unit package to use.", "loc": ["services", "unit", "package"], "readOnly": false, "type": "package"}, "services.unit.stateDir": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/unit\""}, "description": "Unit data directory.", "loc": ["services", "unit", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.unit.user": {"declarations": ["nixos/modules/services/web-servers/unit/default.nix"], "default": {"_type": "literalExpression", "text": "\"unit\""}, "description": "User account under which unit runs.", "loc": ["services", "unit", "user"], "readOnly": false, "type": "string"}, "services.unpoller.enable": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable unpoller.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "unpoller", "enable"], "readOnly": false, "type": "boolean"}, "services.unpoller.influxdb.db": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"unifi\""}, "description": "Database name. Database should exist.\n", "loc": ["services", "unpoller", "influxdb", "db"], "readOnly": false, "type": "string"}, "services.unpoller.influxdb.disable": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the influxdb output plugin.\n", "loc": ["services", "unpoller", "influxdb", "disable"], "readOnly": false, "type": "boolean"}, "services.unpoller.influxdb.interval": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Setting this lower than the Unifi controller's refresh\ninterval may lead to zeroes in your database.\n", "loc": ["services", "unpoller", "influxdb", "interval"], "readOnly": false, "type": "string"}, "services.unpoller.influxdb.pass": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "unpoller-influxdb-default.password"}, "description": "Path of a file containing the password for influxdb.\nThis file needs to be readable by the unifi-poller user.\n", "loc": ["services", "unpoller", "influxdb", "pass"], "readOnly": false, "type": "absolute path"}, "services.unpoller.influxdb.url": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8086\""}, "description": "URL of the influxdb host.\n", "loc": ["services", "unpoller", "influxdb", "url"], "readOnly": false, "type": "string"}, "services.unpoller.influxdb.user": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"unifipoller\""}, "description": "Username for the influxdb.\n", "loc": ["services", "unpoller", "influxdb", "user"], "readOnly": false, "type": "string"}, "services.unpoller.influxdb.verify_ssl": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Verify the influxdb's certificate.\n", "loc": ["services", "unpoller", "influxdb", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.unpoller.loki.interval": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"2m\""}, "description": "How often the events are polled and pushed to Loki.\n", "loc": ["services", "unpoller", "loki", "interval"], "readOnly": false, "type": "string"}, "services.unpoller.loki.pass": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"unpoller-influxdb-default.password\""}, "description": "Path of a file containing the password for Loki.\nThis file needs to be readable by the unifi-poller user.\n", "loc": ["services", "unpoller", "loki", "pass"], "readOnly": false, "type": "absolute path"}, "services.unpoller.loki.tenant_id": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Tenant ID to use in Loki.\n", "loc": ["services", "unpoller", "loki", "tenant_id"], "readOnly": false, "type": "string"}, "services.unpoller.loki.timeout": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"10s\""}, "description": "Should be increased in case of timeout errors.\n", "loc": ["services", "unpoller", "loki", "timeout"], "readOnly": false, "type": "string"}, "services.unpoller.loki.url": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL of the Loki host.\n", "loc": ["services", "unpoller", "loki", "url"], "readOnly": false, "type": "string"}, "services.unpoller.loki.user": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Username for Loki.\n", "loc": ["services", "unpoller", "loki", "user"], "readOnly": false, "type": "string"}, "services.unpoller.loki.verify_ssl": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Verify Loki's certificate.\n", "loc": ["services", "unpoller", "loki", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.unpoller.poller.debug": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turns on line numbers, microsecond logging, and a per-device log.\nThis may be noisy if you have a lot of devices. It adds one line per device.\n", "loc": ["services", "unpoller", "poller", "debug"], "readOnly": false, "type": "boolean"}, "services.unpoller.poller.plugins": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Load additional plugins.\n", "loc": ["services", "unpoller", "poller", "plugins"], "readOnly": false, "type": "list of string"}, "services.unpoller.poller.quiet": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Turns off per-interval logs. Only startup and error logs will be emitted.\n", "loc": ["services", "unpoller", "poller", "quiet"], "readOnly": false, "type": "boolean"}, "services.unpoller.prometheus.disable": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the prometheus output plugin.\n", "loc": ["services", "unpoller", "prometheus", "disable"], "readOnly": false, "type": "boolean"}, "services.unpoller.prometheus.http_listen": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:9130\""}, "description": "Bind the prometheus exporter to this IP or hostname.\n", "loc": ["services", "unpoller", "prometheus", "http_listen"], "readOnly": false, "type": "string"}, "services.unpoller.prometheus.report_errors": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to report errors.\n", "loc": ["services", "unpoller", "prometheus", "report_errors"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of Unifi controllers to poll. Use defaults if empty.\n", "loc": ["services", "unpoller", "unifi", "controllers"], "readOnly": false, "type": "list of (submodule)"}, "services.unpoller.unifi.controllers.*.hash_pii": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hash, with md5, client names and MAC addresses. This attempts\nto protect personally identifiable information.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "hash_pii"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.pass": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "unpoller-unifi-default.password"}, "description": "Path of a file containing the password for the unifi service user.\nThis file needs to be readable by the unifi-poller user.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "pass"], "readOnly": false, "type": "absolute path"}, "services.unpoller.unifi.controllers.*.save_alarms": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi alarms to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "save_alarms"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.save_anomalies": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi anomalies to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "save_anomalies"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.save_dpi": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from deep packet inspection.\nAdds around 150 data points and impacts performance.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "save_dpi"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.save_events": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi events to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "save_events"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.save_ids": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from the intrusion detection system to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "save_ids"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.save_sites": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect and save site data.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "save_sites"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.controllers.*.sites": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"all\""}, "description": "List of site names for which statistics should be exported.\nOr the string \"default\" for the default site or the string \"all\" for all sites.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "sites"], "readOnly": false, "type": "one of \"default\", \"all\" or list of string"}, "services.unpoller.unifi.controllers.*.url": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"https://unifi:8443\""}, "description": "URL of the Unifi controller.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "url"], "readOnly": false, "type": "string"}, "services.unpoller.unifi.controllers.*.user": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"unifi\""}, "description": "Unifi service user name.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "user"], "readOnly": false, "type": "string"}, "services.unpoller.unifi.controllers.*.verify_ssl": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Verify the Unifi controller's certificate.\n", "loc": ["services", "unpoller", "unifi", "controllers", "*", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.hash_pii": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Hash, with md5, client names and MAC addresses. This attempts\nto protect personally identifiable information.\n", "loc": ["services", "unpoller", "unifi", "defaults", "hash_pii"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.pass": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "unpoller-unifi-default.password"}, "description": "Path of a file containing the password for the unifi service user.\nThis file needs to be readable by the unifi-poller user.\n", "loc": ["services", "unpoller", "unifi", "defaults", "pass"], "readOnly": false, "type": "absolute path"}, "services.unpoller.unifi.defaults.save_alarms": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi alarms to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "defaults", "save_alarms"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.save_anomalies": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi anomalies to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "defaults", "save_anomalies"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.save_dpi": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from deep packet inspection.\nAdds around 150 data points and impacts performance.\n", "loc": ["services", "unpoller", "unifi", "defaults", "save_dpi"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.save_events": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from UniFi events to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "defaults", "save_events"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.save_ids": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Collect and save data from the intrusion detection system to influxdb and Loki.\n", "loc": ["services", "unpoller", "unifi", "defaults", "save_ids"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.save_sites": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Collect and save site data.\n", "loc": ["services", "unpoller", "unifi", "defaults", "save_sites"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.defaults.sites": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"all\""}, "description": "List of site names for which statistics should be exported.\nOr the string \"default\" for the default site or the string \"all\" for all sites.\n", "loc": ["services", "unpoller", "unifi", "defaults", "sites"], "readOnly": false, "type": "one of \"default\", \"all\" or list of string"}, "services.unpoller.unifi.defaults.url": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"https://unifi:8443\""}, "description": "URL of the Unifi controller.\n", "loc": ["services", "unpoller", "unifi", "defaults", "url"], "readOnly": false, "type": "string"}, "services.unpoller.unifi.defaults.user": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "\"unifi\""}, "description": "Unifi service user name.\n", "loc": ["services", "unpoller", "unifi", "defaults", "user"], "readOnly": false, "type": "string"}, "services.unpoller.unifi.defaults.verify_ssl": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Verify the Unifi controller's certificate.\n", "loc": ["services", "unpoller", "unifi", "defaults", "verify_ssl"], "readOnly": false, "type": "boolean"}, "services.unpoller.unifi.dynamic": {"declarations": ["nixos/modules/services/monitoring/unpoller.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Let prometheus select which controller to poll when scraping.\nUse with default credentials. See unifi-poller wiki for more.\n", "loc": ["services", "unpoller", "unifi", "dynamic"], "readOnly": false, "type": "boolean"}, "services.upower.allowRiskyCriticalPowerAction": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the risky critical power actions \"Suspend\" and \"Ignore\".\n", "loc": ["services", "upower", "allowRiskyCriticalPowerAction"], "readOnly": false, "type": "boolean"}, "services.upower.criticalPowerAction": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "\"HybridSleep\""}, "description": "The action to take when `timeAction` or\n`percentageAction` has been reached for the batteries\n(UPS or laptop batteries) supplying the computer.\n\nWhen set to `Suspend` or `Ignore`,\n{option}`services.upower.allowRiskyCriticalPowerAction` must be set\nto `true`.\n", "loc": ["services", "upower", "criticalPowerAction"], "readOnly": false, "type": "one of \"PowerOff\", \"Hibernate\", \"HybridSleep\", \"Suspend\", \"Ignore\""}, "services.upower.enable": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Upower, a DBus service that provides power\nmanagement support to applications.\n", "loc": ["services", "upower", "enable"], "readOnly": false, "type": "boolean"}, "services.upower.enableWattsUpPro": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Watts Up Pro device.\n\nThe Watts Up Pro contains a generic FTDI USB device without a specific\nvendor and product ID. When we probe for WUP devices, we can cause\nthe user to get a perplexing \"Device or resource busy\" error when\nattempting to use their non-WUP device.\n\nThe generic FTDI device is known to also be used on:\n\n- Sparkfun FT232 breakout board\n- Parallax Propeller\n", "loc": ["services", "upower", "enableWattsUpPro"], "readOnly": false, "type": "boolean"}, "services.upower.ignoreLid": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do we ignore the lid state\n\nSome laptops are broken. The lid state is either inverted, or stuck\non or off. We can't do much to fix these problems, but this is a way\nfor users to make the laptop panel vanish, a state that might be used\nby a couple of user-space daemons. On Linux systems, see also\n{manpage}`logind.conf(5)`.\n", "loc": ["services", "upower", "ignoreLid"], "readOnly": false, "type": "boolean"}, "services.upower.noPollBatteries": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Don't poll the kernel for battery level changes.\n\nSome hardware will send us battery level changes through\nevents, rather than us having to poll for it. This option\nallows disabling polling for hardware that sends out events.\n", "loc": ["services", "upower", "noPollBatteries"], "readOnly": false, "type": "boolean"}, "services.upower.package": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "pkgs.upower"}, "description": "The upower package to use.", "loc": ["services", "upower", "package"], "readOnly": false, "type": "package"}, "services.upower.percentageAction": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "When `usePercentageForPolicy` is\n`true`, the levels at which UPower will take action\nfor the critical battery level.\n\nThis will also be used for batteries which don't have time information\nsuch as that of peripherals.\n\nIf any value (of `percentageLow`,\n`percentageCritical` and\n`percentageAction`) is invalid, or not in descending\norder, the defaults will be used.\n", "loc": ["services", "upower", "percentageAction"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.upower.percentageCritical": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "When `usePercentageForPolicy` is\n`true`, the levels at which UPower will consider the\nbattery critical.\n\nThis will also be used for batteries which don't have time information\nsuch as that of peripherals.\n\nIf any value (of `percentageLow`,\n`percentageCritical` and\n`percentageAction`) is invalid, or not in descending\norder, the defaults will be used.\n", "loc": ["services", "upower", "percentageCritical"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.upower.percentageLow": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "When `usePercentageForPolicy` is\n`true`, the levels at which UPower will consider the\nbattery low.\n\nThis will also be used for batteries which don't have time information\nsuch as that of peripherals.\n\nIf any value (of `percentageLow`,\n`percentageCritical` and\n`percentageAction`) is invalid, or not in descending\norder, the defaults will be used.\n", "loc": ["services", "upower", "percentageLow"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.upower.timeAction": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "When `usePercentageForPolicy` is\n`false`, the time remaining in seconds at which\nUPower will take action for the critical battery level.\n\nIf any value (of `timeLow`,\n`timeCritical` and `timeAction`) is\ninvalid, or not in descending order, the defaults will be used.\n", "loc": ["services", "upower", "timeAction"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.upower.timeCritical": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "When `usePercentageForPolicy` is\n`false`, the time remaining in seconds at which\nUPower will consider the battery critical.\n\nIf any value (of `timeLow`,\n`timeCritical` and `timeAction`) is\ninvalid, or not in descending order, the defaults will be used.\n", "loc": ["services", "upower", "timeCritical"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.upower.timeLow": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "1200"}, "description": "When `usePercentageForPolicy` is\n`false`, the time remaining in seconds at which\nUPower will consider the battery low.\n\nIf any value (of `timeLow`,\n`timeCritical` and `timeAction`) is\ninvalid, or not in descending order, the defaults will be used.\n", "loc": ["services", "upower", "timeLow"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.upower.usePercentageForPolicy": {"declarations": ["nixos/modules/services/hardware/upower.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Policy for warnings and action based on battery levels\n\nWhether battery percentage based policy should be used. The default\nis to use the percentage, which\nshould work around broken firmwares. It is also more reliable than\nthe time left (frantically saving all your files is going to use more\nbattery than letting it rest for example).\n", "loc": ["services", "upower", "usePercentageForPolicy"], "readOnly": false, "type": "boolean"}, "services.uptermd.enable": {"declarations": ["nixos/modules/services/networking/uptermd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable uptermd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "uptermd", "enable"], "readOnly": false, "type": "boolean"}, "services.uptermd.extraFlags": {"declarations": ["nixos/modules/services/networking/uptermd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the uptermd command.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--debug\"\n]"}, "loc": ["services", "uptermd", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.uptermd.hostKey": {"declarations": ["nixos/modules/services/networking/uptermd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to SSH host key. If not defined, an ed25519 keypair is generated automatically.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/upterm_host_ed25519_key\""}, "loc": ["services", "uptermd", "hostKey"], "readOnly": false, "type": "null or absolute path"}, "services.uptermd.listenAddress": {"declarations": ["nixos/modules/services/networking/uptermd.nix"], "default": {"_type": "literalExpression", "text": "\"[::]\""}, "description": "Address the server will listen on.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "uptermd", "listenAddress"], "readOnly": false, "type": "string"}, "services.uptermd.openFirewall": {"declarations": ["nixos/modules/services/networking/uptermd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the port in {option}`services.uptermd.port`.\n", "loc": ["services", "uptermd", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.uptermd.port": {"declarations": ["nixos/modules/services/networking/uptermd.nix"], "default": {"_type": "literalExpression", "text": "2222"}, "description": "Port the server will listen on.\n", "loc": ["services", "uptermd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.uptime-kuma.appriseSupport": {"declarations": ["nixos/modules/services/monitoring/uptime-kuma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable apprise support for notifications.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "uptime-kuma", "appriseSupport"], "readOnly": false, "type": "boolean"}, "services.uptime-kuma.enable": {"declarations": ["nixos/modules/services/monitoring/uptime-kuma.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Uptime Kuma, this assumes a reverse proxy to be set.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "uptime-kuma", "enable"], "readOnly": false, "type": "boolean"}, "services.uptime-kuma.package": {"declarations": ["nixos/modules/services/monitoring/uptime-kuma.nix"], "default": {"_type": "literalExpression", "text": "pkgs.uptime-kuma"}, "description": "The uptime-kuma package to use.", "loc": ["services", "uptime-kuma", "package"], "readOnly": false, "type": "package"}, "services.uptime-kuma.settings": {"declarations": ["nixos/modules/services/monitoring/uptime-kuma.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for Uptime Kuma, see\n<https://github.com/louislam/uptime-kuma/wiki/Environment-Variables>\nfor supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  NODE_EXTRA_CA_CERTS = {\n    _type = \"literalExpression\";\n    text = \"config.security.pki.caBundle\";\n  };\n  PORT = \"4000\";\n  UPTIME_KUMA_DB_HOSTNAME = \"localhost\";\n  UPTIME_KUMA_DB_NAME = \"uptime-kuma\";\n  UPTIME_KUMA_DB_PASSWORD = \"uptime-kuma\";\n  UPTIME_KUMA_DB_TYPE = \"mariadb\";\n  UPTIME_KUMA_DB_USERNAME = \"uptime-kuma\";\n}"}, "loc": ["services", "uptime-kuma", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.uptime.configFile": {"declarations": ["nixos/modules/services/monitoring/uptime.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The uptime configuration file\n\nIf mongodb: server != localhost, please set usesRemoteMongo = true\n\nIf you only want to run the monitor, please set enableWebService = false\nand enableSeparateMonitoringService = true\n\nIf autoStartMonitor: false (recommended) and you want to run both\nservices, please set enableSeparateMonitoringService = true\n", "loc": ["services", "uptime", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.uptime.enableSeparateMonitoringService": {"declarations": ["nixos/modules/services/monitoring/uptime.nix"], "default": {"_type": "literalExpression", "text": "config.services.uptime.enableWebService"}, "description": "Whether to enable the uptime monitoring service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "uptime", "enableSeparateMonitoringService"], "readOnly": false, "type": "boolean"}, "services.uptime.enableWebService": {"declarations": ["nixos/modules/services/monitoring/uptime.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the uptime monitoring program web service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "uptime", "enableWebService"], "readOnly": false, "type": "boolean"}, "services.uptime.nodeEnv": {"declarations": ["nixos/modules/services/monitoring/uptime.nix"], "default": {"_type": "literalExpression", "text": "\"production\""}, "description": "The node environment to run in (development, production, etc.)", "loc": ["services", "uptime", "nodeEnv"], "readOnly": false, "type": "string"}, "services.uptime.usesRemoteMongo": {"declarations": ["nixos/modules/services/monitoring/uptime.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the configuration file specifies a remote mongo instance", "loc": ["services", "uptime", "usesRemoteMongo"], "readOnly": false, "type": "boolean"}, "services.uptimed.enable": {"declarations": ["nixos/modules/services/system/uptimed.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable `uptimed`, allowing you to track\nyour highest uptimes.\n", "loc": ["services", "uptimed", "enable"], "readOnly": false, "type": "boolean"}, "services.urserver.enable": {"declarations": ["nixos/modules/services/x11/urserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable urserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "urserver", "enable"], "readOnly": false, "type": "boolean"}, "services.urxvtd.enable": {"declarations": ["nixos/modules/services/x11/urxvtd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable urxvtd, the urxvt terminal daemon. To use urxvtd, run\n\"urxvtc\".\n", "loc": ["services", "urxvtd", "enable"], "readOnly": false, "type": "boolean"}, "services.urxvtd.package": {"declarations": ["nixos/modules/services/x11/urxvtd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rxvt-unicode"}, "description": "The rxvt-unicode package to use.", "loc": ["services", "urxvtd", "package"], "readOnly": false, "type": "package"}, "services.usbguard.IPCAllowedGroups": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of groupnames that the daemon will accept IPC connections\nfrom.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wheel\"\n]"}, "loc": ["services", "usbguard", "IPCAllowedGroups"], "readOnly": false, "type": "list of string"}, "services.usbguard.IPCAllowedUsers": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"root\"\n]"}, "description": "A list of usernames that the daemon will accept IPC connections from.\n", "example": {"_type": "literalExpression", "text": "[\n  \"root\"\n  \"yourusername\"\n]"}, "loc": ["services", "usbguard", "IPCAllowedUsers"], "readOnly": false, "type": "list of string"}, "services.usbguard.dbus.enable": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable USBGuard dbus daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "usbguard", "dbus", "enable"], "readOnly": false, "type": "boolean"}, "services.usbguard.deviceRulesWithPort": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Generate device specific rules including the \"via-port\" attribute.\n", "loc": ["services", "usbguard", "deviceRulesWithPort"], "readOnly": false, "type": "boolean"}, "services.usbguard.enable": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable USBGuard daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "usbguard", "enable"], "readOnly": false, "type": "boolean"}, "services.usbguard.implicitPolicyTarget": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "\"block\""}, "description": "How to treat USB devices that don't match any rule in the policy.\nTarget should be one of allow, block or reject (logically remove the\ndevice node from the system).\n", "loc": ["services", "usbguard", "implicitPolicyTarget"], "readOnly": false, "type": "one of \"allow\", \"block\", \"reject\""}, "services.usbguard.insertedDevicePolicy": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "\"apply-policy\""}, "description": "How to treat USB devices that are already connected after the daemon\nstarts. One of block, reject, apply-policy.\n", "loc": ["services", "usbguard", "insertedDevicePolicy"], "readOnly": false, "type": "one of \"block\", \"reject\", \"apply-policy\""}, "services.usbguard.package": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "pkgs.usbguard"}, "description": "The usbguard package to use.", "loc": ["services", "usbguard", "package"], "readOnly": false, "type": "package"}, "services.usbguard.presentControllerPolicy": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "\"keep\""}, "description": "How to treat USB controller devices that are already connected when\nthe daemon starts. One of allow, block, reject, keep or apply-policy.\n", "loc": ["services", "usbguard", "presentControllerPolicy"], "readOnly": false, "type": "one of \"allow\", \"block\", \"reject\", \"keep\", \"apply-policy\""}, "services.usbguard.presentDevicePolicy": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "\"apply-policy\""}, "description": "How to treat USB devices that are already connected when the daemon\nstarts. Policy should be one of allow, block, reject, keep (keep\nwhatever state the device is currently in) or apply-policy (evaluate\nthe rule set for every present device).\n", "loc": ["services", "usbguard", "presentDevicePolicy"], "readOnly": false, "type": "one of \"allow\", \"block\", \"reject\", \"keep\", \"apply-policy\""}, "services.usbguard.restoreControllerDeviceState": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The  USBGuard  daemon  modifies  some attributes of controller\ndevices like the default authorization state of new child device\ninstances. Using this setting, you can control whether the daemon\nwill try to restore the attribute values to the state before\nmodification on shutdown.\n", "loc": ["services", "usbguard", "restoreControllerDeviceState"], "readOnly": false, "type": "boolean"}, "services.usbguard.ruleFile": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/usbguard/rules.conf\""}, "description": "This tells the USBGuard daemon which file to load as policy rule set.\n\nThe file can be changed manually or via the IPC interface assuming it has the right file permissions.\n\nFor more details see {manpage}`usbguard-rules.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/usbguard-rules\""}, "loc": ["services", "usbguard", "ruleFile"], "readOnly": false, "type": "null or absolute path"}, "services.usbguard.rules": {"declarations": ["nixos/modules/services/security/usbguard.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The USBGuard daemon will load this as the policy rule set.\nAs these rules are NixOS managed they are immutable and can't\nbe changed by the IPC interface.\n\nIf you do not set this option, the USBGuard daemon will load\nit's policy rule set from the option configured in `services.usbguard.ruleFile`.\n\nRunning `usbguard generate-policy` as root will\ngenerate a config for your currently plugged in devices.\n\nFor more details see {manpage}`usbguard-rules.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "''\n  allow with-interface equals { 08:*:* }\n''"}, "loc": ["services", "usbguard", "rules"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.usbmuxd.enable": {"declarations": ["nixos/modules/services/hardware/usbmuxd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the usbmuxd (\"USB multiplexing daemon\") service. This daemon is\nin charge of multiplexing connections over USB to an iOS device. This is\nneeded for transferring data from and to iOS devices (see ifuse). Also\nthis may enable plug-n-play tethering for iPhones.\n", "loc": ["services", "usbmuxd", "enable"], "readOnly": false, "type": "boolean"}, "services.usbmuxd.group": {"declarations": ["nixos/modules/services/hardware/usbmuxd.nix"], "default": {"_type": "literalExpression", "text": "\"usbmux\""}, "description": "The group usbmuxd should use to run after startup.\n", "loc": ["services", "usbmuxd", "group"], "readOnly": false, "type": "string"}, "services.usbmuxd.package": {"declarations": ["nixos/modules/services/hardware/usbmuxd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.usbmuxd"}, "description": "Which package to use for the usbmuxd daemon.", "loc": ["services", "usbmuxd", "package"], "readOnly": false, "relatedPackages": "- [`pkgs.usbmuxd`](\n    https://search.nixos.org/packages?show=usbmuxd&sort=relevance&query=usbmuxd\n  )\n- [`pkgs.usbmuxd2`](\n    https://search.nixos.org/packages?show=usbmuxd2&sort=relevance&query=usbmuxd2\n  )\n", "type": "package"}, "services.usbmuxd.user": {"declarations": ["nixos/modules/services/hardware/usbmuxd.nix"], "default": {"_type": "literalExpression", "text": "\"usbmux\""}, "description": "The user usbmuxd should use to run after startup.\n", "loc": ["services", "usbmuxd", "user"], "readOnly": false, "type": "string"}, "services.usbrelayd.broker": {"declarations": ["nixos/modules/services/hardware/usbrelayd.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Hostname or IP address of your MQTT Broker.", "example": {"_type": "literalExpression", "text": "[\n  \"mqtt\"\n  \"192.168.1.1\"\n]"}, "loc": ["services", "usbrelayd", "broker"], "readOnly": false, "type": "string"}, "services.usbrelayd.clientName": {"declarations": ["nixos/modules/services/hardware/usbrelayd.nix"], "default": {"_type": "literalExpression", "text": "\"MyUSBRelay\""}, "description": "Name, your client connects as.", "loc": ["services", "usbrelayd", "clientName"], "readOnly": false, "type": "string"}, "services.usbrelayd.enable": {"declarations": ["nixos/modules/services/hardware/usbrelayd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable USB Relay MQTT daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "usbrelayd", "enable"], "readOnly": false, "type": "boolean"}, "services.userborn.enable": {"declarations": ["nixos/modules/services/system/userborn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable userborn.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "userborn", "enable"], "readOnly": false, "type": "boolean"}, "services.userborn.package": {"declarations": ["nixos/modules/services/system/userborn.nix"], "default": {"_type": "literalExpression", "text": "pkgs.userborn"}, "description": "The userborn package to use.", "loc": ["services", "userborn", "package"], "readOnly": false, "type": "package"}, "services.userborn.passwordFilesLocation": {"declarations": ["nixos/modules/services/system/userborn.nix"], "default": {"_type": "literalExpression", "text": "if immutableEtc && !config.services.userborn.static then \"/var/lib/nixos\" else \"/etc\""}, "description": "The location of the original password files.\n\nIf this is not `/etc`, the files are symlinked from this location to `/etc`.\n\nThe primary motivation for this is an immutable `/etc`, where we cannot\nwrite the files directly to `/etc`.\n\nHowever this an also serve other use cases, e.g. when `/etc` is on a `tmpfs`.\n", "loc": ["services", "userborn", "passwordFilesLocation"], "readOnly": false, "type": "string"}, "services.userborn.static": {"declarations": ["nixos/modules/services/system/userborn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate the password files at build time and store them directly\nin the system closure, without requiring any services at boot time.\n\nThis is STRICTLY intended for embedded appliance images that only have system\nusers with manually managed static user IDs, and CANNOT be used with generation\nupdates.\n\nWARNING: In this mode, you MUST statically manage user IDs yourself, carefully.\nBeware, UID reuse is a serious security issue and it's your responsibility\nto avoid it over the entire lifetime of the system.\n", "loc": ["services", "userborn", "static"], "readOnly": false, "type": "boolean"}, "services.userdbd.enable": {"declarations": ["nixos/modules/system/boot/systemd/userdbd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the systemd JSON user/group record lookup service\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "userdbd", "enable"], "readOnly": false, "type": "boolean"}, "services.userdbd.enableSSHSupport": {"declarations": ["nixos/modules/system/boot/systemd/userdbd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exposing OpenSSH public keys defined in userdb. Be aware that this\nenables modifying public keys at runtime, either by users managed by\n{option}`services.homed`, or globally via drop-in files\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "userdbd", "enableSSHSupport"], "readOnly": false, "type": "boolean"}, "services.ustreamer.autoStart": {"declarations": ["nixos/modules/services/video/ustreamer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Wether to start \u00b5Streamer on boot. Disabling this will use socket\nactivation. The service will stop gracefully after some inactivity.\nDisabling this will set `--exit-on-no-clients=300`\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "ustreamer", "autoStart"], "readOnly": false, "type": "boolean"}, "services.ustreamer.device": {"declarations": ["nixos/modules/services/video/ustreamer.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/video0\""}, "description": "The v4l2 device to stream.\n", "example": {"_type": "literalExpression", "text": "\"/dev/v4l/by-id/usb-0000_Dummy_abcdef-video-index0\""}, "loc": ["services", "ustreamer", "device"], "readOnly": false, "type": "absolute path"}, "services.ustreamer.enable": {"declarations": ["nixos/modules/services/video/ustreamer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable \u00b5Streamer, a lightweight MJPEG-HTTP streamer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ustreamer", "enable"], "readOnly": false, "type": "boolean"}, "services.ustreamer.extraArgs": {"declarations": ["nixos/modules/services/video/ustreamer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to `ustreamer`. See {manpage}`ustreamer(1)`\n", "example": {"_type": "literalExpression", "text": "[\n  \"--resolution=1920x1080\"\n]"}, "loc": ["services", "ustreamer", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.ustreamer.listenAddress": {"declarations": ["nixos/modules/services/video/ustreamer.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:8080\""}, "description": "Address to expose the HTTP server. This accepts values for\nListenStream= defined in {manpage}`systemd.socket(5)`\n", "example": {"_type": "literalExpression", "text": "\"/run/ustreamer.sock\""}, "loc": ["services", "ustreamer", "listenAddress"], "readOnly": false, "type": "string"}, "services.ustreamer.package": {"declarations": ["nixos/modules/services/video/ustreamer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ustreamer"}, "description": "The ustreamer package to use.", "loc": ["services", "ustreamer", "package"], "readOnly": false, "type": "package"}, "services.uvcvideo.dynctrl.enable": {"declarations": ["nixos/modules/hardware/video/uvcvideo/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable {command}`uvcvideo` dynamic controls.\n\nNote that enabling this brings the {command}`uvcdynctrl` tool\ninto your environment and register all dynamic controls from\nspecified {command}`packages` to the {command}`uvcvideo` driver.\n", "loc": ["services", "uvcvideo", "dynctrl", "enable"], "readOnly": false, "type": "boolean"}, "services.uvcvideo.dynctrl.packages": {"declarations": ["nixos/modules/hardware/video/uvcvideo/default.nix"], "description": "List of packages containing {command}`uvcvideo` dynamic controls\nrules. All files found in\n{file}`\u00abpkg\u00bb/share/uvcdynctrl/data`\nwill be included.\n\nNote that these will serve as input to the {command}`libwebcam`\npackage which through its own {command}`udev` rule will register\nthe dynamic controls from specified packages to the {command}`uvcvideo`\ndriver.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.tiscamera ]"}, "loc": ["services", "uvcvideo", "dynctrl", "packages"], "readOnly": false, "type": "list of absolute path"}, "services.uwsgi.capabilities": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Grant capabilities to the uWSGI instance. See the\n{manpage}`capabilities(7)` for available values.\n\n::: {.note}\nuWSGI runs as an unprivileged user (even as Emperor) with the minimal\ncapabilities required. This option can be used to add fine-grained\npermissions without running the service as root.\n\nWhen in Emperor mode, any capability to be inherited by a vassal must\nbe specified again in the vassal configuration using `cap`.\nSee the uWSGI [docs](https://uwsgi-docs.readthedocs.io/en/latest/Capabilities.html)\nfor more information.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  \"CAP_NET_BIND_SERVICE\" # bind on ports <1024\n  \"CAP_NET_RAW\"          # open raw sockets\n]\n"}, "loc": ["services", "uwsgi", "capabilities"], "readOnly": false, "type": "list of string"}, "services.uwsgi.enable": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable uWSGI", "loc": ["services", "uwsgi", "enable"], "readOnly": false, "type": "boolean"}, "services.uwsgi.group": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "\"uwsgi\""}, "description": "Group account under which uWSGI runs.", "loc": ["services", "uwsgi", "group"], "readOnly": false, "type": "string"}, "services.uwsgi.instance": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "{\n  type = \"normal\";\n}"}, "description": "uWSGI configuration. It awaits an attribute `type` inside which can be either\n`normal` or `emperor`.\n\nFor `normal` mode you can specify `pythonPackages` as a function\nfrom libraries set into a list of libraries. `pythonpath` will be set accordingly.\n\nFor `emperor` mode, you should use `vassals` attribute\nwhich should be either a set of names and configurations or a path to a directory.\n\nOther attributes will be used in configuration file as-is. Notice that you can redefine\n`plugins` setting here.\n", "example": {"_type": "literalExpression", "text": "{\n  type = \"emperor\";\n  vassals = {\n    moin = {\n      type = \"normal\";\n      pythonPackages = self: with self; [ moinmoin ];\n      socket = \"${config.services.uwsgi.runDir}/uwsgi.sock\";\n    };\n  };\n}\n"}, "loc": ["services", "uwsgi", "instance"], "readOnly": false, "type": "Json value or lambda"}, "services.uwsgi.plugins": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugins used with uWSGI", "loc": ["services", "uwsgi", "plugins"], "readOnly": false, "type": "list of string"}, "services.uwsgi.runDir": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "\"/run/uwsgi\""}, "description": "Where uWSGI communication sockets can live", "loc": ["services", "uwsgi", "runDir"], "readOnly": false, "type": "absolute path"}, "services.uwsgi.user": {"declarations": ["nixos/modules/services/web-servers/uwsgi.nix"], "default": {"_type": "literalExpression", "text": "\"uwsgi\""}, "description": "User account under which uWSGI runs.", "loc": ["services", "uwsgi", "user"], "readOnly": false, "type": "string"}, "services.v2ray.config": {"declarations": ["nixos/modules/services/networking/v2ray.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The configuration object.\n\nEither `configFile` or `config` must be specified.\n\nSee <https://www.v2fly.org/en_US/v5/config/overview.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  inbounds = [\n    {\n      listen = \"127.0.0.1\";\n      port = 1080;\n      protocol = \"http\";\n    }\n  ];\n  outbounds = [\n    {\n      protocol = \"freedom\";\n    }\n  ];\n}"}, "loc": ["services", "v2ray", "config"], "readOnly": false, "type": "null or JSON value"}, "services.v2ray.configFile": {"declarations": ["nixos/modules/services/networking/v2ray.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The absolute path to the configuration file.\n\nEither `configFile` or `config` must be specified.\n\nSee <https://www.v2fly.org/en_US/v5/config/overview.html>.\n", "example": {"_type": "literalExpression", "text": "\"/etc/v2ray/config.json\""}, "loc": ["services", "v2ray", "configFile"], "readOnly": false, "type": "null or string"}, "services.v2ray.enable": {"declarations": ["nixos/modules/services/networking/v2ray.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run v2ray server.\n\nEither `configFile` or `config` must be specified.\n", "loc": ["services", "v2ray", "enable"], "readOnly": false, "type": "boolean"}, "services.v2ray.package": {"declarations": ["nixos/modules/services/networking/v2ray.nix"], "default": {"_type": "literalExpression", "text": "pkgs.v2ray"}, "description": "The v2ray package to use.", "loc": ["services", "v2ray", "package"], "readOnly": false, "type": "package"}, "services.v2raya.cliPackage": {"declarations": ["nixos/modules/services/networking/v2raya.nix"], "default": {"_type": "literalExpression", "text": "pkgs.v2ray"}, "description": "The v2ray package to use. This is the package used for overriding the value of the `v2ray` attribute in the package set by `services.v2raya.package`.", "example": {"_type": "literalExpression", "text": "pkgs.xray"}, "loc": ["services", "v2raya", "cliPackage"], "readOnly": false, "type": "package"}, "services.v2raya.enable": {"declarations": ["nixos/modules/services/networking/v2raya.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the v2rayA service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "v2raya", "enable"], "readOnly": false, "type": "boolean"}, "services.v2raya.package": {"declarations": ["nixos/modules/services/networking/v2raya.nix"], "default": {"_type": "literalExpression", "text": "pkgs.v2raya"}, "description": "The v2raya package to use.", "loc": ["services", "v2raya", "package"], "readOnly": false, "type": "package"}, "services.v4l2-relayd.instances": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "v4l2-relayd instances to be created.\n", "example": {"_type": "literalExpression", "text": "{\n  example = {\n    cardLabel = \"Example card\";\n    input.pipeline = \"videotestsrc\";\n  };\n}\n"}, "loc": ["services", "v4l2-relayd", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.v4l2-relayd.instances.<name>.cardLabel": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "description": "The name the camera will show up as.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "cardLabel"], "readOnly": false, "type": "string"}, "services.v4l2-relayd.instances.<name>.enable": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable this v4l2-relayd instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "v4l2-relayd", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.v4l2-relayd.instances.<name>.extraPackages": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to {env}`GST_PLUGIN_PATH` for the instance.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.v4l2-relayd.instances.<name>.input.format": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "\"YUY2\""}, "description": "The video-format to read from input-stream.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "input", "format"], "readOnly": false, "type": "string"}, "services.v4l2-relayd.instances.<name>.input.framerate": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "The framerate to read from input-stream.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "input", "framerate"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.v4l2-relayd.instances.<name>.input.height": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "720"}, "description": "The height to read from input-stream.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "input", "height"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.v4l2-relayd.instances.<name>.input.pipeline": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "description": "The gstreamer-pipeline to use for the input-stream.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "input", "pipeline"], "readOnly": false, "type": "string"}, "services.v4l2-relayd.instances.<name>.input.width": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "1280"}, "description": "The width to read from input-stream.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "input", "width"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.v4l2-relayd.instances.<name>.name": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The name of the instance.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "name"], "readOnly": false, "type": "string"}, "services.v4l2-relayd.instances.<name>.output.format": {"declarations": ["nixos/modules/services/video/v4l2-relayd.nix"], "default": {"_type": "literalExpression", "text": "\"YUY2\""}, "description": "The video-format to write to output-stream.\n", "loc": ["services", "v4l2-relayd", "instances", "<name>", "output", "format"], "readOnly": false, "type": "string"}, "services.varnish.config": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "description": "Verbatim default.vcl configuration.\n", "loc": ["services", "varnish", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.varnish.enable": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Varnish Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "varnish", "enable"], "readOnly": false, "type": "boolean"}, "services.varnish.enableConfigCheck": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable checking the config during build time.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "varnish", "enableConfigCheck"], "readOnly": false, "type": "boolean"}, "services.varnish.extraCommandLine": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command line switches for varnishd (run 'varnishd -?' to get list of options)\n", "example": {"_type": "literalExpression", "text": "\"-s malloc,256M\""}, "loc": ["services", "varnish", "extraCommandLine"], "readOnly": false, "type": "string"}, "services.varnish.extraModules": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Varnish modules (except 'std').\n", "example": {"_type": "literalExpression", "text": "[ pkgs.varnishPackages.geoip ]"}, "loc": ["services", "varnish", "extraModules"], "readOnly": false, "type": "list of package"}, "services.varnish.http_address": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HTTP listen address and port.\n", "loc": ["services", "varnish", "http_address"], "readOnly": false, "type": "null or string"}, "services.varnish.listen": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "[ { address=\"*\"; port=6081; } ]"}, "description": "Accept for client requests on the specified listen addresses.", "loc": ["services", "varnish", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.varnish.listen.*.address": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "description": "If given an IP address, it can be a host name (\"localhost\"), an IPv4 dotted-quad\n(\"127.0.0.1\") or an IPv6  address enclosed in square brackets (\"[::1]\").\n\n(VCL4.1 and higher) If given an absolute Path (\"/path/to/listen.sock\") or \"@\"\nfollowed by the name of an abstract socket (\"@myvarnishd\") accept connections\non a Unix domain socket.\n\nThe user, group and mode sub-arguments may be used to specify the permissions\nof the socket file. These sub-arguments do not apply to  abstract sockets.\n", "loc": ["services", "varnish", "listen", "*", "address"], "readOnly": false, "type": "string"}, "services.varnish.listen.*.group": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group name who owns the socket file.", "loc": ["services", "varnish", "listen", "*", "group"], "readOnly": false, "type": "null or string"}, "services.varnish.listen.*.mode": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Permission of the socket file (3-digit octal value).", "loc": ["services", "varnish", "listen", "*", "mode"], "readOnly": false, "type": "null or string"}, "services.varnish.listen.*.name": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name is referenced in logs. If name is not specified, 'a0', 'a1', etc. is used.", "loc": ["services", "varnish", "listen", "*", "name"], "readOnly": false, "type": "null or string"}, "services.varnish.listen.*.port": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to use for IP sockets. If port is not specified, port 80 (http) is used.", "loc": ["services", "varnish", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.varnish.listen.*.proto": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "\"HTTP\""}, "description": "PROTO can be 'HTTP' (the default) or 'PROXY'.  Both version 1 and 2 of the proxy protocol can be used.", "loc": ["services", "varnish", "listen", "*", "proto"], "readOnly": false, "type": "one of \"HTTP\", \"PROXY\""}, "services.varnish.listen.*.user": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User name who owns the socket file.", "loc": ["services", "varnish", "listen", "*", "user"], "readOnly": false, "type": "null or string"}, "services.varnish.package": {"declarations": ["nixos/modules/services/web-servers/varnish/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.varnish"}, "description": "The varnish package to use.", "loc": ["services", "varnish", "package"], "readOnly": false, "type": "package"}, "services.vault-agent.instances": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of vault-agent instances.\nCreates independent `vault-agent-${name}.service` systemd units for each instance defined here.\n", "loc": ["services", "vault-agent", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.vault-agent.instances.<name>.enable": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this vault-agent instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vault-agent", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.vault-agent.instances.<name>.group": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "Group under which this instance runs.\n", "loc": ["services", "vault-agent", "instances", "<name>", "group"], "readOnly": false, "type": "string"}, "services.vault-agent.instances.<name>.package": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vault"}, "description": "The vault package to use.", "loc": ["services", "vault-agent", "instances", "<name>", "package"], "readOnly": false, "type": "package"}, "services.vault-agent.instances.<name>.settings": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Free-form settings written directly to the {file}`config.json` file.\nRefer to <https://developer.hashicorp.com/vault/docs/agent#configuration-file-options> for supported values.\n\n::: {.note}\nResulting format is JSON not HCL.\nRefer to <https://www.hcl2json.com/> if you are unsure how to convert HCL options to JSON.\n:::\n", "loc": ["services", "vault-agent", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.vault-agent.instances.<name>.settings.pid_file": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "\"/run/vault-agent/\u2039name\u203a.pid\""}, "description": "Path to use for the pid file.\n", "loc": ["services", "vault-agent", "instances", "<name>", "settings", "pid_file"], "readOnly": false, "type": "string"}, "services.vault-agent.instances.<name>.user": {"declarations": ["nixos/modules/services/security/vault-agent.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "User under which this instance runs.\n", "loc": ["services", "vault-agent", "instances", "<name>", "user"], "readOnly": false, "type": "string"}, "services.vault.address": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8200\""}, "description": "The name of the ip interface to listen to", "loc": ["services", "vault", "address"], "readOnly": false, "type": "string"}, "services.vault.dev": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "In this mode, Vault runs in-memory and starts unsealed. This option is not meant production but for development and testing i.e. for nixos tests.\n", "loc": ["services", "vault", "dev"], "readOnly": false, "type": "boolean"}, "services.vault.devRootTokenID": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Initial root token. This only applies when {option}`services.vault.dev` is true\n", "loc": ["services", "vault", "devRootTokenID"], "readOnly": false, "type": "null or string"}, "services.vault.enable": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Vault daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vault", "enable"], "readOnly": false, "type": "boolean"}, "services.vault.extraConfig": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra text appended to {file}`vault.hcl`.", "loc": ["services", "vault", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.vault.extraSettingsPaths": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configuration files to load besides the immutable one defined by the NixOS module.\nThis can be used to avoid putting credentials in the Nix store, which can be read by any user.\n\nEach path can point to a JSON- or HCL-formatted file, or a directory\nto be scanned for files with `.hcl` or\n`.json` extensions.\n\nTo upload the confidential file with NixOps, use for example:\n\n```\n# https://releases.nixos.org/nixops/latest/manual/manual.html#opt-deployment.keys\ndeployment.keys.\"vault.hcl\" = let db = import ./db-credentials.nix; in {\n  text = ''\n    storage \"postgresql\" {\n      connection_url = \"postgres://${db.username}:${db.password}@host.example.com/exampledb?sslmode=verify-ca\"\n    }\n  '';\n  user = \"vault\";\n};\nservices.vault.extraSettingsPaths = [\"/run/keys/vault.hcl\"];\nservices.vault.storageBackend = \"postgresql\";\nusers.users.vault.extraGroups = [\"keys\"];\n```\n", "loc": ["services", "vault", "extraSettingsPaths"], "readOnly": false, "type": "list of absolute path"}, "services.vault.listenerExtraConfig": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "''\n  tls_min_version = \"tls12\"\n''"}, "description": "Extra text appended to the listener section.", "loc": ["services", "vault", "listenerExtraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.vault.package": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vault"}, "description": "The vault package to use.", "loc": ["services", "vault", "package"], "readOnly": false, "type": "package"}, "services.vault.storageBackend": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "\"inmem\""}, "description": "The name of the type of storage backend", "loc": ["services", "vault", "storageBackend"], "readOnly": false, "type": "one of \"inmem\", \"file\", \"consul\", \"zookeeper\", \"s3\", \"azure\", \"dynamodb\", \"etcd\", \"mssql\", \"mysql\", \"postgresql\", \"swift\", \"gcs\", \"raft\""}, "services.vault.storageConfig": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "HCL configuration to insert in the storageBackend section.\n\nConfidential values should not be specified here because this option's\nvalue is written to the Nix store, which is publicly readable.\nProvide credentials and such in a separate file using\n[](#opt-services.vault.extraSettingsPaths).\n", "loc": ["services", "vault", "storageConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.vault.storagePath": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "if config.services.vault.storageBackend == \"file\" || cfg.storageBackend == \"raft\"\nthen \"/var/lib/vault\"\nelse null\n"}, "description": "Data directory for file backend", "loc": ["services", "vault", "storagePath"], "readOnly": false, "type": "null or absolute path"}, "services.vault.telemetryConfig": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Telemetry configuration", "loc": ["services", "vault", "telemetryConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.vault.tlsCertFile": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS certificate file. TLS will be disabled unless this option is set", "example": {"_type": "literalExpression", "text": "\"/path/to/your/cert.pem\""}, "loc": ["services", "vault", "tlsCertFile"], "readOnly": false, "type": "null or string"}, "services.vault.tlsKeyFile": {"declarations": ["nixos/modules/services/security/vault.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS private key file. TLS will be disabled unless this option is set", "example": {"_type": "literalExpression", "text": "\"/path/to/your/key.pem\""}, "loc": ["services", "vault", "tlsKeyFile"], "readOnly": false, "type": "null or string"}, "services.vdirsyncer.enable": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vdirsyncer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vdirsyncer", "enable"], "readOnly": false, "type": "boolean"}, "services.vdirsyncer.jobs": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "description": "vdirsyncer job configurations", "loc": ["services", "vdirsyncer", "jobs"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.vdirsyncer.jobs.<name>.additionalGroups": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "additional groups to add the dynamic user to", "loc": ["services", "vdirsyncer", "jobs", "<name>", "additionalGroups"], "readOnly": false, "type": "list of string"}, "services.vdirsyncer.jobs.<name>.config.general": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "general configuration", "loc": ["services", "vdirsyncer", "jobs", "<name>", "config", "general"], "readOnly": false, "type": "attribute set"}, "services.vdirsyncer.jobs.<name>.config.pairs": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "vdirsyncer pair configurations", "example": {"_type": "literalExpression", "text": "{\n  my_contacts = {\n    a = \"my_cloud_contacts\";\n    b = \"my_local_contacts\";\n    collections = [ \"from a\" ];\n    conflict_resolution = \"a wins\";\n    metadata = [ \"color\" \"displayname\" ];\n  };\n};\n"}, "loc": ["services", "vdirsyncer", "jobs", "<name>", "config", "pairs"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.vdirsyncer.jobs.<name>.config.statusPath": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "/var/lib/vdirsyncer/${attrName}"}, "description": "vdirsyncer's status path", "loc": ["services", "vdirsyncer", "jobs", "<name>", "config", "statusPath"], "readOnly": false, "type": "null or string"}, "services.vdirsyncer.jobs.<name>.config.storages": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "vdirsyncer storage configurations", "example": {"_type": "literalExpression", "text": "{\n  my_cloud_contacts = {\n    type = \"carddav\";\n    url = \"https://dav.example.com/\";\n    read_only = true;\n    username = \"user\";\n    \"password.fetch\" = [ \"command\" \"cat\" \"/etc/vdirsyncer/cloud.passwd\" ];\n  };\n  my_local_contacts = {\n    type = \"carddav\";\n    url = \"https://localhost/\";\n    username = \"user\";\n    \"password.fetch\" = [ \"command\" \"cat\" \"/etc/vdirsyncer/local.passwd\" ];\n  };\n}\n"}, "loc": ["services", "vdirsyncer", "jobs", "<name>", "config", "storages"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.vdirsyncer.jobs.<name>.configFile": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "existing configuration file", "loc": ["services", "vdirsyncer", "jobs", "<name>", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.vdirsyncer.jobs.<name>.enable": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this vdirsyncer job.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "vdirsyncer", "jobs", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.vdirsyncer.jobs.<name>.forceDiscover": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run `yes | vdirsyncer discover` prior to `vdirsyncer sync`\n", "loc": ["services", "vdirsyncer", "jobs", "<name>", "forceDiscover"], "readOnly": false, "type": "boolean"}, "services.vdirsyncer.jobs.<name>.group": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "group to run vdirsyncer as", "loc": ["services", "vdirsyncer", "jobs", "<name>", "group"], "readOnly": false, "type": "null or string"}, "services.vdirsyncer.jobs.<name>.timerConfig": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "{\n  OnBootSec = \"1h\";\n  OnUnitActiveSec = \"6h\";\n}"}, "description": "systemd timer configuration", "loc": ["services", "vdirsyncer", "jobs", "<name>", "timerConfig"], "readOnly": false, "type": "attribute set"}, "services.vdirsyncer.jobs.<name>.user": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "User account to run vdirsyncer as, otherwise as a systemd\ndynamic user\n", "loc": ["services", "vdirsyncer", "jobs", "<name>", "user"], "readOnly": false, "type": "null or string"}, "services.vdirsyncer.package": {"declarations": ["nixos/modules/services/networking/vdirsyncer.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vdirsyncer"}, "description": "The vdirsyncer package to use.", "loc": ["services", "vdirsyncer", "package"], "readOnly": false, "type": "package"}, "services.vdr.enable": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VDR, a video disk recorder.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vdr", "enable"], "readOnly": false, "type": "boolean"}, "services.vdr.enableLirc": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable LIRC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vdr", "enableLirc"], "readOnly": false, "type": "boolean"}, "services.vdr.extraArguments": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command line arguments to pass to VDR.", "loc": ["services", "vdr", "extraArguments"], "readOnly": false, "type": "list of string"}, "services.vdr.group": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "\"vdr\""}, "description": "Group under which the VDRvdr service runs.\n", "loc": ["services", "vdr", "group"], "readOnly": false, "type": "string"}, "services.vdr.package": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vdr"}, "description": "The vdr package to use.", "example": {"_type": "literalExpression", "text": "wrapVdr.override { plugins = with pkgs.vdrPlugins; [ hello ]; }"}, "loc": ["services", "vdr", "package"], "readOnly": false, "type": "package"}, "services.vdr.user": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "\"vdr\""}, "description": "User under which the VDR service runs.\n", "loc": ["services", "vdr", "user"], "readOnly": false, "type": "string"}, "services.vdr.videoDir": {"declarations": ["nixos/modules/services/hardware/vdr.nix"], "default": {"_type": "literalExpression", "text": "\"/srv/vdr/video\""}, "description": "Recording directory", "loc": ["services", "vdr", "videoDir"], "readOnly": false, "type": "absolute path"}, "services.vector.enable": {"declarations": ["nixos/modules/services/logging/vector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Vector, a high-performance observability data pipeline.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vector", "enable"], "readOnly": false, "type": "boolean"}, "services.vector.gracefulShutdownLimitSecs": {"declarations": ["nixos/modules/services/logging/vector.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Set the duration in seconds to wait for graceful shutdown after SIGINT or SIGTERM are received.\nAfter the duration has passed, Vector will force shutdown.\n", "loc": ["services", "vector", "gracefulShutdownLimitSecs"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.vector.journaldAccess": {"declarations": ["nixos/modules/services/logging/vector.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Vector to access journald.\n", "loc": ["services", "vector", "journaldAccess"], "readOnly": false, "type": "boolean"}, "services.vector.package": {"declarations": ["nixos/modules/services/logging/vector.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vector"}, "description": "The vector package to use.", "loc": ["services", "vector", "package"], "readOnly": false, "type": "package"}, "services.vector.settings": {"declarations": ["nixos/modules/services/logging/vector.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify the configuration for Vector in Nix.\n", "loc": ["services", "vector", "settings"], "readOnly": false, "type": "JSON value"}, "services.vector.validateConfig": {"declarations": ["nixos/modules/services/logging/vector.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the checking of the vector config during build time. This should be disabled when interpolating environment variables.\n", "loc": ["services", "vector", "validateConfig"], "readOnly": false, "type": "boolean"}, "services.veilid.enable": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Veilid Headless Node.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "veilid", "enable"], "readOnly": false, "type": "boolean"}, "services.veilid.openFirewall": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open firewall on ports 5150/tcp, 5150/udp", "loc": ["services", "veilid", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.veilid.settings": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "description": "Build veilid-server.conf with nix expression.\nCheck <link xlink:href=\"https://veilid.gitlab.io/developer-book/admin/config.html#configuration-keys\">Configuration Keys</link>.\n", "loc": ["services", "veilid", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.veilid.settings.client_api.ipc_directory": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/veilid-server/ipc\""}, "description": "IPC directory where file sockets are stored.", "loc": ["services", "veilid", "settings", "client_api", "ipc_directory"], "readOnly": false, "type": "string"}, "services.veilid.settings.client_api.ipc_enabled": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "veilid-server will respond to Python and other JSON client requests.", "loc": ["services", "veilid", "settings", "client_api", "ipc_enabled"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.core.block_store.directory": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/veilid-server/block_store\""}, "description": "The filesystem directory to store blocks for the block store.", "loc": ["services", "veilid", "settings", "core", "block_store", "directory"], "readOnly": false, "type": "null or string"}, "services.veilid.settings.core.capabilities.disable": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of capabilities to disable (for example, DHTV to say you cannot store DHT information).", "example": {"_type": "literalExpression", "text": "[\n  \"APPM\"\n]"}, "loc": ["services", "veilid", "settings", "core", "capabilities", "disable"], "readOnly": false, "type": "list of string"}, "services.veilid.settings.core.network.detect_address_changes": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Should veilid-core detect and notify on network address changes?", "loc": ["services", "veilid", "settings", "core", "network", "detect_address_changes"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.core.network.dht.min_peer_count": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Minimum number of nodes to keep in the peer table.", "loc": ["services", "veilid", "settings", "core", "network", "dht", "min_peer_count"], "readOnly": false, "type": "signed integer or floating point number"}, "services.veilid.settings.core.network.routing_table.bootstrap": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"bootstrap.veilid.net\"\n]"}, "description": "Host name of existing well-known Veilid bootstrap servers for the network to connect to.", "loc": ["services", "veilid", "settings", "core", "network", "routing_table", "bootstrap"], "readOnly": false, "type": "list of string"}, "services.veilid.settings.core.network.routing_table.node_id": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base64-encoded public key for the node, used as the node's ID.", "loc": ["services", "veilid", "settings", "core", "network", "routing_table", "node_id"], "readOnly": false, "type": "null or string"}, "services.veilid.settings.core.network.upnp": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Should the app try to improve its incoming network connectivity using UPnP?", "loc": ["services", "veilid", "settings", "core", "network", "upnp"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.core.protected_store.allow_insecure_fallback": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If we can't use system-provided secure storage, should we proceed anyway?", "loc": ["services", "veilid", "settings", "core", "protected_store", "allow_insecure_fallback"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.core.protected_store.always_use_insecure_storage": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Should we bypass any attempt to use system-provided secure storage?", "loc": ["services", "veilid", "settings", "core", "protected_store", "always_use_insecure_storage"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.core.protected_store.directory": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/veilid-server/protected_store\""}, "description": "The filesystem directory to store your protected store in.", "loc": ["services", "veilid", "settings", "core", "protected_store", "directory"], "readOnly": false, "type": "string"}, "services.veilid.settings.core.table_store.directory": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"/var/db/veilid-server/table_store\""}, "description": "The filesystem directory to store your table store within.", "loc": ["services", "veilid", "settings", "core", "table_store", "directory"], "readOnly": false, "type": "string"}, "services.veilid.settings.logging.api.enabled": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Events of type 'api' will be logged.", "loc": ["services", "veilid", "settings", "logging", "api", "enabled"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.logging.api.level": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The minimum priority of api events to be logged.", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "veilid", "settings", "logging", "api", "level"], "readOnly": false, "type": "string"}, "services.veilid.settings.logging.system.enabled": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Events of type 'system' will be logged.", "loc": ["services", "veilid", "settings", "logging", "system", "enabled"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.logging.system.level": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The minimum priority of system events to be logged.", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "veilid", "settings", "logging", "system", "level"], "readOnly": false, "type": "string"}, "services.veilid.settings.logging.terminal.enabled": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Events of type 'terminal' will be logged.", "loc": ["services", "veilid", "settings", "logging", "terminal", "enabled"], "readOnly": false, "type": "boolean"}, "services.veilid.settings.logging.terminal.level": {"declarations": ["nixos/modules/services/networking/veilid.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "The minimum priority of terminal events to be logged.", "example": {"_type": "literalExpression", "text": "\"debug\""}, "loc": ["services", "veilid", "settings", "logging", "terminal", "level"], "readOnly": false, "type": "string"}, "services.victorialogs.basicAuthPasswordFile": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization\n", "loc": ["services", "victorialogs", "basicAuthPasswordFile"], "readOnly": false, "type": "null or string"}, "services.victorialogs.basicAuthUsername": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth username used to protect VictoriaLogs instance by authorization\n", "loc": ["services", "victorialogs", "basicAuthUsername"], "readOnly": false, "type": "null or string"}, "services.victorialogs.enable": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VictoriaLogs is an open source user-friendly database for logs from VictoriaMetrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "victorialogs", "enable"], "readOnly": false, "type": "boolean"}, "services.victorialogs.extraOptions": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to pass to VictoriaLogs. See {command}`victoria-logs -help` for\npossible options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-loggerLevel=WARN\"\n]\n"}, "loc": ["services", "victorialogs", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.victorialogs.listenAddress": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "\":9428\""}, "description": "TCP address to listen for incoming http requests.\n", "loc": ["services", "victorialogs", "listenAddress"], "readOnly": false, "type": "string"}, "services.victorialogs.package": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.victorialogs"}, "description": "The victorialogs package to use.", "loc": ["services", "victorialogs", "package"], "readOnly": false, "type": "package"}, "services.victorialogs.stateDir": {"declarations": ["nixos/modules/services/databases/victorialogs.nix"], "default": {"_type": "literalExpression", "text": "\"victorialogs\""}, "description": "Directory below `/var/lib` to store VictoriaLogs data.\nThis directory will be created automatically using systemd's StateDirectory mechanism.\n", "loc": ["services", "victorialogs", "stateDir"], "readOnly": false, "type": "string"}, "services.victoriametrics.basicAuthPasswordFile": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization\n", "loc": ["services", "victoriametrics", "basicAuthPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.victoriametrics.basicAuthUsername": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth username used to protect VictoriaMetrics instance by authorization\n", "loc": ["services", "victoriametrics", "basicAuthUsername"], "readOnly": false, "type": "null or string"}, "services.victoriametrics.checkConfig": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check configuration.\n\nIf you use credentials stored in external files (`environmentFile`, etc),\nthey will not be visible  and it will report errors, despite a correct configuration.\n", "loc": ["services", "victoriametrics", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.victoriametrics.enable": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VictoriaMetrics in single-node mode.\n\nVictoriaMetrics is a fast, cost-effective and scalable monitoring solution and time series database.\n", "loc": ["services", "victoriametrics", "enable"], "readOnly": false, "type": "boolean"}, "services.victoriametrics.extraOptions": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to pass to VictoriaMetrics. See the docs:\n<https://docs.victoriametrics.com/single-server-victoriametrics/#list-of-command-line-flags>\nor {command}`victoriametrics -help` for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-loggerLevel=WARN\"\n]\n"}, "loc": ["services", "victoriametrics", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.victoriametrics.listenAddress": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "\":8428\""}, "description": "TCP address to listen for incoming http requests.\n", "loc": ["services", "victoriametrics", "listenAddress"], "readOnly": false, "type": "string"}, "services.victoriametrics.package": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "pkgs.victoriametrics"}, "description": "The victoriametrics package to use.", "loc": ["services", "victoriametrics", "package"], "readOnly": false, "type": "package"}, "services.victoriametrics.prometheusConfig": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config for prometheus style metrics.\nSee the docs: <https://docs.victoriametrics.com/vmagent/#how-to-collect-metrics-in-prometheus-format>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  scrape_configs = [\n    {\n      job_name = \"postgres-exporter\";\n      metrics_path = \"/metrics\";\n      static_configs = [\n        {\n          targets = [\"1.2.3.4:9187\"];\n          labels.type = \"database\";\n        }\n      ];\n    }\n    {\n      job_name = \"node-exporter\";\n      metrics_path = \"/metrics\";\n      static_configs = [\n        {\n          targets = [\"1.2.3.4:9100\"];\n          labels.type = \"node\";\n        }\n        {\n          targets = [\"5.6.7.8:9100\"];\n          labels.type = \"node\";\n        }\n      ];\n    }\n  ];\n}\n"}, "loc": ["services", "victoriametrics", "prometheusConfig"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.victoriametrics.retentionPeriod": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How long to retain samples in storage.\nThe minimum retentionPeriod is 24h or 1d. See also -retentionFilter\nThe following optional suffixes are supported: s (second), h (hour), d (day), w (week), y (year).\nIf suffix isn't set, then the duration is counted in months (default 1)\n", "example": {"_type": "literalExpression", "text": "\"15d\""}, "loc": ["services", "victoriametrics", "retentionPeriod"], "readOnly": false, "type": "null or string"}, "services.victoriametrics.stateDir": {"declarations": ["nixos/modules/services/databases/victoriametrics.nix"], "default": {"_type": "literalExpression", "text": "\"victoriametrics\""}, "description": "Directory below `/var/lib` to store VictoriaMetrics metrics data.\nThis directory will be created automatically using systemd's StateDirectory mechanism.\n", "loc": ["services", "victoriametrics", "stateDir"], "readOnly": false, "type": "string"}, "services.victoriatraces.basicAuthPasswordFile": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization\n", "loc": ["services", "victoriatraces", "basicAuthPasswordFile"], "readOnly": false, "type": "null or string"}, "services.victoriatraces.basicAuthUsername": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth username used to protect VictoriaTraces instance by authorization\n", "loc": ["services", "victoriatraces", "basicAuthUsername"], "readOnly": false, "type": "null or string"}, "services.victoriatraces.enable": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VictoriaTraces is an open source distributed traces storage and query engine from VictoriaMetrics.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "victoriatraces", "enable"], "readOnly": false, "type": "boolean"}, "services.victoriatraces.extraOptions": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to pass to VictoriaTraces. See {command}`victoria-traces -help` for\npossible options.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-loggerLevel=WARN\"\n  \"-retention.maxDiskSpaceUsageBytes=1073741824\"\n]\n"}, "loc": ["services", "victoriatraces", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.victoriatraces.listenAddress": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "\":10428\""}, "description": "TCP address to listen for incoming http requests.\n", "loc": ["services", "victoriatraces", "listenAddress"], "readOnly": false, "type": "string"}, "services.victoriatraces.package": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "pkgs.victoriatraces"}, "description": "The victoriatraces package to use.", "loc": ["services", "victoriatraces", "package"], "readOnly": false, "type": "package"}, "services.victoriatraces.retentionPeriod": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "\"7d\""}, "description": "Retention period for trace data. Data older than retentionPeriod is automatically deleted.\n", "example": {"_type": "literalExpression", "text": "\"30d\""}, "loc": ["services", "victoriatraces", "retentionPeriod"], "readOnly": false, "type": "string"}, "services.victoriatraces.stateDir": {"declarations": ["nixos/modules/services/databases/victoriatraces.nix"], "default": {"_type": "literalExpression", "text": "\"victoriatraces\""}, "description": "Directory below `/var/lib` to store VictoriaTraces data.\nThis directory will be created automatically using systemd's StateDirectory mechanism.\n", "loc": ["services", "victoriatraces", "stateDir"], "readOnly": false, "type": "string"}, "services.vikunja.address": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The IP address to bind to.", "loc": ["services", "vikunja", "address"], "readOnly": false, "type": "string"}, "services.vikunja.database.database": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "\"vikunja\""}, "description": "Database name.", "loc": ["services", "vikunja", "database", "database"], "readOnly": false, "type": "string"}, "services.vikunja.database.host": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address. Can also be a socket.", "loc": ["services", "vikunja", "database", "host"], "readOnly": false, "type": "string"}, "services.vikunja.database.path": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/vikunja/vikunja.db\""}, "description": "Path to the sqlite3 database file.", "loc": ["services", "vikunja", "database", "path"], "readOnly": false, "type": "string"}, "services.vikunja.database.type": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"postgres\""}, "loc": ["services", "vikunja", "database", "type"], "readOnly": false, "type": "one of \"sqlite\", \"mysql\", \"postgres\""}, "services.vikunja.database.user": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "\"vikunja\""}, "description": "Database user.", "loc": ["services", "vikunja", "database", "user"], "readOnly": false, "type": "string"}, "services.vikunja.enable": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vikunja service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vikunja", "enable"], "readOnly": false, "type": "boolean"}, "services.vikunja.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of environment files set in the vikunja systemd service.\nFor example passwords should be set in one of these files.\n", "loc": ["services", "vikunja", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.vikunja.frontendHostname": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "description": "The Hostname under which the frontend is running.", "loc": ["services", "vikunja", "frontendHostname"], "readOnly": false, "type": "string"}, "services.vikunja.frontendScheme": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "description": "Whether the site is available via http or https.\n", "loc": ["services", "vikunja", "frontendScheme"], "readOnly": false, "type": "one of \"http\", \"https\""}, "services.vikunja.package": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vikunja"}, "description": "The vikunja package to use.", "loc": ["services", "vikunja", "package"], "readOnly": false, "type": "package"}, "services.vikunja.port": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "3456"}, "description": "The TCP port exposed by the API.", "loc": ["services", "vikunja", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vikunja.settings": {"declarations": ["nixos/modules/services/web-apps/vikunja.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Vikunja configuration. Refer to\n<https://vikunja.io/docs/config-options/>\nfor details on supported values.\n", "loc": ["services", "vikunja", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.vlagent.enable": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VictoriaMetrics's `vlagent`.\n\n`vlagent` is a tiny agent which helps you collect logs from various sources and store them in VictoriaLogs .\n", "loc": ["services", "vlagent", "enable"], "readOnly": false, "type": "boolean"}, "services.vlagent.extraArgs": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra args to pass to `vlagent`. See the docs:\n<https://docs.victoriametrics.com/vlagent.html#advanced-usage>\nor {command}`vlagent -help` for more information.\n", "loc": ["services", "vlagent", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.vlagent.openFirewall": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the default ports.\n", "loc": ["services", "vlagent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.vlagent.package": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vlagent"}, "description": "The vlagent package to use.", "loc": ["services", "vlagent", "package"], "readOnly": false, "type": "package"}, "services.vlagent.remoteWrite.basicAuthPasswordFile": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the Basic Auth password used to connect to remote_write endpoint\n", "loc": ["services", "vlagent", "remoteWrite", "basicAuthPasswordFile"], "readOnly": false, "type": "null or string"}, "services.vlagent.remoteWrite.basicAuthUsername": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth username used to connect to remote_write endpoint\n", "loc": ["services", "vlagent", "remoteWrite", "basicAuthUsername"], "readOnly": false, "type": "null or string"}, "services.vlagent.remoteWrite.maxDiskUsagePerUrl": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The maximum file-based buffer size in bytes. Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB.\nSee docs for more infomations: <https://docs.victoriametrics.com/vlagent.html#advanced-usage>\n", "loc": ["services", "vlagent", "remoteWrite", "maxDiskUsagePerUrl"], "readOnly": false, "type": "null or string"}, "services.vlagent.remoteWrite.url": {"declarations": ["nixos/modules/services/monitoring/vlagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint for the victorialogs instance\n", "loc": ["services", "vlagent", "remoteWrite", "url"], "readOnly": false, "type": "null or string"}, "services.vmagent.checkConfig": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Check configuration.\n\nIf you use credentials stored in external files (`environmentFile`, etc),\nthey will not be visible  and it will report errors, despite a correct configuration.\n", "loc": ["services", "vmagent", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.vmagent.enable": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VictoriaMetrics's `vmagent`.\n\n`vmagent` efficiently scrape metrics from Prometheus-compatible exporters\n", "loc": ["services", "vmagent", "enable"], "readOnly": false, "type": "boolean"}, "services.vmagent.extraArgs": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra args to pass to `vmagent`. See the docs:\n<https://docs.victoriametrics.com/vmagent.html#advanced-usage>\nor {command}`vmagent -help` for more information.\n", "loc": ["services", "vmagent", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.vmagent.openFirewall": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the default ports.\n", "loc": ["services", "vmagent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.vmagent.package": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vmagent"}, "description": "The vmagent package to use.", "loc": ["services", "vmagent", "package"], "readOnly": false, "type": "package"}, "services.vmagent.prometheusConfig": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "description": "Config for prometheus style metrics\n", "loc": ["services", "vmagent", "prometheusConfig"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.vmagent.remoteWrite.basicAuthPasswordFile": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the Basic Auth password used to connect to remote_write endpoint\n", "loc": ["services", "vmagent", "remoteWrite", "basicAuthPasswordFile"], "readOnly": false, "type": "null or string"}, "services.vmagent.remoteWrite.basicAuthUsername": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth username used to connect to remote_write endpoint\n", "loc": ["services", "vmagent", "remoteWrite", "basicAuthUsername"], "readOnly": false, "type": "null or string"}, "services.vmagent.remoteWrite.url": {"declarations": ["nixos/modules/services/monitoring/vmagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Endpoint for prometheus compatible remote_write\n", "loc": ["services", "vmagent", "remoteWrite", "url"], "readOnly": false, "type": "null or string"}, "services.vmalert.instances": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Define multiple instances of vmalert.\n", "loc": ["services", "vmalert", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.vmalert.instances.<name>.enable": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Wether to enable VictoriaMetrics's `vmalert`.\n\n`vmalert` evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.\n", "loc": ["services", "vmalert", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.vmalert.instances.<name>.rules": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A list of the given alerting or recording rules against configured `\"datasource.url\"` compatible with\nPrometheus HTTP API for `vmalert` to execute. Refer to\n<https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmalert/README.md#rules>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  group = [\n    {\n      name = \"TestGroup\";\n      rules = [\n        {\n          alert = \"ExampleAlertAlwaysFiring\";\n          expr = ''\n            sum by(job)\n            (up == 1)\n          '';\n        }\n      ];\n    }\n  ];\n}"}, "loc": ["services", "vmalert", "instances", "<name>", "rules"], "readOnly": false, "type": "YAML 1.1 value"}, "services.vmalert.instances.<name>.settings": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "`vmalert` configuration, passed via command line flags. Refer to\n<https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmalert/README.md#configuration>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  \"datasource.disableKeepAlive\" = true;\n  \"datasource.showURL\" = false;\n  \"datasource.url\" = \"http://localhost:8428\";\n  rule = [\n    \"http://<some-server-addr>/path/to/rules\"\n    \"dir/*.yaml\"\n  ];\n}"}, "loc": ["services", "vmalert", "instances", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or absolute path or string or list of (boolean or signed integer or absolute path or string))"}, "services.vmalert.instances.<name>.settings.\"datasource.url\"": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "description": "Datasource compatible with Prometheus HTTP API.\n", "example": {"_type": "literalExpression", "text": "\"http://localhost:8428\""}, "loc": ["services", "vmalert", "instances", "<name>", "settings", "datasource.url"], "readOnly": false, "type": "non-empty string"}, "services.vmalert.instances.<name>.settings.\"notifier.url\"": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Prometheus Alertmanager URL. List all Alertmanager URLs if it runs in the cluster mode to ensure high availability.\n", "example": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:9093\"\n]"}, "loc": ["services", "vmalert", "instances", "<name>", "settings", "notifier.url"], "readOnly": false, "type": "list of non-empty string"}, "services.vmalert.instances.<name>.settings.rule": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "description": "Path to the files with alerting and/or recording rules.\n\n::: {.note}\nConsider using the {option}`services.vmalert.instances.<name>.rules` option as a convenient alternative for declaring rules\ndirectly in the `nix` language.\n:::\n", "loc": ["services", "vmalert", "instances", "<name>", "settings", "rule"], "readOnly": false, "type": "list of absolute path"}, "services.vmalert.package": {"declarations": ["nixos/modules/services/monitoring/vmalert.nix"], "default": {"_type": "literalExpression", "text": "pkgs.victoriametrics"}, "description": "The victoriametrics package to use.", "loc": ["services", "vmalert", "package"], "readOnly": false, "type": "package"}, "services.vnstat.enable": {"declarations": ["nixos/modules/services/monitoring/vnstat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable update of network usage statistics via vnstatd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vnstat", "enable"], "readOnly": false, "type": "boolean"}, "services.vnstat.package": {"declarations": ["nixos/modules/services/monitoring/vnstat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vnstat"}, "description": "The vnstat package to use.", "loc": ["services", "vnstat", "package"], "readOnly": false, "type": "package"}, "services.vsftpd.allowWriteableChroot": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow the use of writeable root inside chroot().\n", "loc": ["services", "vsftpd", "allowWriteableChroot"], "readOnly": false, "type": "boolean"}, "services.vsftpd.anonymousMkdirEnable": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether any uploads are permitted to anonymous users.\n", "loc": ["services", "vsftpd", "anonymousMkdirEnable"], "readOnly": false, "type": "boolean"}, "services.vsftpd.anonymousUmask": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "\"077\""}, "description": "Anonymous write umask.", "example": {"_type": "literalExpression", "text": "\"002\""}, "loc": ["services", "vsftpd", "anonymousUmask"], "readOnly": false, "type": "string"}, "services.vsftpd.anonymousUploadEnable": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether any uploads are permitted to anonymous users.\n", "loc": ["services", "vsftpd", "anonymousUploadEnable"], "readOnly": false, "type": "boolean"}, "services.vsftpd.anonymousUser": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the anonymous FTP user.\n", "loc": ["services", "vsftpd", "anonymousUser"], "readOnly": false, "type": "boolean"}, "services.vsftpd.anonymousUserHome": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "\"/home/ftp/\""}, "description": "Directory to consider the HOME of the anonymous user.\n", "loc": ["services", "vsftpd", "anonymousUserHome"], "readOnly": false, "type": "absolute path"}, "services.vsftpd.anonymousUserNoPassword": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to disable the password for the anonymous FTP user.\n", "loc": ["services", "vsftpd", "anonymousUserNoPassword"], "readOnly": false, "type": "boolean"}, "services.vsftpd.chrootlocalUser": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether local users are confined to their home directory.\n", "loc": ["services", "vsftpd", "chrootlocalUser"], "readOnly": false, "type": "boolean"}, "services.vsftpd.enable": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vsftpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vsftpd", "enable"], "readOnly": false, "type": "boolean"}, "services.vsftpd.enableVirtualUsers": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the `pam_userdb`-based\nvirtual user system\n", "loc": ["services", "vsftpd", "enableVirtualUsers"], "readOnly": false, "type": "boolean"}, "services.vsftpd.extraConfig": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to add at the bottom of the generated configuration file.", "example": {"_type": "literalExpression", "text": "\"ftpd_banner=Hello\""}, "loc": ["services", "vsftpd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.vsftpd.forceLocalDataSSL": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only applies if {option}`sslEnable` is true. Non anonymous (local) users\nmust use a secure SSL connection for sending/receiving data on data connection.\n", "loc": ["services", "vsftpd", "forceLocalDataSSL"], "readOnly": false, "type": "boolean"}, "services.vsftpd.forceLocalLoginsSSL": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only applies if {option}`sslEnable` is true. Non anonymous (local) users\nmust use a secure SSL connection to send a password.\n", "loc": ["services", "vsftpd", "forceLocalLoginsSSL"], "readOnly": false, "type": "boolean"}, "services.vsftpd.localRoot": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option represents a directory which vsftpd will try to\nchange into after a local (i.e. non- anonymous) login.\n\nFailure is silently ignored.\n", "example": {"_type": "literalExpression", "text": "\"/var/www/$USER\""}, "loc": ["services", "vsftpd", "localRoot"], "readOnly": false, "type": "null or string"}, "services.vsftpd.localUsers": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FTP for local users.\n", "loc": ["services", "vsftpd", "localUsers"], "readOnly": false, "type": "boolean"}, "services.vsftpd.portPromiscuous": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Set to YES if you want to disable the PORT security check that ensures that\noutgoing data connections can only connect to the client. Only enable if you\nknow what you are doing!\n", "loc": ["services", "vsftpd", "portPromiscuous"], "readOnly": false, "type": "boolean"}, "services.vsftpd.rsaCertFile": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "RSA certificate file.", "loc": ["services", "vsftpd", "rsaCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.vsftpd.rsaKeyFile": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "RSA private key file.", "loc": ["services", "vsftpd", "rsaKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.vsftpd.ssl_sslv2": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only applies if {option}`ssl_enable` is activated. If\nenabled, this option will permit SSL v2 protocol connections.\nTLS v1 connections are preferred.\n", "loc": ["services", "vsftpd", "ssl_sslv2"], "readOnly": false, "type": "boolean"}, "services.vsftpd.ssl_sslv3": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only applies if {option}`ssl_enable` is activated. If\nenabled, this option will permit SSL v3 protocol connections.\nTLS v1 connections are preferred.\n", "loc": ["services", "vsftpd", "ssl_sslv3"], "readOnly": false, "type": "boolean"}, "services.vsftpd.ssl_tlsv1": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Only applies if {option}`ssl_enable` is activated. If\nenabled, this option will permit TLS v1 protocol connections.\nTLS v1 connections are preferred.\n", "loc": ["services", "vsftpd", "ssl_tlsv1"], "readOnly": false, "type": "boolean"}, "services.vsftpd.userDbPath": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Only applies if {option}`enableVirtualUsers` is true.\nPath pointing to the `pam_userdb` user\ndatabase used by vsftpd to authenticate the virtual users.\n\nThis user list should be stored in the Berkeley DB database\nformat.\n\nTo generate a new user database, create a text file, add\nyour users using the following format:\n```\nuser1\npassword1\nuser2\npassword2\n```\n\nYou can then install `pkgs.db` to generate\nthe Berkeley DB using\n```\ndb_load -T -t hash -f logins.txt userDb.db\n```\n\nCaution: `pam_userdb` will automatically\nappend a `.db` suffix to the filename you\nprovide though this option. This option shouldn't include\nthis filetype suffix.\n", "example": {"_type": "literalExpression", "text": "\"/etc/vsftpd/userDb\""}, "loc": ["services", "vsftpd", "userDbPath"], "readOnly": false, "type": "null or string"}, "services.vsftpd.userlist": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "See {option}`userlistFile`.", "loc": ["services", "vsftpd", "userlist"], "readOnly": false, "type": "list of string"}, "services.vsftpd.userlistDeny": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Specifies whether {option}`userlistFile` is a list of user\nnames to allow or deny access.\nThe default `false` means whitelist/allow.\n", "loc": ["services", "vsftpd", "userlistDeny"], "readOnly": false, "type": "boolean"}, "services.vsftpd.userlistEnable": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether users are included.\n", "loc": ["services", "vsftpd", "userlistEnable"], "readOnly": false, "type": "boolean"}, "services.vsftpd.userlistFile": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.writeText \"userlist\" (concatMapStrings (x: \"${x}\\n\") cfg.userlist)"}, "description": "Newline separated list of names to be allowed/denied if {option}`userlistEnable`\nis `true`. Meaning see {option}`userlistDeny`.\n\nThe default is a file containing the users from {option}`userlist`.\n\nIf explicitly set to null userlist_file will not be set in vsftpd's config file.\n", "loc": ["services", "vsftpd", "userlistFile"], "readOnly": false, "type": "absolute path"}, "services.vsftpd.virtualUseLocalPrivs": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, virtual users will use the same privileges as local\nusers. By default, virtual users will use the same privileges as\nanonymous users, which tends to be more restrictive (especially\nin terms of write access).\n", "loc": ["services", "vsftpd", "virtualUseLocalPrivs"], "readOnly": false, "type": "boolean"}, "services.vsftpd.writeEnable": {"declarations": ["nixos/modules/services/networking/vsftpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether any write activity is permitted to users.\n", "loc": ["services", "vsftpd", "writeEnable"], "readOnly": false, "type": "boolean"}, "services.vsmartcard-vpcd.enable": {"declarations": ["nixos/modules/services/development/vsmartcard-vpcd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Virtual smart card driver..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vsmartcard-vpcd", "enable"], "readOnly": false, "type": "boolean"}, "services.vsmartcard-vpcd.hostname": {"declarations": ["nixos/modules/services/development/vsmartcard-vpcd.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Hostname of a waiting vpicc server vpcd will be connecting to. Use /dev/null for listening mode.\n", "loc": ["services", "vsmartcard-vpcd", "hostname"], "readOnly": false, "type": "string"}, "services.vsmartcard-vpcd.port": {"declarations": ["nixos/modules/services/development/vsmartcard-vpcd.nix"], "default": {"_type": "literalExpression", "text": "35963"}, "description": "Port number vpcd will be listening on.\n", "loc": ["services", "vsmartcard-vpcd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vwifi.client.enable": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vwifi client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vwifi", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.vwifi.client.extraArgs": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to vwifi-client. You can use this if you want to bring\nthe radios up using vwifi-client instead of at boot.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--number\"\n  \"3\"\n]"}, "loc": ["services", "vwifi", "client", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.vwifi.client.serverAddress": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The address of the server. If set to null, will try to use the vsock protocol.\nNote that this assumes that the server is spawned on the host and passed through to\nQEMU, with something like:\n\n-device vhost-vsock-pci,id=vwifi0,guest-cid=42\n", "loc": ["services", "vwifi", "client", "serverAddress"], "readOnly": false, "type": "null or string"}, "services.vwifi.client.serverPort": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The server port port. Set to null if we should leave it unset.\n", "loc": ["services", "vwifi", "client", "serverPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vwifi.client.spy": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable spy mode, useful for wireless monitors.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vwifi", "client", "spy"], "readOnly": false, "type": "boolean"}, "services.vwifi.module.enable": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mac80211_hwsim module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vwifi", "module", "enable"], "readOnly": false, "type": "boolean"}, "services.vwifi.module.macPrefix": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "\"74:F8:F6\""}, "description": "The prefix for MAC addresses to use, without the trailing ':'.\nIf one radio is created, you can specify the whole MAC address here.\nThe default is defined in vwifi/src/config.h.\n", "loc": ["services", "vwifi", "module", "macPrefix"], "readOnly": false, "type": "string matching the pattern ^(([0-9A-Fa-f]{2}:){0,5}[0-9A-Fa-f]{2})$"}, "services.vwifi.module.numRadios": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The number of virtual radio interfaces to create.", "loc": ["services", "vwifi", "module", "numRadios"], "readOnly": false, "type": "signed integer"}, "services.vwifi.package": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vwifi"}, "description": "The vwifi package to use.", "loc": ["services", "vwifi", "package"], "readOnly": false, "type": "package"}, "services.vwifi.server.enable": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vwifi server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vwifi", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.vwifi.server.extraArgs": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to vwifi-server. You can use this for things including\nchanging the ports or inducing packet loss.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--lost-packets\"\n]"}, "loc": ["services", "vwifi", "server", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.vwifi.server.openFirewall": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable opening the firewall for the TCP and spy ports.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vwifi", "server", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.vwifi.server.ports.control": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The control interface port. Set to null if we should leave it unset.\n", "loc": ["services", "vwifi", "server", "ports", "control"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vwifi.server.ports.spy": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The spy interface port. Set to null if we should leave it unset.\n", "loc": ["services", "vwifi", "server", "ports", "spy"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vwifi.server.ports.tcp": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The TCP server port. Set to null if we should leave it unset.\n", "loc": ["services", "vwifi", "server", "ports", "tcp"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vwifi.server.ports.vhost": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The vhost port. Set to null if we should leave it unset.\n", "loc": ["services", "vwifi", "server", "ports", "vhost"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.vwifi.server.vsock.enable": {"declarations": ["nixos/modules/services/networking/vwifi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vsock kernel module.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vwifi", "server", "vsock", "enable"], "readOnly": false, "type": "boolean"}, "services.waagent.enable": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Windows Azure Linux Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "waagent", "enable"], "readOnly": false, "type": "boolean"}, "services.waagent.extraPackages": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages to add to the waagent {env}`PATH`.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.powershell ]"}, "loc": ["services", "waagent", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.waagent.package": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.waagent"}, "description": "The waagent package to use.", "loc": ["services", "waagent", "package"], "readOnly": false, "type": "package"}, "services.waagent.settings": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The waagent.conf configuration, see <https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux> for documentation.\n", "loc": ["services", "waagent", "settings"], "readOnly": false, "type": "open submodule of attribute set of (atom (bool, string, int or float) or null or a list of them or an attribute set of them)"}, "services.waagent.settings.AutoUpdate.UpdateToLatestVersion": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable auto-update of the Extension Handler.\n", "loc": ["services", "waagent", "settings", "AutoUpdate", "UpdateToLatestVersion"], "readOnly": false, "type": "boolean"}, "services.waagent.settings.HttpProxy.Host": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If you set http proxy, waagent will use is proxy to access the Internet.\n", "loc": ["services", "waagent", "settings", "HttpProxy", "Host"], "readOnly": false, "type": "null or string"}, "services.waagent.settings.HttpProxy.Port": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If you set http proxy, waagent will use this proxy to access the Internet.\n", "loc": ["services", "waagent", "settings", "HttpProxy", "Port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.waagent.settings.Logs.Verbose": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If you set this option, log verbosity is boosted.\nWaagent logs to `/var/log/waagent.log` and uses the system logrotate functionality to rotate logs.\n", "loc": ["services", "waagent", "settings", "Logs", "Verbose"], "readOnly": false, "type": "boolean"}, "services.waagent.settings.OS.EnableRDMA": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, the agent attempts to install and then load an RDMA kernel driver\nthat matches the version of the firmware on the underlying hardware.\n", "loc": ["services", "waagent", "settings", "OS", "EnableRDMA"], "readOnly": false, "type": "boolean"}, "services.waagent.settings.OS.RootDeviceScsiTimeout": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Configures the SCSI timeout in seconds on the OS disk and data drives.\nIf set to `null`, the system defaults are used.\n", "loc": ["services", "waagent", "settings", "OS", "RootDeviceScsiTimeout"], "readOnly": false, "type": "null or signed integer"}, "services.waagent.settings.Provisioning.Agent": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Which provisioning agent to use.\n", "loc": ["services", "waagent", "settings", "Provisioning", "Agent"], "readOnly": false, "type": "one of \"auto\", \"waagent\", \"cloud-init\", \"disabled\""}, "services.waagent.settings.Provisioning.Enable": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "!config.services.cloud-init.enable"}, "description": "Whether to enable provisioning functionality in the agent.\n\nIf provisioning is disabled, SSH host and user keys in the image are preserved\nand configuration in the Azure provisioning API is ignored.\n\nSet to `false` if cloud-init is used for provisioning tasks.\n", "loc": ["services", "waagent", "settings", "Provisioning", "Enable"], "readOnly": false, "type": "boolean"}, "services.waagent.settings.ResourceDisk.EnableSwap": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, the agent creates a swap file (`/swapfile`) on the resource disk\nand adds it to the system swap space.\n\nThis configuration has no effect if resource disk is managed by cloud-init.\n", "loc": ["services", "waagent", "settings", "ResourceDisk", "EnableSwap"], "readOnly": false, "type": "boolean"}, "services.waagent.settings.ResourceDisk.FileSystem": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "\"ext4\""}, "description": "The file system type for the resource disk.\nIf the string is `X`, then `mkfs.X` should be present in the environment.\nYou can add additional filesystem packages using `services.waagent.extraPackages`.\n\nThis configuration has no effect if resource disk is managed by cloud-init.\n", "loc": ["services", "waagent", "settings", "ResourceDisk", "FileSystem"], "readOnly": false, "type": "string"}, "services.waagent.settings.ResourceDisk.Format": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set to `true`, waagent formats and mounts the resource disk that the platform provides,\nunless the file system type in `ResourceDisk.FileSystem` is set to `ntfs`.\nThe agent makes a single Linux partition (ID 83) available on the disk.\nThis partition isn't formatted if it can be successfully mounted.\n\nThis configuration has no effect if resource disk is managed by cloud-init.\n", "loc": ["services", "waagent", "settings", "ResourceDisk", "Format"], "readOnly": false, "type": "boolean"}, "services.waagent.settings.ResourceDisk.MountOptions": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option specifies disk mount options to be passed to the `mount -o` command.\nFor more information, see the {manpage}`mount(8)` manual page.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nodev\"\n  \"nosuid\"\n]"}, "loc": ["services", "waagent", "settings", "ResourceDisk", "MountOptions"], "readOnly": false, "type": "list of string"}, "services.waagent.settings.ResourceDisk.MountPoint": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "\"/mnt/resource\""}, "description": "This option specifies the path at which the resource disk is mounted.\nThe resource disk is a temporary disk and might be emptied when the VM is deprovisioned.\n\nThis configuration has no effect if resource disk is managed by cloud-init.\n", "loc": ["services", "waagent", "settings", "ResourceDisk", "MountPoint"], "readOnly": false, "type": "string"}, "services.waagent.settings.ResourceDisk.SwapSizeMB": {"declarations": ["nixos/modules/virtualisation/waagent.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Specifies the size of the swap file in MiB (1024\u00d71024 bytes).\n\nThis configuration has no effect if resource disk is managed by cloud-init.\n", "loc": ["services", "waagent", "settings", "ResourceDisk", "SwapSizeMB"], "readOnly": false, "type": "signed integer"}, "services.wakapi.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic database configuration.\n\n::: {.note}\nOnly PostgreSQL is supported for the time being.\n:::\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wakapi", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.wakapi.database.dialect": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "''\n  Database dialect from settings if {option}`services.wakatime.settings.db.dialect`\n  is set, or `null` otherwise.\n''"}, "description": "The database type to use for Wakapi.\n", "loc": ["services", "wakapi", "database", "dialect"], "readOnly": false, "type": "null or one of \"postgres\", \"sqlite3\", \"mysql\", \"cockroach\", \"mssql\""}, "services.wakapi.database.name": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "''\n  Database name from settings if {option}`services.wakatime.settings.db.name`\n  is set, or \"wakapi\" otherwise.\n''"}, "description": "The name of the database to use for Wakapi.\n", "loc": ["services", "wakapi", "database", "name"], "readOnly": false, "type": "string"}, "services.wakapi.database.user": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "''\n  User from settings if {option}`services.wakatime.settings.db.user`\n  is set, or \"wakapi\" otherwise.\n''"}, "description": "The name of the user to use for Wakapi.\n", "loc": ["services", "wakapi", "database", "user"], "readOnly": false, "type": "string"}, "services.wakapi.enable": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wakapi.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wakapi", "enable"], "readOnly": false, "type": "boolean"}, "services.wakapi.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Use this to set `WAKAPI_PASSWORD_SALT` and `WAKAPI_MAIL_SMTP_PASS`.\n", "loc": ["services", "wakapi", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.wakapi.package": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wakapi"}, "description": "The wakapi package to use.", "loc": ["services", "wakapi", "package"], "readOnly": false, "type": "package"}, "services.wakapi.settings": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for Wakapi.\n\nSee [config.default.yml](https://github.com/muety/wakapi/blob/master/config.default.yml) for a list of all possible options.\n", "loc": ["services", "wakapi", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.wakapi.stateDir": {"declarations": ["nixos/modules/services/web-apps/wakapi.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/wakapi\""}, "description": "The state directory where data is stored. Will also be used as the\nworking directory for the wakapi service.\n", "loc": ["services", "wakapi", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.warpgate.databaseUrlFile": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing database connection string with credentials.\nShould be a one line file with: `database_url: <protocol>://<username>:<password>@<host>/<database>`.\nSee [SeaORM documentation](https://www.sea-ql.org/SeaORM/docs/install-and-config/connection/).\n", "loc": ["services", "warpgate", "databaseUrlFile"], "readOnly": false, "type": "null or string"}, "services.warpgate.enable": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Warpgate.\nThis module will initialize Warpgate base on your config automatically. Please run `warpgate recover-access` to gain access.\n", "loc": ["services", "warpgate", "enable"], "readOnly": false, "type": "boolean"}, "services.warpgate.package": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.warpgate"}, "description": "The warpgate package to use.", "loc": ["services", "warpgate", "package"], "readOnly": false, "type": "package"}, "services.warpgate.settings": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Warpgate configuration.", "example": {"_type": "literalExpression", "text": "{\n  http = {\n    listen = \"[::]:8011\";\n  };\n  ssh = {\n    enable = true;\n    listen = \"[::]:2211\";\n  };\n}"}, "loc": ["services", "warpgate", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.warpgate.settings.config_provider": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"database\""}, "description": "Source of truth of users.\nDO NOT change this, Warpgate only implemented database provider.\n", "loc": ["services", "warpgate", "settings", "config_provider"], "readOnly": false, "type": "one of \"file\", \"database\""}, "services.warpgate.settings.database_url": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:/var/lib/warpgate/db\""}, "description": "Database connection string.\nSee [SeaORM documentation](https://www.sea-ql.org/SeaORM/docs/install-and-config/connection/).\n", "loc": ["services", "warpgate", "settings", "database_url"], "readOnly": false, "type": "null or string"}, "services.warpgate.settings.external_host": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configure the domain name of this Warpgate instance.\nSee [HTTP domain binding](https://warpgate.null.page/http-domain-binding/).\n", "loc": ["services", "warpgate", "settings", "external_host"], "readOnly": false, "type": "null or string"}, "services.warpgate.settings.http.certificate": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/tls.certificate.pem\""}, "description": "Path to HTTPS listener certificate.", "loc": ["services", "warpgate", "settings", "http", "certificate"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.cookie_max_age": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"1day\""}, "description": "How long until logged in cookie expires.", "loc": ["services", "warpgate", "settings", "http", "cookie_max_age"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.external_port": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The HTTP listener is reachable via this port externally.", "loc": ["services", "warpgate", "settings", "http", "external_port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.warpgate.settings.http.key": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/tls.key.pem\""}, "description": "Path to HTTPS listener private key.", "loc": ["services", "warpgate", "settings", "http", "key"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.listen": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:8888\""}, "description": "Listen endpoint of HTTP listener.", "loc": ["services", "warpgate", "settings", "http", "listen"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.session_max_age": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"30m\""}, "description": "How long until a logged in session expires.", "loc": ["services", "warpgate", "settings", "http", "session_max_age"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.sni_certificates": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Certificates for additional domains.", "example": {"_type": "literalExpression", "text": "[\n  {\n    certificate = \"/var/lib/warpgate/example.tld.pem\";\n    key = \"/var/lib/warpgate/example.tld.key.pem\";\n  }\n  {\n    ...\n  }\n]\n"}, "loc": ["services", "warpgate", "settings", "http", "sni_certificates"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.warpgate.settings.http.sni_certificates.*.certificate": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to certificate.", "loc": ["services", "warpgate", "settings", "http", "sni_certificates", "*", "certificate"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.sni_certificates.*.key": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to private key.", "loc": ["services", "warpgate", "settings", "http", "sni_certificates", "*", "key"], "readOnly": false, "type": "string"}, "services.warpgate.settings.http.trust_x_forwarded_headers": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Trust X-Forwarded-* headers. Required when being reverse proxied.\nSee [Running behind a reverse proxy](https://warpgate.null.page/reverse-proxy/).\n", "loc": ["services", "warpgate", "settings", "http", "trust_x_forwarded_headers"], "readOnly": false, "type": "boolean"}, "services.warpgate.settings.log.retention": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"7days\""}, "description": "How long Warpgate keep its logs.", "loc": ["services", "warpgate", "settings", "log", "retention"], "readOnly": false, "type": "string"}, "services.warpgate.settings.log.send_to": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of UNIX socket of log forwarder.\nSee [Log forwarding](https://warpgate.null.page/log-forwarding/);\n", "loc": ["services", "warpgate", "settings", "log", "send_to"], "readOnly": false, "type": "null or string"}, "services.warpgate.settings.mysql.certificate": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/tls.certificate.pem\""}, "description": "Path to MySQL listener certificate.", "loc": ["services", "warpgate", "settings", "mysql", "certificate"], "readOnly": false, "type": "string"}, "services.warpgate.settings.mysql.enable": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MySQL listener.", "loc": ["services", "warpgate", "settings", "mysql", "enable"], "readOnly": false, "type": "boolean"}, "services.warpgate.settings.mysql.external_port": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The MySQL listener is reachable via this port externally.", "loc": ["services", "warpgate", "settings", "mysql", "external_port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.warpgate.settings.mysql.key": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/tls.key.pem\""}, "description": "Path to MySQL listener private key.", "loc": ["services", "warpgate", "settings", "mysql", "key"], "readOnly": false, "type": "string"}, "services.warpgate.settings.mysql.listen": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:33306\""}, "description": "Listen endpoint of MySQL listener.", "loc": ["services", "warpgate", "settings", "mysql", "listen"], "readOnly": false, "type": "string"}, "services.warpgate.settings.postgres.certificate": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/tls.certificate.pem\""}, "description": "Path to PostgreSQL listener certificate.", "loc": ["services", "warpgate", "settings", "postgres", "certificate"], "readOnly": false, "type": "string"}, "services.warpgate.settings.postgres.enable": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable PostgreSQL listener.", "loc": ["services", "warpgate", "settings", "postgres", "enable"], "readOnly": false, "type": "boolean"}, "services.warpgate.settings.postgres.external_port": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The PostgreSQL listener is reachable via this port externally.", "loc": ["services", "warpgate", "settings", "postgres", "external_port"], "readOnly": false, "type": "null or string"}, "services.warpgate.settings.postgres.key": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/tls.key.pem\""}, "description": "Path to PostgreSQL listener private key.", "loc": ["services", "warpgate", "settings", "postgres", "key"], "readOnly": false, "type": "string"}, "services.warpgate.settings.postgres.listen": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:55432\""}, "description": "Listen endpoint of PostgreSQL listener.", "loc": ["services", "warpgate", "settings", "postgres", "listen"], "readOnly": false, "type": "string"}, "services.warpgate.settings.recordings.enable": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable session recording.", "loc": ["services", "warpgate", "settings", "recordings", "enable"], "readOnly": false, "type": "boolean"}, "services.warpgate.settings.recordings.path": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/recordings\""}, "description": "Path to store session recordings.", "loc": ["services", "warpgate", "settings", "recordings", "path"], "readOnly": false, "type": "string"}, "services.warpgate.settings.ssh.enable": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSH listener.", "loc": ["services", "warpgate", "settings", "ssh", "enable"], "readOnly": false, "type": "boolean"}, "services.warpgate.settings.ssh.external_port": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The SSH listener is reachable via this port externally.", "loc": ["services", "warpgate", "settings", "ssh", "external_port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.warpgate.settings.ssh.host_key_verification": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"prompt\""}, "description": "Specify host key verification action when connecting to a SSH target with unknown/differing host key.", "loc": ["services", "warpgate", "settings", "ssh", "host_key_verification"], "readOnly": false, "type": "one of \"prompt\", \"auto_accept\", \"auto_reject\""}, "services.warpgate.settings.ssh.inactivity_timeout": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"5m\""}, "description": "How long can user be inactive until Warpgate terminates the connection.", "loc": ["services", "warpgate", "settings", "ssh", "inactivity_timeout"], "readOnly": false, "type": "string"}, "services.warpgate.settings.ssh.keepalive_interval": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If nothing is received from the client for this amount of time, server will send a keepalive message.", "loc": ["services", "warpgate", "settings", "ssh", "keepalive_interval"], "readOnly": false, "type": "null or string"}, "services.warpgate.settings.ssh.keys": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/warpgate/ssh-keys\""}, "description": "Path to store SSH host & client keys.", "loc": ["services", "warpgate", "settings", "ssh", "keys"], "readOnly": false, "type": "string"}, "services.warpgate.settings.ssh.listen": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:2222\""}, "description": "Listen endpoint of SSH listener.", "loc": ["services", "warpgate", "settings", "ssh", "listen"], "readOnly": false, "type": "string"}, "services.warpgate.settings.sso_providers": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Configure OIDC single sign-on providers.", "example": {"_type": "literalExpression", "text": "[\n  {\n    name = \"3rd party SSO\";\n    label = \"ACME SSO\";\n    provider = {\n      type = \"custom\";\n      client_id = \"123...\";\n      client_secret = \"BC...\";\n      issuer_url = \"https://sso.acme.inc\";\n      scopes = [\"email\"];\n    };\n  }\n  {\n    ...\n  }\n]\n"}, "loc": ["services", "warpgate", "settings", "sso_providers"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.warpgate.settings.sso_providers.*.label": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "description": "SSO provider name displayed on login page.", "loc": ["services", "warpgate", "settings", "sso_providers", "*", "label"], "readOnly": false, "type": "string"}, "services.warpgate.settings.sso_providers.*.name": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "description": "Internal identifier of SSO provider.", "loc": ["services", "warpgate", "settings", "sso_providers", "*", "name"], "readOnly": false, "type": "string"}, "services.warpgate.settings.sso_providers.*.provider": {"declarations": ["nixos/modules/services/security/warpgate.nix"], "description": "SSO provider configurations.", "loc": ["services", "warpgate", "settings", "sso_providers", "*", "provider"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.wasabibackend.customConfigFile": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options.", "loc": ["services", "wasabibackend", "customConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.wasabibackend.dataDir": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/wasabibackend\""}, "description": "The data directory for the Wasabi backend node.", "loc": ["services", "wasabibackend", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.wasabibackend.enable": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wasabi backend service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wasabibackend", "enable"], "readOnly": false, "type": "boolean"}, "services.wasabibackend.endpoint.ip": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP address for P2P connection to bitcoind.", "loc": ["services", "wasabibackend", "endpoint", "ip"], "readOnly": false, "type": "string"}, "services.wasabibackend.endpoint.port": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "8333"}, "description": "Port for P2P connection to bitcoind.", "loc": ["services", "wasabibackend", "endpoint", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wasabibackend.group": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "config.services.wasabibackend.user"}, "description": "The group as which to run the wasabibackend node.", "loc": ["services", "wasabibackend", "group"], "readOnly": false, "type": "string"}, "services.wasabibackend.network": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"mainnet\""}, "description": "The network to use for the Wasabi backend service.", "loc": ["services", "wasabibackend", "network"], "readOnly": false, "type": "one of \"mainnet\", \"testnet\", \"regtest\""}, "services.wasabibackend.rpc.ip": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "IP address for RPC connection to bitcoind.", "loc": ["services", "wasabibackend", "rpc", "ip"], "readOnly": false, "type": "string"}, "services.wasabibackend.rpc.password": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"password\""}, "description": "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use `configFile` or `passwordFile` if needed.", "loc": ["services", "wasabibackend", "rpc", "password"], "readOnly": false, "type": "string"}, "services.wasabibackend.rpc.passwordFile": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File that contains the password of the RPC user.", "loc": ["services", "wasabibackend", "rpc", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.wasabibackend.rpc.port": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "8332"}, "description": "Port for RPC connection to bitcoind.", "loc": ["services", "wasabibackend", "rpc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wasabibackend.rpc.user": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"bitcoin\""}, "description": "RPC user for the bitcoin endpoint.", "loc": ["services", "wasabibackend", "rpc", "user"], "readOnly": false, "type": "string"}, "services.wasabibackend.user": {"declarations": ["nixos/modules/services/networking/wasabibackend.nix"], "default": {"_type": "literalExpression", "text": "\"wasabibackend\""}, "description": "The user as which to run the wasabibackend node.", "loc": ["services", "wasabibackend", "user"], "readOnly": false, "type": "string"}, "services.wastebin.enable": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wastebin, a pastebin service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wastebin", "enable"], "readOnly": false, "type": "boolean"}, "services.wastebin.package": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wastebin"}, "description": "The wastebin package to use.", "loc": ["services", "wastebin", "package"], "readOnly": false, "type": "package"}, "services.wastebin.secretFile": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing sensitive environment variables.\nSome variables that can be considered secrets are:\n\n- WASTEBIN_PASSWORD_SALT:\n  salt used to hash user passwords used for encrypting pastes.\n\n- WASTEBIN_SIGNING_KEY:\n  sets the key to sign cookies. If not set, a random key will be\n  generated which means cookies will become invalid after restarts and\n  paste creators will not be able to delete their pastes anymore.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/wastebin.env\""}, "loc": ["services", "wastebin", "secretFile"], "readOnly": false, "type": "null or absolute path"}, "services.wastebin.settings": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configuration for wastebin, see\n<https://github.com/matze/wastebin#usage> for supported values.\nFor secrets use secretFile option instead.\n", "example": {"_type": "literalExpression", "text": "{\n  WASTEBIN_TITLE = \"My awesome pastebin\";\n}"}, "loc": ["services", "wastebin", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string)"}, "services.wastebin.settings.RUST_LOG": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Influences logging. Besides the typical trace, debug, info etc.\nkeys, you can also set the tower_http key to some log level to get\nadditional information request and response logs.\n", "loc": ["services", "wastebin", "settings", "RUST_LOG"], "readOnly": false, "type": "string"}, "services.wastebin.settings.WASTEBIN_ADDRESS_PORT": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0:8088\""}, "description": "Address and port to bind to", "loc": ["services", "wastebin", "settings", "WASTEBIN_ADDRESS_PORT"], "readOnly": false, "type": "string"}, "services.wastebin.settings.WASTEBIN_BASE_URL": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "\"http://localhost\""}, "description": "Base URL for the QR code display. If not set, the user agent's Host\nheader field is used as an approximation.\n", "example": {"_type": "literalExpression", "text": "\"https://myhost.tld\""}, "loc": ["services", "wastebin", "settings", "WASTEBIN_BASE_URL"], "readOnly": false, "type": "string"}, "services.wastebin.settings.WASTEBIN_CACHE_SIZE": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "128"}, "description": "Number of rendered syntax highlight items to cache. Can be disabled by setting to 0.", "loc": ["services", "wastebin", "settings", "WASTEBIN_CACHE_SIZE"], "readOnly": false, "type": "signed integer"}, "services.wastebin.settings.WASTEBIN_DATABASE_PATH": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/wastebin/sqlite3.db\""}, "description": "Path to the sqlite3 database file. If not set, an in-memory database is used.", "loc": ["services", "wastebin", "settings", "WASTEBIN_DATABASE_PATH"], "readOnly": false, "type": "string"}, "services.wastebin.settings.WASTEBIN_HTTP_TIMEOUT": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Maximum number of seconds a request can be processed until wastebin responds with 408", "loc": ["services", "wastebin", "settings", "WASTEBIN_HTTP_TIMEOUT"], "readOnly": false, "type": "signed integer"}, "services.wastebin.settings.WASTEBIN_MAX_BODY_SIZE": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "1048576"}, "description": "Number of bytes to accept for POST requests", "loc": ["services", "wastebin", "settings", "WASTEBIN_MAX_BODY_SIZE"], "readOnly": false, "type": "signed integer"}, "services.wastebin.settings.WASTEBIN_TITLE": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "\"wastebin\""}, "description": "Overrides the HTML page title", "loc": ["services", "wastebin", "settings", "WASTEBIN_TITLE"], "readOnly": false, "type": "string"}, "services.wastebin.stateDir": {"declarations": ["nixos/modules/services/misc/wastebin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/wastebin\""}, "description": "State directory of the daemon.", "loc": ["services", "wastebin", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.watchdogd.enable": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable watchdogd, an advanced system & process supervisor.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "watchdogd", "enable"], "readOnly": false, "type": "boolean"}, "services.watchdogd.package": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.watchdogd"}, "description": "The watchdogd package to use.", "loc": ["services", "watchdogd", "package"], "readOnly": false, "type": "package"}, "services.watchdogd.settings": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration to put in {file}`watchdogd.conf`.\nSee {manpage}`watchdogd.conf(5)` for more details.\n", "loc": ["services", "watchdogd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or floating point number or string or attribute set of (boolean or signed integer or floating point number or string))"}, "services.watchdogd.settings.filenr.critical": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "The critical watermark level. Alert sent to log, followed by reboot or script action.\n", "loc": ["services", "watchdogd", "settings", "filenr", "critical"], "readOnly": false, "type": "nonnegative integer or floating point number, meaning >=0"}, "services.watchdogd.settings.filenr.enabled": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable watchdogd plugin filenr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "watchdogd", "settings", "filenr", "enabled"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.filenr.interval": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Amount of seconds between every poll.\n", "loc": ["services", "watchdogd", "settings", "filenr", "interval"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.watchdogd.settings.filenr.logmark": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to log current stats every poll interval.\n", "loc": ["services", "watchdogd", "settings", "filenr", "logmark"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.filenr.warning": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "0.9"}, "description": "The high watermark level. Alert sent to log.\n", "loc": ["services", "watchdogd", "settings", "filenr", "warning"], "readOnly": false, "type": "nonnegative integer or floating point number, meaning >=0"}, "services.watchdogd.settings.interval": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "The kick interval, i.e. how often {manpage}`watchdogd(8)` should reset the WDT timer.\n", "loc": ["services", "watchdogd", "settings", "interval"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.watchdogd.settings.loadavg.critical": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "2.0"}, "description": "The critical watermark level. Alert sent to log, followed by reboot or script action.\n", "loc": ["services", "watchdogd", "settings", "loadavg", "critical"], "readOnly": false, "type": "nonnegative integer or floating point number, meaning >=0"}, "services.watchdogd.settings.loadavg.enabled": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable watchdogd plugin loadavg.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "watchdogd", "settings", "loadavg", "enabled"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.loadavg.interval": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Amount of seconds between every poll.\n", "loc": ["services", "watchdogd", "settings", "loadavg", "interval"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.watchdogd.settings.loadavg.logmark": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to log current stats every poll interval.\n", "loc": ["services", "watchdogd", "settings", "loadavg", "logmark"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.loadavg.warning": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "The high watermark level. Alert sent to log.\n", "loc": ["services", "watchdogd", "settings", "loadavg", "warning"], "readOnly": false, "type": "nonnegative integer or floating point number, meaning >=0"}, "services.watchdogd.settings.meminfo.critical": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "0.95"}, "description": "The critical watermark level. Alert sent to log, followed by reboot or script action.\n", "loc": ["services", "watchdogd", "settings", "meminfo", "critical"], "readOnly": false, "type": "nonnegative integer or floating point number, meaning >=0"}, "services.watchdogd.settings.meminfo.enabled": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable watchdogd plugin meminfo.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "watchdogd", "settings", "meminfo", "enabled"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.meminfo.interval": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Amount of seconds between every poll.\n", "loc": ["services", "watchdogd", "settings", "meminfo", "interval"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.watchdogd.settings.meminfo.logmark": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to log current stats every poll interval.\n", "loc": ["services", "watchdogd", "settings", "meminfo", "logmark"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.meminfo.warning": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "0.9"}, "description": "The high watermark level. Alert sent to log.\n", "loc": ["services", "watchdogd", "settings", "meminfo", "warning"], "readOnly": false, "type": "nonnegative integer or floating point number, meaning >=0"}, "services.watchdogd.settings.safe-exit": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "With {var}`safeExit` enabled, the daemon will ask the driver to disable the WDT before exiting.\nHowever, some WDT drivers (or hardware) may not support this.\n", "loc": ["services", "watchdogd", "settings", "safe-exit"], "readOnly": false, "type": "boolean"}, "services.watchdogd.settings.timeout": {"declarations": ["nixos/modules/services/monitoring/watchdogd.nix"], "default": {"_type": "literalExpression", "text": "15"}, "description": "The WDT timeout before reset.\n", "loc": ["services", "watchdogd", "settings", "timeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.webdav-server-rs.configFile": {"declarations": ["nixos/modules/services/network-filesystems/webdav-server-rs.nix"], "default": {"_type": "literalExpression", "text": "\"Config file generated from services.webdav-server-rs.settings\""}, "description": "Path to config file. If this option is set, it will override any\nconfiguration done in services.webdav-server-rs.settings.\n", "example": {"_type": "literalExpression", "text": "\"/etc/webdav-server.toml\""}, "loc": ["services", "webdav-server-rs", "configFile"], "readOnly": false, "type": "absolute path"}, "services.webdav-server-rs.debug": {"declarations": ["nixos/modules/services/network-filesystems/webdav-server-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable debug mode.", "loc": ["services", "webdav-server-rs", "debug"], "readOnly": false, "type": "boolean"}, "services.webdav-server-rs.enable": {"declarations": ["nixos/modules/services/network-filesystems/webdav-server-rs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable WebDAV server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "webdav-server-rs", "enable"], "readOnly": false, "type": "boolean"}, "services.webdav-server-rs.group": {"declarations": ["nixos/modules/services/network-filesystems/webdav-server-rs.nix"], "default": {"_type": "literalExpression", "text": "\"webdav\""}, "description": "Group to run under when setuid is not enabled.", "loc": ["services", "webdav-server-rs", "group"], "readOnly": false, "type": "string"}, "services.webdav-server-rs.settings": {"declarations": ["nixos/modules/services/network-filesystems/webdav-server-rs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset that is converted and passed as config file. Available\noptions can be found at\n[here](https://github.com/miquels/webdav-server-rs/blob/master/webdav-server.toml).\n", "example": {"_type": "literalExpression", "text": "{\n  server.listen = [ \"0.0.0.0:4918\" \"[::]:4918\" ];\n  accounts = {\n    auth-type = \"htpasswd.default\";\n    acct-type = \"unix\";\n  };\n  htpasswd.default = {\n    htpasswd = \"/etc/htpasswd\";\n  };\n  location = [\n    {\n      route = [ \"/public/*path\" ];\n      directory = \"/srv/public\";\n      handler = \"filesystem\";\n      methods = [ \"webdav-ro\" ];\n      autoindex = true;\n      auth = \"false\";\n    }\n    {\n      route = [ \"/user/:user/*path\" ];\n      directory = \"~\";\n      handler = \"filesystem\";\n      methods = [ \"webdav-rw\" ];\n      autoindex = true;\n      auth = \"true\";\n      setuid = true;\n    }\n  ];\n}\n"}, "loc": ["services", "webdav-server-rs", "settings"], "readOnly": false, "type": "TOML value"}, "services.webdav-server-rs.user": {"declarations": ["nixos/modules/services/network-filesystems/webdav-server-rs.nix"], "default": {"_type": "literalExpression", "text": "\"webdav\""}, "description": "User to run under when setuid is not enabled.", "loc": ["services", "webdav-server-rs", "user"], "readOnly": false, "type": "string"}, "services.webdav.configFile": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "\"Config file generated from services.webdav.settings\""}, "description": "Path to config file. If this option is set, it will override any\nconfiguration done in options.services.webdav.settings.\n", "example": {"_type": "literalExpression", "text": "\"/etc/webdav/config.yaml\""}, "loc": ["services", "webdav", "configFile"], "readOnly": false, "type": "absolute path"}, "services.webdav.enable": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable WebDAV server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "webdav", "enable"], "readOnly": false, "type": "boolean"}, "services.webdav.environmentFile": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file as defined in {manpage}`systemd.exec(5)`.\n", "loc": ["services", "webdav", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.webdav.group": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "\"webdav\""}, "description": "Group under which WebDAV runs.", "loc": ["services", "webdav", "group"], "readOnly": false, "type": "string"}, "services.webdav.package": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "pkgs.webdav"}, "description": "The webdav package to use.", "loc": ["services", "webdav", "package"], "readOnly": false, "type": "package"}, "services.webdav.settings": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset that is converted and passed as config file. Available options\ncan be found at\n[here](https://github.com/hacdias/webdav).\n\nThis program supports reading username and password configuration\nfrom environment variables, so it's strongly recommended to store\nusername and password in a separate\n[EnvironmentFile](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=).\nThis prevents adding secrets to the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "{\n    address = \"0.0.0.0\";\n    port = 8080;\n    directory = \"/srv/public\";\n    permissions = \"R\";\n    users = [\n      {\n        username = \"{env}ENV_USERNAME\";\n        password = \"{env}ENV_PASSWORD\";\n      }\n    ];\n}\n"}, "loc": ["services", "webdav", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.webdav.user": {"declarations": ["nixos/modules/services/network-filesystems/webdav.nix"], "default": {"_type": "literalExpression", "text": "\"webdav\""}, "description": "User account under which WebDAV runs.", "loc": ["services", "webdav", "user"], "readOnly": false, "type": "string"}, "services.webhook.enable": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [Webhook](https://github.com/adnanh/webhook), a server written in Go that allows you to create HTTP endpoints (hooks),\nwhich execute configured commands for any person or service that knows the URL\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "webhook", "enable"], "readOnly": false, "type": "boolean"}, "services.webhook.enableTemplates": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "hooksTemplated != {}"}, "description": "Enable the generated hooks file to be parsed as a Go template.\nSee [the documentation](https://github.com/adnanh/webhook/blob/master/docs/Templates.md) for more information.\n", "loc": ["services", "webhook", "enableTemplates"], "readOnly": false, "type": "boolean"}, "services.webhook.environment": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables passed to webhook.", "loc": ["services", "webhook", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.webhook.extraArgs": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "These are arguments passed to the webhook command in the systemd service.\nYou can find the available arguments and options in the [documentation][parameters].\n\n[parameters]: https://github.com/adnanh/webhook/blob/master/docs/Webhook-Parameters.md\n", "example": {"_type": "literalExpression", "text": "[\n  \"-secure\"\n]"}, "loc": ["services", "webhook", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.webhook.group": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "\"webhook\""}, "description": "Webhook will be run under this group.\n\nIf set, you must create this group yourself!\n", "loc": ["services", "webhook", "group"], "readOnly": false, "type": "string"}, "services.webhook.hooks": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The actual configuration of which hooks will be served.\n\nRead more on the [project homepage] and on the [hook definition] page.\nAt least one hook needs to be configured.\n\n[hook definition]: https://github.com/adnanh/webhook/blob/master/docs/Hook-Definition.md\n[project homepage]: https://github.com/adnanh/webhook#configuration\n", "example": {"_type": "literalExpression", "text": "{\n  echo = {\n    execute-command = \"echo\";\n    response-message = \"Webhook is reachable!\";\n  };\n  redeploy-webhook = {\n    command-working-directory = \"/var/webhook\";\n    execute-command = \"/var/scripts/redeploy.sh\";\n  };\n}"}, "loc": ["services", "webhook", "hooks"], "readOnly": false, "type": "attribute set of (open submodule of (JSON value))"}, "services.webhook.hooks.<name>.execute-command": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "description": "The command that should be executed when the hook is triggered.", "loc": ["services", "webhook", "hooks", "<name>", "execute-command"], "readOnly": false, "type": "string"}, "services.webhook.hooks.<name>.id": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "The ID of your hook. This value is used to create the HTTP endpoint (`protocol://yourserver:port/prefix/${id}`).\n", "loc": ["services", "webhook", "hooks", "<name>", "id"], "readOnly": false, "type": "string"}, "services.webhook.hooksTemplated": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Same as {option}`hooks`, but these hooks are specified as literal strings instead of Nix values,\nand hence can include [template syntax](https://github.com/adnanh/webhook/blob/master/docs/Templates.md)\nwhich might not be representable as JSON.\n\nTemplate syntax requires the {option}`enableTemplates` option to be set to `true`, which is\ndone by default if this option is set.\n", "example": {"_type": "literalExpression", "text": "{\n  echo-template = ''\n    {\n      \"id\": \"echo-template\",\n      \"execute-command\": \"echo\",\n      \"response-message\": \"{{ getenv \"MESSAGE\" }}\"\n    }\n  '';\n}"}, "loc": ["services", "webhook", "hooksTemplated"], "readOnly": false, "type": "attribute set of string"}, "services.webhook.ip": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The IP webhook should serve hooks on.\n\nThe default means it can be reached on any interface if `openFirewall = true`.\n", "loc": ["services", "webhook", "ip"], "readOnly": false, "type": "string"}, "services.webhook.openFirewall": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the configured port in the firewall for external ingress traffic.\nPreferably the Webhook server is instead put behind a reverse proxy.\n", "loc": ["services", "webhook", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.webhook.package": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "pkgs.webhook"}, "description": "The webhook package to use.", "loc": ["services", "webhook", "package"], "readOnly": false, "type": "package"}, "services.webhook.port": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "9000"}, "description": "The port webhook should be reachable from.", "loc": ["services", "webhook", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.webhook.urlPrefix": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "\"hooks\""}, "description": "The URL path prefix to use for served hooks (`protocol://yourserver:port/${prefix}/hook-id`).\n", "loc": ["services", "webhook", "urlPrefix"], "readOnly": false, "type": "string"}, "services.webhook.user": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "\"webhook\""}, "description": "Webhook will be run under this user.\n\nIf set, you must create this user yourself!\n", "loc": ["services", "webhook", "user"], "readOnly": false, "type": "string"}, "services.webhook.verbose": {"declarations": ["nixos/modules/services/networking/webhook.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to show verbose output.", "loc": ["services", "webhook", "verbose"], "readOnly": false, "type": "boolean"}, "services.weblate.configurePostgresql": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate.\nThe default `settings` reference this database, if you disable this option you must provide a database URL in `extraConfig`.\n", "loc": ["services", "weblate", "configurePostgresql"], "readOnly": false, "type": "boolean"}, "services.weblate.djangoSecretKeyFile": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "description": "Location of the Django secret key.\n\nThis should be a path pointing to a file with secure permissions (not /nix/store).\n\nCan be generated with `weblate-generate-secret-key` which is available as the `weblate` user.\n", "loc": ["services", "weblate", "djangoSecretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.weblate.enable": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Weblate service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "weblate", "enable"], "readOnly": false, "type": "boolean"}, "services.weblate.extraConfig": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Text to append to `settings.py` Weblate configuration file.\n", "loc": ["services", "weblate", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.weblate.localDomain": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "description": "The domain name serving your Weblate instance.", "example": {"_type": "literalExpression", "text": "\"weblate.example.org\""}, "loc": ["services", "weblate", "localDomain"], "readOnly": false, "type": "string"}, "services.weblate.package": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.weblate"}, "description": "The weblate package to use.", "loc": ["services", "weblate", "package"], "readOnly": false, "type": "package"}, "services.weblate.smtp.enable": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Weblate SMTP support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "weblate", "smtp", "enable"], "readOnly": false, "type": "boolean"}, "services.weblate.smtp.from": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "\"config.services.weblate.smtp.user\""}, "description": "The from address being used in sent emails.", "example": {"_type": "literalExpression", "text": "\"weblate@example.com\""}, "loc": ["services", "weblate", "smtp", "from"], "readOnly": false, "type": "string"}, "services.weblate.smtp.host": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "description": "SMTP host used when sending emails to users.", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "weblate", "smtp", "host"], "readOnly": false, "type": "string"}, "services.weblate.smtp.passwordFile": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Location of a file containing the SMTP password.\n\nThis should be a path pointing to a file with secure permissions (not /nix/store).\n", "loc": ["services", "weblate", "smtp", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.weblate.smtp.port": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "587"}, "description": "SMTP port used when sending emails to users.", "example": {"_type": "literalExpression", "text": "25"}, "loc": ["services", "weblate", "smtp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.weblate.smtp.user": {"declarations": ["nixos/modules/services/web-apps/weblate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SMTP login name.", "example": {"_type": "literalExpression", "text": "\"weblate@example.org\""}, "loc": ["services", "weblate", "smtp", "user"], "readOnly": false, "type": "null or string"}, "services.weechat.binary": {"declarations": ["nixos/modules/services/misc/weechat.nix"], "default": {"_type": "literalExpression", "text": "\"${cfg.package}/bin/weechat\""}, "description": "Binary to execute.", "example": {"_type": "literalExpression", "text": "\"${cfg.package}/bin/weechat-headless\""}, "loc": ["services", "weechat", "binary"], "readOnly": false, "type": "absolute path"}, "services.weechat.enable": {"declarations": ["nixos/modules/services/misc/weechat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable weechat.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "weechat", "enable"], "readOnly": false, "type": "boolean"}, "services.weechat.headless": {"declarations": ["nixos/modules/services/misc/weechat.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allows specifying if weechat should run in TUI or headless mode.\n", "loc": ["services", "weechat", "headless"], "readOnly": false, "type": "boolean"}, "services.weechat.package": {"declarations": ["nixos/modules/services/misc/weechat.nix"], "default": {"_type": "literalExpression", "text": "pkgs.weechat"}, "description": "The weechat package to use.", "loc": ["services", "weechat", "package"], "readOnly": false, "type": "package"}, "services.weechat.root": {"declarations": ["nixos/modules/services/misc/weechat.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/weechat\""}, "description": "Weechat state directory.", "loc": ["services", "weechat", "root"], "readOnly": false, "type": "absolute path"}, "services.weechat.sessionName": {"declarations": ["nixos/modules/services/misc/weechat.nix"], "default": {"_type": "literalExpression", "text": "\"weechat-screen\""}, "description": "Name of the `screen` session for weechat.", "loc": ["services", "weechat", "sessionName"], "readOnly": false, "type": "string"}, "services.wg-access-server.enable": {"declarations": ["nixos/modules/services/networking/wg-access-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wg-access-server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wg-access-server", "enable"], "readOnly": false, "type": "boolean"}, "services.wg-access-server.package": {"declarations": ["nixos/modules/services/networking/wg-access-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wg-access-server"}, "description": "The wg-access-server package to use.", "loc": ["services", "wg-access-server", "package"], "readOnly": false, "type": "package"}, "services.wg-access-server.secretsFile": {"declarations": ["nixos/modules/services/networking/wg-access-server.nix"], "description": "yaml file containing all secrets. this needs to be in the same structure as the configuration.\n\nThis must to contain the admin password and wireguard private key.\nAs well as the secrets for your auth backend.\n\nExample:\n```yaml\nadminPassword: <admin password>\nwireguard:\n  privateKey: <wireguard private key>\nauth:\n  oidc:\n    clientSecret: <client secret>\n```\n", "loc": ["services", "wg-access-server", "secretsFile"], "readOnly": false, "type": "absolute path"}, "services.wg-access-server.settings": {"declarations": ["nixos/modules/services/networking/wg-access-server.nix"], "description": "See <https://www.freie-netze.org/wg-access-server/2-configuration/> for possible options", "loc": ["services", "wg-access-server", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.wg-access-server.settings.dns.enabled": {"declarations": ["nixos/modules/services/networking/wg-access-server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable/disable the embedded DNS proxy server.\nThis is enabled by default and allows VPN clients to avoid DNS leaks by sending all DNS requests to wg-access-server itself.\n", "loc": ["services", "wg-access-server", "settings", "dns", "enabled"], "readOnly": false, "type": "boolean"}, "services.wg-access-server.settings.storage": {"declarations": ["nixos/modules/services/networking/wg-access-server.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite3://db.sqlite\""}, "description": "A storage backend connection string. See [storage docs](https://www.freie-netze.org/wg-access-server/3-storage/)", "loc": ["services", "wg-access-server", "settings", "storage"], "readOnly": false, "type": "string"}, "services.wg-netmanager.enable": {"declarations": ["nixos/modules/services/networking/wg-netmanager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wireguard network manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wg-netmanager", "enable"], "readOnly": false, "type": "boolean"}, "services.wgautomesh.enable": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the wgautomesh daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wgautomesh", "enable"], "readOnly": false, "type": "boolean"}, "services.wgautomesh.enableGossipEncryption": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable encryption of gossip traffic.", "loc": ["services", "wgautomesh", "enableGossipEncryption"], "readOnly": false, "type": "boolean"}, "services.wgautomesh.enablePersistence": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable persistence of Wireguard peer info between restarts.", "loc": ["services", "wgautomesh", "enablePersistence"], "readOnly": false, "type": "boolean"}, "services.wgautomesh.gossipSecretFile": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "description": "File containing the gossip secret, a shared secret key to use for gossip\nencryption.  Required if `enableGossipEncryption` is set.  This file\nmay contain any arbitrary-length utf8 string.  To generate a new gossip\nsecret, use a command such as `openssl rand -base64 32`.\n", "loc": ["services", "wgautomesh", "gossipSecretFile"], "readOnly": false, "type": "absolute path"}, "services.wgautomesh.logLevel": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "wgautomesh log level.", "loc": ["services", "wgautomesh", "logLevel"], "readOnly": false, "type": "one of \"trace\", \"debug\", \"info\", \"warn\", \"error\""}, "services.wgautomesh.openFirewall": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically open gossip port in firewall (recommended).", "loc": ["services", "wgautomesh", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.wgautomesh.settings": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for wgautomesh.", "loc": ["services", "wgautomesh", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.wgautomesh.settings.gossip_port": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "1666"}, "description": "wgautomesh gossip port, this MUST be the same number on all nodes in\nthe wgautomesh network.\n", "loc": ["services", "wgautomesh", "settings", "gossip_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wgautomesh.settings.interface": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "description": "Wireguard interface to manage (it is NOT created by wgautomesh, you\nshould use another NixOS option to create it such as\n`networking.wireguard.interfaces.wg0 = {...};`).\n", "example": {"_type": "literalExpression", "text": "\"wg0\""}, "loc": ["services", "wgautomesh", "settings", "interface"], "readOnly": false, "type": "string"}, "services.wgautomesh.settings.lan_discovery": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable discovery of peers on the same LAN using UDP broadcast.", "loc": ["services", "wgautomesh", "settings", "lan_discovery"], "readOnly": false, "type": "boolean"}, "services.wgautomesh.settings.peers": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "wgautomesh peer list.", "loc": ["services", "wgautomesh", "settings", "peers"], "readOnly": false, "type": "list of (submodule)"}, "services.wgautomesh.settings.peers.*.address": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "description": "Wireguard address of this peer (a single IP address, multiple\naddresses or address ranges are not supported).\n", "example": {"_type": "literalExpression", "text": "\"10.0.0.42\""}, "loc": ["services", "wgautomesh", "settings", "peers", "*", "address"], "readOnly": false, "type": "string"}, "services.wgautomesh.settings.peers.*.endpoint": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Bootstrap endpoint for connecting to this Wireguard peer if no\nother address is known or none are working.\n", "example": {"_type": "literalExpression", "text": "\"wgnode.mydomain.example:51820\""}, "loc": ["services", "wgautomesh", "settings", "peers", "*", "endpoint"], "readOnly": false, "type": "null or string"}, "services.wgautomesh.settings.peers.*.pubkey": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "description": "Wireguard public key of this peer.", "loc": ["services", "wgautomesh", "settings", "peers", "*", "pubkey"], "readOnly": false, "type": "string"}, "services.wgautomesh.settings.upnp_forward_external_port": {"declarations": ["nixos/modules/services/networking/wgautomesh.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Public port number to try to redirect to this machine's Wireguard\ndaemon using UPnP IGD.\n", "loc": ["services", "wgautomesh", "settings", "upnp_forward_external_port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.whisparr.dataDir": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/whisparr/.config/Whisparr\""}, "description": "The directory where Whisparr stores its data files.", "loc": ["services", "whisparr", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.whisparr.enable": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whisparr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "whisparr", "enable"], "readOnly": false, "type": "boolean"}, "services.whisparr.environmentFiles": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment file to pass secret configuration values.\nEach line must follow the `WHISPARR__SECTION__KEY=value` pattern.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n", "loc": ["services", "whisparr", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.whisparr.group": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "\"whisparr\""}, "description": "Group under which Whisparr runs.", "loc": ["services", "whisparr", "group"], "readOnly": false, "type": "string"}, "services.whisparr.openFirewall": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Whisparr web interface.", "loc": ["services", "whisparr", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.whisparr.package": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.whisparr"}, "description": "The whisparr package to use.", "loc": ["services", "whisparr", "package"], "readOnly": false, "type": "package"}, "services.whisparr.settings": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of arbitrary config options.\nPlease consult the documentation at the [wiki](https://wiki.servarr.com/useful-tools#using-environment-variables-for-config).\n\nWARNING: this configuration is stored in the world-readable Nix store!\nFor secrets use [](#opt-services.whisparr.environmentFiles).\n", "example": {"_type": "literalExpression", "text": "{\n  update.mechanism = \"internal\";\n  server = {\n    urlbase = \"localhost\";\n    port = 6969;\n    bindaddress = \"*\";\n  };\n}\n"}, "loc": ["services", "whisparr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.whisparr.settings.log.analyticsEnabled": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Send Anonymous Usage Data", "loc": ["services", "whisparr", "settings", "log", "analyticsEnabled"], "readOnly": false, "type": "boolean"}, "services.whisparr.settings.server.port": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "6969"}, "description": "Port Number", "loc": ["services", "whisparr", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.whisparr.settings.update.automatically": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically download and install updates.", "loc": ["services", "whisparr", "settings", "update", "automatically"], "readOnly": false, "type": "boolean"}, "services.whisparr.settings.update.mechanism": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "which update mechanism to use", "loc": ["services", "whisparr", "settings", "update", "mechanism"], "readOnly": false, "type": "null or one of \"external\", \"builtIn\", \"script\""}, "services.whisparr.user": {"declarations": ["nixos/modules/services/misc/servarr/whisparr.nix"], "default": {"_type": "literalExpression", "text": "\"whisparr\""}, "description": "User account under which Whisparr runs.", "loc": ["services", "whisparr", "user"], "readOnly": false, "type": "string"}, "services.whitebophir.enable": {"declarations": ["nixos/modules/services/web-apps/whitebophir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable whitebophir, an online collaborative whiteboard server (persistent state will be maintained under {file}`/var/lib/whitebophir`).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "whitebophir", "enable"], "readOnly": false, "type": "boolean"}, "services.whitebophir.listenAddress": {"declarations": ["nixos/modules/services/web-apps/whitebophir.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Address to listen on (use 0.0.0.0 to allow access from any address).", "loc": ["services", "whitebophir", "listenAddress"], "readOnly": false, "type": "string"}, "services.whitebophir.package": {"declarations": ["nixos/modules/services/web-apps/whitebophir.nix"], "default": {"_type": "literalExpression", "text": "pkgs.whitebophir"}, "description": "The whitebophir package to use.", "loc": ["services", "whitebophir", "package"], "readOnly": false, "type": "package"}, "services.whitebophir.port": {"declarations": ["nixos/modules/services/web-apps/whitebophir.nix"], "default": {"_type": "literalExpression", "text": "5001"}, "description": "Port to bind to.", "loc": ["services", "whitebophir", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.whoami.enable": {"declarations": ["nixos/modules/services/web-apps/whoami.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable whoami.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "whoami", "enable"], "readOnly": false, "type": "boolean"}, "services.whoami.extraArgs": {"declarations": ["nixos/modules/services/web-apps/whoami.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to whoami. See <https://github.com/traefik/whoami#flags> for details.", "loc": ["services", "whoami", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.whoami.package": {"declarations": ["nixos/modules/services/web-apps/whoami.nix"], "default": {"_type": "literalExpression", "text": "pkgs.whoami"}, "description": "The whoami package to use.", "loc": ["services", "whoami", "package"], "readOnly": false, "type": "package"}, "services.whoami.port": {"declarations": ["nixos/modules/services/web-apps/whoami.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "The port whoami should listen on.", "loc": ["services", "whoami", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.whoogle-search.enable": {"declarations": ["nixos/modules/services/networking/whoogle-search.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whoogle, a metasearch engine.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "whoogle-search", "enable"], "readOnly": false, "type": "boolean"}, "services.whoogle-search.extraEnv": {"declarations": ["nixos/modules/services/networking/whoogle-search.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to pass to Whoogle, see\nhttps://github.com/benbusby/whoogle-search?tab=readme-ov-file#environment-variables\n", "loc": ["services", "whoogle-search", "extraEnv"], "readOnly": false, "type": "attribute set of string"}, "services.whoogle-search.listenAddress": {"declarations": ["nixos/modules/services/networking/whoogle-search.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Address to listen on for the web interface.", "loc": ["services", "whoogle-search", "listenAddress"], "readOnly": false, "type": "string"}, "services.whoogle-search.port": {"declarations": ["nixos/modules/services/networking/whoogle-search.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Port to listen on.", "loc": ["services", "whoogle-search", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wiki-js.enable": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wiki-js.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wiki-js", "enable"], "readOnly": false, "type": "boolean"}, "services.wiki-js.environmentFile": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to inject e.g. secrets into the configuration.\n", "example": {"_type": "literalExpression", "text": "\"/root/wiki-js.env\""}, "loc": ["services", "wiki-js", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.wiki-js.settings": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to configure `wiki-js`. This directly\ncorresponds to [the upstream configuration options](https://docs.requarks.io/install/config).\n\nSecrets can be injected via the environment by\n- specifying [](#opt-services.wiki-js.environmentFile)\n  to contain secrets\n- and setting sensitive values to `$(ENVIRONMENT_VAR)`\n  with this value defined in the environment-file.\n", "loc": ["services", "wiki-js", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.wiki-js.settings.bindIP": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "IPs the service should listen to.\n", "loc": ["services", "wiki-js", "settings", "bindIP"], "readOnly": false, "type": "string"}, "services.wiki-js.settings.db.db": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "\"wiki\""}, "description": "Name of the database to use.\n", "loc": ["services", "wiki-js", "settings", "db", "db"], "readOnly": false, "type": "string"}, "services.wiki-js.settings.db.host": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "description": "Hostname or socket-path to connect to.\n", "example": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "loc": ["services", "wiki-js", "settings", "db", "host"], "readOnly": false, "type": "string"}, "services.wiki-js.settings.db.type": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "\"postgres\""}, "description": "Database driver to use for persistence. Please note that `sqlite`\nis currently not supported as the build process for it is currently not implemented\nin `pkgs.wiki-js` and it's not recommended by upstream for\nproduction use.\n", "loc": ["services", "wiki-js", "settings", "db", "type"], "readOnly": false, "type": "one of \"postgres\", \"mysql\", \"mariadb\", \"mssql\""}, "services.wiki-js.settings.logLevel": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Define how much detail is supposed to be logged at runtime.\n", "loc": ["services", "wiki-js", "settings", "logLevel"], "readOnly": false, "type": "one of \"error\", \"warn\", \"info\", \"verbose\", \"debug\", \"silly\""}, "services.wiki-js.settings.offline": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable latest file updates and enable\n[sideloading](https://docs.requarks.io/install/sideload).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wiki-js", "settings", "offline"], "readOnly": false, "type": "boolean"}, "services.wiki-js.settings.port": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "TCP port the process should listen to.\n", "loc": ["services", "wiki-js", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wiki-js.stateDirectoryName": {"declarations": ["nixos/modules/services/web-apps/wiki-js.nix"], "default": {"_type": "literalExpression", "text": "\"wiki-js\""}, "description": "Name of the directory in {file}`/var/lib`.\n", "loc": ["services", "wiki-js", "stateDirectoryName"], "readOnly": false, "type": "string"}, "services.windmill.baseUrl": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "\"https://localhost:\\$\\{toString config.services.windmill.serverPort}\";\n"}, "description": "The base url that windmill will be served on.\n", "example": {"_type": "literalExpression", "text": "\"https://windmill.example.com\""}, "loc": ["services", "windmill", "baseUrl"], "readOnly": false, "type": "string"}, "services.windmill.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "windmill", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.windmill.database.name": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "\"windmill\""}, "description": "Database name.", "loc": ["services", "windmill", "database", "name"], "readOnly": false, "type": "string"}, "services.windmill.database.url": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "\"postgres://\\$\\{config.services.windmill.database.name}?host=/var/run/postgresql\";\n"}, "description": "Database url. Note that any secret here would be world-readable. Use `services.windmill.database.urlPath` unstead to include secrets in the url.", "loc": ["services", "windmill", "database", "url"], "readOnly": false, "type": "string"}, "services.windmill.database.urlPath": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the file containing the database url windmill should connect to. This is not deducted from database user and name as it might contain a secret\n", "example": {"_type": "literalExpression", "text": "\"config.age.secrets.DATABASE_URL_FILE.path\""}, "loc": ["services", "windmill", "database", "urlPath"], "readOnly": false, "type": "null or absolute path"}, "services.windmill.database.user": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "\"windmill\""}, "description": "Database user.", "loc": ["services", "windmill", "database", "user"], "readOnly": false, "type": "string"}, "services.windmill.enable": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable windmill service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "windmill", "enable"], "readOnly": false, "type": "boolean"}, "services.windmill.logLevel": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level", "loc": ["services", "windmill", "logLevel"], "readOnly": false, "type": "one of \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.windmill.lspPort": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "3001"}, "description": "Port the windmill lsp listens on.", "loc": ["services", "windmill", "lspPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.windmill.package": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "pkgs.windmill"}, "description": "The windmill package to use.", "loc": ["services", "windmill", "package"], "readOnly": false, "type": "package"}, "services.windmill.serverPort": {"declarations": ["nixos/modules/services/web-apps/windmill.nix"], "default": {"_type": "literalExpression", "text": "8001"}, "description": "Port the windmill server listens on.", "loc": ["services", "windmill", "serverPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wivrn.autoStart": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable starting the service by default.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "autoStart"], "readOnly": false, "type": "boolean"}, "services.wivrn.config.enable": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable configuration for WiVRn.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "config", "enable"], "readOnly": false, "type": "boolean"}, "services.wivrn.config.json": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for WiVRn. The attributes are serialized to JSON in config.json. The server will fallback to default values for any missing attributes.\n\nLike upstream, the application option is a list including the application and it's flags. In the case of the NixOS module however, the first element of the list must be a package. The module will assert otherwise.\nThe application can be set to a single package because it gets passed to lib.toList, though this will not allow for flags to be passed.\n\nWiVRn has good default configurations and most options can be configured at runtime so it is recommended to leave this empty and try the defaults before attempting manual configuration.\n\nSee <https://github.com/WiVRn/WiVRn/blob/master/docs/configuration.md>\n", "example": {"_type": "literalExpression", "text": "{\n  # left eye, hardware; right eye, software; transparency, hardware\n  encoder = [\n    {\n      encoder = \"vulkan\";\n      codec = \"h265\";\n    }\n    {\n      encoder = \"x264\";\n      codec = \"h264\";\n    }\n    {\n      encoder = \"vulkan\";\n      codec = \"h265\";\n    }\n  ];\n  application = [ pkgs.wayvr ];\n}\n"}, "loc": ["services", "wivrn", "config", "json"], "readOnly": false, "type": "JSON value"}, "services.wivrn.defaultRuntime": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable WiVRn as the default OpenXR runtime on the system.\nThe config can be found at `/etc/xdg/openxr/1/active_runtime.json`.\n\nNote that applications can bypass this option by setting an active\nruntime in a writable XDG_CONFIG_DIRS location like `~/.config`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "defaultRuntime"], "readOnly": false, "type": "boolean"}, "services.wivrn.enable": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable WiVRn, an OpenXR streaming application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "enable"], "readOnly": false, "type": "boolean"}, "services.wivrn.extraServerFlags": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Flags to add to the wivrn service.", "example": {"_type": "literalExpression", "text": "[ \"--no-publish-service\" ]"}, "loc": ["services", "wivrn", "extraServerFlags"], "readOnly": false, "type": "list of string"}, "services.wivrn.highPriority": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable high priority capability for asynchronous reprojection.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "highPriority"], "readOnly": false, "type": "boolean"}, "services.wivrn.monadoEnvironment": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to be passed to the Monado environment.", "loc": ["services", "wivrn", "monadoEnvironment"], "readOnly": false, "type": "attribute set"}, "services.wivrn.openFirewall": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the default ports in the firewall for the WiVRn server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.wivrn.package": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wivrn"}, "description": "The wivrn package to use.", "loc": ["services", "wivrn", "package"], "readOnly": false, "type": "package"}, "services.wivrn.steam.importOXRRuntimes": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Sets `PRESSURE_VESSEL_IMPORT_OPENXR_1_RUNTIMES` system-wide to allow Steam to automatically discover the WiVRn server.\n\nNote that you may have to logout for this variable to be visible\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wivrn", "steam", "importOXRRuntimes"], "readOnly": false, "type": "boolean"}, "services.wivrn.steam.package": {"declarations": ["nixos/modules/services/video/wivrn.nix"], "default": {"_type": "literalExpression", "text": "pkgs.steam"}, "description": "The steam package to use.", "loc": ["services", "wivrn", "steam", "package"], "readOnly": false, "type": "package"}, "services.wlock.enable": {"declarations": ["nixos/modules/services/desktops/wlock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wlock, a Wayland sessionlocker using the ext-session-lock-v1 protocol.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wlock", "enable"], "readOnly": false, "type": "boolean"}, "services.wlock.package": {"declarations": ["nixos/modules/services/desktops/wlock.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wlock"}, "description": "The wlock package to use.", "loc": ["services", "wlock", "package"], "readOnly": false, "type": "package"}, "services.woodpecker-agents.agents": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "woodpecker-agents configurations", "example": {"_type": "literalExpression", "text": "{\n  podman = {\n    environment = {\n      WOODPECKER_SERVER = \"localhost:9000\";\n      WOODPECKER_BACKEND = \"docker\";\n      DOCKER_HOST = \"unix:///run/podman/podman.sock\";\n    };\n\n    extraGroups = [ \"podman\" ];\n\n    environmentFile = [ \"/run/secrets/woodpecker/agent-secret.txt\" ];\n  };\n\n  exec = {\n    environment = {\n      WOODPECKER_SERVER = \"localhost:9000\";\n      WOODPECKER_BACKEND = \"local\";\n    };\n\n    environmentFile = [ \"/run/secrets/woodpecker/agent-secret.txt\" ];\n\n    path = [\n      # Needed to clone repos\n      git\n      git-lfs\n      woodpecker-plugin-git\n      # Used by the runner as the default shell\n      bash\n      # Most likely to be used in pipeline definitions\n      coreutils\n    ];\n  };\n}\n"}, "loc": ["services", "woodpecker-agents", "agents"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.woodpecker-agents.agents.<name>.enable": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable this Woodpecker-Agent. Agents execute tasks generated by a Server, every install will need one server and at least one agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "woodpecker-agents", "agents", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.woodpecker-agents.agents.<name>.environment": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/configuration/agent)", "example": {"_type": "literalExpression", "text": "{\n  WOODPECKER_SERVER = \"localhost:9000\";\n  WOODPECKER_BACKEND = \"docker\";\n  DOCKER_HOST = \"unix:///run/podman/podman.sock\";\n}\n"}, "loc": ["services", "woodpecker-agents", "agents", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.woodpecker-agents.agents.<name>.environmentFile": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load environment variables\nfrom. This is helpful for specifying secrets.\nExample content of environmentFile:\n```\nWOODPECKER_AGENT_SECRET=your-shared-secret-goes-here\n```\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var/secrets/woodpecker-agent.env\"\n]"}, "loc": ["services", "woodpecker-agents", "agents", "<name>", "environmentFile"], "readOnly": false, "type": "list of absolute path"}, "services.woodpecker-agents.agents.<name>.extraGroups": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional groups for the systemd service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"podman\"\n]"}, "loc": ["services", "woodpecker-agents", "agents", "<name>", "extraGroups"], "readOnly": false, "type": "list of string"}, "services.woodpecker-agents.agents.<name>.package": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "pkgs.woodpecker-agent"}, "description": "The woodpecker-agent package to use.", "loc": ["services", "woodpecker-agents", "agents", "<name>", "package"], "readOnly": false, "type": "package"}, "services.woodpecker-agents.agents.<name>.path": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/agents.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages that should be added to the agent's `PATH`.\nMostly useful for the `local` backend.\n", "example": {"_type": "literalExpression", "text": "[\n  \"\"\n]"}, "loc": ["services", "woodpecker-agents", "agents", "<name>", "path"], "readOnly": false, "type": "list of package"}, "services.woodpecker-server.enable": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Woodpecker-Server, a CI/CD application for automatic builds, deployments and tests.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "woodpecker-server", "enable"], "readOnly": false, "type": "boolean"}, "services.woodpecker-server.environment": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/configuration/server)", "example": {"_type": "literalExpression", "text": "{\n  WOODPECKER_HOST = \"https://woodpecker.example.com\";\n  WOODPECKER_OPEN = \"true\";\n  WOODPECKER_GITEA = \"true\";\n  WOODPECKER_GITEA_CLIENT = \"ffffffff-ffff-ffff-ffff-ffffffffffff\";\n  WOODPECKER_GITEA_URL = \"https://git.example.com\";\n}\n"}, "loc": ["services", "woodpecker-server", "environment"], "readOnly": false, "type": "attribute set of string"}, "services.woodpecker-server.environmentFile": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/server.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "File to load environment variables\nfrom. This is helpful for specifying secrets.\nExample content of environmentFile:\n```\nWOODPECKER_AGENT_SECRET=your-shared-secret-goes-here\nWOODPECKER_GITEA_SECRET=gto_**************************************\n```\n", "example": {"_type": "literalExpression", "text": "[\n  \"/root/woodpecker-server.env\"\n]"}, "loc": ["services", "woodpecker-server", "environmentFile"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "services.woodpecker-server.package": {"declarations": ["nixos/modules/services/continuous-integration/woodpecker/server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.woodpecker-server"}, "description": "The woodpecker-server package to use.", "loc": ["services", "woodpecker-server", "package"], "readOnly": false, "type": "package"}, "services.wordpress.sites": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specification of one or more WordPress sites to serve", "loc": ["services", "wordpress", "sites"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.wordpress.sites.<name>.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Create the database and database user locally.", "loc": ["services", "wordpress", "sites", "<name>", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.database.host": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "wordpress", "sites", "<name>", "database", "host"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.database.name": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"wordpress\""}, "description": "Database name.", "loc": ["services", "wordpress", "sites", "<name>", "database", "name"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/wordpress-dbpassword\""}, "loc": ["services", "wordpress", "sites", "<name>", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.wordpress.sites.<name>.database.port": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "Database host port.", "loc": ["services", "wordpress", "sites", "<name>", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wordpress.sites.<name>.database.socket": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "/run/mysqld/mysqld.sock"}, "description": "Path to the unix socket file to use for authentication.", "loc": ["services", "wordpress", "sites", "<name>", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.wordpress.sites.<name>.database.tablePrefix": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"wp_\""}, "description": "The $table_prefix is the value placed in the front of your database tables.\nChange the value if you want to use something other than wp_ for your database\nprefix. Typically this is changed if you are installing multiple WordPress blogs\nin the same database.\n\nSee <https://codex.wordpress.org/Editing_wp-config.php#table_prefix>.\n", "loc": ["services", "wordpress", "sites", "<name>", "database", "tablePrefix"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.database.user": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"wordpress\""}, "description": "Database user.", "loc": ["services", "wordpress", "sites", "<name>", "database", "user"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Any additional text to be appended to the wp-config.php\nconfiguration file. This is a PHP script. For configuration\nsettings, see <https://codex.wordpress.org/Editing_wp-config.php>.\n\n**Note**: Please pass structured settings via\n`services.wordpress.sites.\u2039name\u203a.settings` instead.\n", "example": {"_type": "literalExpression", "text": "''\n  @ini_set( 'log_errors', 'Off' );\n  @ini_set( 'display_errors', 'On' );\n''"}, "loc": ["services", "wordpress", "sites", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.wordpress.sites.<name>.fontsDir": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/wordpress/\u2039name\u203a/fonts\""}, "description": "This directory is used to download fonts from a remote location, e.g.\nto host google fonts locally.\n", "loc": ["services", "wordpress", "sites", "<name>", "fontsDir"], "readOnly": false, "type": "absolute path"}, "services.wordpress.sites.<name>.languages": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of path(s) to respective language(s) which are copied from the 'languages' directory.\n", "example": {"_type": "literalExpression", "text": "[\n  # Let's package the German language.\n  # For other languages try to replace language and country code in the download URL with your desired one.\n  # Reference https://translate.wordpress.org for available translations and\n  # codes.\n  (pkgs.stdenv.mkDerivation {\n    name = \"language-de\";\n    src = pkgs.fetchurl {\n      url = \"https://de.wordpress.org/wordpress-${pkgs.wordpress.version}-de_DE.tar.gz\";\n      # Name is required to invalidate the hash when wordpress is updated\n      name = \"wordpress-${pkgs.wordpress.version}-language-de\";\n      sha256 = \"sha256-dlas0rXTSV4JAl8f/UyMbig57yURRYRhTMtJwF9g8h0=\";\n    };\n    installPhase = \"mkdir -p $out; cp -r ./wp-content/languages/* $out/\";\n  })\n];\n"}, "loc": ["services", "wordpress", "sites", "<name>", "languages"], "readOnly": false, "type": "list of absolute path"}, "services.wordpress.sites.<name>.mergedConfig": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{\n  DISALLOW_FILE_EDIT = true;\n  AUTOMATIC_UPDATER_DISABLED = true;\n}\n"}, "description": "Read only representation of the final configuration.\n", "loc": ["services", "wordpress", "sites", "<name>", "mergedConfig"], "readOnly": true, "type": "unspecified value"}, "services.wordpress.sites.<name>.package": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wordpress"}, "description": "The wordpress package to use.", "loc": ["services", "wordpress", "sites", "<name>", "package"], "readOnly": false, "type": "package"}, "services.wordpress.sites.<name>.plugins": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Path(s) to respective plugin(s) which are copied from the 'plugins' directory.\n\n::: {.note}\nThese plugins need to be packaged before use, see example.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  inherit (pkgs.wordpressPackages.plugins) embed-pdf-viewer-plugin;\n}\n"}, "loc": ["services", "wordpress", "sites", "<name>", "plugins"], "readOnly": false, "type": "(attribute set of absolute path) or (list of absolute path) convertible to it"}, "services.wordpress.sites.<name>.poolConfig": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the WordPress PHP pool. See the documentation on `php-fpm.conf`\nfor details on configuration directives.\n", "loc": ["services", "wordpress", "sites", "<name>", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.wordpress.sites.<name>.settings": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Structural Wordpress configuration.\nRefer to <https://developer.wordpress.org/apis/wp-config-php>\nfor details and supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  WP_DEFAULT_THEME = \"twentytwentytwo\";\n  WP_SITEURL = \"https://example.org\";\n  WP_HOME = \"https://example.org\";\n  WP_DEBUG = true;\n  WP_DEBUG_DISPLAY = true;\n  WPLANG = \"de_DE\";\n  FORCE_SSL_ADMIN = true;\n  AUTOMATIC_UPDATER_DISABLED = true;\n}\n"}, "loc": ["services", "wordpress", "sites", "<name>", "settings"], "readOnly": false, "type": "attribute set of anything"}, "services.wordpress.sites.<name>.themes": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{ inherit (pkgs.wordpressPackages.themes) twentytwentyfive; }"}, "description": "Path(s) to respective theme(s) which are copied from the 'theme' directory.\n\n::: {.note}\nThese themes need to be packaged before use, see example.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  inherit (pkgs.wordpressPackages.themes) responsive-theme;\n}\n"}, "loc": ["services", "wordpress", "sites", "<name>", "themes"], "readOnly": false, "type": "(attribute set of absolute path) or (list of absolute path) convertible to it"}, "services.wordpress.sites.<name>.uploadsDir": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/wordpress/\u2039name\u203a/uploads\""}, "description": "This directory is used for uploads of pictures. The directory passed here is automatically\ncreated and permissions adjusted as required.\n", "loc": ["services", "wordpress", "sites", "<name>", "uploadsDir"], "readOnly": false, "type": "absolute path"}, "services.wordpress.sites.<name>.virtualHost": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "description": "Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`.\n", "example": {"_type": "literalExpression", "text": "{\n  adminAddr = \"webmaster@example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.wordpress.sites.<name>.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.wordpress.sites.<name>.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.wordpress.sites.<name>.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.wordpress.sites.<name>.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.wordpress.sites.<name>.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.wordpress.sites.<name>.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.wordpress.sites.<name>.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "description": "Port to listen on", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wordpress.sites.<name>.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.wordpress.sites.<name>.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.wordpress.sites.<name>.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.wordpress.sites.<name>.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.wordpress.sites.<name>.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.wordpress.sites.<name>.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.wordpress.sites.<name>.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.wordpress.sites.<name>.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.wordpress.sites.<name>.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.wordpress.sites.<name>.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.wordpress.sites.<name>.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.wordpress.sites.<name>.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.wordpress.sites.<name>.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.wordpress.sites.<name>.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.wordpress.sites.<name>.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.wordpress.sites.<name>.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "wordpress", "sites", "<name>", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.wordpress.webserver": {"declarations": ["nixos/modules/services/web-apps/wordpress.nix"], "default": {"_type": "literalExpression", "text": "\"httpd\""}, "description": "Whether to use apache2 or nginx for virtual host management.\n\nFurther nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n\nFurther apache2 configuration can be done by adapting `services.httpd.virtualHosts.<name>`.\nSee [](#opt-services.httpd.virtualHosts) for further information.\n", "loc": ["services", "wordpress", "webserver"], "readOnly": false, "type": "one of \"httpd\", \"nginx\", \"caddy\""}, "services.workout-tracker.address": {"declarations": ["nixos/modules/services/misc/workout-tracker.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Web interface address.", "loc": ["services", "workout-tracker", "address"], "readOnly": false, "type": "string"}, "services.workout-tracker.enable": {"declarations": ["nixos/modules/services/misc/workout-tracker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable workout tracking web application for personal use (or family, friends), geared towards running and other GPX-based activities.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "workout-tracker", "enable"], "readOnly": false, "type": "boolean"}, "services.workout-tracker.environmentFile": {"declarations": ["nixos/modules/services/misc/workout-tracker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An environment file as defined in {manpage}`systemd.exec(5)`.\n\nSecrets like `WT_JWT_ENCRYPTION_KEY` may be passed to the service without adding them\nto the world-readable Nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/workout-tracker.env\""}, "loc": ["services", "workout-tracker", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.workout-tracker.package": {"declarations": ["nixos/modules/services/misc/workout-tracker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.workout-tracker"}, "description": "The workout-tracker package to use.", "loc": ["services", "workout-tracker", "package"], "readOnly": false, "type": "package"}, "services.workout-tracker.port": {"declarations": ["nixos/modules/services/misc/workout-tracker.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "Web interface port.", "loc": ["services", "workout-tracker", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.workout-tracker.settings": {"declarations": ["nixos/modules/services/misc/workout-tracker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra config options.\n", "example": {"_type": "literalExpression", "text": "{\n  WT_DATABASE_DRIVER = \"sqlite\";\n  WT_DEBUG = \"false\";\n  WT_DSN = \"./database.db\";\n  WT_LOGGING = \"true\";\n}"}, "loc": ["services", "workout-tracker", "settings"], "readOnly": false, "type": "attribute set of string"}, "services.writefreely.acme.enable": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to automatically fetch and configure SSL certs.", "loc": ["services", "writefreely", "acme", "enable"], "readOnly": false, "type": "boolean"}, "services.writefreely.admin.initialPasswordFile": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/store/xxx-default-admin-pass\""}, "description": "Path to a file containing the initial password for the admin user.\nIf not provided, the default password will be set to `nixos`.\n", "loc": ["services", "writefreely", "admin", "initialPasswordFile"], "readOnly": false, "type": "absolute path"}, "services.writefreely.admin.name": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the first admin user.", "loc": ["services", "writefreely", "admin", "name"], "readOnly": false, "type": "null or string"}, "services.writefreely.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When {option}`services.writefreely.database.type` is set to\n`\"mysql\"`, this option will enable the MySQL service locally.\n", "loc": ["services", "writefreely", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.writefreely.database.host": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The database host to connect to.", "loc": ["services", "writefreely", "database", "host"], "readOnly": false, "type": "string"}, "services.writefreely.database.migrate": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether or not to automatically run migrations on startup.", "loc": ["services", "writefreely", "database", "migrate"], "readOnly": false, "type": "boolean"}, "services.writefreely.database.name": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"writefreely\""}, "description": "The name of the database to store data in.", "loc": ["services", "writefreely", "database", "name"], "readOnly": false, "type": "string"}, "services.writefreely.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The file to load the database password from.", "loc": ["services", "writefreely", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.writefreely.database.port": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "3306"}, "description": "The port used when connecting to the database host.", "loc": ["services", "writefreely", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.writefreely.database.tls": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not TLS should be used for the database connection.", "loc": ["services", "writefreely", "database", "tls"], "readOnly": false, "type": "boolean"}, "services.writefreely.database.type": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite3\""}, "description": "The database provider to use.", "loc": ["services", "writefreely", "database", "type"], "readOnly": false, "type": "one of \"sqlite3\", \"mysql\""}, "services.writefreely.database.user": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"writefreely\""}, "description": "The database user to connect as.", "loc": ["services", "writefreely", "database", "user"], "readOnly": false, "type": "null or string"}, "services.writefreely.enable": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Writefreely, build a digital writing community.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "writefreely", "enable"], "readOnly": false, "type": "boolean"}, "services.writefreely.group": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"writefreely\""}, "description": "Group under which Writefreely is ran.", "loc": ["services", "writefreely", "group"], "readOnly": false, "type": "string"}, "services.writefreely.host": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The public host name to serve.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "writefreely", "host"], "readOnly": false, "type": "string"}, "services.writefreely.nginx.enable": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable and configure nginx as a proxy for WriteFreely.", "loc": ["services", "writefreely", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.writefreely.nginx.forceSSL": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to force the use of SSL.", "loc": ["services", "writefreely", "nginx", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.writefreely.package": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "pkgs.writefreely"}, "description": "The writefreely package to use.", "loc": ["services", "writefreely", "package"], "readOnly": false, "type": "package"}, "services.writefreely.settings": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Writefreely configuration ({file}`config.ini`). Refer to\n<https://writefreely.org/docs/latest/admin/config>\nfor details.\n", "loc": ["services", "writefreely", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.writefreely.settings.app.theme": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"write\""}, "description": "The theme to apply.", "loc": ["services", "writefreely", "settings", "app", "theme"], "readOnly": false, "type": "string"}, "services.writefreely.settings.server.port": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"80\""}, "description": "The port WriteFreely should listen on.", "loc": ["services", "writefreely", "settings", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.writefreely.stateDir": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/writefreely\""}, "description": "The state directory where keys and data are stored.", "loc": ["services", "writefreely", "stateDir"], "readOnly": false, "type": "absolute path"}, "services.writefreely.user": {"declarations": ["nixos/modules/services/web-apps/writefreely.nix"], "default": {"_type": "literalExpression", "text": "\"writefreely\""}, "description": "User under which Writefreely is ran.", "loc": ["services", "writefreely", "user"], "readOnly": false, "type": "string"}, "services.wstunnel.clients": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "`wstunnel` clients to set up.", "example": {"_type": "literalExpression", "text": "{\n  wg-tunnel = {\n    connectTo = \"wss://wstunnel.server.com:8443\";\n    localToRemote = [\n      \"tcp://1212:google.com:443\"\n      \"tcp://2:n.lan:4?proxy_protocol\"\n    ];\n    remoteToLocal = [\n      \"socks5://[::1]:1212\"\n      \"unix://wstunnel.sock:g.com:443\"\n    ];\n  };\n}"}, "loc": ["services", "wstunnel", "clients"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.wstunnel.clients.<name>.addNetBind": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wstunnel", "clients", "<name>", "addNetBind"], "readOnly": false, "type": "boolean"}, "services.wstunnel.clients.<name>.autoStart": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable starting this wstunnel instance automatically.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wstunnel", "clients", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "services.wstunnel.clients.<name>.connectTo": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "description": "Server address and port to connect to.", "example": {"_type": "literalExpression", "text": "\"https://wstunnel.server.com:8443\""}, "loc": ["services", "wstunnel", "clients", "<name>", "connectTo"], "readOnly": false, "type": "string"}, "services.wstunnel.clients.<name>.enable": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this `wstunnel` instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wstunnel", "clients", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.wstunnel.clients.<name>.environmentFile": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store.\nNote however that the secrets are passed to `wstunnel` through\nthe command line, which makes them locally readable for all users of\nthe system at runtime.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/wstunnelSecrets\""}, "loc": ["services", "wstunnel", "clients", "<name>", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.wstunnel.clients.<name>.package": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wstunnel"}, "description": "The wstunnel package to use.", "loc": ["services", "wstunnel", "clients", "<name>", "package"], "readOnly": false, "type": "package"}, "services.wstunnel.clients.<name>.settings": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Command line arguments to pass to `wstunnel`.\nAttributes of the form `argName = true;` will be translated to `--argName`,\nand `argName = \\\"value\\\"` to `--argName value`.\n", "example": {"_type": "literalExpression", "text": "{\n  someNewOption = true;\n  someNewOptionWithValue = \"someValue\";\n}"}, "loc": ["services", "wstunnel", "clients", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string or list of string)"}, "services.wstunnel.clients.<name>.settings.http-headers": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Custom headers to send in the upgrade request\n", "example": {"_type": "literalExpression", "text": "{\n  X-Some-Header = \"some-value\";\n}"}, "loc": ["services", "wstunnel", "clients", "<name>", "settings", "http-headers"], "readOnly": false, "type": "(list of string) or (attribute set of string) convertible to it"}, "services.wstunnel.enable": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wstunnel.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wstunnel", "enable"], "readOnly": false, "type": "boolean"}, "services.wstunnel.servers": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "`wstunnel` servers to set up.", "example": {"_type": "literalExpression", "text": "{\n  wg-tunnel = {\n    listen = {\n      enableHTTPS = true;\n      host = \"0.0.0.0\";\n      port = 8080;\n    };\n    settings = {\n      restrict-to = [\n        {\n          host = \"127.0.0.1\";\n          port = 51820;\n        }\n      ];\n      tls-certificate = \"/var/lib/secrets/fullchain.pem\";\n      tls-private-key = \"/var/lib/secrets/key.pem\";\n    };\n  };\n}"}, "loc": ["services", "wstunnel", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.wstunnel.servers.<name>.autoStart": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable starting this wstunnel instance automatically.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wstunnel", "servers", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "services.wstunnel.servers.<name>.enable": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this `wstunnel` instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wstunnel", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.wstunnel.servers.<name>.environmentFile": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file to be passed to the systemd service.\nUseful for passing secrets to the service to prevent them from being\nworld-readable in the Nix store.\nNote however that the secrets are passed to `wstunnel` through\nthe command line, which makes them locally readable for all users of\nthe system at runtime.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/secrets/wstunnelSecrets\""}, "loc": ["services", "wstunnel", "servers", "<name>", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.wstunnel.servers.<name>.listen": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "{ config, ... }:\n{\n  host = \"0.0.0.0\";\n  port = if config.enableHTTPS then 443 else 80;\n}\n"}, "description": "Address and port to listen on.\nSetting the port to a value below 1024 will also give the process\nthe required `CAP_NET_BIND_SERVICE` capability.\n", "loc": ["services", "wstunnel", "servers", "<name>", "listen"], "readOnly": false, "type": "submodule"}, "services.wstunnel.servers.<name>.listen.enableHTTPS": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use HTTPS for the tunnel server.", "loc": ["services", "wstunnel", "servers", "<name>", "listen", "enableHTTPS"], "readOnly": false, "type": "boolean"}, "services.wstunnel.servers.<name>.listen.host": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "description": "The hostname.", "loc": ["services", "wstunnel", "servers", "<name>", "listen", "host"], "readOnly": false, "type": "string"}, "services.wstunnel.servers.<name>.listen.port": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "description": "The port.", "loc": ["services", "wstunnel", "servers", "<name>", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wstunnel.servers.<name>.package": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wstunnel"}, "description": "The wstunnel package to use.", "loc": ["services", "wstunnel", "servers", "<name>", "package"], "readOnly": false, "type": "package"}, "services.wstunnel.servers.<name>.settings": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Command line arguments to pass to `wstunnel`.\nAttributes of the form `argName = true;` will be translated to `--argName`,\nand `argName = \\\"value\\\"` to `--argName value`.\n", "example": {"_type": "literalExpression", "text": "{\n  someNewOption = true;\n  someNewOptionWithValue = \"someValue\";\n}"}, "loc": ["services", "wstunnel", "servers", "<name>", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or signed integer or string or list of string)"}, "services.wstunnel.servers.<name>.settings.restrict-to": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Restrictions on the connections that the server will accept.\nFor more flexibility, and the possibility to also allow reverse tunnels,\nlook into the `restrict-config` option that takes a path to a yaml file.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    host = \"127.0.0.1\";\n    port = 51820;\n  }\n]"}, "loc": ["services", "wstunnel", "servers", "<name>", "settings", "restrict-to"], "readOnly": false, "type": "list of (submodule)"}, "services.wstunnel.servers.<name>.settings.restrict-to.*.host": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "description": "The hostname.", "loc": ["services", "wstunnel", "servers", "<name>", "settings", "restrict-to", "*", "host"], "readOnly": false, "type": "string"}, "services.wstunnel.servers.<name>.settings.restrict-to.*.port": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "description": "The port.", "loc": ["services", "wstunnel", "servers", "<name>", "settings", "restrict-to", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.wstunnel.servers.<name>.useACMEHost": {"declarations": ["nixos/modules/services/networking/wstunnel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Use a certificate generated by the NixOS ACME module for the given host.\nNote that this will not generate a new certificate - you will need to do so with `security.acme.certs`.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "wstunnel", "servers", "<name>", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.wyoming.faster-whisper.package": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wyoming-faster-whisper"}, "description": "The wyoming-faster-whisper package to use.", "loc": ["services", "wyoming", "faster-whisper", "package"], "readOnly": false, "type": "package"}, "services.wyoming.faster-whisper.servers": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of wyoming-faster-whisper instances to spawn.\n", "loc": ["services", "wyoming", "faster-whisper", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.wyoming.faster-whisper.servers.<name>.beamSize": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "The number of beams to use in beam search.\nUse `0` to automatically select a value based on the CPU.\n", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "beamSize"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.wyoming.faster-whisper.servers.<name>.device": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "\"cpu\""}, "description": "Determines the platform faster-whisper is run on. CPU works everywhere, CUDA requires a compatible NVIDIA GPU.\n", "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "device"], "readOnly": false, "type": "one of \"cpu\", \"cuda\", \"auto\""}, "services.wyoming.faster-whisper.servers.<name>.enable": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wyoming faster-whisper server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.wyoming.faster-whisper.servers.<name>.extraArgs": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the server commandline.\n", "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.wyoming.faster-whisper.servers.<name>.initialPrompt": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional text to provide as a prompt for the first window. This can be used to provide, or\n\"prompt-engineer\" a context for transcription, e.g. custom vocabularies or proper nouns\nto make it more likely to predict those word correctly.\n\nNot supported when the {option}`customModelType` is `transformers`.\n", "example": {"_type": "literalExpression", "text": "''\n  The following conversation takes place in the universe of\n  Wizard of Oz. Key terms include 'Yellow Brick Road' (the path\n  to follow), 'Emerald City' (the ultimate goal), and 'Ruby\n  Slippers' (the magical tools to succeed). Keep these in mind as\n  they guide the journey.\n''"}, "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "initialPrompt"], "readOnly": false, "type": "null or string"}, "services.wyoming.faster-whisper.servers.<name>.language": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "description": "The language used to to parse words and sentences.\n", "example": {"_type": "literalExpression", "text": "\"en\""}, "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "language"], "readOnly": false, "type": "one of \"auto\", \"af\", \"am\", \"ar\", \"as\", \"az\", \"ba\", \"be\", \"bg\", \"bn\", \"bo\", \"br\", \"bs\", \"ca\", \"cs\", \"cy\", \"da\", \"de\", \"el\", \"en\", \"es\", \"et\", \"eu\", \"fa\", \"fi\", \"fo\", \"fr\", \"gl\", \"gu\", \"ha\", \"haw\", \"he\", \"hi\", \"hr\", \"ht\", \"hu\", \"hy\", \"id\", \"is\", \"it\", \"ja\", \"jw\", \"ka\", \"kk\", \"km\", \"kn\", \"ko\", \"la\", \"lb\", \"ln\", \"lo\", \"lt\", \"lv\", \"mg\", \"mi\", \"mk\", \"ml\", \"mn\", \"mr\", \"ms\", \"mt\", \"my\", \"ne\", \"nl\", \"nn\", \"no\", \"oc\", \"pa\", \"pl\", \"ps\", \"pt\", \"ro\", \"ru\", \"sa\", \"sd\", \"si\", \"sk\", \"sl\", \"sn\", \"so\", \"sq\", \"sr\", \"su\", \"sv\", \"sw\", \"ta\", \"te\", \"tg\", \"th\", \"tk\", \"tl\", \"tr\", \"tt\", \"uk\", \"ur\", \"uz\", \"vi\", \"yi\", \"yue\", \"yo\", \"zh\""}, "services.wyoming.faster-whisper.servers.<name>.model": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "\"tiny-int8\""}, "description": "Name of the voice model to use. Can also be a HuggingFace model ID or a path to\na custom model directory.\n\nWith {option}`useTranformers` enabled, a HuggingFace transformers Whisper model\nID from HuggingFace like `openai/whisper-tiny.en` must be used.\n\nCompressed models (`int8`) are slightly less accurate, but smaller and faster.\nDistilled models are uncompressed and faster and smaller than non-distilled models.\n\nAvailable models:\n- `tiny-int8` (compressed)\n- `tiny`\n- `tiny.en` (English only)\n- `base-int8` (compressed)\n- `base`\n- `base.en` (English only)\n- `small-int8` (compressed)\n- `distil-small.en` (distilled, English only)\n- `small`\n- `small.en` (English only)\n- `medium-int8` (compressed)\n- `distil-medium.en` (distilled, English only)\n- `medium`\n- `medium.en` (English only)\n- `large`\n- `large-v1`\n- `distil-large-v2` (distilled, English only)\n- `large-v2`\n- `distil-large-v3` (distilled, English only)\n- `large-v3`\n- `turbo` (faster than large-v3)\n", "example": {"_type": "literalExpression", "text": "\"Systran/faster-distil-whisper-small.en\""}, "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "model"], "readOnly": false, "type": "string"}, "services.wyoming.faster-whisper.servers.<name>.uri": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "description": "URI to bind the wyoming server to.\n", "example": {"_type": "literalExpression", "text": "\"tcp://0.0.0.0:10300\""}, "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "uri"], "readOnly": false, "type": "string matching the pattern ^(tcp|unix)://.*$"}, "services.wyoming.faster-whisper.servers.<name>.useTransformers": {"declarations": ["nixos/modules/services/home-automation/wyoming/faster-whisper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to provide the dependencies to allow using transformer models.\n", "loc": ["services", "wyoming", "faster-whisper", "servers", "<name>", "useTransformers"], "readOnly": false, "type": "boolean"}, "services.wyoming.openwakeword.customModelsDirectories": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Paths to directories with custom wake word models (*.tflite model files).\n", "loc": ["services", "wyoming", "openwakeword", "customModelsDirectories"], "readOnly": false, "type": "list of absolute path"}, "services.wyoming.openwakeword.enable": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wyoming protocol server for openWakeWord wake word detection system.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wyoming", "openwakeword", "enable"], "readOnly": false, "type": "boolean"}, "services.wyoming.openwakeword.extraArgs": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the server commandline.\n", "loc": ["services", "wyoming", "openwakeword", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.wyoming.openwakeword.package": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wyoming-openwakeword"}, "description": "The wyoming-openwakeword package to use.", "loc": ["services", "wyoming", "openwakeword", "package"], "readOnly": false, "type": "package"}, "services.wyoming.openwakeword.refractorySeconds": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Duration in seconds before a wake word can be detected again.\n", "example": {"_type": "literalExpression", "text": "1.5"}, "loc": ["services", "wyoming", "openwakeword", "refractorySeconds"], "readOnly": false, "type": "signed integer or floating point number"}, "services.wyoming.openwakeword.threshold": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "0.5"}, "description": "Activation threshold (0.0-1.0), where higher means fewer activations.\n\nSee trigger level for the relationship between activations and\nwake word detections.\n", "loc": ["services", "wyoming", "openwakeword", "threshold"], "readOnly": false, "type": "integer or floating point number between 0.0 and 1.0 (both inclusive)"}, "services.wyoming.openwakeword.triggerLevel": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of activations before a detection is registered.\n\nA higher trigger level means fewer detections.\n", "loc": ["services", "wyoming", "openwakeword", "triggerLevel"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.wyoming.openwakeword.uri": {"declarations": ["nixos/modules/services/home-automation/wyoming/openwakeword.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://0.0.0.0:10400\""}, "description": "URI to bind the wyoming server to.\n", "example": {"_type": "literalExpression", "text": "\"tcp://192.0.2.1:5000\""}, "loc": ["services", "wyoming", "openwakeword", "uri"], "readOnly": false, "type": "string matching the pattern ^(tcp|unix)://.*$"}, "services.wyoming.piper.package": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wyoming-piper"}, "description": "The wyoming-piper package to use.", "loc": ["services", "wyoming", "piper", "package"], "readOnly": false, "type": "package"}, "services.wyoming.piper.servers": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of wyoming-piper instances to spawn.\n", "loc": ["services", "wyoming", "piper", "servers"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.wyoming.piper.servers.<name>.enable": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wyoming Piper server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wyoming", "piper", "servers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.wyoming.piper.servers.<name>.extraArgs": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the server commandline.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.wyoming.piper.servers.<name>.lengthScale": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "1.0"}, "description": "Phoneme length value.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "lengthScale"], "readOnly": false, "type": "floating point number"}, "services.wyoming.piper.servers.<name>.noiseScale": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "0.667"}, "description": "Generator noise value.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "noiseScale"], "readOnly": false, "type": "floating point number"}, "services.wyoming.piper.servers.<name>.noiseWidth": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "0.333"}, "description": "Phoneme width noise value.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "noiseWidth"], "readOnly": false, "type": "floating point number"}, "services.wyoming.piper.servers.<name>.speaker": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "ID of a specific speaker in a multi-speaker model.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "speaker"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.wyoming.piper.servers.<name>.uri": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "description": "URI to bind the wyoming server to.\n", "example": {"_type": "literalExpression", "text": "\"tcp://0.0.0.0:10200\""}, "loc": ["services", "wyoming", "piper", "servers", "<name>", "uri"], "readOnly": false, "type": "string matching the pattern ^(tcp|unix)://.*$"}, "services.wyoming.piper.servers.<name>.useCUDA": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.config.cudaSupport"}, "description": "Whether to accelerate the underlying onnxruntime library with CUDA.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "useCUDA"], "readOnly": false, "type": "boolean"}, "services.wyoming.piper.servers.<name>.voice": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "description": "Name of the voice model to use. See the following website for samples:\nhttps://rhasspy.github.io/piper-samples/\n", "example": {"_type": "literalExpression", "text": "\"en-us-ryan-medium\""}, "loc": ["services", "wyoming", "piper", "servers", "<name>", "voice"], "readOnly": false, "type": "string"}, "services.wyoming.piper.servers.<name>.zeroconf.enable": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable zeroconf discovery.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wyoming", "piper", "servers", "<name>", "zeroconf", "enable"], "readOnly": false, "type": "boolean"}, "services.wyoming.piper.servers.<name>.zeroconf.name": {"declarations": ["nixos/modules/services/home-automation/wyoming/piper.nix"], "default": {"_type": "literalExpression", "text": "\"piper\""}, "description": "The advertised name for zeroconf discovery.\n", "loc": ["services", "wyoming", "piper", "servers", "<name>", "zeroconf", "name"], "readOnly": false, "type": "string"}, "services.x2goserver.enable": {"declarations": ["nixos/modules/services/networking/x2goserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the x2goserver module.\nNOTE: This will create a good amount of symlinks in `/usr/local/bin`\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "x2goserver", "enable"], "readOnly": false, "type": "boolean"}, "services.x2goserver.nxagentDefaultOptions": {"declarations": ["nixos/modules/services/networking/x2goserver.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-extension GLX\"\n  \"-nolisten tcp\"\n]"}, "description": "List of default nx agent options.\n", "loc": ["services", "x2goserver", "nxagentDefaultOptions"], "readOnly": false, "type": "list of string"}, "services.x2goserver.package": {"declarations": ["nixos/modules/services/networking/x2goserver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.x2goserver"}, "description": "The x2goserver package to use.", "loc": ["services", "x2goserver", "package"], "readOnly": false, "type": "package"}, "services.x2goserver.settings": {"declarations": ["nixos/modules/services/networking/x2goserver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "x2goserver.conf ini configuration as nix attributes. See\n`x2goserver.conf(5)` for details\n", "example": {"_type": "literalExpression", "text": "{\n  superenicer = {\n    \"enable\" = \"yes\";\n    \"idle-nice-level\" = 19;\n  };\n  telekinesis = { \"enable\" = \"no\"; };\n}\n"}, "loc": ["services", "x2goserver", "settings"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.x2goserver.superenicer.enable": {"declarations": ["nixos/modules/services/networking/x2goserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables the SupeReNicer code in x2gocleansessions, this will renice\nsuspended sessions to nice level 19 and renice them to level 0 if the\nsession becomes marked as running again\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "x2goserver", "superenicer", "enable"], "readOnly": false, "type": "boolean"}, "services.xandikos.address": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The IP address on which Xandikos will listen.\nBy default listens on localhost.\n", "loc": ["services", "xandikos", "address"], "readOnly": false, "type": "string"}, "services.xandikos.enable": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xandikos CalDAV and CardDAV server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xandikos", "enable"], "readOnly": false, "type": "boolean"}, "services.xandikos.extraOptions": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments to pass to xandikos.\n", "example": {"_type": "literalExpression", "text": "[ \"--autocreate\"\n  \"--defaults\"\n  \"--current-user-principal user\"\n  \"--dump-dav-xml\"\n]\n"}, "loc": ["services", "xandikos", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.xandikos.nginx": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for nginx reverse proxy.\n", "loc": ["services", "xandikos", "nginx"], "readOnly": false, "type": "submodule"}, "services.xandikos.nginx.enable": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure the nginx reverse proxy settings.\n", "loc": ["services", "xandikos", "nginx", "enable"], "readOnly": false, "type": "boolean"}, "services.xandikos.nginx.hostName": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "description": "The hostname use to setup the virtualhost configuration\n", "loc": ["services", "xandikos", "nginx", "hostName"], "readOnly": false, "type": "string"}, "services.xandikos.package": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xandikos"}, "description": "The xandikos package to use.", "loc": ["services", "xandikos", "package"], "readOnly": false, "type": "package"}, "services.xandikos.port": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port of the Xandikos web application", "loc": ["services", "xandikos", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xandikos.routePrefix": {"declarations": ["nixos/modules/services/networking/xandikos.nix"], "default": {"_type": "literalExpression", "text": "\"/\""}, "description": "Path to Xandikos.\nUseful when Xandikos is behind a reverse proxy.\n", "loc": ["services", "xandikos", "routePrefix"], "readOnly": false, "type": "string"}, "services.xbanish.arguments": {"declarations": ["nixos/modules/services/x11/xbanish.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments to pass to xbanish command", "example": {"_type": "literalExpression", "text": "\"-d -i shift\""}, "loc": ["services", "xbanish", "arguments"], "readOnly": false, "type": "string"}, "services.xbanish.enable": {"declarations": ["nixos/modules/services/x11/xbanish.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xbanish.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xbanish", "enable"], "readOnly": false, "type": "boolean"}, "services.xe-guest-utilities.enable": {"declarations": ["nixos/modules/virtualisation/xe-guest-utilities.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the XenServer guest utilities daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xe-guest-utilities", "enable"], "readOnly": false, "type": "boolean"}, "services.xfs.enable": {"declarations": ["nixos/modules/services/x11/xfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the X Font Server.", "loc": ["services", "xfs", "enable"], "readOnly": false, "type": "boolean"}, "services.xinetd.enable": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the xinetd super-server daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xinetd", "enable"], "readOnly": false, "type": "boolean"}, "services.xinetd.extraDefaults": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration lines added to the default section of xinetd's configuration.\n", "loc": ["services", "xinetd", "extraDefaults"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xinetd.services": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of services provided by xinetd.\n", "loc": ["services", "xinetd", "services"], "readOnly": false, "type": "list of (submodule)"}, "services.xinetd.services.*.extraConfig": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration-lines added to the section of the service.", "loc": ["services", "xinetd", "services", "*", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xinetd.services.*.flags": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "", "loc": ["services", "xinetd", "services", "*", "flags"], "readOnly": false, "type": "string"}, "services.xinetd.services.*.name": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "description": "Name of the service.", "example": {"_type": "literalExpression", "text": "\"login\""}, "loc": ["services", "xinetd", "services", "*", "name"], "readOnly": false, "type": "string"}, "services.xinetd.services.*.port": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Port number of the service.", "example": {"_type": "literalExpression", "text": "123"}, "loc": ["services", "xinetd", "services", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xinetd.services.*.protocol": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "Protocol of the service.  Usually `tcp` or `udp`.", "loc": ["services", "xinetd", "services", "*", "protocol"], "readOnly": false, "type": "string"}, "services.xinetd.services.*.server": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "description": "Path of the program that implements the service.", "example": {"_type": "literalExpression", "text": "\"/foo/bin/ftpd\""}, "loc": ["services", "xinetd", "services", "*", "server"], "readOnly": false, "type": "string"}, "services.xinetd.services.*.serverArgs": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command-line arguments for the server program.", "loc": ["services", "xinetd", "services", "*", "serverArgs"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.xinetd.services.*.unlisted": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this server is listed in\n{file}`/etc/services`.  If so, the port\nnumber can be omitted.\n", "loc": ["services", "xinetd", "services", "*", "unlisted"], "readOnly": false, "type": "boolean"}, "services.xinetd.services.*.user": {"declarations": ["nixos/modules/services/networking/xinetd.nix"], "default": {"_type": "literalExpression", "text": "\"nobody\""}, "description": "User account for the service", "loc": ["services", "xinetd", "services", "*", "user"], "readOnly": false, "type": "string"}, "services.xl2tpd.clientIpRange": {"declarations": ["nixos/modules/services/networking/xl2tpd.nix"], "default": {"_type": "literalExpression", "text": "\"10.125.125.2-11\""}, "description": "The range from which client IPs are drawn.", "loc": ["services", "xl2tpd", "clientIpRange"], "readOnly": false, "type": "string"}, "services.xl2tpd.enable": {"declarations": ["nixos/modules/services/networking/xl2tpd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xl2tpd, the Layer 2 Tunnelling Protocol Daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xl2tpd", "enable"], "readOnly": false, "type": "boolean"}, "services.xl2tpd.extraPppdOptions": {"declarations": ["nixos/modules/services/networking/xl2tpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Adds extra lines to the pppd options file.", "example": {"_type": "literalExpression", "text": "''\n  ms-dns 8.8.8.8\n  ms-dns 8.8.4.4\n''"}, "loc": ["services", "xl2tpd", "extraPppdOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xl2tpd.extraXl2tpOptions": {"declarations": ["nixos/modules/services/networking/xl2tpd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Adds extra lines to the xl2tpd configuration file.", "loc": ["services", "xl2tpd", "extraXl2tpOptions"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xl2tpd.serverIp": {"declarations": ["nixos/modules/services/networking/xl2tpd.nix"], "default": {"_type": "literalExpression", "text": "\"10.125.125.1\""}, "description": "The server-side IP address.", "loc": ["services", "xl2tpd", "serverIp"], "readOnly": false, "type": "string"}, "services.xmrig.enable": {"declarations": ["nixos/modules/services/misc/xmrig.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable XMRig Mining Software.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xmrig", "enable"], "readOnly": false, "type": "boolean"}, "services.xmrig.package": {"declarations": ["nixos/modules/services/misc/xmrig.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xmrig"}, "description": "The xmrig package to use.", "example": {"_type": "literalExpression", "text": "xmrig-mo"}, "loc": ["services", "xmrig", "package"], "readOnly": false, "type": "package"}, "services.xmrig.settings": {"declarations": ["nixos/modules/services/misc/xmrig.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "XMRig configuration. Refer to\n<https://xmrig.com/docs/miner/config>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  autosave = true;\n  cpu = true;\n  opencl = false;\n  cuda = false;\n  pools = [\n    {\n      url = \"pool.supportxmr.com:443\";\n      user = \"your-wallet\";\n      keepalive = true;\n      tls = true;\n    }\n  ]\n}\n"}, "loc": ["services", "xmrig", "settings"], "readOnly": false, "type": "JSON value"}, "services.xonotic.appendConfig": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Literal text to insert at the end of `server.cfg`.\n", "loc": ["services", "xonotic", "appendConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.xonotic.dataDir": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/xonotic\""}, "description": "Data directory.\n", "loc": ["services", "xonotic", "dataDir"], "readOnly": true, "type": "absolute path"}, "services.xonotic.enable": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xonotic dedicated server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xonotic", "enable"], "readOnly": false, "type": "boolean"}, "services.xonotic.openFirewall": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the firewall for TCP and UDP on the specified port.\n", "loc": ["services", "xonotic", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.xonotic.package": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xonotic-dedicated"}, "description": "The xonotic-dedicated package to use.", "loc": ["services", "xonotic", "package"], "readOnly": false, "type": "package"}, "services.xonotic.prependConfig": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Literal text to insert at the start of `server.cfg`.\n", "loc": ["services", "xonotic", "prependConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "services.xonotic.settings": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Generates the `server.cfg` file. Refer to [upstream's example][0] for\ndetails.\n\n[0]: https://gitlab.com/xonotic/xonotic/-/blob/master/server/server.cfg\n", "loc": ["services", "xonotic", "settings"], "readOnly": false, "type": "open submodule of attribute set of ((optionally newline-terminated) single-line string or signed integer or floating point number or non-empty (list of ((optionally newline-terminated) single-line string or signed integer or floating point number)))"}, "services.xonotic.settings.hostname": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "\"Xonotic $g_xonoticversion Server\""}, "description": "The name that will appear in the server list. `$g_xonoticversion`\ngets replaced with the current version.\n", "loc": ["services", "xonotic", "settings", "hostname"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.xonotic.settings.maxplayers": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Number of player slots on the server, including spectators.\n", "loc": ["services", "xonotic", "settings", "maxplayers"], "readOnly": false, "type": "signed integer"}, "services.xonotic.settings.net_address": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The address Xonotic will listen on.\n", "loc": ["services", "xonotic", "settings", "net_address"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.xonotic.settings.port": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "26000"}, "description": "The port Xonotic will listen on.\n", "loc": ["services", "xonotic", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xonotic.settings.sv_motd": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Text displayed when players join the server.\n", "loc": ["services", "xonotic", "settings", "sv_motd"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.xonotic.settings.sv_public": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Controls whether the server will be publicly listed.\n", "example": {"_type": "literalExpression", "text": "[\n  -1\n  1\n]"}, "loc": ["services", "xonotic", "settings", "sv_public"], "readOnly": false, "type": "signed integer"}, "services.xonotic.settings.sv_termsofservice_url": {"declarations": ["nixos/modules/services/games/xonotic.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "URL for the Terms of Service for playing on your server.\n", "loc": ["services", "xonotic", "settings", "sv_termsofservice_url"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.xray.enable": {"declarations": ["nixos/modules/services/networking/xray.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run xray server.\n\nEither `settingsFile` or `settings` must be specified.\n", "loc": ["services", "xray", "enable"], "readOnly": false, "type": "boolean"}, "services.xray.package": {"declarations": ["nixos/modules/services/networking/xray.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xray"}, "description": "The xray package to use.", "loc": ["services", "xray", "package"], "readOnly": false, "type": "package"}, "services.xray.settings": {"declarations": ["nixos/modules/services/networking/xray.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The configuration object.\n\nEither `settingsFile` or `settings` must be specified.\n\nSee <https://www.v2fly.org/en_US/config/overview.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  inbounds = [\n    {\n      listen = \"127.0.0.1\";\n      port = 1080;\n      protocol = \"http\";\n    }\n  ];\n  outbounds = [\n    {\n      protocol = \"freedom\";\n    }\n  ];\n}"}, "loc": ["services", "xray", "settings"], "readOnly": false, "type": "null or (attribute set of unspecified value)"}, "services.xray.settingsFile": {"declarations": ["nixos/modules/services/networking/xray.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The absolute path to the configuration file.\n\nEither `settingsFile` or `settings` must be specified.\n\nSee <https://www.v2fly.org/en_US/config/overview.html>.\n", "example": {"_type": "literalExpression", "text": "\"/etc/xray/config.json\""}, "loc": ["services", "xray", "settingsFile"], "readOnly": false, "type": "null or absolute path"}, "services.xrdp.audio.enable": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable audio support for xrdp sessions. So far it only works with PulseAudio sessions on the server side. No PipeWire support yet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xrdp", "audio", "enable"], "readOnly": false, "type": "boolean"}, "services.xrdp.audio.package": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.pulseaudio-module-xrdp"}, "description": "The pulseaudio-module-xrdp package to use.", "loc": ["services", "xrdp", "audio", "package"], "readOnly": false, "type": "package"}, "services.xrdp.defaultWindowManager": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "\"xterm\""}, "description": "The script to run when user log in, usually a window manager, e.g. \"icewm\", \"xfce4-session\"\nThis is per-user overridable, if file ~/startwm.sh exists it will be used instead.\n", "example": {"_type": "literalExpression", "text": "\"xfce4-session\""}, "loc": ["services", "xrdp", "defaultWindowManager"], "readOnly": false, "type": "string"}, "services.xrdp.enable": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xrdp, the Remote Desktop Protocol server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xrdp", "enable"], "readOnly": false, "type": "boolean"}, "services.xrdp.extraConfDirCommands": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra commands to run on the default confDir derivation.\n", "example": {"_type": "literalExpression", "text": "''\n  substituteInPlace $out/sesman.ini \\\n    --replace-fail LogLevel=INFO LogLevel=DEBUG \\\n    --replace-fail LogFile=/dev/null LogFile=/var/log/xrdp.log\n''"}, "loc": ["services", "xrdp", "extraConfDirCommands"], "readOnly": false, "type": "string"}, "services.xrdp.openFirewall": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified RDP port.", "loc": ["services", "xrdp", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.xrdp.package": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xrdp"}, "description": "The xrdp package to use.", "loc": ["services", "xrdp", "package"], "readOnly": false, "type": "package"}, "services.xrdp.port": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "3389"}, "description": "Specifies on which port the xrdp daemon listens.\n", "loc": ["services", "xrdp", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xrdp.sslCert": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/xrdp/cert.pem\""}, "description": "ssl certificate path\nA self-signed certificate will be generated if file not exists.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/cert.pem\""}, "loc": ["services", "xrdp", "sslCert"], "readOnly": false, "type": "string"}, "services.xrdp.sslKey": {"declarations": ["nixos/modules/services/networking/xrdp.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/xrdp/key.pem\""}, "description": "ssl private key path\nA self-signed certificate will be generated if file not exists.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/your/key.pem\""}, "loc": ["services", "xrdp", "sslKey"], "readOnly": false, "type": "string"}, "services.xscreensaver.enable": {"declarations": ["nixos/modules/services/x11/xscreensaver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xscreensaver user service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xscreensaver", "enable"], "readOnly": false, "type": "boolean"}, "services.xscreensaver.hooks": {"declarations": ["nixos/modules/services/x11/xscreensaver.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attrset of events and commands to run upon each event.\nRefer to <https://www.jwz.org/xscreensaver/man3.html> for supported events.\n", "example": {"_type": "literalExpression", "text": "# Reconfigure autorandr on screen wake up\n{\n  \"RUN\" = \"${lib.getExe pkgs.autorandr} --change --ignore-lid\";\n};\n"}, "loc": ["services", "xscreensaver", "hooks"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "services.xscreensaver.package": {"declarations": ["nixos/modules/services/x11/xscreensaver.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xscreensaver"}, "description": "The xscreensaver package to use.", "loc": ["services", "xscreensaver", "package"], "readOnly": false, "type": "package"}, "services.xserver.cmt.enable": {"declarations": ["nixos/modules/services/x11/hardware/cmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable chrome multitouch input (cmt). Touchpad drivers that are configured for chromebooks.", "loc": ["services", "xserver", "cmt", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.cmt.models": {"declarations": ["nixos/modules/services/x11/hardware/cmt.nix"], "description": "Which models to enable cmt for. Enter the Code Name for your Chromebook.\nCode Name can be found at <https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices>.\n", "example": {"_type": "literalExpression", "text": "\"banjo\""}, "loc": ["services", "xserver", "cmt", "models"], "readOnly": false, "type": "one of \"atlas\", \"banjo\", \"candy\", \"caroline\", \"cave\", \"celes\", \"clapper\", \"cyan\", \"daisy\", \"elan\", \"elm\", \"enguarde\", \"eve\", \"expresso\", \"falco\", \"gandof\", \"glimmer\", \"gnawty\", \"heli\", \"kevin\", \"kip\", \"leon\", \"lulu\", \"orco\", \"pbody\", \"peppy\", \"pi\", \"pit\", \"puppy\", \"quawks\", \"rambi\", \"samus\", \"snappy\", \"spring\", \"squawks\", \"swanky\", \"winky\", \"wolf\", \"auron_paine\", \"auron_yuna\", \"daisy_skate\", \"nyan_big\", \"nyan_blaze\", \"veyron_jaq\", \"veyron_jerry\", \"veyron_mighty\", \"veyron_minnie\", \"veyron_speedy\""}, "services.xserver.desktopManager.cde.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/cde.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Common Desktop Environment.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "cde", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.cde.extraPackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/cde.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [\n  xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud\n]\n"}, "description": "Extra packages to be installed system wide.\n", "loc": ["services", "xserver", "desktopManager", "cde", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.xserver.desktopManager.cinnamon.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the cinnamon desktop manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "cinnamon", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.cinnamon.extraGSettingsOverridePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages for which gsettings are overridden.", "loc": ["services", "xserver", "desktopManager", "cinnamon", "extraGSettingsOverridePackages"], "readOnly": false, "type": "list of absolute path"}, "services.xserver.desktopManager.cinnamon.extraGSettingsOverrides": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional gsettings overrides.", "loc": ["services", "xserver", "desktopManager", "cinnamon", "extraGSettingsOverrides"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.desktopManager.cinnamon.sessionPath": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional list of packages to be added to the session search path.\nUseful for GSettings-conditional autostart.\n\nNote that this should be a last resort; patching the package is preferred (see GPaste).\n", "example": {"_type": "literalExpression", "text": "[ pkgs.gpaste ]"}, "loc": ["services", "xserver", "desktopManager", "cinnamon", "sessionPath"], "readOnly": false, "type": "list of package"}, "services.xserver.desktopManager.enlightenment.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/enlightenment.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Enlightenment desktop environment.", "loc": ["services", "xserver", "desktopManager", "enlightenment", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.kodi.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/kodi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the kodi multimedia center.", "loc": ["services", "xserver", "desktopManager", "kodi", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.kodi.package": {"declarations": ["nixos/modules/services/x11/desktop-managers/kodi.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kodi"}, "description": "The kodi package to use.", "example": {"_type": "literalExpression", "text": "kodi.withPackages (p: with p; [ jellyfin pvr-iptvsimple vfs-sftp ])"}, "loc": ["services", "xserver", "desktopManager", "kodi", "package"], "readOnly": false, "type": "package"}, "services.xserver.desktopManager.lumina.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/lumina.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Lumina desktop manager", "loc": ["services", "xserver", "desktopManager", "lumina", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.lxqt.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/lxqt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the LXQt desktop manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "lxqt", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.lxqt.extraPackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/lxqt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to be installed system wide.", "example": {"_type": "literalExpression", "text": "with pkgs; [ xscreensaver ]"}, "loc": ["services", "xserver", "desktopManager", "lxqt", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.xserver.desktopManager.lxqt.iconThemePackage": {"declarations": ["nixos/modules/services/x11/desktop-managers/lxqt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kdePackages.breeze-icons"}, "description": "The package that provides a default icon theme.", "loc": ["services", "xserver", "desktopManager", "lxqt", "iconThemePackage"], "readOnly": false, "type": "package"}, "services.xserver.desktopManager.mate.debug": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mate-session debug messages.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "mate", "debug"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.mate.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the MATE desktop environment", "loc": ["services", "xserver", "desktopManager", "mate", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.mate.enableWaylandSession": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MATE Wayland session.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "mate", "enableWaylandSession"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.mate.extraCajaExtensions": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra extensions to add to caja.", "example": {"_type": "literalExpression", "text": "with pkgs; [ caja-extensions ]"}, "loc": ["services", "xserver", "desktopManager", "mate", "extraCajaExtensions"], "readOnly": false, "type": "list of package"}, "services.xserver.desktopManager.mate.extraPanelApplets": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra applets to add to mate-panel.", "example": {"_type": "literalExpression", "text": "with pkgs; [ mate-applets ]"}, "loc": ["services", "xserver", "desktopManager", "mate", "extraPanelApplets"], "readOnly": false, "type": "list of package"}, "services.xserver.desktopManager.phosh.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/phosh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Phone Shell.", "loc": ["services", "xserver", "desktopManager", "phosh", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.phosh.group": {"declarations": ["nixos/modules/services/x11/desktop-managers/phosh.nix"], "description": "The group to run the Phosh service.", "example": {"_type": "literalExpression", "text": "\"users\""}, "loc": ["services", "xserver", "desktopManager", "phosh", "group"], "readOnly": false, "type": "string"}, "services.xserver.desktopManager.phosh.package": {"declarations": ["nixos/modules/services/x11/desktop-managers/phosh.nix"], "default": {"_type": "literalExpression", "text": "pkgs.phosh"}, "description": "The phosh package to use.", "loc": ["services", "xserver", "desktopManager", "phosh", "package"], "readOnly": false, "type": "package"}, "services.xserver.desktopManager.phosh.phocConfig": {"declarations": ["nixos/modules/services/x11/desktop-managers/phosh.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configurations for the Phoc compositor.\n", "loc": ["services", "xserver", "desktopManager", "phosh", "phocConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\" or absolute path or (submodule)"}, "services.xserver.desktopManager.phosh.user": {"declarations": ["nixos/modules/services/x11/desktop-managers/phosh.nix"], "description": "The user to run the Phosh service.", "example": {"_type": "literalExpression", "text": "\"alice\""}, "loc": ["services", "xserver", "desktopManager", "phosh", "user"], "readOnly": false, "type": "string"}, "services.xserver.desktopManager.retroarch.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/retroarch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable RetroArch.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "retroarch", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.retroarch.extraArgs": {"declarations": ["nixos/modules/services/x11/desktop-managers/retroarch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to RetroArch.", "example": {"_type": "literalExpression", "text": "[\n  \"--verbose\"\n  \"--host\"\n]"}, "loc": ["services", "xserver", "desktopManager", "retroarch", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.xserver.desktopManager.retroarch.package": {"declarations": ["nixos/modules/services/x11/desktop-managers/retroarch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.retroarch"}, "description": "The retroarch package to use.", "example": {"_type": "literalExpression", "text": "retroarch-full"}, "loc": ["services", "xserver", "desktopManager", "retroarch", "package"], "readOnly": false, "type": "package"}, "services.xserver.desktopManager.runXdgAutostartIfNone": {"declarations": ["nixos/modules/services/x11/desktop-managers/none.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run XDG autostart files for sessions without a desktop manager\n(with only a window manager), these sessions usually don't handle XDG\nautostart files by default.\n\nSome services like {option}`i18n.inputMethod` and\n{option}`service.earlyoom` use XDG autostart files to start.\nIf this option is not set to `true` and you are using\na window manager without a desktop manager, you need to manually start\nthem or running `dex` somewhere.\n", "loc": ["services", "xserver", "desktopManager", "runXdgAutostartIfNone"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.surf-display.defaultWwwUri": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.surf-display}/share/surf-display/empty-page.html\""}, "description": "Default URI to display.", "example": {"_type": "literalExpression", "text": "\"https://www.example.com/\""}, "loc": ["services", "xserver", "desktopManager", "surf-display", "defaultWwwUri"], "readOnly": false, "type": "string"}, "services.xserver.desktopManager.surf-display.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable surf-display as a kiosk browser session.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "surf-display", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.surf-display.extraConfig": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options to append to `/etc/default/surf-display`.\n", "example": {"_type": "literalExpression", "text": "''\n  # Enforce fixed resolution for all displays (default: not set):\n  DEFAULT_RESOLUTION=\"1920x1080\"\n  \n  # HTTP proxy URL, if needed (default: not set).\n  HTTP_PROXY_URL=\"http://webcache:3128\"\n  \n  # Configure individual display screens with host specific parameters:\n  DISPLAYS['display-host-0']=\"www_uri=https://www.displayserver.comany.net/display-1/index.html\"\n  DISPLAYS['display-host-1']=\"www_uri=https://www.displayserver.comany.net/display-2/index.html\"\n  DISPLAYS['display-host-2']=\"www_uri=https://www.displayserver.comany.net/display-3/index.html|res=1920x1280\"\n  DISPLAYS['display-host-3']=\"www_uri=https://www.displayserver.comany.net/display-4/index.html\"|res=1280x1024\"\n  DISPLAYS['display-host-local-file']=\"www_uri=file:///usr/share/doc/surf-display/empty-page.html\"\n''"}, "loc": ["services", "xserver", "desktopManager", "surf-display", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.desktopManager.surf-display.hideIdlePointer": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "\"yes\""}, "description": "Hide idle mouse pointer.", "example": {"_type": "literalExpression", "text": "\"no\""}, "loc": ["services", "xserver", "desktopManager", "surf-display", "hideIdlePointer"], "readOnly": false, "type": "string"}, "services.xserver.desktopManager.surf-display.inactivityInterval": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Setting for internal inactivity timer to restart surf-display if the\nuser goes inactive/idle to get a fresh session for the next user of\nthe kiosk.\n\nIf this value is set to zero, the whole feature of restarting due to\ninactivity is disabled.\n", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["services", "xserver", "desktopManager", "surf-display", "inactivityInterval"], "readOnly": false, "type": "signed integer"}, "services.xserver.desktopManager.surf-display.pointerButtonMap": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "\"1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0\""}, "description": "Disable right and middle pointer device click in browser sessions\nwhile keeping scrolling wheels' functionality intact. See pointer\nsubcommand on `man xmodmap` for details.\n", "loc": ["services", "xserver", "desktopManager", "surf-display", "pointerButtonMap"], "readOnly": false, "type": "string"}, "services.xserver.desktopManager.surf-display.screensaverSettings": {"declarations": ["nixos/modules/services/x11/desktop-managers/surf-display.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Screensaver settings, see `man 1 xset` for possible options.\n", "loc": ["services", "xserver", "desktopManager", "surf-display", "screensaverSettings"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.xserver.desktopManager.wallpaper.combineScreens": {"declarations": ["nixos/modules/services/x11/desktop-managers/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When set to `true` the wallpaper will stretch across all screens.\nWhen set to `false` the wallpaper is duplicated to all screens.\n", "loc": ["services", "xserver", "desktopManager", "wallpaper", "combineScreens"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.wallpaper.mode": {"declarations": ["nixos/modules/services/x11/desktop-managers/default.nix"], "default": {"_type": "literalExpression", "text": "\"scale\""}, "description": "The file {file}`~/.background-image` is used as a background image.\nThis option specifies the placement of this image onto your desktop.\n\nPossible values:\n`center`: Center the image on the background. If it is too small, it will be surrounded by a black border.\n`fill`: Like `scale`, but preserves aspect ratio by zooming the image until it fits. Either a horizontal or a vertical part of the image will be cut off.\n`max`: Like `fill`, but scale the image to the maximum size that fits the screen with black borders on one side.\n`scale`: Fit the file into the background without repeating it, cutting off stuff or using borders. But the aspect ratio is not preserved either.\n`tile`: Tile (repeat) the image in case it is too small for the screen.\n", "example": {"_type": "literalExpression", "text": "\"fill\""}, "loc": ["services", "xserver", "desktopManager", "wallpaper", "mode"], "readOnly": false, "type": "one of \"center\", \"fill\", \"max\", \"scale\", \"tile\""}, "services.xserver.desktopManager.xfce.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the Xfce desktop environment.", "loc": ["services", "xserver", "desktopManager", "xfce", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.xfce.enableScreensaver": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the XFCE screensaver.", "loc": ["services", "xserver", "desktopManager", "xfce", "enableScreensaver"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.xfce.enableWaylandSession": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the experimental Xfce Wayland session.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "desktopManager", "xfce", "enableWaylandSession"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.xfce.enableXfwm": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the XFWM (default) window manager.", "loc": ["services", "xserver", "desktopManager", "xfce", "enableXfwm"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.xfce.noDesktop": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Don't install XFCE desktop components (xfdesktop and panel).", "loc": ["services", "xserver", "desktopManager", "xfce", "noDesktop"], "readOnly": false, "type": "boolean"}, "services.xserver.desktopManager.xfce.waylandSessionCompositor": {"declarations": ["nixos/modules/services/x11/desktop-managers/xfce.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Command line to run a Wayland compositor, defaults to `labwc --startup`\nif not specified. Note that `xfce4-session` will be passed to it as an\nargument, see `startxfce4 --help` for details.\n\nSome compositors do not have an option equivalent to labwc's `--startup`\nand you might have to add xfce4-session somewhere in their configurations.\n", "example": {"_type": "literalExpression", "text": "\"wayfire\""}, "loc": ["services", "xserver", "desktopManager", "xfce", "waylandSessionCompositor"], "readOnly": false, "type": "string"}, "services.xserver.desktopManager.xterm.enable": {"declarations": ["nixos/modules/services/x11/desktop-managers/xterm.nix"], "default": {"_type": "literalExpression", "text": "versionOlder config.system.stateVersion \"19.09\" && config.services.xserver.enable;"}, "description": "Enable a xterm terminal as a desktop manager.", "loc": ["services", "xserver", "desktopManager", "xterm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.digimend.enable": {"declarations": ["nixos/modules/services/x11/hardware/digimend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the digimend drivers for Huion/XP-Pen/etc. tablets.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "digimend", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.autoLogin.timeout": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Show the greeter for this many seconds before automatic login occurs.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "autoLogin", "timeout"], "readOnly": false, "type": "signed integer"}, "services.xserver.displayManager.lightdm.background": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath"}, "description": "The background image or color to use.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "background"], "readOnly": false, "type": "absolute path or string matching the pattern ^#[0-9A-Fa-f]{6}$"}, "services.xserver.displayManager.lightdm.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lightdm as the display manager.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.extraConfig": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to append to LightDM section.", "example": {"_type": "literalExpression", "text": "''\n  user-authority-in-system-dir = true\n''"}, "loc": ["services", "xserver", "displayManager", "lightdm", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.extraSeatDefaults": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to append to SeatDefaults section.", "example": {"_type": "literalExpression", "text": "''\n  greeter-show-manual-login=true\n''"}, "loc": ["services", "xserver", "displayManager", "lightdm", "extraSeatDefaults"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.greeter.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, run lightdm in greeterless mode. This only works if autologin\nis enabled and autoLogin.timeout is zero.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeter", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeter.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "description": "The name of a .desktop file in the directory specified\nin the 'package' option.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeter", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeter.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm.nix"], "description": "The LightDM greeter to login via. The package should be a directory\ncontaining a .desktop file matching the name in the 'name' option.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeter", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.enso.blur": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable blur\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "blur"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.enso.brightness": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "7"}, "description": "Brightness\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "brightness"], "readOnly": false, "type": "signed integer"}, "services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "\"capitane-cursors\""}, "description": "Name of the cursor theme to use for the lightdm-enso-os-greeter\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "cursorTheme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "pkgs.capitaine-cursors"}, "description": "The capitaine-cursors package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "cursorTheme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.enso.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable enso-os-greeter as the lightdm greeter\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.enso.extraConfig": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration that should be put in the greeter.conf\nconfiguration file\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "\"ePapirus\""}, "description": "Name of the icon theme to use for the lightdm-enso-os-greeter\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "iconTheme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.enso.iconTheme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "pkgs.papirus-icon-theme"}, "description": "The papirus-icon-theme package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "iconTheme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.enso.theme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the theme to use for the lightdm-enso-os-greeter\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "theme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.enso.theme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnome-themes-extra"}, "description": "The gnome-themes-extra package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "enso", "theme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.gtk.clock-format": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Clock format string (as expected by strftime, e.g. \"%H:%M\")\nto use with the lightdm gtk greeter panel.\n\nIf set to null the default clock format is used.\n", "example": {"_type": "literalExpression", "text": "\"%F\""}, "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "clock-format"], "readOnly": false, "type": "null or string"}, "services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the cursor theme to use for the lightdm-gtk-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "cursorTheme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adwaita-icon-theme"}, "description": "The adwaita-icon-theme package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "cursorTheme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.size": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": "Size of the cursor theme to use for the lightdm-gtk-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "cursorTheme", "size"], "readOnly": false, "type": "signed integer"}, "services.xserver.displayManager.lightdm.greeters.gtk.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable lightdm-gtk-greeter as the lightdm greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.gtk.extraConfig": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration that should be put in the lightdm-gtk-greeter.conf\nconfiguration file.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the icon theme to use for the lightdm-gtk-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "iconTheme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adwaita-icon-theme"}, "description": "The adwaita-icon-theme package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "iconTheme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.gtk.indicators": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of allowed indicator modules to use for the lightdm gtk\ngreeter panel.\n\nBuilt-in indicators include \"~a11y\", \"~language\", \"~session\",\n\"~power\", \"~clock\", \"~host\", \"~spacer\". Unity indicators can be\nrepresented by short name (e.g. \"sound\", \"power\"), service file name,\nor absolute path.\n\nIf set to null the default indicators are used.\n", "example": {"_type": "literalExpression", "text": "[\n  \"~host\"\n  \"~spacer\"\n  \"~clock\"\n  \"~spacer\"\n  \"~session\"\n  \"~language\"\n  \"~a11y\"\n  \"~power\"\n]"}, "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "indicators"], "readOnly": false, "type": "null or (list of string)"}, "services.xserver.displayManager.lightdm.greeters.gtk.theme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the theme to use for the lightdm-gtk-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "theme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.gtk.theme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnome-themes-extra"}, "description": "The gnome-themes-extra package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "gtk", "theme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.lomiri.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/lomiri.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lomiri's greeter as the lightdm greeter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "lomiri", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.mini.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lightdm-mini-greeter as the lightdm greeter.\n\nNote that this greeter starts only the default X session.\nYou can configure the default X session using\n[](#opt-services.displayManager.defaultSession).\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "mini", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.mini.extraConfig": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration that should be put in the lightdm-mini-greeter.conf\nconfiguration file.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "mini", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.greeters.mini.user": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The user to login as.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "mini", "user"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.mobile.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/mobile.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lightdm-mobile-greeter as the lightdm greeter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "mobile", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.pantheon.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable elementary-greeter as the lightdm greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "pantheon", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the cursor theme to use for the lightdm-slick-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "cursorTheme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adwaita-icon-theme"}, "description": "The adwaita-icon-theme package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "cursorTheme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.size": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "24"}, "description": "Size of the cursor theme to use for the lightdm-slick-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "cursorTheme", "size"], "readOnly": false, "type": "signed integer"}, "services.xserver.displayManager.lightdm.greeters.slick.draw-user-backgrounds": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable draw user backgrounds.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "draw-user-backgrounds"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.slick.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lightdm-slick-greeter as the lightdm greeter.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.slick.extraConfig": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration that should be put in the lightdm-slick-greeter.conf\nconfiguration file.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.greeters.slick.font.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "\"Ubuntu 11\""}, "description": "Name of the font to use.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "font", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.slick.font.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ubuntu-classic"}, "description": "The ubuntu-classic package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "font", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.slick.iconTheme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the icon theme to use for the lightdm-slick-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "iconTheme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.slick.iconTheme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "pkgs.adwaita-icon-theme"}, "description": "The adwaita-icon-theme package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "iconTheme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.slick.theme.name": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "\"Adwaita\""}, "description": "Name of the theme to use for the lightdm-slick-greeter.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "theme", "name"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.slick.theme.package": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gnome-themes-extra"}, "description": "The gnome-themes-extra package to use.", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "slick", "theme", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.lightdm.greeters.tiny.enable": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lightdm-tiny-greeter as the lightdm greeter.\n\nNote that this greeter starts only the default X session.\nYou can configure the default X session using\n[](#opt-services.displayManager.defaultSession).\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "tiny", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.lightdm.greeters.tiny.extraConfig": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Section to describe style and ui.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "tiny", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.lightdm.greeters.tiny.label.pass": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix"], "default": {"_type": "literalExpression", "text": "\"Password\""}, "description": "The string to represent the pass_text label.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "tiny", "label", "pass"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.lightdm.greeters.tiny.label.user": {"declarations": ["nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix"], "default": {"_type": "literalExpression", "text": "\"Username\""}, "description": "The string to represent the user_text label.\n", "loc": ["services", "xserver", "displayManager", "lightdm", "greeters", "tiny", "label", "user"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.session": {"declarations": ["nixos/modules/services/x11/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of sessions supported with the command used to start each\nsession.  Each session script can set the\n{var}`waitPID` shell variable to make this script\nwait until the end of the user session.  Each script is used\nto define either a window manager or a desktop manager.  These\ncan be differentiated by setting the attribute\n{var}`manage` either to `\"window\"`\nor `\"desktop\"`.\n\nThe list of desktop manager and window manager should appear\ninside the display manager with the desktop manager name\nfollowed by the window manager name.\n", "example": {"_type": "literalExpression", "text": "[ { manage = \"desktop\";\n    name = \"xterm\";\n    start = ''\n      ${pkgs.xterm}/bin/xterm -ls &\n      waitPID=$!\n    '';\n  }\n]\n"}, "loc": ["services", "xserver", "displayManager", "session"], "readOnly": false, "type": "list of (attribute set)"}, "services.xserver.displayManager.sessionCommands": {"declarations": ["nixos/modules/services/x11/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just before the window or desktop manager is\nstarted. These commands are not currently sourced for Wayland sessions.\n", "example": {"_type": "literalExpression", "text": "''\n  xmessage \"Hello World!\" &\n''"}, "loc": ["services", "xserver", "displayManager", "sessionCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.setupCommands": {"declarations": ["nixos/modules/services/x11/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just after the X server has started.\n\nThis option is only effective for display managers for which this feature\nis supported; currently these are LightDM, GDM and SDDM.\n", "loc": ["services", "xserver", "displayManager", "setupCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.startx.enable": {"declarations": ["nixos/modules/services/x11/display-managers/startx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the dummy \"startx\" pseudo-display manager, which\nallows users to start X manually via the `startx` command from a\nvirtual terminal.\n\n::: {.note}\nThe X server will run under the current user, not as root.\n:::\n", "loc": ["services", "xserver", "displayManager", "startx", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.startx.extraCommands": {"declarations": ["nixos/modules/services/x11/display-managers/startx.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands to be added to the system-wide xinitrc script.\n", "loc": ["services", "xserver", "displayManager", "startx", "extraCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.displayManager.startx.generateScript": {"declarations": ["nixos/modules/services/x11/display-managers/startx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate the system-wide xinitrc script (/etc/X11/xinit/xinitrc).\nThis script will take care of setting up the session for systemd user\nservices, running the window manager and cleaning up on exit.\n\n::: {.note}\nThis script will only be used by `startx` when both `.xinitrc` does not\nexists and the `XINITRC` environment variable is unset.\n:::\n", "loc": ["services", "xserver", "displayManager", "startx", "generateScript"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.sx.addAsSession": {"declarations": ["nixos/modules/services/x11/display-managers/sx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add sx as a display manager session. Keep in mind that sx\nexpects to be run from a TTY, so it may not work in your display\nmanager.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "sx", "addAsSession"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.sx.enable": {"declarations": ["nixos/modules/services/x11/display-managers/sx.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the \"sx\" pseudo-display manager, which allows users\nto start manually via the \"sx\" command from a vt shell. The X server\nruns under the user's id, not as root. The user must provide a\n~/.config/sx/sxrc file containing session startup commands, see\n{manpage}`sx(1)`. This is not automatically generated from the desktopManager\nand windowManager settings. sx doesn't have a way to directly set\nX server flags, but it can be done by overriding its xorg-server\ndependency.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "sx", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.sx.package": {"declarations": ["nixos/modules/services/x11/display-managers/sx.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sx"}, "description": "The sx package to use.", "loc": ["services", "xserver", "displayManager", "sx", "package"], "readOnly": false, "type": "package"}, "services.xserver.displayManager.xpra.auth": {"declarations": ["nixos/modules/services/x11/display-managers/xpra.nix"], "default": {"_type": "literalExpression", "text": "\"pam\""}, "description": "Authentication to use when connecting to xpra", "example": {"_type": "literalExpression", "text": "\"password:value=mysecret\""}, "loc": ["services", "xserver", "displayManager", "xpra", "auth"], "readOnly": false, "type": "string"}, "services.xserver.displayManager.xpra.bindTcp": {"declarations": ["nixos/modules/services/x11/display-managers/xpra.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:10000\""}, "description": "Bind xpra to TCP", "example": {"_type": "literalExpression", "text": "\"0.0.0.0:10000\""}, "loc": ["services", "xserver", "displayManager", "xpra", "bindTcp"], "readOnly": false, "type": "null or string"}, "services.xserver.displayManager.xpra.desktop": {"declarations": ["nixos/modules/services/x11/display-managers/xpra.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Start a desktop environment instead of seamless mode", "example": {"_type": "literalExpression", "text": "\"gnome-shell\""}, "loc": ["services", "xserver", "displayManager", "xpra", "desktop"], "readOnly": false, "type": "null or string"}, "services.xserver.displayManager.xpra.enable": {"declarations": ["nixos/modules/services/x11/display-managers/xpra.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xpra as display manager.", "loc": ["services", "xserver", "displayManager", "xpra", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.xpra.extraOptions": {"declarations": ["nixos/modules/services/x11/display-managers/xpra.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra xpra options", "loc": ["services", "xserver", "displayManager", "xpra", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.xserver.displayManager.xpra.pulseaudio": {"declarations": ["nixos/modules/services/x11/display-managers/xpra.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pulseaudio audio streaming.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "displayManager", "xpra", "pulseaudio"], "readOnly": false, "type": "boolean"}, "services.xserver.displayManager.xserverArgs": {"declarations": ["nixos/modules/services/x11/display-managers/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of arguments for the X server.", "example": {"_type": "literalExpression", "text": "[\n  \"-ac\"\n  \"-logverbose\"\n  \"-verbose\"\n  \"-nolisten tcp\"\n]"}, "loc": ["services", "xserver", "displayManager", "xserverArgs"], "readOnly": false, "type": "list of string"}, "services.xserver.displayManager.xserverBin": {"declarations": ["nixos/modules/services/x11/display-managers/default.nix"], "description": "Path to the X server used by display managers.", "loc": ["services", "xserver", "displayManager", "xserverBin"], "readOnly": false, "type": "absolute path"}, "services.xserver.imwheel.enable": {"declarations": ["nixos/modules/services/x11/imwheel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable IMWheel service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "imwheel", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.imwheel.extraOptions": {"declarations": ["nixos/modules/services/x11/imwheel.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--buttons=45\"\n]"}, "description": "Additional command-line arguments to pass to\n{command}`imwheel`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--debug\"\n]"}, "loc": ["services", "xserver", "imwheel", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.xserver.imwheel.rules": {"declarations": ["nixos/modules/services/x11/imwheel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Window class translation rules.\n/etc/X11/imwheelrc is generated based on this config\nwhich means this config is global for all users.\nSee [official man pages](https://imwheel.sourceforge.net/imwheel.1.html)\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  \".*\" = ''\n    None,      Up,   Button4, 8\n    None,      Down, Button5, 8\n    Shift_L,   Up,   Shift_L|Button4, 4\n    Shift_L,   Down, Shift_L|Button5, 4\n    Control_L, Up,   Control_L|Button4\n    Control_L, Down, Control_L|Button5\n  '';\n}\n"}, "loc": ["services", "xserver", "imwheel", "rules"], "readOnly": false, "type": "attribute set of string"}, "services.xserver.synaptics.accelFactor": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "\"0.001\""}, "description": "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).", "loc": ["services", "xserver", "synaptics", "accelFactor"], "readOnly": false, "type": "null or string"}, "services.xserver.synaptics.additionalOptions": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional options for synaptics touchpad driver.\n", "example": {"_type": "literalExpression", "text": "''\n  Option \"RTCornerButton\" \"2\"\n  Option \"RBCornerButton\" \"3\"\n''"}, "loc": ["services", "xserver", "synaptics", "additionalOptions"], "readOnly": false, "type": "string"}, "services.xserver.synaptics.buttonsMap": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "[\n  1\n  2\n  3\n]"}, "description": "Remap touchpad buttons.", "example": {"_type": "literalExpression", "text": "[\n  1\n  3\n  2\n]"}, "loc": ["services", "xserver", "synaptics", "buttonsMap"], "readOnly": false, "type": "list of signed integer"}, "services.xserver.synaptics.dev": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path for touchpad device.  Set to null to apply to any\nauto-detected touchpad.\n", "example": {"_type": "literalExpression", "text": "\"/dev/input/event0\""}, "loc": ["services", "xserver", "synaptics", "dev"], "readOnly": false, "type": "null or string"}, "services.xserver.synaptics.enable": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable touchpad support. Deprecated: Consider services.libinput.enable.", "loc": ["services", "xserver", "synaptics", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.fingersMap": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "[\n  1\n  2\n  3\n]"}, "description": "Remap several-fingers taps.", "example": {"_type": "literalExpression", "text": "[\n  1\n  3\n  2\n]"}, "loc": ["services", "xserver", "synaptics", "fingersMap"], "readOnly": false, "type": "list of signed integer"}, "services.xserver.synaptics.horizEdgeScroll": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "! config.services.xserver.synaptics.horizTwoFingerScroll"}, "description": "Whether to enable horizontal edge drag-scrolling.", "loc": ["services", "xserver", "synaptics", "horizEdgeScroll"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.horizTwoFingerScroll": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.synaptics.twoFingerScroll"}, "description": "Whether to enable horizontal two-finger drag-scrolling.", "loc": ["services", "xserver", "synaptics", "horizTwoFingerScroll"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.horizontalScroll": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable horizontal scrolling (on touchpad)", "loc": ["services", "xserver", "synaptics", "horizontalScroll"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.maxSpeed": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "\"1.0\""}, "description": "Cursor speed factor for highest-speed finger motion.", "loc": ["services", "xserver", "synaptics", "maxSpeed"], "readOnly": false, "type": "null or string"}, "services.xserver.synaptics.minSpeed": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "\"0.6\""}, "description": "Cursor speed factor for precision finger motion.", "loc": ["services", "xserver", "synaptics", "minSpeed"], "readOnly": false, "type": "null or string"}, "services.xserver.synaptics.palmDetect": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable palm detection (hardware support required)", "loc": ["services", "xserver", "synaptics", "palmDetect"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.palmMinWidth": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Minimum finger width at which touch is considered a palm", "example": {"_type": "literalExpression", "text": "5"}, "loc": ["services", "xserver", "synaptics", "palmMinWidth"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.synaptics.palmMinZ": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Minimum finger pressure at which touch is considered a palm", "example": {"_type": "literalExpression", "text": "20"}, "loc": ["services", "xserver", "synaptics", "palmMinZ"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.synaptics.scrollDelta": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Move distance of the finger for a scroll event.", "example": {"_type": "literalExpression", "text": "75"}, "loc": ["services", "xserver", "synaptics", "scrollDelta"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.synaptics.tapButtons": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable tap buttons.", "loc": ["services", "xserver", "synaptics", "tapButtons"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.twoFingerScroll": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable two-finger drag-scrolling. Overridden by horizTwoFingerScroll and vertTwoFingerScroll.", "loc": ["services", "xserver", "synaptics", "twoFingerScroll"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.vertEdgeScroll": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "! config.services.xserver.synaptics.vertTwoFingerScroll"}, "description": "Whether to enable vertical edge drag-scrolling.", "loc": ["services", "xserver", "synaptics", "vertEdgeScroll"], "readOnly": false, "type": "boolean"}, "services.xserver.synaptics.vertTwoFingerScroll": {"declarations": ["nixos/modules/services/x11/hardware/synaptics.nix"], "default": {"_type": "literalExpression", "text": "config.services.xserver.synaptics.twoFingerScroll"}, "description": "Whether to enable vertical two-finger drag-scrolling.", "loc": ["services", "xserver", "synaptics", "vertTwoFingerScroll"], "readOnly": false, "type": "boolean"}, "services.xserver.wacom.enable": {"declarations": ["nixos/modules/services/x11/hardware/wacom.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Wacom touchscreen/digitizer/tablet.\nIf you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back\nwhich will make Xorg reconfigure the device ?\n\nIf you're not satisfied by the default behaviour you can override\n{option}`environment.etc.\"X11/xorg.conf.d/70-wacom.conf\"` in\nconfiguration.nix easily.\n", "loc": ["services", "xserver", "wacom", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.\"2bwm\".enable": {"declarations": ["nixos/modules/services/x11/window-managers/2bwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable 2bwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "2bwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.afterstep.enable": {"declarations": ["nixos/modules/services/x11/window-managers/afterstep.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable afterstep.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "afterstep", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.awesome.enable": {"declarations": ["nixos/modules/services/x11/window-managers/awesome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Awesome window manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "awesome", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.awesome.luaModules": {"declarations": ["nixos/modules/services/x11/window-managers/awesome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of lua packages available for being used in the Awesome configuration.", "example": {"_type": "literalExpression", "text": "[ pkgs.luaPackages.vicious ]"}, "loc": ["services", "xserver", "windowManager", "awesome", "luaModules"], "readOnly": false, "type": "list of package"}, "services.xserver.windowManager.awesome.noArgb": {"declarations": ["nixos/modules/services/x11/window-managers/awesome.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable client transparency support, which can be greatly detrimental to performance in some setups", "loc": ["services", "xserver", "windowManager", "awesome", "noArgb"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.awesome.package": {"declarations": ["nixos/modules/services/x11/window-managers/awesome.nix"], "default": {"_type": "literalExpression", "text": "pkgs.awesome"}, "description": "The awesome package to use.", "loc": ["services", "xserver", "windowManager", "awesome", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.berry.enable": {"declarations": ["nixos/modules/services/x11/window-managers/berry.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable berry.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "berry", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.bspwm.configFile": {"declarations": ["nixos/modules/services/x11/window-managers/bspwm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the bspwm configuration file.\nIf null, $HOME/.config/bspwm/bspwmrc will be used.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc\""}, "loc": ["services", "xserver", "windowManager", "bspwm", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.windowManager.bspwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/bspwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable bspwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "bspwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.bspwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/bspwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.bspwm"}, "description": "The bspwm package to use.", "loc": ["services", "xserver", "windowManager", "bspwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.bspwm.sxhkd.configFile": {"declarations": ["nixos/modules/services/x11/window-managers/bspwm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the sxhkd configuration file.\nIf null, $HOME/.config/sxhkd/sxhkdrc will be used.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc\""}, "loc": ["services", "xserver", "windowManager", "bspwm", "sxhkd", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.windowManager.bspwm.sxhkd.package": {"declarations": ["nixos/modules/services/x11/window-managers/bspwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sxhkd"}, "description": "The sxhkd package to use.", "loc": ["services", "xserver", "windowManager", "bspwm", "sxhkd", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.clfswm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/clfswm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable clfswm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "clfswm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.clfswm.package": {"declarations": ["nixos/modules/services/x11/window-managers/clfswm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.sbclPackages.clfswm"}, "description": "The clfswm package to use.", "loc": ["services", "xserver", "windowManager", "clfswm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.cwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/cwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable cwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "cwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.dk.enable": {"declarations": ["nixos/modules/services/x11/window-managers/dk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dk.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "dk", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.dk.package": {"declarations": ["nixos/modules/services/x11/window-managers/dk.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dk"}, "description": "The dk package to use.", "loc": ["services", "xserver", "windowManager", "dk", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.dwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/dwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "dwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.dwm.extraSessionCommands": {"declarations": ["nixos/modules/services/x11/window-managers/dwm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just before dwm is started.\n", "loc": ["services", "xserver", "windowManager", "dwm", "extraSessionCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.windowManager.dwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/dwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dwm"}, "description": "The dwm package to use.", "example": {"_type": "literalExpression", "text": "pkgs.dwm.overrideAttrs (oldAttrs: rec {\n  patches = [\n    (super.fetchpatch {\n      url = \"https://dwm.suckless.org/patches/steam/dwm-steam-6.2.diff\";\n      sha256 = \"sha256-f3lffBjz7+0Khyn9c9orzReoLTqBb/9gVGshYARGdVc=\";\n    })\n  ];\n})\n"}, "loc": ["services", "xserver", "windowManager", "dwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.e16.enable": {"declarations": ["nixos/modules/services/x11/window-managers/e16.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable e16.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "e16", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.evilwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/evilwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable evilwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "evilwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.exwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/exwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "exwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.exwm.extraPackages": {"declarations": ["nixos/modules/services/x11/window-managers/exwm.nix"], "default": {"_type": "literalExpression", "text": "epkgs: []"}, "description": "Extra packages available to Emacs. The value must be a\nfunction which receives the attrset defined in\n{var}`emacs.pkgs` as the sole argument.\n", "example": {"_type": "literalExpression", "text": "epkgs: [\n  epkgs.emms\n  epkgs.magit\n  epkgs.proofgeneral\n]\n"}, "loc": ["services", "xserver", "windowManager", "exwm", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.xserver.windowManager.exwm.loadScript": {"declarations": ["nixos/modules/services/x11/window-managers/exwm.nix"], "default": {"_type": "literalExpression", "text": "\"(require 'exwm)\""}, "description": "Emacs lisp code to be run after loading the user's init\nfile.\n", "example": {"_type": "literalExpression", "text": "''\n  (require 'exwm)\n  (exwm-enable)\n''"}, "loc": ["services", "xserver", "windowManager", "exwm", "loadScript"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.windowManager.exwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/exwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.emacs"}, "description": "The Emacs package to use.", "example": {"_type": "literalExpression", "text": "pkgs.emacs-gtk"}, "loc": ["services", "xserver", "windowManager", "exwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.fluxbox.enable": {"declarations": ["nixos/modules/services/x11/window-managers/fluxbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable fluxbox.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "fluxbox", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.fvwm2.enable": {"declarations": ["nixos/modules/services/x11/window-managers/fvwm2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Fvwm2 window manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "fvwm2", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.fvwm2.gestures": {"declarations": ["nixos/modules/services/x11/window-managers/fvwm2.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to enable libstroke for gesture support", "loc": ["services", "xserver", "windowManager", "fvwm2", "gestures"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.fvwm3.enable": {"declarations": ["nixos/modules/services/x11/window-managers/fvwm3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Fvwm3 window manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "fvwm3", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.hackedbox.enable": {"declarations": ["nixos/modules/services/x11/window-managers/hackedbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hackedbox.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "hackedbox", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.herbstluftwm.configFile": {"declarations": ["nixos/modules/services/x11/window-managers/herbstluftwm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the herbstluftwm configuration file.  If left at the\ndefault value, $XDG_CONFIG_HOME/herbstluftwm/autostart will\nbe used.\n", "loc": ["services", "xserver", "windowManager", "herbstluftwm", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.windowManager.herbstluftwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/herbstluftwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable herbstluftwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "herbstluftwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.herbstluftwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/herbstluftwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.herbstluftwm"}, "description": "The herbstluftwm package to use.", "loc": ["services", "xserver", "windowManager", "herbstluftwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.hypr.enable": {"declarations": ["nixos/modules/services/x11/window-managers/hypr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable hypr.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "hypr", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.i3.configFile": {"declarations": ["nixos/modules/services/x11/window-managers/i3.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the i3 configuration file.\nIf left at the default value, $HOME/.i3/config will be used.\n", "loc": ["services", "xserver", "windowManager", "i3", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.windowManager.i3.enable": {"declarations": ["nixos/modules/services/x11/window-managers/i3.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable i3 window manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "i3", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.i3.extraPackages": {"declarations": ["nixos/modules/services/x11/window-managers/i3.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [\n  dmenu\n  i3status\n]\n"}, "description": "Extra packages to be installed system wide.\n", "loc": ["services", "xserver", "windowManager", "i3", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.xserver.windowManager.i3.extraSessionCommands": {"declarations": ["nixos/modules/services/x11/window-managers/i3.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just before i3 is started.\n", "loc": ["services", "xserver", "windowManager", "i3", "extraSessionCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.windowManager.i3.package": {"declarations": ["nixos/modules/services/x11/window-managers/i3.nix"], "default": {"_type": "literalExpression", "text": "pkgs.i3"}, "description": "The i3 package to use.", "loc": ["services", "xserver", "windowManager", "i3", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.i3.updateSessionEnvironment": {"declarations": ["nixos/modules/services/x11/window-managers/i3.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run dbus-update-activation-environment and systemctl import-environment before session start.\nRequired for xdg portals to function properly.\n", "loc": ["services", "xserver", "windowManager", "i3", "updateSessionEnvironment"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.icewm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/icewm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable icewm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "icewm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.jwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/jwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable jwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "jwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.katriawm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/katriawm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable katriawm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "katriawm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.katriawm.package": {"declarations": ["nixos/modules/services/x11/window-managers/katriawm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.katriawm"}, "description": "The katriawm package to use.", "loc": ["services", "xserver", "windowManager", "katriawm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.leftwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/leftwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable leftwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "leftwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.lwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/lwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable lwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "lwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.metacity.enable": {"declarations": ["nixos/modules/services/x11/window-managers/metacity.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable metacity.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "metacity", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.mlvwm.configFile": {"declarations": ["nixos/modules/services/x11/window-managers/mlvwm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the mlvwm configuration file.\nIf left at the default value, $HOME/.mlvwmrc will be used.\n", "loc": ["services", "xserver", "windowManager", "mlvwm", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.windowManager.mlvwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/mlvwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Macintosh-like Virtual Window Manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "mlvwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.mwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/mwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "mwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.nimdow.enable": {"declarations": ["nixos/modules/services/x11/window-managers/nimdow.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nimdow.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "nimdow", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.nimdow.package": {"declarations": ["nixos/modules/services/x11/window-managers/nimdow.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nimdow"}, "description": "The nimdow package to use.", "loc": ["services", "xserver", "windowManager", "nimdow", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.notion.enable": {"declarations": ["nixos/modules/services/x11/window-managers/notion.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable notion.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "notion", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.openbox.enable": {"declarations": ["nixos/modules/services/x11/window-managers/openbox.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable openbox.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "openbox", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.oxwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/oxwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oxwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "oxwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.oxwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/oxwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.oxwm"}, "description": "The oxwm package to use.", "loc": ["services", "xserver", "windowManager", "oxwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.pekwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/pekwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable pekwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "pekwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.qtile.configFile": {"declarations": ["nixos/modules/services/x11/window-managers/qtile.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the qtile configuration file.\nIf null, $XDG_CONFIG_HOME/qtile/config.py will be used.\n", "example": {"_type": "literalExpression", "text": "./your_config.py"}, "loc": ["services", "xserver", "windowManager", "qtile", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.windowManager.qtile.enable": {"declarations": ["nixos/modules/services/x11/window-managers/qtile.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable qtile.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "qtile", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.qtile.extraPackages": {"declarations": ["nixos/modules/services/x11/window-managers/qtile.nix"], "default": {"_type": "literalExpression", "text": "python3Packages: with python3Packages; [];\n"}, "description": "Extra Python packages available to Qtile.\nAn example would be to include `python3Packages.qtile-extras`\nfor additional unofficial widgets.\n", "example": {"_type": "literalExpression", "text": "python3Packages: with python3Packages; [\n  qtile-extras\n];\n"}, "loc": ["services", "xserver", "windowManager", "qtile", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.xserver.windowManager.qtile.package": {"declarations": ["nixos/modules/services/x11/window-managers/qtile.nix"], "default": {"_type": "literalExpression", "text": "pkgs.python3.pkgs.qtile"}, "description": "The qtile package to use.", "loc": ["services", "xserver", "windowManager", "qtile", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.ragnarwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/ragnarwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ragnarwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "ragnarwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.ragnarwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/ragnarwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ragnarwm"}, "description": "The ragnarwm package to use.", "loc": ["services", "xserver", "windowManager", "ragnarwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.ratpoison.enable": {"declarations": ["nixos/modules/services/x11/window-managers/ratpoison.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ratpoison.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "ratpoison", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.sawfish.enable": {"declarations": ["nixos/modules/services/x11/window-managers/sawfish.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sawfish.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "sawfish", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.smallwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/smallwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable smallwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "smallwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.spectrwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/spectrwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable spectrwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "spectrwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.stumpwm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/stumpwm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable stumpwm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "stumpwm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.stumpwm.package": {"declarations": ["nixos/modules/services/x11/window-managers/stumpwm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stumpwm"}, "description": "The stumpwm package to use.", "loc": ["services", "xserver", "windowManager", "stumpwm", "package"], "readOnly": false, "type": "package"}, "services.xserver.windowManager.tinywm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/tinywm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable tinywm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "tinywm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.twm.enable": {"declarations": ["nixos/modules/services/x11/window-managers/twm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable twm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "twm", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.windowlab.enable": {"declarations": ["nixos/modules/services/x11/window-managers/windowlab.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable windowlab.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "windowlab", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.windowmaker.enable": {"declarations": ["nixos/modules/services/x11/window-managers/windowmaker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable windowmaker.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "windowmaker", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.wmderland.enable": {"declarations": ["nixos/modules/services/x11/window-managers/wmderland.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wmderland.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "wmderland", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.wmderland.extraPackages": {"declarations": ["nixos/modules/services/x11/window-managers/wmderland.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [\n  rofi\n  dunst\n  light\n  hsetroot\n  feh\n  rxvt-unicode\n]\n"}, "description": "Extra packages to be installed system wide.\n", "loc": ["services", "xserver", "windowManager", "wmderland", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.xserver.windowManager.wmderland.extraSessionCommands": {"declarations": ["nixos/modules/services/x11/window-managers/wmderland.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed just before wmderland is started.\n", "loc": ["services", "xserver", "windowManager", "wmderland", "extraSessionCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.windowManager.wmii.enable": {"declarations": ["nixos/modules/services/x11/window-managers/wmii.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable wmii.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "wmii", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.xmonad.config": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration from which XMonad gets compiled. If no value is\nspecified, a vanilla xmonad binary is put in PATH, which will\nattempt to recompile and exec your xmonad config from $HOME/.xmonad.\nThis setup is then analogous to other (non-NixOS) linux distributions.\n\nIf you do set this option, you likely want to use \"launch\" as your\nentry point for xmonad (as in the example), to avoid xmonad's\nrecompilation logic on startup. Doing so will render the default\n\"mod+q\" restart key binding dysfunctional though, because that attempts\nto call your binary with the \"--restart\" command line option, unless\nyou implement that yourself. You way mant to bind \"mod+q\" to\n`(restart \"xmonad\" True)` instead, which will just restart\nxmonad from PATH. This allows e.g. switching to the new xmonad binary\nafter rebuilding your system with nixos-rebuild.\nFor the same reason, ghc is not added to the environment when this\noption is set, unless {option}`enableConfiguredRecompile` is\nset to `true`.\n\nIf you actually want to run xmonad with a config specified here, but\nalso be able to recompile and restart it from a copy of that source in\n$HOME/.xmonad on the fly, set {option}`enableConfiguredRecompile`\nto `true` and implement something like \"compileRestart\"\nfrom the example.\nThis should allow you to switch at will between the local xmonad and\nthe one NixOS puts in your PATH.\n", "example": {"_type": "literalExpression", "text": "''\n  import XMonad\n  import XMonad.Util.EZConfig (additionalKeys)\n  import Control.Monad (when)\n  import Text.Printf (printf)\n  import System.Posix.Process (executeFile)\n  import System.Info (arch,os)\n  import System.Environment (getArgs)\n  import System.FilePath ((</>))\n  \n  compiledConfig = printf \"xmonad-%s-%s\" arch os\n  \n  myConfig = defaultConfig\n    { modMask = mod4Mask -- Use Super instead of Alt\n    , terminal = \"urxvt\" }\n    `additionalKeys`\n    [ ( (mod4Mask,xK_r), compileRestart True)\n    , ( (mod4Mask,xK_q), restart \"xmonad\" True ) ]\n  \n  compileRestart resume = do\n    dirs  <- asks directories\n    whenX (recompile dirs True) $ do\n      when resume writeStateToFile\n      catchIO\n          ( do\n              args <- getArgs\n              executeFile (cacheDir dirs </> compiledConfig) False args Nothing\n          )\n  \n  main = getDirectories >>= launch myConfig\n  \n  --------------------------------------------\n  {- For versions before 0.17.0 use this instead -}\n  --------------------------------------------\n  -- compileRestart resume =\n  --   whenX (recompile True) $\n  --     when resume writeStateToFile\n  --       *> catchIO\n  --         ( do\n  --             dir <- getXMonadDataDir\n  --             args <- getArgs\n  --             executeFile (dir </> compiledConfig) False args Nothing\n  --         )\n  --\n  -- main = launch myConfig\n  --------------------------------------------\n  \n''"}, "loc": ["services", "xserver", "windowManager", "xmonad", "config"], "readOnly": false, "type": "null or absolute path or string"}, "services.xserver.windowManager.xmonad.enable": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xmonad.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "windowManager", "xmonad", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.xmonad.enableConfiguredRecompile": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable recompilation even if {option}`config` is set to a\nnon-null value. This adds the necessary Haskell dependencies (GHC with\npackages) to the xmonad binary's environment.\n", "loc": ["services", "xserver", "windowManager", "xmonad", "enableConfiguredRecompile"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.xmonad.enableContribAndExtras": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable xmonad-{contrib,extras} in Xmonad.", "loc": ["services", "xserver", "windowManager", "xmonad", "enableContribAndExtras"], "readOnly": false, "type": "boolean"}, "services.xserver.windowManager.xmonad.extraPackages": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "self: []"}, "description": "Extra packages available to ghc when rebuilding Xmonad. The\nvalue must be a function which receives the attrset defined\nin {var}`haskellPackages` as the sole argument.\n", "example": {"_type": "literalExpression", "text": "haskellPackages: [\n  haskellPackages.xmonad-contrib\n  haskellPackages.monad-logger\n]\n"}, "loc": ["services", "xserver", "windowManager", "xmonad", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.xserver.windowManager.xmonad.ghcArgs": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command line arguments passed to the compiler (ghc)\ninvocation when xmonad.config is set.\n", "loc": ["services", "xserver", "windowManager", "xmonad", "ghcArgs"], "readOnly": false, "type": "list of string"}, "services.xserver.windowManager.xmonad.haskellPackages": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.haskellPackages"}, "description": "haskellPackages used to build Xmonad and other packages.\nThis can be used to change the GHC version used to build\nXmonad and the packages listed in\n{var}`extraPackages`.\n", "example": {"_type": "literalExpression", "text": "pkgs.haskell.packages.ghc910"}, "loc": ["services", "xserver", "windowManager", "xmonad", "haskellPackages"], "readOnly": false, "type": "attribute set"}, "services.xserver.windowManager.xmonad.xmonadCliArgs": {"declarations": ["nixos/modules/services/x11/window-managers/xmonad.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Command line arguments passed to the xmonad binary.\n", "loc": ["services", "xserver", "windowManager", "xmonad", "xmonadCliArgs"], "readOnly": false, "type": "list of string"}, "services.xserver.xautolock.enable": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xautolock.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "xautolock", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.xautolock.enableNotifier": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the notifier feature of xautolock.\nThis publishes a notification before the autolock.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "xautolock", "enableNotifier"], "readOnly": false, "type": "boolean"}, "services.xserver.xautolock.extraOptions": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional command-line arguments to pass to\n{command}`xautolock`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-detectsleep\"\n]"}, "loc": ["services", "xserver", "xautolock", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.xserver.xautolock.killer": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The script to use when nothing has happened for as long as {option}`killtime`\n", "example": {"_type": "literalExpression", "text": "\"/run/current-system/systemd/bin/systemctl suspend\""}, "loc": ["services", "xserver", "xautolock", "killer"], "readOnly": false, "type": "null or string"}, "services.xserver.xautolock.killtime": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Minutes xautolock waits until it executes the script specified in {option}`killer`\n(Has to be at least 10 minutes)\n", "loc": ["services", "xserver", "xautolock", "killtime"], "readOnly": false, "type": "signed integer"}, "services.xserver.xautolock.locker": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.xlockmore}/bin/xlock\""}, "description": "The script to use when automatically locking the computer.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.i3lock}/bin/i3lock -i /path/to/img\""}, "loc": ["services", "xserver", "xautolock", "locker"], "readOnly": false, "type": "string"}, "services.xserver.xautolock.notifier": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Notification script to be used to warn about the pending autolock.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.libnotify}/bin/notify-send 'Locking in 10 seconds'\""}, "loc": ["services", "xserver", "xautolock", "notifier"], "readOnly": false, "type": "null or string"}, "services.xserver.xautolock.notify": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Time (in seconds) before the actual lock when the notification about the pending lock should be published.\n", "loc": ["services", "xserver", "xautolock", "notify"], "readOnly": false, "type": "signed integer"}, "services.xserver.xautolock.nowlocker": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The script to use when manually locking the computer with {command}`xautolock -locknow`.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.i3lock}/bin/i3lock -i /path/to/img\""}, "loc": ["services", "xserver", "xautolock", "nowlocker"], "readOnly": false, "type": "null or string"}, "services.xserver.xautolock.time": {"declarations": ["nixos/modules/services/x11/xautolock.nix"], "default": {"_type": "literalExpression", "text": "15"}, "description": "Idle time (in minutes) to wait until xautolock locks the computer.\n", "loc": ["services", "xserver", "xautolock", "time"], "readOnly": false, "type": "signed integer"}, "services.xserver.xkb.extraLayouts": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra custom layouts that will be included in the xkb configuration.\nInformation on how to create a new layout can be found here:\n<https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts>.\nFor more examples see\n<https://wiki.archlinux.org/index.php/X_KeyBoard_extension#Basic_examples>\n", "example": {"_type": "literalExpression", "text": "{\n  mine = {\n    description = \"My custom xkb layout.\";\n    languages = [ \"eng\" ];\n    symbolsFile = /path/to/my/layout;\n  };\n}\n"}, "loc": ["services", "xserver", "xkb", "extraLayouts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.xserver.xkb.extraLayouts.<name>.compatFile": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the xkb compat file.\nThis file sets the compatibility state, used to preserve\ncompatibility with xkb-unaware programs.\nIt must contain a `xkb_compat \"name\" { ... }` block.\n", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "compatFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.xkb.extraLayouts.<name>.description": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "description": "A short description of the layout.", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "description"], "readOnly": false, "type": "string"}, "services.xserver.xkb.extraLayouts.<name>.geometryFile": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the xkb geometry file.\nThis (completely optional) file describes the physical layout of\nkeyboard, which maybe be used by programs to depict it.\nIt must contain a `xkb_geometry \"name\" { ... }` block.\n", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "geometryFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.xkb.extraLayouts.<name>.keycodesFile": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the xkb keycodes file.\nThis file specifies the range and the interpretation of the raw\nkeycodes sent by the keyboard.\nIt must contain a `xkb_keycodes \"name\" { ... }` block.\n", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "keycodesFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.xkb.extraLayouts.<name>.languages": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "description": "A list of languages provided by the layout.\n(Use ISO 639-2 codes, for example: \"eng\" for english)\n", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "languages"], "readOnly": false, "type": "list of string"}, "services.xserver.xkb.extraLayouts.<name>.symbolsFile": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the xkb symbols file.\nThis is the most important file: it defines which symbol or action\nmaps to each key and must contain a\n`xkb_symbols \"name\" { ... }` block.\n", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "symbolsFile"], "readOnly": false, "type": "null or absolute path"}, "services.xserver.xkb.extraLayouts.<name>.typesFile": {"declarations": ["nixos/modules/services/x11/extra-layouts.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the xkb types file.\nThis file specifies the key types that can be associated with\nthe various keyboard keys.\nIt must contain a `xkb_types \"name\" { ... }` block.\n", "loc": ["services", "xserver", "xkb", "extraLayouts", "<name>", "typesFile"], "readOnly": false, "type": "null or absolute path"}, "services.xtreemfs.dir.address": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If specified, it defines the interface to listen on. If not\nspecified, the service will listen on all interfaces (any).\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "xtreemfs", "dir", "address"], "readOnly": false, "type": "string"}, "services.xtreemfs.dir.enable": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XtreemFS DIR service.\n", "loc": ["services", "xtreemfs", "dir", "enable"], "readOnly": false, "type": "boolean"}, "services.xtreemfs.dir.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration of XtreemFS DIR service.\nWARNING: configuration is saved as plaintext inside nix store.\nFor more options: <https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html>\n", "example": {"_type": "literalExpression", "text": "''\n  # specify whether SSL is required\n  ssl.enabled = true\n  ssl.service_creds.pw = passphrase\n  ssl.service_creds.container = pkcs12\n  ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/dir.p12\n  ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks\n  ssl.trusted_certs.pw = jks_passphrase\n  ssl.trusted_certs.container = jks\n''"}, "loc": ["services", "xtreemfs", "dir", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xtreemfs.dir.httpPort": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "30638"}, "description": "Specifies the listen port for the HTTP service that returns the\nstatus page.\n", "loc": ["services", "xtreemfs", "dir", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xtreemfs.dir.port": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "32638"}, "description": "The port to listen on for incoming connections (TCP).\n", "loc": ["services", "xtreemfs", "dir", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xtreemfs.dir.replication.enable": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable XtreemFS DIR replication plugin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xtreemfs", "dir", "replication", "enable"], "readOnly": false, "type": "boolean"}, "services.xtreemfs.dir.replication.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Configuration of XtreemFS DIR replication plugin.\nWARNING: configuration is saved as plaintext inside nix store.\nFor more options: <https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html>\n", "example": {"_type": "literalExpression", "text": "''\n  # participants of the replication including this replica\n  babudb.repl.participant.0 = 192.168.0.10\n  babudb.repl.participant.0.port = 35676\n  babudb.repl.participant.1 = 192.168.0.11\n  babudb.repl.participant.1.port = 35676\n  babudb.repl.participant.2 = 192.168.0.12\n  babudb.repl.participant.2.port = 35676\n  \n  # number of servers that at least have to be up to date\n  # To have a fault-tolerant system, this value has to be set to the\n  # majority of nodes i.e., if you have three replicas, set this to 2\n  # Please note that a setup with two nodes provides no fault-tolerance.\n  babudb.repl.sync.n = 2\n  \n  # specify whether SSL is required\n  babudb.ssl.enabled = true\n  \n  babudb.ssl.protocol = tlsv12\n  \n  # server credentials for SSL handshakes\n  babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12\n  babudb.ssl.service_creds.pw = passphrase\n  babudb.ssl.service_creds.container = pkcs12\n  \n  # trusted certificates for SSL handshakes\n  babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks\n  babudb.ssl.trusted_certs.pw = jks_passphrase\n  babudb.ssl.trusted_certs.container = jks\n  \n  babudb.ssl.authenticationWithoutEncryption = false\n''"}, "loc": ["services", "xtreemfs", "dir", "replication", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xtreemfs.dir.syncMode": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"FSYNC\""}, "description": "The sync mode influences how operations are committed to the disk\nlog before the operation is acknowledged to the caller.\n\n-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure.\n-SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model.\n-SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode.\n-FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk.\n-FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.\n\nFor best throughput use ASYNC, for maximum data safety use FSYNC.\n\n(If xtreemfs.dir.replication.enable is true then FDATASYNC is forced)\n", "example": {"_type": "literalExpression", "text": "\"FDATASYNC\""}, "loc": ["services", "xtreemfs", "dir", "syncMode"], "readOnly": false, "type": "one of \"ASYNC\", \"SYNC_WRITE_METADATA\", \"SYNC_WRITE\", \"FDATASYNC\", \"FSYNC\""}, "services.xtreemfs.dir.uuid": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Must be set to a unique identifier, preferably a UUID according to\nRFC 4122. UUIDs can be generated with `uuidgen` command, found in\nthe `util-linux` package.\n", "example": {"_type": "literalExpression", "text": "\"eacb6bab-f444-4ebf-a06a-3f72d7465e40\""}, "loc": ["services", "xtreemfs", "dir", "uuid"], "readOnly": false, "type": "string"}, "services.xtreemfs.enable": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable XtreemFS.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xtreemfs", "enable"], "readOnly": false, "type": "boolean"}, "services.xtreemfs.homeDir": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/xtreemfs\""}, "description": "XtreemFS home dir for the xtreemfs user.\n", "loc": ["services", "xtreemfs", "homeDir"], "readOnly": false, "type": "absolute path"}, "services.xtreemfs.mrc.address": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If specified, it defines the interface to listen on. If not\nspecified, the service will listen on all interfaces (any).\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "xtreemfs", "mrc", "address"], "readOnly": false, "type": "string"}, "services.xtreemfs.mrc.enable": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XtreemFS MRC service.\n", "loc": ["services", "xtreemfs", "mrc", "enable"], "readOnly": false, "type": "boolean"}, "services.xtreemfs.mrc.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Configuration of XtreemFS MRC service.\nWARNING: configuration is saved as plaintext inside nix store.\nFor more options: <https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html>\n", "example": {"_type": "literalExpression", "text": "''\n  osd_check_interval = 300\n  no_atime = true\n  local_clock_renewal = 0\n  remote_time_sync = 30000\n  authentication_provider = org.xtreemfs.common.auth.NullAuthProvider\n  \n  # shared secret between the MRC and all OSDs\n  capability_secret = iNG8UuQJrJ6XVDTe\n  \n  dir_service.host = 192.168.0.10\n  dir_service.port = 32638\n  \n  # if replication is enabled\n  dir_service.1.host = 192.168.0.11\n  dir_service.1.port = 32638\n  dir_service.2.host = 192.168.0.12\n  dir_service.2.port = 32638\n  \n  # specify whether SSL is required\n  ssl.enabled = true\n  ssl.protocol = tlsv12\n  ssl.service_creds.pw = passphrase\n  ssl.service_creds.container = pkcs12\n  ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/mrc.p12\n  ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks\n  ssl.trusted_certs.pw = jks_passphrase\n  ssl.trusted_certs.container = jks\n''"}, "loc": ["services", "xtreemfs", "mrc", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xtreemfs.mrc.httpPort": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "30636"}, "description": "Specifies the listen port for the HTTP service that returns the\nstatus page.\n", "loc": ["services", "xtreemfs", "mrc", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xtreemfs.mrc.port": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "32636"}, "description": "The port to listen on for incoming connections (TCP).\n", "loc": ["services", "xtreemfs", "mrc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xtreemfs.mrc.replication.enable": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable XtreemFS MRC replication plugin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xtreemfs", "mrc", "replication", "enable"], "readOnly": false, "type": "boolean"}, "services.xtreemfs.mrc.replication.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Configuration of XtreemFS MRC replication plugin.\nWARNING: configuration is saved as plaintext inside nix store.\nFor more options: <https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html>\n", "example": {"_type": "literalExpression", "text": "''\n  # participants of the replication including this replica\n  babudb.repl.participant.0 = 192.168.0.10\n  babudb.repl.participant.0.port = 35678\n  babudb.repl.participant.1 = 192.168.0.11\n  babudb.repl.participant.1.port = 35678\n  babudb.repl.participant.2 = 192.168.0.12\n  babudb.repl.participant.2.port = 35678\n  \n  # number of servers that at least have to be up to date\n  # To have a fault-tolerant system, this value has to be set to the\n  # majority of nodes i.e., if you have three replicas, set this to 2\n  # Please note that a setup with two nodes provides no fault-tolerance.\n  babudb.repl.sync.n = 2\n  \n  # specify whether SSL is required\n  babudb.ssl.enabled = true\n  \n  babudb.ssl.protocol = tlsv12\n  \n  # server credentials for SSL handshakes\n  babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12\n  babudb.ssl.service_creds.pw = passphrase\n  babudb.ssl.service_creds.container = pkcs12\n  \n  # trusted certificates for SSL handshakes\n  babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks\n  babudb.ssl.trusted_certs.pw = jks_passphrase\n  babudb.ssl.trusted_certs.container = jks\n  \n  babudb.ssl.authenticationWithoutEncryption = false\n''"}, "loc": ["services", "xtreemfs", "mrc", "replication", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xtreemfs.mrc.syncMode": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"FSYNC\""}, "description": "The sync mode influences how operations are committed to the disk\nlog before the operation is acknowledged to the caller.\n\n-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure.\n-SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model.\n-SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode.\n-FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk.\n-FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.\n\nFor best throughput use ASYNC, for maximum data safety use FSYNC.\n\n(If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced)\n", "example": {"_type": "literalExpression", "text": "\"FDATASYNC\""}, "loc": ["services", "xtreemfs", "mrc", "syncMode"], "readOnly": false, "type": "one of \"ASYNC\", \"SYNC_WRITE_METADATA\", \"SYNC_WRITE\", \"FDATASYNC\", \"FSYNC\""}, "services.xtreemfs.mrc.uuid": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Must be set to a unique identifier, preferably a UUID according to\nRFC 4122. UUIDs can be generated with `uuidgen` command, found in\nthe `util-linux` package.\n", "example": {"_type": "literalExpression", "text": "\"eacb6bab-f444-4ebf-a06a-3f72d7465e41\""}, "loc": ["services", "xtreemfs", "mrc", "uuid"], "readOnly": false, "type": "string"}, "services.xtreemfs.osd.address": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "If specified, it defines the interface to listen on. If not\nspecified, the service will listen on all interfaces (any).\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "xtreemfs", "osd", "address"], "readOnly": false, "type": "string"}, "services.xtreemfs.osd.enable": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable XtreemFS OSD service.\n", "loc": ["services", "xtreemfs", "osd", "enable"], "readOnly": false, "type": "boolean"}, "services.xtreemfs.osd.extraConfig": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Configuration of XtreemFS OSD service.\nWARNING: configuration is saved as plaintext inside nix store.\nFor more options: <https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html>\n", "example": {"_type": "literalExpression", "text": "''\n  local_clock_renewal = 0\n  remote_time_sync = 30000\n  report_free_space = true\n  capability_secret = iNG8UuQJrJ6XVDTe\n  \n  dir_service.host = 192.168.0.10\n  dir_service.port = 32638\n  \n  # if replication is used\n  dir_service.1.host = 192.168.0.11\n  dir_service.1.port = 32638\n  dir_service.2.host = 192.168.0.12\n  dir_service.2.port = 32638\n  \n  # specify whether SSL is required\n  ssl.enabled = true\n  ssl.service_creds.pw = passphrase\n  ssl.service_creds.container = pkcs12\n  ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12\n  ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks\n  ssl.trusted_certs.pw = jks_passphrase\n  ssl.trusted_certs.container = jks\n''"}, "loc": ["services", "xtreemfs", "osd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xtreemfs.osd.httpPort": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "30640"}, "description": "Specifies the listen port for the HTTP service that returns the\nstatus page.\n", "loc": ["services", "xtreemfs", "osd", "httpPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xtreemfs.osd.port": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "default": {"_type": "literalExpression", "text": "32640"}, "description": "The port to listen on for incoming connections (TCP and UDP).\n", "loc": ["services", "xtreemfs", "osd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.xtreemfs.osd.uuid": {"declarations": ["nixos/modules/services/network-filesystems/xtreemfs.nix"], "description": "Must be set to a unique identifier, preferably a UUID according to\nRFC 4122. UUIDs can be generated with `uuidgen` command, found in\nthe `util-linux` package.\n", "example": {"_type": "literalExpression", "text": "\"eacb6bab-f444-4ebf-a06a-3f72d7465e42\""}, "loc": ["services", "xtreemfs", "osd", "uuid"], "readOnly": false, "type": "string"}, "services.yandex-disk.directory": {"declarations": ["nixos/modules/services/network-filesystems/yandex-disk.nix"], "default": {"_type": "literalExpression", "text": "\"/home/Yandex.Disk\""}, "description": "The directory to use for Yandex.Disk storage", "loc": ["services", "yandex-disk", "directory"], "readOnly": false, "type": "absolute path"}, "services.yandex-disk.enable": {"declarations": ["nixos/modules/services/network-filesystems/yandex-disk.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Yandex-disk client. See <https://disk.yandex.ru/>\n", "loc": ["services", "yandex-disk", "enable"], "readOnly": false, "type": "boolean"}, "services.yandex-disk.excludes": {"declarations": ["nixos/modules/services/network-filesystems/yandex-disk.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Comma-separated list of directories which are excluded from synchronization.\n", "example": {"_type": "literalExpression", "text": "\"data,backup\""}, "loc": ["services", "yandex-disk", "excludes"], "readOnly": false, "type": "strings concatenated with \",\""}, "services.yandex-disk.password": {"declarations": ["nixos/modules/services/network-filesystems/yandex-disk.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Your yandex.com password. Warning: it will be world-readable in /nix/store.\n", "loc": ["services", "yandex-disk", "password"], "readOnly": false, "type": "string"}, "services.yandex-disk.user": {"declarations": ["nixos/modules/services/network-filesystems/yandex-disk.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The user the yandex-disk daemon should run as.\n", "loc": ["services", "yandex-disk", "user"], "readOnly": false, "type": "null or string"}, "services.yandex-disk.username": {"declarations": ["nixos/modules/services/network-filesystems/yandex-disk.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Your yandex.com login name.\n", "loc": ["services", "yandex-disk", "username"], "readOnly": false, "type": "string"}, "services.yarr.address": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Address to run server on.", "loc": ["services", "yarr", "address"], "readOnly": false, "type": "string"}, "services.yarr.authFilePath": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing username:password. `null` means no authentication required to use the service.", "loc": ["services", "yarr", "authFilePath"], "readOnly": false, "type": "null or absolute path"}, "services.yarr.baseUrl": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Base path of the service url.", "loc": ["services", "yarr", "baseUrl"], "readOnly": false, "type": "null or string"}, "services.yarr.enable": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Yet another rss reader.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "yarr", "enable"], "readOnly": false, "type": "boolean"}, "services.yarr.environmentFile": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file for specifying additional settings such as secrets.\n\nSee `yarr -help` for all available options.\n", "loc": ["services", "yarr", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.yarr.package": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "pkgs.yarr"}, "description": "The yarr package to use.", "loc": ["services", "yarr", "package"], "readOnly": false, "type": "package"}, "services.yarr.port": {"declarations": ["nixos/modules/services/misc/yarr.nix"], "default": {"_type": "literalExpression", "text": "7070"}, "description": "Port to run server on.", "loc": ["services", "yarr", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.yggdrasil-jumper.appendListenAddresses": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Append Yggdrasil router configuration with listeners on loopback\naddresses (`127.0.0.1`) and preselected ports to support peering\nusing client-server protocols like `quic` and `tls`.\n\nSee `Listen` option in Yggdrasil router configuration.\n", "loc": ["services", "yggdrasil-jumper", "appendListenAddresses"], "readOnly": false, "type": "boolean"}, "services.yggdrasil-jumper.detectWireguard": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Control whether `settings.wireguard = true` should automatically\nprovide CAP_NET_ADMIN capability and make the necessary packages\navailable to Yggdrasil Jumper service.\n", "loc": ["services", "yggdrasil-jumper", "detectWireguard"], "readOnly": false, "type": "boolean"}, "services.yggdrasil-jumper.enable": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Yggdrasil Jumper system service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "yggdrasil-jumper", "enable"], "readOnly": false, "type": "boolean"}, "services.yggdrasil-jumper.extraArgs": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments for Yggdrasil Jumper.\n", "loc": ["services", "yggdrasil-jumper", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.yggdrasil-jumper.extraConfig": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration for Yggdrasil Jumper in plaintext.\n", "example": {"_type": "literalExpression", "text": "''\n  listen_port = 9999;\n  whitelist = [\n    \"<IPv6 address of a remote node>\"\n  ];\n''"}, "loc": ["services", "yggdrasil-jumper", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.yggdrasil-jumper.logLevel": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Set logging verbosity for Yggdrasil Jumper.\n", "loc": ["services", "yggdrasil-jumper", "logLevel"], "readOnly": false, "type": "one of \"off\", \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.yggdrasil-jumper.package": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.yggdrasil-jumper"}, "description": "The yggdrasil-jumper package to use.", "loc": ["services", "yggdrasil-jumper", "package"], "readOnly": false, "type": "package"}, "services.yggdrasil-jumper.retrieveListenAddresses": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically retrieve listen addresses from the Yggdrasil router configuration.\n\nSee `yggdrasil_listen` option in Yggdrasil Jumper configuration.\n", "loc": ["services", "yggdrasil-jumper", "retrieveListenAddresses"], "readOnly": false, "type": "boolean"}, "services.yggdrasil-jumper.settings": {"declarations": ["nixos/modules/services/networking/yggdrasil-jumper.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for Yggdrasil Jumper as a Nix attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  listen_port = 9999;\n  whitelist = [\n    \"<IPv6 address of a remote node>\"\n  ];\n  wireguard = true;\n}"}, "loc": ["services", "yggdrasil-jumper", "settings"], "readOnly": false, "type": "TOML value"}, "services.yggdrasil.denyDhcpcdInterfaces": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Disable the DHCP client for any interface whose name matches\nany of the shell glob patterns in this list.  Use this\noption to prevent the DHCP client from broadcasting requests\non the yggdrasil network.  It is only necessary to do so\nwhen yggdrasil is running in TAP mode, because TUN\ninterfaces do not support broadcasting.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tap*\"\n]"}, "loc": ["services", "yggdrasil", "denyDhcpcdInterfaces"], "readOnly": false, "type": "list of string"}, "services.yggdrasil.enable": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the yggdrasil system service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "yggdrasil", "enable"], "readOnly": false, "type": "boolean"}, "services.yggdrasil.extraArgs": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments.", "example": {"_type": "literalExpression", "text": "[\n  \"-loglevel\"\n  \"info\"\n]"}, "loc": ["services", "yggdrasil", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.yggdrasil.group": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Group to grant access to the Yggdrasil control socket. If `null`, only root can access the socket.", "example": {"_type": "literalExpression", "text": "\"wheel\""}, "loc": ["services", "yggdrasil", "group"], "readOnly": false, "type": "null or string"}, "services.yggdrasil.openMulticastPort": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the UDP port used for multicast peer discovery. The\nNixOS firewall blocks link-local communication, so in order to make\nincoming local peering work you will also need to configure\n`MulticastInterfaces` in your Yggdrasil configuration\n({option}`settings`). You will then have to\nadd the ports that you configure there to your firewall configuration\n({option}`networking.firewall.allowedTCPPorts` or\n{option}`networking.firewall.interfaces.<name>.allowedTCPPorts`).\n", "loc": ["services", "yggdrasil", "openMulticastPort"], "readOnly": false, "type": "boolean"}, "services.yggdrasil.package": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "pkgs.yggdrasil"}, "description": "The yggdrasil package to use.", "loc": ["services", "yggdrasil", "package"], "readOnly": false, "type": "package"}, "services.yggdrasil.persistentKeys": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable automatic generation and persistence of keys.\nIf enabled, a private key will be generated on first startup and stored\nat /var/lib/yggdrasil/private.pem. This ensures the Yggdrasil node retains the same\nIPv6 address across reboots.\n\nIf you have existing keys from a previous installation (in the old\nkeys.json format at /var/lib/yggdrasil/keys.json), they will be automatically\nmigrated to the new PEM format on first startup.\n\nNote: This option is mutually exclusive with {option}`settings.PrivateKeyPath`.\nIf you want to use externally managed keys, use {option}`settings.PrivateKeyPath`\ninstead\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "yggdrasil", "persistentKeys"], "readOnly": false, "type": "boolean"}, "services.yggdrasil.settings": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for yggdrasil, as a structured Nix attribute set.\n\nIf you specify settings here, they will be used as persistent\nconfiguration and Yggdrasil will retain the same configuration\n(including IPv6 address if keys are provided) across restarts.\n\nIf no settings are specified, ephemeral keys are generated\nand the Yggdrasil interface will have a random IPv6 address\neach time the service is started.\n\nUse {option}`settings.PrivateKeyPath` to securely load private\nkeys from files owned by root via systemd credentials.\n\nThe most important options have dedicated NixOS options above.\nYou can also specify any other yggdrasil configuration option directly.\n\nFor a complete list of available options, see:\nhttps://yggdrasil-network.github.io/configurationref.html\n\nYou can use the command `nix-shell -p yggdrasil --run \"yggdrasil -genconf\"`\nto generate default configuration values with documentation.\n", "example": {"_type": "literalExpression", "text": "{\n  IfMTU = 65535;\n  IfName = \"ygg0\";\n  Listen = [\n    \"tcp://0.0.0.0:xxxxx\"\n  ];\n  Peers = [\n    \"tcp://aa.bb.cc.dd:eeeee\"\n    \"tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff\"\n  ];\n  PrivateKeyPath = \"/run/secrets/yggdrasil-key\";\n}"}, "loc": ["services", "yggdrasil", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.yggdrasil.settings.AllowedPublicKeys": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of peer public keys to allow incoming peering connections from.\nIf left empty, all connections are allowed by default.\n", "loc": ["services", "yggdrasil", "settings", "AllowedPublicKeys"], "readOnly": false, "type": "list of string"}, "services.yggdrasil.settings.Listen": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for incoming connections.\nYou need listeners to accept incoming peerings from non-local nodes.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tcp://0.0.0.0:xxxxx\"\n  \"tls://[::]:yyyyy\"\n]"}, "loc": ["services", "yggdrasil", "settings", "Listen"], "readOnly": false, "type": "list of string"}, "services.yggdrasil.settings.Peers": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of outbound peer connection strings.\nConnection strings can contain options, see the yggdrasil documentation.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tcp://aa.bb.cc.dd:eeeee\"\n  \"tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff\"\n]"}, "loc": ["services", "yggdrasil", "settings", "Peers"], "readOnly": false, "type": "list of string"}, "services.yggdrasil.settings.PrivateKeyPath": {"declarations": ["nixos/modules/services/networking/yggdrasil.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the private key file on the host system.\nWhen specified, the key will be loaded via systemd credentials\nfor secure access by the yggdrasil service.\n\nWarning: Do not put private keys directly in the Nix store\nas they would be world-readable!\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/yggdrasil-private-key\""}, "loc": ["services", "yggdrasil", "settings", "PrivateKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.ympd.enable": {"declarations": ["nixos/modules/services/audio/ympd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ympd, the MPD Web GUI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ympd", "enable"], "readOnly": false, "type": "boolean"}, "services.ympd.mpd.host": {"declarations": ["nixos/modules/services/audio/ympd.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The host where MPD is listening.", "loc": ["services", "ympd", "mpd", "host"], "readOnly": false, "type": "string"}, "services.ympd.mpd.port": {"declarations": ["nixos/modules/services/audio/ympd.nix"], "default": {"_type": "literalExpression", "text": "config.services.mpd.settings.port"}, "description": "The port where MPD is listening.", "example": {"_type": "literalExpression", "text": "6600"}, "loc": ["services", "ympd", "mpd", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.ympd.webPort": {"declarations": ["nixos/modules/services/audio/ympd.nix"], "default": {"_type": "literalExpression", "text": "\"8080\""}, "description": "The port where ympd's web interface will be available.", "example": {"_type": "literalExpression", "text": "\"ssl://8080:/path/to/ssl-private-key.pem\""}, "loc": ["services", "ympd", "webPort"], "readOnly": false, "type": "string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.your_spotify.clientPackage": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "description": "Client package to use.", "loc": ["services", "your_spotify", "clientPackage"], "readOnly": false, "type": "package"}, "services.your_spotify.enable": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable your_spotify.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "your_spotify", "enable"], "readOnly": false, "type": "boolean"}, "services.your_spotify.enableLocalDB": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a local mongodb instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "your_spotify", "enableLocalDB"], "readOnly": false, "type": "boolean"}, "services.your_spotify.nginxVirtualHost": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set creates an nginx virtual host for the client.\nIn most cases this should be the CLIENT_ENDPOINT without\nprotocol prefix.\n", "loc": ["services", "your_spotify", "nginxVirtualHost"], "readOnly": false, "type": "null or string"}, "services.your_spotify.package": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "default": {"_type": "literalExpression", "text": "pkgs.your_spotify"}, "description": "The your_spotify package to use.", "loc": ["services", "your_spotify", "package"], "readOnly": false, "type": "package"}, "services.your_spotify.settings": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "description": "Your Spotify Configuration. Refer to [Your Spotify](https://github.com/Yooooomi/your_spotify) for definitions and values.\n", "example": {"_type": "literalExpression", "text": "{\n  CLIENT_ENDPOINT = \"https://example.com\";\n  API_ENDPOINT = \"https://api.example.com\";\n  SPOTIFY_PUBLIC = \"spotify_client_id\";\n}\n"}, "loc": ["services", "your_spotify", "settings"], "readOnly": false, "type": "open submodule of attribute set of string"}, "services.your_spotify.settings.API_ENDPOINT": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "description": "The endpoint of your server\nThis api has to be reachable from the device you use the website from not from the server.\nThis means that for example you may need two nginx virtual hosts if you want to expose this on the\ninternet.\nHas to include a protocol Prefix (e.g. `http://`)\n", "example": {"_type": "literalExpression", "text": "\"https://localhost:3000\""}, "loc": ["services", "your_spotify", "settings", "API_ENDPOINT"], "readOnly": false, "type": "string"}, "services.your_spotify.settings.CLIENT_ENDPOINT": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "description": "The endpoint of your web application.\nHas to include a protocol Prefix (e.g. `http://`)\n", "example": {"_type": "literalExpression", "text": "\"https://your_spotify.example.org\""}, "loc": ["services", "your_spotify", "settings", "CLIENT_ENDPOINT"], "readOnly": false, "type": "string"}, "services.your_spotify.settings.MONGO_ENDPOINT": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "default": {"_type": "literalExpression", "text": "\"mongodb://localhost:27017/your_spotify\""}, "description": "The endpoint of the Mongo database.", "loc": ["services", "your_spotify", "settings", "MONGO_ENDPOINT"], "readOnly": false, "type": "string"}, "services.your_spotify.settings.PORT": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port of the api server", "loc": ["services", "your_spotify", "settings", "PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.your_spotify.settings.SPOTIFY_PUBLIC": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "description": "The public client ID of your Spotify application.\nRefer to: [Creating the Spotify Application](https://github.com/Yooooomi/your_spotify#creating-the-spotify-application)\n", "loc": ["services", "your_spotify", "settings", "SPOTIFY_PUBLIC"], "readOnly": false, "type": "string"}, "services.your_spotify.spotifySecretFile": {"declarations": ["nixos/modules/services/web-apps/your_spotify.nix"], "description": "A file containing the secret key of your Spotify application.\nRefer to: [Creating the Spotify Application](https://github.com/Yooooomi/your_spotify#creating-the-spotify-application).\n", "loc": ["services", "your_spotify", "spotifySecretFile"], "readOnly": false, "type": "absolute path"}, "services.youtrack.address": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The interface youtrack will listen on.\n", "loc": ["services", "youtrack", "address"], "readOnly": false, "type": "string"}, "services.youtrack.autoUpgrade": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether YouTrack should auto upgrade it without showing the upgrade dialog.", "loc": ["services", "youtrack", "autoUpgrade"], "readOnly": false, "type": "boolean"}, "services.youtrack.enable": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable YouTrack service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "youtrack", "enable"], "readOnly": false, "type": "boolean"}, "services.youtrack.environmentalParameters": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environmental configuration parameters, set imperatively. The values doesn't get removed, when removed in Nix.\nSee <https://www.jetbrains.com/help/youtrack/server/2023.3/youtrack-java-start-parameters.html#environmental-parameters>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "{\n  secure-mode = \"tls\";\n}\n"}, "loc": ["services", "youtrack", "environmentalParameters"], "readOnly": false, "type": "open submodule of attribute set of (signed integer or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive))"}, "services.youtrack.environmentalParameters.listen-address": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The interface YouTrack will listen on.", "loc": ["services", "youtrack", "environmentalParameters", "listen-address"], "readOnly": false, "type": "string"}, "services.youtrack.environmentalParameters.listen-port": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port YouTrack will listen on.", "loc": ["services", "youtrack", "environmentalParameters", "listen-port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.youtrack.generalParameters": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "General configuration parameters and other JVM options.\nSee <https://www.jetbrains.com/help/youtrack/server/2023.3/youtrack-java-start-parameters.html#general-parameters>\nfor more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-Djetbrains.youtrack.admin.restore=true\"\n  \"-Xmx1024m\"\n];\n"}, "loc": ["services", "youtrack", "generalParameters"], "readOnly": false, "type": "list of string"}, "services.youtrack.package": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "pkgs.youtrack"}, "description": "The youtrack package to use.", "loc": ["services", "youtrack", "package"], "readOnly": false, "type": "package"}, "services.youtrack.statePath": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/youtrack\""}, "description": "Path were the YouTrack state is stored.\nTo this path the base version (e.g. 2023_1) of the used package will be appended.\n", "loc": ["services", "youtrack", "statePath"], "readOnly": false, "type": "absolute path"}, "services.youtrack.virtualHost": {"declarations": ["nixos/modules/services/web-apps/youtrack.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the nginx virtual host to use and setup.\nIf null, do not setup anything.\n", "loc": ["services", "youtrack", "virtualHost"], "readOnly": false, "type": "null or string"}, "services.ytdl-sub.group": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "\"ytdl-sub\""}, "description": "Group under which ytdl-sub runs.", "loc": ["services", "ytdl-sub", "group"], "readOnly": false, "type": "string"}, "services.ytdl-sub.instances": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ytdl-sub instances.", "loc": ["services", "ytdl-sub", "instances"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.ytdl-sub.instances.<name>.config": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ytdl-sub. See <https://ytdl-sub.readthedocs.io/en/latest/config_reference/config_yaml.html> for more information.", "example": {"_type": "literalExpression", "text": "{\n  presets = {\n    \"YouTube Playlist\" = {\n      download = \"{subscription_value}\";\n      output_options = {\n        file_name = \"{channel}/{playlist_title}/{playlist_index_padded}_{title}.{ext}\";\n        maintain_download_archive = true;\n        output_directory = \"YouTube\";\n      };\n    };\n  };\n}"}, "loc": ["services", "ytdl-sub", "instances", "<name>", "config"], "readOnly": false, "type": "YAML 1.1 value"}, "services.ytdl-sub.instances.<name>.enable": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ytdl-sub instance.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "ytdl-sub", "instances", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.ytdl-sub.instances.<name>.readWritePaths": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths that ytdl-sub can write to.\n", "loc": ["services", "ytdl-sub", "instances", "<name>", "readWritePaths"], "readOnly": false, "type": "list of absolute path"}, "services.ytdl-sub.instances.<name>.schedule": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "How often to run ytdl-sub. See {manpage}`systemd.time(7)` for the format.", "example": {"_type": "literalExpression", "text": "\"0/6:0\""}, "loc": ["services", "ytdl-sub", "instances", "<name>", "schedule"], "readOnly": false, "type": "null or string"}, "services.ytdl-sub.instances.<name>.subscriptions": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Subscriptions for ytdl-sub. See <https://ytdl-sub.readthedocs.io/en/latest/config_reference/subscription_yaml.html> for more information.", "example": {"_type": "literalExpression", "text": "{\n  \"YouTube Playlist\" = {\n    \"Some Playlist\" = \"https://www.youtube.com/playlist?list=...\";\n  };\n}"}, "loc": ["services", "ytdl-sub", "instances", "<name>", "subscriptions"], "readOnly": false, "type": "YAML 1.1 value"}, "services.ytdl-sub.package": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "pkgs.ytdl-sub"}, "description": "The ytdl-sub package to use.", "loc": ["services", "ytdl-sub", "package"], "readOnly": false, "type": "package"}, "services.ytdl-sub.user": {"declarations": ["nixos/modules/services/misc/ytdl-sub.nix"], "default": {"_type": "literalExpression", "text": "\"ytdl-sub\""}, "description": "User account under which ytdl-sub runs.", "loc": ["services", "ytdl-sub", "user"], "readOnly": false, "type": "string"}, "services.yubikey-agent.enable": {"declarations": ["nixos/modules/services/security/yubikey-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to start yubikey-agent when you log in.  Also sets\nSSH_AUTH_SOCK to point at yubikey-agent.\n\nNote that yubikey-agent will use whatever pinentry is\nspecified in programs.gnupg.agent.pinentryPackage.\n", "loc": ["services", "yubikey-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.yubikey-agent.package": {"declarations": ["nixos/modules/services/security/yubikey-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.yubikey-agent"}, "description": "The yubikey-agent package to use.", "loc": ["services", "yubikey-agent", "package"], "readOnly": false, "type": "package"}, "services.zabbixAgent.enable": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Zabbix Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zabbixAgent", "enable"], "readOnly": false, "type": "boolean"}, "services.zabbixAgent.extraPackages": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "with pkgs; [ net-tools ]"}, "description": "Packages to be added to the Zabbix {env}`PATH`.\nTypically used to add executables for scripts, but can be anything.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ net-tools mysql ]"}, "loc": ["services", "zabbixAgent", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.zabbixAgent.listen.ip": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "List of comma delimited IP addresses that the agent should listen on.\n", "loc": ["services", "zabbixAgent", "listen", "ip"], "readOnly": false, "type": "string"}, "services.zabbixAgent.listen.port": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "10050"}, "description": "Agent will listen on this port for connections from the server.\n", "loc": ["services", "zabbixAgent", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixAgent.modules": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of modules to load.", "example": {"_type": "literalExpression", "text": "{\n  \"dummy.so\" = pkgs.stdenv.mkDerivation {\n    name = \"zabbix-dummy-module-${cfg.package.version}\";\n    src = cfg.package.src;\n    buildInputs = [ cfg.package ];\n    sourceRoot = \"zabbix-${cfg.package.version}/src/modules/dummy\";\n    installPhase = ''\n      mkdir -p $out/lib\n      cp dummy.so $out/lib/\n    '';\n  };\n}\n"}, "loc": ["services", "zabbixAgent", "modules"], "readOnly": false, "type": "attribute set of package"}, "services.zabbixAgent.openFirewall": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Zabbix Agent.\n", "loc": ["services", "zabbixAgent", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.zabbixAgent.package": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zabbix.agent"}, "description": "The agent package to use.", "loc": ["services", "zabbixAgent", "package"], "readOnly": false, "type": "package"}, "services.zabbixAgent.server": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "description": "The IP address or hostname of the Zabbix server to connect to.\n", "loc": ["services", "zabbixAgent", "server"], "readOnly": false, "type": "string"}, "services.zabbixAgent.settings": {"declarations": ["nixos/modules/services/monitoring/zabbix-agent.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Zabbix Agent configuration. Refer to\n<https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_agentd>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  DebugLevel = 4;\n  Hostname = \"example.org\";\n}"}, "loc": ["services", "zabbixAgent", "settings"], "readOnly": false, "type": "attribute set of (signed integer or string or list of string)"}, "services.zabbixProxy.database.createLocally": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "zabbixProxy", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.zabbixProxy.database.host": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "zabbixProxy", "database", "host"], "readOnly": false, "type": "string"}, "services.zabbixProxy.database.name": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "zabbix"}, "description": "Database name.", "loc": ["services", "zabbixProxy", "database", "name"], "readOnly": false, "type": "string"}, "services.zabbixProxy.database.passwordFile": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/zabbix-dbpassword\""}, "loc": ["services", "zabbixProxy", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixProxy.database.port": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "if config.services.zabbixProxy.database.type == \"mysql\"\nthen config.services.mysql.port\nelse config.services.postgresql.settings.port\n"}, "description": "Database host port.", "loc": ["services", "zabbixProxy", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixProxy.database.socket": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the unix socket file to use for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "loc": ["services", "zabbixProxy", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixProxy.database.type": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"pgsql\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"mysql\""}, "loc": ["services", "zabbixProxy", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"pgsql\", \"sqlite\""}, "services.zabbixProxy.database.user": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"zabbix\""}, "description": "Database user.", "loc": ["services", "zabbixProxy", "database", "user"], "readOnly": false, "type": "string"}, "services.zabbixProxy.enable": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Zabbix Proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zabbixProxy", "enable"], "readOnly": false, "type": "boolean"}, "services.zabbixProxy.extraPackages": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "[ net-tools nmap traceroute ]"}, "description": "Packages to be added to the Zabbix {env}`PATH`.\nTypically used to add executables for scripts, but can be anything.\n", "loc": ["services", "zabbixProxy", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.zabbixProxy.listen.ip": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "List of comma delimited IP addresses that the trapper should listen on.\nTrapper will listen on all network interfaces if this parameter is missing.\n", "loc": ["services", "zabbixProxy", "listen", "ip"], "readOnly": false, "type": "string"}, "services.zabbixProxy.listen.port": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "10051"}, "description": "Listen port for trapper.\n", "loc": ["services", "zabbixProxy", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixProxy.modules": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of modules to load.", "example": {"_type": "literalExpression", "text": "{\n  \"dummy.so\" = pkgs.stdenv.mkDerivation {\n    name = \"zabbix-dummy-module-${cfg.package.version}\";\n    src = cfg.package.src;\n    buildInputs = [ cfg.package ];\n    sourceRoot = \"zabbix-${cfg.package.version}/src/modules/dummy\";\n    installPhase = ''\n      mkdir -p $out/lib\n      cp dummy.so $out/lib/\n    '';\n  };\n}\n"}, "loc": ["services", "zabbixProxy", "modules"], "readOnly": false, "type": "attribute set of package"}, "services.zabbixProxy.openFirewall": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Zabbix Proxy.\n", "loc": ["services", "zabbixProxy", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.zabbixProxy.package": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zabbix.proxy-pgsql"}, "description": "The Zabbix package to use.", "loc": ["services", "zabbixProxy", "package"], "readOnly": false, "type": "package"}, "services.zabbixProxy.server": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "description": "The IP address or hostname of the Zabbix server to connect to.\n", "loc": ["services", "zabbixProxy", "server"], "readOnly": false, "type": "string"}, "services.zabbixProxy.settings": {"declarations": ["nixos/modules/services/monitoring/zabbix-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Zabbix Proxy configuration. Refer to\n<https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_proxy>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  CacheSize = \"1G\";\n  SSHKeyLocation = \"/var/lib/zabbix/.ssh\";\n  StartPingers = 32;\n}"}, "loc": ["services", "zabbixProxy", "settings"], "readOnly": false, "type": "attribute set of (signed integer or string or list of string)"}, "services.zabbixServer.database.createLocally": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "zabbixServer", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.zabbixServer.database.host": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Database host address.", "loc": ["services", "zabbixServer", "database", "host"], "readOnly": false, "type": "string"}, "services.zabbixServer.database.name": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "\"zabbix\""}, "description": "Database name.", "loc": ["services", "zabbixServer", "database", "name"], "readOnly": false, "type": "string"}, "services.zabbixServer.database.passwordFile": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/zabbix-dbpassword\""}, "loc": ["services", "zabbixServer", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixServer.database.port": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "if config.services.zabbixServer.database.type == \"mysql\"\nthen config.services.mysql.port\nelse config.services.postgresql.settings.port\n"}, "description": "Database host port.", "loc": ["services", "zabbixServer", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixServer.database.socket": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the unix socket file to use for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "loc": ["services", "zabbixServer", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixServer.database.type": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "\"pgsql\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"mysql\""}, "loc": ["services", "zabbixServer", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"pgsql\""}, "services.zabbixServer.database.user": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "\"zabbix\""}, "description": "Database user.", "loc": ["services", "zabbixServer", "database", "user"], "readOnly": false, "type": "string"}, "services.zabbixServer.enable": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Zabbix Server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zabbixServer", "enable"], "readOnly": false, "type": "boolean"}, "services.zabbixServer.extraPackages": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "[ net-tools nmap traceroute ]"}, "description": "Packages to be added to the Zabbix {env}`PATH`.\nTypically used to add executables for scripts, but can be anything.\n", "loc": ["services", "zabbixServer", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.zabbixServer.listen.ip": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "List of comma delimited IP addresses that the trapper should listen on.\nTrapper will listen on all network interfaces if this parameter is missing.\n", "loc": ["services", "zabbixServer", "listen", "ip"], "readOnly": false, "type": "string"}, "services.zabbixServer.listen.port": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "10051"}, "description": "Listen port for trapper.\n", "loc": ["services", "zabbixServer", "listen", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixServer.modules": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of modules to load.", "example": {"_type": "literalExpression", "text": "{\n  \"dummy.so\" = pkgs.stdenv.mkDerivation {\n    name = \"zabbix-dummy-module-${cfg.package.version}\";\n    src = cfg.package.src;\n    buildInputs = [ cfg.package ];\n    sourceRoot = \"zabbix-${cfg.package.version}/src/modules/dummy\";\n    installPhase = ''\n      mkdir -p $out/lib\n      cp dummy.so $out/lib/\n    '';\n  };\n}\n"}, "loc": ["services", "zabbixServer", "modules"], "readOnly": false, "type": "attribute set of package"}, "services.zabbixServer.openFirewall": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Zabbix Server.\n", "loc": ["services", "zabbixServer", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.zabbixServer.package": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zabbix.server-pgsql"}, "description": "The Zabbix package to use.", "loc": ["services", "zabbixServer", "package"], "readOnly": false, "type": "package"}, "services.zabbixServer.settings": {"declarations": ["nixos/modules/services/monitoring/zabbix-server.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Zabbix Server configuration. Refer to\n<https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server>\nfor details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  CacheSize = \"1G\";\n  SSHKeyLocation = \"/var/lib/zabbix/.ssh\";\n  StartPingers = 32;\n}"}, "loc": ["services", "zabbixServer", "settings"], "readOnly": false, "type": "attribute set of (signed integer or string or list of string)"}, "services.zabbixWeb.database.host": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Database host address.", "loc": ["services", "zabbixWeb", "database", "host"], "readOnly": false, "type": "string"}, "services.zabbixWeb.database.name": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"zabbix\""}, "description": "Database name.", "loc": ["services", "zabbixWeb", "database", "name"], "readOnly": false, "type": "string"}, "services.zabbixWeb.database.passwordFile": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password corresponding to\n{option}`database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/zabbix-dbpassword\""}, "loc": ["services", "zabbixWeb", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.database.port": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "if config.services.zabbixWeb.database.type == \"mysql\" then config.services.mysql.port\nelse if config.services.zabbixWeb.database.type == \"pgsql\" then config.services.postgresql.settings.port\nelse 1521\n"}, "description": "Database host port.", "loc": ["services", "zabbixWeb", "database", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixWeb.database.socket": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the unix socket file to use for authentication.", "example": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "loc": ["services", "zabbixWeb", "database", "socket"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.database.type": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"pgsql\""}, "description": "Database engine to use.", "example": {"_type": "literalExpression", "text": "\"mysql\""}, "loc": ["services", "zabbixWeb", "database", "type"], "readOnly": false, "type": "one of \"mysql\", \"pgsql\", \"oracle\""}, "services.zabbixWeb.database.user": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"zabbix\""}, "description": "Database user.", "loc": ["services", "zabbixWeb", "database", "user"], "readOnly": false, "type": "string"}, "services.zabbixWeb.enable": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Zabbix web interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zabbixWeb", "enable"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.extraConfig": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration to be copied verbatim into {file}`zabbix.conf.php`.\n", "loc": ["services", "zabbixWeb", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zabbixWeb.frontend": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"httpd\""}, "description": "Frontend server to use.", "example": {"_type": "literalExpression", "text": "\"nginx\""}, "loc": ["services", "zabbixWeb", "frontend"], "readOnly": false, "type": "one of \"nginx\", \"httpd\""}, "services.zabbixWeb.hostname": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"zabbix.local\""}, "description": "Hostname for either nginx or httpd.", "loc": ["services", "zabbixWeb", "hostname"], "readOnly": false, "type": "string"}, "services.zabbixWeb.httpd.virtualHost": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Apache configuration can be done by adapting `services.httpd.virtualHosts.<name>`.\nSee [](#opt-services.httpd.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{\n  hostName = \"zabbix.example.org\";\n  adminAddr = \"webmaster@example.org\";\n  forceSSL = true;\n  enableACME = true;\n}\n"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.zabbixWeb.httpd.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.httpd.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.adminAddr": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "E-mail address of the server administrator.", "example": {"_type": "literalExpression", "text": "\"admin@example.org\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "adminAddr"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.httpd.virtualHost.documentRoot": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of Apache's document root directory.  If left undefined,\nan empty directory in the Nix store will be used as root.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "documentRoot"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.httpd.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.enableUserDir": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable serving {file}`~/public_html` as\n`/~\u00abusername\u00bb`.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "enableUserDir"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to httpd.conf verbatim. They will go after\ndirectories and directory aliases defined by default.\n", "example": {"_type": "literalExpression", "text": "''\n  <Directory /home>\n    Options FollowSymlinks\n    AllowOverride All\n  </Directory>\n''"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zabbixWeb.httpd.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that permanently redirects (301)\nall plain HTTP traffic to HTTPS. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443), where the non-SSL listens are used for the redirect vhosts.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected permanently to\nthe given URL.\n", "example": {"_type": "literalExpression", "text": "\"http://newserver.example.org/\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.httpd.virtualHost.hostName": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Canonical hostname for the server.", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "hostName"], "readOnly": false, "type": "string"}, "services.zabbixWeb.httpd.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will\nbe severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\n\n::: {.note}\nThis option overrides `addSSL`, `forceSSL` and `onlySSL`.\n\nIf you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    ip = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    ip = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    ip = \"*\";\n    port = 8080;\n  }\n]"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.zabbixWeb.httpd.virtualHost.listen.*.ip": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"*\""}, "description": "IP to listen on. 0.0.0.0 for IPv4 only, * for all.", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "listen", "*", "ip"], "readOnly": false, "type": "string"}, "services.zabbixWeb.httpd.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "description": "Port to listen on", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixWeb.httpd.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SSL (https) support.", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"*\"\n]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n]"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "listenAddresses"], "readOnly": false, "type": "non-empty (list of string)"}, "services.zabbixWeb.httpd.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n  \"/foo/bar.png\" = {\n    alias = \"/home/eelco/some-file.png\";\n  };\n};\n"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.zabbixWeb.httpd.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zabbixWeb.httpd.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.httpd.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.zabbixWeb.httpd.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.httpd.virtualHost.logFormat": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"common\""}, "description": "Log format for Apache's log files. Possible values are: combined, common, referer, agent.\n", "example": {"_type": "literalExpression", "text": "\"combined\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "logFormat"], "readOnly": false, "type": "string"}, "services.zabbixWeb.httpd.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.httpd.virtualHost.robotsEntries": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.\n", "example": {"_type": "literalExpression", "text": "\"Disallow: /foo/\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "robotsEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zabbixWeb.httpd.virtualHost.servedDirs": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve static directories.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    dir = \"/home/eelco/Dev/nix-homepage\";\n    urlPath = \"/nix\";\n  }\n]"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "servedDirs"], "readOnly": false, "type": "list of (attribute set)"}, "services.zabbixWeb.httpd.virtualHost.servedFiles": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "This option provides a simple way to serve individual, static files.\n\n::: {.note}\nThis option has been deprecated and will be removed in a future\nversion of NixOS. You can achieve the same result by making use of\nthe `locations.<name>.alias` option.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    file = \"/home/eelco/some-file.png\";\n    urlPath = \"/foo/bar.png\";\n  }\n]"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "servedFiles"], "readOnly": false, "type": "list of (attribute set)"}, "services.zabbixWeb.httpd.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"www.example.org:8080\"\n  \"example.org\"\n]"}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.zabbixWeb.httpd.virtualHost.sslServerCert": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "sslServerCert"], "readOnly": false, "type": "absolute path"}, "services.zabbixWeb.httpd.virtualHost.sslServerChain": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to server SSL chain file.", "example": {"_type": "literalExpression", "text": "\"/var/ca.pem\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "sslServerChain"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.httpd.virtualHost.sslServerKey": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "sslServerKey"], "readOnly": false, "type": "absolute path"}, "services.zabbixWeb.httpd.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "zabbixWeb", "httpd", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.\nSee [](#opt-services.nginx.virtualHosts) for further information.\n", "example": {"_type": "literalExpression", "text": "{\n  forceSSL = true;\n  sslCertificateKey = \"/etc/ssl/zabbix.key\";\n  sslCertificate = \"/etc/ssl/zabbix.crt\";\n}\n"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost"], "readOnly": false, "type": "submodule"}, "services.zabbixWeb.nginx.virtualHost.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.addSSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "addSSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.basicAuth": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.zabbixWeb.nginx.virtualHost.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.nginx.virtualHost.default": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "default"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.enableACME": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "enableACME"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.extraConfig": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zabbixWeb.nginx.virtualHost.forceSSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.http2": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "http2"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.http3": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "http3"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.http3_hq": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.kTLS": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "kTLS"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.listen": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.zabbixWeb.nginx.virtualHost.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "description": "Listen address.", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.zabbixWeb.nginx.virtualHost.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.zabbixWeb.nginx.virtualHost.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zabbixWeb.nginx.virtualHost.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.zabbixWeb.nginx.virtualHost.locations": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.onlySSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.quic": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "quic"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.redirectCode": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.zabbixWeb.nginx.virtualHost.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.reuseport": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "reuseport"], "readOnly": false, "type": "boolean"}, "services.zabbixWeb.nginx.virtualHost.root": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "root"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.nginx.virtualHost.serverAliases": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.zabbixWeb.nginx.virtualHost.serverName": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "serverName"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.nginx.virtualHost.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.zabbixWeb.nginx.virtualHost.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.zabbixWeb.nginx.virtualHost.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.zabbixWeb.nginx.virtualHost.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "zabbixWeb", "nginx", "virtualHost", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.zabbixWeb.package": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zabbix.web"}, "description": "The web package to use.", "loc": ["services", "zabbixWeb", "package"], "readOnly": false, "type": "package"}, "services.zabbixWeb.poolConfig": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for the Zabbix PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.\n", "loc": ["services", "zabbixWeb", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.zabbixWeb.server.address": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The IP address or hostname of the Zabbix server to connect to.", "loc": ["services", "zabbixWeb", "server", "address"], "readOnly": false, "type": "string"}, "services.zabbixWeb.server.port": {"declarations": ["nixos/modules/services/web-apps/zabbix.nix"], "default": {"_type": "literalExpression", "text": "10051"}, "description": "The port of the Zabbix server to connect to.", "loc": ["services", "zabbixWeb", "server", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zammad.dataDir": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/zammad\""}, "description": "Path to a folder that will contain Zammad working directory.\n", "loc": ["services", "zammad", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.zammad.database.createLocally": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local database automatically.", "loc": ["services", "zammad", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.zammad.database.host": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"/run/postgresql\""}, "description": "Database host address.\n", "loc": ["services", "zammad", "database", "host"], "readOnly": false, "type": "string"}, "services.zammad.database.name": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"zammad\""}, "description": "Database name.\n", "loc": ["services", "zammad", "database", "name"], "readOnly": false, "type": "string"}, "services.zammad.database.passwordFile": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the password for {option}`services.zammad.database.user`.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/zammad-dbpassword\""}, "loc": ["services", "zammad", "database", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.zammad.database.port": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Database port. Use `null` for default port.", "loc": ["services", "zammad", "database", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zammad.database.settings": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The {file}`database.yml` configuration file as key value set.\nSee \\<TODO\\>\nfor list of configuration parameters.\n", "example": {"_type": "literalExpression", "text": "{\n}\n"}, "loc": ["services", "zammad", "database", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.zammad.database.user": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"zammad\""}, "description": "Database user.", "loc": ["services", "zammad", "database", "user"], "readOnly": false, "type": "null or string"}, "services.zammad.enable": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zammad, a web-based, open source user support/ticketing solution.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zammad", "enable"], "readOnly": false, "type": "boolean"}, "services.zammad.group": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"zammad\""}, "description": "Name of the Zammad group.\n", "loc": ["services", "zammad", "group"], "readOnly": false, "type": "string"}, "services.zammad.host": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Host address.", "example": {"_type": "literalExpression", "text": "\"192.168.23.42\""}, "loc": ["services", "zammad", "host"], "readOnly": false, "type": "string"}, "services.zammad.nginx.configure": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure a local nginx for Zammad.", "loc": ["services", "zammad", "nginx", "configure"], "readOnly": false, "type": "boolean"}, "services.zammad.nginx.domain": {"declarations": ["nixos/modules/services/development/zammad.nix"], "description": "The domain under which zammad will be reachable.", "loc": ["services", "zammad", "nginx", "domain"], "readOnly": false, "type": "string"}, "services.zammad.package": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zammad"}, "description": "The zammad package to use.", "loc": ["services", "zammad", "package"], "readOnly": false, "type": "package"}, "services.zammad.port": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Web service port.", "loc": ["services", "zammad", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zammad.redis.createLocally": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to create a local redis automatically.", "loc": ["services", "zammad", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.zammad.redis.host": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Redis server address.\n", "loc": ["services", "zammad", "redis", "host"], "readOnly": false, "type": "string"}, "services.zammad.redis.name": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"zammad\""}, "description": "Name of the redis server. Only used if `createLocally` is set to true.\n", "loc": ["services", "zammad", "redis", "name"], "readOnly": false, "type": "string"}, "services.zammad.redis.port": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "6379"}, "description": "Port of the redis server.", "loc": ["services", "zammad", "redis", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zammad.secretKeyBaseFile": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to a file containing the\n`secret_key_base` secret.\n\nZammad uses `secret_key_base` to encrypt\nthe cookie store, which contains session data, and to digest\nuser auth tokens.\n\nNeeds to be a 64 byte long string of hexadecimal\ncharacters. You can generate one by running\n\n```\nopenssl rand -hex 64 >/path/to/secret_key_base_file\n```\n\nThis should be a string, not a nix path, since nix paths are\ncopied into the world-readable nix store.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/secret_key_base\""}, "loc": ["services", "zammad", "secretKeyBaseFile"], "readOnly": false, "type": "null or absolute path"}, "services.zammad.user": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "\"zammad\""}, "description": "Name of the Zammad user.\n", "loc": ["services", "zammad", "user"], "readOnly": false, "type": "string"}, "services.zammad.websocketPort": {"declarations": ["nixos/modules/services/development/zammad.nix"], "default": {"_type": "literalExpression", "text": "6042"}, "description": "Websocket service port.", "loc": ["services", "zammad", "websocketPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zapret.blacklist": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify a list of domains NOT to bypass. All other domains will be bypassed.\nYou can specify either whitelist or blacklist, but not both.\nIf neither are specified, then bypass all domains.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example.com\"\n]"}, "loc": ["services", "zapret", "blacklist"], "readOnly": false, "type": "list of string"}, "services.zapret.configureFirewall": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to setup firewall routing so that system http(s) traffic is forwarded via this service.\nDisable if you want to set it up manually.\n", "loc": ["services", "zapret", "configureFirewall"], "readOnly": false, "type": "boolean"}, "services.zapret.enable": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Zapret DPI bypass service..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zapret", "enable"], "readOnly": false, "type": "boolean"}, "services.zapret.httpMode": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "\"first\""}, "description": "By default this service only changes the first packet sent, which is enough in most cases.\nBut there are DPIs that monitor the whole traffic within a session.\nThat requires full processing of every packet, which increases the CPU usage.\n\nSet the mode to `full` if http doesn't work.\n", "example": {"_type": "literalExpression", "text": "\"full\""}, "loc": ["services", "zapret", "httpMode"], "readOnly": false, "type": "one of \"first\", \"full\""}, "services.zapret.httpSupport": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to route http traffic on port 80.\nHttp bypass rarely works and you might want to disable it if you don't utilise http connections.\n", "loc": ["services", "zapret", "httpSupport"], "readOnly": false, "type": "boolean"}, "services.zapret.package": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zapret"}, "description": "The zapret package to use.", "loc": ["services", "zapret", "package"], "readOnly": false, "type": "package"}, "services.zapret.params": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify the bypass parameters for Zapret binary.\nThere are no universal parameters as they vary between different networks, so you'll have to find them yourself.\n\nThis can be done by running the `blockcheck` binary from zapret package, i.e. `nix-shell -p nftables zapret --command blockcheck` (or `iptables` instead of `nftables` if that is what your firewall is using).\nIt'll try different params and then tell you which params are working for your network.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--dpi-desync=fake,disorder2\"\n  \"--dpi-desync-ttl=1\"\n  \"--dpi-desync-autottl=2\"\n]"}, "loc": ["services", "zapret", "params"], "readOnly": false, "type": "list of string"}, "services.zapret.qnum": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "200"}, "description": "Routing queue number.\nOnly change this if you already use the default queue number somewhere else.\n", "loc": ["services", "zapret", "qnum"], "readOnly": false, "type": "signed integer"}, "services.zapret.udpPorts": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of UDP ports to route.\nPort ranges are delimited with a colon like this \"50000:50099\".\n", "example": {"_type": "literalExpression", "text": "[\n  \"50000:50099\"\n  \"1234\"\n]"}, "loc": ["services", "zapret", "udpPorts"], "readOnly": false, "type": "list of string"}, "services.zapret.udpSupport": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable UDP routing.\nThis requires you to specify `udpPorts` and `--dpi-desync-any-protocol` parameter.\n", "loc": ["services", "zapret", "udpSupport"], "readOnly": false, "type": "boolean"}, "services.zapret.whitelist": {"declarations": ["nixos/modules/services/networking/zapret.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Specify a list of domains to bypass. All other domains will be ignored.\nYou can specify either whitelist or blacklist, but not both.\nIf neither are specified, then bypass all domains.\n\nIt is recommended to specify the whitelist. This will make sure that other resources won't be affected by this service.\n", "example": {"_type": "literalExpression", "text": "[\n  \"youtube.com\"\n  \"googlevideo.com\"\n  \"ytimg.com\"\n  \"youtu.be\"\n]"}, "loc": ["services", "zapret", "whitelist"], "readOnly": false, "type": "list of string"}, "services.zeitgeist.enable": {"declarations": ["nixos/modules/services/desktops/zeitgeist.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zeitgeist, a service which logs the users' activities and events.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zeitgeist", "enable"], "readOnly": false, "type": "boolean"}, "services.zenohd.backends": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Storage backend packages to add to zenohd search paths.", "example": {"_type": "literalExpression", "text": "[ pkgs.zenoh-backend-rocksdb ]\n"}, "loc": ["services", "zenohd", "backends"], "readOnly": false, "type": "list of package"}, "services.zenohd.enable": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zenoh daemon..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zenohd", "enable"], "readOnly": false, "type": "boolean"}, "services.zenohd.env": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Set environment variables consumed by zenohd and its plugins.\n", "loc": ["services", "zenohd", "env"], "readOnly": false, "type": "attribute set of string"}, "services.zenohd.extraOptions": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line options for zenohd.", "loc": ["services", "zenohd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.zenohd.home": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/zenoh\""}, "description": "Base directory for zenohd related files defined via ZENOH_HOME.", "loc": ["services", "zenohd", "home"], "readOnly": false, "type": "string"}, "services.zenohd.package": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zenoh"}, "description": "The zenoh package to use.", "loc": ["services", "zenohd", "package"], "readOnly": false, "type": "package"}, "services.zenohd.plugins": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Plugin packages to add to zenohd search paths.", "example": {"_type": "literalExpression", "text": "[ pkgs.zenoh-plugin-mqtt ]\n"}, "loc": ["services", "zenohd", "plugins"], "readOnly": false, "type": "list of package"}, "services.zenohd.settings": {"declarations": ["nixos/modules/services/networking/zenohd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Config options for `zenoh.json5` configuration file.\n\nSee <https://github.com/eclipse-zenoh/zenoh/blob/main/DEFAULT_CONFIG.json5>\nfor more information.\n", "loc": ["services", "zenohd", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.zerobin.dataDir": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/zerobin\""}, "description": "Path to the 0bin data directory\n", "loc": ["services", "zerobin", "dataDir"], "readOnly": false, "type": "string"}, "services.zerobin.enable": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable 0bin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zerobin", "enable"], "readOnly": false, "type": "boolean"}, "services.zerobin.extraConfig": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration to be appended to the 0bin config file\n(see <https://0bin.readthedocs.org/en/latest/en/options.html>)\n", "example": {"_type": "literalExpression", "text": "''\n  MENU = (\n  ('Home', '/'),\n  )\n  COMPRESSED_STATIC_FILE = True\n''"}, "loc": ["services", "zerobin", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zerobin.group": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "\"zerobin\""}, "description": "The group 0bin should run as\n", "loc": ["services", "zerobin", "group"], "readOnly": false, "type": "string"}, "services.zerobin.listenAddress": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The address zerobin should listen to\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "loc": ["services", "zerobin", "listenAddress"], "readOnly": false, "type": "string"}, "services.zerobin.listenPort": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "The port zerobin should listen on\n", "example": {"_type": "literalExpression", "text": "1357"}, "loc": ["services", "zerobin", "listenPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zerobin.user": {"declarations": ["nixos/modules/services/networking/zerobin.nix"], "default": {"_type": "literalExpression", "text": "\"zerobin\""}, "description": "The user 0bin should run as\n", "loc": ["services", "zerobin", "user"], "readOnly": false, "type": "string"}, "services.zeronet.enable": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zeronet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zeronet", "enable"], "readOnly": false, "type": "boolean"}, "services.zeronet.fileserverPort": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "12261"}, "description": "Zeronet fileserver port.", "loc": ["services", "zeronet", "fileserverPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zeronet.package": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zeronet"}, "description": "The zeronet package to use.", "loc": ["services", "zeronet", "package"], "readOnly": false, "type": "package"}, "services.zeronet.port": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "43110"}, "description": "Optional zeronet web UI port.", "loc": ["services", "zeronet", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zeronet.settings": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "{file}`zeronet.conf` configuration. Refer to\n<https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file>\nfor details on supported values;\n", "example": {"_type": "literalExpression", "text": "{ global.tor = enable; }"}, "loc": ["services", "zeronet", "settings"], "readOnly": false, "type": "attribute set of attribute set of (string or signed integer or boolean or list of string)"}, "services.zeronet.tor": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use TOR for zeronet traffic where possible.", "loc": ["services", "zeronet", "tor"], "readOnly": false, "type": "boolean"}, "services.zeronet.torAlways": {"declarations": ["nixos/modules/services/networking/zeronet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use TOR for all zeronet traffic.", "loc": ["services", "zeronet", "torAlways"], "readOnly": false, "type": "boolean"}, "services.zeronsd.servedNetworks": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "ZeroTier Networks to start zeronsd instances for.", "example": {"_type": "literalExpression", "text": "{\n  a8a2c3c10c1a68de = {\n    settings = {\n      token = \"/var/lib/zeronsd/apitoken\";\n    };\n  };\n}"}, "loc": ["services", "zeronsd", "servedNetworks"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.zeronsd.servedNetworks.<name>.package": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zeronsd"}, "description": "The zeronsd package to use.", "loc": ["services", "zeronsd", "servedNetworks", "<name>", "package"], "readOnly": false, "type": "package"}, "services.zeronsd.servedNetworks.<name>.settings": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for zeronsd", "loc": ["services", "zeronsd", "servedNetworks", "<name>", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.zeronsd.servedNetworks.<name>.settings.domain": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "default": {"_type": "literalExpression", "text": "\"home.arpa\""}, "description": "Domain under which ZeroTier records will be available.", "loc": ["services", "zeronsd", "servedNetworks", "<name>", "settings", "domain"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.zeronsd.servedNetworks.<name>.settings.log_level": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "default": {"_type": "literalExpression", "text": "\"warn\""}, "description": "Log Level.", "loc": ["services", "zeronsd", "servedNetworks", "<name>", "settings", "log_level"], "readOnly": false, "type": "one of \"off\", \"error\", \"warn\", \"info\", \"debug\", \"trace\""}, "services.zeronsd.servedNetworks.<name>.settings.token": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "description": "Path to a file containing the API Token for ZeroTier Central.", "loc": ["services", "zeronsd", "servedNetworks", "<name>", "settings", "token"], "readOnly": false, "type": "absolute path"}, "services.zeronsd.servedNetworks.<name>.settings.wildcard": {"declarations": ["nixos/modules/services/networking/zeronsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to serve a wildcard record for ZeroTier Nodes.", "loc": ["services", "zeronsd", "servedNetworks", "<name>", "settings", "wildcard"], "readOnly": false, "type": "boolean"}, "services.zerotierone.enable": {"declarations": ["nixos/modules/services/networking/zerotierone.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZeroTierOne.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zerotierone", "enable"], "readOnly": false, "type": "boolean"}, "services.zerotierone.joinNetworks": {"declarations": ["nixos/modules/services/networking/zerotierone.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of ZeroTier Network IDs to join on startup.\nNote that networks are only ever joined, but not automatically left after removing them from the list.\nTo remove networks, use the ZeroTier CLI: `zerotier-cli leave <network-id>`\n", "example": {"_type": "literalExpression", "text": "[\n  \"a8a2c3c10c1a68de\"\n]"}, "loc": ["services", "zerotierone", "joinNetworks"], "readOnly": false, "type": "list of string"}, "services.zerotierone.localConf": {"declarations": ["nixos/modules/services/networking/zerotierone.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Optional configuration to be written to the Zerotier JSON-based local.conf.\nIf set, the configuration will be symlinked to `/var/lib/zerotier-one/local.conf` at build time.\nTo understand the configuration format, refer to <https://docs.zerotier.com/config/#local-configuration-options>.\n", "example": {"_type": "literalExpression", "text": "{\n  settings = {\n    allowTcpFallbackRelay = false;\n  };\n}"}, "loc": ["services", "zerotierone", "localConf"], "readOnly": false, "type": "JSON value"}, "services.zerotierone.package": {"declarations": ["nixos/modules/services/networking/zerotierone.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zerotierone"}, "description": "The zerotierone package to use.", "loc": ["services", "zerotierone", "package"], "readOnly": false, "type": "package"}, "services.zerotierone.port": {"declarations": ["nixos/modules/services/networking/zerotierone.nix"], "default": {"_type": "literalExpression", "text": "9993"}, "description": "Network port used by ZeroTier.\n", "loc": ["services", "zerotierone", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zeyple.enable": {"declarations": ["nixos/modules/services/mail/zeyple.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zeyple, an utility program to automatically encrypt outgoing emails with GPG.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zeyple", "enable"], "readOnly": false, "type": "boolean"}, "services.zeyple.group": {"declarations": ["nixos/modules/services/mail/zeyple.nix"], "default": {"_type": "literalExpression", "text": "\"zeyple\""}, "description": "Group to use to run Zeyple.\n\n::: {.note}\nIf left as the default value this group will automatically be created\non system activation, otherwise the sysadmin is responsible for\nensuring the user exists.\n:::\n", "loc": ["services", "zeyple", "group"], "readOnly": false, "type": "string"}, "services.zeyple.keys": {"declarations": ["nixos/modules/services/mail/zeyple.nix"], "description": "List of public key files that will be imported by gpg.", "loc": ["services", "zeyple", "keys"], "readOnly": false, "type": "list of absolute path"}, "services.zeyple.rotateLogs": {"declarations": ["nixos/modules/services/mail/zeyple.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable rotation of log files.", "loc": ["services", "zeyple", "rotateLogs"], "readOnly": false, "type": "boolean"}, "services.zeyple.settings": {"declarations": ["nixos/modules/services/mail/zeyple.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Zeyple configuration. refer to\n<https://github.com/infertux/zeyple/blob/master/zeyple/zeyple.conf.example>\nfor details on supported values.\n", "loc": ["services", "zeyple", "settings"], "readOnly": false, "type": "attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.zeyple.user": {"declarations": ["nixos/modules/services/mail/zeyple.nix"], "default": {"_type": "literalExpression", "text": "\"zeyple\""}, "description": "User to run Zeyple as.\n\n::: {.note}\nIf left as the default value this user will automatically be created\non system activation, otherwise the sysadmin is responsible for\nensuring the user exists.\n:::\n", "loc": ["services", "zeyple", "user"], "readOnly": false, "type": "string"}, "services.zfs.autoReplication.enable": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZFS snapshot replication.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zfs", "autoReplication", "enable"], "readOnly": false, "type": "boolean"}, "services.zfs.autoReplication.followDelete": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Remove remote snapshots that don't have a local correspondent.", "loc": ["services", "zfs", "autoReplication", "followDelete"], "readOnly": false, "type": "boolean"}, "services.zfs.autoReplication.host": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "description": "Remote host where snapshots should be sent. `lz4` is expected to be installed on this host.", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "zfs", "autoReplication", "host"], "readOnly": false, "type": "string"}, "services.zfs.autoReplication.identityFilePath": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "description": "Path to SSH key used to login to host.", "example": {"_type": "literalExpression", "text": "\"/home/username/.ssh/id_rsa\""}, "loc": ["services", "zfs", "autoReplication", "identityFilePath"], "readOnly": false, "type": "absolute path"}, "services.zfs.autoReplication.localFilesystem": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "description": "Local ZFS filesystem from which snapshots should be sent.  Defaults to the attribute name.", "example": {"_type": "literalExpression", "text": "\"pool/file/path\""}, "loc": ["services", "zfs", "autoReplication", "localFilesystem"], "readOnly": false, "type": "string"}, "services.zfs.autoReplication.package": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zfs-replicate"}, "description": "The zfs-replicate package to use.", "loc": ["services", "zfs", "autoReplication", "package"], "readOnly": false, "type": "package"}, "services.zfs.autoReplication.recursive": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Recursively discover snapshots to send.", "loc": ["services", "zfs", "autoReplication", "recursive"], "readOnly": false, "type": "boolean"}, "services.zfs.autoReplication.remoteFilesystem": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "description": "Remote ZFS filesystem where snapshots should be sent.", "example": {"_type": "literalExpression", "text": "\"pool/file/path\""}, "loc": ["services", "zfs", "autoReplication", "remoteFilesystem"], "readOnly": false, "type": "string"}, "services.zfs.autoReplication.username": {"declarations": ["nixos/modules/services/backup/zfs-replication.nix"], "description": "Username used by SSH to login to remote host.", "example": {"_type": "literalExpression", "text": "\"username\""}, "loc": ["services", "zfs", "autoReplication", "username"], "readOnly": false, "type": "string"}, "services.zfs.autoScrub.enable": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable periodic scrubbing of ZFS pools.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zfs", "autoScrub", "enable"], "readOnly": false, "type": "boolean"}, "services.zfs.autoScrub.interval": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"monthly\""}, "description": "Systemd calendar expression when to scrub ZFS pools. See\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"quarterly\""}, "loc": ["services", "zfs", "autoScrub", "interval"], "readOnly": false, "type": "string"}, "services.zfs.autoScrub.pools": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of ZFS pools to periodically scrub. If empty, all pools\nwill be scrubbed.\n", "example": {"_type": "literalExpression", "text": "[\n  \"tank\"\n]"}, "loc": ["services", "zfs", "autoScrub", "pools"], "readOnly": false, "type": "list of string"}, "services.zfs.autoScrub.randomizedDelaySec": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"6h\""}, "description": "Add a randomized delay before each ZFS autoscrub.\nThe delay will be chosen between zero and this value.\nThis value must be a time span in the format specified by\n{manpage}`systemd.time(7)`\n", "example": {"_type": "literalExpression", "text": "\"12h\""}, "loc": ["services", "zfs", "autoScrub", "randomizedDelaySec"], "readOnly": false, "type": "string"}, "services.zfs.autoSnapshot.daily": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "7"}, "description": "Number of daily auto-snapshots that you wish to keep.\n", "loc": ["services", "zfs", "autoSnapshot", "daily"], "readOnly": false, "type": "signed integer"}, "services.zfs.autoSnapshot.enable": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service.\nNote that you must set the `com.sun:auto-snapshot`\nproperty to `true` on all datasets which you wish\nto auto-snapshot.\n\nYou can override a child dataset to use, or not use auto-snapshotting\nby setting its flag with the given interval:\n`zfs set com.sun:auto-snapshot:weekly=false DATASET`\n", "loc": ["services", "zfs", "autoSnapshot", "enable"], "readOnly": false, "type": "boolean"}, "services.zfs.autoSnapshot.flags": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"-k -p\""}, "description": "Flags to pass to the zfs-auto-snapshot command.\n\nRun `zfs-auto-snapshot` (without any arguments) to\nsee available flags.\n\nIf it's not too inconvenient for snapshots to have timestamps in UTC,\nit is suggested that you append `--utc` to the list\nof default options (see example).\n\nOtherwise, snapshot names can cause name conflicts or apparent time\nreversals due to daylight savings, timezone or other date/time changes.\n", "example": {"_type": "literalExpression", "text": "\"-k -p --utc\""}, "loc": ["services", "zfs", "autoSnapshot", "flags"], "readOnly": false, "type": "string"}, "services.zfs.autoSnapshot.frequent": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Number of frequent (15-minute) auto-snapshots that you wish to keep.\n", "loc": ["services", "zfs", "autoSnapshot", "frequent"], "readOnly": false, "type": "signed integer"}, "services.zfs.autoSnapshot.hourly": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "24"}, "description": "Number of hourly auto-snapshots that you wish to keep.\n", "loc": ["services", "zfs", "autoSnapshot", "hourly"], "readOnly": false, "type": "signed integer"}, "services.zfs.autoSnapshot.monthly": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "12"}, "description": "Number of monthly auto-snapshots that you wish to keep.\n", "loc": ["services", "zfs", "autoSnapshot", "monthly"], "readOnly": false, "type": "signed integer"}, "services.zfs.autoSnapshot.weekly": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": "Number of weekly auto-snapshots that you wish to keep.\n", "loc": ["services", "zfs", "autoSnapshot", "weekly"], "readOnly": false, "type": "signed integer"}, "services.zfs.expandOnBoot": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"disabled\""}, "description": "After importing, expand each device in the specified pools.\n\nSet the value to the plain string \"all\" to expand all pools on boot:\n\n    services.zfs.expandOnBoot = \"all\";\n\nor set the value to a list of pools to expand the disks of specific pools:\n\n    services.zfs.expandOnBoot = [ \"tank\" \"dozer\" ];\n", "example": {"_type": "literalExpression", "text": "[\n  \"tank\"\n  \"dozer\"\n]"}, "loc": ["services", "zfs", "expandOnBoot"], "readOnly": false, "type": "one of \"disabled\", \"all\" or list of string"}, "services.zfs.trim.enable": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable periodic TRIM on all ZFS pools.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "zfs", "trim", "enable"], "readOnly": false, "type": "boolean"}, "services.zfs.trim.interval": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "How often we run trim. For most desktop and server systems\na sufficient trimming frequency is once a week.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["services", "zfs", "trim", "interval"], "readOnly": false, "type": "string"}, "services.zfs.trim.randomizedDelaySec": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"6h\""}, "description": "Add a randomized delay before each ZFS trim.\nThe delay will be chosen between zero and this value.\nThis value must be a time span in the format specified by\n{manpage}`systemd.time(7)`\n", "example": {"_type": "literalExpression", "text": "\"12h\""}, "loc": ["services", "zfs", "trim", "randomizedDelaySec"], "readOnly": false, "type": "string"}, "services.zfs.zed.enableMail": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "config.services.mail.sendmailSetuidWrapper != null\n"}, "description": "Whether to enable ZED's ability to send emails.\n", "loc": ["services", "zfs", "zed", "enableMail"], "readOnly": false, "type": "boolean"}, "services.zfs.zed.settings": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "description": "ZFS Event Daemon /etc/zfs/zed.d/zed.rc content\n\nSee\n{manpage}`zed(8)`\nfor details on ZED and the scripts in /etc/zfs/zed.d to find the possible variables\n", "example": {"_type": "literalExpression", "text": "{\n  ZED_DEBUG_LOG = \"/tmp/zed.debug.log\";\n\n  ZED_EMAIL_ADDR = [ \"root\" ];\n  ZED_EMAIL_PROG = \"mail\";\n  ZED_EMAIL_OPTS = \"-s '@SUBJECT@' @ADDRESS@\";\n\n  ZED_NOTIFY_INTERVAL_SECS = 3600;\n  ZED_NOTIFY_VERBOSE = false;\n\n  ZED_USE_ENCLOSURE_LEDS = true;\n  ZED_SCRUB_AFTER_RESILVER = false;\n}\n"}, "loc": ["services", "zfs", "zed", "settings"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean or list of string)"}, "services.zigbee2mqtt.dataDir": {"declarations": ["nixos/modules/services/home-automation/zigbee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/zigbee2mqtt\""}, "description": "Zigbee2mqtt data directory", "loc": ["services", "zigbee2mqtt", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.zigbee2mqtt.enable": {"declarations": ["nixos/modules/services/home-automation/zigbee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zigbee2mqtt service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zigbee2mqtt", "enable"], "readOnly": false, "type": "boolean"}, "services.zigbee2mqtt.package": {"declarations": ["nixos/modules/services/home-automation/zigbee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zigbee2mqtt"}, "description": "The zigbee2mqtt package to use.", "loc": ["services", "zigbee2mqtt", "package"], "readOnly": false, "type": "package"}, "services.zigbee2mqtt.settings": {"declarations": ["nixos/modules/services/home-automation/zigbee2mqtt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Your {file}`configuration.yaml` as a Nix attribute set.\nCheck the [documentation](https://www.zigbee2mqtt.io/information/configuration.html)\nfor possible options.\n", "example": {"_type": "literalExpression", "text": "{\n  homeassistant.enabled = config.services.home-assistant.enable;\n  permit_join = true;\n  serial = {\n    port = \"/dev/ttyACM1\";\n  };\n}\n"}, "loc": ["services", "zigbee2mqtt", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.zipline.database.createLocally": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable and configure a local PostgreSQL database server.\n", "loc": ["services", "zipline", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.zipline.enable": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zipline.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zipline", "enable"], "readOnly": false, "type": "boolean"}, "services.zipline.environmentFiles": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Files to load environment variables from (in addition to [](#opt-services.zipline.settings)). This is useful to avoid putting secrets into the nix store. See <https://zipline.diced.sh/docs/config> for more information.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/run/secrets/zipline.env\"\n]"}, "loc": ["services", "zipline", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "services.zipline.package": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zipline"}, "description": "The zipline package to use.", "loc": ["services", "zipline", "package"], "readOnly": false, "type": "package"}, "services.zipline.settings": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration of Zipline. See <https://zipline.diced.sh/docs/config> for more information.\n", "example": {"_type": "literalExpression", "text": "{\n  CORE_HOSTNAME = \"0.0.0.0\";\n  CORE_PORT = \"3000\";\n  CORE_SECRET = \"changethis\";\n  DATABASE_URL = \"postgres://postgres:postgres@postgres/postgres\";\n  DATASOURCE_LOCAL_DIRECTORY = \"/var/lib/zipline/uploads\";\n  DATASOURCE_TYPE = \"local\";\n}"}, "loc": ["services", "zipline", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer)"}, "services.zipline.settings.CORE_HOSTNAME": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "The hostname to listen on.", "example": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "loc": ["services", "zipline", "settings", "CORE_HOSTNAME"], "readOnly": false, "type": "string"}, "services.zipline.settings.CORE_PORT": {"declarations": ["nixos/modules/services/web-apps/zipline.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "The port to listen on.", "example": {"_type": "literalExpression", "text": "8000"}, "loc": ["services", "zipline", "settings", "CORE_PORT"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zitadel.enable": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZITADEL, a user and identity access management platform.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zitadel", "enable"], "readOnly": false, "type": "boolean"}, "services.zitadel.extraSettingsPaths": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths to extra settings files. These will override the\nvalues set in [settings](#opt-services.zitadel.settings). Useful if\nyou want to keep sensitive secrets out of the Nix store.\n", "loc": ["services", "zitadel", "extraSettingsPaths"], "readOnly": false, "type": "list of absolute path"}, "services.zitadel.extraStepsPaths": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths to extra steps files. These will override the values\nset in [steps](#opt-services.zitadel.steps). Useful if you want to\nkeep sensitive secrets out of the Nix store.\n", "loc": ["services", "zitadel", "extraStepsPaths"], "readOnly": false, "type": "list of absolute path"}, "services.zitadel.group": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "\"zitadel\""}, "description": "The group to run ZITADEL under.", "loc": ["services", "zitadel", "group"], "readOnly": false, "type": "string"}, "services.zitadel.masterKeyFile": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "description": "Path to a file containing a master encryption key for ZITADEL. The\nkey must be 32 bytes.\n", "loc": ["services", "zitadel", "masterKeyFile"], "readOnly": false, "type": "absolute path"}, "services.zitadel.openFirewall": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the port specified in `listenPort` in the firewall.\n", "loc": ["services", "zitadel", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.zitadel.package": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zitadel"}, "description": "The ZITADEL package to use.", "loc": ["services", "zitadel", "package"], "readOnly": false, "type": "package"}, "services.zitadel.settings": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the runtime configuration file. See\n<https://zitadel.com/docs/self-hosting/manage/configure> for more\ndetails.\n", "example": {"_type": "literalExpression", "text": "{\n  Port = 8123;\n  ExternalDomain = \"example.com\";\n  TLS = {\n    CertPath = \"/path/to/cert.pem\";\n    KeyPath = \"/path/to/cert.key\";\n  };\n  Database.cockroach.Host = \"db.example.com\";\n};\n"}, "loc": ["services", "zitadel", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.zitadel.settings.Port": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "8080"}, "description": "The port that ZITADEL listens on.", "loc": ["services", "zitadel", "settings", "Port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zitadel.settings.TLS.Cert": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The TLS certificate, as a base64-encoded string.\n\nNote that the contents of this option will be added to the Nix\nstore as world-readable plain text. Set\n[CertPath](#opt-services.zitadel.settings.TLS.CertPath) instead\nif this is undesired.\n", "loc": ["services", "zitadel", "settings", "TLS", "Cert"], "readOnly": false, "type": "null or string"}, "services.zitadel.settings.TLS.CertPath": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS certificate.", "loc": ["services", "zitadel", "settings", "TLS", "CertPath"], "readOnly": false, "type": "null or absolute path"}, "services.zitadel.settings.TLS.Key": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The TLS certificate private key, as a base64-encoded string.\n\nNote that the contents of this option will be added to the Nix\nstore as world-readable plain text. Set\n[KeyPath](#opt-services.zitadel.settings.TLS.KeyPath) instead\nif this is undesired.\n", "loc": ["services", "zitadel", "settings", "TLS", "Key"], "readOnly": false, "type": "null or string"}, "services.zitadel.settings.TLS.KeyPath": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the TLS certificate private key.", "loc": ["services", "zitadel", "settings", "TLS", "KeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.zitadel.steps": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Contents of the database initialization config file. See\n<https://zitadel.com/docs/self-hosting/manage/configure> for more\ndetails.\n", "example": {"_type": "literalExpression", "text": "{\n  FirstInstance = {\n    InstanceName = \"Example\";\n    Org.Human = {\n      UserName = \"foobar\";\n      FirstName = \"Foo\";\n      LastName = \"Bar\";\n    };\n  };\n}\n"}, "loc": ["services", "zitadel", "steps"], "readOnly": false, "type": "YAML 1.1 value"}, "services.zitadel.tlsMode": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "\"external\""}, "description": "The TLS mode to use. Options are:\n\n- enabled: ZITADEL accepts HTTPS connections directly. You must\n  configure TLS if this option is selected.\n- external: ZITADEL forces HTTPS connections, with TLS terminated at a\n  reverse proxy.\n- disabled: ZITADEL accepts HTTP connections only. Should only be used\n  for testing.\n", "example": {"_type": "literalExpression", "text": "\"enabled\""}, "loc": ["services", "zitadel", "tlsMode"], "readOnly": false, "type": "one of \"external\", \"enabled\", \"disabled\""}, "services.zitadel.user": {"declarations": ["nixos/modules/services/web-apps/zitadel.nix"], "default": {"_type": "literalExpression", "text": "\"zitadel\""}, "description": "The user to run ZITADEL under.", "loc": ["services", "zitadel", "user"], "readOnly": false, "type": "string"}, "services.znapzend.autoCreation": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically create the destination dataset if it does not exist.", "loc": ["services", "znapzend", "autoCreation"], "readOnly": false, "type": "boolean"}, "services.znapzend.enable": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZnapZend ZFS backup daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "enable"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.compressed": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable compressed feature which adds the options `-Lce` to\nthe {command}`zfs send` command. When this is enabled, make\nsure that both the sending and receiving pool have the same relevant\nfeatures enabled. Using `-c` will skip unnecessary\ndecompress-compress stages, `-L` is for large block\nsupport and -e is for embedded data support. see\n{manpage}`znapzend(1)`\nand {manpage}`zfs(8)`\nfor more info\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "compressed"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.lowmemRecurse": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable use lowmemRecurse on systems where you have too many datasets, so a\nrecursive listing of attributes to find backup plans exhausts the\nmemory available to {command}`znapzend`: instead, go the slower\nway to first list all impacted dataset names, and then query their\nconfigs one by one\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "lowmemRecurse"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.oracleMode": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable destroying snapshots one by one instead of using one long argument list.\nIf source and destination are out of sync for a long time, you may have\nso many snapshots to destroy that the argument gets is too long and the\ncommand fails\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "oracleMode"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.recvu": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable recvu feature which uses `-u` on the receiving end to keep the destination\nfilesystem unmounted\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "recvu"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.sendRaw": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sendRaw feature which adds the options `-w` to the\n{command}`zfs send` command. For encrypted source datasets this\ninstructs zfs not to decrypt before sending which results in a remote\nbackup that can't be read without the encryption key/passphrase, useful\nwhen the remote isn't fully trusted or not physically secure. This\noption must be used consistently, raw incrementals cannot be based on\nnon-raw snapshots and vice versa\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "sendRaw"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.skipIntermediates": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the skipIntermediates feature to send a single increment\nbetween latest common snapshot and the newly made one. It may skip\nseveral source snaps if the destination was offline for some time, and\nit should skip snapshots not managed by znapzend. Normally for online\ndestinations, the new snapshot is sent as soon as it is created on the\nsource, so there are no automatic increments to skip\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "skipIntermediates"], "readOnly": false, "type": "boolean"}, "services.znapzend.features.zfsGetType": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable using zfsGetType if your {command}`zfs get` supports a\n`-t` argument for filtering by dataset type at all AND\nlists properties for snapshots by default when recursing, so that there\nis too much data to process while searching for backup plans.\nIf these two conditions apply to your system, the time needed for a\n`--recursive` search for backup plans can literally\ndiffer by hundreds of times (depending on the amount of snapshots in\nthat dataset tree... and a decent backup plan will ensure you have a lot\nof those), so you would benefit from requesting this feature\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znapzend", "features", "zfsGetType"], "readOnly": false, "type": "boolean"}, "services.znapzend.logLevel": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "\"debug\""}, "description": "The log level when logging to file. Any of debug, info, warning, err,\nalert. Default in daemonized form is debug.\n", "example": {"_type": "literalExpression", "text": "\"warning\""}, "loc": ["services", "znapzend", "logLevel"], "readOnly": false, "type": "one of \"debug\", \"info\", \"warning\", \"err\", \"alert\""}, "services.znapzend.logTo": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "\"syslog::daemon\""}, "description": "Where to log to (syslog::\\<facility\\> or \\<filepath\\>).\n", "example": {"_type": "literalExpression", "text": "\"/var/log/znapzend.log\""}, "loc": ["services", "znapzend", "logTo"], "readOnly": false, "type": "string"}, "services.znapzend.mailErrorSummaryTo": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Email address to send a summary to if \"send task(s) failed\".\n", "loc": ["services", "znapzend", "mailErrorSummaryTo"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "services.znapzend.noDestroy": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Does all changes to the filesystem except destroy.", "loc": ["services", "znapzend", "noDestroy"], "readOnly": false, "type": "boolean"}, "services.znapzend.pure": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Do not persist any stateful znapzend setups. If this option is\nenabled, your previously set znapzend setups will be cleared and only\nthe ones defined with this module will be applied.\n", "loc": ["services", "znapzend", "pure"], "readOnly": false, "type": "boolean"}, "services.znapzend.zetup": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Znapzend configuration.", "example": {"_type": "literalExpression", "text": "{\n  \"tank/home\" = {\n    # Make snapshots of tank/home every hour, keep those for 1 day,\n    # keep every days snapshot for 1 month, etc.\n    plan = \"1d=>1h,1m=>1d,1y=>1m\";\n    recursive = true;\n    # Send all those snapshots to john@example.com:rtank/john as well\n    destinations.remote = {\n      host = \"john@example.com\";\n      dataset = \"rtank/john\";\n    };\n  };\n};\n"}, "loc": ["services", "znapzend", "zetup"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.znapzend.zetup.<name>.dataset": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "description": "The dataset to use for this source.", "example": {"_type": "literalExpression", "text": "\"tank/home\""}, "loc": ["services", "znapzend", "zetup", "<name>", "dataset"], "readOnly": false, "type": "string"}, "services.znapzend.zetup.<name>.destinations": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional destinations.", "example": {"_type": "literalExpression", "text": "{\n  local = {\n    dataset = \"btank/backup\";\n    presend = \"zpool import -N btank\";\n    postsend = \"zpool export btank\";\n  };\n  remote = {\n    host = \"john@example.com\";\n    dataset = \"tank/john\";\n  };\n};\n"}, "loc": ["services", "znapzend", "zetup", "<name>", "destinations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.znapzend.zetup.<name>.destinations.<name>.dataset": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "description": "Dataset name to send snapshots to.", "example": {"_type": "literalExpression", "text": "\"tank/main\""}, "loc": ["services", "znapzend", "zetup", "<name>", "destinations", "<name>", "dataset"], "readOnly": false, "type": "string"}, "services.znapzend.zetup.<name>.destinations.<name>.host": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host to use for the destination dataset. Can be prefixed with\n`user@` to specify the ssh user.\n", "example": {"_type": "literalExpression", "text": "\"john@example.com\""}, "loc": ["services", "znapzend", "zetup", "<name>", "destinations", "<name>", "host"], "readOnly": false, "type": "null or string"}, "services.znapzend.zetup.<name>.destinations.<name>.label": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "description": "Label for this destination. Defaults to the attribute name.", "loc": ["services", "znapzend", "zetup", "<name>", "destinations", "<name>", "label"], "readOnly": false, "type": "string"}, "services.znapzend.zetup.<name>.destinations.<name>.plan": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "description": "The znapzend backup plan to use for the source.\n\nThe plan specifies how often to backup and for how long to keep the\nbackups. It consists of a series of retention periods to interval\nassociations:\n\n```\n  retA=>intA,retB=>intB,...\n```\n\nBoth intervals and retention periods are expressed in standard units\nof time or multiples of them. You can use both the full name or a\nshortcut according to the following listing:\n\n```\n  second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y\n```\n\nSee {manpage}`znapzendzetup(1)` for more info.\n", "example": {"_type": "literalExpression", "text": "\"1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m\""}, "loc": ["services", "znapzend", "zetup", "<name>", "destinations", "<name>", "plan"], "readOnly": false, "type": "string"}, "services.znapzend.zetup.<name>.destinations.<name>.postsend": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Command to run after sending the snapshot to the destination.\nIntended to run a remote script via {command}`ssh` on the\ndestination, e.g. to bring up a backup disk or server or to put a\nzpool online/offline. See also {option}`presend`.\n", "example": {"_type": "literalExpression", "text": "\"ssh root@bserv zpool export tank\""}, "loc": ["services", "znapzend", "zetup", "<name>", "destinations", "<name>", "postsend"], "readOnly": false, "type": "null or string"}, "services.znapzend.zetup.<name>.destinations.<name>.presend": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Command to run before sending the snapshot to the destination.\nIntended to run a remote script via {command}`ssh` on the\ndestination, e.g. to bring up a backup disk or server or to put a\nzpool online/offline. See also {option}`postsend`.\n", "example": {"_type": "literalExpression", "text": "\"ssh root@bserv zpool import -Nf tank\""}, "loc": ["services", "znapzend", "zetup", "<name>", "destinations", "<name>", "presend"], "readOnly": false, "type": "null or string"}, "services.znapzend.zetup.<name>.enable": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this source.", "loc": ["services", "znapzend", "zetup", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.znapzend.zetup.<name>.mbuffer.enable": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use {command}`mbuffer`.", "loc": ["services", "znapzend", "zetup", "<name>", "mbuffer", "enable"], "readOnly": false, "type": "boolean"}, "services.znapzend.zetup.<name>.mbuffer.port": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port to use for {command}`mbuffer`.\n\nIf this is null, it will run {command}`mbuffer` through\nssh.\n\nIf this is not null, it will run {command}`mbuffer`\ndirectly through TCP, which is not encrypted but faster. In that\ncase the given port needs to be open on the destination host.\n", "loc": ["services", "znapzend", "zetup", "<name>", "mbuffer", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.znapzend.zetup.<name>.mbuffer.size": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "\"1G\""}, "description": "The size for {command}`mbuffer`.\nSupports the units b, k, M, G.\n", "example": {"_type": "literalExpression", "text": "\"128M\""}, "loc": ["services", "znapzend", "zetup", "<name>", "mbuffer", "size"], "readOnly": false, "type": "string of the form number{b|k|M|G}"}, "services.znapzend.zetup.<name>.plan": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "description": "The znapzend backup plan to use for the source.\n\nThe plan specifies how often to backup and for how long to keep the\nbackups. It consists of a series of retention periods to interval\nassociations:\n\n```\n  retA=>intA,retB=>intB,...\n```\n\nBoth intervals and retention periods are expressed in standard units\nof time or multiples of them. You can use both the full name or a\nshortcut according to the following listing:\n\n```\n  second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y\n```\n\nSee {manpage}`znapzendzetup(1)` for more info.\n", "example": {"_type": "literalExpression", "text": "\"1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m\""}, "loc": ["services", "znapzend", "zetup", "<name>", "plan"], "readOnly": false, "type": "string"}, "services.znapzend.zetup.<name>.postsnap": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Command to run after snapshots are taken on the source dataset,\ne.g. for database unlocking. See also {option}`presnap`.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.coreutils}/bin/kill `${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid\"\n"}, "loc": ["services", "znapzend", "zetup", "<name>", "postsnap"], "readOnly": false, "type": "null or string"}, "services.znapzend.zetup.<name>.presnap": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Command to run before snapshots are taken on the source dataset,\ne.g. for database locking/flushing. See also\n{option}`postsnap`.\n", "example": {"_type": "literalExpression", "text": "''${pkgs.mariadb}/bin/mysql -e \"set autocommit=0;flush tables with read lock;\\\\! ${pkgs.coreutils}/bin/sleep 600\" &  ${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10''\n"}, "loc": ["services", "znapzend", "zetup", "<name>", "presnap"], "readOnly": false, "type": "null or string"}, "services.znapzend.zetup.<name>.recursive": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to do recursive snapshots.", "loc": ["services", "znapzend", "zetup", "<name>", "recursive"], "readOnly": false, "type": "boolean"}, "services.znapzend.zetup.<name>.sendDelay": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Specify delay (in seconds) before sending snaps to the destination.\nMay be useful if you want to control sending time.\n", "example": {"_type": "literalExpression", "text": "60"}, "loc": ["services", "znapzend", "zetup", "<name>", "sendDelay"], "readOnly": false, "type": "signed integer"}, "services.znapzend.zetup.<name>.timestampFormat": {"declarations": ["nixos/modules/services/backup/znapzend.nix"], "default": {"_type": "literalExpression", "text": "\"%Y-%m-%d-%H%M%S\""}, "description": "The timestamp format to use for constructing snapshot names.\nThe syntax is `strftime`-like. The string must\nconsist of the mandatory `%Y %m %d %H %M %S`.\nOptionally  `- _ . :`  characters as well as any\nalphanumeric character are allowed. If suffixed by a\n`Z`, times will be in UTC.\n", "example": {"_type": "literalExpression", "text": "\"znapzend-%m.%d.%Y-%H%M%SZ\""}, "loc": ["services", "znapzend", "zetup", "<name>", "timestampFormat"], "readOnly": false, "type": "string containing all of the characters %Y, %m, %d, %H, %M, %S"}, "services.znc.confOptions.extraZncConf": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config to {file}`znc.conf` file.\n", "loc": ["services", "znc", "confOptions", "extraZncConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.znc.confOptions.modules": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"webadmin\"\n  \"adminlog\"\n]"}, "description": "A list of modules to include in the {file}`znc.conf` file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"partyline\"\n  \"webadmin\"\n  \"adminlog\"\n  \"log\"\n]"}, "loc": ["services", "znc", "confOptions", "modules"], "readOnly": false, "type": "list of string"}, "services.znc.confOptions.networks": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "IRC networks to connect the user to.\n", "example": {"_type": "literalExpression", "text": "{\n  \"libera\" = {\n    server = \"irc.libera.chat\";\n    port = 6697;\n    useSSL = true;\n    modules = [ \"simple_away\" ];\n  };\n};\n"}, "loc": ["services", "znc", "confOptions", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.znc.confOptions.networks.<name>.channels": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "IRC channels to join.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nixos\"\n]"}, "loc": ["services", "znc", "confOptions", "networks", "<name>", "channels"], "readOnly": false, "type": "list of string"}, "services.znc.confOptions.networks.<name>.extraConf": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config for the network. Consider using\n{option}`services.znc.config` instead.\n", "example": {"_type": "literalExpression", "text": "''\n  Encoding = ^UTF-8\n  FloodBurst = 4\n  FloodRate = 1.00\n  IRCConnectEnabled = true\n  Ident = johntron\n  JoinDelay = 0\n  Nick = johntron\n''"}, "loc": ["services", "znc", "confOptions", "networks", "<name>", "extraConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add the special Bitlbee operations channel.\n", "loc": ["services", "znc", "confOptions", "networks", "<name>", "hasBitlbeeControlChannel"], "readOnly": false, "type": "boolean"}, "services.znc.confOptions.networks.<name>.modules": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"simple_away\"\n]"}, "description": "ZNC network modules to load.\n", "example": {"_type": "literalExpression", "text": "[ \"simple_away\" \"sasl\" ]"}, "loc": ["services", "znc", "confOptions", "networks", "<name>", "modules"], "readOnly": false, "type": "list of string"}, "services.znc.confOptions.networks.<name>.password": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "IRC server password, such as for a Slack gateway.\n", "loc": ["services", "znc", "confOptions", "networks", "<name>", "password"], "readOnly": false, "type": "string"}, "services.znc.confOptions.networks.<name>.port": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "6697"}, "description": "IRC server port.\n", "loc": ["services", "znc", "confOptions", "networks", "<name>", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.znc.confOptions.networks.<name>.server": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "description": "IRC server address.\n", "example": {"_type": "literalExpression", "text": "\"irc.libera.chat\""}, "loc": ["services", "znc", "confOptions", "networks", "<name>", "server"], "readOnly": false, "type": "string"}, "services.znc.confOptions.networks.<name>.useSSL": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use SSL to connect to the IRC server.\n", "loc": ["services", "znc", "confOptions", "networks", "<name>", "useSSL"], "readOnly": false, "type": "boolean"}, "services.znc.confOptions.nick": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "\"znc-user\""}, "description": "The IRC nick.\n", "example": {"_type": "literalExpression", "text": "\"john\""}, "loc": ["services", "znc", "confOptions", "nick"], "readOnly": false, "type": "string"}, "services.znc.confOptions.passBlock": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "description": "Generate with {command}`nix-shell -p znc --command \"znc --makepass\"`.\nThis is the password used to log in to the ZNC web admin interface.\nYou can also set this through\n{option}`services.znc.config.User.<username>.Pass.Method`\nand co.\n", "example": {"_type": "literalExpression", "text": "''\n  &lt;Pass password&gt;\n     Method = sha256\n     Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93\n     Salt = l5Xryew4g*!oa(ECfX2o\n  &lt;/Pass&gt;\n''"}, "loc": ["services", "znc", "confOptions", "passBlock"], "readOnly": false, "type": "string"}, "services.znc.confOptions.port": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "5000"}, "description": "Specifies the port on which to listen.\n", "loc": ["services", "znc", "confOptions", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.znc.confOptions.uriPrefix": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An optional URI prefix for the ZNC web interface. Can be\nused to make ZNC available behind a reverse proxy.\n", "example": {"_type": "literalExpression", "text": "\"/znc/\""}, "loc": ["services", "znc", "confOptions", "uriPrefix"], "readOnly": false, "type": "null or string"}, "services.znc.confOptions.useSSL": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Indicates whether the ZNC server should use SSL when listening on\nthe specified port. A self-signed certificate will be generated.\n", "loc": ["services", "znc", "confOptions", "useSSL"], "readOnly": false, "type": "boolean"}, "services.znc.confOptions.userModules": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"chansaver\"\n  \"controlpanel\"\n]"}, "description": "A list of user modules to include in the {file}`znc.conf` file.\n", "example": {"_type": "literalExpression", "text": "[\n  \"chansaver\"\n  \"controlpanel\"\n  \"fish\"\n  \"push\"\n]"}, "loc": ["services", "znc", "confOptions", "userModules"], "readOnly": false, "type": "list of string"}, "services.znc.confOptions.userName": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "\"znc\""}, "description": "The user name used to log in to the ZNC web admin interface.\n", "example": {"_type": "literalExpression", "text": "\"johntron\""}, "loc": ["services", "znc", "confOptions", "userName"], "readOnly": false, "type": "string"}, "services.znc.config": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for ZNC, see\n<https://wiki.znc.in/Configuration> for details. The\nNix value declared here will be translated directly to the xml-like\nformat ZNC expects. This is much more flexible than the legacy options\nunder {option}`services.znc.confOptions.*`, but also can't do\nany type checking.\n\nYou can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`\nto view the current value. By default it contains a listener for port\n5000 with SSL enabled.\n\nNix attributes called `extraConfig` will be inserted\nverbatim into the resulting config file.\n\nIf {option}`services.znc.useLegacyConfig` is turned on, the\noption values in {option}`services.znc.confOptions.*` will be\ngracefully be applied to this option.\n\nIf you intend to update the configuration through this option, be sure\nto disable {option}`services.znc.mutable`, otherwise none of the\nchanges here will be applied after the initial deploy.\n", "example": {"_type": "literalExpression", "text": "{\n  LoadModule = [ \"webadmin\" \"adminlog\" ];\n  User.paul = {\n    Admin = true;\n    Nick = \"paul\";\n    AltNick = \"paul1\";\n    LoadModule = [ \"chansaver\" \"controlpanel\" ];\n    Network.libera = {\n      Server = \"irc.libera.chat +6697\";\n      LoadModule = [ \"simple_away\" ];\n      Chan = {\n        \"#nixos\" = { Detached = false; };\n        \"##linux\" = { Disabled = true; };\n      };\n    };\n    Pass.password = {\n      Method = \"sha256\";\n      Hash = \"e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93\";\n      Salt = \"l5Xryew4g*!oa(ECfX2o\";\n    };\n  };\n}\n"}, "loc": ["services", "znc", "config"], "readOnly": false, "type": "attribute set of (znc values (null, atoms (str, int, bool), list of atoms, or attrsets of znc values))"}, "services.znc.configFile": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "description": "Configuration file for ZNC. It is recommended to use the\n{option}`config` option instead.\n\nSetting this option will override any auto-generated config file\nthrough the {option}`confOptions` or {option}`config`\noptions.\n", "example": {"_type": "literalExpression", "text": "~/.znc/configs/znc.conf"}, "loc": ["services", "znc", "configFile"], "readOnly": false, "type": "absolute path"}, "services.znc.dataDir": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/znc\""}, "description": "The state directory for ZNC. The config and the modules will be linked\nto from this directory as well.\n", "example": {"_type": "literalExpression", "text": "\"/home/john/.znc\""}, "loc": ["services", "znc", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.znc.enable": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZNC.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "znc", "enable"], "readOnly": false, "type": "boolean"}, "services.znc.extraFlags": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to use for executing znc.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--debug\"\n]"}, "loc": ["services", "znc", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.znc.group": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "\"znc\""}, "description": "Group to own the ZNC process.\n", "example": {"_type": "literalExpression", "text": "\"users\""}, "loc": ["services", "znc", "group"], "readOnly": false, "type": "string"}, "services.znc.modulePackages": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of global znc module packages to add to znc.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.zncModules.fish pkgs.zncModules.push ]"}, "loc": ["services", "znc", "modulePackages"], "readOnly": false, "type": "list of package"}, "services.znc.mutable": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Indicates whether to allow the contents of the\n`dataDir` directory to be changed by the user at\nrun-time.\n\nIf enabled, modifications to the ZNC configuration after its initial\ncreation are not overwritten by a NixOS rebuild. If disabled, the\nZNC configuration is rebuilt on every NixOS rebuild.\n\nIf the user wants to manage the ZNC service using the web admin\ninterface, this option should be enabled.\n", "loc": ["services", "znc", "mutable"], "readOnly": false, "type": "boolean"}, "services.znc.openFirewall": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open ports in the firewall for ZNC. Does work with\nports for listeners specified in\n{option}`services.znc.config.Listener`.\n", "loc": ["services", "znc", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.znc.useLegacyConfig": {"declarations": ["nixos/modules/services/networking/znc/options.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to propagate the legacy options under\n{option}`services.znc.confOptions.*` to the znc config. If this\nis turned on, the znc config will contain a user with the default name\n\"znc\", global modules \"webadmin\" and \"adminlog\" will be enabled by\ndefault, and more, all controlled through the\n{option}`services.znc.confOptions.*` options.\nYou can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`\nto view the current value of the config.\n\nIn any case, if you need more flexibility,\n{option}`services.znc.config` can be used to override/add to\nall of the legacy options.\n", "loc": ["services", "znc", "useLegacyConfig"], "readOnly": false, "type": "boolean"}, "services.znc.user": {"declarations": ["nixos/modules/services/networking/znc/default.nix"], "default": {"_type": "literalExpression", "text": "\"znc\""}, "description": "The name of an existing user account to use to own the ZNC server\nprocess. If not specified, a default user will be created.\n", "example": {"_type": "literalExpression", "text": "\"john\""}, "loc": ["services", "znc", "user"], "readOnly": false, "type": "string"}, "services.zoneminder.cameras": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Set this to the number of cameras you expect to support.\n", "loc": ["services", "zoneminder", "cameras"], "readOnly": false, "type": "signed integer"}, "services.zoneminder.database.createLocally": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create the database and database user locally.\n", "loc": ["services", "zoneminder", "database", "createLocally"], "readOnly": false, "type": "boolean"}, "services.zoneminder.database.host": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "Hostname hosting the database.\n", "loc": ["services", "zoneminder", "database", "host"], "readOnly": false, "type": "string"}, "services.zoneminder.database.name": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"zm\""}, "description": "Name of database.\n", "loc": ["services", "zoneminder", "database", "name"], "readOnly": false, "type": "string"}, "services.zoneminder.database.password": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"zmpass\""}, "description": "Username for accessing the database.\nNot used if `createLocally` is set.\n", "loc": ["services", "zoneminder", "database", "password"], "readOnly": false, "type": "string"}, "services.zoneminder.database.username": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"zmuser\""}, "description": "Username for accessing the database.\n", "loc": ["services", "zoneminder", "database", "username"], "readOnly": false, "type": "string"}, "services.zoneminder.enable": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable ZoneMinder.\n\nIf you intend to run the database locally, you should set\n`config.services.zoneminder.database.createLocally` to true. Otherwise,\nwhen set to `false` (the default), you will have to create the database\nand database user as well as populate the database yourself.\nAdditionally, you will need to run `zmupdate.pl` yourself when\nupgrading to a newer version\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zoneminder", "enable"], "readOnly": false, "type": "boolean"}, "services.zoneminder.extraConfig": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional configuration added verbatim to the configuration file.\n", "loc": ["services", "zoneminder", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zoneminder.hostname": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The hostname on which to listen.\n", "loc": ["services", "zoneminder", "hostname"], "readOnly": false, "type": "string"}, "services.zoneminder.openFirewall": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open the firewall port(s).\n", "loc": ["services", "zoneminder", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.zoneminder.port": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "8095"}, "description": "The port on which to listen.\n", "loc": ["services", "zoneminder", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zoneminder.storageDir": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "ZoneMinder can generate quite a lot of data, so in case you don't want\nto use the default /var/lib/zoneminder, you can override the path here.\n", "example": {"_type": "literalExpression", "text": "\"/storage/tank\""}, "loc": ["services", "zoneminder", "storageDir"], "readOnly": false, "type": "null or string"}, "services.zoneminder.webserver": {"declarations": ["nixos/modules/services/misc/zoneminder.nix"], "default": {"_type": "literalExpression", "text": "\"nginx\""}, "description": "The webserver to configure for the PHP frontend.\n\nSet it to `none` if you want to configure it yourself. PRs are welcome\nfor support for other web servers.\n", "loc": ["services", "zoneminder", "webserver"], "readOnly": false, "type": "one of \"nginx\", \"none\""}, "services.zookeeper.dataDir": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/zookeeper\""}, "description": "Data directory for Zookeeper\n", "loc": ["services", "zookeeper", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.zookeeper.enable": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Zookeeper.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zookeeper", "enable"], "readOnly": false, "type": "boolean"}, "services.zookeeper.extraCmdLineOptions": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.local.only=true\"\n]"}, "description": "Extra command line options for the Zookeeper launcher.", "example": {"_type": "literalExpression", "text": "[\n  \"-Djava.net.preferIPv4Stack=true\"\n  \"-Dcom.sun.management.jmxremote\"\n  \"-Dcom.sun.management.jmxremote.local.only=true\"\n]"}, "loc": ["services", "zookeeper", "extraCmdLineOptions"], "readOnly": false, "type": "list of string"}, "services.zookeeper.extraConf": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "''\n  initLimit=5\n  syncLimit=2\n  tickTime=2000\n''"}, "description": "Extra configuration for Zookeeper.", "loc": ["services", "zookeeper", "extraConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zookeeper.id": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Zookeeper ID.", "loc": ["services", "zookeeper", "id"], "readOnly": false, "type": "signed integer"}, "services.zookeeper.jre": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zookeeper.jre"}, "description": "The JRE with which to run Zookeeper", "example": {"_type": "literalExpression", "text": "pkgs.jre"}, "loc": ["services", "zookeeper", "jre"], "readOnly": false, "type": "package"}, "services.zookeeper.logging": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "''\n  <configuration>\n    <property name=\"zookeeper.console.threshold\" value=\"INFO\" />\n    <property name=\"zookeeper.log.dir\" value=\".\" />\n    <property name=\"zookeeper.log.file\" value=\"zookeeper.log\" />\n    <property name=\"zookeeper.log.threshold\" value=\"INFO\" />\n    <property name=\"zookeeper.log.maxfilesize\" value=\"256MB\" />\n    <property name=\"zookeeper.log.maxbackupindex\" value=\"20\" />\n    <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n      <encoder>\n        <pattern>%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n</pattern>\n      </encoder>\n      <filter class=\"ch.qos.logback.classic.filter.ThresholdFilter\">\n        <level>''${zookeeper.console.threshold}</level>\n      </filter>\n    </appender>\n    <root level=\"INFO\">\n      <appender-ref ref=\"CONSOLE\" />\n    </root>\n  </configuration>\n''"}, "description": "Zookeeper logging configuration, logback.xml.", "loc": ["services", "zookeeper", "logging"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zookeeper.package": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zookeeper"}, "description": "The zookeeper package to use.", "loc": ["services", "zookeeper", "package"], "readOnly": false, "type": "package"}, "services.zookeeper.port": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "2181"}, "description": "Zookeeper Client port.", "loc": ["services", "zookeeper", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zookeeper.preferIPv4": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Add the -Djava.net.preferIPv4Stack=true flag to the Zookeeper server.\n", "loc": ["services", "zookeeper", "preferIPv4"], "readOnly": false, "type": "boolean"}, "services.zookeeper.purgeInterval": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "The time interval in hours for which the purge task has to be triggered. Set to a positive integer (1 and above) to enable the auto purging.\n", "loc": ["services", "zookeeper", "purgeInterval"], "readOnly": false, "type": "signed integer"}, "services.zookeeper.servers": {"declarations": ["nixos/modules/services/misc/zookeeper.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "All Zookeeper Servers.", "example": {"_type": "literalExpression", "text": "''\n  server.0=host0:2888:3888\n  server.1=host1:2888:3888\n  server.2=host2:2888:3888\n''"}, "loc": ["services", "zookeeper", "servers"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.zram-generator.enable": {"declarations": ["nixos/modules/services/system/zram-generator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Systemd unit generator for zram devices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zram-generator", "enable"], "readOnly": false, "type": "boolean"}, "services.zram-generator.package": {"declarations": ["nixos/modules/services/system/zram-generator.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zram-generator"}, "description": "The zram-generator package to use.", "loc": ["services", "zram-generator", "package"], "readOnly": false, "type": "package"}, "services.zram-generator.settings": {"declarations": ["nixos/modules/services/system/zram-generator.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for zram-generator,\nsee <https://github.com/systemd/zram-generator> for documentation.\n", "loc": ["services", "zram-generator", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.zrepl.enable": {"declarations": ["nixos/modules/services/backup/zrepl.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zrepl.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zrepl", "enable"], "readOnly": false, "type": "boolean"}, "services.zrepl.package": {"declarations": ["nixos/modules/services/backup/zrepl.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zrepl"}, "description": "The zrepl package to use.", "loc": ["services", "zrepl", "package"], "readOnly": false, "type": "package"}, "services.zrepl.settings": {"declarations": ["nixos/modules/services/backup/zrepl.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for zrepl. See <https://zrepl.github.io/configuration.html>\nfor more information.\n", "loc": ["services", "zrepl", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.zwave-js-ui.enable": {"declarations": ["nixos/modules/services/home-automation/zwave-js-ui.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable zwave-js-ui.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zwave-js-ui", "enable"], "readOnly": false, "type": "boolean"}, "services.zwave-js-ui.package": {"declarations": ["nixos/modules/services/home-automation/zwave-js-ui.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zwave-js-ui"}, "description": "The zwave-js-ui package to use.", "loc": ["services", "zwave-js-ui", "package"], "readOnly": false, "type": "package"}, "services.zwave-js-ui.serialPort": {"declarations": ["nixos/modules/services/home-automation/zwave-js-ui.nix"], "description": "Serial port for the Z-Wave controller.\n\nOnly used to grant permissions to the device; must be additionally configured in the application\n", "example": {"_type": "literalExpression", "text": "\"/dev/serial/by-id/usb-example\""}, "loc": ["services", "zwave-js-ui", "serialPort"], "readOnly": false, "type": "absolute path"}, "services.zwave-js-ui.settings": {"declarations": ["nixos/modules/services/home-automation/zwave-js-ui.nix"], "description": "Extra environment variables passed to the zwave-js-ui process.\n\nCheck <https://zwave-js.github.io/zwave-js-ui/#/guide/env-vars> for possible options\n", "example": {"_type": "literalExpression", "text": "{\n  HOST = \"::\";\n  PORT = \"8091\";\n}"}, "loc": ["services", "zwave-js-ui", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or absolute path or package)"}, "services.zwave-js.enable": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the zwave-js server on boot.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "zwave-js", "enable"], "readOnly": false, "type": "boolean"}, "services.zwave-js.extraFlags": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to command\n", "example": {"_type": "literalExpression", "text": "[\n  \"--mock-driver\"\n]"}, "loc": ["services", "zwave-js", "extraFlags"], "readOnly": false, "type": "list of string"}, "services.zwave-js.package": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "default": {"_type": "literalExpression", "text": "pkgs.zwave-js-server"}, "description": "The zwave-js-server package to use.", "loc": ["services", "zwave-js", "package"], "readOnly": false, "type": "package"}, "services.zwave-js.port": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "default": {"_type": "literalExpression", "text": "3000"}, "description": "Port for the server to listen on.\n", "loc": ["services", "zwave-js", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.zwave-js.secretsConfigFile": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "description": "JSON file containing secret keys. A dummy example:\n\n```\n{\n  \"securityKeys\": {\n    \"S0_Legacy\": \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\n    \"S2_Unauthenticated\": \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\",\n    \"S2_Authenticated\": \"CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\",\n    \"S2_AccessControl\": \"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD\"\n  }\n}\n```\n\nSee\n<https://zwave-js.github.io/node-zwave-js/#/getting-started/security-s2>\nfor details. This file will be merged with the module-generated config\nfile (taking precedence).\n\nZ-Wave keys can be generated with:\n\n  {command}`< /dev/urandom tr -dc A-F0-9 | head -c32 ;echo`\n\n\n::: {.warning}\nA file in the nix store should not be used since it will be readable to\nall users.\n:::\n", "example": {"_type": "literalExpression", "text": "\"/secrets/zwave-js-keys.json\""}, "loc": ["services", "zwave-js", "secretsConfigFile"], "readOnly": false, "type": "absolute path"}, "services.zwave-js.serialPort": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "description": "Serial port device path for Z-Wave controller.\n", "example": {"_type": "literalExpression", "text": "\"/dev/ttyUSB0\""}, "loc": ["services", "zwave-js", "serialPort"], "readOnly": false, "type": "absolute path"}, "services.zwave-js.settings": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration settings for the generated config file.\n\nThis config is combined with the contents of `secretsConfigFile` and\npassed to zwave-js-server via `--config`. The project's README [1]\nstates that the config must follow the Z-Wave JS config format [2].\n\n[1]: https://github.com/zwave-js/zwave-js-server/tree/master\n[2]: https://zwave-js.github.io/node-zwave-js/#/api/driver?id=zwaveoptions\n\n::: {.warning}\nSecrets should go in `secretsConfigFile`. The contents of `settings` is\nwritten to the nix store, which is world-readable.\n:::\n", "loc": ["services", "zwave-js", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.zwave-js.settings.storage.cacheDir": {"declarations": ["nixos/modules/services/home-automation/zwave-js.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/zwave-js\""}, "description": "Cache directory", "loc": ["services", "zwave-js", "settings", "storage", "cacheDir"], "readOnly": true, "type": "absolute path"}, "swapDevices": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix", "nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The swap devices and swap files.  These must have been\ninitialised using {command}`mkswap`.  Each element\nshould be an attribute set specifying either the path of the\nswap device or file (`device`) or the label\nof the swap device (`label`, see\n{command}`mkswap -L`).  Using a label is\nrecommended.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    device = \"/dev/hda7\";\n  }\n  {\n    device = \"/var/swapfile\";\n  }\n  {\n    label = \"bigswap\";\n  }\n]"}, "loc": ["swapDevices"], "readOnly": false, "type": "list of (submodule)"}, "swapDevices.*.device": {"declarations": ["nixos/modules/config/swap.nix"], "description": "Path of the device or swap file.", "example": {"_type": "literalExpression", "text": "\"/dev/sda3\""}, "loc": ["swapDevices", "*", "device"], "readOnly": false, "type": "non-empty string"}, "swapDevices.*.discardPolicy": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the discard policy for the swap device. If \"once\", then the\nwhole swap space is discarded at swapon invocation. If \"pages\",\nasynchronous discard on freed pages is performed, before returning to\nthe available pages pool. With \"both\", both policies are activated.\nSee {manpage}`swapon(8)` for more information.\n", "example": {"_type": "literalExpression", "text": "\"once\""}, "loc": ["swapDevices", "*", "discardPolicy"], "readOnly": false, "type": "null or one of \"once\", \"pages\", \"both\""}, "swapDevices.*.encrypted.blkDev": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Location of the backing encrypted device.", "example": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "loc": ["swapDevices", "*", "encrypted", "blkDev"], "readOnly": false, "type": "null or string"}, "swapDevices.*.encrypted.enable": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The block device is backed by an encrypted one, adds this device as a initrd luks entry.", "loc": ["swapDevices", "*", "encrypted", "enable"], "readOnly": false, "type": "boolean"}, "swapDevices.*.encrypted.keyFile": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a keyfile used to unlock the backing encrypted\ndevice. When systemd stage 1 is not enabled, at the time\nthis keyfile is accessed, the `neededForBoot` filesystems\n(see `utils.fsNeededForBoot`) will have been mounted under\n`/mnt-root`, so the keyfile path should usually start with\n\"/mnt-root/\". When systemd stage 1 is enabled,\n`fsNeededForBoot` file systems will be mounted as needed\nunder `/sysroot`, and the keyfile will not be accessed until\nits requisite mounts are done.\n", "example": {"_type": "literalExpression", "text": "\"/mnt-root/root/.swapkey\""}, "loc": ["swapDevices", "*", "encrypted", "keyFile"], "readOnly": false, "type": "null or string"}, "swapDevices.*.encrypted.label": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label of the unlocked encrypted device. Set `fileSystems.<name?>.device` to `/dev/mapper/<label>` to mount the unlocked device.", "example": {"_type": "literalExpression", "text": "\"rootfs\""}, "loc": ["swapDevices", "*", "encrypted", "label"], "readOnly": false, "type": "null or string"}, "swapDevices.*.label": {"declarations": ["nixos/modules/config/swap.nix"], "description": "Label of the device.  Can be used instead of {var}`device`.\n", "example": {"_type": "literalExpression", "text": "\"swap\""}, "loc": ["swapDevices", "*", "label"], "readOnly": false, "type": "string"}, "swapDevices.*.options": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"defaults\"\n]"}, "description": "Options used to mount the swap.\n", "example": {"_type": "literalExpression", "text": "[\n  \"nofail\"\n]"}, "loc": ["swapDevices", "*", "options"], "readOnly": false, "type": "list of non-empty string"}, "swapDevices.*.priority": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specify the priority of the swap device. Priority is a value between 0 and 32767.\nHigher numbers indicate higher priority.\nnull lets the kernel choose a priority, which will show up as a negative value.\n", "example": {"_type": "literalExpression", "text": "2048"}, "loc": ["swapDevices", "*", "priority"], "readOnly": false, "type": "null or signed integer"}, "swapDevices.*.randomEncryption": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Encrypt swap device with a random key. This way you won't have a persistent swap device.\n\nHINT: run \"cryptsetup benchmark\" to test cipher performance on your machine.\n\nWARNING: Don't try to hibernate when you have at least one swap partition with\nthis option enabled! We have no way to set the partition into which hibernation image\nis saved, so if your image ends up on an encrypted one you would lose it!\n\nWARNING #2: Do not use /dev/disk/by-uuid/\u2026 or /dev/disk/by-label/\u2026 as your swap device\nwhen using randomEncryption as the UUIDs and labels will get erased on every boot when\nthe partition is encrypted. Best to use /dev/disk/by-partuuid/\u2026\n", "example": {"_type": "literalExpression", "text": "{\n  cipher = \"serpent-xts-plain64\";\n  enable = true;\n  source = \"/dev/random\";\n}"}, "loc": ["swapDevices", "*", "randomEncryption"], "readOnly": false, "type": "(submodule) or boolean convertible to it"}, "swapDevices.*.randomEncryption.allowDiscards": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow TRIM requests to the underlying device. This option\nhas security implications; please read the LUKS documentation before\nactivating it.\n", "loc": ["swapDevices", "*", "randomEncryption", "allowDiscards"], "readOnly": false, "type": "boolean"}, "swapDevices.*.randomEncryption.cipher": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "\"aes-xts-plain64\""}, "description": "Use specified cipher for randomEncryption.\n\nHint: Run \"cryptsetup benchmark\" to see which one is fastest on your machine.\n", "example": {"_type": "literalExpression", "text": "\"serpent-xts-plain64\""}, "loc": ["swapDevices", "*", "randomEncryption", "cipher"], "readOnly": false, "type": "string"}, "swapDevices.*.randomEncryption.enable": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Encrypt swap device with a random key. This way you won't have a persistent swap device.\n\nWARNING: Don't try to hibernate when you have at least one swap partition with\nthis option enabled! We have no way to set the partition into which hibernation image\nis saved, so if your image ends up on an encrypted one you would lose it!\n\nWARNING #2: Do not use /dev/disk/by-uuid/\u2026 or /dev/disk/by-label/\u2026 as your swap device\nwhen using randomEncryption as the UUIDs and labels will get erased on every boot when\nthe partition is encrypted. Best to use /dev/disk/by-partuuid/\u2026\n", "loc": ["swapDevices", "*", "randomEncryption", "enable"], "readOnly": false, "type": "boolean"}, "swapDevices.*.randomEncryption.keySize": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the encryption key size for the plain device.\n\nIf not specified, the amount of data to read from `source` will be\ndetermined by cryptsetup.\n\nSee {manpage}`cryptsetup-open(8)` for details.\n", "example": {"_type": "literalExpression", "text": "\"512\""}, "loc": ["swapDevices", "*", "randomEncryption", "keySize"], "readOnly": false, "type": "null or signed integer"}, "swapDevices.*.randomEncryption.sectorSize": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the sector size for the plain encrypted device type.\n\nIf not specified, the default sector size is determined from the\nunderlying block device.\n\nSee {manpage}`cryptsetup-open(8)` for details.\n", "example": {"_type": "literalExpression", "text": "\"4096\""}, "loc": ["swapDevices", "*", "randomEncryption", "sectorSize"], "readOnly": false, "type": "null or signed integer"}, "swapDevices.*.randomEncryption.source": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/urandom\""}, "description": "Define the source of randomness to obtain a random key for encryption.\n", "example": {"_type": "literalExpression", "text": "\"/dev/random\""}, "loc": ["swapDevices", "*", "randomEncryption", "source"], "readOnly": false, "type": "string"}, "swapDevices.*.size": {"declarations": ["nixos/modules/config/swap.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If this option is set, \u2018device\u2019 is interpreted as the\npath of a swapfile that will be created automatically\nwith the indicated size in MiB (1024\u00d71024 bytes).\n", "example": {"_type": "literalExpression", "text": "2048"}, "loc": ["swapDevices", "*", "size"], "readOnly": false, "type": "null or signed integer"}, "system.activatable": {"declarations": ["nixos/modules/system/activation/activatable-system.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to add the activation script to the system profile.\n\nThe default, to have the script available all the time, is what we normally\ndo, but for image based systems, this may not be needed or not be desirable.\n", "loc": ["system", "activatable"], "readOnly": false, "type": "boolean"}, "system.activationScripts": {"declarations": ["nixos/modules/system/activation/activation-script.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of shell script fragments that are executed when a NixOS\nsystem configuration is activated.  Examples are updating\n/etc, creating accounts, and so on.  Since these are executed\nevery time you boot the system or run\n{command}`nixos-rebuild`, it's important that they are\nidempotent and fast.\n", "example": {"_type": "literalExpression", "text": "{\n  stdio = {\n    # Run after /dev has been mounted\n    deps = [ \"specialfs\" ];\n    text =\n      ''\n        # Needed by some programs.\n        ln -sfn /proc/self/fd /dev/fd\n        ln -sfn /proc/self/fd/0 /dev/stdin\n        ln -sfn /proc/self/fd/1 /dev/stdout\n        ln -sfn /proc/self/fd/2 /dev/stderr\n      '';\n  };\n}\n"}, "loc": ["system", "activationScripts"], "readOnly": false, "type": "attribute set of (string or (submodule))"}, "system.autoUpgrade.allowReboot": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Reboot the system into the new generation instead of a switch\nif the new generation uses a different kernel, kernel modules\nor initrd than the booted system.\nSee {option}`rebootWindow` for configuring the times at which a reboot is allowed.\n", "loc": ["system", "autoUpgrade", "allowReboot"], "readOnly": false, "type": "boolean"}, "system.autoUpgrade.channel": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The URI of the NixOS channel to use for automatic\nupgrades. By default, this is the channel set using\n{command}`nix-channel` (run `nix-channel --list`\nto see the current value).\n", "example": {"_type": "literalExpression", "text": "\"https://channels.nixos.org/nixos-14.12-small\""}, "loc": ["system", "autoUpgrade", "channel"], "readOnly": false, "type": "null or string"}, "system.autoUpgrade.dates": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "\"04:40\""}, "description": "How often or when upgrade occurs. For most desktop and server systems\na sufficient upgrade frequency is once a day.\n\nThe format is described in\n{manpage}`systemd.time(7)`.\n", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["system", "autoUpgrade", "dates"], "readOnly": false, "type": "string"}, "system.autoUpgrade.enable": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to periodically upgrade NixOS to the latest\nversion. If enabled, a systemd timer will run\n`nixos-rebuild switch --upgrade` once a\nday.\n", "loc": ["system", "autoUpgrade", "enable"], "readOnly": false, "type": "boolean"}, "system.autoUpgrade.fixedRandomDelay": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make the randomized delay consistent between runs.\nThis reduces the jitter between automatic upgrades.\nSee {option}`randomizedDelaySec` for configuring the randomized delay.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "autoUpgrade", "fixedRandomDelay"], "readOnly": false, "type": "boolean"}, "system.autoUpgrade.flags": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any additional flags passed to {command}`nixos-rebuild`.\n\nIf you are using flakes and use a local repo you can add\n{command}`[ \"--update-input\" \"nixpkgs\" \"--commit-lock-file\" ]`\nto update nixpkgs.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-I\"\n  \"stuff=/home/alice/nixos-stuff\"\n  \"--option\"\n  \"extra-binary-caches\"\n  \"http://my-cache.example.org/\"\n]"}, "loc": ["system", "autoUpgrade", "flags"], "readOnly": false, "type": "list of string"}, "system.autoUpgrade.flake": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Flake URI of the NixOS configuration to build.\nDisables the option {option}`system.autoUpgrade.channel`.\n", "example": {"_type": "literalExpression", "text": "\"github:kloenk/nix\""}, "loc": ["system", "autoUpgrade", "flake"], "readOnly": false, "type": "null or string"}, "system.autoUpgrade.operation": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "\"switch\""}, "description": "Whether to run\n`nixos-rebuild switch --upgrade` or run\n`nixos-rebuild boot --upgrade`\n", "example": {"_type": "literalExpression", "text": "\"boot\""}, "loc": ["system", "autoUpgrade", "operation"], "readOnly": false, "type": "one of \"switch\", \"boot\""}, "system.autoUpgrade.persistent": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Takes a boolean argument. If true, the time when the service\nunit was last triggered is stored on disk. When the timer is\nactivated, the service unit is triggered immediately if it\nwould have been triggered at least once during the time when\nthe timer was inactive. Such triggering is nonetheless\nsubject to the delay imposed by RandomizedDelaySec=. This is\nuseful to catch up on missed runs of the service when the\nsystem was powered down.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["system", "autoUpgrade", "persistent"], "readOnly": false, "type": "boolean"}, "system.autoUpgrade.randomizedDelaySec": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Add a randomized delay before each automatic upgrade.\nThe delay will be chosen between zero and this value.\nThis value must be a time span in the format specified by\n{manpage}`systemd.time(7)`\n", "example": {"_type": "literalExpression", "text": "\"45min\""}, "loc": ["system", "autoUpgrade", "randomizedDelaySec"], "readOnly": false, "type": "string"}, "system.autoUpgrade.rebootWindow": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Define a lower and upper time value (in HH:MM format) which\nconstitute a time window during which reboots are allowed after an upgrade.\nThis option only has an effect when {option}`allowReboot` is enabled.\nThe default value of `null` means that reboots are allowed at any time.\n", "example": {"_type": "literalExpression", "text": "{\n  lower = \"01:00\";\n  upper = \"05:00\";\n}"}, "loc": ["system", "autoUpgrade", "rebootWindow"], "readOnly": false, "type": "null or (submodule)"}, "system.autoUpgrade.rebootWindow.lower": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "description": "Lower limit of the reboot window", "example": {"_type": "literalExpression", "text": "\"01:00\""}, "loc": ["system", "autoUpgrade", "rebootWindow", "lower"], "readOnly": false, "type": "string matching the pattern [[:digit:]]{2}:[[:digit:]]{2}"}, "system.autoUpgrade.rebootWindow.upper": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "description": "Upper limit of the reboot window", "example": {"_type": "literalExpression", "text": "\"05:00\""}, "loc": ["system", "autoUpgrade", "rebootWindow", "upper"], "readOnly": false, "type": "string matching the pattern [[:digit:]]{2}:[[:digit:]]{2}"}, "system.autoUpgrade.runGarbageCollection": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically run `nix-gc.service` after a successful\nsystem upgrade.\n", "loc": ["system", "autoUpgrade", "runGarbageCollection"], "readOnly": false, "type": "boolean"}, "system.autoUpgrade.upgrade": {"declarations": ["nixos/modules/tasks/auto-upgrade.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Disable adding the `--upgrade` parameter when `channel`\nis not set, such as when upgrading to the latest version\nof a flake honouring its lockfile.\n", "loc": ["system", "autoUpgrade", "upgrade"], "readOnly": false, "type": "boolean"}, "system.build": {"declarations": ["nixos/modules/system/build.nix", "nixos/modules/hardware/facter/debug.nix", "nixos/modules/system/activation/top-level.nix", "nixos/modules/system/activation/activation-script.nix", "nixos/modules/system/activation/activatable-system.nix", "nixos/modules/image/images.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of derivations used to set up the system.\n", "loc": ["system", "build"], "readOnly": false, "type": "open submodule of lazy attribute set of unspecified value"}, "system.build.images": {"declarations": ["nixos/modules/image/images.nix"], "description": "Different target images generated for this NixOS configuration.\n", "loc": ["system", "build", "images"], "readOnly": true, "type": "lazy attribute set of raw value"}, "system.build.noFacter": {"declarations": ["nixos/modules/hardware/facter/debug.nix"], "description": "A version of the system closure with facter disabled", "loc": ["system", "build", "noFacter"], "readOnly": false, "type": "unspecified value"}, "system.build.separateActivationScript": {"declarations": ["nixos/modules/system/activation/activatable-system.nix"], "description": "A separate activation script package that's not part of the system profile.\n\nThis is useful for configurations where `system.activatable` is `false`.\nOtherwise, you can just use `system.build.toplevel`.\n", "loc": ["system", "build", "separateActivationScript"], "readOnly": false, "type": "package"}, "system.build.toplevel": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "description": "This option contains the store path that typically represents a NixOS system.\n\nYou can read this path in a custom deployment tool for example.\n", "loc": ["system", "build", "toplevel"], "readOnly": true, "type": "package"}, "system.checks": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages that are added as dependencies of the system's build, usually\nfor the purpose of validating some part of the configuration.\n\nUnlike `system.extraDependencies`, these store paths do not\nbecome part of the built system configuration.\n", "loc": ["system", "checks"], "readOnly": false, "type": "list of package"}, "system.copySystemConfiguration": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, copies the NixOS configuration file\n(usually {file}`/etc/nixos/configuration.nix`)\nand symlinks it from the resulting system\n(getting to {file}`/run/current-system/configuration.nix`).\nNote that only this single file is copied, even if it imports others.\nWarning: This feature cannot be used when the system is configured by a flake\n", "loc": ["system", "copySystemConfiguration"], "readOnly": false, "type": "boolean"}, "system.etc.overlay.enable": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Mount `/etc` as an overlayfs instead of generating it via a perl script.\n\nNote: This is currently experimental. Only enable this option if you're\nconfident that you can recover your system if it breaks.\n", "loc": ["system", "etc", "overlay", "enable"], "readOnly": false, "type": "boolean"}, "system.etc.overlay.mutable": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to mount `/etc` mutably (i.e. read-write) or immutably (i.e. read-only).\n\nIf this is false, only the immutable lowerdir is mounted. If it is\ntrue, a writable upperdir is mounted on top.\n", "loc": ["system", "etc", "overlay", "mutable"], "readOnly": false, "type": "boolean"}, "system.extraDependencies": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths that should be included in the system\nclosure but generally not visible to users.\n\nThis option has also been used for build-time checks, but the\n`system.checks` option is more appropriate for that purpose as checks\nshould not leave a trace in the built system configuration.\n", "loc": ["system", "extraDependencies"], "readOnly": false, "type": "list of path in the Nix store"}, "system.forbiddenDependenciesRegexes": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "POSIX Extended Regular Expressions that match store paths that\nshould not appear in the system closure, with the exception of {option}`system.extraDependencies`, which is not checked.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-dev$\"\n]"}, "loc": ["system", "forbiddenDependenciesRegexes"], "readOnly": false, "type": "list of string"}, "system.includeBuildDependencies": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to include the build closure of the whole system in\nits runtime closure.  This can be useful for making changes\nfully offline, as it includes all sources, patches, and\nintermediate outputs required to build all the derivations\nthat the system depends on.\n\nNote that this includes _all_ the derivations, down from the\nincluded applications to their sources, the compilers used to\nbuild them, and even the bootstrap compiler used to compile\nthe compilers. This increases the size of the system and the\ntime needed to download its dependencies drastically: a\nminimal configuration with no extra services enabled grows\nfrom ~670MiB in size to 13.5GiB, and takes proportionally\nlonger to download.\n", "loc": ["system", "includeBuildDependencies"], "readOnly": false, "type": "boolean"}, "system.name": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.hostName == \"\"\nthen \"unnamed\"\nelse config.networking.hostName;\n"}, "description": "The name of the system used in the {option}`system.build.toplevel` derivation.\n\nThat derivation has the following name:\n`\"nixos-system-${config.system.name}-${config.system.nixos.label}\"`\n", "loc": ["system", "name"], "readOnly": false, "type": "string"}, "system.nixos-init.enable": {"declarations": ["nixos/modules/system/activation/nixos-init.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nixos-init, a system for bashless initialization.\n\nThis doesn't use any `activationScripts`. Anything set in these options is\na no-op here.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "nixos-init", "enable"], "readOnly": false, "type": "boolean"}, "system.nixos-init.package": {"declarations": ["nixos/modules/system/activation/nixos-init.nix"], "default": {"_type": "literalExpression", "text": "pkgs.nixos-init"}, "description": "The nixos-init package to use.", "loc": ["system", "nixos-init", "package"], "readOnly": false, "type": "package"}, "system.nixos.label": {"declarations": ["nixos/modules/misc/label.nix"], "description": "NixOS version name to be used in the names of generated\noutputs and boot labels.\n\nIf you ever wanted to influence the labels in your GRUB menu,\nthis is the option for you.\n\nIt can only contain letters, numbers and the following symbols:\n`:`, `_`, `.` and `-`.\n\nThe default is {option}`system.nixos.tags` separated by\n\"-\" + \"-\" + {env}`NIXOS_LABEL_VERSION` environment\nvariable (defaults to the value of\n{option}`system.nixos.version`).\n\nCan be overridden by setting {env}`NIXOS_LABEL`.\n\nUseful for not loosing track of configurations built from different\nnixos branches/revisions, e.g.:\n\n```\n#!/bin/sh\ntoday=`date +%Y%m%d`\nbranch=`(cd nixpkgs ; git branch 2>/dev/null | sed -n '/^\\* / { s|^\\* ||; p; }')`\nrevision=`(cd nixpkgs ; git rev-parse HEAD)`\nexport NIXOS_LABEL_VERSION=\"$today.$branch-${revision:0:7}\"\nnixos-rebuild switch\n```\n", "loc": ["system", "nixos", "label"], "readOnly": false, "type": "string matching the pattern [a-zA-Z0-9:_\\.-]*"}, "system.nixos.tags": {"declarations": ["nixos/modules/misc/label.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Strings to prefix to the default\n{option}`system.nixos.label`.\n\nUseful for not losing track of configurations built with\ndifferent options, e.g.:\n\n```\n{\n  system.nixos.tags = [ \"with-xen\" ];\n  virtualisation.xen.enable = true;\n}\n```\n", "example": {"_type": "literalExpression", "text": "[\n  \"with-xen\"\n]"}, "loc": ["system", "nixos", "tags"], "readOnly": false, "type": "list of string"}, "system.nssDatabases.group": {"declarations": ["nixos/modules/config/nsswitch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of group entries to configure in {file}`/etc/nsswitch.conf`.\n\nNote that \"files\" is always prepended while \"systemd\" is appended if nscd is enabled.\n\nThis option only takes effect if nscd is enabled.\n", "loc": ["system", "nssDatabases", "group"], "readOnly": false, "type": "list of string"}, "system.nssDatabases.hosts": {"declarations": ["nixos/modules/config/nsswitch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of hosts entries to configure in {file}`/etc/nsswitch.conf`.\n\nNote that \"files\" is always prepended, and \"dns\" and \"myhostname\" are always appended.\n\nThis option only takes effect if nscd is enabled.\n", "loc": ["system", "nssDatabases", "hosts"], "readOnly": false, "type": "list of string"}, "system.nssDatabases.passwd": {"declarations": ["nixos/modules/config/nsswitch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of passwd entries to configure in {file}`/etc/nsswitch.conf`.\n\nNote that \"files\" is always prepended while \"systemd\" is appended if nscd is enabled.\n\nThis option only takes effect if nscd is enabled.\n", "loc": ["system", "nssDatabases", "passwd"], "readOnly": false, "type": "list of string"}, "system.nssDatabases.services": {"declarations": ["nixos/modules/config/nsswitch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of services entries to configure in {file}`/etc/nsswitch.conf`.\n\nNote that \"files\" is always prepended.\n\nThis option only takes effect if nscd is enabled.\n", "loc": ["system", "nssDatabases", "services"], "readOnly": false, "type": "list of string"}, "system.nssDatabases.shadow": {"declarations": ["nixos/modules/config/nsswitch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of shadow entries to configure in {file}`/etc/nsswitch.conf`.\n\nNote that \"files\" is always prepended.\n\nThis option only takes effect if nscd is enabled.\n", "loc": ["system", "nssDatabases", "shadow"], "readOnly": false, "type": "list of string"}, "system.nssDatabases.sudoers": {"declarations": ["nixos/modules/config/nsswitch.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of sudoers entries to configure in {file}`/etc/nsswitch.conf`.\n\nNote that \"files\" is always prepended.\n\nThis option only takes effect if nscd is enabled.\n", "loc": ["system", "nssDatabases", "sudoers"], "readOnly": false, "type": "list of string"}, "system.preSwitchChecks": {"declarations": ["nixos/modules/system/activation/pre-switch-check.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of shell script fragments that are executed before the switch to a\nnew NixOS system configuration. A failure in any of these fragments will\ncause the switch to fail and exit early.\nThe scripts receive the new configuration path and the action verb passed\nto switch-to-configuration, as the first and second positional arguments\n(meaning that you can access them using `$1` and `$2`, respectively).\n", "example": {"_type": "literalExpression", "text": "{ failsEveryTime =\n  ''\n    false\n  '';\n}\n"}, "loc": ["system", "preSwitchChecks"], "readOnly": false, "type": "attribute set of string"}, "system.replaceDependencies.cutoffPackages": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "lib.optionals config.boot.initrd.enable [ config.system.build.initialRamdisk ]"}, "description": "Packages to which no replacements should be applied.\nThe initrd is matched by default, because its structure renders the replacement process ineffective and prone to breakage.\n", "loc": ["system", "replaceDependencies", "cutoffPackages"], "readOnly": false, "type": "list of package"}, "system.replaceDependencies.replacements": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages to override without doing a full rebuild.\nThe original derivation and replacement derivation must have the same\nname length, and ideally should have close-to-identical directory layout.\n", "example": {"_type": "literalExpression", "text": "[ ({ oldDependency = pkgs.openssl; newDependency = pkgs.callPackage /path/to/openssl { }; }) ]"}, "loc": ["system", "replaceDependencies", "replacements"], "readOnly": false, "type": "list of (submodule)"}, "system.replaceDependencies.replacements.*.newDependency": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "description": "The replacement package.", "loc": ["system", "replaceDependencies", "replacements", "*", "newDependency"], "readOnly": false, "type": "package"}, "system.replaceDependencies.replacements.*.oldDependency": {"declarations": ["nixos/modules/system/activation/top-level.nix"], "description": "The original package to override.", "loc": ["system", "replaceDependencies", "replacements", "*", "oldDependency"], "readOnly": false, "type": "package"}, "system.services": {"declarations": ["nixos/modules/system/service/systemd/system.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A collection of NixOS [modular services](https://nixos.org/manual/nixos/unstable/#modular-services) that are configured as systemd services.\n", "loc": ["system", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "system.switch.enable": {"declarations": ["nixos/modules/system/activation/switchable-system.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to include the capability to switch configurations.\n\nDisabling this makes the system unable to be reconfigured via `nixos-rebuild`.\n\nThis is good for image based appliances where updates are handled\noutside the image. Reducing features makes the image lighter and\nslightly more secure.\n", "loc": ["system", "switch", "enable"], "readOnly": false, "type": "boolean"}, "system.switch.inhibitors": {"declarations": ["nixos/modules/system/activation/switchable-system.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attribute set of strings that will prevent switching into a configuration when\nthey change.\nThe switch can be manually forced on the command line if required.\n", "loc": ["system", "switch", "inhibitors"], "readOnly": false, "type": "attribute set of string"}, "system.tools.nixos-build-vms.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-build-vms script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-build-vms", "enable"], "readOnly": false, "type": "boolean"}, "system.tools.nixos-enter.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-enter script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-enter", "enable"], "readOnly": false, "type": "boolean"}, "system.tools.nixos-generate-config.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-generate-config script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-generate-config", "enable"], "readOnly": false, "type": "boolean"}, "system.tools.nixos-install.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-install script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-install", "enable"], "readOnly": false, "type": "boolean"}, "system.tools.nixos-option.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-option script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-option", "enable"], "readOnly": false, "type": "boolean"}, "system.tools.nixos-rebuild.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-rebuild script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-rebuild", "enable"], "readOnly": false, "type": "boolean"}, "system.tools.nixos-version.enable": {"declarations": ["nixos/modules/installer/tools/tools.nix"], "default": {"_type": "literalExpression", "text": "\"config.nix.enable && !config.system.disableInstallerTools\""}, "description": "Whether to enable nixos-version script.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["system", "tools", "nixos-version", "enable"], "readOnly": false, "type": "boolean"}, "system.userActivationScripts": {"declarations": ["nixos/modules/system/activation/activation-script.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of shell script fragments that are executed by a systemd user\nservice when a NixOS system configuration is activated. Examples are\nrebuilding the .desktop file cache for showing applications in the menu.\nSince these are executed every time you run\n{command}`nixos-rebuild`, it's important that they are\nidempotent and fast.\n", "example": {"_type": "literalExpression", "text": "{ plasmaSetup = {\n    text = ''\n      ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5\"\n    '';\n    deps = [];\n  };\n}\n"}, "loc": ["system", "userActivationScripts"], "readOnly": false, "type": "attribute set of (string or (submodule))"}, "systemd.additionalUpstreamSystemUnits": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional units shipped with systemd that shall be enabled.\n", "example": {"_type": "literalExpression", "text": "[\n  \"debug-shell.service\"\n  \"systemd-quotacheck.service\"\n]"}, "loc": ["systemd", "additionalUpstreamSystemUnits"], "readOnly": false, "type": "list of string"}, "systemd.automounts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Definition of systemd automount units; see {manpage}`systemd.automount(5)`.\n\nThis is a list instead of an attrSet, because systemd mandates\nthe names to be derived from the `where` attribute.\n", "loc": ["systemd", "automounts"], "readOnly": false, "type": "list of (submodule)"}, "systemd.automounts.*.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "automounts", "*", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "automounts", "*", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.automountConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Automount]` section of the unit.  See\n{manpage}`systemd.automount(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DirectoryMode = \"0775\";\n}"}, "loc": ["systemd", "automounts", "*", "automountConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.automounts.*.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "automounts", "*", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "automounts", "*", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "automounts", "*", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "automounts", "*", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.automounts.*.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "automounts", "*", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.automounts.*.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "automounts", "*", "enable"], "readOnly": false, "type": "boolean"}, "systemd.automounts.*.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "automounts", "*", "name"], "readOnly": false, "type": "string"}, "systemd.automounts.*.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "automounts", "*", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "automounts", "*", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "automounts", "*", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.automounts.*.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "automounts", "*", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "automounts", "*", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.automounts.*.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "automounts", "*", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "automounts", "*", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "automounts", "*", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "automounts", "*", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.automounts.*.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "automounts", "*", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.automounts.*.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "automounts", "*", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.automounts.*.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "automounts", "*", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.automounts.*.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "automounts", "*", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "automounts", "*", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "automounts", "*", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "automounts", "*", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.automounts.*.where": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Absolute path of a directory of the mount point.\nWill be created if it doesn't exist. (Mandatory)\n", "example": {"_type": "literalExpression", "text": "\"/mnt\""}, "loc": ["systemd", "automounts", "*", "where"], "readOnly": false, "type": "string"}, "systemd.coredump.enable": {"declarations": ["nixos/modules/system/boot/systemd/coredump.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether core dumps should be processed by\n{command}`systemd-coredump`. If disabled, core dumps\nappear in the current directory of the crashing process.\n", "loc": ["systemd", "coredump", "enable"], "readOnly": false, "type": "boolean"}, "systemd.coredump.extraConfig": {"declarations": ["nixos/modules/system/boot/systemd/coredump.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config options for systemd-coredump. See {manpage}`coredump.conf(5)` man page\nfor available options.\n", "example": {"_type": "literalExpression", "text": "\"Storage=journal\""}, "loc": ["systemd", "coredump", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.ctrlAltDelUnit": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"reboot.target\""}, "description": "Target that should be started when Ctrl-Alt-Delete is pressed;\nsee {manpage}`systemd.special(7)`.\n", "example": {"_type": "literalExpression", "text": "\"poweroff.target\""}, "loc": ["systemd", "ctrlAltDelUnit"], "readOnly": false, "type": "string"}, "systemd.defaultUnit": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"multi-user.target\""}, "description": "Default unit started when the system boots; see {manpage}`systemd.special(7)`.\n", "loc": ["systemd", "defaultUnit"], "readOnly": false, "type": "string"}, "systemd.enableEmergencyMode": {"declarations": ["nixos/modules/system/boot/emergency-mode.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable emergency mode, which is an\n{command}`sulogin` shell started on the console if\nmounting a filesystem fails.  Since some machines (like EC2\ninstances) have no console of any kind, emergency mode doesn't\nmake sense, and it's better to continue with the boot insofar\nas possible.\n\nFor initrd emergency access, use boot.initrd.systemd.emergencyAccess instead.\n", "loc": ["systemd", "enableEmergencyMode"], "readOnly": false, "type": "boolean"}, "systemd.enableStrictShellChecks": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to run `shellcheck` on the generated scripts for systemd\nunits.\n\nWhen enabled, all systemd scripts generated by NixOS will be checked\nwith `shellcheck` and any errors or warnings will cause the build to\nfail.\n\nThis affects all scripts that have been created through the `script`,\n`reload`, `preStart`, `postStart`, `preStop` and `postStop` options for\nsystemd services. This does not affect command lines passed directly\nto `ExecStart`, `ExecReload`, `ExecStartPre`, `ExecStartPost`,\n`ExecStop` or `ExecStopPost`.\n\nIt therefore also does not affect systemd units that are coming from\npackages and that are not defined through the NixOS config. This option\nis disabled by default, and although some services have already been\nfixed, it is still likely that you will encounter build failures when\nenabling this.\n\nWe encourage people to enable this option when they are willing and\nable to submit fixes for potential build failures to Nixpkgs. The\noption can also be enabled or disabled for individual services using\nthe `enableStrictShellChecks` option on the service itself, which will\ntake precedence over the global setting.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "enableStrictShellChecks"], "readOnly": false, "type": "boolean"}, "systemd.generatorEnvironment": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables for systemd generators.\n\nThe `PATH` environment variable is populated via `systemd.generatorPath`.\n", "example": {"_type": "literalExpression", "text": "{\n  MY_VAR = \"my-value\";\n}"}, "loc": ["systemd", "generatorEnvironment"], "readOnly": false, "type": "attribute set of string"}, "systemd.generatorPath": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages added to the `PATH` environment variable of all systemd generators.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.hello ]"}, "loc": ["systemd", "generatorPath"], "readOnly": false, "type": "list of package"}, "systemd.generators": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd generators; see {manpage}`systemd.generator(5)`.\n\nFor each `NAME = VALUE` pair of the attrSet, a link is generated from\n`/etc/systemd/system-generators/NAME` to `VALUE`.\n", "example": {"_type": "literalExpression", "text": "{\n  systemd-gpt-auto-generator = \"/dev/null\";\n}"}, "loc": ["systemd", "generators"], "readOnly": false, "type": "attribute set of absolute path"}, "systemd.globalEnvironment": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to *all* systemd units.\n", "example": {"_type": "literalExpression", "text": "{\n  TZ = \"CET\";\n}"}, "loc": ["systemd", "globalEnvironment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "systemd.managerEnvironment": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables of PID 1. These variables are\n*not* passed to started units.\n", "example": {"_type": "literalExpression", "text": "{\n  SYSTEMD_LOG_LEVEL = \"debug\";\n}"}, "loc": ["systemd", "managerEnvironment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "systemd.mounts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Definition of systemd mount units; see {manpage}`systemd.mount(5)`.\n\nThis is a list instead of an attrSet, because systemd mandates\nthe names to be derived from the `where` attribute.\n", "loc": ["systemd", "mounts"], "readOnly": false, "type": "list of (submodule)"}, "systemd.mounts.*.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "mounts", "*", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "mounts", "*", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "mounts", "*", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "mounts", "*", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "mounts", "*", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "mounts", "*", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.mounts.*.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "mounts", "*", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.mounts.*.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "mounts", "*", "enable"], "readOnly": false, "type": "boolean"}, "systemd.mounts.*.mountConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Mount]` section of the unit.  See\n{manpage}`systemd.mount(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DirectoryMode = \"0775\";\n}"}, "loc": ["systemd", "mounts", "*", "mountConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.mounts.*.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "mounts", "*", "name"], "readOnly": false, "type": "string"}, "systemd.mounts.*.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "mounts", "*", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "mounts", "*", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.options": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options used to mount the file system.", "example": {"_type": "literalExpression", "text": "\"noatime\""}, "loc": ["systemd", "mounts", "*", "options"], "readOnly": false, "type": "strings concatenated with \",\""}, "systemd.mounts.*.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "mounts", "*", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.mounts.*.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "mounts", "*", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "mounts", "*", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.mounts.*.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "mounts", "*", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "mounts", "*", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "mounts", "*", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "mounts", "*", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.mounts.*.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "mounts", "*", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.mounts.*.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "mounts", "*", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.mounts.*.type": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "File system type.", "example": {"_type": "literalExpression", "text": "\"ext4\""}, "loc": ["systemd", "mounts", "*", "type"], "readOnly": false, "type": "string"}, "systemd.mounts.*.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "mounts", "*", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.mounts.*.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "mounts", "*", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "mounts", "*", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "mounts", "*", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "mounts", "*", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.mounts.*.what": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Absolute path of device node, file or other resource. (Mandatory)", "example": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "loc": ["systemd", "mounts", "*", "what"], "readOnly": false, "type": "string"}, "systemd.mounts.*.where": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Absolute path of a directory of the mount point.\nWill be created if it doesn't exist. (Mandatory)\n", "example": {"_type": "literalExpression", "text": "\"/mnt\""}, "loc": ["systemd", "mounts", "*", "where"], "readOnly": false, "type": "string"}, "systemd.network.config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of global systemd network config.", "loc": ["systemd", "network", "config"], "readOnly": false, "type": "submodule"}, "systemd.network.config.addRouteTablesToIPRoute2": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If true and routeTables are set, then the specified route tables\nwill also be installed into /etc/iproute2/rt_tables.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["systemd", "network", "config", "addRouteTablesToIPRoute2"], "readOnly": false, "type": "boolean"}, "systemd.network.config.dhcpV4Config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DHCPv4]` section of the networkd config.\nSee {manpage}`networkd.conf(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DUIDType = \"vendor\";\n}"}, "loc": ["systemd", "network", "config", "dhcpV4Config"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.config.dhcpV6Config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DHCPv6]` section of the networkd config.\nSee {manpage}`networkd.conf(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DUIDType = \"vendor\";\n}"}, "loc": ["systemd", "network", "config", "dhcpV6Config"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.config.networkConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{\n  IPv6PrivacyExtensions = true;\n}\n"}, "description": "Each attribute in this set specifies an option in the\n`[Network]` section of the networkd config.\nSee {manpage}`networkd.conf(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  ManageForeignRoutingPolicyRules = false;\n  SpeedMeter = true;\n}"}, "loc": ["systemd", "network", "config", "networkConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.config.routeTables": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Defines route table names as an attrset of name to number.\nSee {manpage}`networkd.conf(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  foo = 27;\n}"}, "loc": ["systemd", "network", "config", "routeTables"], "readOnly": false, "type": "attribute set of signed integer"}, "systemd.network.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable networkd or not.\n", "loc": ["systemd", "network", "enable"], "readOnly": false, "type": "boolean"}, "systemd.network.links": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd network links.", "loc": ["systemd", "network", "links"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.network.links.<name>.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not\n", "loc": ["systemd", "network", "links", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.network.links.<name>.extraConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration append to unit", "loc": ["systemd", "network", "links", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.network.links.<name>.linkConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Link]` section of the unit.  See\n{manpage}`systemd.link(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  MACAddress = \"00:ff:ee:aa:cc:dd\";\n}"}, "loc": ["systemd", "network", "links", "<name>", "linkConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.links.<name>.matchConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Match]` section of the unit.  See\n{manpage}`systemd.link(5)`\n{manpage}`systemd.netdev(5)`\n{manpage}`systemd.network(5)`\nfor details.\n", "example": {"_type": "literalExpression", "text": "{\n  Name = \"eth0\";\n}"}, "loc": ["systemd", "network", "links", "<name>", "matchConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd network devices.", "loc": ["systemd", "network", "netdevs"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.network.netdevs.<name>.batmanAdvancedConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[BatmanAdvanced]` section of the unit. See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  GatewayMode = \"server\";\n  RoutingAlgorithm = \"batman-v\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "batmanAdvancedConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.bondConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Bond]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Mode = \"802.3ad\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "bondConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.bridgeConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Bridge]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  STP = true;\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "bridgeConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to manage network configuration using {command}`systemd-network`.\n\nThis also enables {option}`systemd.networkd.enable`.\n", "loc": ["systemd", "network", "netdevs", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.network.netdevs.<name>.extraConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration append to unit", "loc": ["systemd", "network", "netdevs", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.network.netdevs.<name>.fooOverUDPConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[FooOverUDP]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Port = 9001;\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "fooOverUDPConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.ipvlanConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit.\nSee {manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Flags = \"private\";\n  Mode = \"L2\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "ipvlanConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.ipvtapConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit.\nSee {manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Flags = \"vepa\";\n  Mode = \"L3\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "ipvtapConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.l2tpConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[L2TP]` section of the unit. See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  EncapsulationType = \"ip\";\n  Local = \"static\";\n  PeerTunnelId = 12;\n  Remote = \"192.168.30.101\";\n  TunnelId = 10;\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "l2tpConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.l2tpSessions": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Each item in this array specifies an option in the\n`[L2TPSession]` section of the unit. See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Name = \"l2tp-sess\";\n    PeerSessionId = 26;\n    SessionId = 25;\n  }\n]"}, "loc": ["systemd", "network", "netdevs", "<name>", "l2tpSessions"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.macvlanConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[MACVLAN]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Mode = \"private\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "macvlanConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.matchConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Match]` section of the unit.  See\n{manpage}`systemd.link(5)`\n{manpage}`systemd.netdev(5)`\n{manpage}`systemd.network(5)`\nfor details.\n", "example": {"_type": "literalExpression", "text": "{\n  Name = \"eth0\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "matchConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.netdevConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "description": "Each attribute in this set specifies an option in the\n`[Netdev]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Kind = \"bridge\";\n  Name = \"mybridge\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "netdevConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.peerConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Peer]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Name = \"veth2\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "peerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.tapConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Tap]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  User = \"openvpn\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "tapConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.tunConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Tun]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  User = \"openvpn\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "tunConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.tunnelConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Tunnel]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Remote = \"192.168.1.1\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "tunnelConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.vlanConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[VLAN]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Id = 4;\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "vlanConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.vrfConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[VRF]` section of the unit. See\n{manpage}`systemd.netdev(5)` for details.\nA detailed explanation about how VRFs work can be found in the\n[kernel docs](https://www.kernel.org/doc/Documentation/networking/vrf.txt).\n", "example": {"_type": "literalExpression", "text": "{\n  Table = 2342;\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "vrfConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.vxlanConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[VXLAN]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "loc": ["systemd", "network", "netdevs", "<name>", "vxlanConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.wireguardConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[WireGuard]` section of the unit. See\n{manpage}`systemd.netdev(5)` for details.\nUse `PrivateKeyFile` instead of\n`PrivateKey`: the nix store is\nworld-readable.\n", "example": {"_type": "literalExpression", "text": "{\n  FirewallMark = 42;\n  ListenPort = 51820;\n  PrivateKeyFile = \"/etc/wireguard/secret.key\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "wireguardConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.wireguardPeers": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Each item in this array specifies an option in the\n`[WireGuardPeer]` section of the unit. See\n{manpage}`systemd.netdev(5)` for details.\nUse `PresharedKeyFile` instead of\n`PresharedKey`: the nix store is\nworld-readable.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    AllowedIPs = [\n      \"10.0.0.1/32\"\n    ];\n    Endpoint = \"192.168.1.1:51820\";\n    PersistentKeepalive = 15;\n    PresharedKeyFile = \"/etc/wireguard/psk.key\";\n    PublicKey = \"27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=\";\n  }\n]"}, "loc": ["systemd", "network", "netdevs", "<name>", "wireguardPeers"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.wlanConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the `[WLAN]` section of the unit.\nSee {manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PhysicalDevice = 0;\n  Type = \"station\";\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "wlanConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.netdevs.<name>.xfrmConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Xfrm]` section of the unit.  See\n{manpage}`systemd.netdev(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  InterfaceId = 1;\n}"}, "loc": ["systemd", "network", "netdevs", "<name>", "xfrmConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd networks.", "loc": ["systemd", "network", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.network.networks.<name>.DHCP": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to enable DHCP on the interfaces matched.\n", "loc": ["systemd", "network", "networks", "<name>", "DHCP"], "readOnly": false, "type": "null or string"}, "systemd.network.networks.<name>.address": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of addresses to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "address"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.addresses": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of address sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Address = \"192.168.0.100/24\";\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "addresses"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.bfifoConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[BFIFO]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  LimitBytes = \"20K\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "bfifoConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.bond": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of bond interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "bond"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.bridge": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of bridge interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "bridge"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.bridgeConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Bridge]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Cost = 20;\n  MulticastFlood = false;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "bridgeConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.bridgeFDBs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of BridgeFDB sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Destination = \"192.168.100.4\";\n    MACAddress = \"90:e2:ba:43:fc:71\";\n    VNI = 3600;\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "bridgeFDBs"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.bridgeMDBs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of BridgeMDB sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    MulticastGroupAddress = \"ff02::1:2:3:4\";\n    VLANId = 10;\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "bridgeMDBs"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.bridgeVLANs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of BridgeVLAN sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    VLAN = \"10-20\";\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "bridgeVLANs"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.cakeConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[CAKE]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Bandwidth = \"40M\";\n  CompensationMode = \"ptm\";\n  OverheadBytes = 8;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "cakeConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.canConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[CAN]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{ }"}, "loc": ["systemd", "network", "networks", "<name>", "canConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.controlledDelayConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[ControlledDelay]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"ingress\";\n  TargetSec = \"20msec\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "controlledDelayConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.deficitRoundRobinSchedulerClassConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DeficitRoundRobinSchedulerClass]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"root\";\n  QuantumBytes = \"300k\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "deficitRoundRobinSchedulerClassConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DeficitRoundRobinScheduler]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "deficitRoundRobinSchedulerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.dhcpPrefixDelegationConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DHCPPrefixDelegation]` section of the unit. See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Announce = true;\n  SubnetId = \"auto\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "dhcpPrefixDelegationConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.dhcpServerConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DHCPServer]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  EmitDNS = false;\n  PoolOffset = 50;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "dhcpServerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.dhcpServerStaticLeases": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of DHCPServerStaticLease sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Address = \"192.168.1.42\";\n    MACAddress = \"65:43:4a:5b:d8:5f\";\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "dhcpServerStaticLeases"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.dhcpV4Config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DHCPv4]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  UseDNS = true;\n  UseRoutes = true;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "dhcpV4Config"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.dhcpV6Config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[DHCPv6]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  UseDNS = true;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "dhcpV6Config"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.dns": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of dns servers to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "dns"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.domains": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A list of domains to pass to the network config.\n", "loc": ["systemd", "network", "networks", "<name>", "domains"], "readOnly": false, "type": "null or (list of string)"}, "systemd.network.networks.<name>.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to manage network configuration using {command}`systemd-network`.\n\nThis also enables {option}`systemd.networkd.enable`.\n", "loc": ["systemd", "network", "networks", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.network.networks.<name>.enhancedTransmissionSelectionConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[EnhancedTransmissionSelection]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Bands = 3;\n  Parent = \"root\";\n  PriorityMap = \"100 200 300\";\n  QuantumBytes = \"300k\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "enhancedTransmissionSelectionConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.extraConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration append to unit", "loc": ["systemd", "network", "networks", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.network.networks.<name>.fairQueueingConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[FairQueueing]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  FlowLimit = 5;\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "fairQueueingConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.fairQueueingControlledDelayConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[FairQueueingControlledDelay]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Flows = 5;\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "fairQueueingControlledDelayConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.flowQueuePIEConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[FlowQueuePIE]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PacketLimit = \"3847\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "flowQueuePIEConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.gateway": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of gateways to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "gateway"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.genericRandomEarlyDetectionConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[GenericRandomEarlyDetection]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DefaultVirtualQueue = 3;\n  Parent = \"root\";\n  VirtualQueues = 5;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "genericRandomEarlyDetectionConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.heavyHitterFilterConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[HeavyHitterFilter]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PacketLimit = 10000;\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "heavyHitterFilterConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.hierarchyTokenBucketClassConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[HierarchyTokenBucketClass]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"root\";\n  Rate = \"10M\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "hierarchyTokenBucketClassConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.hierarchyTokenBucketConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[HierarchyTokenBucket]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "hierarchyTokenBucketConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.ipoIBConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[IPoIB]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{ }"}, "loc": ["systemd", "network", "networks", "<name>", "ipoIBConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.ipv6AcceptRAConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[IPv6AcceptRA]` section of the unit. See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DHCPv6Client = \"always\";\n  UseDNS = true;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "ipv6AcceptRAConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.ipv6PREF64Prefixes": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of IPv6PREF64Prefix sections to be added to the unit. See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Prefix = \"64:ff9b::/96\";\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "ipv6PREF64Prefixes"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.ipv6Prefixes": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of ipv6Prefix sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    AddressAutoconfiguration = true;\n    OnLink = true;\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "ipv6Prefixes"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.ipv6RoutePrefixes": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of ipv6RoutePrefix sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    LifetimeSec = 3600;\n    Route = \"fd00::/64\";\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "ipv6RoutePrefixes"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.ipv6SendRAConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[IPv6SendRA]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  EmitDNS = true;\n  Managed = true;\n  OtherInformation = true;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "ipv6SendRAConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.linkConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Link]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Unmanaged = true;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "linkConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.lldpConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[LLDP]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  MUDURL = \"https://things.example.org/product_abc123/v5\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "lldpConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.macvlan": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of macvlan interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "macvlan"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.macvtap": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of macvtap interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "macvtap"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.matchConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Match]` section of the unit.  See\n{manpage}`systemd.link(5)`\n{manpage}`systemd.netdev(5)`\n{manpage}`systemd.network(5)`\nfor details.\n", "example": {"_type": "literalExpression", "text": "{\n  Name = \"eth0\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "matchConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.name": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the network interface to match against.\n", "loc": ["systemd", "network", "networks", "<name>", "name"], "readOnly": false, "type": "null or string"}, "systemd.network.networks.<name>.networkConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Network]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Description = \"My Network\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "networkConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.networkEmulatorConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[NetworkEmulator]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  DelaySec = \"20msec\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "networkEmulatorConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.ntp": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of ntp servers to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "ntp"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.pfifoConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[PFIFO]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PacketLimit = \"300\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "pfifoConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.pfifoFastConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[PFIFOFast]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "pfifoFastConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.pfifoHeadDropConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[PFIFOHeadDrop]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PacketLimit = \"300\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "pfifoHeadDropConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.pieConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[PIE]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PacketLimit = \"3847\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "pieConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.qdiscConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[QDisc]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "qdiscConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.quickFairQueueingConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[QuickFairQueueing]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "quickFairQueueingConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.quickFairQueueingConfigClass": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[QuickFairQueueingClass]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"root\";\n  Weight = 133;\n}"}, "loc": ["systemd", "network", "networks", "<name>", "quickFairQueueingConfigClass"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.routes": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of route sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Gateway = \"192.168.0.1\";\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "routes"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.routingPolicyRules": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of routing policy rules sections to be added to the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    Family = \"both\";\n    IncomingInterface = \"eth1\";\n    Table = 10;\n  }\n]"}, "loc": ["systemd", "network", "networks", "<name>", "routingPolicyRules"], "readOnly": false, "type": "list of attribute set of (systemd option)"}, "systemd.network.networks.<name>.stochasticFairBlueConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[StochasticFairBlue]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PacketLimit = \"3847\";\n  Parent = \"ingress\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "stochasticFairBlueConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.stochasticFairnessQueueingConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[StochasticFairnessQueueing]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"ingress\";\n  PerturbPeriodSec = \"30\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "stochasticFairnessQueueingConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.tokenBucketFilterConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[TokenBucketFilter]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parent = \"ingress\";\n  Rate = \"100k\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "tokenBucketFilterConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.trivialLinkEqualizerConfig": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[TrivialLinkEqualizer]` section of the unit.  See\n{manpage}`systemd.network(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Id = 0;\n  Parent = \"root\";\n}"}, "loc": ["systemd", "network", "networks", "<name>", "trivialLinkEqualizerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.network.networks.<name>.tunnel": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of tunnel interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "tunnel"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.vlan": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of vlan interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "vlan"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.vrf": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of vrf interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "vrf"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.vxlan": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of vxlan interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "vxlan"], "readOnly": false, "type": "list of string"}, "systemd.network.networks.<name>.xfrm": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of xfrm interfaces to be added to the network section of the\nunit.  See {manpage}`systemd.network(5)` for details.\n", "loc": ["systemd", "network", "networks", "<name>", "xfrm"], "readOnly": false, "type": "list of string"}, "systemd.network.wait-online.anyInterface": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "\"config.networking.useDHCP\""}, "description": "Whether to consider the network online when any interface is online, as opposed to all of them.\nThis is useful on portable machines with a wired and a wireless interface, for example.\n\nThis is on by default if {option}`networking.useDHCP` is enabled.\n", "loc": ["systemd", "network", "wait-online", "anyInterface"], "readOnly": false, "type": "boolean"}, "systemd.network.wait-online.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the systemd-networkd-wait-online service.\n\nsystemd-networkd-wait-online can timeout and fail if there are no network interfaces\navailable for it to manage. When systemd-networkd is enabled but a different service is\nresponsible for managing the system's internet connection (for example, NetworkManager or\nconnman are used to manage WiFi connections), this service is unnecessary and can be\ndisabled.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["systemd", "network", "wait-online", "enable"], "readOnly": false, "type": "boolean"}, "systemd.network.wait-online.extraArgs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command-line arguments to pass to systemd-networkd-wait-online.\nThese also affect per-interface `systemd-network-wait-online@` services.\n\nSee {manpage}`systemd-networkd-wait-online.service(8)` for all available options.\n", "loc": ["systemd", "network", "wait-online", "extraArgs"], "readOnly": false, "type": "list of string"}, "systemd.network.wait-online.ignoredInterfaces": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Network interfaces to be ignored when deciding if the system is online.\n", "example": {"_type": "literalExpression", "text": "[\n  \"wg0\"\n]"}, "loc": ["systemd", "network", "wait-online", "ignoredInterfaces"], "readOnly": false, "type": "list of string"}, "systemd.network.wait-online.timeout": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": "Time to wait for the network to come online, in seconds. Set to 0 to disable.\n", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["systemd", "network", "wait-online", "timeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "systemd.nspawn": {"declarations": ["nixos/modules/system/boot/systemd/nspawn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd-nspawn configurations.", "loc": ["systemd", "nspawn"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.nspawn.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/nspawn.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "nspawn", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.nspawn.<name>.execConfig": {"declarations": ["nixos/modules/system/boot/systemd/nspawn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Exec]` section of this unit. See\n{manpage}`systemd.nspawn(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Parameters = \"/bin/sh\";\n}"}, "loc": ["systemd", "nspawn", "<name>", "execConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.nspawn.<name>.filesConfig": {"declarations": ["nixos/modules/system/boot/systemd/nspawn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Files]` section of this unit. See\n{manpage}`systemd.nspawn(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Bind = [\n    \"/home/alice\"\n  ];\n}"}, "loc": ["systemd", "nspawn", "<name>", "filesConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.nspawn.<name>.networkConfig": {"declarations": ["nixos/modules/system/boot/systemd/nspawn.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Network]` section of this unit. See\n{manpage}`systemd.nspawn(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  Private = false;\n}"}, "loc": ["systemd", "nspawn", "<name>", "networkConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.oomd.enable": {"declarations": ["nixos/modules/system/boot/systemd/oomd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the `systemd-oomd` OOM killer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "oomd", "enable"], "readOnly": false, "type": "boolean"}, "systemd.oomd.enableRootSlice": {"declarations": ["nixos/modules/system/boot/systemd/oomd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oomd on the root slice (`-.slice`).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "oomd", "enableRootSlice"], "readOnly": false, "type": "boolean"}, "systemd.oomd.enableSystemSlice": {"declarations": ["nixos/modules/system/boot/systemd/oomd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oomd on the system slice (`system.slice`).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "oomd", "enableSystemSlice"], "readOnly": false, "type": "boolean"}, "systemd.oomd.enableUserSlices": {"declarations": ["nixos/modules/system/boot/systemd/oomd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable oomd on all user slices (`user@.slice`) and all user owned slices.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "oomd", "enableUserSlices"], "readOnly": false, "type": "boolean"}, "systemd.oomd.settings.OOM": {"declarations": ["nixos/modules/system/boot/systemd/oomd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings option for systemd-oomd.\nSee {manpage}`oomd.conf(5)` for available options.\n", "example": {"_type": "literalExpression", "text": "{\n  DefaultMemoryPressureLimit = \"60%\";\n}"}, "loc": ["systemd", "oomd", "settings", "OOM"], "readOnly": false, "type": "open submodule of attribute set of (systemd option)"}, "systemd.package": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.systemd"}, "description": "The systemd package to use.", "loc": ["systemd", "package"], "readOnly": false, "type": "package"}, "systemd.packages": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages providing systemd units and hooks.", "example": {"_type": "literalExpression", "text": "[ pkgs.systemd-cryptsetup-generator ]"}, "loc": ["systemd", "packages"], "readOnly": false, "type": "list of package"}, "systemd.paths": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd path units; see {manpage}`systemd.path(5)`.", "loc": ["systemd", "paths"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.paths.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "paths", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "paths", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "paths", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "paths", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "paths", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "paths", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.paths.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "paths", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.paths.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "paths", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.paths.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "paths", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.paths.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "paths", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "paths", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "paths", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.paths.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "paths", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.pathConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Path]` section of the unit.  See\n{manpage}`systemd.path(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PathChanged = \"/some/path\";\n  Unit = \"changedpath.service\";\n}"}, "loc": ["systemd", "paths", "<name>", "pathConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.paths.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "paths", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.paths.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "paths", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "paths", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "paths", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "paths", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.paths.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "paths", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.paths.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "paths", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.paths.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "paths", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.paths.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "paths", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "paths", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "paths", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.paths.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "paths", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.repart.enable": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Grow and add partitions to a partition table.\nsystemd-repart only works with GPT partition tables.\n\nTo run systemd-repart while in the initrd, see\n`options.boot.initrd.systemd.repart.enable`.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "repart", "enable"], "readOnly": false, "type": "boolean"}, "systemd.repart.partitions": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify partitions as a set of the names of the definition files as the\nkey and the partition configuration as its value. The partition\nconfiguration can use all upstream options. See {manpage}`repart.d(5)`\nfor all available options.\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-root\" = {\n    Type = \"root\";\n  };\n  \"20-home\" = {\n    SizeMaxBytes = \"2G\";\n    SizeMinBytes = \"512M\";\n    Type = \"home\";\n  };\n}"}, "loc": ["systemd", "repart", "partitions"], "readOnly": false, "type": "attribute set of attribute set of (string or signed integer or boolean or list of string)"}, "systemd.services": {"declarations": ["nixos/modules/testing/service-runner.nix", "nixos/modules/system/boot/systemd.nix", "nixos/modules/security/systemd-confinement.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd service units; see {manpage}`systemd.service(5)`.", "loc": ["systemd", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.services.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "services", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "services", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "services", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "services", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.confinement.binSh": {"declarations": ["nixos/modules/security/systemd-confinement.nix"], "default": {"_type": "literalExpression", "text": "config.environment.binsh"}, "description": "The program to make available as {file}`/bin/sh` inside\nthe chroot. If this is set to `null`, no\n{file}`/bin/sh` is provided at all.\n\nThis is useful for some applications, which for example use the\n{manpage}`system(3)` library function to execute commands.\n", "example": {"_type": "literalExpression", "text": "\"${pkgs.dash}/bin/dash\""}, "loc": ["systemd", "services", "<name>", "confinement", "binSh"], "readOnly": false, "type": "null or absolute path"}, "systemd.services.<name>.confinement.enable": {"declarations": ["nixos/modules/security/systemd-confinement.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, all the required runtime store paths for this service are\nbind-mounted into a `tmpfs`-based\n{manpage}`chroot(2)`.\n", "loc": ["systemd", "services", "<name>", "confinement", "enable"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.confinement.fullUnit": {"declarations": ["nixos/modules/security/systemd-confinement.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to include the full closure of the systemd unit file into the\nchroot, instead of just the dependencies for the executables.\n\n::: {.warning}\nWhile it may be tempting to just enable this option to\nmake things work quickly, please be aware that this might add paths\nto the closure of the chroot that you didn't anticipate. It's better\nto use {option}`confinement.packages` to **explicitly** add additional store paths to the\nchroot.\n:::\n", "loc": ["systemd", "services", "<name>", "confinement", "fullUnit"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.confinement.mode": {"declarations": ["nixos/modules/security/systemd-confinement.nix"], "default": {"_type": "literalExpression", "text": "\"full-apivfs\""}, "description": "The value `full-apivfs` (the default) sets up\nprivate {file}`/dev`, {file}`/proc`,\n{file}`/sys`, {file}`/tmp` and {file}`/var/tmp` file systems\nin a separate user name space.\n\nIf this is set to `chroot-only`, only the file\nsystem name space is set up along with the call to\n{manpage}`chroot(2)`.\n\nIn all cases, unless `serviceConfig.PrivateTmp=true` is set,\nboth {file}`/tmp` and {file}`/var/tmp` paths are added to `InaccessiblePaths=`.\nThis is to overcome options like `DynamicUser=true`\nimplying `PrivateTmp=true` without letting it being turned off.\nBeware however that giving processes the `CAP_SYS_ADMIN` and `@mount` privileges\ncan let them undo the effects of `InaccessiblePaths=`.\n\n::: {.note}\nThis doesn't cover network namespaces and is solely for\nfile system level isolation.\n:::\n", "loc": ["systemd", "services", "<name>", "confinement", "mode"], "readOnly": false, "type": "one of \"full-apivfs\", \"chroot-only\""}, "systemd.services.<name>.confinement.packages": {"declarations": ["nixos/modules/security/systemd-confinement.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional packages or strings with context to add to the closure of\nthe chroot. By default, this includes all the packages from the\n{option}`serviceConfig.ExecReload`, {option}`serviceConfig.ExecStartPost`, {option}`serviceConfig.ExecStartPre`, {option}`serviceConfig.ExecStop`, {option}`serviceConfig.ExecStopPost` and {option}`serviceConfig.ExecStart` options. If you want to have all the\ndependencies of this systemd unit, you can use\n{option}`confinement.fullUnit`.\n\n::: {.note}\nThe store paths listed in {option}`path` are\n**not** included in the closure as\nwell as paths from other options except those listed\nabove.\n:::\n", "loc": ["systemd", "services", "<name>", "confinement", "packages"], "readOnly": false, "type": "list of (string or package)"}, "systemd.services.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "services", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "services", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.services.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "services", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.services.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "services", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.enableDefaultPath": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to append a minimal default {env}`PATH` environment variable to the service, containing common system utilities.\n", "loc": ["systemd", "services", "<name>", "enableDefaultPath"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.enableStrictShellChecks": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "config.systemd.enableStrictShellChecks"}, "description": "Enable running `shellcheck` on the generated scripts for this unit.\n\nWhen enabled, scripts generated by the unit will be checked with\n`shellcheck` and any errors or warnings will cause the build to\nfail.\n\nThis affects all scripts that have been created through the\n`script`, `reload`, `preStart`, `postStart`, `preStop` and\n`postStop` options for systemd services. This does not affect\ncommand lines passed directly to `ExecStart`, `ExecReload`,\n`ExecStartPre`, `ExecStartPost`, `ExecStop` or `ExecStopPost`.\n", "loc": ["systemd", "services", "<name>", "enableStrictShellChecks"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.environment": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to the service's processes.", "example": {"_type": "literalExpression", "text": "{\n  LANG = \"nl_NL.UTF-8\";\n  PATH = \"/foo/bar/bin\";\n}"}, "loc": ["systemd", "services", "<name>", "environment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "systemd.services.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "services", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.services.<name>.notSocketActivated": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, a changed unit is never assumed to be\nsocket-activated on configuration switch, even if\nit might have associated socket units. Instead, the unit\nwill be restarted (or stopped/started) as if it had no\nassociated sockets.\n", "loc": ["systemd", "services", "<name>", "notSocketActivated"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "services", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "services", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "services", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.services.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "services", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.path": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages added to the service's {env}`PATH`\nenvironment variable.  Both the {file}`bin`\nand {file}`sbin` subdirectories of each\npackage are added.\n", "loc": ["systemd", "services", "<name>", "path"], "readOnly": false, "type": "list of (package or string)"}, "systemd.services.<name>.postStart": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed after the service's main process\nis started.\n", "loc": ["systemd", "services", "<name>", "postStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.services.<name>.postStop": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed after the service's main process\nhas exited.\n", "loc": ["systemd", "services", "<name>", "postStop"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.services.<name>.preStart": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed before the service's main process\nis started.\n", "loc": ["systemd", "services", "<name>", "preStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.services.<name>.preStop": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed to stop the service.\n", "loc": ["systemd", "services", "<name>", "preStop"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.services.<name>.reload": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed when the service's main process\nis reloaded.\n", "loc": ["systemd", "services", "<name>", "reload"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.services.<name>.reloadIfChanged": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the service should be reloaded during a NixOS\nconfiguration switch if its definition has changed.  If\nenabled, the value of {option}`restartIfChanged` is\nignored.\n\nThis option should not be used anymore in favor of\n{option}`reloadTriggers` which allows more granular\ncontrol of when a service is reloaded and when a service\nis restarted.\n", "loc": ["systemd", "services", "<name>", "reloadIfChanged"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "services", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.services.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "services", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "services", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "services", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.restartIfChanged": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the service should be restarted during a NixOS\nconfiguration switch if its definition has changed.\n", "loc": ["systemd", "services", "<name>", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "services", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.services.<name>.script": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed as the service's main process.", "loc": ["systemd", "services", "<name>", "script"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.services.<name>.scriptArgs": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments passed to the main process script.\nCan contain specifiers (`%` placeholders expanded by systemd, see {manpage}`systemd.unit(5)`).\n", "example": {"_type": "literalExpression", "text": "\"%i\""}, "loc": ["systemd", "services", "<name>", "scriptArgs"], "readOnly": false, "type": "string"}, "systemd.services.<name>.serviceConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Service]` section of the unit.  See\n{manpage}`systemd.service(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RestartSec = 5;\n}"}, "loc": ["systemd", "services", "<name>", "serviceConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.services.<name>.startAt": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Automatically start this unit at the given date/time, which\nmust be in the format described in\n{manpage}`systemd.time(7)`.  This is equivalent\nto adding a corresponding timer unit with\n{option}`OnCalendar` set to the value given here.\n", "example": {"_type": "literalExpression", "text": "\"Sun 14:00:00\""}, "loc": ["systemd", "services", "<name>", "startAt"], "readOnly": false, "type": "string or list of string"}, "systemd.services.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "services", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.services.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "services", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.services.<name>.stopIfChanged": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set, a changed unit is restarted by calling\n{command}`systemctl stop` in the old configuration,\nthen {command}`systemctl start` in the new one.\nOtherwise, it is restarted in a single step using\n{command}`systemctl restart` in the new configuration.\nThe latter is less correct because it runs the\n`ExecStop` commands from the new\nconfiguration.\n", "loc": ["systemd", "services", "<name>", "stopIfChanged"], "readOnly": false, "type": "boolean"}, "systemd.services.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "services", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.services.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "services", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "services", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "services", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.services.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "services", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.settings.Manager": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{\n  DefaultIOAccounting = true;\n  DefaultIPAccounting = true;\n}\n"}, "description": "Options for the global systemd service manager. See {manpage}`systemd-system.conf(5)` man page\nfor available options.\n", "example": {"_type": "literalExpression", "text": "{\n  KExecWatchdogSec = \"5min\";\n  RebootWatchdogSec = \"10min\";\n  RuntimeWatchdogSec = \"30s\";\n  WatchdogDevice = \"/dev/watchdog\";\n}"}, "loc": ["systemd", "settings", "Manager"], "readOnly": false, "type": "open submodule of attribute set of (systemd option)"}, "systemd.shutdown": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd shutdown executables.\nFor each `NAME = VALUE` pair of the attrSet, a link is generated from\n`/etc/systemd/system-shutdown/NAME` to `VALUE`.\n", "loc": ["systemd", "shutdown"], "readOnly": false, "type": "attribute set of absolute path"}, "systemd.shutdownRamfs.contents": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "description": "Set of files that have to be linked into the shutdown ramfs", "example": {"_type": "literalExpression", "text": "{\n  \"/lib/systemd/system-shutdown/zpool-sync-shutdown\".source = writeShellScript \"zpool\" \"exec ${zfs}/bin/zpool sync\"\n}\n"}, "loc": ["systemd", "shutdownRamfs", "contents"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.shutdownRamfs.contents.<name>.dlopen.features": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Features to enable via dlopen ELF notes. These will be in\naddition to anything included via 'usePriority',\nregardless of their priority.\n", "loc": ["systemd", "shutdownRamfs", "contents", "<name>", "dlopen", "features"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "systemd.shutdownRamfs.contents.<name>.dlopen.usePriority": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "\"recommended\""}, "description": "Priority of dlopen ELF notes to include. \"required\" is\nminimal, \"recommended\" includes \"required\", and\n\"suggested\" includes \"recommended\".\n\nSee: <https://systemd.io/ELF_DLOPEN_METADATA/>\n", "loc": ["systemd", "shutdownRamfs", "contents", "<name>", "dlopen", "usePriority"], "readOnly": false, "type": "one of \"required\", \"recommended\", \"suggested\""}, "systemd.shutdownRamfs.contents.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable copying of this file and symlinking it.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "shutdownRamfs", "contents", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.shutdownRamfs.contents.<name>.source": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "description": "Path of the source file.", "loc": ["systemd", "shutdownRamfs", "contents", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "systemd.shutdownRamfs.contents.<name>.target": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the symlink.\n", "loc": ["systemd", "shutdownRamfs", "contents", "<name>", "target"], "readOnly": false, "type": "null or absolute path"}, "systemd.shutdownRamfs.contents.<name>.text": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of the file.", "loc": ["systemd", "shutdownRamfs", "contents", "<name>", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "systemd.shutdownRamfs.enable": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable pivoting back to an initramfs for shutdown.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "shutdownRamfs", "enable"], "readOnly": false, "type": "boolean"}, "systemd.shutdownRamfs.storePaths": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Store paths to copy into the shutdown ramfs as well.\n", "loc": ["systemd", "shutdownRamfs", "storePaths"], "readOnly": false, "type": "list of ((submodule) or ((optionally newline-terminated) single-line string or package) convertible to it)"}, "systemd.shutdownRamfs.storePaths.*.dlopen.features": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Features to enable via dlopen ELF notes. These will be in\naddition to anything included via 'usePriority',\nregardless of their priority.\n", "loc": ["systemd", "shutdownRamfs", "storePaths", "*", "dlopen", "features"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "systemd.shutdownRamfs.storePaths.*.dlopen.usePriority": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "\"recommended\""}, "description": "Priority of dlopen ELF notes to include. \"required\" is\nminimal, \"recommended\" includes \"required\", and\n\"suggested\" includes \"recommended\".\n\nSee: <https://systemd.io/ELF_DLOPEN_METADATA/>\n", "loc": ["systemd", "shutdownRamfs", "storePaths", "*", "dlopen", "usePriority"], "readOnly": false, "type": "one of \"required\", \"recommended\", \"suggested\""}, "systemd.shutdownRamfs.storePaths.*.enable": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable copying of this file and symlinking it.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "shutdownRamfs", "storePaths", "*", "enable"], "readOnly": false, "type": "boolean"}, "systemd.shutdownRamfs.storePaths.*.source": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "description": "Path of the source file.", "loc": ["systemd", "shutdownRamfs", "storePaths", "*", "source"], "readOnly": false, "type": "absolute path"}, "systemd.shutdownRamfs.storePaths.*.target": {"declarations": ["nixos/modules/system/boot/systemd/shutdown.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path of the symlink.\n", "loc": ["systemd", "shutdownRamfs", "storePaths", "*", "target"], "readOnly": false, "type": "null or absolute path"}, "systemd.sleep.extraConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config options for systemd sleep state logic.\nSee {manpage}`sleep.conf.d(5)` man page for available options.\n", "example": {"_type": "literalExpression", "text": "\"HibernateDelaySec=1h\""}, "loc": ["systemd", "sleep", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.slices": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of slice configurations; see {manpage}`systemd.slice(5)`.", "loc": ["systemd", "slices"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.slices.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "slices", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "slices", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "slices", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "slices", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "slices", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "slices", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.slices.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "slices", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.slices.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "slices", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.slices.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "slices", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.slices.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "slices", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "slices", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "slices", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.slices.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "slices", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "slices", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.slices.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "slices", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "slices", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "slices", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "slices", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.slices.<name>.sliceConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Slice]` section of the unit.  See\n{manpage}`systemd.slice(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  MemoryMax = \"2G\";\n}"}, "loc": ["systemd", "slices", "<name>", "sliceConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.slices.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "slices", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.slices.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "slices", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.slices.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "slices", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.slices.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "slices", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "slices", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "slices", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.slices.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "slices", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd socket units; see {manpage}`systemd.socket(5)`.", "loc": ["systemd", "sockets"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.sockets.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "sockets", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "sockets", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "sockets", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "sockets", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "sockets", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "sockets", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.sockets.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "sockets", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.sockets.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "sockets", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.sockets.<name>.listenDatagrams": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "For each item in this list, a `ListenDatagram`\noption in the `[Socket]` section will be created.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:993\"\n  \"/run/my-socket\"\n]"}, "loc": ["systemd", "sockets", "<name>", "listenDatagrams"], "readOnly": false, "type": "list of string"}, "systemd.sockets.<name>.listenStreams": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "For each item in this list, a `ListenStream`\noption in the `[Socket]` section will be created.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:993\"\n  \"/run/my-socket\"\n]"}, "loc": ["systemd", "sockets", "<name>", "listenStreams"], "readOnly": false, "type": "list of string"}, "systemd.sockets.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "sockets", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.sockets.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "sockets", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "sockets", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "sockets", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.sockets.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "sockets", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "sockets", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.sockets.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "sockets", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "sockets", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "sockets", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "sockets", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.sockets.<name>.socketConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Socket]` section of the unit.  See\n{manpage}`systemd.socket(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  ListenStream = \"/run/my-socket\";\n}"}, "loc": ["systemd", "sockets", "<name>", "socketConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.sockets.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "sockets", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.sockets.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "sockets", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.sockets.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "sockets", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.sockets.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "sockets", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "sockets", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "sockets", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.sockets.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "sockets", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.suppressedSystemUnits": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of units to skip when generating system systemd configuration directory. This has\npriority over upstream units, {option}`systemd.units`, and\n{option}`systemd.additionalUpstreamSystemUnits`. The main purpose of this is to\nprevent a upstream systemd unit from being added to the initrd with any modifications made to it\nby other NixOS modules.\n", "example": {"_type": "literalExpression", "text": "[\n  \"systemd-backlight@.service\"\n]"}, "loc": ["systemd", "suppressedSystemUnits"], "readOnly": false, "type": "list of string"}, "systemd.sysupdate.enable": {"declarations": ["nixos/modules/system/boot/systemd/sysupdate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Atomically update the host OS, container images, portable service\nimages or other sources.\n\nIf enabled, updates are triggered in regular intervals via a\n`systemd.timer` unit.\n\nPlease see {manpage}`systemd-sysupdate(8)` for more details.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "sysupdate", "enable"], "readOnly": false, "type": "boolean"}, "systemd.sysupdate.reboot.enable": {"declarations": ["nixos/modules/system/boot/systemd/sysupdate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically reboot after an update.\n\nIf set to `true`, the system will automatically reboot via a\n`systemd.timer` unit but only after a new version was installed.\n\nThis uses a unit completely separate from the one performing the\nupdate because it is typically advisable to download updates\nregularly while the system is up, but delay reboots until the\nappropriate time (i.e. typically at night).\n\nSet this to `false` if you do not want to reboot after an update. This\nis useful when you update a container image or another source where\nrebooting is not necessary in order to finalize the update.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "sysupdate", "reboot", "enable"], "readOnly": false, "type": "boolean"}, "systemd.sysupdate.reboot.timerConfig": {"declarations": ["nixos/modules/system/boot/systemd/sysupdate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The timer configuration for rebooting after an update.\n\nBy default, the upstream configuration is used:\n<https://github.com/systemd/systemd/blob/main/units/systemd-sysupdate-reboot.timer>\n", "example": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"Sun 14:00:00\";\n  Unit = \"foo.service\";\n}"}, "loc": ["systemd", "sysupdate", "reboot", "timerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.sysupdate.timerConfig": {"declarations": ["nixos/modules/system/boot/systemd/sysupdate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The timer configuration for performing the update.\n\nBy default, the upstream configuration is used:\n<https://github.com/systemd/systemd/blob/main/units/systemd-sysupdate.timer>\n", "example": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"Sun 14:00:00\";\n  Unit = \"foo.service\";\n}"}, "loc": ["systemd", "sysupdate", "timerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.sysupdate.transfers": {"declarations": ["nixos/modules/system/boot/systemd/sysupdate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Specify transfers as a set of the names of the transfer files as the\nkey and the configuration as its value. The configuration can use all\nupstream options. See {manpage}`sysupdate.d(5)`\nfor all available options.\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-uki\" = {\n    Source = {\n      MatchPattern = [\n        \"nixos_@v+@l-@d.efi\"\n        \"nixos_@v+@l.efi\"\n        \"nixos_@v.efi\"\n      ];\n      Path = \"https://download.example.com/\";\n      Type = \"url-file\";\n    };\n    Target = {\n      InstancesMax = 2;\n      MatchPattern = ''\n        nixos_@v+@l-@d.efi\"; \\\n        nixos_@v+@l.efi \\\n        nixos_@v.efi\n      '';\n      Mode = \"0444\";\n      Path = \"/EFI/Linux\";\n      PathRelativeTo = \"boot\";\n      TriesDone = 0;\n      TriesLeft = 3;\n      Type = \"regular-file\";\n    };\n    Transfer = {\n      ProtectVersion = \"%A\";\n    };\n  };\n}"}, "loc": ["systemd", "sysupdate", "transfers"], "readOnly": false, "type": "attribute set of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a non-empty list of them)"}, "systemd.sysusers.enable": {"declarations": ["nixos/modules/system/boot/systemd/sysusers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, users are created with systemd-sysusers instead of with\nthe custom `update-users-groups.pl` script.\n\nNote: This is experimental.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "sysusers", "enable"], "readOnly": false, "type": "boolean"}, "systemd.targets": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd target units; see {manpage}`systemd.target(5)`", "loc": ["systemd", "targets"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.targets.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "targets", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "targets", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "targets", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "targets", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "targets", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "targets", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.targets.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "targets", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.targets.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "targets", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.targets.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "targets", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.targets.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "targets", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "targets", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "targets", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.targets.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "targets", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "targets", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.targets.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "targets", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "targets", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "targets", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "targets", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.targets.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "targets", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.targets.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "targets", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.targets.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "targets", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.targets.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "targets", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "targets", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "targets", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.targets.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "targets", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd timer units; see {manpage}`systemd.timer(5)`.", "loc": ["systemd", "timers"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.timers.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "timers", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "timers", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "timers", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "timers", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "timers", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "timers", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.timers.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "timers", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.timers.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "timers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.timers.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "timers", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.timers.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "timers", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "timers", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "timers", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.timers.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "timers", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "timers", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.timers.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "timers", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "timers", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "timers", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "timers", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.timers.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "timers", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.timers.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "timers", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.timers.<name>.timerConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Timer]` section of the unit.  See\n{manpage}`systemd.timer(5)` and\n{manpage}`systemd.time(7)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"Sun 14:00:00\";\n  Unit = \"foo.service\";\n}"}, "loc": ["systemd", "timers", "<name>", "timerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.timers.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "timers", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.timers.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "timers", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "timers", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "timers", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.timers.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "timers", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.tmpfiles.packages": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages containing {command}`systemd-tmpfiles` rules.\n\nAll files ending in .conf found in\n{file}`\u00abpkg\u00bb/lib/tmpfiles.d`\nwill be included.\nIf this folder does not exist or does not contain any files an error will be returned instead.\n\nIf a {file}`lib` output is available, rules are searched there and only there.\nIf there is no {file}`lib` output it will fall back to {file}`out`\nand if that does not exist either, the default output will be used.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.lvm2 ]"}, "loc": ["systemd", "tmpfiles", "packages"], "readOnly": false, "type": "list of package"}, "systemd.tmpfiles.rules": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Rules for creation, deletion and cleaning of volatile and temporary files\nautomatically. See\n{manpage}`tmpfiles.d(5)`\nfor the exact format.\n", "example": {"_type": "literalExpression", "text": "[\n  \"d /tmp 1777 root root 10d\"\n]"}, "loc": ["systemd", "tmpfiles", "rules"], "readOnly": false, "type": "list of string"}, "systemd.tmpfiles.settings": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declare systemd-tmpfiles rules to create, delete, and clean up volatile\nand temporary files and directories.\n\nEven though the service is called `*tmp*files` you can also create\npersistent files.\n", "example": {"_type": "literalExpression", "text": "{\n  \"10-mypackage\" = {\n    \"/var/lib/my-service/statefolder\" = {\n      d = {\n        group = \"root\";\n        mode = \"0755\";\n        user = \"root\";\n      };\n    };\n  };\n}"}, "loc": ["systemd", "tmpfiles", "settings"], "readOnly": false, "type": "attribute set of attribute set of attribute set of (submodule)"}, "systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "Delete a file when it reaches a certain age.\n\nIf a file or directory is older than the current time minus the age\nfield, it is deleted.\n\nIf set to `\"-\"` no automatic clean-up is done.\n", "example": {"_type": "literalExpression", "text": "\"10d\""}, "loc": ["systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "age"], "readOnly": false, "type": "string"}, "systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "An argument whose meaning depends on the type of operation.\n\nPlease see the upstream documentation for the meaning of this\nparameter in different situations:\n{manpage}`tmpfiles.d(5)`\n", "example": {"_type": "literalExpression", "text": "\"\""}, "loc": ["systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "argument"], "readOnly": false, "type": "string"}, "systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "The group of the file.\n\nThis may either be a numeric ID or a user/group name.\n\nIf omitted or when set to `\"-\"`, the user and group of the user who\ninvokes systemd-tmpfiles is used.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "group"], "readOnly": false, "type": "string"}, "systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "The file access mode to use when creating this file or directory.\n", "example": {"_type": "literalExpression", "text": "\"0755\""}, "loc": ["systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "mode"], "readOnly": false, "type": "string"}, "systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039tmpfiles-type\u203a\""}, "description": "The type of operation to perform on the file.\n\nThe type consists of a single letter and optionally one or more\nmodifier characters.\n\nPlease see the upstream documentation for the available types and\nmore details:\n{manpage}`tmpfiles.d(5)`\n", "example": {"_type": "literalExpression", "text": "\"d\""}, "loc": ["systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "type"], "readOnly": false, "type": "string"}, "systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user": {"declarations": ["nixos/modules/system/boot/systemd/tmpfiles.nix"], "default": {"_type": "literalExpression", "text": "\"-\""}, "description": "The user of the file.\n\nThis may either be a numeric ID or a user/group name.\n\nIf omitted or when set to `\"-\"`, the user and group of the user who\ninvokes systemd-tmpfiles is used.\n", "example": {"_type": "literalExpression", "text": "\"root\""}, "loc": ["systemd", "tmpfiles", "settings", "<config-name>", "<path>", "<tmpfiles-type>", "user"], "readOnly": false, "type": "string"}, "systemd.tpm2.enable": {"declarations": ["nixos/modules/system/boot/systemd/tpm2.nix"], "default": {"_type": "literalExpression", "text": "\"systemd.package.withTpm2Units\""}, "description": "Whether to enable systemd TPM2 support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["systemd", "tpm2", "enable"], "readOnly": false, "type": "boolean"}, "systemd.units": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd units; see {manpage}`systemd.unit(5)`.", "loc": ["systemd", "units"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.units.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "units", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.units.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "units", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.units.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "units", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.units.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "units", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.units.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "units", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.units.<name>.text": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of this systemd unit.", "loc": ["systemd", "units", "<name>", "text"], "readOnly": false, "type": "null or string"}, "systemd.units.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "units", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.units.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "units", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.extraConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra config options for systemd user instances. See {manpage}`systemd-user.conf(5)` for\navailable options.\n", "example": {"_type": "literalExpression", "text": "\"DefaultTimeoutStartSec=60\""}, "loc": ["systemd", "user", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.generators": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd generators; see {manpage}`systemd.generator(5)`.\n\nFor each `NAME = VALUE` pair of the attrSet, a link is generated from\n`/etc/systemd/user-generators/NAME` to `VALUE`.\n", "example": {"_type": "literalExpression", "text": "{\n  systemd-gpt-auto-generator = \"/dev/null\";\n}"}, "loc": ["systemd", "user", "generators"], "readOnly": false, "type": "attribute set of absolute path"}, "systemd.user.paths": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user path units.", "loc": ["systemd", "user", "paths"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.paths.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "user", "paths", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "paths", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "user", "paths", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "user", "paths", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "user", "paths", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "user", "paths", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.user.paths.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "user", "paths", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.user.paths.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "paths", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.paths.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "paths", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.paths.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "user", "paths", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "user", "paths", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "paths", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.paths.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "user", "paths", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.pathConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Path]` section of the unit.  See\n{manpage}`systemd.path(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  PathChanged = \"/some/path\";\n  Unit = \"changedpath.service\";\n}"}, "loc": ["systemd", "user", "paths", "<name>", "pathConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.paths.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "user", "paths", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.user.paths.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "paths", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "user", "paths", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "user", "paths", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "user", "paths", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.user.paths.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "paths", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.user.paths.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "paths", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.user.paths.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "user", "paths", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.paths.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "paths", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "user", "paths", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "paths", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.paths.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "user", "paths", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user service units.", "loc": ["systemd", "user", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.services.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "user", "services", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "services", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "user", "services", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "user", "services", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "user", "services", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "user", "services", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.user.services.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "user", "services", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.user.services.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "services", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.enableDefaultPath": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to append a minimal default {env}`PATH` environment variable to the service, containing common system utilities.\n", "loc": ["systemd", "user", "services", "<name>", "enableDefaultPath"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.enableStrictShellChecks": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "config.systemd.enableStrictShellChecks"}, "description": "Enable running `shellcheck` on the generated scripts for this unit.\n\nWhen enabled, scripts generated by the unit will be checked with\n`shellcheck` and any errors or warnings will cause the build to\nfail.\n\nThis affects all scripts that have been created through the\n`script`, `reload`, `preStart`, `postStart`, `preStop` and\n`postStop` options for systemd services. This does not affect\ncommand lines passed directly to `ExecStart`, `ExecReload`,\n`ExecStartPre`, `ExecStartPost`, `ExecStop` or `ExecStopPost`.\n", "loc": ["systemd", "user", "services", "<name>", "enableStrictShellChecks"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.environment": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables passed to the service's processes.", "example": {"_type": "literalExpression", "text": "{\n  LANG = \"nl_NL.UTF-8\";\n  PATH = \"/foo/bar/bin\";\n}"}, "loc": ["systemd", "user", "services", "<name>", "environment"], "readOnly": false, "type": "attribute set of (null or string or absolute path or package)"}, "systemd.user.services.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "services", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.services.<name>.notSocketActivated": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, a changed unit is never assumed to be\nsocket-activated on configuration switch, even if\nit might have associated socket units. Instead, the unit\nwill be restarted (or stopped/started) as if it had no\nassociated sockets.\n", "loc": ["systemd", "user", "services", "<name>", "notSocketActivated"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "user", "services", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "user", "services", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "services", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.services.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "user", "services", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.path": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages added to the service's {env}`PATH`\nenvironment variable.  Both the {file}`bin`\nand {file}`sbin` subdirectories of each\npackage are added.\n", "loc": ["systemd", "user", "services", "<name>", "path"], "readOnly": false, "type": "list of (package or string)"}, "systemd.user.services.<name>.postStart": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed after the service's main process\nis started.\n", "loc": ["systemd", "user", "services", "<name>", "postStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.services.<name>.postStop": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed after the service's main process\nhas exited.\n", "loc": ["systemd", "user", "services", "<name>", "postStop"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.services.<name>.preStart": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed before the service's main process\nis started.\n", "loc": ["systemd", "user", "services", "<name>", "preStart"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.services.<name>.preStop": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed to stop the service.\n", "loc": ["systemd", "user", "services", "<name>", "preStop"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.services.<name>.reload": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed when the service's main process\nis reloaded.\n", "loc": ["systemd", "user", "services", "<name>", "reload"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.services.<name>.reloadIfChanged": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the service should be reloaded during a NixOS\nconfiguration switch if its definition has changed.  If\nenabled, the value of {option}`restartIfChanged` is\nignored.\n\nThis option should not be used anymore in favor of\n{option}`reloadTriggers` which allows more granular\ncontrol of when a service is reloaded and when a service\nis restarted.\n", "loc": ["systemd", "user", "services", "<name>", "reloadIfChanged"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "user", "services", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.user.services.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "services", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "user", "services", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "user", "services", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.restartIfChanged": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the service should be restarted during a NixOS\nconfiguration switch if its definition has changed.\n", "loc": ["systemd", "user", "services", "<name>", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "user", "services", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.user.services.<name>.script": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Shell commands executed as the service's main process.", "loc": ["systemd", "user", "services", "<name>", "script"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "systemd.user.services.<name>.scriptArgs": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Arguments passed to the main process script.\nCan contain specifiers (`%` placeholders expanded by systemd, see {manpage}`systemd.unit(5)`).\n", "example": {"_type": "literalExpression", "text": "\"%i\""}, "loc": ["systemd", "user", "services", "<name>", "scriptArgs"], "readOnly": false, "type": "string"}, "systemd.user.services.<name>.serviceConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Service]` section of the unit.  See\n{manpage}`systemd.service(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RestartSec = 5;\n}"}, "loc": ["systemd", "user", "services", "<name>", "serviceConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.services.<name>.startAt": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Automatically start this unit at the given date/time, which\nmust be in the format described in\n{manpage}`systemd.time(7)`.  This is equivalent\nto adding a corresponding timer unit with\n{option}`OnCalendar` set to the value given here.\n", "example": {"_type": "literalExpression", "text": "\"Sun 14:00:00\""}, "loc": ["systemd", "user", "services", "<name>", "startAt"], "readOnly": false, "type": "string or list of string"}, "systemd.user.services.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "services", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.user.services.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "services", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.user.services.<name>.stopIfChanged": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set, a changed unit is restarted by calling\n{command}`systemctl stop` in the old configuration,\nthen {command}`systemctl start` in the new one.\nOtherwise, it is restarted in a single step using\n{command}`systemctl restart` in the new configuration.\nThe latter is less correct because it runs the\n`ExecStop` commands from the new\nconfiguration.\n", "loc": ["systemd", "user", "services", "<name>", "stopIfChanged"], "readOnly": false, "type": "boolean"}, "systemd.user.services.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "user", "services", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.services.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "services", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "user", "services", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "services", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.services.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "user", "services", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user slice units.", "loc": ["systemd", "user", "slices"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.slices.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "user", "slices", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "slices", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "user", "slices", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "user", "slices", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "user", "slices", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "user", "slices", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.user.slices.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "user", "slices", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.user.slices.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "slices", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.slices.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "slices", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.slices.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "user", "slices", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "user", "slices", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "slices", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.slices.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "user", "slices", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "user", "slices", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.user.slices.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "slices", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "user", "slices", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "user", "slices", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "user", "slices", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.user.slices.<name>.sliceConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Slice]` section of the unit.  See\n{manpage}`systemd.slice(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  MemoryMax = \"2G\";\n}"}, "loc": ["systemd", "user", "slices", "<name>", "sliceConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.slices.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "slices", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.user.slices.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "slices", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.user.slices.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "user", "slices", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.slices.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "slices", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "user", "slices", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "slices", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.slices.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "user", "slices", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user socket units.", "loc": ["systemd", "user", "sockets"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.sockets.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "user", "sockets", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "sockets", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "user", "sockets", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "user", "sockets", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "user", "sockets", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "user", "sockets", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.user.sockets.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "user", "sockets", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.user.sockets.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "sockets", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.sockets.<name>.listenDatagrams": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "For each item in this list, a `ListenDatagram`\noption in the `[Socket]` section will be created.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:993\"\n  \"/run/my-socket\"\n]"}, "loc": ["systemd", "user", "sockets", "<name>", "listenDatagrams"], "readOnly": false, "type": "list of string"}, "systemd.user.sockets.<name>.listenStreams": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "For each item in this list, a `ListenStream`\noption in the `[Socket]` section will be created.\n", "example": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0:993\"\n  \"/run/my-socket\"\n]"}, "loc": ["systemd", "user", "sockets", "<name>", "listenStreams"], "readOnly": false, "type": "list of string"}, "systemd.user.sockets.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "sockets", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.sockets.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "user", "sockets", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "user", "sockets", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "sockets", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.sockets.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "user", "sockets", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "user", "sockets", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.user.sockets.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "sockets", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "user", "sockets", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "user", "sockets", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "user", "sockets", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.user.sockets.<name>.socketConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Socket]` section of the unit.  See\n{manpage}`systemd.socket(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  ListenStream = \"/run/my-socket\";\n}"}, "loc": ["systemd", "user", "sockets", "<name>", "socketConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.sockets.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "sockets", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.user.sockets.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "sockets", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.user.sockets.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "user", "sockets", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.sockets.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "sockets", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "user", "sockets", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "sockets", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.sockets.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "user", "sockets", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user target units.", "loc": ["systemd", "user", "targets"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.targets.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "user", "targets", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "targets", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "user", "targets", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "user", "targets", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "user", "targets", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "user", "targets", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.user.targets.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "user", "targets", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.user.targets.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "targets", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.targets.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "targets", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.targets.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "user", "targets", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "user", "targets", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "targets", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.targets.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "user", "targets", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "user", "targets", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.user.targets.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "targets", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "user", "targets", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "user", "targets", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "user", "targets", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.user.targets.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "targets", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.user.targets.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "targets", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.user.targets.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "user", "targets", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.targets.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "targets", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "user", "targets", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "targets", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.targets.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "user", "targets", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user timer units.", "loc": ["systemd", "user", "timers"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.timers.<name>.after": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay this unit until they have started.\n", "loc": ["systemd", "user", "timers", "<name>", "after"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "timers", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.before": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started at the same time as\nthis unit, delay them until this unit has started.\n", "loc": ["systemd", "user", "timers", "<name>", "before"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.bindsTo": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Like \u2018requires\u2019, but in addition, if the specified units\nunexpectedly disappear, this unit will be stopped as well.\n", "loc": ["systemd", "user", "timers", "<name>", "bindsTo"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.conflicts": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are started, then this unit is stopped\nand vice versa.\n", "loc": ["systemd", "user", "timers", "<name>", "conflicts"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.description": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Description of this unit used in systemd messages and progress indicators.", "loc": ["systemd", "user", "timers", "<name>", "description"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "systemd.user.timers.<name>.documentation": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of URIs referencing documentation for this unit or its configuration.", "loc": ["systemd", "user", "timers", "<name>", "documentation"], "readOnly": false, "type": "list of string"}, "systemd.user.timers.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "timers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.timers.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "timers", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.timers.<name>.onFailure": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"failed\" state.\n", "loc": ["systemd", "user", "timers", "<name>", "onFailure"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.onSuccess": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of one or more units that are activated when\nthis unit enters the \"inactive\" state.\n", "loc": ["systemd", "user", "timers", "<name>", "onSuccess"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "timers", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.timers.<name>.partOf": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "If the specified units are stopped or restarted, then this\nunit is stopped or restarted as well.\n", "loc": ["systemd", "user", "timers", "<name>", "partOf"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.reloadTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe reloaded.  If anything but a reload trigger changes in the\nunit file, the unit will be restarted instead.\n", "loc": ["systemd", "user", "timers", "<name>", "reloadTriggers"], "readOnly": false, "type": "list of (systemd option)"}, "systemd.user.timers.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "timers", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.requires": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started, and stop\nthis unit when the specified units are stopped or fail.\n", "loc": ["systemd", "user", "timers", "<name>", "requires"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.requisite": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Similar to requires. However if the units listed are not started,\nthey will not be started and the transaction will fail.\n", "loc": ["systemd", "user", "timers", "<name>", "requisite"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.restartTriggers": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "An arbitrary list of items such as derivations.  If any item\nin the list changes between reconfigurations, the service will\nbe restarted.\n", "loc": ["systemd", "user", "timers", "<name>", "restartTriggers"], "readOnly": false, "type": "list of unspecified value"}, "systemd.user.timers.<name>.startLimitBurst": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "timers", "<name>", "startLimitBurst"], "readOnly": false, "type": "signed integer"}, "systemd.user.timers.<name>.startLimitIntervalSec": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "Configure unit start rate limiting. Units which are started\nmore than startLimitBurst times within an interval time\ninterval are not permitted to start any more.\n", "loc": ["systemd", "user", "timers", "<name>", "startLimitIntervalSec"], "readOnly": false, "type": "signed integer"}, "systemd.user.timers.<name>.timerConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Timer]` section of the unit.  See\n{manpage}`systemd.timer(5)` and\n{manpage}`systemd.time(7)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  OnCalendar = \"Sun 14:00:00\";\n  Unit = \"foo.service\";\n}"}, "loc": ["systemd", "user", "timers", "<name>", "timerConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.timers.<name>.unitConfig": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Each attribute in this set specifies an option in the\n`[Unit]` section of the unit.  See\n{manpage}`systemd.unit(5)` for details.\n", "example": {"_type": "literalExpression", "text": "{\n  RequiresMountsFor = \"/data\";\n}"}, "loc": ["systemd", "user", "timers", "<name>", "unitConfig"], "readOnly": false, "type": "attribute set of (systemd option)"}, "systemd.user.timers.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "timers", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.upholds": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keeps the specified running while this unit is running. A continuous version of `wants`.\n", "loc": ["systemd", "user", "timers", "<name>", "upholds"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "timers", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.timers.<name>.wants": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Start the specified units when this unit is started.\n", "loc": ["systemd", "user", "timers", "<name>", "wants"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.tmpfiles.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable systemd user units systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.timer.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["systemd", "user", "tmpfiles", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.tmpfiles.rules": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Global user rules for creation, deletion and cleaning of volatile and\ntemporary files automatically. See\n{manpage}`tmpfiles.d(5)`\nfor the exact format.\n", "example": {"_type": "literalExpression", "text": "[\n  \"D %C - - - 7d\"\n]"}, "loc": ["systemd", "user", "tmpfiles", "rules"], "readOnly": false, "type": "list of string"}, "systemd.user.tmpfiles.users": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Per-user rules for creation, deletion and cleaning of volatile and\ntemporary files automatically.\n", "loc": ["systemd", "user", "tmpfiles", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.tmpfiles.users.<name>.rules": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Per-user rules for creation, deletion and cleaning of volatile and\ntemporary files automatically. See\n{manpage}`tmpfiles.d(5)`\nfor the exact format.\n", "example": {"_type": "literalExpression", "text": "[\n  \"D %C - - - 7d\"\n]"}, "loc": ["systemd", "user", "tmpfiles", "users", "<name>", "rules"], "readOnly": false, "type": "list of string"}, "systemd.user.units": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Definition of systemd per-user units.", "loc": ["systemd", "user", "units"], "readOnly": false, "type": "attribute set of (submodule)"}, "systemd.user.units.<name>.aliases": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Aliases of that unit.", "loc": ["systemd", "user", "units", "<name>", "aliases"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.units.<name>.enable": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, this unit will be a symlink to\n/dev/null. This is primarily useful to prevent specific\ntemplate instances\n(e.g. `serial-getty@ttyS0`) from being\nstarted. Note that `enable=true` does not\nmake a unit start by default at boot; if you want that, see\n`wantedBy`.\n", "loc": ["systemd", "user", "units", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "systemd.user.units.<name>.name": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "description": "The name of this systemd unit, including its extension.\nThis can be used to refer to this unit from other systemd units.\n", "loc": ["systemd", "user", "units", "<name>", "name"], "readOnly": false, "type": "string"}, "systemd.user.units.<name>.overrideStrategy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "\"asDropinIfExists\""}, "description": "Defines how unit configuration is provided for systemd:\n\n`asDropinIfExists` creates a unit file when no unit file is provided by the package\notherwise it creates a drop-in file named `overrides.conf`.\n\n`asDropin` creates a drop-in file named `overrides.conf`.\nMainly needed to define instances for systemd template units (e.g. `systemd-nspawn@mycontainer.service`).\n\nSee also {manpage}`systemd.unit(5)`.\n", "loc": ["systemd", "user", "units", "<name>", "overrideStrategy"], "readOnly": false, "type": "one of \"asDropinIfExists\", \"asDropin\""}, "systemd.user.units.<name>.requiredBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that require (i.e. depend on and need to go down with) this unit.\nAs discussed in the `wantedBy` option description this also creates\n`.requires` symlinks automatically.\n", "loc": ["systemd", "user", "units", "<name>", "requiredBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.units.<name>.text": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text of this systemd unit.", "loc": ["systemd", "user", "units", "<name>", "text"], "readOnly": false, "type": "null or string"}, "systemd.user.units.<name>.upheldBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Keep this unit running as long as the listed units are running. This is a continuously\nenforced version of wantedBy.\n", "loc": ["systemd", "user", "units", "<name>", "upheldBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "systemd.user.units.<name>.wantedBy": {"declarations": ["nixos/modules/system/boot/systemd/user.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Units that want (i.e. depend on) this unit. The default method for\nstarting a unit by default at boot time is to set this option to\n`[\"multi-user.target\"]` for system services. Likewise for user units\n(`systemd.user.<name>.*`) set it to `[\"default.target\"]` to make a unit\nstart by default when the user `<name>` logs on.\n\nThis option creates a `.wants` symlink in the given target that exists\nstatelessly without the need for running `systemctl enable`.\nThe `[Install]` section described in {manpage}`systemd.unit(5)` however is\nnot supported because it is a stateful process that does not fit well\ninto the NixOS design.\n", "loc": ["systemd", "user", "units", "<name>", "wantedBy"], "readOnly": false, "type": "list of string matching the pattern [a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"}, "time.hardwareClockInLocalTime": {"declarations": ["nixos/modules/config/locale.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, keep the hardware clock in local time instead of UTC.", "loc": ["time", "hardwareClockInLocalTime"], "readOnly": false, "type": "boolean"}, "time.timeZone": {"declarations": ["nixos/modules/config/locale.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The time zone used when displaying times and dates. See <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>\nfor a comprehensive list of possible values for this setting.\n\nIf null, the timezone will default to UTC and can be set imperatively\nusing timedatectl.\n", "example": {"_type": "literalExpression", "text": "\"America/New_York\""}, "loc": ["time", "timeZone"], "readOnly": false, "type": "null or string without spaces"}, "users.allowNoPasswordLogin": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable checking that at least the `root` user or a user in the `wheel` group can log in using\na password or an SSH key.\n\nWARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.\n", "loc": ["users", "allowNoPasswordLogin"], "readOnly": false, "type": "boolean"}, "users.defaultUserHome": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"/home\""}, "description": "The default home directory for normal users.\n", "loc": ["users", "defaultUserHome"], "readOnly": false, "type": "string"}, "users.defaultUserShell": {"declarations": ["nixos/modules/programs/shadow.nix"], "default": {"_type": "literalExpression", "text": "\"/bin/sh\""}, "description": "This option defines the default shell assigned to user\naccounts. This can be either a full system path or a shell package.\n\nThis must not be a store path, since the path is\nused outside the store (in particular in /etc/passwd).\n", "example": {"_type": "literalExpression", "text": "pkgs.zsh"}, "loc": ["users", "defaultUserShell"], "readOnly": false, "type": "absolute path or package"}, "users.enforceIdUniqueness": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to require that no two users/groups share the same uid/gid.\n", "loc": ["users", "enforceIdUniqueness"], "readOnly": false, "type": "boolean"}, "users.extraGroups": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "Alias of {option}`users.groups`.", "loc": ["users", "extraGroups"], "readOnly": false, "type": "attribute set of (submodule)"}, "users.extraGroups.<name>.gid": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The group GID. If the GID is null, a free GID is picked on\nactivation.\n", "loc": ["users", "extraGroups", "<name>", "gid"], "readOnly": false, "type": "null or signed integer"}, "users.extraGroups.<name>.members": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The user names of the group members, added to the\n`/etc/group` file.\n", "loc": ["users", "extraGroups", "<name>", "members"], "readOnly": false, "type": "list of (string, not containing newlines or colons)"}, "users.extraGroups.<name>.name": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "The name of the group. If undefined, the name of the attribute set\nwill be used.\n", "loc": ["users", "extraGroups", "<name>", "name"], "readOnly": false, "type": "string, not containing newlines or colons"}, "users.extraUsers": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "Alias of {option}`users.users`.", "loc": ["users", "extraUsers"], "readOnly": false, "type": "attribute set of (submodule)"}, "users.extraUsers.<name>.autoSubUidGidRange": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically allocate subordinate user and group ids for this user.\nAllocated range is currently always of size 65536.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["users", "extraUsers", "<name>", "autoSubUidGidRange"], "readOnly": false, "type": "boolean"}, "users.extraUsers.<name>.createHome": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create the home directory and ensure ownership as well as\npermissions to match the user.\n", "loc": ["users", "extraUsers", "<name>", "createHome"], "readOnly": false, "type": "boolean"}, "users.extraUsers.<name>.cryptHomeLuks": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to encrypted luks device that contains\nthe user's home directory.\n", "loc": ["users", "extraUsers", "<name>", "cryptHomeLuks"], "readOnly": false, "type": "null or string"}, "users.extraUsers.<name>.description": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A short description of the user account, typically the\nuser's full name.  This is actually the \u201cGECOS\u201d or \u201ccomment\u201d\nfield in {file}`/etc/passwd`.\n", "example": {"_type": "literalExpression", "text": "\"Alice Q. User\""}, "loc": ["users", "extraUsers", "<name>", "description"], "readOnly": false, "type": "string, not containing newlines or colons"}, "users.extraUsers.<name>.enable": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, the user account will not be created. This is useful for when you wish to conditionally\ndisable user accounts.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["users", "extraUsers", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "users.extraUsers.<name>.expires": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the date on which the user's account will no longer be\naccessible. The date is expressed in the format YYYY-MM-DD, or null\nto disable the expiry.\nA user whose account is locked must contact the system\nadministrator before being able to use the system again.\n", "loc": ["users", "extraUsers", "<name>", "expires"], "readOnly": false, "type": "null or string matching the pattern [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}"}, "users.extraUsers.<name>.extraGroups": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The user's auxiliary groups.", "loc": ["users", "extraUsers", "<name>", "extraGroups"], "readOnly": false, "type": "list of string"}, "users.extraUsers.<name>.group": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The user's primary group.", "loc": ["users", "extraUsers", "<name>", "group"], "readOnly": false, "type": "string"}, "users.extraUsers.<name>.hashedPassword": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the hashed password for the user.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\nTo generate a hashed password run `mkpasswd`.\n\nIf set to an empty string (`\"\"`), this user will be able to log in without\nbeing asked for a password (but not via remote services such as SSH, or\nindirectly via {command}`su` or {command}`sudo`). This should only be used\nfor e.g. bootable live systems. Note: this is different from setting an\nempty password, which can be achieved using\n{option}`users.users.<name?>.password`.\n\nIf set to `null` (default) this user will not be able to log in using a\npassword (i.e. via {command}`login` command).\n\n", "loc": ["users", "extraUsers", "<name>", "hashedPassword"], "readOnly": false, "type": "null or (string, not containing newlines or colons)"}, "users.extraUsers.<name>.hashedPasswordFile": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to a file that contains the hash of the user's\npassword. The password file is read on each system activation. The\nfile should contain exactly one line, which should be the password in\nan encrypted form that is suitable for the `chpasswd -e` command.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\n", "loc": ["users", "extraUsers", "<name>", "hashedPasswordFile"], "readOnly": false, "type": "null or string"}, "users.extraUsers.<name>.home": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"/var/empty\""}, "description": "The user's home directory.", "loc": ["users", "extraUsers", "<name>", "home"], "readOnly": false, "type": "absolute path, not containing newlines or colons"}, "users.extraUsers.<name>.homeMode": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"700\""}, "description": "The user's home directory mode in numeric format. See {manpage}`chmod(1)`. The mode is only applied if {option}`users.users.<name>.createHome` is true.", "loc": ["users", "extraUsers", "<name>", "homeMode"], "readOnly": false, "type": "string matching the pattern [0-7]{1,5}"}, "users.extraUsers.<name>.ignoreShellProgramCheck": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default, nixos will check that programs.SHELL.enable is set to\ntrue if the user has a custom shell specified. If that behavior isn't\nrequired and there are custom overrides in place to make sure that the\nshell is functional, set this to true.\n", "loc": ["users", "extraUsers", "<name>", "ignoreShellProgramCheck"], "readOnly": false, "type": "boolean"}, "users.extraUsers.<name>.initialHashedPassword": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the initial hashed password for the user, i.e. the\nhashed password assigned if the user does not already\nexist. If {option}`users.mutableUsers` is true, the\npassword can be changed subsequently using the\n{command}`passwd` command. Otherwise, it's\nequivalent to setting the {option}`hashedPassword` option.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\nTo generate a hashed password run `mkpasswd`.\n\nIf set to an empty string (`\"\"`), this user will be able to log in without\nbeing asked for a password (but not via remote services such as SSH, or\nindirectly via {command}`su` or {command}`sudo`). This should only be used\nfor e.g. bootable live systems. Note: this is different from setting an\nempty password, which can be achieved using\n{option}`users.users.<name?>.password`.\n\nIf set to `null` (default) this user will not be able to log in using a\npassword (i.e. via {command}`login` command).\n\n", "loc": ["users", "extraUsers", "<name>", "initialHashedPassword"], "readOnly": false, "type": "null or (string, not containing newlines or colons)"}, "users.extraUsers.<name>.initialPassword": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the initial password for the user, i.e. the\npassword assigned if the user does not already exist. If\n{option}`users.mutableUsers` is true, the password\ncan be changed subsequently using the\n{command}`passwd` command. Otherwise, it's\nequivalent to setting the {option}`password`\noption. The same caveat applies: the password specified here\nis world-readable in the Nix store, so it should only be\nused for guest accounts or passwords that will be changed\npromptly.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\n", "loc": ["users", "extraUsers", "<name>", "initialPassword"], "readOnly": false, "type": "null or string"}, "users.extraUsers.<name>.isNormalUser": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Indicates whether this is an account for a \u201creal\u201d user.\nThis automatically sets {option}`group` to `users`,\n{option}`createHome` to `true`,\n{option}`home` to {file}`/home/\u00abusername\u00bb`,\n{option}`useDefaultShell` to `true`,\nand {option}`isSystemUser` to `false`.\nExactly one of `isNormalUser` and `isSystemUser` must be true.\n", "loc": ["users", "extraUsers", "<name>", "isNormalUser"], "readOnly": false, "type": "boolean"}, "users.extraUsers.<name>.isSystemUser": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Indicates if the user is a system user or not. This option\nonly has an effect if {option}`uid` is\n{option}`null`, in which case it determines whether\nthe user's UID is allocated in the range for system users\n(below 1000) or in the range for normal users (starting at\n1000).\nExactly one of `isNormalUser` and\n`isSystemUser` must be true.\n", "loc": ["users", "extraUsers", "<name>", "isSystemUser"], "readOnly": false, "type": "boolean"}, "users.extraUsers.<name>.linger": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to enable or disable lingering for this user.  Without\nlingering, user units will not be started until the user logs in,\nand may be stopped on logout depending on the settings in\n{file}`logind.conf`.\n\nBy default, NixOS will not manage lingering, new users will default\nto not lingering, and lingering can be configured imperatively using\n`loginctl enable-linger` or `loginctl disable-linger`. Setting\nthis option to `true` or `false` is the declarative equivalent of\nrunning `loginctl enable-linger` or `loginctl disable-linger`\nrespectively.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["users", "extraUsers", "<name>", "linger"], "readOnly": false, "type": "null or boolean"}, "users.extraUsers.<name>.name": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "The name of the user account. If undefined, the name of the\nattribute set will be used.\n", "loc": ["users", "extraUsers", "<name>", "name"], "readOnly": false, "type": "string, not containing newlines or colons"}, "users.extraUsers.<name>.openssh.authorizedKeys.keyFiles": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files each containing one OpenSSH public key that should be\nadded to the user's authorized keys. The contents of the files are\nread at build time and added to a file that the SSH daemon reads in\naddition to the the user's authorized_keys file. You can combine the\n`keyFiles` and `keys` options.\n", "loc": ["users", "extraUsers", "<name>", "openssh", "authorizedKeys", "keyFiles"], "readOnly": false, "type": "list of absolute path"}, "users.extraUsers.<name>.openssh.authorizedKeys.keys": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of verbatim OpenSSH public keys that should be added to the\nuser's authorized keys. The keys are added to a file that the SSH\ndaemon reads in addition to the the user's authorized_keys file.\nYou can combine the `keys` and\n`keyFiles` options.\nWarning: If you are using `NixOps` then don't use this\noption since it will replace the key required for deployment via ssh.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host\"\n  \"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar\"\n]"}, "loc": ["users", "extraUsers", "<name>", "openssh", "authorizedKeys", "keys"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "users.extraUsers.<name>.openssh.authorizedPrincipals": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of verbatim principal names that should be added to the user's\nauthorized principals.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example@host\"\n  \"foo@bar\"\n]"}, "loc": ["users", "extraUsers", "<name>", "openssh", "authorizedPrincipals"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "users.extraUsers.<name>.packages": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The set of packages that should be made available to the user.\nThis is in contrast to {option}`environment.systemPackages`,\nwhich adds packages to all users.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.firefox pkgs.thunderbird ]"}, "loc": ["users", "extraUsers", "<name>", "packages"], "readOnly": false, "type": "list of package"}, "users.extraUsers.<name>.pamMount": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attributes for user's entry in\n{file}`pam_mount.conf.xml`.\nUseful attributes might include `path`,\n`options`, `fstype`, and `server`.\nSee <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>\nfor more information.\n", "loc": ["users", "extraUsers", "<name>", "pamMount"], "readOnly": false, "type": "attribute set of string"}, "users.extraUsers.<name>.password": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the (clear text) password for the user.\nWarning: do not set confidential information here\nbecause it is world-readable in the Nix store. This option\nshould only be used for public accounts.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\n", "loc": ["users", "extraUsers", "<name>", "password"], "readOnly": false, "type": "null or string"}, "users.extraUsers.<name>.shell": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shadow"}, "description": "The path to the user's shell. Can use shell derivations,\nlike `pkgs.bashInteractive`. Don\u2019t\nforget to enable your shell in\n`programs` if necessary,\nlike `programs.zsh.enable = true;`.\n", "example": {"_type": "literalExpression", "text": "pkgs.bashInteractive"}, "loc": ["users", "extraUsers", "<name>", "shell"], "readOnly": false, "type": "null or package or (absolute path, not containing newlines or colons)"}, "users.extraUsers.<name>.subGidRanges": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Subordinate group ids that user is allowed to use.\nThey are set into {file}`/etc/subgid` and are used\nby `newgidmap` for user namespaces.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    count = 1;\n    startGid = 100;\n  }\n  {\n    count = 999;\n    startGid = 1001;\n  }\n]"}, "loc": ["users", "extraUsers", "<name>", "subGidRanges"], "readOnly": false, "type": "list of (submodule)"}, "users.extraUsers.<name>.subGidRanges.*.count": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Count of subordinate group ids", "loc": ["users", "extraUsers", "<name>", "subGidRanges", "*", "count"], "readOnly": false, "type": "signed integer"}, "users.extraUsers.<name>.subGidRanges.*.startGid": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "Start of the range of subordinate group ids that user is\nallowed to use.\n", "loc": ["users", "extraUsers", "<name>", "subGidRanges", "*", "startGid"], "readOnly": false, "type": "signed integer"}, "users.extraUsers.<name>.subUidRanges": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Subordinate user ids that user is allowed to use.\nThey are set into {file}`/etc/subuid` and are used\nby `newuidmap` for user namespaces.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    count = 1;\n    startUid = 1000;\n  }\n  {\n    count = 65534;\n    startUid = 100001;\n  }\n]"}, "loc": ["users", "extraUsers", "<name>", "subUidRanges"], "readOnly": false, "type": "list of (submodule)"}, "users.extraUsers.<name>.subUidRanges.*.count": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Count of subordinate user ids", "loc": ["users", "extraUsers", "<name>", "subUidRanges", "*", "count"], "readOnly": false, "type": "signed integer"}, "users.extraUsers.<name>.subUidRanges.*.startUid": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "Start of the range of subordinate user ids that user is\nallowed to use.\n", "loc": ["users", "extraUsers", "<name>", "subUidRanges", "*", "startUid"], "readOnly": false, "type": "signed integer"}, "users.extraUsers.<name>.uid": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The account UID. If the UID is null, a free UID is picked on\nactivation.\n", "loc": ["users", "extraUsers", "<name>", "uid"], "readOnly": false, "type": "null or signed integer"}, "users.extraUsers.<name>.useDefaultShell": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, the user's shell will be set to\n{option}`users.defaultUserShell`.\n", "loc": ["users", "extraUsers", "<name>", "useDefaultShell"], "readOnly": false, "type": "boolean"}, "users.groups": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional groups to be created automatically by the system.\n", "example": {"_type": "literalExpression", "text": "{\n  hackers = { };\n  students = {\n    gid = 1001;\n  };\n}"}, "loc": ["users", "groups"], "readOnly": false, "type": "attribute set of (submodule)"}, "users.groups.<name>.gid": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The group GID. If the GID is null, a free GID is picked on\nactivation.\n", "loc": ["users", "groups", "<name>", "gid"], "readOnly": false, "type": "null or signed integer"}, "users.groups.<name>.members": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The user names of the group members, added to the\n`/etc/group` file.\n", "loc": ["users", "groups", "<name>", "members"], "readOnly": false, "type": "list of (string, not containing newlines or colons)"}, "users.groups.<name>.name": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "The name of the group. If undefined, the name of the attribute set\nwill be used.\n", "loc": ["users", "groups", "<name>", "name"], "readOnly": false, "type": "string, not containing newlines or colons"}, "users.ldap.base": {"declarations": ["nixos/modules/config/ldap.nix"], "description": "The distinguished name of the search base.", "example": {"_type": "literalExpression", "text": "\"dc=example,dc=org\""}, "loc": ["users", "ldap", "base"], "readOnly": false, "type": "string"}, "users.ldap.bind.distinguishedName": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The distinguished name to bind to the LDAP server with. If this\nis not specified, an anonymous bind will be done.\n", "example": {"_type": "literalExpression", "text": "\"cn=admin,dc=example,dc=com\""}, "loc": ["users", "ldap", "bind", "distinguishedName"], "readOnly": false, "type": "string"}, "users.ldap.bind.passwordFile": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ldap/bind.password\""}, "description": "The path to a file containing the credentials to use when binding\nto the LDAP server (if not binding anonymously).\n", "loc": ["users", "ldap", "bind", "passwordFile"], "readOnly": false, "type": "string"}, "users.ldap.bind.policy": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"hard_open\""}, "description": "Specifies the policy to use for reconnecting to an unavailable\nLDAP server. The default is `hard_open`, which\nreconnects if opening the connection to the directory server\nfailed. By contrast, `hard_init` reconnects if\ninitializing the connection failed. Initializing may not\nactually contact the directory server, and it is possible that\na malformed configuration file will trigger reconnection. If\n`soft` is specified, then\n`nss_ldap` will return immediately on server\nfailure. All hard reconnect policies block with exponential\nbackoff before retrying.\n", "loc": ["users", "ldap", "bind", "policy"], "readOnly": false, "type": "one of \"hard_open\", \"hard_init\", \"soft\""}, "users.ldap.bind.timeLimit": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Specifies the time limit (in seconds) to use when connecting\nto the directory server. This is distinct from the time limit\nspecified in {option}`users.ldap.timeLimit` and affects\nthe initial server connection only.\n", "loc": ["users", "ldap", "bind", "timeLimit"], "readOnly": false, "type": "signed integer"}, "users.ldap.daemon.enable": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to let the nslcd daemon (nss-pam-ldapd) handle the\nLDAP lookups for NSS and PAM. This can improve performance,\nand if you need to bind to the LDAP server with a password,\nit increases security, since only the nslcd user needs to\nhave access to the bindpw file, not everyone that uses NSS\nand/or PAM. If this option is enabled, a local nscd user is\ncreated automatically, and the nslcd service is started\nautomatically when the network get up.\n", "loc": ["users", "ldap", "daemon", "enable"], "readOnly": false, "type": "boolean"}, "users.ldap.daemon.extraConfig": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options that will be added verbatim at\nthe end of the nslcd configuration file ({manpage}`nslcd.conf(5)`).\n", "loc": ["users", "ldap", "daemon", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "users.ldap.daemon.rootpwmoddn": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The distinguished name to use to bind to the LDAP server\nwhen the root user tries to modify a user's password.\n", "example": {"_type": "literalExpression", "text": "\"cn=admin,dc=example,dc=com\""}, "loc": ["users", "ldap", "daemon", "rootpwmoddn"], "readOnly": false, "type": "string"}, "users.ldap.daemon.rootpwmodpwFile": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The path to a file containing the credentials with which to bind to\nthe LDAP server if the root user tries to change a user's password.\n", "example": {"_type": "literalExpression", "text": "\"/run/keys/nslcd.rootpwmodpw\""}, "loc": ["users", "ldap", "daemon", "rootpwmodpwFile"], "readOnly": false, "type": "string"}, "users.ldap.enable": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable authentication against an LDAP server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["users", "ldap", "enable"], "readOnly": false, "type": "boolean"}, "users.ldap.extraConfig": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options that will be added verbatim at\nthe end of the ldap configuration file ({manpage}`ldap.conf(5)`).\nIf {option}`users.ldap.daemon` is enabled, this\nconfiguration will not be used. In that case, use\n{option}`users.ldap.daemon.extraConfig` instead.\n", "loc": ["users", "ldap", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "users.ldap.loginPam": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to include authentication against LDAP in login PAM.", "loc": ["users", "ldap", "loginPam"], "readOnly": false, "type": "boolean"}, "users.ldap.nsswitch": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to include lookup against LDAP in NSS.", "loc": ["users", "ldap", "nsswitch"], "readOnly": false, "type": "boolean"}, "users.ldap.server": {"declarations": ["nixos/modules/config/ldap.nix"], "description": "The URL of the LDAP server.", "example": {"_type": "literalExpression", "text": "\"ldap://ldap.example.org/\""}, "loc": ["users", "ldap", "server"], "readOnly": false, "type": "string"}, "users.ldap.timeLimit": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Specifies the time limit (in seconds) to use when performing\nsearches. A value of zero (0), which is the default, is to\nwait indefinitely for searches to be completed.\n", "loc": ["users", "ldap", "timeLimit"], "readOnly": false, "type": "signed integer"}, "users.ldap.useTLS": {"declarations": ["nixos/modules/config/ldap.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, use TLS (encryption) over an LDAP (port 389)\nconnection.  The alternative is to specify an LDAPS server (port\n636) in {option}`users.ldap.server` or to forego\nsecurity.\n", "loc": ["users", "ldap", "useTLS"], "readOnly": false, "type": "boolean"}, "users.manageLingering": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to manage whether users linger or not.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["users", "manageLingering"], "readOnly": false, "type": "boolean"}, "users.motd": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Message of the day shown to users when they log in.", "example": {"_type": "literalExpression", "text": "\"Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178.\""}, "loc": ["users", "motd"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "users.motdFile": {"declarations": ["nixos/modules/security/pam.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A file containing the message of the day shown to users when they log in.", "example": {"_type": "literalExpression", "text": "\"/etc/motd\""}, "loc": ["users", "motdFile"], "readOnly": false, "type": "null or absolute path"}, "users.mutableUsers": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to `true`, you are free to add new users and groups to the system\nwith the ordinary `useradd` and\n`groupadd` commands. On system activation, the\nexisting contents of the `/etc/passwd` and\n`/etc/group` files will be merged with the\ncontents generated from the `users.users` and\n`users.groups` options.\nThe initial password for a user will be set\naccording to `users.users`, but existing passwords\nwill not be changed.\n\n::: {.warning}\nIf set to `false`, the contents of the user and\ngroup files will simply be replaced on system activation. This also\nholds for the user passwords; all changed\npasswords will be reset according to the\n`users.users` configuration on activation.\n:::\n", "loc": ["users", "mutableUsers"], "readOnly": false, "type": "boolean"}, "users.mysql.database": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the database containing the users", "example": {"_type": "literalExpression", "text": "\"auth\""}, "loc": ["users", "mysql", "database"], "readOnly": false, "type": "string"}, "users.mysql.enable": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable authentication against a MySQL/MariaDB database.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["users", "mysql", "enable"], "readOnly": false, "type": "boolean"}, "users.mysql.host": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The hostname of the MySQL/MariaDB server", "example": {"_type": "literalExpression", "text": "\"localhost\""}, "loc": ["users", "mysql", "host"], "readOnly": false, "type": "string"}, "users.mysql.nss": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "Settings for `libnss-mysql`.\n\nAll examples are from the [minimal example](https://github.com/saknopper/libnss-mysql/tree/master/sample/minimal)\nof `libnss-mysql`, but they are modified with NixOS paths for bash.\n", "loc": ["users", "mysql", "nss"], "readOnly": false, "type": "submodule"}, "users.mysql.nss.getgrent": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getgrent](https://man7.org/linux/man-pages/man3/getgrent.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT name,password,gid FROM groups\n"}, "loc": ["users", "mysql", "nss", "getgrent"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getgrgid": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getgrgid](https://man7.org/linux/man-pages/man3/getgrgid.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1\n"}, "loc": ["users", "mysql", "nss", "getgrgid"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getgrnam": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getgrnam](https://man7.org/linux/man-pages/man3/getgrnam.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1\n"}, "loc": ["users", "mysql", "nss", "getgrnam"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getpwent": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getpwent](https://man7.org/linux/man-pages/man3/getpwent.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users\n"}, "loc": ["users", "mysql", "nss", "getpwent"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getpwnam": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getpwnam](https://man7.org/linux/man-pages/man3/getpwnam.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \\\nFROM users \\\nWHERE username='%1$s' \\\nLIMIT 1\n"}, "loc": ["users", "mysql", "nss", "getpwnam"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getpwuid": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getpwuid](https://man7.org/linux/man-pages/man3/getpwuid.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \\\nFROM users \\\nWHERE uid='%1$u' \\\nLIMIT 1\n"}, "loc": ["users", "mysql", "nss", "getpwuid"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getspent": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getspent](https://man7.org/linux/man-pages/man3/getspent.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT username,password,'1','0','99999','0','0','-1','0' FROM users\n"}, "loc": ["users", "mysql", "nss", "getspent"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.getspnam": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [getspnam](https://man7.org/linux/man-pages/man3/getspnam.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT username,password,'1','0','99999','0','0','-1','0' \\\nFROM users \\\nWHERE username='%1$s' \\\nLIMIT 1\n"}, "loc": ["users", "mysql", "nss", "getspnam"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.gidsbymem": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [gidsbymem](https://man7.org/linux/man-pages/man3/gidsbymem.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT gid FROM grouplist WHERE username='%1$s'\n"}, "loc": ["users", "mysql", "nss", "gidsbymem"], "readOnly": false, "type": "null or string"}, "users.mysql.nss.memsbygid": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "SQL query for the [memsbygid](https://man7.org/linux/man-pages/man3/memsbygid.3.html)\nsyscall.\n", "example": {"_type": "literalExpression", "text": "SELECT username FROM grouplist WHERE gid='%1$u'\n"}, "loc": ["users", "mysql", "nss", "memsbygid"], "readOnly": false, "type": "null or string"}, "users.mysql.pam": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "Settings for `pam_mysql`", "loc": ["users", "mysql", "pam"], "readOnly": false, "type": "submodule"}, "users.mysql.pam.cryptDefault": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The default encryption method to use for `passwordCrypt = 1`.", "example": {"_type": "literalExpression", "text": "\"blowfish\""}, "loc": ["users", "mysql", "pam", "cryptDefault"], "readOnly": false, "type": "null or one of \"md5\", \"sha256\", \"sha512\", \"blowfish\""}, "users.mysql.pam.disconnectEveryOperation": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default, `pam_mysql` keeps the connection to the MySQL\ndatabase until the session is closed. If this option is set to true it\ndisconnects every time the PAM operation has finished. This option may\nbe useful in case the session lasts quite long.\n", "loc": ["users", "mysql", "pam", "disconnectEveryOperation"], "readOnly": false, "type": "boolean"}, "users.mysql.pam.logging.enable": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enables logging of authentication attempts in the MySQL database.", "loc": ["users", "mysql", "pam", "logging", "enable"], "readOnly": false, "type": "boolean"}, "users.mysql.pam.logging.hostColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column in the log table to which the name of the user\nbeing authenticated is stored.\n", "example": {"_type": "literalExpression", "text": "\"host\""}, "loc": ["users", "mysql", "pam", "logging", "hostColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.logging.msgColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column in the log table to which the description\nof the performed operation is stored.\n", "example": {"_type": "literalExpression", "text": "\"msg\""}, "loc": ["users", "mysql", "pam", "logging", "msgColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.logging.pidColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column in the log table to which the pid of the\nprocess utilising the `pam_mysql` authentication\nservice is stored.\n", "example": {"_type": "literalExpression", "text": "\"pid\""}, "loc": ["users", "mysql", "pam", "logging", "pidColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.logging.rHostColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column in the log table to which the name of the remote\nhost that initiates the session is stored. The value is supposed to be\nset by the PAM-aware application with `pam_set_item(PAM_RHOST)`.\n", "example": {"_type": "literalExpression", "text": "\"rhost\""}, "loc": ["users", "mysql", "pam", "logging", "rHostColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.logging.table": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the table to which logs are written.", "example": {"_type": "literalExpression", "text": "\"logs\""}, "loc": ["users", "mysql", "pam", "logging", "table"], "readOnly": false, "type": "string"}, "users.mysql.pam.logging.timeColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column in the log table to which the timestamp of the\nlog entry is stored.\n", "example": {"_type": "literalExpression", "text": "\"timestamp\""}, "loc": ["users", "mysql", "pam", "logging", "timeColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.logging.userColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column in the log table to which the name of the\nuser being authenticated is stored.\n", "example": {"_type": "literalExpression", "text": "\"user\""}, "loc": ["users", "mysql", "pam", "logging", "userColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.passwordColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column that contains a (encrypted) password string.", "example": {"_type": "literalExpression", "text": "\"password\""}, "loc": ["users", "mysql", "pam", "passwordColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.passwordCrypt": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The method to encrypt the user's password:\n\n- `0` (or `\"plain\"`):\n  No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.\n- `1` (or `\"Y\"`):\n  Use {manpage}`crypt(3)` function.\n- `2` (or `\"mysql\"`):\n  Use the MySQL PASSWORD() function. It is possible that the encryption function used\n  by `pam_mysql` is different from that of the MySQL server, as\n  `pam_mysql` uses the function defined in MySQL's C-client API\n  instead of using PASSWORD() SQL function in the query.\n- `3` (or `\"md5\"`):\n  Use plain hex MD5.\n- `4` (or `\"sha1\"`):\n  Use plain hex SHA1.\n- `5` (or `\"drupal7\"`):\n  Use Drupal7 salted passwords.\n- `6` (or `\"joomla15\"`):\n  Use Joomla15 salted passwords.\n- `7` (or `\"ssha\"`):\n  Use ssha hashed passwords.\n- `8` (or `\"sha512\"`):\n  Use sha512 hashed passwords.\n- `9` (or `\"sha256\"`):\n  Use sha256 hashed passwords.\n", "example": {"_type": "literalExpression", "text": "\"2\""}, "loc": ["users", "mysql", "pam", "passwordCrypt"], "readOnly": false, "type": "one of \"0\", \"plain\", \"1\", \"Y\", \"2\", \"mysql\", \"3\", \"md5\", \"4\", \"sha1\", \"5\", \"drupal7\", \"6\", \"joomla15\", \"7\", \"ssha\", \"8\", \"sha512\", \"9\", \"sha256\""}, "users.mysql.pam.statusColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the column or an SQL expression that indicates the status of\nthe user. The status is expressed by the combination of two bitfields\nshown below:\n\n- `bit 0 (0x01)`:\n   if flagged, `pam_mysql` deems the account to be expired and\n   returns `PAM_ACCT_EXPIRED`. That is, the account is supposed\n   to no longer be available. Note this doesn't mean that `pam_mysql`\n   rejects further authentication operations.\n-  `bit 1 (0x02)`:\n   if flagged, `pam_mysql` deems the authentication token\n   (password) to be expired and returns `PAM_NEW_AUTHTOK_REQD`.\n   This ends up requiring that the user enter a new password.\n", "example": {"_type": "literalExpression", "text": "\"status\""}, "loc": ["users", "mysql", "pam", "statusColumn"], "readOnly": false, "type": "null or string"}, "users.mysql.pam.table": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of table that maps unique login names to the passwords.", "example": {"_type": "literalExpression", "text": "\"users\""}, "loc": ["users", "mysql", "pam", "table"], "readOnly": false, "type": "string"}, "users.mysql.pam.updateTable": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the table used for password alteration. If not defined, the value\nof the `table` option will be used instead.\n", "example": {"_type": "literalExpression", "text": "\"users_updates\""}, "loc": ["users", "mysql", "pam", "updateTable"], "readOnly": false, "type": "null or string"}, "users.mysql.pam.userColumn": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The name of the column that contains a unix login name.", "example": {"_type": "literalExpression", "text": "\"username\""}, "loc": ["users", "mysql", "pam", "userColumn"], "readOnly": false, "type": "string"}, "users.mysql.pam.verbose": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, produces logs with detailed messages that describes what\n`pam_mysql` is doing. May be useful for debugging.\n", "loc": ["users", "mysql", "pam", "verbose"], "readOnly": false, "type": "boolean"}, "users.mysql.pam.where": {"declarations": ["nixos/modules/config/mysql.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Additional criteria for the query.", "example": {"_type": "literalExpression", "text": "\"host.name='web' AND user.active=1\""}, "loc": ["users", "mysql", "pam", "where"], "readOnly": false, "type": "null or string"}, "users.mysql.passwordFile": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The path to the file containing the password for the user", "example": {"_type": "literalExpression", "text": "\"/run/secrets/mysql-auth-db-passwd\""}, "loc": ["users", "mysql", "passwordFile"], "readOnly": false, "type": "absolute path"}, "users.mysql.user": {"declarations": ["nixos/modules/config/mysql.nix"], "description": "The username to use when connecting to the database", "example": {"_type": "literalExpression", "text": "\"nss-user\""}, "loc": ["users", "mysql", "user"], "readOnly": false, "type": "string"}, "users.users": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix", "nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional user accounts to be created automatically by the system.\nThis can also be used to set options for root.\n", "example": {"_type": "literalExpression", "text": "{\n  alice = {\n    createHome = true;\n    description = \"Alice Q. User\";\n    extraGroups = [\n      \"wheel\"\n    ];\n    group = \"users\";\n    home = \"/home/alice\";\n    shell = \"/bin/sh\";\n    uid = 1234;\n  };\n}"}, "loc": ["users", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "users.users.<name>.autoSubUidGidRange": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically allocate subordinate user and group ids for this user.\nAllocated range is currently always of size 65536.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["users", "users", "<name>", "autoSubUidGidRange"], "readOnly": false, "type": "boolean"}, "users.users.<name>.createHome": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create the home directory and ensure ownership as well as\npermissions to match the user.\n", "loc": ["users", "users", "<name>", "createHome"], "readOnly": false, "type": "boolean"}, "users.users.<name>.cryptHomeLuks": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to encrypted luks device that contains\nthe user's home directory.\n", "loc": ["users", "users", "<name>", "cryptHomeLuks"], "readOnly": false, "type": "null or string"}, "users.users.<name>.description": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "A short description of the user account, typically the\nuser's full name.  This is actually the \u201cGECOS\u201d or \u201ccomment\u201d\nfield in {file}`/etc/passwd`.\n", "example": {"_type": "literalExpression", "text": "\"Alice Q. User\""}, "loc": ["users", "users", "<name>", "description"], "readOnly": false, "type": "string, not containing newlines or colons"}, "users.users.<name>.enable": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If set to false, the user account will not be created. This is useful for when you wish to conditionally\ndisable user accounts.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["users", "users", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "users.users.<name>.expires": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the date on which the user's account will no longer be\naccessible. The date is expressed in the format YYYY-MM-DD, or null\nto disable the expiry.\nA user whose account is locked must contact the system\nadministrator before being able to use the system again.\n", "loc": ["users", "users", "<name>", "expires"], "readOnly": false, "type": "null or string matching the pattern [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}"}, "users.users.<name>.extraGroups": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The user's auxiliary groups.", "loc": ["users", "users", "<name>", "extraGroups"], "readOnly": false, "type": "list of string"}, "users.users.<name>.group": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The user's primary group.", "loc": ["users", "users", "<name>", "group"], "readOnly": false, "type": "string"}, "users.users.<name>.hashedPassword": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the hashed password for the user.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\nTo generate a hashed password run `mkpasswd`.\n\nIf set to an empty string (`\"\"`), this user will be able to log in without\nbeing asked for a password (but not via remote services such as SSH, or\nindirectly via {command}`su` or {command}`sudo`). This should only be used\nfor e.g. bootable live systems. Note: this is different from setting an\nempty password, which can be achieved using\n{option}`users.users.<name?>.password`.\n\nIf set to `null` (default) this user will not be able to log in using a\npassword (i.e. via {command}`login` command).\n\n", "loc": ["users", "users", "<name>", "hashedPassword"], "readOnly": false, "type": "null or (string, not containing newlines or colons)"}, "users.users.<name>.hashedPasswordFile": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The full path to a file that contains the hash of the user's\npassword. The password file is read on each system activation. The\nfile should contain exactly one line, which should be the password in\nan encrypted form that is suitable for the `chpasswd -e` command.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\n", "loc": ["users", "users", "<name>", "hashedPasswordFile"], "readOnly": false, "type": "null or string"}, "users.users.<name>.home": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"/var/empty\""}, "description": "The user's home directory.", "loc": ["users", "users", "<name>", "home"], "readOnly": false, "type": "absolute path, not containing newlines or colons"}, "users.users.<name>.homeMode": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "\"700\""}, "description": "The user's home directory mode in numeric format. See {manpage}`chmod(1)`. The mode is only applied if {option}`users.users.<name>.createHome` is true.", "loc": ["users", "users", "<name>", "homeMode"], "readOnly": false, "type": "string matching the pattern [0-7]{1,5}"}, "users.users.<name>.ignoreShellProgramCheck": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "By default, nixos will check that programs.SHELL.enable is set to\ntrue if the user has a custom shell specified. If that behavior isn't\nrequired and there are custom overrides in place to make sure that the\nshell is functional, set this to true.\n", "loc": ["users", "users", "<name>", "ignoreShellProgramCheck"], "readOnly": false, "type": "boolean"}, "users.users.<name>.initialHashedPassword": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the initial hashed password for the user, i.e. the\nhashed password assigned if the user does not already\nexist. If {option}`users.mutableUsers` is true, the\npassword can be changed subsequently using the\n{command}`passwd` command. Otherwise, it's\nequivalent to setting the {option}`hashedPassword` option.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\nTo generate a hashed password run `mkpasswd`.\n\nIf set to an empty string (`\"\"`), this user will be able to log in without\nbeing asked for a password (but not via remote services such as SSH, or\nindirectly via {command}`su` or {command}`sudo`). This should only be used\nfor e.g. bootable live systems. Note: this is different from setting an\nempty password, which can be achieved using\n{option}`users.users.<name?>.password`.\n\nIf set to `null` (default) this user will not be able to log in using a\npassword (i.e. via {command}`login` command).\n\n", "loc": ["users", "users", "<name>", "initialHashedPassword"], "readOnly": false, "type": "null or (string, not containing newlines or colons)"}, "users.users.<name>.initialPassword": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the initial password for the user, i.e. the\npassword assigned if the user does not already exist. If\n{option}`users.mutableUsers` is true, the password\ncan be changed subsequently using the\n{command}`passwd` command. Otherwise, it's\nequivalent to setting the {option}`password`\noption. The same caveat applies: the password specified here\nis world-readable in the Nix store, so it should only be\nused for guest accounts or passwords that will be changed\npromptly.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\n", "loc": ["users", "users", "<name>", "initialPassword"], "readOnly": false, "type": "null or string"}, "users.users.<name>.isNormalUser": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Indicates whether this is an account for a \u201creal\u201d user.\nThis automatically sets {option}`group` to `users`,\n{option}`createHome` to `true`,\n{option}`home` to {file}`/home/\u00abusername\u00bb`,\n{option}`useDefaultShell` to `true`,\nand {option}`isSystemUser` to `false`.\nExactly one of `isNormalUser` and `isSystemUser` must be true.\n", "loc": ["users", "users", "<name>", "isNormalUser"], "readOnly": false, "type": "boolean"}, "users.users.<name>.isSystemUser": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Indicates if the user is a system user or not. This option\nonly has an effect if {option}`uid` is\n{option}`null`, in which case it determines whether\nthe user's UID is allocated in the range for system users\n(below 1000) or in the range for normal users (starting at\n1000).\nExactly one of `isNormalUser` and\n`isSystemUser` must be true.\n", "loc": ["users", "users", "<name>", "isSystemUser"], "readOnly": false, "type": "boolean"}, "users.users.<name>.linger": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Whether to enable or disable lingering for this user.  Without\nlingering, user units will not be started until the user logs in,\nand may be stopped on logout depending on the settings in\n{file}`logind.conf`.\n\nBy default, NixOS will not manage lingering, new users will default\nto not lingering, and lingering can be configured imperatively using\n`loginctl enable-linger` or `loginctl disable-linger`. Setting\nthis option to `true` or `false` is the declarative equivalent of\nrunning `loginctl enable-linger` or `loginctl disable-linger`\nrespectively.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["users", "users", "<name>", "linger"], "readOnly": false, "type": "null or boolean"}, "users.users.<name>.name": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "The name of the user account. If undefined, the name of the\nattribute set will be used.\n", "loc": ["users", "users", "<name>", "name"], "readOnly": false, "type": "string, not containing newlines or colons"}, "users.users.<name>.openssh.authorizedKeys.keyFiles": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of files each containing one OpenSSH public key that should be\nadded to the user's authorized keys. The contents of the files are\nread at build time and added to a file that the SSH daemon reads in\naddition to the the user's authorized_keys file. You can combine the\n`keyFiles` and `keys` options.\n", "loc": ["users", "users", "<name>", "openssh", "authorizedKeys", "keyFiles"], "readOnly": false, "type": "list of absolute path"}, "users.users.<name>.openssh.authorizedKeys.keys": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of verbatim OpenSSH public keys that should be added to the\nuser's authorized keys. The keys are added to a file that the SSH\ndaemon reads in addition to the the user's authorized_keys file.\nYou can combine the `keys` and\n`keyFiles` options.\nWarning: If you are using `NixOps` then don't use this\noption since it will replace the key required for deployment via ssh.\n", "example": {"_type": "literalExpression", "text": "[\n  \"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host\"\n  \"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar\"\n]"}, "loc": ["users", "users", "<name>", "openssh", "authorizedKeys", "keys"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "users.users.<name>.openssh.authorizedPrincipals": {"declarations": ["nixos/modules/services/networking/ssh/sshd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of verbatim principal names that should be added to the user's\nauthorized principals.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example@host\"\n  \"foo@bar\"\n]"}, "loc": ["users", "users", "<name>", "openssh", "authorizedPrincipals"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "users.users.<name>.packages": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The set of packages that should be made available to the user.\nThis is in contrast to {option}`environment.systemPackages`,\nwhich adds packages to all users.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.firefox pkgs.thunderbird ]"}, "loc": ["users", "users", "<name>", "packages"], "readOnly": false, "type": "list of package"}, "users.users.<name>.pamMount": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attributes for user's entry in\n{file}`pam_mount.conf.xml`.\nUseful attributes might include `path`,\n`options`, `fstype`, and `server`.\nSee <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>\nfor more information.\n", "loc": ["users", "users", "<name>", "pamMount"], "readOnly": false, "type": "attribute set of string"}, "users.users.<name>.password": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Specifies the (clear text) password for the user.\nWarning: do not set confidential information here\nbecause it is world-readable in the Nix store. This option\nshould only be used for public accounts.\n\nThe {option}`initialHashedPassword`, {option}`hashedPassword`,\n{option}`initialPassword`, {option}`password` and\n{option}`hashedPasswordFile` options all control what password is set for\nthe user.\n\nIn a system where [](#opt-systemd.sysusers.enable) is `false`, typically\nonly one of {option}`hashedPassword`, {option}`password`, or\n{option}`hashedPasswordFile` will be set.\n\nIn a system where [](#opt-systemd.sysusers.enable) or [](#opt-services.userborn.enable) is `true`,\ntypically only one of {option}`initialPassword`, {option}`initialHashedPassword`,\nor {option}`hashedPasswordFile` will be set.\n\nIf the option {option}`users.mutableUsers` is true, the password defined\nin one of the above password options will only be set when the user is\ncreated for the first time. After that, you are free to change the\npassword with the ordinary user management commands. If\n{option}`users.mutableUsers` is false, you cannot change user passwords,\nthey will always be set according to the password options.\n\nIf none of the password options are set, then no password is assigned to\nthe user, and the user will not be able to do password-based logins.\n\nIf multiple of these password options are set at the same time then a\nspecific order of precedence is followed, which can lead to surprising\nresults. The order of precedence differs depending on whether the\n{option}`users.mutableUsers` option is set.\n\n\nIf the option {option}`users.mutableUsers` is\n`false`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`hashedPassword` -> {option}`initialPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\nIf the option {option}`users.mutableUsers` is\n`true`, then the order of precedence is as shown\nbelow, where values on the left are overridden by values on the right:\n{option}`initialHashedPassword` -> {option}`initialPassword` -> {option}`hashedPassword` -> {option}`password` -> {option}`hashedPasswordFile`\n\n\n\n", "loc": ["users", "users", "<name>", "password"], "readOnly": false, "type": "null or string"}, "users.users.<name>.shell": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "pkgs.shadow"}, "description": "The path to the user's shell. Can use shell derivations,\nlike `pkgs.bashInteractive`. Don\u2019t\nforget to enable your shell in\n`programs` if necessary,\nlike `programs.zsh.enable = true;`.\n", "example": {"_type": "literalExpression", "text": "pkgs.bashInteractive"}, "loc": ["users", "users", "<name>", "shell"], "readOnly": false, "type": "null or package or (absolute path, not containing newlines or colons)"}, "users.users.<name>.subGidRanges": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Subordinate group ids that user is allowed to use.\nThey are set into {file}`/etc/subgid` and are used\nby `newgidmap` for user namespaces.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    count = 1;\n    startGid = 100;\n  }\n  {\n    count = 999;\n    startGid = 1001;\n  }\n]"}, "loc": ["users", "users", "<name>", "subGidRanges"], "readOnly": false, "type": "list of (submodule)"}, "users.users.<name>.subGidRanges.*.count": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Count of subordinate group ids", "loc": ["users", "users", "<name>", "subGidRanges", "*", "count"], "readOnly": false, "type": "signed integer"}, "users.users.<name>.subGidRanges.*.startGid": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "Start of the range of subordinate group ids that user is\nallowed to use.\n", "loc": ["users", "users", "<name>", "subGidRanges", "*", "startGid"], "readOnly": false, "type": "signed integer"}, "users.users.<name>.subUidRanges": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Subordinate user ids that user is allowed to use.\nThey are set into {file}`/etc/subuid` and are used\nby `newuidmap` for user namespaces.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    count = 1;\n    startUid = 1000;\n  }\n  {\n    count = 65534;\n    startUid = 100001;\n  }\n]"}, "loc": ["users", "users", "<name>", "subUidRanges"], "readOnly": false, "type": "list of (submodule)"}, "users.users.<name>.subUidRanges.*.count": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Count of subordinate user ids", "loc": ["users", "users", "<name>", "subUidRanges", "*", "count"], "readOnly": false, "type": "signed integer"}, "users.users.<name>.subUidRanges.*.startUid": {"declarations": ["nixos/modules/config/users-groups.nix"], "description": "Start of the range of subordinate user ids that user is\nallowed to use.\n", "loc": ["users", "users", "<name>", "subUidRanges", "*", "startUid"], "readOnly": false, "type": "signed integer"}, "users.users.<name>.uid": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The account UID. If the UID is null, a free UID is picked on\nactivation.\n", "loc": ["users", "users", "<name>", "uid"], "readOnly": false, "type": "null or signed integer"}, "users.users.<name>.useDefaultShell": {"declarations": ["nixos/modules/config/users-groups.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, the user's shell will be set to\n{option}`users.defaultUserShell`.\n", "loc": ["users", "users", "<name>", "useDefaultShell"], "readOnly": false, "type": "boolean"}, "virtualisation.appvm.enable": {"declarations": ["nixos/modules/virtualisation/appvm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This enables AppVMs and related virtualisation settings.\n", "loc": ["virtualisation", "appvm", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.appvm.user": {"declarations": ["nixos/modules/virtualisation/appvm.nix"], "description": "AppVM user login. Currently only AppVMs are supported for a single user only.\n", "loc": ["virtualisation", "appvm", "user"], "readOnly": false, "type": "string"}, "virtualisation.containerd.args": {"declarations": ["nixos/modules/virtualisation/containerd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "extra args to append to the containerd cmdline", "loc": ["virtualisation", "containerd", "args"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.containerd.configFile": {"declarations": ["nixos/modules/virtualisation/containerd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to containerd config file.\nSetting this option will override any configuration applied by the settings option.\n", "loc": ["virtualisation", "containerd", "configFile"], "readOnly": false, "type": "null or absolute path"}, "virtualisation.containerd.enable": {"declarations": ["nixos/modules/virtualisation/containerd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable containerd container runtime.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "containerd", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.containerd.settings": {"declarations": ["nixos/modules/virtualisation/containerd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Verbatim lines to add to containerd.toml\n", "loc": ["virtualisation", "containerd", "settings"], "readOnly": false, "type": "TOML value"}, "virtualisation.containers.containersConf.cniPlugins": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "[\n  pkgs.cni-plugins\n]\n"}, "description": "CNI plugins to install on the system.\n", "example": {"_type": "literalExpression", "text": "[\n  pkgs.cniPlugins.dnsname\n]\n"}, "loc": ["virtualisation", "containers", "containersConf", "cniPlugins"], "readOnly": false, "type": "list of package"}, "virtualisation.containers.containersConf.settings": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "containers.conf configuration", "loc": ["virtualisation", "containers", "containersConf", "settings"], "readOnly": false, "type": "TOML value"}, "virtualisation.containers.enable": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables the common /etc/containers configuration module.\n", "loc": ["virtualisation", "containers", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.containers.ociSeccompBpfHook.enable": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable the OCI seccomp BPF hook", "loc": ["virtualisation", "containers", "ociSeccompBpfHook", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.containers.policy": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Signature verification policy file.\nIf this option is empty the default policy file from\n`skopeo` will be used.\n", "example": {"_type": "literalExpression", "text": "{\n  default = [ { type = \"insecureAcceptAnything\"; } ];\n  transports = {\n    docker-daemon = {\n      \"\" = [ { type = \"insecureAcceptAnything\"; } ];\n    };\n  };\n}\n"}, "loc": ["virtualisation", "containers", "policy"], "readOnly": false, "type": "attribute set"}, "virtualisation.containers.registries.block": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of blocked repositories.\n", "loc": ["virtualisation", "containers", "registries", "block"], "readOnly": false, "type": "list of string"}, "virtualisation.containers.registries.insecure": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of insecure repositories.\n", "loc": ["virtualisation", "containers", "registries", "insecure"], "readOnly": false, "type": "list of string"}, "virtualisation.containers.registries.search": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"docker.io\"\n  \"quay.io\"\n]"}, "description": "List of repositories to search.\n", "loc": ["virtualisation", "containers", "registries", "search"], "readOnly": false, "type": "list of string"}, "virtualisation.containers.storage.settings": {"declarations": ["nixos/modules/virtualisation/containers.nix"], "description": "storage.conf configuration", "loc": ["virtualisation", "containers", "storage", "settings"], "readOnly": false, "type": "TOML value"}, "virtualisation.cri-o.enable": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Container Runtime Interface for OCI (CRI-O).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "cri-o", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.cri-o.extraPackages": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to be installed in the CRI-O wrapper.\n", "example": {"_type": "literalExpression", "text": "[\n  pkgs.gvisor\n]\n"}, "loc": ["virtualisation", "cri-o", "extraPackages"], "readOnly": false, "type": "list of package"}, "virtualisation.cri-o.logLevel": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level to be used", "loc": ["virtualisation", "cri-o", "logLevel"], "readOnly": false, "type": "one of \"trace\", \"debug\", \"info\", \"warn\", \"error\", \"fatal\""}, "virtualisation.cri-o.pauseCommand": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default pause command", "example": {"_type": "literalExpression", "text": "\"/pause\""}, "loc": ["virtualisation", "cri-o", "pauseCommand"], "readOnly": false, "type": "null or string"}, "virtualisation.cri-o.pauseImage": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default pause image for pod sandboxes", "example": {"_type": "literalExpression", "text": "\"k8s.gcr.io/pause:3.2\""}, "loc": ["virtualisation", "cri-o", "pauseImage"], "readOnly": false, "type": "null or string"}, "virtualisation.cri-o.runtime": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default runtime", "example": {"_type": "literalExpression", "text": "\"crun\""}, "loc": ["virtualisation", "cri-o", "runtime"], "readOnly": false, "type": "null or string"}, "virtualisation.cri-o.settings": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for cri-o, see\n<https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md>.\n", "loc": ["virtualisation", "cri-o", "settings"], "readOnly": false, "type": "TOML value"}, "virtualisation.cri-o.storageDriver": {"declarations": ["nixos/modules/virtualisation/cri-o.nix"], "default": {"_type": "literalExpression", "text": "\"overlay\""}, "description": "Storage driver to be used", "loc": ["virtualisation", "cri-o", "storageDriver"], "readOnly": false, "type": "one of \"aufs\", \"btrfs\", \"devmapper\", \"overlay\", \"vfs\", \"zfs\""}, "virtualisation.diskSize": {"declarations": ["nixos/modules/virtualisation/disk-size-option.nix"], "default": {"_type": "literalExpression", "text": "if virtualisation.diskSizeAutoSupported then \"auto\" else 1024"}, "description": "The disk size in MiB (1024\u00d71024 bytes) of the virtual machine.\n", "loc": ["virtualisation", "diskSize"], "readOnly": false, "type": "value \"auto\" (singular enum) or (positive integer, meaning >0)"}, "virtualisation.docker.autoPrune.dates": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "Specification (in the format described by\n{manpage}`systemd.time(7)`) of the time at\nwhich the prune will occur.\n", "loc": ["virtualisation", "docker", "autoPrune", "dates"], "readOnly": false, "type": "string"}, "virtualisation.docker.autoPrune.enable": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to periodically prune Docker resources. If enabled, a\nsystemd timer will run `docker system prune -f`\nas specified by the `dates` option.\n", "loc": ["virtualisation", "docker", "autoPrune", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.autoPrune.flags": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any additional flags passed to {command}`docker system prune`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--all\"\n]"}, "loc": ["virtualisation", "docker", "autoPrune", "flags"], "readOnly": false, "type": "list of string"}, "virtualisation.docker.autoPrune.persistent": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Takes a boolean argument. If true, the time when the service\nunit was last triggered is stored on disk. When the timer is\nactivated, the service unit is triggered immediately if it\nwould have been triggered at least once during the time when\nthe timer was inactive. Such triggering is nonetheless\nsubject to the delay imposed by RandomizedDelaySec=. This is\nuseful to catch up on missed runs of the service when the\nsystem was powered down.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["virtualisation", "docker", "autoPrune", "persistent"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.autoPrune.randomizedDelaySec": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": "Add a randomized delay before each auto prune.\nThe delay will be chosen between zero and this value.\nThis value must be a time span in the format specified by\n{manpage}`systemd.time(7)`\n", "example": {"_type": "literalExpression", "text": "\"45min\""}, "loc": ["virtualisation", "docker", "autoPrune", "randomizedDelaySec"], "readOnly": false, "type": "(optionally newline-terminated) single-line string"}, "virtualisation.docker.daemon.settings": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for docker daemon. The attributes are serialized to JSON used as daemon.conf.\nSee <https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file>\n", "example": {"_type": "literalExpression", "text": "{\n  fixed-cidr-v6 = \"fd00::/80\";\n  ipv6 = true;\n  live-restore = true;\n}"}, "loc": ["virtualisation", "docker", "daemon", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "virtualisation.docker.daemon.settings.live-restore": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "lib.versionOlder config.system.stateVersion \"24.11\""}, "description": "Allow dockerd to be restarted without affecting running container.\nThis option is incompatible with docker swarm.\n", "loc": ["virtualisation", "docker", "daemon", "settings", "live-restore"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.enable": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables docker, a daemon that manages\nlinux containers. Users in the \"docker\" group can interact with\nthe daemon (e.g. to start or stop containers) using the\n{command}`docker` command line tool.\n", "loc": ["virtualisation", "docker", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.enableNvidia": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "**Deprecated**, please use hardware.nvidia-container-toolkit.enable instead.\n\nEnable Nvidia GPU support inside docker containers.\n", "loc": ["virtualisation", "docker", "enableNvidia"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.enableOnBoot": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When enabled dockerd is started on boot. This is required for\ncontainers which are created with the\n`--restart=always` flag to work. If this option is\ndisabled, docker might be started on demand by socket activation.\n", "loc": ["virtualisation", "docker", "enableOnBoot"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.extraOptions": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The extra command-line options to pass to\n{command}`docker` daemon.\n", "loc": ["virtualisation", "docker", "extraOptions"], "readOnly": false, "type": "strings concatenated with \" \""}, "virtualisation.docker.extraPackages": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to PATH for the docker daemon process.\n", "example": {"_type": "literalExpression", "text": "with pkgs; [ criu ]"}, "loc": ["virtualisation", "docker", "extraPackages"], "readOnly": false, "type": "list of package"}, "virtualisation.docker.listenOptions": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"/run/docker.sock\"\n]"}, "description": "A list of unix and tcp docker should listen to. The format follows\nListenStream as described in {manpage}`systemd.socket(5)`.\n", "loc": ["virtualisation", "docker", "listenOptions"], "readOnly": false, "type": "list of string"}, "virtualisation.docker.liveRestore": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "description": "Alias of {option}`virtualisation.docker.daemon.settings.live-restore`.", "loc": ["virtualisation", "docker", "liveRestore"], "readOnly": false, "type": "submodule"}, "virtualisation.docker.logDriver": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "\"journald\""}, "description": "This option determines which Docker log driver to use.\n", "loc": ["virtualisation", "docker", "logDriver"], "readOnly": false, "type": "one of \"none\", \"json-file\", \"syslog\", \"journald\", \"gelf\", \"fluentd\", \"awslogs\", \"splunk\", \"etwlogs\", \"gcplogs\", \"local\""}, "virtualisation.docker.package": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "pkgs.docker"}, "description": "The docker package to use.", "loc": ["virtualisation", "docker", "package"], "readOnly": false, "type": "package"}, "virtualisation.docker.rootless.daemon.settings": {"declarations": ["nixos/modules/virtualisation/docker-rootless.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for docker daemon. The attributes are serialized to JSON used as daemon.conf.\nSee <https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file>\n", "example": {"_type": "literalExpression", "text": "{\n  fixed-cidr-v6 = \"fd00::/80\";\n  ipv6 = true;\n}"}, "loc": ["virtualisation", "docker", "rootless", "daemon", "settings"], "readOnly": false, "type": "JSON value"}, "virtualisation.docker.rootless.enable": {"declarations": ["nixos/modules/virtualisation/docker-rootless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables docker in a rootless mode, a daemon that manages\nlinux containers. To interact with the daemon, one needs to set\n{command}`DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock`.\n", "loc": ["virtualisation", "docker", "rootless", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.rootless.extraPackages": {"declarations": ["nixos/modules/virtualisation/docker-rootless.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to PATH for the docker daemon process.\n", "loc": ["virtualisation", "docker", "rootless", "extraPackages"], "readOnly": false, "type": "list of package"}, "virtualisation.docker.rootless.package": {"declarations": ["nixos/modules/virtualisation/docker-rootless.nix"], "default": {"_type": "literalExpression", "text": "pkgs.docker"}, "description": "The docker package to use.", "loc": ["virtualisation", "docker", "rootless", "package"], "readOnly": false, "type": "package"}, "virtualisation.docker.rootless.setSocketVariable": {"declarations": ["nixos/modules/virtualisation/docker-rootless.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Point {command}`DOCKER_HOST` to rootless Docker instance for\nnormal users by default.\n", "loc": ["virtualisation", "docker", "rootless", "setSocketVariable"], "readOnly": false, "type": "boolean"}, "virtualisation.docker.storageDriver": {"declarations": ["nixos/modules/virtualisation/docker.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "This option determines which Docker\n[storage driver](https://docs.docker.com/storage/storagedriver/select-storage-driver/)\nto use.\nBy default it lets docker automatically choose the preferred storage\ndriver.\nHowever, it is recommended to specify a storage driver explicitly, as\ndocker's default varies over versions.\n\n::: {.warning}\nChanging the storage driver will cause any existing containers\nand images to become inaccessible.\n:::\n", "loc": ["virtualisation", "docker", "storageDriver"], "readOnly": false, "type": "null or one of \"aufs\", \"btrfs\", \"devicemapper\", \"overlay\", \"overlay2\", \"zfs\""}, "virtualisation.hypervGuest.enable": {"declarations": ["nixos/modules/virtualisation/hyperv-guest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Hyper-V Guest Support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "hypervGuest", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.incus.agent.enable": {"declarations": ["nixos/modules/virtualisation/incus-agent.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Incus agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "incus", "agent", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.incus.clientPackage": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "config.virtualisation.incus.package.client"}, "description": "The incus client package to use. This package is added to PATH.", "loc": ["virtualisation", "incus", "clientPackage"], "readOnly": false, "type": "package"}, "virtualisation.incus.enable": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable incusd, a daemon that manages containers and virtual machines.\n\nUsers in the \"incus-admin\" group can interact with\nthe daemon (e.g. to start or stop containers) using the\n{command}`incus` command line tool, among others.\nUsers in the \"incus\" group can also interact with\nthe daemon, but with lower permissions\n(i.e. administrative operations are forbidden).\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "incus", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.incus.lxcPackage": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "config.virtualisation.lxc.package"}, "description": "The lxc package to use.", "loc": ["virtualisation", "incus", "lxcPackage"], "readOnly": false, "type": "package"}, "virtualisation.incus.package": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.incus-lts"}, "description": "The incus-lts package to use.", "loc": ["virtualisation", "incus", "package"], "readOnly": false, "type": "package"}, "virtualisation.incus.preseed": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration for Incus preseed, see\n<https://linuxcontainers.org/incus/docs/main/howto/initialize/#non-interactive-configuration>\nfor supported values.\n\nChanges to this will be re-applied to Incus which will overwrite existing entities or create missing ones,\nbut entities will *not* be removed by preseed.\n", "example": {"_type": "literalExpression", "text": "{\n  networks = [\n    {\n      config = {\n        \"ipv4.address\" = \"10.0.100.1/24\";\n        \"ipv4.nat\" = \"true\";\n      };\n      name = \"incusbr0\";\n      type = \"bridge\";\n    }\n  ];\n  profiles = [\n    {\n      devices = {\n        eth0 = {\n          name = \"eth0\";\n          network = \"incusbr0\";\n          type = \"nic\";\n        };\n        root = {\n          path = \"/\";\n          pool = \"default\";\n          size = \"35GiB\";\n          type = \"disk\";\n        };\n      };\n      name = \"default\";\n    }\n  ];\n  storage_pools = [\n    {\n      config = {\n        source = \"/var/lib/incus/storage-pools/default\";\n      };\n      driver = \"dir\";\n      name = \"default\";\n    }\n  ];\n}"}, "loc": ["virtualisation", "incus", "preseed"], "readOnly": false, "type": "null or (open submodule of (YAML 1.1 value))"}, "virtualisation.incus.socketActivation": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable socket-activation for starting incus.service. Enabling this option\nwill stop incus.service from starting automatically on boot.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "incus", "socketActivation"], "readOnly": false, "type": "boolean"}, "virtualisation.incus.softDaemonRestart": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Allow for incus.service to be stopped without affecting running instances.\n", "loc": ["virtualisation", "incus", "softDaemonRestart"], "readOnly": false, "type": "boolean"}, "virtualisation.incus.startTimeout": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "600"}, "description": "Time to wait (in seconds) for incusd to become ready to process requests.\nIf incusd does not reply within the configured time, `incus.service` will be\nconsidered failed and systemd will attempt to restart it.\n", "loc": ["virtualisation", "incus", "startTimeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.incus.ui.enable": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Incus Web UI.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "incus", "ui", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.incus.ui.package": {"declarations": ["nixos/modules/virtualisation/incus.nix"], "default": {"_type": "literalExpression", "text": "pkgs.incus-ui-canonical"}, "description": "The incus-ui-canonical package to use.", "loc": ["virtualisation", "incus", "ui", "package"], "readOnly": false, "type": "package"}, "virtualisation.kvmgt.device": {"declarations": ["nixos/modules/virtualisation/kvmgt.nix"], "default": {"_type": "literalExpression", "text": "\"0000:00:02.0\""}, "description": "PCI ID of graphics card. You can figure it with {command}`ls /sys/class/mdev_bus`.", "loc": ["virtualisation", "kvmgt", "device"], "readOnly": false, "type": "string"}, "virtualisation.kvmgt.enable": {"declarations": ["nixos/modules/virtualisation/kvmgt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card.\nCurrently only one graphical device can be shared. To allow users to access the device without root add them\nto the kvm group: `users.extraUsers.<yourusername>.extraGroups = [ \"kvm\" ];`\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "kvmgt", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.kvmgt.vgpus": {"declarations": ["nixos/modules/virtualisation/kvmgt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Virtual GPUs to be used in Qemu. You can find devices via {command}`ls /sys/bus/pci/devices/*/mdev_supported_types`\nand find info about device via {command}`cat /sys/bus/pci/devices/*/mdev_supported_types/i915-GVTg_V5_4/description`\n", "example": {"_type": "literalExpression", "text": "{\n  i915-GVTg_V5_8 = {\n    uuid = [\n      \"a297db4a-f4c2-11e6-90f6-d3b88d6c9525\"\n    ];\n  };\n}"}, "loc": ["virtualisation", "kvmgt", "vgpus"], "readOnly": false, "type": "attribute set of (submodule)"}, "virtualisation.kvmgt.vgpus.<name>.uuid": {"declarations": ["nixos/modules/virtualisation/kvmgt.nix"], "description": "UUID(s) of VGPU device. You can generate one with `libossp_uuid`.", "loc": ["virtualisation", "kvmgt", "vgpus", "<name>", "uuid"], "readOnly": false, "type": "list of string"}, "virtualisation.libvirtd.allowedBridges": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"virbr0\"\n]"}, "description": "List of bridge devices that can be used by qemu:///session\n", "loc": ["virtualisation", "libvirtd", "allowedBridges"], "readOnly": false, "type": "list of string"}, "virtualisation.libvirtd.dbus.enable": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable exposing libvirtd APIs over D-Bus.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "libvirtd", "dbus", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.dbus.package": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libvirt-dbus"}, "description": "The libvirt-dbus package to use.", "loc": ["virtualisation", "libvirtd", "dbus", "package"], "readOnly": false, "type": "package"}, "virtualisation.libvirtd.enable": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables libvirtd, a daemon that manages\nvirtual machines. Users in the \"libvirtd\" group can interact with\nthe daemon (e.g. to start or stop VMs) using the\n{command}`virsh` command line tool, among others.\n", "loc": ["virtualisation", "libvirtd", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.extraConfig": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra contents appended to the libvirtd configuration file,\nlibvirtd.conf.\n", "loc": ["virtualisation", "libvirtd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.libvirtd.extraOptions": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command line arguments passed to libvirtd on startup.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--verbose\"\n]"}, "loc": ["virtualisation", "libvirtd", "extraOptions"], "readOnly": false, "type": "list of string"}, "virtualisation.libvirtd.firewallBackend": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.nftables.enable then \"nftables\" else \"iptables\""}, "description": "The backend used to setup virtual network firewall rules.\n", "loc": ["virtualisation", "libvirtd", "firewallBackend"], "readOnly": false, "type": "one of \"iptables\", \"nftables\""}, "virtualisation.libvirtd.hooks": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hooks related options.\n", "loc": ["virtualisation", "libvirtd", "hooks"], "readOnly": false, "type": "submodule"}, "virtualisation.libvirtd.hooks.daemon": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hooks that will be placed under /var/lib/libvirt/hooks/daemon.d/\nand called for daemon start/shutdown/SIGHUP events.\nPlease see <https://libvirt.org/hooks.html> for documentation.\n", "loc": ["virtualisation", "libvirtd", "hooks", "daemon"], "readOnly": false, "type": "attribute set of absolute path"}, "virtualisation.libvirtd.hooks.libxl": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hooks that will be placed under /var/lib/libvirt/hooks/libxl.d/\nand called for libxl-handled xen domains begin/end events.\nPlease see <https://libvirt.org/hooks.html> for documentation.\n", "loc": ["virtualisation", "libvirtd", "hooks", "libxl"], "readOnly": false, "type": "attribute set of absolute path"}, "virtualisation.libvirtd.hooks.lxc": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hooks that will be placed under /var/lib/libvirt/hooks/lxc.d/\nand called for lxc domains begin/end events.\nPlease see <https://libvirt.org/hooks.html> for documentation.\n", "loc": ["virtualisation", "libvirtd", "hooks", "lxc"], "readOnly": false, "type": "attribute set of absolute path"}, "virtualisation.libvirtd.hooks.network": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hooks that will be placed under /var/lib/libvirt/hooks/network.d/\nand called for networks begin/end events.\nPlease see <https://libvirt.org/hooks.html> for documentation.\n", "loc": ["virtualisation", "libvirtd", "hooks", "network"], "readOnly": false, "type": "attribute set of absolute path"}, "virtualisation.libvirtd.hooks.qemu": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Hooks that will be placed under /var/lib/libvirt/hooks/qemu.d/\nand called for qemu domains begin/end/migrate events.\nPlease see <https://libvirt.org/hooks.html> for documentation.\n", "loc": ["virtualisation", "libvirtd", "hooks", "qemu"], "readOnly": false, "type": "attribute set of absolute path"}, "virtualisation.libvirtd.nss": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "libvirt NSS module options.\n", "loc": ["virtualisation", "libvirtd", "nss"], "readOnly": false, "type": "submodule"}, "virtualisation.libvirtd.nss.enable": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables the older libvirt NSS module. This method uses\nDHCP server records, therefore is dependent on the hostname provided\nby the guest.\nPlease see <https://libvirt.org/nss.html> for more information.\n", "loc": ["virtualisation", "libvirtd", "nss", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.nss.enableGuest": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables the newer libvirt_guest NSS module. This module\nuses the libvirt guest name instead of the hostname of the guest.\nPlease see <https://libvirt.org/nss.html> for more information.\n", "loc": ["virtualisation", "libvirtd", "nss", "enableGuest"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.onBoot": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "\"start\""}, "description": "Specifies the action to be done to / on the guests when the host boots.\nThe \"start\" option starts all guests that were running prior to shutdown\nregardless of their autostart settings. The \"ignore\" option will not\nstart the formerly running guest on boot. However, any guest marked as\nautostart will still be automatically started by libvirtd.\n", "loc": ["virtualisation", "libvirtd", "onBoot"], "readOnly": false, "type": "one of \"start\", \"ignore\""}, "virtualisation.libvirtd.onShutdown": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "\"suspend\""}, "description": "When shutting down / restarting the host what method should\nbe used to gracefully halt the guests. Setting to \"shutdown\"\nwill cause an ACPI shutdown of each guest. \"suspend\" will\nattempt to save the state of the guests ready to restore on boot.\n", "loc": ["virtualisation", "libvirtd", "onShutdown"], "readOnly": false, "type": "one of \"shutdown\", \"suspend\""}, "virtualisation.libvirtd.package": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.libvirt"}, "description": "The libvirt package to use.", "loc": ["virtualisation", "libvirtd", "package"], "readOnly": false, "type": "package"}, "virtualisation.libvirtd.parallelShutdown": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of guests that will be shutdown concurrently, taking effect when onShutdown\nis set to \"shutdown\". If set to 0, guests will be shutdown one after another.\nNumber of guests on shutdown at any time will not exceed number set in this\nvariable.\n", "loc": ["virtualisation", "libvirtd", "parallelShutdown"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.libvirtd.qemu": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "QEMU related options.\n", "loc": ["virtualisation", "libvirtd", "qemu"], "readOnly": false, "type": "submodule"}, "virtualisation.libvirtd.qemu.package": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qemu"}, "description": "The qemu package to use. `pkgs.qemu` can emulate alien architectures (e.g. aarch64 on x86)\n`pkgs.qemu_kvm` saves disk space allowing to emulate only host architectures.\n", "loc": ["virtualisation", "libvirtd", "qemu", "package"], "readOnly": false, "type": "package"}, "virtualisation.libvirtd.qemu.runAsRoot": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If true,  libvirtd runs qemu as root.\nIf false, libvirtd runs qemu as unprivileged user qemu-libvirtd.\nChanging this option to false may cause file permission issues\nfor existing guests. To fix these, manually change ownership\nof affected files in /var/lib/libvirt/qemu to qemu-libvirtd.\n", "loc": ["virtualisation", "libvirtd", "qemu", "runAsRoot"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.qemu.swtpm": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "QEMU's swtpm options.\n", "loc": ["virtualisation", "libvirtd", "qemu", "swtpm"], "readOnly": false, "type": "submodule"}, "virtualisation.libvirtd.qemu.swtpm.enable": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allows libvirtd to use swtpm to create an emulated TPM.\n", "loc": ["virtualisation", "libvirtd", "qemu", "swtpm", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.qemu.swtpm.package": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.swtpm"}, "description": "The swtpm package to use.", "loc": ["virtualisation", "libvirtd", "qemu", "swtpm", "package"], "readOnly": false, "type": "package"}, "virtualisation.libvirtd.qemu.verbatimConfig": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "''\n  namespaces = []\n''"}, "description": "Contents written to the qemu configuration file, qemu.conf.\nMake sure to include a proper namespace configuration when\nsupplying custom configuration.\n", "loc": ["virtualisation", "libvirtd", "qemu", "verbatimConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.libvirtd.qemu.vhostUserPackages": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages containing out-of-tree vhost-user drivers.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.virtiofsd ]"}, "loc": ["virtualisation", "libvirtd", "qemu", "vhostUserPackages"], "readOnly": false, "type": "list of package"}, "virtualisation.libvirtd.shutdownTimeout": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "300"}, "description": "Number of seconds we're willing to wait for a guest to shut down.\nIf parallel shutdown is enabled, this timeout applies as a timeout\nfor shutting down all guests on a single URI defined in the variable URIS.\nIf this is 0, then there is no time out (use with caution, as guests might not\nrespond to a shutdown request).\n", "loc": ["virtualisation", "libvirtd", "shutdownTimeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.libvirtd.sshProxy": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure OpenSSH to use the [SSH Proxy](https://libvirt.org/ssh-proxy.html).\n", "loc": ["virtualisation", "libvirtd", "sshProxy"], "readOnly": false, "type": "boolean"}, "virtualisation.libvirtd.startDelay": {"declarations": ["nixos/modules/virtualisation/libvirtd.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of seconds to wait between each guest start.\nIf set to 0, all guests will start up in parallel.\n", "loc": ["virtualisation", "libvirtd", "startDelay"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.lxc.bridgeConfig": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This is the config file for override lxc-net bridge default settings.\n", "loc": ["virtualisation", "lxc", "bridgeConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.lxc.defaultConfig": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Default config (default.conf) for new containers, i.e. for\nnetwork config. See {manpage}`lxc.container.conf(5)`.\n", "loc": ["virtualisation", "lxc", "defaultConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.lxc.enable": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This enables Linux Containers (LXC), which provides tools\nfor creating and managing system or application containers\non Linux.\n", "loc": ["virtualisation", "lxc", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.lxc.lxcfs.enable": {"declarations": ["nixos/modules/virtualisation/lxcfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This enables LXCFS, a FUSE filesystem for LXC.\nTo use lxcfs in include the following configuration in your\ncontainer configuration:\n```\nvirtualisation.lxc.defaultConfig = \"lxc.include = ${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf\";\n```\n", "loc": ["virtualisation", "lxc", "lxcfs", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.lxc.package": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lxc"}, "description": "The lxc package to use.", "loc": ["virtualisation", "lxc", "package"], "readOnly": false, "type": "package"}, "virtualisation.lxc.systemConfig": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This is the system-wide LXC config. See\n{manpage}`lxc.system.conf(5)`.\n", "loc": ["virtualisation", "lxc", "systemConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.lxc.unprivilegedContainers": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable support for unprivileged users to launch containers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "lxc", "unprivilegedContainers"], "readOnly": false, "type": "boolean"}, "virtualisation.lxc.usernetConfig": {"declarations": ["nixos/modules/virtualisation/lxc.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This is the config file for managing unprivileged user network\nadministration access in LXC. See {manpage}`lxc-usernet(5)`.\n", "loc": ["virtualisation", "lxc", "usernetConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.oci-containers.backend": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "\"podman\""}, "description": "The underlying Docker implementation to use.", "loc": ["virtualisation", "oci-containers", "backend"], "readOnly": false, "type": "one of \"podman\", \"docker\""}, "virtualisation.oci-containers.containers": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "OCI (Docker) containers to run as systemd services.", "loc": ["virtualisation", "oci-containers", "containers"], "readOnly": false, "type": "attribute set of (submodule)"}, "virtualisation.oci-containers.containers.<name>.autoRemoveOnStop": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically remove the container when it is stopped or killed\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "autoRemoveOnStop"], "readOnly": false, "type": "boolean"}, "virtualisation.oci-containers.containers.<name>.autoStart": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "When enabled, the container is automatically started on boot.\nIf this option is set to false, the container has to be started on-demand via its service.\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "virtualisation.oci-containers.containers.<name>.capabilities": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Capabilities to configure for the container.\nWhen set to true, capability is added to the container.\nWhen set to false, capability is dropped from the container.\nWhen null, default runtime settings apply.\n", "example": {"_type": "literalExpression", "text": "{\n  SYS_ADMIN = true;\n  SYS_WRITE = false;\n}"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "capabilities"], "readOnly": false, "type": "lazy attribute set of (null or boolean)"}, "virtualisation.oci-containers.containers.<name>.cmd": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Commandline arguments to pass to the image's entrypoint.", "example": {"_type": "literalExpression", "text": "[\n  \"--port=9000\"\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "cmd"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.dependsOn": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Define which other containers this one depends on. They will be added to both After and Requires for the unit.\n\nUse the same name as the attribute under `virtualisation.oci-containers.containers`.\n", "example": {"_type": "literalExpression", "text": "virtualisation.oci-containers.containers = {\n  node1 = {};\n  node2.dependsOn = [ \"node1\" ];\n};\n"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "dependsOn"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.devices": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of devices to attach to this container.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/dev/dri:/dev/dri\"\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "devices"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.entrypoint": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default entrypoint of the image.", "example": {"_type": "literalExpression", "text": "\"/bin/my-app\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "entrypoint"], "readOnly": false, "type": "null or string"}, "virtualisation.oci-containers.containers.<name>.environment": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Environment variables to set for this container.", "example": {"_type": "literalExpression", "text": "{\n  DATABASE_HOST = \"db.example.com\";\n  DATABASE_PORT = \"3306\";\n}"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "environment"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.oci-containers.containers.<name>.environmentFiles": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Environment files for this container.", "example": {"_type": "literalExpression", "text": "[\n  /path/to/.env\n  /path/to/.env.secret\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "environmentFiles"], "readOnly": false, "type": "list of absolute path"}, "virtualisation.oci-containers.containers.<name>.extraOptions": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options for {command}`podman run`.", "example": {"_type": "literalExpression", "text": "[\n  \"--network=host\"\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "extraOptions"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.hostname": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The hostname of the container.", "example": {"_type": "literalExpression", "text": "\"hello-world\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "hostname"], "readOnly": false, "type": "null or string"}, "virtualisation.oci-containers.containers.<name>.image": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "description": "OCI image to run.", "example": {"_type": "literalExpression", "text": "\"library/hello-world\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "image"], "readOnly": false, "type": "string"}, "virtualisation.oci-containers.containers.<name>.imageFile": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to an image file to load before running the image. This can\nbe used to bypass pulling the image from the registry.\n\nThe `image` attribute must match the name and\ntag of the image contained in this file, as they will be used to\nrun the container with that image. If they do not match, the\nimage will be pulled from the registry as usual.\n", "example": {"_type": "literalExpression", "text": "pkgs.dockerTools.buildImage {...};"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "imageFile"], "readOnly": false, "type": "null or path in the Nix store"}, "virtualisation.oci-containers.containers.<name>.imageStream": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a script that streams the desired image on standard output.\n\nThis option is mainly intended for use with\n`pkgs.dockerTools.streamLayeredImage` so that the intermediate\nimage archive does not need to be stored in the Nix store.  For\nlarger images this optimization can significantly reduce Nix store\nchurn compared to using the `imageFile` option, because you don't\nhave to store a new copy of the image archive in the Nix store\nevery time you change the image.  Instead, if you stream the image\nthen you only need to build and store the layers that differ from\nthe previous image.\n", "example": {"_type": "literalExpression", "text": "pkgs.dockerTools.streamLayeredImage {...};"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "imageStream"], "readOnly": false, "type": "null or package"}, "virtualisation.oci-containers.containers.<name>.labels": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Labels to attach to the container at runtime.", "example": {"_type": "literalExpression", "text": "{\n  \"traefik.https.routers.example.rule\" = \"Host(`example.container`)\";\n}"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "labels"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.oci-containers.containers.<name>.log-driver": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "\"journald\""}, "description": "Logging driver for the container.  The default of\n`\"journald\"` means that the container's logs will be\nhandled as part of the systemd unit.\n\nFor more details and a full list of logging drivers, refer to respective backends documentation.\n\nFor Docker:\n[Docker engine documentation](https://docs.docker.com/engine/logging/configure/)\n\nFor Podman:\nRefer to the {manpage}`docker-run(1)` man page.\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "log-driver"], "readOnly": false, "type": "string"}, "virtualisation.oci-containers.containers.<name>.login.passwordFile": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing password.", "example": {"_type": "literalExpression", "text": "\"/etc/nixos/dockerhub-password.txt\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "login", "passwordFile"], "readOnly": false, "type": "null or string"}, "virtualisation.oci-containers.containers.<name>.login.registry": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Registry where to login to.", "example": {"_type": "literalExpression", "text": "\"https://docker.pkg.github.com\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "login", "registry"], "readOnly": false, "type": "null or string"}, "virtualisation.oci-containers.containers.<name>.login.username": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for login.", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "login", "username"], "readOnly": false, "type": "null or string"}, "virtualisation.oci-containers.containers.<name>.networks": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Networks to attach the container to\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "networks"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.podman": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Podman-specific settings in OCI containers. These must be null when using\nthe `docker` backend.\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "podman"], "readOnly": false, "type": "null or (submodule)"}, "virtualisation.oci-containers.containers.<name>.podman.sdnotify": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "\"conmon\""}, "description": "Determines how `podman` should notify systemd that the unit is ready. There are\n[three options](https://docs.podman.io/en/latest/markdown/podman-run.1.html#sdnotify-container-conmon-healthy-ignore):\n\n* `conmon`: marks the unit as ready when the container has started.\n* `healthy`: marks the unit as ready when the [container's healthcheck](https://docs.podman.io/en/stable/markdown/podman-healthcheck-run.1.html) passes.\n* `container`: `NOTIFY_SOCKET` is passed into the container and the process inside the container needs to indicate on its own that it's ready.\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "podman", "sdnotify"], "readOnly": false, "type": "one of \"conmon\", \"healthy\", \"container\""}, "virtualisation.oci-containers.containers.<name>.podman.user": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "\"root\""}, "description": "The user under which the container should run.\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "podman", "user"], "readOnly": false, "type": "string"}, "virtualisation.oci-containers.containers.<name>.ports": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Network ports to publish from the container to the outer host.\n\nValid formats:\n- `<ip>:<hostPort>:<containerPort>`\n- `<ip>::<containerPort>`\n- `<hostPort>:<containerPort>`\n- `<containerPort>`\n\nBoth `hostPort` and `containerPort` can be specified as a range of\nports.  When specifying ranges for both, the number of container\nports in the range must match the number of host ports in the\nrange.  Example: `1234-1236:1234-1236/tcp`\n\nWhen specifying a range for `hostPort` only, the `containerPort`\nmust *not* be a range.  In this case, the container port is published\nsomewhere within the specified `hostPort` range.\nExample: `1234-1236:1234/tcp`\n\nPublishing a port bypasses the NixOS firewall. If the port is not\nsupposed to be shared on the network, make sure to publish the\nport to localhost.\nExample: `127.0.0.1:1234:1234`\n\nRefer to the\n[Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1:8080:9000\"\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "ports"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.preRunExtraOptions": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options for {command}`podman` that go before the `run` argument.", "example": {"_type": "literalExpression", "text": "[\n  \"--runtime\"\n  \"runsc\"\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "preRunExtraOptions"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.privileged": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Give extended privileges to the container\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "privileged"], "readOnly": false, "type": "boolean"}, "virtualisation.oci-containers.containers.<name>.pull": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "\"missing\""}, "description": "Image pull policy for the container. Must be one of: always, missing, never, newer\n", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "pull"], "readOnly": false, "type": "one of \"always\", \"missing\", \"never\", \"newer\""}, "virtualisation.oci-containers.containers.<name>.serviceName": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "\"<backend>-<name>\""}, "description": "Systemd service name that manages the container", "loc": ["virtualisation", "oci-containers", "containers", "<name>", "serviceName"], "readOnly": false, "type": "string"}, "virtualisation.oci-containers.containers.<name>.user": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the username or UID (and optionally groupname or GID) used\nin the container.\n", "example": {"_type": "literalExpression", "text": "\"nobody:nogroup\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "user"], "readOnly": false, "type": "null or string"}, "virtualisation.oci-containers.containers.<name>.volumes": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of volumes to attach to this container.\n\nNote that this is a list of `\"src:dst\"` strings to\nallow for `src` to refer to `/nix/store` paths, which\nwould be difficult with an attribute set.  There are\nalso a variety of mount options available as a third\nfield; please refer to the\n[docker engine documentation](https://docs.docker.com/engine/storage/volumes/) for details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"volume_name:/path/inside/container\"\n  \"/path/on/host:/path/inside/container\"\n]"}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "volumes"], "readOnly": false, "type": "list of string"}, "virtualisation.oci-containers.containers.<name>.workdir": {"declarations": ["nixos/modules/virtualisation/oci-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the default working directory for the container.", "example": {"_type": "literalExpression", "text": "\"/var/lib/hello_world\""}, "loc": ["virtualisation", "oci-containers", "containers", "<name>", "workdir"], "readOnly": false, "type": "null or string"}, "virtualisation.podman.autoPrune.dates": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "\"weekly\""}, "description": "Specification (in the format described by\n{manpage}`systemd.time(7)`) of the time at\nwhich the prune will occur.\n", "loc": ["virtualisation", "podman", "autoPrune", "dates"], "readOnly": false, "type": "string"}, "virtualisation.podman.autoPrune.enable": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to periodically prune Podman resources. If enabled, a\nsystemd timer will run `podman system prune -f`\nas specified by the `dates` option.\n", "loc": ["virtualisation", "podman", "autoPrune", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.autoPrune.flags": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Any additional flags passed to {command}`podman system prune`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--all\"\n]"}, "loc": ["virtualisation", "podman", "autoPrune", "flags"], "readOnly": false, "type": "list of string"}, "virtualisation.podman.defaultNetwork.settings": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for podman's default network.\n", "example": {"_type": "literalExpression", "text": "{ dns_enabled = true; }"}, "loc": ["virtualisation", "podman", "defaultNetwork", "settings"], "readOnly": false, "type": "JSON value"}, "virtualisation.podman.dockerCompat": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an alias mapping {command}`docker` to {command}`podman`.\n", "loc": ["virtualisation", "podman", "dockerCompat"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.dockerSocket.enable": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make the Podman socket available in place of the Docker socket, so\nDocker tools can find the Podman socket.\n\nPodman implements the Docker API.\n\nUsers must be in the `podman` group in order to connect. As\nwith Docker, members of this group can gain root access.\n", "loc": ["virtualisation", "podman", "dockerSocket", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.enable": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option enables Podman, a daemonless container engine for\ndeveloping, managing, and running OCI Containers on your Linux System.\n\nIt is a drop-in replacement for the {command}`docker` command.\n", "loc": ["virtualisation", "podman", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.enableNvidia": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "**Deprecated**, please use hardware.nvidia-container-toolkit.enable instead.\n\nEnable use of Nvidia GPUs from within podman containers.\n", "loc": ["virtualisation", "podman", "enableNvidia"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.extraPackages": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra dependencies for podman to be placed on $PATH in the wrapper.\n", "loc": ["virtualisation", "podman", "extraPackages"], "readOnly": false, "type": "list of package"}, "virtualisation.podman.extraRuntimes": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "lib.optionals pkgs.stdenv.hostPlatform.isLinux [ pkgs.runc ]"}, "description": "Extra runtime packages to be installed in the Podman wrapper.\nThose are then placed in libexec/podman, i.e. are seen as podman internal commands.\n", "example": {"_type": "literalExpression", "text": "[\n  pkgs.gvisor\n]\n"}, "loc": ["virtualisation", "podman", "extraRuntimes"], "readOnly": false, "type": "list of package"}, "virtualisation.podman.networkSocket.enable": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make the Podman and Docker compatibility API available over the network\nwith TLS client certificate authentication.\n\nThis allows Docker clients to connect with the equivalents of the Docker\nCLI `-H` and `--tls*` family of options.\n\nFor certificate setup, see <https://docs.docker.com/engine/security/protect-access/>\n\nThis option is independent of [](#opt-virtualisation.podman.dockerSocket.enable).\n", "loc": ["virtualisation", "podman", "networkSocket", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.networkSocket.listenAddress": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Interface address for receiving TLS connections.\n", "loc": ["virtualisation", "podman", "networkSocket", "listenAddress"], "readOnly": false, "type": "string"}, "virtualisation.podman.networkSocket.openFirewall": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the port in the firewall.\n", "loc": ["virtualisation", "podman", "networkSocket", "openFirewall"], "readOnly": false, "type": "boolean"}, "virtualisation.podman.networkSocket.port": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "default": {"_type": "literalExpression", "text": "2376"}, "description": "TCP port number for receiving TLS connections.\n", "loc": ["virtualisation", "podman", "networkSocket", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "virtualisation.podman.networkSocket.server": {"declarations": ["nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix", "nixos/modules/virtualisation/podman/network-socket.nix"], "description": "Choice of TLS proxy server.\n", "example": {"_type": "literalExpression", "text": "\"ghostunnel\""}, "loc": ["virtualisation", "podman", "networkSocket", "server"], "readOnly": false, "type": "value \"ghostunnel\" (singular enum)"}, "virtualisation.podman.networkSocket.tls.cacert": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "description": "Path to CA certificate to use for client authentication.\n", "loc": ["virtualisation", "podman", "networkSocket", "tls", "cacert"], "readOnly": false, "type": "absolute path"}, "virtualisation.podman.networkSocket.tls.cert": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "description": "Path to certificate describing the server.\n", "loc": ["virtualisation", "podman", "networkSocket", "tls", "cert"], "readOnly": false, "type": "absolute path"}, "virtualisation.podman.networkSocket.tls.key": {"declarations": ["nixos/modules/virtualisation/podman/network-socket.nix"], "description": "Path to the private key corresponding to the server certificate.\n\nUse a string for this setting. Otherwise it will be copied to the Nix\nstore first, where it is readable by any system process.\n", "loc": ["virtualisation", "podman", "networkSocket", "tls", "key"], "readOnly": false, "type": "absolute path"}, "virtualisation.podman.package": {"declarations": ["nixos/modules/virtualisation/podman/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.podman"}, "description": "The podman package to use. This package will automatically include extra packages and runtimes.\n", "loc": ["virtualisation", "podman", "package"], "readOnly": false, "type": "package"}, "virtualisation.rosetta.enable": {"declarations": ["nixos/modules/virtualisation/rosetta.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) support.\n\nThis feature requires the system to be a virtualised guest on an Apple silicon host.\n\nThe default settings are suitable for the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).\nMake sure to select 'Apple Virtualization' as the virtualisation engine and then tick the 'Enable Rosetta' option.\n", "loc": ["virtualisation", "rosetta", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.rosetta.mountTag": {"declarations": ["nixos/modules/virtualisation/rosetta.nix"], "default": {"_type": "literalExpression", "text": "\"rosetta\""}, "description": "The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software.\n\nIf supported, your virtualisation software should provide instructions on how register the Rosetta runtime inside Linux guests.\nThese instructions should mention the name of the mount tag used for the VirtioFS directory share that contains the Rosetta runtime.\n", "loc": ["virtualisation", "rosetta", "mountTag"], "readOnly": false, "type": "string"}, "virtualisation.spiceUSBRedirection.enable": {"declarations": ["nixos/modules/virtualisation/spice-usb-redirection.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Install the SPICE USB redirection helper with setuid\nprivileges. This allows unprivileged users to pass USB devices\nconnected to this machine to libvirt VMs, both local and\nremote. Note that this allows users arbitrary access to USB\ndevices.\n", "loc": ["virtualisation", "spiceUSBRedirection", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.clipboard": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable clipboard support.", "loc": ["virtualisation", "virtualbox", "guest", "clipboard"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.dragAndDrop": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable drag and drop support.", "loc": ["virtualisation", "virtualbox", "guest", "dragAndDrop"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.enable": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the VirtualBox service and other guest additions.", "loc": ["virtualisation", "virtualbox", "guest", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.seamless": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable seamless mode. When activated windows from the guest appear next to the windows of the host.", "loc": ["virtualisation", "virtualbox", "guest", "seamless"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.use3rdPartyModules": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to use the kernel modules provided by VirtualBox instead of the ones from the upstream kernel.", "loc": ["virtualisation", "virtualbox", "guest", "use3rdPartyModules"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.vboxsf": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to load vboxsf", "loc": ["virtualisation", "virtualbox", "guest", "vboxsf"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.guest.verbose": {"declarations": ["nixos/modules/virtualisation/virtualbox-guest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to verbose logging for guest services.", "loc": ["virtualisation", "virtualbox", "guest", "verbose"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.addNetworkInterface": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Automatically set up a vboxnet0 host-only network interface.\n", "loc": ["virtualisation", "virtualbox", "host", "addNetworkInterface"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.enable": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VirtualBox.\n\n::: {.note}\nIn order to pass USB devices from the host to the guests, the user\nneeds to be in the `vboxusers` group.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "virtualbox", "host", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.enableExtensionPack": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to install the Oracle Extension Pack for VirtualBox.\n\n::: {.important}\nYou must set `nixpkgs.config.allowUnfree = true` in\norder to use this.  This requires you accept the VirtualBox PUEL.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "virtualbox", "host", "enableExtensionPack"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.enableHardening": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable hardened VirtualBox, which ensures that only the binaries in the\nsystem path get access to the devices exposed by the kernel modules\ninstead of all users in the vboxusers group.\n\n::: {.important}\nDisabling this can put your system's security at risk, as local users\nin the vboxusers group can tamper with the VirtualBox device files.\n:::\n", "loc": ["virtualisation", "virtualbox", "host", "enableHardening"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.enableKvm": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable KVM support for VirtualBox. This increases compatibility with Linux kernel versions, because the VirtualBox kernel modules\nare not required.\n\nThis option is incompatible with `addNetworkInterface`.\n\nNote: This is experimental. Please check <https://github.com/cyberus-technology/virtualbox-kvm/issues>.\n", "loc": ["virtualisation", "virtualbox", "host", "enableKvm"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.enableWebService": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers.\n", "loc": ["virtualisation", "virtualbox", "host", "enableWebService"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.headless": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers\nand when virtual machines are controlled only via SSH.\n", "loc": ["virtualisation", "virtualbox", "host", "headless"], "readOnly": false, "type": "boolean"}, "virtualisation.virtualbox.host.package": {"declarations": ["nixos/modules/virtualisation/virtualbox-host.nix"], "default": {"_type": "literalExpression", "text": "pkgs.virtualbox"}, "description": "The virtualbox package to use.", "loc": ["virtualisation", "virtualbox", "host", "package"], "readOnly": false, "type": "package"}, "virtualisation.vmware.guest.enable": {"declarations": ["nixos/modules/virtualisation/vmware-guest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable VMWare Guest Support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "vmware", "guest", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.vmware.guest.headless": {"declarations": ["nixos/modules/virtualisation/vmware-guest.nix"], "default": {"_type": "literalExpression", "text": "!config.services.xserver.enable"}, "description": "Whether to disable X11-related features.", "loc": ["virtualisation", "vmware", "guest", "headless"], "readOnly": false, "type": "boolean"}, "virtualisation.vmware.guest.package": {"declarations": ["nixos/modules/virtualisation/vmware-guest.nix"], "default": {"_type": "literalExpression", "text": "if config.virtualisation.vmware.headless then pkgs.open-vm-tools-headless else pkgs.open-vm-tools;"}, "description": "Package providing open-vm-tools.", "example": {"_type": "literalExpression", "text": "pkgs.open-vm-tools"}, "loc": ["virtualisation", "vmware", "guest", "package"], "readOnly": false, "type": "package"}, "virtualisation.vmware.host.enable": {"declarations": ["nixos/modules/virtualisation/vmware-host.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This enables VMware host virtualisation for running VMs.\n\n::: {.important}\n`vmware-vmx` will cause kcompactd0 due to\n`Transparent Hugepages` feature in kernel.\nApply `[ \"transparent_hugepage=never\" ]` in\noption {option}`boot.kernelParams` to disable them.\n:::\n\n::: {.note}\nIf that didn't work disable `TRANSPARENT_HUGEPAGE`,\n`COMPACTION` configs and recompile kernel.\n:::\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "vmware", "host", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.vmware.host.extraConfig": {"declarations": ["nixos/modules/virtualisation/vmware-host.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Add extra config to /etc/vmware/config", "example": {"_type": "literalExpression", "text": "''\n  # Allow unsupported device's OpenGL and Vulkan acceleration for guest vGPU\n  mks.gl.allowUnsupportedDrivers = \"TRUE\"\n  mks.vk.allowUnsupportedDevices = \"TRUE\"\n''"}, "loc": ["virtualisation", "vmware", "host", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.vmware.host.extraPackages": {"declarations": ["nixos/modules/virtualisation/vmware-host.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to be used with VMware host.", "example": {"_type": "literalExpression", "text": "\"with pkgs; [ ntfs3g ]\""}, "loc": ["virtualisation", "vmware", "host", "extraPackages"], "readOnly": false, "type": "list of package"}, "virtualisation.vmware.host.package": {"declarations": ["nixos/modules/virtualisation/vmware-host.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vmware-workstation"}, "description": "The vmware-workstation package to use.", "loc": ["virtualisation", "vmware", "host", "package"], "readOnly": false, "type": "package"}, "virtualisation.vswitch.enable": {"declarations": ["nixos/modules/virtualisation/openvswitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Open vSwitch. A configuration daemon (ovs-server)\nwill be started.\n", "loc": ["virtualisation", "vswitch", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.vswitch.package": {"declarations": ["nixos/modules/virtualisation/openvswitch.nix"], "default": {"_type": "literalExpression", "text": "pkgs.openvswitch"}, "description": "The openvswitch package to use.", "loc": ["virtualisation", "vswitch", "package"], "readOnly": false, "type": "package"}, "virtualisation.vswitch.resetOnStart": {"declarations": ["nixos/modules/virtualisation/openvswitch.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to reset the Open vSwitch configuration database to a default\nconfiguration on every start of the systemd `ovsdb.service`.\n", "loc": ["virtualisation", "vswitch", "resetOnStart"], "readOnly": false, "type": "boolean"}, "virtualisation.waydroid.enable": {"declarations": ["nixos/modules/virtualisation/waydroid.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Waydroid.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "waydroid", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.waydroid.package": {"declarations": ["nixos/modules/virtualisation/waydroid.nix"], "default": {"_type": "literalExpression", "text": "if config.networking.nftables.enable then pkgs.waydroid-nftables else pkgs.waydroid"}, "description": "The waydroid package to use.", "loc": ["virtualisation", "waydroid", "package"], "readOnly": false, "type": "package"}, "virtualisation.xen.boot.bios.path": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "${config.virtualisation.xen.package.boot}/${config.virtualisation.xen.package.multiboot}"}, "description": "Path to the Xen `multiboot` binary used for BIOS booting.\nUnless you're building your own Xen derivation, you should leave this\noption as the default value.\n", "example": {"_type": "literalExpression", "text": "${config.virtualisation.xen.package}/boot/xen-${config.virtualisation.xen.package.upstreamVersion}"}, "loc": ["virtualisation", "xen", "boot", "bios", "path"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.boot.builderVerbosity": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "The boot entry builder script should be called with exactly one of the following arguments in order to specify its verbosity:\n\n- `quiet` supresses all messages.\n\n- `default` adds a simple \"Installing Xen Project Hypervisor boot entries...done.\" message to the script.\n\n- `info` is the same as `default`, but it also prints a diff with information on which generations were altered.\n  - This option adds two extra dependencies to the script: `diffutils` and `bat`.\n\n- `debug` prints information messages for every single step of the script.\n\nThis option does not alter the actual functionality of the script, just the number of messages printed when rebuilding the system.\n", "example": {"_type": "literalExpression", "text": "\"info\""}, "loc": ["virtualisation", "xen", "boot", "builderVerbosity"], "readOnly": false, "type": "one of \"default\", \"info\", \"debug\", \"quiet\""}, "virtualisation.xen.boot.efi.path": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "${config.virtualisation.xen.package.boot}/${config.virtualisation.xen.package.efi}"}, "description": "Path to xen.efi. `pkgs.xen` is patched to install the xen.efi file\non `$boot/boot/xen.efi`, but an unpatched Xen build may install it\nsomewhere else, such as `$out/boot/efi/efi/nixos/xen.efi`. Unless\nyou're building your own Xen derivation, you should leave this\noption as the default value.\n", "example": {"_type": "literalExpression", "text": "${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-${config.virtualisation.xen.package.upstreamVersion}.efi"}, "loc": ["virtualisation", "xen", "boot", "efi", "path"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.boot.params": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Xen Command Line parameters passed to Domain 0 at boot time.\n\n::: {.note}\nNote: these are different from {option}`boot.kernelParams`. See\nthe [Xen documentation](https://xenbits.xenproject.org/docs/unstable/misc/xen-command-line.html) for more information.\n:::\n", "example": {"_type": "literalExpression", "text": "[\n  \"iommu=force:true,qinval:true,debug:true\"\n  \"noreboot=true\"\n  \"vga=ask\"\n]\n"}, "loc": ["virtualisation", "xen", "boot", "params"], "readOnly": false, "type": "list of string"}, "virtualisation.xen.debug": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "xen", "debug"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.dom0Resources.maxMemory": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "config.virtualisation.xen.dom0Resources.memory"}, "description": "Maximum amount of memory (in MiB) that Domain 0 can\ndynamically allocate to itself. Does nothing if set\nto the same amount as virtualisation.xen.memory, or\nif that option is set to 0.\n", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["virtualisation", "xen", "dom0Resources", "maxMemory"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.xen.dom0Resources.maxVCPUs": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Amount of virtual CPU cores allocated to Domain 0 on boot.\nIf set to 0, all cores are assigned to Domain 0, and\nunprivileged domains will compete with Domain 0 for CPU time.\n", "example": {"_type": "literalExpression", "text": "4"}, "loc": ["virtualisation", "xen", "dom0Resources", "maxVCPUs"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.xen.dom0Resources.memory": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Amount of memory (in MiB) allocated to Domain 0 on boot.\nIf set to 0, all memory is assigned to Domain 0, and\nunprivileged domains will compete with Domain 0 for free RAM.\n", "example": {"_type": "literalExpression", "text": "512"}, "loc": ["virtualisation", "xen", "dom0Resources", "memory"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.xen.domains.extraConfig": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Options defined here will override the defaults for xendomains.\nThe default options can be seen in the file included from\n/etc/default/xendomains.\n", "example": {"_type": "literalExpression", "text": "XENDOMAINS_SAVE=/persist/xen/save\nXENDOMAINS_RESTORE=false\nXENDOMAINS_CREATE_USLEEP=10000000\n"}, "loc": ["virtualisation", "xen", "domains", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "virtualisation.xen.enable": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "xen", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.package": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xen"}, "description": "The Xen Hypervisor package to use.", "loc": ["virtualisation", "xen", "package"], "readOnly": false, "type": "package"}, "virtualisation.xen.qemu.package": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "pkgs.qemu_xen"}, "description": "The QEMU (with Xen Hypervisor support) package to use.", "loc": ["virtualisation", "xen", "qemu", "package"], "readOnly": false, "type": "package"}, "virtualisation.xen.qemu.pidFile": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "\"/run/xen/qemu-dom0.pid\""}, "description": "Path to the QEMU PID file.", "example": {"_type": "literalExpression", "text": "\"/var/run/xen/qemu-dom0.pid\""}, "loc": ["virtualisation", "xen", "qemu", "pidFile"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.store.path": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "${config.virtualisation.xen.package}/bin/oxenstored"}, "description": "Path to the Xen Store Daemon. This option is useful to\nswitch between the legacy C-based Xen Store Daemon, and\nthe newer OCaml-based Xen Store Daemon, `oxenstored`.\n", "example": {"_type": "literalExpression", "text": "${config.virtualisation.xen.package}/bin/xenstored"}, "loc": ["virtualisation", "xen", "store", "path"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.store.settings": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The OCaml-based Xen Store Daemon configuration. This\noption does nothing with the C-based `xenstored`.\n", "example": {"_type": "literalExpression", "text": "{\n  conflict = {\n    burstLimit = 15.0;\n    maxHistorySeconds = 0.12;\n  };\n  enableMerge = false;\n  quota = {\n    enable = true;\n    maxWatchEvents = 2048;\n  };\n  xenstored = {\n    log = {\n      file = \"/dev/null\";\n      level = \"info\";\n    };\n  };\n}"}, "loc": ["virtualisation", "xen", "store", "settings"], "readOnly": false, "type": "submodule"}, "virtualisation.xen.store.settings.conflict.burstLimit": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "5.0"}, "description": "Limits applied to domains whose writes cause other domains' transaction\ncommits to fail. Must include decimal point.\n\nThe burst limit is the number of conflicts a domain can cause to\nfail in a short period; this value is used for both the initial and\nthe maximum value of each domain's conflict-credit, which falls by\none point for each conflict caused, and when it reaches zero the\ndomain's requests are ignored.\n", "example": {"_type": "literalExpression", "text": "15.0"}, "loc": ["virtualisation", "xen", "store", "settings", "conflict", "burstLimit"], "readOnly": false, "type": "nonnegative floating point number, meaning >=0"}, "virtualisation.xen.store.settings.conflict.maxHistorySeconds": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "0.05"}, "description": "Limits applied to domains whose writes cause other domains' transaction\ncommits to fail. Must include decimal point.\n\nThe conflict-credit is replenished over time:\none point is issued after each conflict.maxHistorySeconds, so this\nis the minimum pause-time during which a domain will be ignored.\n", "example": {"_type": "literalExpression", "text": "1.0"}, "loc": ["virtualisation", "xen", "store", "settings", "conflict", "maxHistorySeconds"], "readOnly": false, "type": "nonnegative floating point number, meaning >=0"}, "virtualisation.xen.store.settings.conflict.rateLimitIsAggregate": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If the conflict.rateLimitIsAggregate option is `true`, then after each\ntick one point of conflict-credit is given to just one domain: the\none at the front of the queue. If `false`, then after each tick each\ndomain gets a point of conflict-credit.\n\nIn environments where it is known that every transaction will\ninvolve a set of nodes that is writable by at most one other domain,\nthen it is safe to set this aggregate limit flag to `false` for better\nperformance. (This can be determined by considering the layout of\nthe xenstore tree and permissions, together with the content of the\ntransactions that require protection.)\n\nA transaction which involves a set of nodes which can be modified by\nmultiple other domains can suffer conflicts caused by any of those\ndomains, so the flag must be set to `true`.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["virtualisation", "xen", "store", "settings", "conflict", "rateLimitIsAggregate"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.store.settings.enableMerge": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable transaction merge support.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["virtualisation", "xen", "store", "settings", "enableMerge"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.store.settings.perms.enable": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the node permission system.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["virtualisation", "xen", "store", "settings", "perms", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.store.settings.perms.enableWatch": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the watch permission system.\n\nWhen this is set to `true`, unprivileged guests can only get watch events\nfor xenstore entries that they would've been able to read.\n\nWhen this is set to `false`, unprivileged guests may get watch events\nfor xenstore entries that they cannot read. The watch event contains\nonly the entry name, not the value.\nThis restores behaviour prior to [XSA-115](https://xenbits.xenproject.org/xsa/advisory-115.html).\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["virtualisation", "xen", "store", "settings", "perms", "enableWatch"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.store.settings.persistent": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to activate the filed base backend.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "xen", "store", "settings", "persistent"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.store.settings.pidFile": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "\"/run/xen/xenstored.pid\""}, "description": "Path to the Xen Store Daemon PID file.", "example": {"_type": "literalExpression", "text": "\"/var/run/xen/xenstored.pid\""}, "loc": ["virtualisation", "xen", "store", "settings", "pidFile"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.store.settings.quota.enable": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the quota system.", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.xen.store.settings.quota.maxEntity": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Entity limit for transactions.", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxEntity"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.maxOutstanding": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Maximum outstanding requests, i.e. in-flight requests / domain.", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxOutstanding"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.maxPath": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Path limit for the quota system.", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxPath"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.maxRequests": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Maximum number of requests per transaction.", "example": {"_type": "literalExpression", "text": "1024"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxRequests"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.maxSize": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "2048"}, "description": "Size limit for transactions.", "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxSize"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.maxWatch": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": "Maximum number of watches by the Xenstore Watchdog.", "example": {"_type": "literalExpression", "text": "256"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxWatch"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.maxWatchEvents": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "Maximum number of outstanding watch events per watch.", "example": {"_type": "literalExpression", "text": "2048"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "maxWatchEvents"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.quota.transaction": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": "Maximum number of transactions.", "example": {"_type": "literalExpression", "text": "50"}, "loc": ["virtualisation", "xen", "store", "settings", "quota", "transaction"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.xen.store.settings.ringScanInterval": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": "Perodic scanning for all the rings as a safenet for lazy clients.\nDefine the interval in seconds; set to a negative integer to disable.\n", "example": {"_type": "literalExpression", "text": "30"}, "loc": ["virtualisation", "xen", "store", "settings", "ringScanInterval"], "readOnly": false, "type": "nonzero signed integer, meaning !=0"}, "virtualisation.xen.store.settings.xenstored.accessLog.file": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/xen/xenstored-access.log\""}, "description": "Path to the Xen Store access log file.", "example": {"_type": "literalExpression", "text": "\"/var/log/security/xenstored-access.log\""}, "loc": ["virtualisation", "xen", "store", "settings", "xenstored", "accessLog", "file"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.store.settings.xenstored.log.file": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "\"/var/log/xen/xenstored.log\""}, "description": "Path to the Xen Store log file.", "example": {"_type": "literalExpression", "text": "\"/dev/null\""}, "loc": ["virtualisation", "xen", "store", "settings", "xenstored", "log", "file"], "readOnly": false, "type": "absolute path"}, "virtualisation.xen.store.settings.xenstored.log.level": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "if (config.virtualisation.xen.trace == true) then \"debug\" else null"}, "description": "Logging level for the Xen Store.", "example": {"_type": "literalExpression", "text": "\"error\""}, "loc": ["virtualisation", "xen", "store", "settings", "xenstored", "log", "level"], "readOnly": false, "type": "null or one of \"debug\", \"info\", \"warn\", \"error\""}, "virtualisation.xen.trace": {"declarations": ["nixos/modules/virtualisation/xen-dom0.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Xen debug tracing and logging for Domain 0.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "xen", "trace"], "readOnly": false, "type": "boolean"}, "xdg.autostart.enable": {"declarations": ["nixos/modules/config/xdg/autostart.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install files to support the\n[XDG Autostart specification](https://specifications.freedesktop.org/autostart-spec/latest).\n", "loc": ["xdg", "autostart", "enable"], "readOnly": false, "type": "boolean"}, "xdg.icons.enable": {"declarations": ["nixos/modules/config/xdg/icons.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install files to support the\n[XDG Icon Theme specification](https://specifications.freedesktop.org/icon-theme-spec/latest).\n", "loc": ["xdg", "icons", "enable"], "readOnly": false, "type": "boolean"}, "xdg.icons.fallbackCursorThemes": {"declarations": ["nixos/modules/config/xdg/icons.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Names of the fallback cursor themes, in order of preference, to be used when no other icon source can be found.\nSet to `[]` to disable the fallback entirely.\n", "loc": ["xdg", "icons", "fallbackCursorThemes"], "readOnly": false, "type": "list of string"}, "xdg.menus.enable": {"declarations": ["nixos/modules/config/xdg/menus.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install files to support the\n[XDG Desktop Menu specification](https://specifications.freedesktop.org/menu-spec/latest).\n", "loc": ["xdg", "menus", "enable"], "readOnly": false, "type": "boolean"}, "xdg.mime.addedAssociations": {"declarations": ["nixos/modules/config/xdg/mime.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Adds associations between mimetypes and applications. See the\n[specifications](https://specifications.freedesktop.org/mime-apps-spec/latest/associations) for more information.\nGlobs in all variations are supported.\n", "example": {"_type": "literalExpression", "text": "{\n  \"application/pdf\" = \"firefox.desktop\";\n  \"text/*\" = [\n    \"nvim.desktop\"\n    \"codium.desktop\"\n  ];\n}"}, "loc": ["xdg", "mime", "addedAssociations"], "readOnly": false, "type": "attribute set of (string or ((list of string) or string) convertible to it)"}, "xdg.mime.defaultApplications": {"declarations": ["nixos/modules/config/xdg/mime.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Sets the default applications for given mimetypes. See the\n[specifications](https://specifications.freedesktop.org/mime-apps-spec/latest/default) for more information.\nGlobs in all variations are supported.\n", "example": {"_type": "literalExpression", "text": "{\n  \"application/pdf\" = \"firefox.desktop\";\n  \"image/*\" = [\n    \"sxiv.desktop\"\n    \"gimp.desktop\"\n  ];\n}"}, "loc": ["xdg", "mime", "defaultApplications"], "readOnly": false, "type": "attribute set of (string or ((list of string) or string) convertible to it)"}, "xdg.mime.enable": {"declarations": ["nixos/modules/config/xdg/mime.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install files to support the\n[XDG Shared MIME-info specification](https://specifications.freedesktop.org/shared-mime-info-spec/latest) and the\n[XDG MIME Applications specification](https://specifications.freedesktop.org/mime-apps-spec/latest).\n", "loc": ["xdg", "mime", "enable"], "readOnly": false, "type": "boolean"}, "xdg.mime.removedAssociations": {"declarations": ["nixos/modules/config/xdg/mime.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Removes associations between mimetypes and applications. See the\n[specifications](https://specifications.freedesktop.org/mime-apps-spec/latest/associations) for more information.\nGlobs in all variations are supported.\n", "example": {"_type": "literalExpression", "text": "{\n  \"audio/*\" = [\n    \"mpv.desktop\"\n    \"umpv.desktop\"\n  ];\n  \"inode/directory\" = \"codium.desktop\";\n}"}, "loc": ["xdg", "mime", "removedAssociations"], "readOnly": false, "type": "attribute set of (string or ((list of string) or string) convertible to it)"}, "xdg.portal.config": {"declarations": ["nixos/modules/config/xdg/portal.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Sets which portal backend should be used to provide the implementation\nfor the requested interface. For details check {manpage}`portals.conf(5)`.\n\nConfigs will be linked to {file}`/etc/xdg/xdg-desktop-portal/` with the name {file}`$desktop-portals.conf`\nfor {file}`xdg.portal.config.$desktop` and {file}`portals.conf` for {file}`xdg.portal.config.common`\nas an exception.\n", "example": {"_type": "literalExpression", "text": "{\n  common = {\n    default = [\n      \"gtk\"\n    ];\n  };\n  pantheon = {\n    default = [\n      \"pantheon\"\n      \"gtk\"\n    ];\n    \"org.freedesktop.impl.portal.Secret\" = [\n      \"gnome-keyring\"\n    ];\n  };\n  x-cinnamon = {\n    default = [\n      \"xapp\"\n      \"gtk\"\n    ];\n  };\n}"}, "loc": ["xdg", "portal", "config"], "readOnly": false, "type": "attribute set of attribute set of (string or ((list of string) or string) convertible to it)"}, "xdg.portal.configPackages": {"declarations": ["nixos/modules/config/xdg/portal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of packages that provide XDG desktop portal configuration, usually in\nthe form of {file}`share/xdg-desktop-portal/$desktop-portals.conf`.\n\nNote that configs in `xdg.portal.config` will be preferred if set.\n", "example": {"_type": "literalExpression", "text": "[ pkgs.gnome-session ]"}, "loc": ["xdg", "portal", "configPackages"], "readOnly": false, "type": "list of package"}, "xdg.portal.enable": {"declarations": ["nixos/modules/config/xdg/portal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable [xdg desktop integration](https://github.com/flatpak/xdg-desktop-portal).", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["xdg", "portal", "enable"], "readOnly": false, "type": "boolean"}, "xdg.portal.extraPortals": {"declarations": ["nixos/modules/config/xdg/portal.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional portals to add to path. Portals allow interaction\nwith system, like choosing files or taking screenshots. At minimum,\na desktop portal implementation should be listed. GNOME and KDE already\nadds `xdg-desktop-portal-gtk`; and\n`xdg-desktop-portal-kde` respectively. On other desktop\nenvironments you probably want to add them yourself.\n", "loc": ["xdg", "portal", "extraPortals"], "readOnly": false, "type": "list of package"}, "xdg.portal.lxqt.enable": {"declarations": ["nixos/modules/config/xdg/portals/lxqt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the desktop portal for the LXQt desktop environment.\n\nThis will add the `lxqt.xdg-desktop-portal-lxqt`\npackage (with the extra Qt styles) into the\n{option}`xdg.portal.extraPortals` option\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["xdg", "portal", "lxqt", "enable"], "readOnly": false, "type": "boolean"}, "xdg.portal.lxqt.styles": {"declarations": ["nixos/modules/config/xdg/portals/lxqt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra Qt styles that will be available to the\n`lxqt.xdg-desktop-portal-lxqt`.\n", "example": {"_type": "literalExpression", "text": "[\n  pkgs.libsForQt5.qtstyleplugin-kvantum\n  pkgs.breeze-qt5\n  pkgs.qtcurve\n];\n"}, "loc": ["xdg", "portal", "lxqt", "styles"], "readOnly": false, "type": "list of package"}, "xdg.portal.wlr.enable": {"declarations": ["nixos/modules/config/xdg/portals/wlr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable desktop portal for wlroots-based desktops.\n\nThis will add the `xdg-desktop-portal-wlr` package into\nthe {option}`xdg.portal.extraPortals` option, and provide the\nconfiguration file\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["xdg", "portal", "wlr", "enable"], "readOnly": false, "type": "boolean"}, "xdg.portal.wlr.settings": {"declarations": ["nixos/modules/config/xdg/portals/wlr.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `xdg-desktop-portal-wlr`.\n\nSee {manpage}`xdg-desktop-portal-wlr(5)` for supported\nvalues.\n", "example": {"_type": "literalExpression", "text": "{\n  screencast = {\n    output_name = \"HDMI-A-1\";\n    max_fps = 30;\n    exec_before = \"disable_notifications.sh\";\n    exec_after = \"enable_notifications.sh\";\n    chooser_type = \"simple\";\n    chooser_cmd = \"${pkgs.slurp}/bin/slurp -f 'Monitor: %o' -or\";\n  };\n}\n"}, "loc": ["xdg", "portal", "wlr", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "xdg.portal.xdgOpenUsePortal": {"declarations": ["nixos/modules/config/xdg/portal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Sets environment variable `NIXOS_XDG_OPEN_USE_PORTAL` to `1`\nThis will make `xdg-open` use the portal to open programs, which resolves bugs involving\nprograms opening inside FHS envs or with unexpected env vars set from wrappers.\nSee [#160923](https://github.com/NixOS/nixpkgs/issues/160923) for more info.\n", "loc": ["xdg", "portal", "xdgOpenUsePortal"], "readOnly": false, "type": "boolean"}, "xdg.sounds.enable": {"declarations": ["nixos/modules/config/xdg/sounds.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to install files to support the\n[XDG Sound Theme specification](https://www.freedesktop.org/wiki/Specifications/sound-theme-spec/).\n", "loc": ["xdg", "sounds", "enable"], "readOnly": false, "type": "boolean"}, "xdg.terminal-exec.enable": {"declarations": ["nixos/modules/config/xdg/terminal-exec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable xdg-terminal-exec, the [proposed](https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_requests/46) Default Terminal Execution Specification.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["xdg", "terminal-exec", "enable"], "readOnly": false, "type": "boolean"}, "xdg.terminal-exec.package": {"declarations": ["nixos/modules/config/xdg/terminal-exec.nix"], "default": {"_type": "literalExpression", "text": "pkgs.xdg-terminal-exec"}, "description": "The xdg-terminal-exec package to use.", "loc": ["xdg", "terminal-exec", "package"], "readOnly": false, "type": "package"}, "xdg.terminal-exec.settings": {"declarations": ["nixos/modules/config/xdg/terminal-exec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for the Default Terminal Execution Specification.\n\nThe keys are the desktop environments that are matched (case-insensitively) against `$XDG_CURRENT_DESKTOP`,\nor `default` which is used when the current desktop environment is not found in the configuration.\nThe values are a list of terminals' [desktop file IDs](https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s02.html#desktop-file-id) to try in order of decreasing priority.\n", "example": {"_type": "literalExpression", "text": "{\n  GNOME = [\n    \"com.raggesilver.BlackBox.desktop\"\n    \"org.gnome.Terminal.desktop\"\n  ];\n  default = [\n    \"kitty.desktop\"\n  ];\n}"}, "loc": ["xdg", "terminal-exec", "settings"], "readOnly": false, "type": "attribute set of list of string"}, "zramSwap.algorithm": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "\"zstd\""}, "description": "Compression algorithm. `lzo` has good compression,\nbut is slow. `lz4` has bad compression, but is fast.\n`zstd` is both good compression and fast, but requires newer kernel.\nYou can check what other algorithms are supported by your zram device with\n{command}`cat /sys/class/block/zram*/comp_algorithm`\n", "example": {"_type": "literalExpression", "text": "\"lz4\""}, "loc": ["zramSwap", "algorithm"], "readOnly": false, "type": "one of \"842\", \"lzo\", \"lzo-rle\", \"lz4\", \"lz4hc\", \"zstd\" or string"}, "zramSwap.enable": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable in-memory compressed devices and swap space provided by the zram\nkernel module.\nSee [\n  https://www.kernel.org/doc/Documentation/blockdev/zram.txt\n](https://www.kernel.org/doc/Documentation/blockdev/zram.txt).\n", "loc": ["zramSwap", "enable"], "readOnly": false, "type": "boolean"}, "zramSwap.memoryMax": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Maximum total amount of memory (in bytes) that can be stored in the zram\nswap devices. If set, the smaller one of this option and memoryPercent would\nbe used.\nThis doesn't define how much memory will be used by the zram swap devices.\n", "loc": ["zramSwap", "memoryMax"], "readOnly": false, "type": "null or signed integer"}, "zramSwap.memoryPercent": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "50"}, "description": "Maximum total amount of memory that can be stored in the zram swap devices\n(as a percentage of your total memory). Defaults to 1/2 of your total\nRAM. Run `zramctl` to check how good memory is compressed.\nThis doesn't define how much memory will be used by the zram swap devices.\n", "loc": ["zramSwap", "memoryPercent"], "readOnly": false, "type": "positive integer, meaning >0"}, "zramSwap.priority": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Priority of the zram swap devices. It should be a number higher than\nthe priority of your disk-based swap devices (so that the system will\nfill the zram swap devices before falling back to disk swap).\n", "loc": ["zramSwap", "priority"], "readOnly": false, "type": "signed integer"}, "zramSwap.swapDevices": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of zram devices to be used as swap, recommended is 1.\n", "loc": ["zramSwap", "swapDevices"], "readOnly": false, "type": "signed integer"}, "zramSwap.writebackDevice": {"declarations": ["nixos/modules/config/zram.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Write incompressible pages to this device,\nas there's no gain from keeping them in RAM.\n", "example": {"_type": "literalExpression", "text": "\"/dev/zvol/tarta-zoot/swap-writeback\""}, "loc": ["zramSwap", "writebackDevice"], "readOnly": false, "type": "null or absolute path"}, "<imports = [ pkgs.ghostunnel.services.default ]>": {"declarations": ["nixos/modules/misc/documentation/modular-services.nix:21"], "description": "This is a [modular service](https://nixos.org/manual/nixos/unstable/#modular-services), which can be imported into a NixOS configuration using the [`system.services`](https://search.nixos.org/options?channel=unstable&show=system.services&query=modular+service) option.", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>"], "readOnly": false, "type": "submodule"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowAll": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, allow all clients, do not check client cert subject.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "allowAll"], "readOnly": false, "type": "boolean"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowCN": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if common name appears in the list.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "allowCN"], "readOnly": false, "type": "list of string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowDNS": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if DNS subject alternative name appears in the list.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "allowDNS"], "readOnly": false, "type": "list of string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowOU": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if organizational unit name appears in the list.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "allowOU"], "readOnly": false, "type": "list of string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowURI": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Allow client if URI subject alternative name appears in the list.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "allowURI"], "readOnly": false, "type": "list of string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "description": "Path to CA bundle file (PEM/X509). Uses system trust store if `null`.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "cacert"], "readOnly": false, "type": "null or string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cert": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to certificate (PEM with certificate chain).\n\nNot required if `keystore` is set.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "cert"], "readOnly": false, "type": "null or string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable client authentication, no client certificate will be required.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "disableAuthentication"], "readOnly": false, "type": "boolean"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.extraArguments": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to `ghostunnel server`", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "extraArguments"], "readOnly": false, "type": "list of string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.key": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to certificate private key (PEM with private key).\n\nNot required if `keystore` is set.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "key"], "readOnly": false, "type": "null or string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to keystore (combined PEM with cert/key, or PKCS12 keystore).\n\nNB: storepass is not supported because it would expose credentials via `/proc/*/cmdline`.\n\nSpecify this or `cert` and `key`.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "keystore"], "readOnly": false, "type": "null or string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.listen": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "description": "Address and port to listen on (can be HOST:PORT, unix:PATH).\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "listen"], "readOnly": false, "type": "string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.package": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "\"The ghostunnel package that provided this module.\""}, "description": "Package to use for ghostunnel", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "package"], "readOnly": false, "type": "package"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.target": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "description": "Address to forward connections to (can be HOST:PORT or unix:PATH).\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "target"], "readOnly": false, "type": "string"}, "<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.unsafeTarget": {"declarations": ["pkgs/by-name/gh/ghostunnel/service.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets.\n\nThis is meant to protect against accidental unencrypted traffic on\nuntrusted networks.\n", "loc": ["<imports = [ pkgs.ghostunnel.services.default ]>", "ghostunnel", "unsafeTarget"], "readOnly": false, "type": "boolean"}, "<imports = [ pkgs.php.services.default ]>": {"declarations": ["nixos/modules/misc/documentation/modular-services.nix:21"], "description": "This is a [modular service](https://nixos.org/manual/nixos/unstable/#modular-services), which can be imported into a NixOS configuration using the [`system.services`](https://search.nixos.org/options?channel=unstable&show=system.services&query=modular+service) option.", "loc": ["<imports = [ pkgs.php.services.default ]>"], "readOnly": false, "type": "submodule"}, "<imports = [ pkgs.php.services.default ]>.php-fpm.package": {"declarations": ["pkgs/development/interpreters/php/service.nix"], "default": {"_type": "literalMD", "text": "The PHP package that provided this module."}, "description": "PHP package to use for php-fpm", "example": {"_type": "literalExpression", "text": "php.buildEnv {\n  extensions =\n    { all, ... }:\n    with all;\n    [\n      imagick\n      opcache\n    ];\n  extraConfig = \"memory_limit=256M\";\n}\n"}, "loc": ["<imports = [ pkgs.php.services.default ]>", "php-fpm", "package"], "readOnly": false, "type": "package"}, "<imports = [ pkgs.php.services.default ]>.php-fpm.settings": {"declarations": ["pkgs/development/interpreters/php/service.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "PHP FPM configuration. Refer to [upstream documentation](https://www.php.net/manual/en/install.fpm.configuration.php) for details on supported values.\n", "example": {"_type": "literalExpression", "text": "{\n  log_level = \"debug\";\n  log_limit = 2048;\n\n  mypool = {\n    \"user\" = \"php\";\n    \"group\" = \"php\";\n    \"listen.owner\" = \"caddy\";\n    \"listen.group\" = \"caddy\";\n    \"pm\" = \"dynamic\";\n    \"pm.max_children\" = 75;\n    \"pm.start_servers\" = 10;\n    \"pm.min_spare_servers\" = 5;\n    \"pm.max_spare_servers\" = 20;\n    \"pm.max_requests\" = 500;\n  }\n}\n"}, "loc": ["<imports = [ pkgs.php.services.default ]>", "php-fpm", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or signed integer or boolean or (open submodule of attribute set of (string or signed integer or boolean)))"}, "<imports = [ pkgs.php.services.default ]>.php-fpm.settings.log_level": {"declarations": ["pkgs/development/interpreters/php/service.nix"], "default": {"_type": "literalExpression", "text": "\"notice\""}, "description": "Error log level.\n", "loc": ["<imports = [ pkgs.php.services.default ]>", "php-fpm", "settings", "log_level"], "readOnly": false, "type": "one of \"alert\", \"error\", \"warning\", \"notice\", \"debug\""}, "boot.enableContainers": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "config.containers != { }"}, "description": "Whether to enable support for NixOS containers.\n", "loc": ["boot", "enableContainers"], "readOnly": false, "type": "boolean"}, "boot.isContainer": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"config.boot.isNspawnContainer\""}, "description": "Whether this NixOS machine is a lightweight container running\nin another NixOS system.\n", "loc": ["boot", "isContainer"], "readOnly": false, "type": "boolean"}, "boot.isNspawnContainer": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the machine is running in an nspawn container. This\noption is added because [](#opt-boot.isContainer) is heavily used\nfor non-nspawn environments as well, hence nspawn-specific settings\nare guarded by this option.\n", "loc": ["boot", "isNspawnContainer"], "readOnly": false, "type": "boolean"}, "containers": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of NixOS system configurations to be run as lightweight\ncontainers.  Each container appears as a service\n`container-\u00abname\u00bb`\non the host system, allowing it to be started and stopped via\n{command}`systemctl`.\n", "example": {"_type": "literalExpression", "text": "{ webserver =\n    { path = \"/nix/var/nix/profiles/webserver\";\n    };\n  database =\n    { config =\n        { config, pkgs, ... }:\n        { services.postgresql.enable = true;\n          services.postgresql.package = pkgs.postgresql_14;\n\n          system.stateVersion = \"26.05\";\n        };\n    };\n}\n"}, "loc": ["containers"], "readOnly": false, "type": "attribute set of (submodule)"}, "containers.<name>.additionalCapabilities": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Grant additional capabilities to the container.  See the\n{manpage}`capabilities(7)` and {manpage}`systemd-nspawn(1)` man pages for more\ninformation.\n", "example": {"_type": "literalExpression", "text": "[\n  \"CAP_NET_ADMIN\"\n  \"CAP_MKNOD\"\n]"}, "loc": ["containers", "<name>", "additionalCapabilities"], "readOnly": false, "type": "list of string"}, "containers.<name>.allowedDevices": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of device nodes to which the containers has access to.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    modifier = \"rwm\";\n    node = \"/dev/net/tun\";\n  }\n]"}, "loc": ["containers", "<name>", "allowedDevices"], "readOnly": false, "type": "list of (submodule)"}, "containers.<name>.allowedDevices.*.modifier": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "Device node access modifier. Takes a combination\n`r` (read), `w` (write), and\n`m` (mknod). See the\n{manpage}`systemd.resource-control(5)` man page for more\ninformation.", "example": {"_type": "literalExpression", "text": "\"rw\""}, "loc": ["containers", "<name>", "allowedDevices", "*", "modifier"], "readOnly": false, "type": "string"}, "containers.<name>.allowedDevices.*.node": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "Path to device node", "example": {"_type": "literalExpression", "text": "\"/dev/net/tun\""}, "loc": ["containers", "<name>", "allowedDevices", "*", "node"], "readOnly": false, "type": "string"}, "containers.<name>.autoStart": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the container is automatically started at boot-time.\n", "loc": ["containers", "<name>", "autoStart"], "readOnly": false, "type": "boolean"}, "containers.<name>.bindMounts": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An extra list of directories that is bound to the container.\n", "example": {"_type": "literalExpression", "text": "{ \"/home\" = { hostPath = \"/home/alice\";\n              isReadOnly = false; };\n}\n"}, "loc": ["containers", "<name>", "bindMounts"], "readOnly": false, "type": "attribute set of (submodule)"}, "containers.<name>.bindMounts.<name>.hostPath": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Location of the host path to be mounted.", "example": {"_type": "literalExpression", "text": "\"/home/alice\""}, "loc": ["containers", "<name>", "bindMounts", "<name>", "hostPath"], "readOnly": false, "type": "null or string"}, "containers.<name>.bindMounts.<name>.isReadOnly": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Determine whether the mounted path will be accessed in read-only mode.", "loc": ["containers", "<name>", "bindMounts", "<name>", "isReadOnly"], "readOnly": false, "type": "boolean"}, "containers.<name>.bindMounts.<name>.mountPoint": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "Mount point on the container file system.", "example": {"_type": "literalExpression", "text": "\"/mnt/usb\""}, "loc": ["containers", "<name>", "bindMounts", "<name>", "mountPoint"], "readOnly": false, "type": "string"}, "containers.<name>.config": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "A specification of the desired configuration of this\ncontainer, as a NixOS module.\n", "loc": ["containers", "<name>", "config"], "readOnly": false, "type": "Toplevel NixOS config"}, "containers.<name>.enableTun": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allows the container to create and setup tunnel interfaces\nby granting the `NET_ADMIN` capability and\nenabling access to `/dev/net/tun`.\n", "loc": ["containers", "<name>", "enableTun"], "readOnly": false, "type": "boolean"}, "containers.<name>.ephemeral": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Runs container in ephemeral mode with the empty root filesystem at boot.\nThis way container will be bootstrapped from scratch on each boot\nand will be cleaned up on shutdown leaving no traces behind.\nUseful for completely stateless, reproducible containers.\n\nNote that this option might require to do some adjustments to the container configuration,\ne.g. you might want to set\n{var}`systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier` to \"mac\"\nif you use {var}`macvlans` option.\nThis way dhcp client identifier will be stable between the container restarts.\n\nNote that the container journal will not be linked to the host if this option is enabled.\n", "loc": ["containers", "<name>", "ephemeral"], "readOnly": false, "type": "boolean"}, "containers.<name>.extraFlags": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags passed to the systemd-nspawn command.\nSee {manpage}`systemd-nspawn(1)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--drop-capability=CAP_SYS_CHROOT\"\n]"}, "loc": ["containers", "<name>", "extraFlags"], "readOnly": false, "type": "list of string"}, "containers.<name>.extraVeths": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra veth-pairs to be created for the container.\n", "loc": ["containers", "<name>", "extraVeths"], "readOnly": false, "type": "attribute set of (submodule)"}, "containers.<name>.extraVeths.<name>.forwardPorts": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of forwarded ports from host to container. Each forwarded port\nis specified by protocol, hostPort and containerPort. By default,\nprotocol is tcp and hostPort and containerPort are assumed to be\nthe same if containerPort is not explicitly given.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    containerPort = 80;\n    hostPort = 8080;\n    protocol = \"tcp\";\n  }\n]"}, "loc": ["containers", "<name>", "extraVeths", "<name>", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Target port of container", "loc": ["containers", "<name>", "extraVeths", "<name>", "forwardPorts", "*", "containerPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "Source port of the external interface on host", "loc": ["containers", "<name>", "extraVeths", "<name>", "forwardPorts", "*", "hostPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "containers.<name>.extraVeths.<name>.forwardPorts.*.protocol": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "The protocol specifier for port forwarding between host and container", "loc": ["containers", "<name>", "extraVeths", "<name>", "forwardPorts", "*", "protocol"], "readOnly": false, "type": "string"}, "containers.<name>.extraVeths.<name>.hostAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv4 address assigned to the host interface.\n(Not used when hostBridge is set.)\n", "example": {"_type": "literalExpression", "text": "\"10.231.136.1\""}, "loc": ["containers", "<name>", "extraVeths", "<name>", "hostAddress"], "readOnly": false, "type": "null or string"}, "containers.<name>.extraVeths.<name>.hostAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv6 address assigned to the host interface.\n(Not used when hostBridge is set.)\n", "example": {"_type": "literalExpression", "text": "\"fc00::1\""}, "loc": ["containers", "<name>", "extraVeths", "<name>", "hostAddress6"], "readOnly": false, "type": "null or string"}, "containers.<name>.extraVeths.<name>.hostBridge": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Put the host-side of the veth-pair into the named bridge.\nOnly one of hostAddress* or hostBridge can be given.\n", "example": {"_type": "literalExpression", "text": "\"br0\""}, "loc": ["containers", "<name>", "extraVeths", "<name>", "hostBridge"], "readOnly": false, "type": "null or string"}, "containers.<name>.extraVeths.<name>.localAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv4 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /32 and routing is\nset up from localAddress to hostAddress and back.\n", "example": {"_type": "literalExpression", "text": "\"10.231.136.2\""}, "loc": ["containers", "<name>", "extraVeths", "<name>", "localAddress"], "readOnly": false, "type": "null or string"}, "containers.<name>.extraVeths.<name>.localAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv6 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /128 and routing is\nset up from localAddress6 to hostAddress6 and back.\n", "example": {"_type": "literalExpression", "text": "\"fc00::2\""}, "loc": ["containers", "<name>", "extraVeths", "<name>", "localAddress6"], "readOnly": false, "type": "null or string"}, "containers.<name>.flake": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Flake URI of the NixOS configuration to use for the container.\nReplaces the option {option}`containers.<name>.path`.\n", "example": {"_type": "literalExpression", "text": "\"github:NixOS/nixpkgs/master\""}, "loc": ["containers", "<name>", "flake"], "readOnly": false, "type": "null or string"}, "containers.<name>.forwardPorts": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of forwarded ports from host to container. Each forwarded port\nis specified by protocol, hostPort and containerPort. By default,\nprotocol is tcp and hostPort and containerPort are assumed to be\nthe same if containerPort is not explicitly given.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    containerPort = 80;\n    hostPort = 8080;\n    protocol = \"tcp\";\n  }\n]"}, "loc": ["containers", "<name>", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "containers.<name>.forwardPorts.*.containerPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Target port of container", "loc": ["containers", "<name>", "forwardPorts", "*", "containerPort"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "containers.<name>.forwardPorts.*.hostPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "Source port of the external interface on host", "loc": ["containers", "<name>", "forwardPorts", "*", "hostPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "containers.<name>.forwardPorts.*.protocol": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "The protocol specifier for port forwarding between host and container", "loc": ["containers", "<name>", "forwardPorts", "*", "protocol"], "readOnly": false, "type": "string"}, "containers.<name>.hostAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv4 address assigned to the host interface.\n(Not used when hostBridge is set.)\n", "example": {"_type": "literalExpression", "text": "\"10.231.136.1\""}, "loc": ["containers", "<name>", "hostAddress"], "readOnly": false, "type": "null or string"}, "containers.<name>.hostAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv6 address assigned to the host interface.\n(Not used when hostBridge is set.)\n", "example": {"_type": "literalExpression", "text": "\"fc00::1\""}, "loc": ["containers", "<name>", "hostAddress6"], "readOnly": false, "type": "null or string"}, "containers.<name>.hostBridge": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Put the host-side of the veth-pair into the named bridge.\nOnly one of hostAddress* or hostBridge can be given.\n", "example": {"_type": "literalExpression", "text": "\"br0\""}, "loc": ["containers", "<name>", "hostBridge"], "readOnly": false, "type": "null or string"}, "containers.<name>.interfaces": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of interfaces to be moved into the container.\n", "example": {"_type": "literalExpression", "text": "[\n  \"eth1\"\n  \"eth2\"\n]"}, "loc": ["containers", "<name>", "interfaces"], "readOnly": false, "type": "list of string"}, "containers.<name>.localAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv4 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /32 and routing is\nset up from localAddress to hostAddress and back.\n", "example": {"_type": "literalExpression", "text": "\"10.231.136.2\""}, "loc": ["containers", "<name>", "localAddress"], "readOnly": false, "type": "null or string"}, "containers.<name>.localAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The IPv6 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /128 and routing is\nset up from localAddress6 to hostAddress6 and back.\n", "example": {"_type": "literalExpression", "text": "\"fc00::2\""}, "loc": ["containers", "<name>", "localAddress6"], "readOnly": false, "type": "null or string"}, "containers.<name>.macvlans": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The list of host interfaces from which macvlans will be\ncreated. For each interface specified, a macvlan interface\nwill be created and moved to the container.\n", "example": {"_type": "literalExpression", "text": "[\n  \"eth1\"\n  \"eth2\"\n]"}, "loc": ["containers", "<name>", "macvlans"], "readOnly": false, "type": "list of string"}, "containers.<name>.networkNamespace": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Takes the path to a file representing a kernel network namespace that the container\nshall run in. The specified path should refer to a (possibly bind-mounted) network\nnamespace file, as exposed by the kernel below /proc/<PID>/ns/net. This makes the\ncontainer enter the given network namespace. One of the typical use cases is to give\na network namespace under /run/netns created by {manpage}`ip-netns(8)`.\nNote that this option cannot be used together with other network-related options,\nsuch as --private-network or --network-interface=.\n", "loc": ["containers", "<name>", "networkNamespace"], "readOnly": false, "type": "null or absolute path"}, "containers.<name>.nixpkgs": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "pkgs.path"}, "description": "A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container.\n\nTo only change the `pkgs` argument used inside the container modules,\nset the `nixpkgs.*` options in the container {option}`config`.\nSetting `config.nixpkgs.pkgs = pkgs` speeds up the container evaluation\nby reusing the system pkgs, but the `nixpkgs.config` option in the\ncontainer config is ignored in this case.\n", "loc": ["containers", "<name>", "nixpkgs"], "readOnly": false, "type": "absolute path"}, "containers.<name>.path": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": "As an alternative to specifying\n{option}`config`, you can specify the path to\nthe evaluated NixOS system configuration, typically a\nsymlink to a system profile.\n", "example": {"_type": "literalExpression", "text": "\"/nix/var/nix/profiles/per-container/webserver\""}, "loc": ["containers", "<name>", "path"], "readOnly": false, "type": "absolute path"}, "containers.<name>.privateNetwork": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to give the container its own private virtual\nEthernet interface.  The interface is called\n`eth0`, and is hooked up to the interface\n`ve-\u00abcontainer-name\u00bb`\non the host.  If this option is not set, then the\ncontainer shares the network interfaces of the host,\nand can bind to any port on any interface.\n", "loc": ["containers", "<name>", "privateNetwork"], "readOnly": false, "type": "boolean"}, "containers.<name>.privateUsers": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"no\""}, "description": "Whether to give the container its own private UIDs/GIDs space (user namespacing).\nDisabled by default (`no`).\n\nIf set to a number (usually above host's UID/GID range: 65536),\nuser namespacing is enabled and the container UID/GIDs will start at that number.\n\nIf set to `identity`, mostly equivalent to `0`, this will only provide\nprocess capability isolation (no UID/GID isolation, as they are the same as host).\n\nIf set to `pick`, user namespacing is enabled and the UID/GID range is automatically chosen,\nso that no overlapping UID/GID ranges are assigned to multiple containers.\nThis is the recommanded option as it enhances container security massively and operates fully automatically in most cases.\n\nSee <https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#--private-users=> for details.\n", "loc": ["containers", "<name>", "privateUsers"], "readOnly": false, "type": "32 bit unsigned integer; between 0 and 4294967295 (both inclusive) or one of \"no\", \"identity\", \"pick\""}, "containers.<name>.restartIfChanged": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the container should be restarted during a NixOS\nconfiguration switch if its definition has changed.\n", "loc": ["containers", "<name>", "restartIfChanged"], "readOnly": false, "type": "boolean"}, "containers.<name>.specialArgs": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "A set of special arguments to be passed to NixOS modules.\nThis will be merged into the `specialArgs` used to evaluate\nthe NixOS configurations.\n", "loc": ["containers", "<name>", "specialArgs"], "readOnly": false, "type": "attribute set of unspecified value"}, "containers.<name>.timeoutStartSec": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"1min\""}, "description": "Time for the container to start. In case of a timeout,\nthe container processes get killed.\nSee {manpage}`systemd.time(7)`\nfor more information about the format.\n", "loc": ["containers", "<name>", "timeoutStartSec"], "readOnly": false, "type": "string"}, "containers.<name>.tmpfs": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mounts a set of tmpfs file systems into the container.\nMultiple paths can be specified.\nValid items must conform to the --tmpfs argument\nof systemd-nspawn. See {manpage}`systemd-nspawn(1)` for details.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/var\"\n]"}, "loc": ["containers", "<name>", "tmpfs"], "readOnly": false, "type": "list of string"}, "environment.checkConfigurationOptions": {"declarations": ["nixos/modules/rename.nix"], "description": "Alias of {option}`_module.check`.", "loc": ["environment", "checkConfigurationOptions"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.ibus.engines": {"declarations": ["nixos/modules/i18n/input-method/ibus.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Enabled IBus engines. Available engines are: `anthy`, `bamboo`, `cangjie`, `chewing`, `hangul`, `libpinyin`, `libthai`, `m17n`, `mozc`, `mozc-ut`, `openbangla-keyboard`, `pinyin`, `rime`, `table`, `table-chinese`, `table-others`, `typing-booster`, `typing-booster-unwrapped`, `uniemoji`.", "example": {"_type": "literalExpression", "text": "with pkgs.ibus-engines; [ mozc hangul ]"}, "loc": ["i18n", "inputMethod", "ibus", "engines"], "readOnly": false, "type": "list of ibus-engine"}, "i18n.inputMethod.ibus.panel": {"declarations": ["nixos/modules/i18n/input-method/ibus.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Replace the IBus panel with another panel.", "example": {"_type": "literalExpression", "text": "\"${pkgs.kdePackages.plasma-desktop}/libexec/kimpanel-ibus-panel\""}, "loc": ["i18n", "inputMethod", "ibus", "panel"], "readOnly": false, "type": "null or absolute path"}, "i18n.inputMethod.ibus.waylandFrontend": {"declarations": ["nixos/modules/i18n/input-method/ibus.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use the Wayland input method frontend.\nThis doesn't set `GTK_IM_MODULE` and `QT_IM_MODULE` environment variables.\nSee [Using Fcitx 5 on Wayland](https://fcitx-im.org/wiki/Using_Fcitx_5_on_Wayland#GTK_IM_MODULE).\n", "loc": ["i18n", "inputMethod", "ibus", "waylandFrontend"], "readOnly": false, "type": "boolean"}, "i18n.inputMethod.kime.daemonModules": {"declarations": ["nixos/modules/i18n/input-method/kime.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"Xim\"\n  \"Wayland\"\n  \"Indicator\"\n]"}, "description": "List of enabled daemon modules\n", "example": {"_type": "literalExpression", "text": "[\n  \"Xim\"\n  \"Indicator\"\n]"}, "loc": ["i18n", "inputMethod", "kime", "daemonModules"], "readOnly": false, "type": "list of (one of \"Xim\", \"Wayland\", \"Indicator\")"}, "i18n.inputMethod.kime.extraConfig": {"declarations": ["nixos/modules/i18n/input-method/kime.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "extra kime configuration. Refer to <https://github.com/Riey/kime/blob/v3.1.1/docs/CONFIGURATION.md> for details on supported values.\n", "loc": ["i18n", "inputMethod", "kime", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "i18n.inputMethod.kime.iconColor": {"declarations": ["nixos/modules/i18n/input-method/kime.nix"], "default": {"_type": "literalExpression", "text": "\"Black\""}, "description": "Color of the indicator icon\n", "example": {"_type": "literalExpression", "text": "\"White\""}, "loc": ["i18n", "inputMethod", "kime", "iconColor"], "readOnly": false, "type": "one of \"Black\", \"White\""}, "nixpkgs.buildPlatform": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalExpression", "text": "config.nixpkgs.hostPlatform"}, "description": "Specifies the platform on which NixOS should be built.\nBy default, NixOS is built on the system where it runs, but you can\nchange where it's built. Setting this option will cause NixOS to be\ncross-compiled.\n\nFor instance, if you're doing distributed multi-platform deployment,\nor if you're building machines, you can set this to match your\ndevelopment system and/or build farm.\n\nIgnored when `nixpkgs.pkgs` is set.\n", "example": {"_type": "literalExpression", "text": "{\n  system = \"x86_64-linux\";\n}"}, "loc": ["nixpkgs", "buildPlatform"], "readOnly": false, "type": "string or (attribute set)"}, "nixpkgs.config": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Global configuration for Nixpkgs.\nThe complete list of [Nixpkgs configuration options](https://nixos.org/manual/nixpkgs/unstable/#sec-config-options-reference) is in the [Nixpkgs manual section on global configuration](https://nixos.org/manual/nixpkgs/unstable/#chap-packageconfig).\n\nIgnored when {option}`nixpkgs.pkgs` is set.\n", "example": {"_type": "literalExpression", "text": "{ allowBroken = true; allowUnfree = true; }\n"}, "loc": ["nixpkgs", "config"], "readOnly": false, "type": "nixpkgs config"}, "nixpkgs.crossSystem": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Systems with a recently generated `hardware-configuration.nix`\nmay instead specify *only* {option}`nixpkgs.buildPlatform`,\nor fall back to removing the {option}`nixpkgs.hostPlatform` line from the generated config.\n\nSpecifies the platform for which NixOS should be\nbuilt. Specify this only if it is different from\n`nixpkgs.localSystem`, the platform\n*on* which NixOS should be built. In other\nwords, specify this to cross-compile NixOS. Otherwise it\nshould be set as null, the default. See its description in the\nNixpkgs manual for more details.\n\nIgnored when `nixpkgs.pkgs` or `hostPlatform` is set.\n", "example": {"_type": "literalExpression", "text": "{\n  system = \"aarch64-linux\";\n}"}, "loc": ["nixpkgs", "crossSystem"], "readOnly": false, "type": "null or (attribute set)"}, "nixpkgs.hostPlatform": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "description": "Specifies the platform where the NixOS configuration will run.\n\nTo cross-compile, set also `nixpkgs.buildPlatform`.\n\nIgnored when `nixpkgs.pkgs` is set.\n", "example": {"_type": "literalExpression", "text": "{\n  system = \"aarch64-linux\";\n}"}, "loc": ["nixpkgs", "hostPlatform"], "readOnly": false, "type": "string or (attribute set)"}, "nixpkgs.localSystem": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalExpression", "text": "config.nixpkgs.system"}, "description": "Systems with a recently generated `hardware-configuration.nix`\ndo not need to specify this option, unless cross-compiling, in which case\nyou should set *only* {option}`nixpkgs.buildPlatform`.\n\nIf this is somehow not feasible, you may fall back to removing the\n{option}`nixpkgs.hostPlatform` line from the generated config and\nuse the old options.\n\nSpecifies the platform on which NixOS should be built. When\n`nixpkgs.crossSystem` is unset, it also specifies\nthe platform *for* which NixOS should be\nbuilt.  If this option is unset, it defaults to the platform\ntype of the machine where evaluation happens. Specifying this\noption is useful when doing distributed multi-platform\ndeployment, or when building virtual machines. See its\ndescription in the Nixpkgs manual for more details.\n\nIgnored when `nixpkgs.pkgs` or `hostPlatform` is set.\n", "example": {"_type": "literalExpression", "text": "{\n  system = \"aarch64-linux\";\n}"}, "loc": ["nixpkgs", "localSystem"], "readOnly": false, "type": "attribute set"}, "nixpkgs.overlays": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of overlays to apply to Nixpkgs.\nThis option allows modifying the Nixpkgs package set accessed through the `pkgs` module argument.\n\nFor details, see the [Overlays chapter in the Nixpkgs manual](https://nixos.org/manual/nixpkgs/stable/#chap-overlays).\n\nIf the {option}`nixpkgs.pkgs` option is set, overlays specified using `nixpkgs.overlays` will be applied after the overlays that were already included in `nixpkgs.pkgs`.\n", "example": {"_type": "literalExpression", "text": "[\n  (self: super: {\n    openssh = super.openssh.override {\n      hpnSupport = true;\n      kerberos = self.libkrb5;\n    };\n  })\n]\n"}, "loc": ["nixpkgs", "overlays"], "readOnly": false, "type": "list of (nixpkgs overlay)"}, "nixpkgs.pkgs": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalExpression", "text": "import \"${nixos}/..\" {\n  inherit (config.nixpkgs) config overlays localSystem crossSystem;\n}\n"}, "description": "If set, the pkgs argument to all NixOS modules is the value of\nthis option, extended with `nixpkgs.overlays`, if\nthat is also set. Either `nixpkgs.crossSystem` or\n`nixpkgs.localSystem` will be used in an assertion\nto check that the NixOS and Nixpkgs architectures match. Any\nother options in `nixpkgs.*`, notably `config`,\nwill be ignored.\n\nIf unset, the pkgs argument to all NixOS modules is determined\nas shown in the default value for this option.\n\nThe default value imports the Nixpkgs source files\nrelative to the location of this NixOS module, because\nNixOS and Nixpkgs are distributed together for consistency,\nso the `nixos` in the default value is in fact a\nrelative path. The `config`, `overlays`,\n`localSystem`, and `crossSystem` come\nfrom this option's siblings.\n\nThis option can be used by applications like NixOps to increase\nthe performance of evaluation, or to create packages that depend\non a container that should be built with the exact same evaluation\nof Nixpkgs, for example. Applications like this should set\ntheir default value using `lib.mkDefault`, so\nuser-provided configuration can override it without using\n`lib`.\n\nNote that using a distinct version of Nixpkgs with NixOS may\nbe an unexpected source of problems. Use this option with care.\n", "example": {"_type": "literalExpression", "text": "import <nixpkgs> {}"}, "loc": ["nixpkgs", "pkgs"], "readOnly": false, "type": "An evaluation of Nixpkgs; the top level attribute set of packages"}, "nixpkgs.system": {"declarations": ["nixos/modules/misc/nixpkgs.nix"], "default": {"_type": "literalMD", "text": "Traditionally `builtins.currentSystem`, but unset when invoking NixOS through `lib.nixosSystem`.\n"}, "description": "This option does not need to be specified for NixOS configurations\nwith a recently generated `hardware-configuration.nix`.\n\nSpecifies the Nix platform type on which NixOS should be built.\nIt is better to specify `nixpkgs.localSystem` instead.\n```\n{\n  nixpkgs.system = ..;\n}\n```\nis the same as\n```\n{\n  nixpkgs.localSystem.system = ..;\n}\n```\nSee `nixpkgs.localSystem` for more information.\n\nIgnored when `nixpkgs.pkgs`, `nixpkgs.localSystem` or `nixpkgs.hostPlatform` is set.\n", "example": {"_type": "literalExpression", "text": "\"i686-linux\""}, "loc": ["nixpkgs", "system"], "readOnly": false, "type": "string"}, "services.archisteamfarm.bots": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Bots name and configuration.\n", "example": {"_type": "literalExpression", "text": "{\n  exampleBot = {\n    passwordFile = \"/var/lib/archisteamfarm/secrets/password\";\n    settings = {\n      SteamParentalCode = \"1234\";\n    };\n    username = \"alice\";\n  };\n}"}, "loc": ["services", "archisteamfarm", "bots"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.archisteamfarm.bots.<name>.enabled": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the bot on startup.", "loc": ["services", "archisteamfarm", "bots", "<name>", "enabled"], "readOnly": false, "type": "boolean"}, "services.archisteamfarm.bots.<name>.passwordFile": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group.\nOmit or set to null to provide the password a different way, such as through the web-ui.\n", "loc": ["services", "archisteamfarm", "bots", "<name>", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.archisteamfarm.bots.<name>.settings": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional settings that are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#bot-config).\n", "loc": ["services", "archisteamfarm", "bots", "<name>", "settings"], "readOnly": false, "type": "attribute set"}, "services.archisteamfarm.bots.<name>.username": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Name of the user to log in. Default is attribute name.", "loc": ["services", "archisteamfarm", "bots", "<name>", "username"], "readOnly": false, "type": "string"}, "services.archisteamfarm.dataDir": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/archisteamfarm\""}, "description": "The ASF home directory used to store all data.\nIf left as the default value this directory will automatically be created before the ASF server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.", "loc": ["services", "archisteamfarm", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.archisteamfarm.enable": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, starts the ArchisSteamFarm service.\nFor configuring the SteamGuard token you will need to use the web-ui, which is enabled by default over on 127.0.0.1:1242.\nYou cannot configure ASF in any way outside of nix, since all the config files get wiped on restart and replaced with the programnatically set ones by nix.\n", "loc": ["services", "archisteamfarm", "enable"], "readOnly": false, "type": "boolean"}, "services.archisteamfarm.ipcPasswordFile": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group.", "loc": ["services", "archisteamfarm", "ipcPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.archisteamfarm.ipcSettings": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to write to IPC.config.\nAll options can be found [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/IPC#custom-configuration).\n", "example": {"_type": "literalExpression", "text": "{\n  Kestrel = {\n    Endpoints = {\n      HTTP = {\n        Url = \"http://*:1242\";\n      };\n    };\n  };\n}"}, "loc": ["services", "archisteamfarm", "ipcSettings"], "readOnly": false, "type": "JSON value"}, "services.archisteamfarm.package": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.archisteamfarm"}, "description": "The archisteamfarm package to use. ::: {.warning}\nShould always be the latest version, for security reasons,\nsince this module uses very new features and to not get out of sync with the Steam API.\n:::\n", "loc": ["services", "archisteamfarm", "package"], "readOnly": false, "type": "package"}, "services.archisteamfarm.settings": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The ASF.json file, all the options are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config).\nDo note that `AutoRestart`  and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything.\n`Headless` is also always set to `true` because there is no way to provide inputs via a systemd service.\nYou should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#updateperiod).\n", "example": {"_type": "literalExpression", "text": "{\n  Statistics = false;\n}"}, "loc": ["services", "archisteamfarm", "settings"], "readOnly": false, "type": "JSON value"}, "services.archisteamfarm.web-ui": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "{\n  enable = true;\n}"}, "description": "The Web-UI hosted on 127.0.0.1:1242.", "example": {"_type": "literalExpression", "text": "{\n  enable = false;\n}"}, "loc": ["services", "archisteamfarm", "web-ui"], "readOnly": false, "type": "submodule"}, "services.archisteamfarm.web-ui.enable": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to start the web-ui. This is the preferred way of configuring things such as the steam guard token.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "archisteamfarm", "web-ui", "enable"], "readOnly": false, "type": "boolean"}, "services.archisteamfarm.web-ui.package": {"declarations": ["nixos/modules/services/games/archisteamfarm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.archisteamfarm.ui"}, "description": "The ui package to use. ::: {.note}\nContents must be in lib/dist\n:::\n", "loc": ["services", "archisteamfarm", "web-ui", "package"], "readOnly": false, "type": "package"}, "services.auto-cpufreq.enable": {"declarations": ["nixos/modules/services/hardware/auto-cpufreq.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable auto-cpufreq daemon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "auto-cpufreq", "enable"], "readOnly": false, "type": "boolean"}, "services.auto-cpufreq.settings": {"declarations": ["nixos/modules/services/hardware/auto-cpufreq.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for `auto-cpufreq`.\n\nThe available options can be found in [the example configuration file](https://github.com/AdnanHodzic/auto-cpufreq/blob/v3.0.0/auto-cpufreq.conf-example).\n", "example": {"_type": "literalExpression", "text": "{\n  battery = {\n    governor = \"powersave\";\n    turbo = \"never\";\n  };\n  charger = {\n    governor = \"performance\";\n    turbo = \"auto\";\n  };\n}"}, "loc": ["services", "auto-cpufreq", "settings"], "readOnly": false, "type": "open submodule of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))"}, "services.dex.enable": {"declarations": ["nixos/modules/services/web-apps/dex.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the OpenID Connect and OAuth2 identity provider.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dex", "enable"], "readOnly": false, "type": "boolean"}, "services.dex.environmentFile": {"declarations": ["nixos/modules/services/web-apps/dex.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Environment file (see {manpage}`systemd.exec(5)`\n\"EnvironmentFile=\" section for the syntax) to define variables for dex.\nThis option can be used to safely include secret keys into the dex configuration.\n", "loc": ["services", "dex", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.dex.package": {"declarations": ["nixos/modules/services/web-apps/dex.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dex-oidc"}, "description": "The dex-oidc package to use.", "loc": ["services", "dex", "package"], "readOnly": false, "type": "package"}, "services.dex.settings": {"declarations": ["nixos/modules/services/web-apps/dex.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The available options can be found in\n[the example configuration](https://github.com/dexidp/dex/blob/v2.44.0/config.yaml.dist).\n\nIt's also possible to refer to environment variables (defined in [services.dex.environmentFile](#opt-services.dex.environmentFile))\nusing the syntax `$VARIABLE_NAME`.\n", "example": {"_type": "literalExpression", "text": "{\n  # External url\n  issuer = \"http://127.0.0.1:5556/dex\";\n  storage = {\n    type = \"postgres\";\n    config.host = \"/var/run/postgres\";\n  };\n  web = {\n    http = \"127.0.0.1:5556\";\n  };\n  enablePasswordDB = true;\n  staticClients = [\n    {\n      id = \"oidcclient\";\n      name = \"Client\";\n      redirectURIs = [ \"https://example.com/callback\" ];\n      secretFile = \"/etc/dex/oidcclient\"; # The content of `secretFile` will be written into to the config as `secret`.\n    }\n  ];\n}\n"}, "loc": ["services", "dex", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.dnscrypt-proxy.configFile": {"declarations": ["nixos/modules/services/networking/dnscrypt-proxy.nix"], "default": {"_type": "literalMD", "text": "TOML file generated from {option}`services.dnscrypt-proxy.settings`"}, "description": "Path to TOML config file. See: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml>\nIf this option is set, it will override any configuration done in options.services.dnscrypt-proxy.settings.\n", "example": {"_type": "literalExpression", "text": "\"/etc/dnscrypt-proxy/dnscrypt-proxy.toml\""}, "loc": ["services", "dnscrypt-proxy", "configFile"], "readOnly": false, "type": "absolute path"}, "services.dnscrypt-proxy.enable": {"declarations": ["nixos/modules/services/networking/dnscrypt-proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable dnscrypt-proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "dnscrypt-proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.dnscrypt-proxy.package": {"declarations": ["nixos/modules/services/networking/dnscrypt-proxy.nix"], "default": {"_type": "literalExpression", "text": "pkgs.dnscrypt-proxy"}, "description": "The dnscrypt-proxy package to use.", "loc": ["services", "dnscrypt-proxy", "package"], "readOnly": false, "type": "package"}, "services.dnscrypt-proxy.settings": {"declarations": ["nixos/modules/services/networking/dnscrypt-proxy.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Attrset that is converted and passed as TOML config file.\nFor available params, see: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.15/dnscrypt-proxy/example-dnscrypt-proxy.toml>\n", "example": {"_type": "literalExpression", "text": "{\n  sources.public-resolvers = {\n    urls = [ \"https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md\" ];\n    cache_file = \"public-resolvers.md\";\n    minisign_key = \"RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3\";\n    refresh_delay = 72;\n  };\n}\n"}, "loc": ["services", "dnscrypt-proxy", "settings"], "readOnly": false, "type": "attribute set"}, "services.dnscrypt-proxy.upstreamDefaults": {"declarations": ["nixos/modules/services/networking/dnscrypt-proxy.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to base the config declared in {option}`services.dnscrypt-proxy.settings` on the upstream example config (<https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml>)\n\nDisable this if you want to declare your dnscrypt config from scratch.\n", "loc": ["services", "dnscrypt-proxy", "upstreamDefaults"], "readOnly": false, "type": "boolean"}, "services.evcc.enable": {"declarations": ["nixos/modules/services/home-automation/evcc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable EVCC, the extensible EV Charge Controller and Home Energy Management System.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "evcc", "enable"], "readOnly": false, "type": "boolean"}, "services.evcc.environmentFile": {"declarations": ["nixos/modules/services/home-automation/evcc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File with environment variables to pass into the runtime environment.\n\nUseful to pass secrets into the configuration, that get applied using `envsubst`.\n", "example": {"_type": "literalExpression", "text": "/run/keys/evcc"}, "loc": ["services", "evcc", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.evcc.extraArgs": {"declarations": ["nixos/modules/services/home-automation/evcc.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the `evcc` executable.\n", "loc": ["services", "evcc", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.evcc.package": {"declarations": ["nixos/modules/services/home-automation/evcc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.evcc"}, "description": "The evcc package to use.", "loc": ["services", "evcc", "package"], "readOnly": false, "type": "package"}, "services.evcc.settings": {"declarations": ["nixos/modules/services/home-automation/evcc.nix"], "description": "evcc configuration as a Nix attribute set. Supports substitution of secrets using `envsubst` from the `environmentFile`.\n\nCheck for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/0.301.1/evcc.dist.yaml).\n", "loc": ["services", "evcc", "settings"], "readOnly": false, "type": "YAML 1.1 value"}, "services.frigate.checkConfig": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stdenv.buildPlatform.canExecute pkgs.stdenv.hostPlatform && !(pkgs.stdenv.hostPlaform.isAarch64)\n"}, "description": "Whether to check the configuration at build time.\n", "loc": ["services", "frigate", "checkConfig"], "readOnly": false, "type": "boolean"}, "services.frigate.enable": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Frigate NVR.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frigate", "enable"], "readOnly": false, "type": "boolean"}, "services.frigate.hostname": {"declarations": ["nixos/modules/services/video/frigate.nix"], "description": "Hostname of the nginx vhost to configure.\n\nOnly nginx is supported by upstream for direct reverse proxying.\n", "example": {"_type": "literalExpression", "text": "\"frigate.exampe.com\""}, "loc": ["services", "frigate", "hostname"], "readOnly": false, "type": "string"}, "services.frigate.package": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "pkgs.frigate"}, "description": "The frigate package to use.", "loc": ["services", "frigate", "package"], "readOnly": false, "type": "package"}, "services.frigate.preCheckConfig": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "This script gets run before the config is checked. It can be used to,\ne.g., set environment variables needed or transform the config\n(available as `$out`) to make it checkable in the sandbox.\n", "loc": ["services", "frigate", "preCheckConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.frigate.settings": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Frigate configuration as a nix attribute set.\n\nSee the project documentation for how to configure frigate.\n- [Creating a config file](https://docs.frigate.video/guides/getting_started)\n- [Configuration reference](https://docs.frigate.video/configuration/index)\n", "loc": ["services", "frigate", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.frigate.settings.cameras": {"declarations": ["nixos/modules/services/video/frigate.nix"], "description": "Attribute set of cameras configurations.\n\n<https://docs.frigate.video/configuration/cameras>\n", "loc": ["services", "frigate", "settings", "cameras"], "readOnly": false, "type": "attribute set of (open submodule of (YAML 1.1 value))"}, "services.frigate.settings.cameras.<name>.ffmpeg.inputs": {"declarations": ["nixos/modules/services/video/frigate.nix"], "description": "List of inputs for this camera.\n", "loc": ["services", "frigate", "settings", "cameras", "<name>", "ffmpeg", "inputs"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.path": {"declarations": ["nixos/modules/services/video/frigate.nix"], "description": "Stream URL\n", "example": {"_type": "literalExpression", "text": "\"rtsp://192.0.2.1:554/rtsp\""}, "loc": ["services", "frigate", "settings", "cameras", "<name>", "ffmpeg", "inputs", "*", "path"], "readOnly": false, "type": "string"}, "services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles": {"declarations": ["nixos/modules/services/video/frigate.nix"], "description": "List of roles for this stream\n", "example": {"_type": "literalExpression", "text": "[\n  \"detect\"\n  \"record\"\n]"}, "loc": ["services", "frigate", "settings", "cameras", "<name>", "ffmpeg", "inputs", "*", "roles"], "readOnly": false, "type": "list of (one of \"audio\", \"detect\", \"record\")"}, "services.frigate.settings.database.path": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/frigate/frigate.db\""}, "description": "Path to the SQLite database used\n", "loc": ["services", "frigate", "settings", "database", "path"], "readOnly": false, "type": "absolute path"}, "services.frigate.settings.ffmpeg.path": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "<derivation ffmpeg-headless-8.0.1>"}, "description": "Package providing the ffmpeg and ffprobe executables below the bin/ directory.\n", "example": {"_type": "literalExpression", "text": "pkgs.ffmpeg-full"}, "loc": ["services", "frigate", "settings", "ffmpeg", "path"], "readOnly": false, "type": "string or package convertible to it"}, "services.frigate.settings.mqtt.enabled": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable MQTT support.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frigate", "settings", "mqtt", "enabled"], "readOnly": false, "type": "boolean"}, "services.frigate.settings.mqtt.host": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "MQTT server hostname\n", "example": {"_type": "literalExpression", "text": "\"mqtt.example.com\""}, "loc": ["services", "frigate", "settings", "mqtt", "host"], "readOnly": false, "type": "null or string"}, "services.frigate.vaapiDriver": {"declarations": ["nixos/modules/services/video/frigate.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Force usage of a particular VA-API driver for video acceleration. Use together with `settings.ffmpeg.hwaccel_args`.\n\nSetting this *is not required* for VA-API to work, but it can help steer VA-API towards the correct card if you have multiple.\n\n:::{.note}\nFor VA-API to work you must enable {option}`hardware.graphics.enable` (sufficient for AMDGPU) and pass for example\n`pkgs.intel-media-driver` (required for Intel 5th Gen. and newer) into {option}`hardware.graphics.extraPackages`.\n:::\n\nSee also:\n\n- <https://docs.frigate.video/configuration/hardware_acceleration>\n- <https://docs.frigate.video/configuration/ffmpeg_presets#hwaccel-presets>\n", "example": {"_type": "literalExpression", "text": "\"radeonsi\""}, "loc": ["services", "frigate", "vaapiDriver"], "readOnly": false, "type": "null or one of \"i965\", \"iHD\", \"nouveau\", \"vdpau\", \"nvidia\", \"radeonsi\""}, "services.frr.babeld.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR babeld.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "babeld", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.babeld.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR babeld daemon options.\n", "loc": ["services", "frr", "babeld", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.babeld.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR babeld daemon.\n", "loc": ["services", "frr", "babeld", "options"], "readOnly": false, "type": "list of string"}, "services.frr.bfdd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR bfdd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "bfdd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.bfdd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR bfdd daemon options.\n", "loc": ["services", "frr", "bfdd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.bfdd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR bfdd daemon.\n", "loc": ["services", "frr", "bfdd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.bgpd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR bgpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "bgpd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.bgpd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR bgpd daemon options.\n", "loc": ["services", "frr", "bgpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.bgpd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR bgpd daemon.\n", "loc": ["services", "frr", "bgpd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.config": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "FRR configuration statements.\n", "example": {"_type": "literalExpression", "text": "''\n  router rip\n    network 10.0.0.0/8\n  router ospf\n    network 10.0.0.0/8 area 0\n  router bgp 65001\n    neighbor 10.0.0.1 remote-as 65001\n''"}, "loc": ["services", "frr", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.frr.configFile": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Configuration file to use for FRR.\nBy default the NixOS generated files are used.\n", "example": {"_type": "literalExpression", "text": "\"/etc/frr/frr.conf\""}, "loc": ["services", "frr", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.frr.eigrpd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR eigrpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "eigrpd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.eigrpd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR eigrpd daemon options.\n", "loc": ["services", "frr", "eigrpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.eigrpd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR eigrpd daemon.\n", "loc": ["services", "frr", "eigrpd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.fabricd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR fabricd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "fabricd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.fabricd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR fabricd daemon options.\n", "loc": ["services", "frr", "fabricd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.fabricd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR fabricd daemon.\n", "loc": ["services", "frr", "fabricd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.isisd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR isisd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "isisd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.isisd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR isisd daemon options.\n", "loc": ["services", "frr", "isisd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.isisd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR isisd daemon.\n", "loc": ["services", "frr", "isisd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.ldpd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR ldpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "ldpd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.ldpd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR ldpd daemon options.\n", "loc": ["services", "frr", "ldpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.ldpd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR ldpd daemon.\n", "loc": ["services", "frr", "ldpd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.mgmtd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR mgmtd daemon options.\n", "loc": ["services", "frr", "mgmtd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.mgmtd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR mgmtd daemon.\n", "loc": ["services", "frr", "mgmtd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.nhrpd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR nhrpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "nhrpd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.nhrpd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR nhrpd daemon options.\n", "loc": ["services", "frr", "nhrpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.nhrpd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR nhrpd daemon.\n", "loc": ["services", "frr", "nhrpd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.openFilesLimit": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "This is the maximum number of FD's that will be available.  Use a\nreasonable value for your setup if you are expecting a large number\nof peers in say BGP.\n", "loc": ["services", "frr", "openFilesLimit"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.frr.ospf6d.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR ospf6d.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "ospf6d", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.ospf6d.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR ospf6d daemon options.\n", "loc": ["services", "frr", "ospf6d", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.ospf6d.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A ::1\"\n]"}, "description": "Options for the FRR ospf6d daemon.\n", "loc": ["services", "frr", "ospf6d", "options"], "readOnly": false, "type": "list of string"}, "services.frr.ospfd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR ospfd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "ospfd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.ospfd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR ospfd daemon options.\n", "loc": ["services", "frr", "ospfd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.ospfd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR ospfd daemon.\n", "loc": ["services", "frr", "ospfd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.pathd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR pathd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "pathd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.pathd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR pathd daemon options.\n", "loc": ["services", "frr", "pathd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.pathd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR pathd daemon.\n", "loc": ["services", "frr", "pathd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.pbrd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR pbrd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "pbrd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.pbrd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR pbrd daemon options.\n", "loc": ["services", "frr", "pbrd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.pbrd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR pbrd daemon.\n", "loc": ["services", "frr", "pbrd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.pim6d.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR pim6d.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "pim6d", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.pim6d.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR pim6d daemon options.\n", "loc": ["services", "frr", "pim6d", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.pim6d.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A ::1\"\n]"}, "description": "Options for the FRR pim6d daemon.\n", "loc": ["services", "frr", "pim6d", "options"], "readOnly": false, "type": "list of string"}, "services.frr.pimd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR pimd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "pimd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.pimd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR pimd daemon options.\n", "loc": ["services", "frr", "pimd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.pimd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR pimd daemon.\n", "loc": ["services", "frr", "pimd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.ripd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR ripd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "ripd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.ripd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR ripd daemon options.\n", "loc": ["services", "frr", "ripd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.ripd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR ripd daemon.\n", "loc": ["services", "frr", "ripd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.ripngd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR ripngd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "ripngd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.ripngd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR ripngd daemon options.\n", "loc": ["services", "frr", "ripngd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.ripngd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A ::1\"\n]"}, "description": "Options for the FRR ripngd daemon.\n", "loc": ["services", "frr", "ripngd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.sharpd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR sharpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "sharpd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.sharpd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR sharpd daemon options.\n", "loc": ["services", "frr", "sharpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.sharpd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR sharpd daemon.\n", "loc": ["services", "frr", "sharpd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.staticd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR staticd daemon options.\n", "loc": ["services", "frr", "staticd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.staticd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR staticd daemon.\n", "loc": ["services", "frr", "staticd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.vrrpd.enable": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable FRR vrrpd.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "frr", "vrrpd", "enable"], "readOnly": false, "type": "boolean"}, "services.frr.vrrpd.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR vrrpd daemon options.\n", "loc": ["services", "frr", "vrrpd", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.vrrpd.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1\"\n]"}, "description": "Options for the FRR vrrpd daemon.\n", "loc": ["services", "frr", "vrrpd", "options"], "readOnly": false, "type": "list of string"}, "services.frr.zebra.extraOptions": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra options to be appended to the FRR zebra daemon options.\n", "loc": ["services", "frr", "zebra", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.frr.zebra.options": {"declarations": ["nixos/modules/services/networking/frr.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-A 127.0.0.1 -s 90000000\"\n]"}, "description": "Options for the FRR zebra daemon.\n", "loc": ["services", "frr", "zebra", "options"], "readOnly": false, "type": "list of string"}, "services.gerrit.builtinPlugins": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of builtins plugins to install. Those are shipped in the\n`gerrit.war` file.\n", "loc": ["services", "gerrit", "builtinPlugins"], "readOnly": false, "type": "list of (one of \"codemirror-editor\", \"commit-message-length-validator\", \"delete-project\", \"download-commands\", \"gitiles\", \"hooks\", \"plugin-manager\", \"replication\", \"reviewnotes\", \"singleusergroup\", \"webhooks\")"}, "services.gerrit.enable": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Gerrit service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "gerrit", "enable"], "readOnly": false, "type": "boolean"}, "services.gerrit.jvmHeapLimit": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "\"1024m\""}, "description": "How much memory to allocate to the JVM heap\n", "loc": ["services", "gerrit", "jvmHeapLimit"], "readOnly": false, "type": "string"}, "services.gerrit.jvmOpts": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance\"\n  \"-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance\"\n]"}, "description": "A list of JVM options to start gerrit with.", "loc": ["services", "gerrit", "jvmOpts"], "readOnly": false, "type": "list of string"}, "services.gerrit.jvmPackage": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jdk21_headless"}, "description": "The jdk21_headless package to use.", "loc": ["services", "gerrit", "jvmPackage"], "readOnly": false, "type": "package"}, "services.gerrit.listenAddress": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "\"[::]:8080\""}, "description": "`hostname:port` to listen for HTTP traffic.\n\nThis is bound using the systemd socket activation.\n", "loc": ["services", "gerrit", "listenAddress"], "readOnly": false, "type": "string"}, "services.gerrit.package": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "pkgs.gerrit"}, "description": "The gerrit package to use.", "loc": ["services", "gerrit", "package"], "readOnly": false, "type": "package"}, "services.gerrit.plugins": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of plugins to add to Gerrit. Each derivation is a jar file\nitself where the name of the derivation is the name of plugin.\n", "loc": ["services", "gerrit", "plugins"], "readOnly": false, "type": "list of package"}, "services.gerrit.replicationSettings": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Replication configuration. This will be generated to the\n`etc/replication.config` file.\n", "loc": ["services", "gerrit", "replicationSettings"], "readOnly": false, "type": "lazy attribute set of lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer) or lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer)))"}, "services.gerrit.serverId": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "description": "Set a UUID that uniquely identifies the server.\n\nThis can be generated with\n`nix-shell -p util-linux --run uuidgen`.\n", "loc": ["services", "gerrit", "serverId"], "readOnly": false, "type": "string"}, "services.gerrit.settings": {"declarations": ["nixos/modules/services/web-apps/gerrit.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Gerrit configuration. This will be generated to the\n`etc/gerrit.config` file.\n", "loc": ["services", "gerrit", "settings"], "readOnly": false, "type": "lazy attribute set of lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer) or lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer)))"}, "services.github-runners": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Multiple GitHub Runners.\n", "example": {"_type": "literalExpression", "text": "{\n  runner1 = {\n    enable = true;\n    name = \"runner1\";\n    tokenFile = \"/secrets/token1\";\n    url = \"https://github.com/owner/repo\";\n  };\n  runner2 = {\n    enable = true;\n    name = \"runner2\";\n    tokenFile = \"/secrets/token2\";\n    url = \"https://github.com/owner/repo\";\n  };\n}"}, "loc": ["services", "github-runners"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.github-runners.<name>.enable": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable GitHub Actions runner.\n\nNote: GitHub recommends using self-hosted runners with private repositories only. Learn more here:\n[About self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners).\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "github-runners", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.github-runners.<name>.ephemeral": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, causes the following behavior:\n\n- Passes the `--ephemeral` flag to the runner configuration script\n- De-registers and stops the runner with GitHub after it has processed one job\n- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)\n- Restarts the service after its successful exit\n- On start, wipes the state directory and configures a new runner\n\nYou should only enable this option if `tokenFile` points to a file which contains a\npersonal access token (PAT). If you're using the option with a registration token, restarting the\nservice will fail as soon as the registration token expired.\n\nChanging this option triggers a new runner registration.\n", "loc": ["services", "github-runners", "<name>", "ephemeral"], "readOnly": false, "type": "boolean"}, "services.github-runners.<name>.extraEnvironment": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra environment variables to set for the runner, as an attrset.\n", "example": {"_type": "literalExpression", "text": "{\n  GIT_CONFIG = \"/path/to/git/config\";\n}"}, "loc": ["services", "github-runners", "<name>", "extraEnvironment"], "readOnly": false, "type": "attribute set"}, "services.github-runners.<name>.extraLabels": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra labels in addition to the default (unless disabled through the `noDefaultLabels` option).\n\nChanging this option triggers a new runner registration.\n", "example": {"_type": "literalExpression", "text": "[ \"nixos\" ]"}, "loc": ["services", "github-runners", "<name>", "extraLabels"], "readOnly": false, "type": "list of string"}, "services.github-runners.<name>.extraPackages": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra packages to add to `PATH` of the service to make them available to workflows.\n", "loc": ["services", "github-runners", "<name>", "extraPackages"], "readOnly": false, "type": "list of package"}, "services.github-runners.<name>.group": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "groupname"}, "description": "Group under which to run the service.\n\nThe effect of this option depends on the value of the `user` option:\n\n- `group == null` and `user == null`:\n  The service runs with a dynamically allocated user and group.\n- `group == null` and `user != null`:\n  The service runs as the given user and its default group.\n- `group != null` and `user == null`:\n  This configuration is invalid. In this case, the service would use the given group\n  but run as root implicitly. If this is really what you want, set `user = \"root\"` explicitly.\n", "loc": ["services", "github-runners", "<name>", "group"], "readOnly": false, "type": "null or string"}, "services.github-runners.<name>.name": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Name of the runner to configure. If null, defaults to the hostname.\n\nChanging this option triggers a new runner registration.\n", "example": {"_type": "literalExpression", "text": "\"nixos\""}, "loc": ["services", "github-runners", "<name>", "name"], "readOnly": false, "type": "null or string"}, "services.github-runners.<name>.noDefaultLabels": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disables adding the default labels. Also see the `extraLabels` option.\n\nChanging this option triggers a new runner registration.\n", "loc": ["services", "github-runners", "<name>", "noDefaultLabels"], "readOnly": false, "type": "boolean"}, "services.github-runners.<name>.nodeRuntimes": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"node20\"\n  \"node24\"\n]"}, "description": "List of Node.js runtimes the runner should support.\n", "loc": ["services", "github-runners", "<name>", "nodeRuntimes"], "readOnly": false, "type": "non-empty (list of (one of \"node20\", \"node24\"))"}, "services.github-runners.<name>.package": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "pkgs.github-runner"}, "description": "The github-runner package to use.", "loc": ["services", "github-runners", "<name>", "package"], "readOnly": false, "type": "package"}, "services.github-runners.<name>.replace": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Replace any existing runner with the same name.\n\nWithout this flag, registering a new runner with the same name fails.\n", "loc": ["services", "github-runners", "<name>", "replace"], "readOnly": false, "type": "boolean"}, "services.github-runners.<name>.runnerGroup": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the runner group to add this runner to (defaults to the default runner group).\n\nChanging this option triggers a new runner registration.\n", "loc": ["services", "github-runners", "<name>", "runnerGroup"], "readOnly": false, "type": "null or string"}, "services.github-runners.<name>.serviceOverrides": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Modify the systemd service. Can be used to, e.g., adjust the sandboxing options.\nSee {manpage}`systemd.exec(5)` for more options.\n", "example": {"_type": "literalExpression", "text": "{\n  ProtectHome = false;\n  RestrictAddressFamilies = [\n    \"AF_PACKET\"\n  ];\n}"}, "loc": ["services", "github-runners", "<name>", "serviceOverrides"], "readOnly": false, "type": "attribute set"}, "services.github-runners.<name>.tokenFile": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "description": "The full path to a file which contains either\n\n* a fine-grained personal access token (PAT),\n* a classic PAT\n* or a runner registration token\n\nChanging this option or the `tokenFile`\u2019s content triggers a new runner registration.\n\nWe suggest using the fine-grained PATs. A runner registration token is valid\nonly for 1 hour after creation, so the next time the runner configuration changes\nthis will give you hard-to-debug HTTP 404 errors in the configure step.\n\nThe file should contain exactly one line with the token without any newline.\n(Use `echo -n '\u2026token\u2026' > \u2026token file\u2026` to make sure no newlines sneak in.)\n\nIf the file contains a PAT, the service creates a new registration token\non startup as needed.\nIf a registration token is given, it can be used to re-register a runner of the same\nname but is time-limited as noted above.\n\nFor fine-grained PATs:\n\nGive it \"Read and Write access to organization/repository self hosted runners\",\ndepending on whether it is organization wide or per-repository. You might have to\nexperiment a little, fine-grained PATs are a `beta` Github feature and still subject\nto change; nonetheless they are the best option at the moment.\n\nFor classic PATs:\n\nMake sure the PAT has a scope of `admin:org` for organization-wide registrations\nor a scope of `repo` for a single repository.\n\nFor runner registration tokens:\n\nNothing special needs to be done, but updating will break after one hour,\nso these are not recommended.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/github-runner/nixos.token\""}, "loc": ["services", "github-runners", "<name>", "tokenFile"], "readOnly": false, "type": "absolute path"}, "services.github-runners.<name>.tokenType": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Type of token to use for runner registration.\n\nAn access token is a personal access token or any other kind of GitHub token that\nstarts with `ghp_`, `gho_`, etc prefix. It is passed as `--pat` to the runner\nconfig script.\n\nA registration token is an unprefixed string generated by the\n\"Add new self-hosted runner\" page. It is passed as `--token` to runner config\nscript.\n\nThe default `auto` attempts to detect the token type automatically based on its\nformat.\n", "example": {"_type": "literalExpression", "text": "\"registration\""}, "loc": ["services", "github-runners", "<name>", "tokenType"], "readOnly": false, "type": "one of \"auto\", \"access\", \"registration\""}, "services.github-runners.<name>.url": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "description": "Repository to add the runner to.\n\nChanging this option triggers a new runner registration.\n\nIMPORTANT: If your token is org-wide (not per repository), you need to\nprovide a github org link, not a single repository, so do it like this\n`https://github.com/nixos`, not like this\n`https://github.com/nixos/nixpkgs`.\nOtherwise, you are going to get a `404 NotFound`\nfrom `POST https://api.github.com/actions/runner-registration`\nin the configure script.\n", "example": {"_type": "literalExpression", "text": "\"https://github.com/nixos/nixpkgs\""}, "loc": ["services", "github-runners", "<name>", "url"], "readOnly": false, "type": "string"}, "services.github-runners.<name>.user": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "username"}, "description": "User under which to run the service.\n\nIf this option and the `group` option is set to `null`,\nthe service runs as a dynamically allocated user.\n\nAlso see the `group` option for an overview on the effects of the `user` and `group` settings.\n", "loc": ["services", "github-runners", "<name>", "user"], "readOnly": false, "type": "null or string"}, "services.github-runners.<name>.workDir": {"declarations": ["nixos/modules/services/continuous-integration/github-runner/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Working directory, available as `$GITHUB_WORKSPACE` during workflow runs\nand used as a default for [repository checkouts](https://github.com/actions/checkout).\nThe service cleans this directory on every service start.\n\nA value of `null` will default to the systemd `RuntimeDirectory`.\n\nChanging this option triggers a new runner registration.\n", "loc": ["services", "github-runners", "<name>", "workDir"], "readOnly": false, "type": "null or string"}, "services.go2rtc.enable": {"declarations": ["nixos/modules/services/video/go2rtc/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable go2rtc streaming server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "go2rtc", "enable"], "readOnly": false, "type": "boolean"}, "services.go2rtc.package": {"declarations": ["nixos/modules/services/video/go2rtc/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.go2rtc"}, "description": "The go2rtc package to use.", "loc": ["services", "go2rtc", "package"], "readOnly": false, "type": "package"}, "services.go2rtc.settings": {"declarations": ["nixos/modules/services/video/go2rtc/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "go2rtc configuration as a Nix attribute set.\n\nSee the [wiki](https://github.com/AlexxIT/go2rtc/wiki/Configuration) for possible configuration options.\n", "loc": ["services", "go2rtc", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.go2rtc.settings.api.listen": {"declarations": ["nixos/modules/services/video/go2rtc/default.nix"], "default": {"_type": "literalExpression", "text": "\":1984\""}, "description": "API listen address, conforming to a Go address string.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:1984\""}, "loc": ["services", "go2rtc", "settings", "api", "listen"], "readOnly": false, "type": "string"}, "services.go2rtc.settings.ffmpeg.bin": {"declarations": ["nixos/modules/services/video/go2rtc/default.nix"], "default": {"_type": "literalExpression", "text": "lib.getExe pkgs.ffmpeg-headless"}, "description": "The ffmpeg package to use for transcoding.\n", "loc": ["services", "go2rtc", "settings", "ffmpeg", "bin"], "readOnly": false, "type": "absolute path"}, "services.go2rtc.settings.streams": {"declarations": ["nixos/modules/services/video/go2rtc/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Stream source configuration. Multiple source types are supported.\n\nCheck the [configuration reference](https://github.com/AlexxIT/go2rtc/blob/v1.9.14/README.md#module-streams) for possible options.\n", "example": {"_type": "literalExpression", "text": "{\n  cam1 = \"onvif://admin:password@192.168.1.123:2020\";\n  cam2 = \"tcp://192.168.1.123:12345\";\n}\n"}, "loc": ["services", "go2rtc", "settings", "streams"], "readOnly": false, "type": "attribute set of (string or list of string)"}, "services.hercules-ci-agent.enable": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable to run Hercules CI Agent as a system service.\n\n[Hercules CI](https://hercules-ci.com) is a\ncontinuous integation service that is centered around Nix.\n\nSupport is available at [help@hercules-ci.com](mailto:help@hercules-ci.com).\n", "loc": ["services", "hercules-ci-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.hercules-ci-agent.package": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hercules-ci-agent"}, "description": "The hercules-ci-agent package to use.", "loc": ["services", "hercules-ci-agent", "package"], "readOnly": false, "type": "package"}, "services.hercules-ci-agent.settings": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "description": "These settings are written to the {file}`agent.toml` file.\n\nNot all settings are listed as options, can be set nonetheless.\n\nFor the exhaustive list of settings, see <https://docs.hercules-ci.com/hercules-ci/reference/agent-config/>.\n", "loc": ["services", "hercules-ci-agent", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.hercules-ci-agent.settings.apiBaseUrl": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "\"https://hercules-ci.com\""}, "description": "API base URL that the agent will connect to.\n\nWhen using Hercules CI Enterprise, set this to the URL where your\nHercules CI server is reachable.\n", "loc": ["services", "hercules-ci-agent", "settings", "apiBaseUrl"], "readOnly": false, "type": "string"}, "services.hercules-ci-agent.settings.baseDirectory": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hercules-ci-agent\""}, "description": "State directory (secrets, work directory, etc) for agent\n", "loc": ["services", "hercules-ci-agent", "settings", "baseDirectory"], "readOnly": false, "type": "absolute path"}, "services.hercules-ci-agent.settings.binaryCachesPath": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "staticSecretsDirectory + \"/binary-caches.json\""}, "description": "Path to a JSON file containing binary cache secret keys.\n\nAs these values are confidential, they should not be in the store, but\ncopied over using other means, such as agenix, NixOps\n`deployment.keys`, or manual installation.\n\nThe format is described on <https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/>.\n", "loc": ["services", "hercules-ci-agent", "settings", "binaryCachesPath"], "readOnly": false, "type": "absolute path"}, "services.hercules-ci-agent.settings.clusterJoinTokenPath": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "staticSecretsDirectory + \"/cluster-join-token.key\""}, "description": "Location of the cluster-join-token.key file.\n\nYou can retrieve the contents of the file when creating a new agent via\n<https://hercules-ci.com/dashboard>.\n\nAs this value is confidential, it should not be in the store, but\ninstalled using other means, such as agenix, NixOps\n`deployment.keys`, or manual installation.\n\nThe contents of the file are used for authentication between the agent and the API.\n", "loc": ["services", "hercules-ci-agent", "settings", "clusterJoinTokenPath"], "readOnly": false, "type": "absolute path"}, "services.hercules-ci-agent.settings.concurrentTasks": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalMD", "text": "`\"auto\"`, meaning equal to the number of CPU cores.\n"}, "description": "Number of tasks to perform simultaneously.\n\nA task is a single derivation build, an evaluation or an effect run.\nAt minimum, you need 2 concurrent tasks for `x86_64-linux`\nin your cluster, to allow for import from derivation.\n\n`concurrentTasks` can be around the CPU core count or lower if memory is\nthe bottleneck.\n\nThe optimal value depends on the resource consumption characteristics of your workload,\nincluding memory usage and in-task parallelism. This is typically determined empirically.\n\nWhen scaling, it is generally better to have a double-size machine than two machines,\nbecause each split of resources causes inefficiencies; particularly with regards\nto build latency because of extra downloads.\n", "loc": ["services", "hercules-ci-agent", "settings", "concurrentTasks"], "readOnly": false, "type": "positive integer, meaning >0, or value \"auto\" (singular enum)"}, "services.hercules-ci-agent.settings.labels": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "{\n  agent.source = \"...\"; # One of \"nixpkgs\", \"flake\", \"override\"\n  lib.version = \"...\";\n  pkgs.version = \"...\";\n}\n"}, "description": "A key-value map of user data.\n\nThis data will be available to organization members in the dashboard and API.\n\nThe values can be of any TOML type that corresponds to a JSON type, but arrays\ncan not contain tables/objects due to limitations of the TOML library. Values\ninvolving arrays of non-primitive types may not be representable currently.\n", "loc": ["services", "hercules-ci-agent", "settings", "labels"], "readOnly": false, "type": "TOML value"}, "services.hercules-ci-agent.settings.secretsJsonPath": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "staticSecretsDirectory + \"/secrets.json\""}, "description": "Path to a JSON file containing secrets for effects.\n\nAs these values are confidential, they should not be in the store, but\ncopied over using other means, such as agenix, NixOps\n`deployment.keys`, or manual installation.\n\nThe format is described on <https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/>.\n", "loc": ["services", "hercules-ci-agent", "settings", "secretsJsonPath"], "readOnly": false, "type": "absolute path"}, "services.hercules-ci-agent.settings.staticSecretsDirectory": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "baseDirectory + \"/secrets\""}, "description": "This is the default directory to look for statically configured secrets like `cluster-join-token.key`.\n\nSee also `clusterJoinTokenPath` and `binaryCachesPath` for fine-grained configuration.\n", "loc": ["services", "hercules-ci-agent", "settings", "staticSecretsDirectory"], "readOnly": false, "type": "absolute path"}, "services.hercules-ci-agent.settings.workDirectory": {"declarations": ["nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix"], "default": {"_type": "literalExpression", "text": "baseDirectory + \"/work\""}, "description": "The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation.\n", "loc": ["services", "hercules-ci-agent", "settings", "workDirectory"], "readOnly": false, "type": "absolute path"}, "services.home-assistant.blueprints.automation": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of automation\n[blueprints](https://www.home-assistant.io/docs/blueprint/) to\ninstall into {file}`${config.services.home-assistant.configDir}/blueprints/automation`.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.fetchurl {\n    url = \"https://github.com/home-assistant/core/raw/2025.1.4/homeassistant/components/automation/blueprints/motion_light.yaml\";\n    hash = \"sha256-4HrDX65ycBMfEY2nZ7A25/d3ZnIHdpHZ+80Cblp+P5w=\";\n  })\n]\n"}, "loc": ["services", "home-assistant", "blueprints", "automation"], "readOnly": false, "type": "list of (path in the Nix store or absolute path convertible to it)"}, "services.home-assistant.blueprints.script": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of script\n[blueprints](https://www.home-assistant.io/docs/blueprint/) to\ninstall into {file}`${config.services.home-assistant.configDir}/blueprints/script`.\n", "example": {"_type": "literalExpression", "text": "[ ./blueprint.yaml ]"}, "loc": ["services", "home-assistant", "blueprints", "script"], "readOnly": false, "type": "list of (path in the Nix store or absolute path convertible to it)"}, "services.home-assistant.blueprints.template": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of template\n[blueprints](https://www.home-assistant.io/docs/blueprint/) to\ninstall into {file}`${config.services.home-assistant.configDir}/blueprints/template`.\n", "example": {"_type": "literalExpression", "text": "[ \"${pkgs.home-assistant.src}/homeassistant/components/template/blueprints/inverted_binary_sensor.yaml\" ]"}, "loc": ["services", "home-assistant", "blueprints", "template"], "readOnly": false, "type": "list of (path in the Nix store or absolute path convertible to it)"}, "services.home-assistant.config": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "description": "Your {file}`configuration.yaml` as a Nix attribute set.\n\nYAML functions like [secrets](https://www.home-assistant.io/docs/configuration/secrets/)\ncan be passed as a string and will be unquoted automatically.\n\nUnless this option is explicitly set to `null`\nwe assume your {file}`configuration.yaml` is\nmanaged through this module and thereby overwritten on startup.\n", "example": {"_type": "literalExpression", "text": "{\n  homeassistant = {\n    name = \"Home\";\n    latitude = \"!secret latitude\";\n    longitude = \"!secret longitude\";\n    elevation = \"!secret elevation\";\n    unit_system = \"metric\";\n    time_zone = \"UTC\";\n  };\n  frontend = {\n    themes = \"!include_dir_merge_named themes\";\n  };\n  http = {};\n  feedreader.urls = [ \"https://nixos.org/blogs.xml\" ];\n}\n"}, "loc": ["services", "home-assistant", "config"], "readOnly": false, "type": "null or (open submodule of (YAML 1.1 value))"}, "services.home-assistant.config.homeassistant.latitude": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Latitude of your location required to calculate the time the sun rises and sets.\n", "example": {"_type": "literalExpression", "text": "52.3"}, "loc": ["services", "home-assistant", "config", "homeassistant", "latitude"], "readOnly": false, "type": "null or floating point number or string"}, "services.home-assistant.config.homeassistant.longitude": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Longitude of your location required to calculate the time the sun rises and sets.\n", "example": {"_type": "literalExpression", "text": "4.9"}, "loc": ["services", "home-assistant", "config", "homeassistant", "longitude"], "readOnly": false, "type": "null or floating point number or string"}, "services.home-assistant.config.homeassistant.name": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of the location where Home Assistant is running.\n", "example": {"_type": "literalExpression", "text": "\"Home\""}, "loc": ["services", "home-assistant", "config", "homeassistant", "name"], "readOnly": false, "type": "null or string"}, "services.home-assistant.config.homeassistant.temperature_unit": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override temperature unit set by unit_system. `C` for Celsius, `F` for Fahrenheit.\n", "example": {"_type": "literalExpression", "text": "\"C\""}, "loc": ["services", "home-assistant", "config", "homeassistant", "temperature_unit"], "readOnly": false, "type": "null or one of \"C\", \"F\""}, "services.home-assistant.config.homeassistant.time_zone": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "config.time.timeZone or null\n"}, "description": "Pick your time zone from the column TZ of Wikipedia\u2019s [list of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).\n", "example": {"_type": "literalExpression", "text": "\"Europe/Amsterdam\""}, "loc": ["services", "home-assistant", "config", "homeassistant", "time_zone"], "readOnly": false, "type": "null or string"}, "services.home-assistant.config.homeassistant.unit_system": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The unit system to use. This also sets temperature_unit, Celsius for Metric and Fahrenheit for US Customary.\n", "example": {"_type": "literalExpression", "text": "\"metric\""}, "loc": ["services", "home-assistant", "config", "homeassistant", "unit_system"], "readOnly": false, "type": "null or one of \"metric\", \"us_customary\""}, "services.home-assistant.config.http.server_host": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0\"\n  \"::\"\n]"}, "description": "Only listen to incoming requests on specific IP/host. The default listed assumes support for IPv4 and IPv6.\n", "example": {"_type": "literalExpression", "text": "\"::1\""}, "loc": ["services", "home-assistant", "config", "http", "server_host"], "readOnly": false, "type": "string or list of string"}, "services.home-assistant.config.http.server_port": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "8123"}, "description": "The port on which to listen.\n", "loc": ["services", "home-assistant", "config", "http", "server_port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.home-assistant.config.lovelace.mode": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "if (cfg.lovelaceConfig != null || cfg.lovelaceConfigFile != null)\n  then \"yaml\"\nelse \"storage\";\n"}, "description": "In what mode should the main Lovelace panel be, `yaml` or `storage` (UI managed).\n", "example": {"_type": "literalExpression", "text": "\"yaml\""}, "loc": ["services", "home-assistant", "config", "lovelace", "mode"], "readOnly": false, "type": "one of \"yaml\", \"storage\""}, "services.home-assistant.configDir": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/hass\""}, "description": "The config directory, where your {file}`configuration.yaml` is located.", "loc": ["services", "home-assistant", "configDir"], "readOnly": false, "type": "absolute path"}, "services.home-assistant.configWritable": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to make {file}`configuration.yaml` writable.\n\nThis will allow you to edit it from Home Assistant's web interface.\n\nThis only has an effect if {option}`config` is set.\nHowever, bear in mind that it will be overwritten at every start of the service.\n", "loc": ["services", "home-assistant", "configWritable"], "readOnly": false, "type": "boolean"}, "services.home-assistant.customComponents": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of custom component packages to install.\n\nAvailable components can be found below `pkgs.home-assistant-custom-components`.\n", "example": {"_type": "literalExpression", "text": "with pkgs.home-assistant-custom-components; [\n  prometheus_sensor\n];\n"}, "loc": ["services", "home-assistant", "customComponents"], "readOnly": false, "type": "list of package that is a Home Assistant component"}, "services.home-assistant.customLovelaceModules": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of custom lovelace card packages to load as lovelace resources.\n\nAvailable cards can be found below `pkgs.home-assistant-custom-lovelace-modules`.\n\n::: {.note}\nAutomatic loading only works with lovelace in `yaml` mode.\n:::\n", "example": {"_type": "literalExpression", "text": "with pkgs.home-assistant-custom-lovelace-modules; [\n  mini-graph-card\n  mini-media-player\n];\n"}, "loc": ["services", "home-assistant", "customLovelaceModules"], "readOnly": false, "type": "list of package"}, "services.home-assistant.defaultIntegrations": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"application_credentials\"\n  \"frontend\"\n  \"hardware\"\n  \"logger\"\n  \"network\"\n  \"system_health\"\n  \"automation\"\n  \"person\"\n  \"scene\"\n  \"script\"\n  \"tag\"\n  \"zone\"\n  \"counter\"\n  \"input_boolean\"\n  \"input_button\"\n  \"input_datetime\"\n  \"input_number\"\n  \"input_select\"\n  \"input_text\"\n  \"schedule\"\n  \"timer\"\n  \"backup\"\n]"}, "description": "List of integrations set are always set up, unless in recovery mode.\n", "loc": ["services", "home-assistant", "defaultIntegrations"], "readOnly": true, "type": "list of (one of \"3_day_blinds\", \"abode\", \"acaia\", \"accuweather\", \"acer_projector\", \"acmeda\", \"acomax\", \"actiontec\", \"actron_air\", \"adax\", \"adguard\", \"ads\", \"advantage_air\", \"aemet\", \"aep_ohio\", \"aep_texas\", \"aftership\", \"agent_dvr\", \"ai_task\", \"air_quality\", \"airgradient\", \"airly\", \"airnow\", \"airobot\", \"airos\", \"airpatrol\", \"airq\", \"airthings\", \"airthings_ble\", \"airtouch4\", \"airtouch5\", \"airvisual\", \"airvisual_pro\", \"airzone\", \"airzone_cloud\", \"aladdin_connect\", \"alarm_control_panel\", \"alarmdecoder\", \"alert\", \"alexa\", \"alexa_devices\", \"alpha_vantage\", \"altruist\", \"amazon_polly\", \"amberelectric\", \"ambient_network\", \"ambient_station\", \"amcrest\", \"amp_motorization\", \"ampio\", \"analytics\", \"analytics_insights\", \"android_ip_webcam\", \"androidtv\", \"androidtv_remote\", \"anel_pwrctrl\", \"anglian_water\", \"anova\", \"anthemav\", \"anthropic\", \"anwb_energie\", \"aosmith\", \"apache_kafka\", \"apcupsd\", \"api\", \"apollo_automation\", \"appalachianpower\", \"apple_tv\", \"application_credentials\", \"apprise\", \"aprilaire\", \"aprs\", \"apsystems\", \"aquacell\", \"aqualogic\", \"aquostv\", \"aranet\", \"arcam_fmj\", \"arest\", \"arris_tg2492lg\", \"artsound\", \"aruba\", \"arve\", \"arwn\", \"aseko_pool_live\", \"assist_pipeline\", \"assist_satellite\", \"asuswrt\", \"atag\", \"aten_pe\", \"atlanticcityelectric\", \"atome\", \"august\", \"august_ble\", \"aurora\", \"aurora_abb_powerone\", \"aussie_broadband\", \"autarco\", \"auth\", \"automation\", \"avea\", \"avion\", \"awair\", \"aws\", \"aws_s3\", \"axis\", \"azure_data_explorer\", \"azure_devops\", \"azure_event_hub\", \"azure_service_bus\", \"azure_storage\", \"backblaze_b2\", \"backup\", \"baf\", \"baidu\", \"balay\", \"balboa\", \"bang_olufsen\", \"bauknecht\", \"bayesian\", \"bbox\", \"beewi_smartclim\", \"bge\", \"binary_sensor\", \"bitcoin\", \"bizkaibus\", \"blackbird\", \"blebox\", \"blink\", \"bliss_automation\", \"bloc_blinds\", \"blockchain\", \"blue_current\", \"bluemaestro\", \"blueprint\", \"bluesound\", \"bluetooth\", \"bluetooth_adapters\", \"bluetooth_le_tracker\", \"bmw_connected_drive\", \"bond\", \"bosch_alarm\", \"bosch_shc\", \"brandt\", \"braviatv\", \"brel_home\", \"bring\", \"broadlink\", \"brother\", \"brottsplatskartan\", \"browser\", \"brunt\", \"bryant_evolution\", \"bsblan\", \"bswitch\", \"bt_home_hub_5\", \"bt_smarthub\", \"bthome\", \"bticino\", \"bubendorff\", \"buienradar\", \"burbank_water_and_power\", \"button\", \"caldav\", \"calendar\", \"cambridge_audio\", \"camera\", \"canary\", \"cast\", \"ccm15\", \"cert_expiry\", \"chacon_dio\", \"channels\", \"cisco_ios\", \"cisco_mobility_express\", \"cisco_webex_teams\", \"citybikes\", \"clementine\", \"clickatell\", \"clicksend\", \"clicksend_tts\", \"climate\", \"cloud\", \"cloudflare\", \"cloudflare_r2\", \"cmus\", \"co2signal\", \"coautilities\", \"coinbase\", \"color_extractor\", \"comed\", \"comed_hourly_pricing\", \"comelit\", \"comfoconnect\", \"command_line\", \"compensation\", \"compit\", \"concord232\", \"coned\", \"config\", \"configurator\", \"constructa\", \"control4\", \"conversation\", \"cookidoo\", \"coolmaster\", \"cosori\", \"counter\", \"cover\", \"cozytouch\", \"cppm_tracker\", \"cpuspeed\", \"cribl\", \"crownstone\", \"currencylayer\", \"cync\", \"dacia\", \"daikin\", \"danfoss_air\", \"datadog\", \"date\", \"datetime\", \"ddwrt\", \"deako\", \"debugpy\", \"deconz\", \"decora_wifi\", \"decorquip\", \"default_config\", \"delijn\", \"delmarva\", \"deluge\", \"demo\", \"denon\", \"denonavr\", \"derivative\", \"devialet\", \"device_automation\", \"device_sun_light_trigger\", \"device_tracker\", \"devolo_home_control\", \"devolo_home_network\", \"dexcom\", \"dhcp\", \"diagnostics\", \"dialogflow\", \"diaz\", \"digital_loggers\", \"digital_ocean\", \"directv\", \"discogs\", \"discord\", \"discovergy\", \"dlink\", \"dlna_dmr\", \"dlna_dms\", \"dnsip\", \"doods\", \"doorbird\", \"dooya\", \"dormakaba_dkey\", \"downloader\", \"dremel_3d_printer\", \"drop_connect\", \"droplet\", \"dsmr\", \"dsmr_reader\", \"dublin_bus_transport\", \"duckdns\", \"duke_energy\", \"dunehd\", \"duotecno\", \"duquesne_light\", \"dwd_weather_warnings\", \"dynalite\", \"eafm\", \"eastron\", \"easyenergy\", \"ebox\", \"ebusd\", \"ecoal_boiler\", \"ecobee\", \"ecoforest\", \"econet\", \"ecovacs\", \"ecowitt\", \"edimax\", \"edl21\", \"efergy\", \"egardia\", \"egauge\", \"eheimdigital\", \"eight_sleep\", \"ekeybionyx\", \"electrasmart\", \"electric_kiwi\", \"elevenlabs\", \"elgato\", \"eliqonline\", \"elkm1\", \"elmax\", \"elv\", \"elvia\", \"emby\", \"emoncms\", \"emoncms_history\", \"emonitor\", \"emulated_hue\", \"emulated_kasa\", \"emulated_roku\", \"energenie_power_sockets\", \"energie_vanons\", \"energy\", \"energyid\", \"energyzero\", \"enigma2\", \"enocean\", \"enphase_envoy\", \"entur_public_transport\", \"environment_canada\", \"envisalink\", \"ephember\", \"epic_games_store\", \"epion\", \"epson\", \"eq3btsmart\", \"escea\", \"esera_onewire\", \"esphome\", \"essent\", \"etherscan\", \"eufy\", \"eufylife_ble\", \"event\", \"evergy\", \"everlights\", \"evil_genius_labs\", \"evohome\", \"ezviz\", \"faa_delays\", \"facebook\", \"fail2ban\", \"familyhub\", \"fan\", \"fastdotcom\", \"feedreader\", \"ffmpeg\", \"ffmpeg_motion\", \"ffmpeg_noise\", \"fibaro\", \"fido\", \"file\", \"file_upload\", \"filesize\", \"filter\", \"fing\", \"fints\", \"fire_tv\", \"firefly_iii\", \"fireservicerota\", \"firmata\", \"fish_audio\", \"fitbit\", \"fivem\", \"fixer\", \"fjaraskupan\", \"fleetgo\", \"flexit\", \"flexit_bacnet\", \"flexom\", \"flic\", \"flipr\", \"flo\", \"flock\", \"flume\", \"fluss\", \"flux\", \"flux_led\", \"folder\", \"folder_watcher\", \"foobot\", \"forecast_solar\", \"forked_daapd\", \"fortios\", \"foscam\", \"foursquare\", \"frankever\", \"free_mobile\", \"freebox\", \"freedns\", \"freedompro\", \"fressnapf_tracker\", \"fritz\", \"fritzbox\", \"fritzbox_callmonitor\", \"fronius\", \"frontend\", \"frontier_silicon\", \"fujitsu_anywair\", \"fujitsu_fglair\", \"fully_kiosk\", \"futurenow\", \"fyta\", \"gaggenau\", \"garadget\", \"garages_amsterdam\", \"gardena_bluetooth\", \"gaviota\", \"gc100\", \"gdacs\", \"generic\", \"generic_hygrostat\", \"generic_thermostat\", \"geniushub\", \"gentex_homelink\", \"geo_json_events\", \"geo_location\", \"geo_rss_events\", \"geocaching\", \"geofency\", \"geonetnz_quakes\", \"geonetnz_volcano\", \"gios\", \"github\", \"gitlab_ci\", \"gitter\", \"glances\", \"go2rtc\", \"goalzero\", \"gogogate2\", \"goodwe\", \"google\", \"google_air_quality\", \"google_assistant\", \"google_assistant_sdk\", \"google_cloud\", \"google_drive\", \"google_generative_ai_conversation\", \"google_mail\", \"google_maps\", \"google_photos\", \"google_pubsub\", \"google_sheets\", \"google_tasks\", \"google_translate\", \"google_travel_time\", \"google_weather\", \"google_wifi\", \"govee_ble\", \"govee_light_local\", \"gpsd\", \"gpslogger\", \"graphite\", \"gree\", \"green_planet_energy\", \"greeneye_monitor\", \"greenwave\", \"group\", \"growatt_server\", \"gtfs\", \"guardian\", \"habitica\", \"hanna\", \"hardkernel\", \"hardware\", \"harman_kardon_avr\", \"harmony\", \"harvey\", \"hassio\", \"havana_shade\", \"haveibeenpwned\", \"hddtemp\", \"hdfury\", \"hdmi_cec\", \"heatmiser\", \"heicko\", \"heiwa\", \"heos\", \"here_travel_time\", \"hexaom\", \"hi_kumo\", \"hikvision\", \"hikvisioncam\", \"hisense_aehw4a1\", \"history\", \"history_stats\", \"hitron_coda\", \"hive\", \"hko\", \"hlk_sw16\", \"holiday\", \"home_connect\", \"home_plus_control\", \"homeassistant\", \"homeassistant_alerts\", \"homeassistant_connect_zbt2\", \"homeassistant_green\", \"homeassistant_hardware\", \"homeassistant_sky_connect\", \"homeassistant_yellow\", \"homee\", \"homekit\", \"homekit_controller\", \"homematic\", \"homematicip_cloud\", \"homewizard\", \"homeworks\", \"honeywell\", \"horizon\", \"hp_ilo\", \"html5\", \"http\", \"huawei_lte\", \"hue\", \"hue_ble\", \"huisbaasje\", \"humidifier\", \"hunterdouglas_powerview\", \"hurrican_shutters_wholesale\", \"husqvarna_automower\", \"husqvarna_automower_ble\", \"huum\", \"hvv_departures\", \"hydrawise\", \"hyperion\", \"ialarm\", \"iammeter\", \"iaqualink\", \"ibeacon\", \"icloud\", \"idasen_desk\", \"idteck_prox\", \"ifttt\", \"iglo\", \"igloohome\", \"ign_sismologia\", \"ihc\", \"image\", \"image_processing\", \"image_upload\", \"imap\", \"imeon_inverter\", \"imgw_pib\", \"immich\", \"improv_ble\", \"incomfort\", \"indianamichiganpower\", \"inels\", \"influxdb\", \"inkbird\", \"input_boolean\", \"input_button\", \"input_datetime\", \"input_number\", \"input_select\", \"input_text\", \"inspired_shades\", \"insteon\", \"integration\", \"intellifire\", \"intent\", \"intent_script\", \"intesishome\", \"iometer\", \"ios\", \"iotawatt\", \"iotty\", \"iperf3\", \"ipma\", \"ipp\", \"iqvia\", \"irish_rail_transport\", \"irm_kmi\", \"iron_os\", \"isal\", \"iskra\", \"islamic_prayer_times\", \"ismartwindow\", \"israel_rail\", \"iss\", \"ista_ecotrend\", \"isy994\", \"itach\", \"itunes\", \"ituran\", \"izone\", \"jellyfin\", \"jewish_calendar\", \"joaoapps_join\", \"juicenet\", \"justnimbus\", \"jvc_projector\", \"kaiser_nienhaus\", \"kaiterra\", \"kaleidescape\", \"kankun\", \"keba\", \"keenetic_ndms2\", \"kef\", \"kegtron\", \"kentuckypower\", \"keyboard_remote\", \"keymitt_ble\", \"kira\", \"kitchen_sink\", \"kiwi\", \"kmtronic\", \"knocki\", \"knx\", \"kodi\", \"konnected\", \"konnected_esphome\", \"kostal_plenticore\", \"kraken\", \"krispol\", \"kulersky\", \"kwb\", \"labs\", \"lacrosse\", \"lacrosse_view\", \"lamarzocco\", \"lametric\", \"landisgyr_heat_meter\", \"lannouncer\", \"lastfm\", \"launch_library\", \"laundrify\", \"lawn_mower\", \"lcn\", \"ld2410_ble\", \"leaone\", \"led_ble\", \"legrand\", \"lektrico\", \"letpot\", \"levoit\", \"lg_netcast\", \"lg_soundbar\", \"lg_thinq\", \"libre_hardware_monitor\", \"lidarr\", \"life360\", \"lifx\", \"lifx_cloud\", \"light\", \"lightwave\", \"limitlessled\", \"linak\", \"linkedgo\", \"linkplay\", \"linksys_smart\", \"linode\", \"linux_battery\", \"linx\", \"litejet\", \"litterrobot\", \"livisi\", \"llamalab_automate\", \"local_calendar\", \"local_file\", \"local_ip\", \"local_todo\", \"locative\", \"lock\", \"logbook\", \"logentries\", \"logger\", \"london_air\", \"london_underground\", \"lookin\", \"loqed\", \"lovelace\", \"luci\", \"luftdaten\", \"lunatone\", \"lupusec\", \"lutron\", \"lutron_caseta\", \"luxaflex\", \"lw12wifi\", \"lyric\", \"madeco\", \"madvr\", \"mailgun\", \"manual\", \"manual_mqtt\", \"marantz\", \"martec\", \"marytts\", \"mastodon\", \"matrix\", \"matter\", \"maxcube\", \"maytag\", \"mazda\", \"mcp\", \"mcp_server\", \"mealie\", \"meater\", \"medcom_ble\", \"media_extractor\", \"media_player\", \"media_source\", \"mediaroom\", \"melcloud\", \"melissa\", \"melnor\", \"meraki\", \"message_bird\", \"met\", \"met_eireann\", \"meteo_france\", \"meteo_lt\", \"meteoalarm\", \"meteoclimatic\", \"metoffice\", \"mfi\", \"microbees\", \"microsoft\", \"microsoft_face\", \"microsoft_face_detect\", \"microsoft_face_identify\", \"miele\", \"mijndomein_energie\", \"mikrotik\", \"mill\", \"min_max\", \"minecraft_server\", \"mini_connected\", \"minio\", \"mjpeg\", \"moat\", \"mobile_app\", \"mochad\", \"modbus\", \"modem_callerid\", \"modern_forms\", \"moehlenhoff_alpha2\", \"mold_indicator\", \"monarch_money\", \"monessen\", \"monoprice\", \"monzo\", \"moon\", \"mopeka\", \"motion_blinds\", \"motionblinds_ble\", \"motioneye\", \"motionmount\", \"mpd\", \"mqtt\", \"mqtt_eventstream\", \"mqtt_json\", \"mqtt_room\", \"mqtt_statestream\", \"msteams\", \"mullvad\", \"music_assistant\", \"mutesync\", \"mvglive\", \"my\", \"myq\", \"mysensors\", \"mystrom\", \"mythicbeastsdns\", \"myuplink\", \"nad\", \"nam\", \"namecheapdns\", \"nanoleaf\", \"nasweb\", \"national_grid_us\", \"neato\", \"nederlandse_spoorwegen\", \"neff\", \"neo\", \"ness_alarm\", \"nest\", \"netatmo\", \"netdata\", \"netgear\", \"netgear_lte\", \"netio\", \"network\", \"neurio_energy\", \"nexia\", \"nexity\", \"nextbus\", \"nextcloud\", \"nextdns\", \"nfandroidtv\", \"nibe_heatpump\", \"nice_go\", \"nightscout\", \"niko_home_control\", \"nilu\", \"nina\", \"nintendo_parental_controls\", \"nissan_leaf\", \"nmap_tracker\", \"nmbs\", \"no_ip\", \"noaa_tides\", \"nobo_hub\", \"nordpool\", \"norway_air\", \"notify\", \"notify_events\", \"notion\", \"nrgkick\", \"nsw_fuel_station\", \"nsw_rural_fire_service_feed\", \"ntfy\", \"nuheat\", \"nuki\", \"numato\", \"number\", \"nut\", \"nutrichef\", \"nws\", \"nx584\", \"nyt_games\", \"nzbget\", \"oasa_telematics\", \"obihai\", \"octoprint\", \"oem\", \"ogemray\", \"ohmconnect\", \"ohme\", \"ollama\", \"ombi\", \"omnilogic\", \"onboarding\", \"oncue\", \"ondilo_ico\", \"onedrive\", \"onewire\", \"onkyo\", \"onvif\", \"open_meteo\", \"open_router\", \"openai_conversation\", \"openalpr_cloud\", \"openerz\", \"openevse\", \"openexchangerates\", \"opengarage\", \"openhardwaremonitor\", \"openhome\", \"openrgb\", \"opensensemap\", \"opensky\", \"opentherm_gw\", \"openuv\", \"openweathermap\", \"opnsense\", \"opower\", \"opple\", \"oralb\", \"oru\", \"oru_opower\", \"orvibo\", \"osoenergy\", \"osramlightify\", \"otbr\", \"otp\", \"ourgroceries\", \"overkiz\", \"overseerr\", \"ovo_energy\", \"owntracks\", \"p1_monitor\", \"palazzetti\", \"panasonic_bluray\", \"panasonic_viera\", \"panel_custom\", \"paperless_ngx\", \"pcs_lighting\", \"peblar\", \"peco\", \"peco_opower\", \"pegel_online\", \"pencom\", \"pepco\", \"permobil\", \"persistent_notification\", \"person\", \"pge\", \"pglab\", \"philips_js\", \"pi_hole\", \"picnic\", \"picotts\", \"pilight\", \"pinecil\", \"ping\", \"pioneer\", \"piper\", \"pitsos\", \"pjlink\", \"plaato\", \"plant\", \"playstation_network\", \"plex\", \"plugwise\", \"plum_lightpad\", \"pocketcasts\", \"point\", \"pooldose\", \"poolsense\", \"portainer\", \"portlandgeneral\", \"powerfox\", \"powerwall\", \"prana\", \"private_ble_device\", \"probe_plus\", \"profiler\", \"profilo\", \"progettihwsw\", \"proliphix\", \"prometheus\", \"prosegur\", \"prowl\", \"proximity\", \"proxmoxve\", \"proxy\", \"prusalink\", \"ps4\", \"pse\", \"psoklahoma\", \"pterodactyl\", \"pulseaudio_loopback\", \"pure_energie\", \"purpleair\", \"push\", \"pushbullet\", \"pushover\", \"pushsafer\", \"pvoutput\", \"pvpc_hourly_pricing\", \"pyload\", \"python_script\", \"qbittorrent\", \"qbus\", \"qingping\", \"qld_bushfire\", \"qnap\", \"qnap_qsw\", \"qrcode\", \"quadrafire\", \"quantum_gateway\", \"qvr_pro\", \"qwikswitch\", \"rabbitair\", \"rachio\", \"radarr\", \"radio_browser\", \"radiotherm\", \"rainbird\", \"raincloud\", \"rainforest_eagle\", \"rainforest_raven\", \"rainmachine\", \"random\", \"rapt_ble\", \"raspberry_pi\", \"raspyrfm\", \"raven_rock_mfg\", \"rdw\", \"recollect_waste\", \"recorder\", \"recovery_mode\", \"recswitch\", \"reddit\", \"refoss\", \"rehlko\", \"rejseplanen\", \"remember_the_milk\", \"remote\", \"remote_calendar\", \"remote_rpi_gpio\", \"renault\", \"renson\", \"reolink\", \"repairs\", \"repetier\", \"rest\", \"rest_command\", \"rexel\", \"rflink\", \"rfxtrx\", \"rhasspy\", \"ridwell\", \"ring\", \"ripple\", \"risco\", \"rituals_perfume_genie\", \"rmvtransport\", \"roborock\", \"rocketchat\", \"roku\", \"romy\", \"roomba\", \"roon\", \"route53\", \"route_b_smart_meter\", \"rova\", \"rpi_power\", \"rss_feed_template\", \"rtorrent\", \"ruckus_unleashed\", \"russound_rio\", \"russound_rnet\", \"ruuvi_gateway\", \"ruuvitag_ble\", \"rympro\", \"sabnzbd\", \"saj\", \"samsam\", \"samsungtv\", \"sanix\", \"satel_integra\", \"saunum\", \"scene\", \"schedule\", \"schlage\", \"schluter\", \"scl\", \"scrape\", \"screenaway\", \"screenlogic\", \"script\", \"scsgate\", \"search\", \"season\", \"select\", \"sendgrid\", \"sense\", \"sensibo\", \"sensirion_ble\", \"sensor\", \"sensorblue\", \"sensorpro\", \"sensorpush\", \"sensorpush_cloud\", \"sensoterra\", \"sentry\", \"senz\", \"serial\", \"serial_pm\", \"sesame\", \"seven_segments\", \"seventeentrack\", \"sfr_box\", \"sftp_storage\", \"sharkiq\", \"shell_command\", \"shelly\", \"shodan\", \"shopping_list\", \"sia\", \"siemens\", \"sigfox\", \"sighthound\", \"signal_messenger\", \"simplefin\", \"simplepush\", \"simplisafe\", \"simply_automated\", \"simu\", \"sinch\", \"siren\", \"sisyphus\", \"sky_hub\", \"sky_remote\", \"skybeacon\", \"skybell\", \"slack\", \"sleep_as_android\", \"sleepiq\", \"slide\", \"slide_local\", \"slimproto\", \"sma\", \"smappee\", \"smarla\", \"smart_blinds\", \"smart_home\", \"smart_meter_texas\", \"smart_rollos\", \"smarther\", \"smartthings\", \"smarttub\", \"smarty\", \"smhi\", \"smlight\", \"smtp\", \"smud\", \"snapcast\", \"snmp\", \"snoo\", \"snooz\", \"solaredge\", \"solaredge_local\", \"solarlog\", \"solax\", \"soma\", \"somfy\", \"somfy_mylink\", \"sonarr\", \"songpal\", \"sonos\", \"sony_projector\", \"soundtouch\", \"spaceapi\", \"spc\", \"speedtestdotnet\", \"spider\", \"splunk\", \"spotify\", \"sql\", \"squeezebox\", \"srp_energy\", \"ssdp\", \"starline\", \"starlingbank\", \"starlink\", \"startca\", \"statistics\", \"statsd\", \"steam_online\", \"steamist\", \"stiebel_eltron\", \"stookwijzer\", \"stream\", \"streamlabswater\", \"stt\", \"subaru\", \"suez_water\", \"sun\", \"sunricher_dali\", \"sunweg\", \"supervisord\", \"supla\", \"surepetcare\", \"swepco\", \"swiss_hydrological_data\", \"swiss_public_transport\", \"swisscom\", \"switch\", \"switch_as_x\", \"switchbee\", \"switchbot\", \"switchbot_cloud\", \"switcher_kis\", \"switchmate\", \"symfonisk\", \"syncthing\", \"syncthru\", \"synology_chat\", \"synology_dsm\", \"synology_srm\", \"syslog\", \"system_bridge\", \"system_health\", \"system_log\", \"systemmonitor\", \"tado\", \"tag\", \"tailscale\", \"tailwind\", \"tami4\", \"tank_utility\", \"tankerkoenig\", \"tapsaff\", \"tasmota\", \"tautulli\", \"tcp\", \"technove\", \"ted5000\", \"tedee\", \"telegram\", \"telegram_bot\", \"tellduslive\", \"tellstick\", \"telnet\", \"temper\", \"template\", \"tesla_fleet\", \"tesla_wall_connector\", \"teslemetry\", \"tessie\", \"text\", \"thermador\", \"thermobeacon\", \"thermoplus\", \"thermopro\", \"thethingsnetwork\", \"thingspeak\", \"thinkingcleaner\", \"thomson\", \"thread\", \"threshold\", \"tibber\", \"tikteck\", \"tile\", \"tilt_ble\", \"tilt_pi\", \"time\", \"time_date\", \"timer\", \"tmb\", \"tod\", \"todo\", \"todoist\", \"togrill\", \"tolo\", \"tomato\", \"tomorrowio\", \"toon\", \"torque\", \"totalconnect\", \"touchline\", \"touchline_sl\", \"tplink\", \"tplink_lte\", \"tplink_omada\", \"tplink_tapo\", \"traccar\", \"traccar_server\", \"trace\", \"tractive\", \"tradfri\", \"trafikverket_camera\", \"trafikverket_ferry\", \"trafikverket_train\", \"trafikverket_weatherstation\", \"transmission\", \"transport_nsw\", \"travisci\", \"trend\", \"triggercmd\", \"tts\", \"tuya\", \"twentemilieu\", \"twilio\", \"twilio_call\", \"twilio_sms\", \"twinkly\", \"twitch\", \"twitter\", \"ubiwizz\", \"ublockout\", \"ubus\", \"uhoo\", \"uk_transport\", \"ukraine_alarm\", \"ultraloq\", \"unifi\", \"unifi_direct\", \"unifiled\", \"unifiprotect\", \"universal\", \"upb\", \"upc_connect\", \"upcloud\", \"update\", \"upnp\", \"uprise_smart_shades\", \"uptime\", \"uptime_kuma\", \"uptimerobot\", \"usage_prediction\", \"usb\", \"usgs_earthquakes_feed\", \"utility_meter\", \"uvc\", \"v2c\", \"vacuum\", \"vagner_pool\", \"vallox\", \"valve\", \"vasttrafik\", \"vegehub\", \"velbus\", \"velux\", \"venstar\", \"vera\", \"verisure\", \"vermont_castings\", \"versasense\", \"version\", \"vesync\", \"viaggiatreno\", \"vicare\", \"victron_ble\", \"victron_remote_monitoring\", \"vilfo\", \"vivotek\", \"vizio\", \"vlc\", \"vlc_telnet\", \"vodafone_station\", \"voicerss\", \"voip\", \"volkszaehler\", \"volumio\", \"volvo\", \"volvooncall\", \"w800rf32\", \"wake_on_lan\", \"wake_word\", \"wallbox\", \"waqi\", \"water_heater\", \"waterfurnace\", \"watergate\", \"watts\", \"watttime\", \"waze_travel_time\", \"weather\", \"weatherflow\", \"weatherflow_cloud\", \"weatherkit\", \"web_rtc\", \"webdav\", \"webhook\", \"webmin\", \"webostv\", \"websocket_api\", \"weheat\", \"wemo\", \"whirlpool\", \"whisper\", \"whois\", \"wiffi\", \"wilight\", \"wirelesstag\", \"withings\", \"wiz\", \"wled\", \"wmspro\", \"wolflink\", \"workday\", \"worldclock\", \"worldtidesinfo\", \"worxlandroid\", \"ws66i\", \"wsdot\", \"wyoming\", \"x10\", \"xbox\", \"xeoma\", \"xiaomi\", \"xiaomi_aqara\", \"xiaomi_ble\", \"xiaomi_miio\", \"xiaomi_tv\", \"xmpp\", \"xs1\", \"yale\", \"yale_smart_alarm\", \"yalexs_ble\", \"yamaha\", \"yamaha_musiccast\", \"yandex_transport\", \"yandextts\", \"yardian\", \"yeelight\", \"yeelightsunflower\", \"yi\", \"yolink\", \"youless\", \"youtube\", \"zabbix\", \"zamg\", \"zbox_hub\", \"zengge\", \"zeroconf\", \"zerproc\", \"zestimate\", \"zeversolar\", \"zha\", \"zhong_hong\", \"ziggo_mediabox_xl\", \"zimi\", \"zodiac\", \"zondergas\", \"zone\", \"zoneminder\", \"zwave_js\", \"zwave_me\")"}, "services.home-assistant.enable": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Home Assistant. Please note that this installation method is unsupported upstream.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "home-assistant", "enable"], "readOnly": false, "type": "boolean"}, "services.home-assistant.extraArgs": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the hass executable.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--debug\"\n]"}, "loc": ["services", "home-assistant", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.home-assistant.extraComponents": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"default_config\"\n  \"met\"\n  \"esphome\"\n]"}, "description": "List of [components](https://www.home-assistant.io/integrations/) that have their dependencies included in the package.\n\nThe component name can be found in the URL, for example `https://www.home-assistant.io/integrations/ffmpeg/` would map to `ffmpeg`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"analytics\"\n  \"default_config\"\n  \"esphome\"\n  \"my\"\n  \"shopping_list\"\n  \"wled\"\n]\n"}, "loc": ["services", "home-assistant", "extraComponents"], "readOnly": false, "type": "list of (one of \"3_day_blinds\", \"abode\", \"acaia\", \"accuweather\", \"acer_projector\", \"acmeda\", \"acomax\", \"actiontec\", \"actron_air\", \"adax\", \"adguard\", \"ads\", \"advantage_air\", \"aemet\", \"aep_ohio\", \"aep_texas\", \"aftership\", \"agent_dvr\", \"ai_task\", \"air_quality\", \"airgradient\", \"airly\", \"airnow\", \"airobot\", \"airos\", \"airpatrol\", \"airq\", \"airthings\", \"airthings_ble\", \"airtouch4\", \"airtouch5\", \"airvisual\", \"airvisual_pro\", \"airzone\", \"airzone_cloud\", \"aladdin_connect\", \"alarm_control_panel\", \"alarmdecoder\", \"alert\", \"alexa\", \"alexa_devices\", \"alpha_vantage\", \"altruist\", \"amazon_polly\", \"amberelectric\", \"ambient_network\", \"ambient_station\", \"amcrest\", \"amp_motorization\", \"ampio\", \"analytics\", \"analytics_insights\", \"android_ip_webcam\", \"androidtv\", \"androidtv_remote\", \"anel_pwrctrl\", \"anglian_water\", \"anova\", \"anthemav\", \"anthropic\", \"anwb_energie\", \"aosmith\", \"apache_kafka\", \"apcupsd\", \"api\", \"apollo_automation\", \"appalachianpower\", \"apple_tv\", \"application_credentials\", \"apprise\", \"aprilaire\", \"aprs\", \"apsystems\", \"aquacell\", \"aqualogic\", \"aquostv\", \"aranet\", \"arcam_fmj\", \"arest\", \"arris_tg2492lg\", \"artsound\", \"aruba\", \"arve\", \"arwn\", \"aseko_pool_live\", \"assist_pipeline\", \"assist_satellite\", \"asuswrt\", \"atag\", \"aten_pe\", \"atlanticcityelectric\", \"atome\", \"august\", \"august_ble\", \"aurora\", \"aurora_abb_powerone\", \"aussie_broadband\", \"autarco\", \"auth\", \"automation\", \"avea\", \"avion\", \"awair\", \"aws\", \"aws_s3\", \"axis\", \"azure_data_explorer\", \"azure_devops\", \"azure_event_hub\", \"azure_service_bus\", \"azure_storage\", \"backblaze_b2\", \"backup\", \"baf\", \"baidu\", \"balay\", \"balboa\", \"bang_olufsen\", \"bauknecht\", \"bayesian\", \"bbox\", \"beewi_smartclim\", \"bge\", \"binary_sensor\", \"bitcoin\", \"bizkaibus\", \"blackbird\", \"blebox\", \"blink\", \"bliss_automation\", \"bloc_blinds\", \"blockchain\", \"blue_current\", \"bluemaestro\", \"blueprint\", \"bluesound\", \"bluetooth\", \"bluetooth_adapters\", \"bluetooth_le_tracker\", \"bmw_connected_drive\", \"bond\", \"bosch_alarm\", \"bosch_shc\", \"brandt\", \"braviatv\", \"brel_home\", \"bring\", \"broadlink\", \"brother\", \"brottsplatskartan\", \"browser\", \"brunt\", \"bryant_evolution\", \"bsblan\", \"bswitch\", \"bt_home_hub_5\", \"bt_smarthub\", \"bthome\", \"bticino\", \"bubendorff\", \"buienradar\", \"burbank_water_and_power\", \"button\", \"caldav\", \"calendar\", \"cambridge_audio\", \"camera\", \"canary\", \"cast\", \"ccm15\", \"cert_expiry\", \"chacon_dio\", \"channels\", \"cisco_ios\", \"cisco_mobility_express\", \"cisco_webex_teams\", \"citybikes\", \"clementine\", \"clickatell\", \"clicksend\", \"clicksend_tts\", \"climate\", \"cloud\", \"cloudflare\", \"cloudflare_r2\", \"cmus\", \"co2signal\", \"coautilities\", \"coinbase\", \"color_extractor\", \"comed\", \"comed_hourly_pricing\", \"comelit\", \"comfoconnect\", \"command_line\", \"compensation\", \"compit\", \"concord232\", \"coned\", \"config\", \"configurator\", \"constructa\", \"control4\", \"conversation\", \"cookidoo\", \"coolmaster\", \"cosori\", \"counter\", \"cover\", \"cozytouch\", \"cppm_tracker\", \"cpuspeed\", \"cribl\", \"crownstone\", \"currencylayer\", \"cync\", \"dacia\", \"daikin\", \"danfoss_air\", \"datadog\", \"date\", \"datetime\", \"ddwrt\", \"deako\", \"debugpy\", \"deconz\", \"decora_wifi\", \"decorquip\", \"default_config\", \"delijn\", \"delmarva\", \"deluge\", \"demo\", \"denon\", \"denonavr\", \"derivative\", \"devialet\", \"device_automation\", \"device_sun_light_trigger\", \"device_tracker\", \"devolo_home_control\", \"devolo_home_network\", \"dexcom\", \"dhcp\", \"diagnostics\", \"dialogflow\", \"diaz\", \"digital_loggers\", \"digital_ocean\", \"directv\", \"discogs\", \"discord\", \"discovergy\", \"dlink\", \"dlna_dmr\", \"dlna_dms\", \"dnsip\", \"doods\", \"doorbird\", \"dooya\", \"dormakaba_dkey\", \"downloader\", \"dremel_3d_printer\", \"drop_connect\", \"droplet\", \"dsmr\", \"dsmr_reader\", \"dublin_bus_transport\", \"duckdns\", \"duke_energy\", \"dunehd\", \"duotecno\", \"duquesne_light\", \"dwd_weather_warnings\", \"dynalite\", \"eafm\", \"eastron\", \"easyenergy\", \"ebox\", \"ebusd\", \"ecoal_boiler\", \"ecobee\", \"ecoforest\", \"econet\", \"ecovacs\", \"ecowitt\", \"edimax\", \"edl21\", \"efergy\", \"egardia\", \"egauge\", \"eheimdigital\", \"eight_sleep\", \"ekeybionyx\", \"electrasmart\", \"electric_kiwi\", \"elevenlabs\", \"elgato\", \"eliqonline\", \"elkm1\", \"elmax\", \"elv\", \"elvia\", \"emby\", \"emoncms\", \"emoncms_history\", \"emonitor\", \"emulated_hue\", \"emulated_kasa\", \"emulated_roku\", \"energenie_power_sockets\", \"energie_vanons\", \"energy\", \"energyid\", \"energyzero\", \"enigma2\", \"enocean\", \"enphase_envoy\", \"entur_public_transport\", \"environment_canada\", \"envisalink\", \"ephember\", \"epic_games_store\", \"epion\", \"epson\", \"eq3btsmart\", \"escea\", \"esera_onewire\", \"esphome\", \"essent\", \"etherscan\", \"eufy\", \"eufylife_ble\", \"event\", \"evergy\", \"everlights\", \"evil_genius_labs\", \"evohome\", \"ezviz\", \"faa_delays\", \"facebook\", \"fail2ban\", \"familyhub\", \"fan\", \"fastdotcom\", \"feedreader\", \"ffmpeg\", \"ffmpeg_motion\", \"ffmpeg_noise\", \"fibaro\", \"fido\", \"file\", \"file_upload\", \"filesize\", \"filter\", \"fing\", \"fints\", \"fire_tv\", \"firefly_iii\", \"fireservicerota\", \"firmata\", \"fish_audio\", \"fitbit\", \"fivem\", \"fixer\", \"fjaraskupan\", \"fleetgo\", \"flexit\", \"flexit_bacnet\", \"flexom\", \"flic\", \"flipr\", \"flo\", \"flock\", \"flume\", \"fluss\", \"flux\", \"flux_led\", \"folder\", \"folder_watcher\", \"foobot\", \"forecast_solar\", \"forked_daapd\", \"fortios\", \"foscam\", \"foursquare\", \"frankever\", \"free_mobile\", \"freebox\", \"freedns\", \"freedompro\", \"fressnapf_tracker\", \"fritz\", \"fritzbox\", \"fritzbox_callmonitor\", \"fronius\", \"frontend\", \"frontier_silicon\", \"fujitsu_anywair\", \"fujitsu_fglair\", \"fully_kiosk\", \"futurenow\", \"fyta\", \"gaggenau\", \"garadget\", \"garages_amsterdam\", \"gardena_bluetooth\", \"gaviota\", \"gc100\", \"gdacs\", \"generic\", \"generic_hygrostat\", \"generic_thermostat\", \"geniushub\", \"gentex_homelink\", \"geo_json_events\", \"geo_location\", \"geo_rss_events\", \"geocaching\", \"geofency\", \"geonetnz_quakes\", \"geonetnz_volcano\", \"gios\", \"github\", \"gitlab_ci\", \"gitter\", \"glances\", \"go2rtc\", \"goalzero\", \"gogogate2\", \"goodwe\", \"google\", \"google_air_quality\", \"google_assistant\", \"google_assistant_sdk\", \"google_cloud\", \"google_drive\", \"google_generative_ai_conversation\", \"google_mail\", \"google_maps\", \"google_photos\", \"google_pubsub\", \"google_sheets\", \"google_tasks\", \"google_translate\", \"google_travel_time\", \"google_weather\", \"google_wifi\", \"govee_ble\", \"govee_light_local\", \"gpsd\", \"gpslogger\", \"graphite\", \"gree\", \"green_planet_energy\", \"greeneye_monitor\", \"greenwave\", \"group\", \"growatt_server\", \"gtfs\", \"guardian\", \"habitica\", \"hanna\", \"hardkernel\", \"hardware\", \"harman_kardon_avr\", \"harmony\", \"harvey\", \"hassio\", \"havana_shade\", \"haveibeenpwned\", \"hddtemp\", \"hdfury\", \"hdmi_cec\", \"heatmiser\", \"heicko\", \"heiwa\", \"heos\", \"here_travel_time\", \"hexaom\", \"hi_kumo\", \"hikvision\", \"hikvisioncam\", \"hisense_aehw4a1\", \"history\", \"history_stats\", \"hitron_coda\", \"hive\", \"hko\", \"hlk_sw16\", \"holiday\", \"home_connect\", \"home_plus_control\", \"homeassistant\", \"homeassistant_alerts\", \"homeassistant_connect_zbt2\", \"homeassistant_green\", \"homeassistant_hardware\", \"homeassistant_sky_connect\", \"homeassistant_yellow\", \"homee\", \"homekit\", \"homekit_controller\", \"homematic\", \"homematicip_cloud\", \"homewizard\", \"homeworks\", \"honeywell\", \"horizon\", \"hp_ilo\", \"html5\", \"http\", \"huawei_lte\", \"hue\", \"hue_ble\", \"huisbaasje\", \"humidifier\", \"hunterdouglas_powerview\", \"hurrican_shutters_wholesale\", \"husqvarna_automower\", \"husqvarna_automower_ble\", \"huum\", \"hvv_departures\", \"hydrawise\", \"hyperion\", \"ialarm\", \"iammeter\", \"iaqualink\", \"ibeacon\", \"icloud\", \"idasen_desk\", \"idteck_prox\", \"ifttt\", \"iglo\", \"igloohome\", \"ign_sismologia\", \"ihc\", \"image\", \"image_processing\", \"image_upload\", \"imap\", \"imeon_inverter\", \"imgw_pib\", \"immich\", \"improv_ble\", \"incomfort\", \"indianamichiganpower\", \"inels\", \"influxdb\", \"inkbird\", \"input_boolean\", \"input_button\", \"input_datetime\", \"input_number\", \"input_select\", \"input_text\", \"inspired_shades\", \"insteon\", \"integration\", \"intellifire\", \"intent\", \"intent_script\", \"intesishome\", \"iometer\", \"ios\", \"iotawatt\", \"iotty\", \"iperf3\", \"ipma\", \"ipp\", \"iqvia\", \"irish_rail_transport\", \"irm_kmi\", \"iron_os\", \"isal\", \"iskra\", \"islamic_prayer_times\", \"ismartwindow\", \"israel_rail\", \"iss\", \"ista_ecotrend\", \"isy994\", \"itach\", \"itunes\", \"ituran\", \"izone\", \"jellyfin\", \"jewish_calendar\", \"joaoapps_join\", \"juicenet\", \"justnimbus\", \"jvc_projector\", \"kaiser_nienhaus\", \"kaiterra\", \"kaleidescape\", \"kankun\", \"keba\", \"keenetic_ndms2\", \"kef\", \"kegtron\", \"kentuckypower\", \"keyboard_remote\", \"keymitt_ble\", \"kira\", \"kitchen_sink\", \"kiwi\", \"kmtronic\", \"knocki\", \"knx\", \"kodi\", \"konnected\", \"konnected_esphome\", \"kostal_plenticore\", \"kraken\", \"krispol\", \"kulersky\", \"kwb\", \"labs\", \"lacrosse\", \"lacrosse_view\", \"lamarzocco\", \"lametric\", \"landisgyr_heat_meter\", \"lannouncer\", \"lastfm\", \"launch_library\", \"laundrify\", \"lawn_mower\", \"lcn\", \"ld2410_ble\", \"leaone\", \"led_ble\", \"legrand\", \"lektrico\", \"letpot\", \"levoit\", \"lg_netcast\", \"lg_soundbar\", \"lg_thinq\", \"libre_hardware_monitor\", \"lidarr\", \"life360\", \"lifx\", \"lifx_cloud\", \"light\", \"lightwave\", \"limitlessled\", \"linak\", \"linkedgo\", \"linkplay\", \"linksys_smart\", \"linode\", \"linux_battery\", \"linx\", \"litejet\", \"litterrobot\", \"livisi\", \"llamalab_automate\", \"local_calendar\", \"local_file\", \"local_ip\", \"local_todo\", \"locative\", \"lock\", \"logbook\", \"logentries\", \"logger\", \"london_air\", \"london_underground\", \"lookin\", \"loqed\", \"lovelace\", \"luci\", \"luftdaten\", \"lunatone\", \"lupusec\", \"lutron\", \"lutron_caseta\", \"luxaflex\", \"lw12wifi\", \"lyric\", \"madeco\", \"madvr\", \"mailgun\", \"manual\", \"manual_mqtt\", \"marantz\", \"martec\", \"marytts\", \"mastodon\", \"matrix\", \"matter\", \"maxcube\", \"maytag\", \"mazda\", \"mcp\", \"mcp_server\", \"mealie\", \"meater\", \"medcom_ble\", \"media_extractor\", \"media_player\", \"media_source\", \"mediaroom\", \"melcloud\", \"melissa\", \"melnor\", \"meraki\", \"message_bird\", \"met\", \"met_eireann\", \"meteo_france\", \"meteo_lt\", \"meteoalarm\", \"meteoclimatic\", \"metoffice\", \"mfi\", \"microbees\", \"microsoft\", \"microsoft_face\", \"microsoft_face_detect\", \"microsoft_face_identify\", \"miele\", \"mijndomein_energie\", \"mikrotik\", \"mill\", \"min_max\", \"minecraft_server\", \"mini_connected\", \"minio\", \"mjpeg\", \"moat\", \"mobile_app\", \"mochad\", \"modbus\", \"modem_callerid\", \"modern_forms\", \"moehlenhoff_alpha2\", \"mold_indicator\", \"monarch_money\", \"monessen\", \"monoprice\", \"monzo\", \"moon\", \"mopeka\", \"motion_blinds\", \"motionblinds_ble\", \"motioneye\", \"motionmount\", \"mpd\", \"mqtt\", \"mqtt_eventstream\", \"mqtt_json\", \"mqtt_room\", \"mqtt_statestream\", \"msteams\", \"mullvad\", \"music_assistant\", \"mutesync\", \"mvglive\", \"my\", \"myq\", \"mysensors\", \"mystrom\", \"mythicbeastsdns\", \"myuplink\", \"nad\", \"nam\", \"namecheapdns\", \"nanoleaf\", \"nasweb\", \"national_grid_us\", \"neato\", \"nederlandse_spoorwegen\", \"neff\", \"neo\", \"ness_alarm\", \"nest\", \"netatmo\", \"netdata\", \"netgear\", \"netgear_lte\", \"netio\", \"network\", \"neurio_energy\", \"nexia\", \"nexity\", \"nextbus\", \"nextcloud\", \"nextdns\", \"nfandroidtv\", \"nibe_heatpump\", \"nice_go\", \"nightscout\", \"niko_home_control\", \"nilu\", \"nina\", \"nintendo_parental_controls\", \"nissan_leaf\", \"nmap_tracker\", \"nmbs\", \"no_ip\", \"noaa_tides\", \"nobo_hub\", \"nordpool\", \"norway_air\", \"notify\", \"notify_events\", \"notion\", \"nrgkick\", \"nsw_fuel_station\", \"nsw_rural_fire_service_feed\", \"ntfy\", \"nuheat\", \"nuki\", \"numato\", \"number\", \"nut\", \"nutrichef\", \"nws\", \"nx584\", \"nyt_games\", \"nzbget\", \"oasa_telematics\", \"obihai\", \"octoprint\", \"oem\", \"ogemray\", \"ohmconnect\", \"ohme\", \"ollama\", \"ombi\", \"omnilogic\", \"onboarding\", \"oncue\", \"ondilo_ico\", \"onedrive\", \"onewire\", \"onkyo\", \"onvif\", \"open_meteo\", \"open_router\", \"openai_conversation\", \"openalpr_cloud\", \"openerz\", \"openevse\", \"openexchangerates\", \"opengarage\", \"openhardwaremonitor\", \"openhome\", \"openrgb\", \"opensensemap\", \"opensky\", \"opentherm_gw\", \"openuv\", \"openweathermap\", \"opnsense\", \"opower\", \"opple\", \"oralb\", \"oru\", \"oru_opower\", \"orvibo\", \"osoenergy\", \"osramlightify\", \"otbr\", \"otp\", \"ourgroceries\", \"overkiz\", \"overseerr\", \"ovo_energy\", \"owntracks\", \"p1_monitor\", \"palazzetti\", \"panasonic_bluray\", \"panasonic_viera\", \"panel_custom\", \"paperless_ngx\", \"pcs_lighting\", \"peblar\", \"peco\", \"peco_opower\", \"pegel_online\", \"pencom\", \"pepco\", \"permobil\", \"persistent_notification\", \"person\", \"pge\", \"pglab\", \"philips_js\", \"pi_hole\", \"picnic\", \"picotts\", \"pilight\", \"pinecil\", \"ping\", \"pioneer\", \"piper\", \"pitsos\", \"pjlink\", \"plaato\", \"plant\", \"playstation_network\", \"plex\", \"plugwise\", \"plum_lightpad\", \"pocketcasts\", \"point\", \"pooldose\", \"poolsense\", \"portainer\", \"portlandgeneral\", \"powerfox\", \"powerwall\", \"prana\", \"private_ble_device\", \"probe_plus\", \"profiler\", \"profilo\", \"progettihwsw\", \"proliphix\", \"prometheus\", \"prosegur\", \"prowl\", \"proximity\", \"proxmoxve\", \"proxy\", \"prusalink\", \"ps4\", \"pse\", \"psoklahoma\", \"pterodactyl\", \"pulseaudio_loopback\", \"pure_energie\", \"purpleair\", \"push\", \"pushbullet\", \"pushover\", \"pushsafer\", \"pvoutput\", \"pvpc_hourly_pricing\", \"pyload\", \"python_script\", \"qbittorrent\", \"qbus\", \"qingping\", \"qld_bushfire\", \"qnap\", \"qnap_qsw\", \"qrcode\", \"quadrafire\", \"quantum_gateway\", \"qvr_pro\", \"qwikswitch\", \"rabbitair\", \"rachio\", \"radarr\", \"radio_browser\", \"radiotherm\", \"rainbird\", \"raincloud\", \"rainforest_eagle\", \"rainforest_raven\", \"rainmachine\", \"random\", \"rapt_ble\", \"raspberry_pi\", \"raspyrfm\", \"raven_rock_mfg\", \"rdw\", \"recollect_waste\", \"recorder\", \"recovery_mode\", \"recswitch\", \"reddit\", \"refoss\", \"rehlko\", \"rejseplanen\", \"remember_the_milk\", \"remote\", \"remote_calendar\", \"remote_rpi_gpio\", \"renault\", \"renson\", \"reolink\", \"repairs\", \"repetier\", \"rest\", \"rest_command\", \"rexel\", \"rflink\", \"rfxtrx\", \"rhasspy\", \"ridwell\", \"ring\", \"ripple\", \"risco\", \"rituals_perfume_genie\", \"rmvtransport\", \"roborock\", \"rocketchat\", \"roku\", \"romy\", \"roomba\", \"roon\", \"route53\", \"route_b_smart_meter\", \"rova\", \"rpi_power\", \"rss_feed_template\", \"rtorrent\", \"ruckus_unleashed\", \"russound_rio\", \"russound_rnet\", \"ruuvi_gateway\", \"ruuvitag_ble\", \"rympro\", \"sabnzbd\", \"saj\", \"samsam\", \"samsungtv\", \"sanix\", \"satel_integra\", \"saunum\", \"scene\", \"schedule\", \"schlage\", \"schluter\", \"scl\", \"scrape\", \"screenaway\", \"screenlogic\", \"script\", \"scsgate\", \"search\", \"season\", \"select\", \"sendgrid\", \"sense\", \"sensibo\", \"sensirion_ble\", \"sensor\", \"sensorblue\", \"sensorpro\", \"sensorpush\", \"sensorpush_cloud\", \"sensoterra\", \"sentry\", \"senz\", \"serial\", \"serial_pm\", \"sesame\", \"seven_segments\", \"seventeentrack\", \"sfr_box\", \"sftp_storage\", \"sharkiq\", \"shell_command\", \"shelly\", \"shodan\", \"shopping_list\", \"sia\", \"siemens\", \"sigfox\", \"sighthound\", \"signal_messenger\", \"simplefin\", \"simplepush\", \"simplisafe\", \"simply_automated\", \"simu\", \"sinch\", \"siren\", \"sisyphus\", \"sky_hub\", \"sky_remote\", \"skybeacon\", \"skybell\", \"slack\", \"sleep_as_android\", \"sleepiq\", \"slide\", \"slide_local\", \"slimproto\", \"sma\", \"smappee\", \"smarla\", \"smart_blinds\", \"smart_home\", \"smart_meter_texas\", \"smart_rollos\", \"smarther\", \"smartthings\", \"smarttub\", \"smarty\", \"smhi\", \"smlight\", \"smtp\", \"smud\", \"snapcast\", \"snmp\", \"snoo\", \"snooz\", \"solaredge\", \"solaredge_local\", \"solarlog\", \"solax\", \"soma\", \"somfy\", \"somfy_mylink\", \"sonarr\", \"songpal\", \"sonos\", \"sony_projector\", \"soundtouch\", \"spaceapi\", \"spc\", \"speedtestdotnet\", \"spider\", \"splunk\", \"spotify\", \"sql\", \"squeezebox\", \"srp_energy\", \"ssdp\", \"starline\", \"starlingbank\", \"starlink\", \"startca\", \"statistics\", \"statsd\", \"steam_online\", \"steamist\", \"stiebel_eltron\", \"stookwijzer\", \"stream\", \"streamlabswater\", \"stt\", \"subaru\", \"suez_water\", \"sun\", \"sunricher_dali\", \"sunweg\", \"supervisord\", \"supla\", \"surepetcare\", \"swepco\", \"swiss_hydrological_data\", \"swiss_public_transport\", \"swisscom\", \"switch\", \"switch_as_x\", \"switchbee\", \"switchbot\", \"switchbot_cloud\", \"switcher_kis\", \"switchmate\", \"symfonisk\", \"syncthing\", \"syncthru\", \"synology_chat\", \"synology_dsm\", \"synology_srm\", \"syslog\", \"system_bridge\", \"system_health\", \"system_log\", \"systemmonitor\", \"tado\", \"tag\", \"tailscale\", \"tailwind\", \"tami4\", \"tank_utility\", \"tankerkoenig\", \"tapsaff\", \"tasmota\", \"tautulli\", \"tcp\", \"technove\", \"ted5000\", \"tedee\", \"telegram\", \"telegram_bot\", \"tellduslive\", \"tellstick\", \"telnet\", \"temper\", \"template\", \"tesla_fleet\", \"tesla_wall_connector\", \"teslemetry\", \"tessie\", \"text\", \"thermador\", \"thermobeacon\", \"thermoplus\", \"thermopro\", \"thethingsnetwork\", \"thingspeak\", \"thinkingcleaner\", \"thomson\", \"thread\", \"threshold\", \"tibber\", \"tikteck\", \"tile\", \"tilt_ble\", \"tilt_pi\", \"time\", \"time_date\", \"timer\", \"tmb\", \"tod\", \"todo\", \"todoist\", \"togrill\", \"tolo\", \"tomato\", \"tomorrowio\", \"toon\", \"torque\", \"totalconnect\", \"touchline\", \"touchline_sl\", \"tplink\", \"tplink_lte\", \"tplink_omada\", \"tplink_tapo\", \"traccar\", \"traccar_server\", \"trace\", \"tractive\", \"tradfri\", \"trafikverket_camera\", \"trafikverket_ferry\", \"trafikverket_train\", \"trafikverket_weatherstation\", \"transmission\", \"transport_nsw\", \"travisci\", \"trend\", \"triggercmd\", \"tts\", \"tuya\", \"twentemilieu\", \"twilio\", \"twilio_call\", \"twilio_sms\", \"twinkly\", \"twitch\", \"twitter\", \"ubiwizz\", \"ublockout\", \"ubus\", \"uhoo\", \"uk_transport\", \"ukraine_alarm\", \"ultraloq\", \"unifi\", \"unifi_direct\", \"unifiled\", \"unifiprotect\", \"universal\", \"upb\", \"upc_connect\", \"upcloud\", \"update\", \"upnp\", \"uprise_smart_shades\", \"uptime\", \"uptime_kuma\", \"uptimerobot\", \"usage_prediction\", \"usb\", \"usgs_earthquakes_feed\", \"utility_meter\", \"uvc\", \"v2c\", \"vacuum\", \"vagner_pool\", \"vallox\", \"valve\", \"vasttrafik\", \"vegehub\", \"velbus\", \"velux\", \"venstar\", \"vera\", \"verisure\", \"vermont_castings\", \"versasense\", \"version\", \"vesync\", \"viaggiatreno\", \"vicare\", \"victron_ble\", \"victron_remote_monitoring\", \"vilfo\", \"vivotek\", \"vizio\", \"vlc\", \"vlc_telnet\", \"vodafone_station\", \"voicerss\", \"voip\", \"volkszaehler\", \"volumio\", \"volvo\", \"volvooncall\", \"w800rf32\", \"wake_on_lan\", \"wake_word\", \"wallbox\", \"waqi\", \"water_heater\", \"waterfurnace\", \"watergate\", \"watts\", \"watttime\", \"waze_travel_time\", \"weather\", \"weatherflow\", \"weatherflow_cloud\", \"weatherkit\", \"web_rtc\", \"webdav\", \"webhook\", \"webmin\", \"webostv\", \"websocket_api\", \"weheat\", \"wemo\", \"whirlpool\", \"whisper\", \"whois\", \"wiffi\", \"wilight\", \"wirelesstag\", \"withings\", \"wiz\", \"wled\", \"wmspro\", \"wolflink\", \"workday\", \"worldclock\", \"worldtidesinfo\", \"worxlandroid\", \"ws66i\", \"wsdot\", \"wyoming\", \"x10\", \"xbox\", \"xeoma\", \"xiaomi\", \"xiaomi_aqara\", \"xiaomi_ble\", \"xiaomi_miio\", \"xiaomi_tv\", \"xmpp\", \"xs1\", \"yale\", \"yale_smart_alarm\", \"yalexs_ble\", \"yamaha\", \"yamaha_musiccast\", \"yandex_transport\", \"yandextts\", \"yardian\", \"yeelight\", \"yeelightsunflower\", \"yi\", \"yolink\", \"youless\", \"youtube\", \"zabbix\", \"zamg\", \"zbox_hub\", \"zengge\", \"zeroconf\", \"zerproc\", \"zestimate\", \"zeversolar\", \"zha\", \"zhong_hong\", \"ziggo_mediabox_xl\", \"zimi\", \"zodiac\", \"zondergas\", \"zone\", \"zoneminder\", \"zwave_js\", \"zwave_me\")"}, "services.home-assistant.extraPackages": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "python3Packages: with python3Packages; [];\n"}, "description": "List of packages to add to propagatedBuildInputs.\n\nA popular example is `python3Packages.psycopg2`\nfor PostgreSQL support in the recorder component.\n", "example": {"_type": "literalExpression", "text": "python3Packages: with python3Packages; [\n  # postgresql support\n  psycopg2\n];\n"}, "loc": ["services", "home-assistant", "extraPackages"], "readOnly": false, "type": "function that evaluates to a(n) list of package"}, "services.home-assistant.lovelaceConfig": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your {file}`ui-lovelace.yaml` as a Nix attribute set.\nSetting this option will automatically set `lovelace.mode` to `yaml`.\n\nBeware that setting this option will delete your previous {file}`ui-lovelace.yaml`\n", "example": {"_type": "literalExpression", "text": "{\n  title = \"My Awesome Home\";\n  views = [ {\n    title = \"Example\";\n    cards = [ {\n      type = \"markdown\";\n      title = \"Lovelace\";\n      content = \"Welcome to your **Lovelace UI**.\";\n    } ];\n  } ];\n}\n"}, "loc": ["services", "home-assistant", "lovelaceConfig"], "readOnly": false, "type": "null or YAML 1.1 value"}, "services.home-assistant.lovelaceConfigFile": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Your {file}`ui-lovelace.yaml` managed as configuraton file.\nSetting this option will automatically set `lovelace.mode` to `yaml`.\n", "example": {"_type": "literalExpression", "text": "\"/path/to/ui-lovelace.yaml\""}, "loc": ["services", "home-assistant", "lovelaceConfigFile"], "readOnly": false, "type": "null or absolute path"}, "services.home-assistant.lovelaceConfigWritable": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to make {file}`ui-lovelace.yaml` writable.\n\nThis will allow you to edit it from Home Assistant's web interface.\n\nThis only has an effect if {option}`lovelaceConfig` is set.\nHowever, bear in mind that it will be overwritten at every start of the service.\n", "loc": ["services", "home-assistant", "lovelaceConfigWritable"], "readOnly": false, "type": "boolean"}, "services.home-assistant.openFirewall": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to open the firewall for the specified port.", "loc": ["services", "home-assistant", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.home-assistant.package": {"declarations": ["nixos/modules/services/home-automation/home-assistant.nix"], "default": {"_type": "literalExpression", "text": "pkgs.home-assistant.overrideAttrs (oldAttrs: {\n  doInstallCheck = false;\n})\n"}, "description": "The Home Assistant package to use.\n", "example": {"_type": "literalExpression", "text": "pkgs.home-assistant.override {\n  extraPackages = python3Packages: with python3Packages; [\n    psycopg2\n  ];\n  extraComponents = [\n    \"default_config\"\n    \"esphome\"\n    \"met\"\n  ];\n}\n"}, "loc": ["services", "home-assistant", "package"], "readOnly": false, "type": "package"}, "services.hylafax.areaCode": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Area code for server and all modems.", "example": {"_type": "literalExpression", "text": "\"30\""}, "loc": ["services", "hylafax", "areaCode"], "readOnly": false, "type": "null or non-empty string"}, "services.hylafax.autostart": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Autostart the HylaFAX queue manager at system start.\nIf this is `false`, the queue manager\nwill still be started if there are pending\njobs or if a user tries to connect to it.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "hylafax", "autostart"], "readOnly": false, "type": "boolean"}, "services.hylafax.commonModemConfig": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Attribute set of default values for\nmodem config files {file}`etc/config.*`.\nValues can be either strings or integers\n(which will be added to the config file verbatimly)\nor lists thereof\n(which will be translated to multiple\nlines with the same configuration key).\nBoolean values are translated to \"Yes\" or \"No\".\nThe default contains some reasonable\nconfiguration to yield an operational system.\n\nThink twice before changing\npaths of fax-processing scripts.\n", "example": {"_type": "literalExpression", "text": "{\n  InternationalPrefix = \"00\";\n  LongDistancePrefix = \"0\";\n}"}, "loc": ["services", "hylafax", "commonModemConfig"], "readOnly": false, "type": "attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)"}, "services.hylafax.countryCode": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Country code for server and all modems.", "example": {"_type": "literalExpression", "text": "\"49\""}, "loc": ["services", "hylafax", "countryCode"], "readOnly": false, "type": "null or non-empty string"}, "services.hylafax.enable": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HylaFAX server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hylafax", "enable"], "readOnly": false, "type": "boolean"}, "services.hylafax.faxcron.enable.frequency": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "purging old files from the spooling area with\n{file}`faxcron` with the given frequency\n(see {manpage}`systemd.time(7)`)\n", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["services", "hylafax", "faxcron", "enable", "frequency"], "readOnly": false, "type": "null or non-empty string"}, "services.hylafax.faxcron.enable.spoolInit": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable purging old files from the spooling area with\n{file}`faxcron`\neach time the spooling area is initialized\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hylafax", "faxcron", "enable", "spoolInit"], "readOnly": false, "type": "boolean"}, "services.hylafax.faxcron.infoDays": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Set the expiration time for data in the\nremote machine information directory in days.\n", "loc": ["services", "hylafax", "faxcron", "infoDays"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.hylafax.faxcron.logDays": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "30"}, "description": "Set the expiration time for\nsession trace log files in days.\n", "loc": ["services", "hylafax", "faxcron", "logDays"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.hylafax.faxcron.rcvDays": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "7"}, "description": "Set the expiration time for files in\nthe received facsimile queue in days.\n", "loc": ["services", "hylafax", "faxcron", "rcvDays"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.hylafax.faxqConfig": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Attribute set of lines for the global\nfaxq config file {file}`etc/config`.\nValues can be either strings or integers\n(which will be added to the config file verbatimly)\nor lists thereof\n(which will be translated to multiple\nlines with the same configuration key).\nBoolean values are translated to \"Yes\" or \"No\".\nThe default contains some reasonable\nconfiguration to yield an operational system.\n\n", "example": {"_type": "literalExpression", "text": "{\n  InternationalPrefix = \"00\";\n  LongDistancePrefix = \"0\";\n}"}, "loc": ["services", "hylafax", "faxqConfig"], "readOnly": false, "type": "attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)"}, "services.hylafax.faxqclean.archiving": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "\"as-flagged\""}, "description": "Enable or suppress job archiving:\n`never` disables job archiving,\n`as-flagged` archives jobs that\nhave been flagged for archiving by sendfax,\n`always` forces archiving of all jobs.\nSee also {manpage}`sendfax(1)` and {manpage}`faxqclean(8)`.\n", "example": {"_type": "literalExpression", "text": "\"always\""}, "loc": ["services", "hylafax", "faxqclean", "archiving"], "readOnly": false, "type": "one of \"never\", \"as-flagged\", \"always\""}, "services.hylafax.faxqclean.docqMinutes": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "60"}, "description": "Set the document\nage threshold (in minutes) that controls how long\nunreferenced files may reside in the docq directory.\n", "example": {"_type": "literalExpression", "text": "24*60"}, "loc": ["services", "hylafax", "faxqclean", "docqMinutes"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.hylafax.faxqclean.doneqMinutes": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "15"}, "description": "Set the job\nage threshold (in minutes) that controls how long\njobs may reside in the doneq directory.\n", "example": {"_type": "literalExpression", "text": "24*60"}, "loc": ["services", "hylafax", "faxqclean", "doneqMinutes"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.hylafax.faxqclean.enable.frequency": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Purge old files from the spooling area with\n{file}`faxcron` with the given frequency\n(see {manpage}`systemd.time(7)`).\n", "example": {"_type": "literalExpression", "text": "\"daily\""}, "loc": ["services", "hylafax", "faxqclean", "enable", "frequency"], "readOnly": false, "type": "null or non-empty string"}, "services.hylafax.faxqclean.enable.spoolInit": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable purging old files from the spooling area with\n{file}`faxqclean`\neach time the spooling area is initialized\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "hylafax", "faxqclean", "enable", "spoolInit"], "readOnly": false, "type": "boolean"}, "services.hylafax.hfaxdConfig": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Attribute set of lines for the global\nhfaxd config file {file}`etc/hfaxd.conf`.\nValues can be either strings or integers\n(which will be added to the config file verbatimly)\nor lists thereof\n(which will be translated to multiple\nlines with the same configuration key).\nBoolean values are translated to \"Yes\" or \"No\".\nThe default contains some reasonable\nconfiguration to yield an operational system.\n\n", "example": {"_type": "literalExpression", "text": "{\n  RecvqProtection = \"0400\";\n}"}, "loc": ["services", "hylafax", "hfaxdConfig"], "readOnly": false, "type": "attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)"}, "services.hylafax.internationalPrefix": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "International prefix for server and all modems.", "example": {"_type": "literalExpression", "text": "\"00\""}, "loc": ["services", "hylafax", "internationalPrefix"], "readOnly": false, "type": "null or string"}, "services.hylafax.longDistancePrefix": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Long distance prefix for server and all modems.", "example": {"_type": "literalExpression", "text": "\"0\""}, "loc": ["services", "hylafax", "longDistancePrefix"], "readOnly": false, "type": "null or string"}, "services.hylafax.modems": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Description of installed modems.\nAt least on modem must be defined\nto enable the HylaFAX server.\n", "example": {"_type": "literalExpression", "text": "{\n  ttyS1 = {\n    config = {\n      FAXNumber = \"123456\";\n      LocalIdentifier = \"Smith\";\n    };\n    type = \"cirrus\";\n  };\n}"}, "loc": ["services", "hylafax", "modems"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.hylafax.modems.<name>.config": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Attribute set of values for the given modem.\nValues can be either strings or integers\n(which will be added to the config file verbatimly)\nor lists thereof\n(which will be translated to multiple\nlines with the same configuration key).\nBoolean values are translated to \"Yes\" or \"No\".\nThe default contains some reasonable\nconfiguration to yield an operational system.\n\nOptions defined here override options in\n{option}`commonModemConfig` for this modem.\n", "example": {"_type": "literalExpression", "text": "{\n  AreaCode = \"49\";\n  FAXNumber = \"123456\";\n  LocalCode = \"30\";\n  LocalIdentifier = \"LostInBerlin\";\n}"}, "loc": ["services", "hylafax", "modems", "<name>", "config"], "readOnly": false, "type": "attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)"}, "services.hylafax.modems.<name>.name": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Name of modem device,\nwill be searched for in {file}`/dev`.\n", "example": {"_type": "literalExpression", "text": "\"ttyS1\""}, "loc": ["services", "hylafax", "modems", "<name>", "name"], "readOnly": false, "type": "non-empty string"}, "services.hylafax.modems.<name>.type": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Name of modem configuration file,\nwill be searched for in {file}`config`\nin the spooling area directory.\n", "example": {"_type": "literalExpression", "text": "\"cirrus\""}, "loc": ["services", "hylafax", "modems", "<name>", "type"], "readOnly": false, "type": "non-empty string"}, "services.hylafax.package": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "pkgs.hylafaxplus"}, "description": "The HylaFAX package to use.", "loc": ["services", "hylafax", "package"], "readOnly": false, "type": "package"}, "services.hylafax.sendmailPath": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "description": "Path to {file}`sendmail` program.\nThe default uses the local sendmail wrapper\n(see {option}`config.services.mail.sendmailSetuidWrapper`),\notherwise the {file}`false`\nbinary to cause an error if used.\n", "example": {"_type": "literalExpression", "text": "lib.getExe' config.services.postfix.package \"sendmail\""}, "loc": ["services", "hylafax", "sendmailPath"], "readOnly": false, "type": "absolute path"}, "services.hylafax.spoolAreaPath": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "\"/var/spool/fax\""}, "description": "The spooling area will be created/maintained\nat the location given here.\n", "loc": ["services", "hylafax", "spoolAreaPath"], "readOnly": false, "type": "absolute path"}, "services.hylafax.spoolExtraInit": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional shell code that is executed within the\nspooling area directory right after its setup.\n", "example": {"_type": "literalExpression", "text": "\"chmod 0755 .  # everyone may read my faxes\""}, "loc": ["services", "hylafax", "spoolExtraInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.hylafax.userAccessFile": {"declarations": ["nixos/modules/services/networking/hylafax/options.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/hosts.hfaxd\""}, "description": "The {file}`hosts.hfaxd`\nfile entry in the spooling area\nwill be symlinked to the location given here.\nThis file must exist and be\nreadable only by the `uucp` user.\nSee {manpage}`hosts.hfaxd(5)` for details.\nThis configuration permits access for all users:\n```\n  environment.etc.\"hosts.hfaxd\" = {\n    mode = \"0600\";\n    user = \"uucp\";\n    text = \".*\";\n  };\n```\nNote that host-based access can be controlled with\n{option}`config.systemd.sockets.hylafax-hfaxd.listenStreams`;\nby default, only 127.0.0.1 is permitted to connect.\n", "loc": ["services", "hylafax", "userAccessFile"], "readOnly": false, "type": "absolute path"}, "services.jirafeau.adminPasswordSha256": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "SHA-256 of the desired administration password. Leave blank/unset for no password.\n", "loc": ["services", "jirafeau", "adminPasswordSha256"], "readOnly": false, "type": "string"}, "services.jirafeau.dataDir": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/jirafeau/data/\""}, "description": "Location of Jirafeau storage directory.", "loc": ["services", "jirafeau", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.jirafeau.enable": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Jirafeau file upload application.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jirafeau", "enable"], "readOnly": false, "type": "boolean"}, "services.jirafeau.extraConfig": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Jirefeau configuration. Refer to <https://gitlab.com/mojo42/Jirafeau/-/blob/4.4.0/lib/config.original.php> for supported\nvalues.\n", "example": {"_type": "literalExpression", "text": "''\n  $cfg['style'] = 'courgette';\n  $cfg['organisation'] = 'ACME';\n''"}, "loc": ["services", "jirafeau", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jirafeau.hostName": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "URL of instance. Must have trailing slash.", "loc": ["services", "jirafeau", "hostName"], "readOnly": false, "type": "string"}, "services.jirafeau.maxUploadSizeMegabytes": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Maximum upload size of accepted files.", "loc": ["services", "jirafeau", "maxUploadSizeMegabytes"], "readOnly": false, "type": "signed integer"}, "services.jirafeau.maxUploadTimeout": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"30m\""}, "description": "Timeout for reading client request bodies and headers. Refer to\n<http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout> and\n<http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout> for accepted values.\n", "loc": ["services", "jirafeau", "maxUploadTimeout"], "readOnly": false, "type": "string"}, "services.jirafeau.nginxConfig": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration for the nginx virtual host of Jirafeau.", "example": {"_type": "literalExpression", "text": "{\n  serverAliases = [ \"wiki.${config.networking.domain}\" ];\n}\n"}, "loc": ["services", "jirafeau", "nginxConfig"], "readOnly": false, "type": "submodule"}, "services.jirafeau.nginxConfig.acmeFallbackHost": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host which to proxy requests to if ACME challenge is not found. Useful\nif you want multiple hosts to be able to verify the same domain name.\n\nWith this option, you could request certificates for the present domain\nwith an ACME client that is running on another host, which you would\nspecify here.\n", "loc": ["services", "jirafeau", "nginxConfig", "acmeFallbackHost"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.acmeRoot": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/acme/acme-challenge\""}, "description": "Directory for the ACME challenge, which is **public**. Don't put certs or keys in here.\nSet to null to inherit from config.security.acme.\n", "loc": ["services", "jirafeau", "nginxConfig", "acmeRoot"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.addSSL": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS in addition to plain HTTP. This will set defaults for\n`listen` to listen on all interfaces on the respective default\nports (80, 443).\n", "loc": ["services", "jirafeau", "nginxConfig", "addSSL"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.basicAuth": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "jirafeau", "nginxConfig", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.jirafeau.nginxConfig.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "jirafeau", "nginxConfig", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.jirafeau.nginxConfig.default": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Makes this vhost the default.\n", "loc": ["services", "jirafeau", "nginxConfig", "default"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.enableACME": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to ask Let's Encrypt to sign a certificate for this vhost.\nAlternately, you can use an existing certificate through {option}`useACMEHost`.\n", "loc": ["services", "jirafeau", "nginxConfig", "enableACME"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.extraConfig": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the vhost verbatim.\n", "loc": ["services", "jirafeau", "nginxConfig", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jirafeau.nginxConfig.forceSSL": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to add a separate nginx server block that redirects (defaults\nto 301, configurable with `redirectCode`) all plain HTTP traffic to\nHTTPS. This will set defaults for `listen` to listen on all interfaces\non the respective default ports (80, 443), where the non-SSL listens\nare used for the redirect vhosts.\n", "loc": ["services", "jirafeau", "nginxConfig", "forceSSL"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.globalRedirect": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, all requests for this host are redirected (defaults to 301,\nconfigurable with `redirectCode`) to the given hostname.\n", "example": {"_type": "literalExpression", "text": "\"newserver.example.org\""}, "loc": ["services", "jirafeau", "nginxConfig", "globalRedirect"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.http2": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/2 protocol.\nNote that (as of writing) due to nginx's implementation, to disable\nHTTP/2 you have to disable it on all vhosts that use a given\nIP address / port.\nIf there is one server block configured to enable http2, then it is\nenabled for all server blocks on this IP.\nSee <https://stackoverflow.com/a/39466948/263061>.\n", "loc": ["services", "jirafeau", "nginxConfig", "http2"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.http3": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the HTTP/3 protocol.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that HTTP/3 support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\nHTTP/3 availability must be manually advertised, preferably in each location block.\n", "loc": ["services", "jirafeau", "nginxConfig", "http3"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.http3_hq": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.\nThis requires activating the QUIC transport protocol\n`services.nginx.virtualHosts.<name>.quic = true;`.\nNote that special application protocol support is experimental and *not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "jirafeau", "nginxConfig", "http3_hq"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.kTLS": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kTLS support.\nImplementing TLS in the kernel (kTLS) improves performance by significantly\nreducing the need for copying operations between user space and the kernel.\nRequired Nginx version 1.21.4 or later.\n", "loc": ["services", "jirafeau", "nginxConfig", "kTLS"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.listen": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses and ports for this virtual host.\nIPv6 addresses must be enclosed in square brackets.\nNote: this option overrides `addSSL`\nand `onlySSL`.\n\nIf you only want to set the addresses manually and not\nthe ports, take a look at `listenAddresses`.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    addr = \"195.154.1.1\";\n    port = 443;\n    ssl = true;\n  }\n  {\n    addr = \"192.154.1.1\";\n    port = 80;\n  }\n  {\n    addr = \"unix:/var/run/nginx.sock\";\n  }\n]"}, "loc": ["services", "jirafeau", "nginxConfig", "listen"], "readOnly": false, "type": "list of (submodule)"}, "services.jirafeau.nginxConfig.listen.*.addr": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "description": "Listen address.", "loc": ["services", "jirafeau", "nginxConfig", "listen", "*", "addr"], "readOnly": false, "type": "string"}, "services.jirafeau.nginxConfig.listen.*.extraParameters": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra parameters of this listen directive.", "example": {"_type": "literalExpression", "text": "[\n  \"backlog=1024\"\n  \"deferred\"\n]"}, "loc": ["services", "jirafeau", "nginxConfig", "listen", "*", "extraParameters"], "readOnly": false, "type": "list of string"}, "services.jirafeau.nginxConfig.listen.*.port": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Port number to listen on.\nIf unset and the listen address is not a socket then nginx defaults to 80.\n", "loc": ["services", "jirafeau", "nginxConfig", "listen", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.jirafeau.nginxConfig.listen.*.proxyProtocol": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable PROXY protocol.", "loc": ["services", "jirafeau", "nginxConfig", "listen", "*", "proxyProtocol"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.listen.*.ssl": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SSL.", "loc": ["services", "jirafeau", "nginxConfig", "listen", "*", "ssl"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.listenAddresses": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Listen addresses for this virtual host.\nCompared to `listen` this only sets the addresses\nand the ports are chosen automatically.\n\nNote: This option overrides `networking.enableIPv6`\n", "example": {"_type": "literalExpression", "text": "[\n  \"127.0.0.1\"\n  \"[::1]\"\n]"}, "loc": ["services", "jirafeau", "nginxConfig", "listenAddresses"], "readOnly": false, "type": "list of string"}, "services.jirafeau.nginxConfig.locations": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Declarative location config", "example": {"_type": "literalExpression", "text": "{\n  \"/\" = {\n    proxyPass = \"http://localhost:3000\";\n  };\n};\n"}, "loc": ["services", "jirafeau", "nginxConfig", "locations"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.jirafeau.nginxConfig.locations.<name>.alias": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Alias directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/alias/directory\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "alias"], "readOnly": false, "type": "null or absolute path"}, "services.jirafeau.nginxConfig.locations.<name>.basicAuth": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Basic Auth protection for a vhost.\n\nWARNING: This is implemented to store the password in plain text in the\nNix store.\n", "example": {"_type": "literalExpression", "text": "{\n  user = \"password\";\n};\n"}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "basicAuth"], "readOnly": false, "type": "attribute set of string"}, "services.jirafeau.nginxConfig.locations.<name>.basicAuthFile": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Basic Auth password file for a vhost.\nCan be created by running {command}`nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'`.\n", "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.jirafeau.nginxConfig.locations.<name>.extraConfig": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "These lines go to the end of the location verbatim.\n", "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.jirafeau.nginxConfig.locations.<name>.fastcgiParams": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "FastCGI parameters to override.  Unlike in the Nginx\nconfiguration file, overriding only some default parameters\nwon't unset the default values for other parameters.\n", "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "fastcgiParams"], "readOnly": false, "type": "attribute set of (string or absolute path)"}, "services.jirafeau.nginxConfig.locations.<name>.index": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds index directive.\n", "example": {"_type": "literalExpression", "text": "\"index.php index.html\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "index"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.locations.<name>.priority": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "1000"}, "description": "Order of this location block in relation to the others in the vhost.\nThe semantics are the same as with `lib.mkOrder`. Smaller values have\na greater priority.\n", "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "priority"], "readOnly": false, "type": "signed integer"}, "services.jirafeau.nginxConfig.locations.<name>.proxyPass": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds proxy_pass directive and sets recommended proxy headers if\nrecommendedProxySettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"http://www.example.org/\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "proxyPass"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.locations.<name>.proxyWebsockets": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to support proxying websocket connections with HTTP/1.1.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "proxyWebsockets"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettings": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedProxySettings"}, "description": "Enable recommended proxy settings.\n", "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "recommendedProxySettings"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "config.services.nginx.recommendedUwsgiSettings"}, "description": "Enable recommended uwsgi settings.\n", "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "recommendedUwsgiSettings"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.locations.<name>.return": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds a return directive, for e.g. redirections.\n", "example": {"_type": "literalExpression", "text": "\"301 http://example.com$request_uri\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "return"], "readOnly": false, "type": "null or string or signed integer"}, "services.jirafeau.nginxConfig.locations.<name>.root": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Root directory for requests.\n", "example": {"_type": "literalExpression", "text": "\"/your/root/directory\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "root"], "readOnly": false, "type": "null or absolute path"}, "services.jirafeau.nginxConfig.locations.<name>.tryFiles": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds try_files directive.\n", "example": {"_type": "literalExpression", "text": "\"$uri =404\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "tryFiles"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.locations.<name>.uwsgiPass": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Adds uwsgi_pass directive and sets recommended proxy headers if\nrecommendedUwsgiSettings is enabled.\n", "example": {"_type": "literalExpression", "text": "\"unix:/run/example/example.sock\""}, "loc": ["services", "jirafeau", "nginxConfig", "locations", "<name>", "uwsgiPass"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.onlySSL": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable HTTPS and reject plain HTTP connections. This will set\ndefaults for `listen` to listen on all interfaces on port 443.\n", "loc": ["services", "jirafeau", "nginxConfig", "onlySSL"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.quic": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the QUIC transport protocol.\nNote that QUIC support is experimental and\n*not* yet recommended for production.\nRead more at <https://quic.nginx.org/>\n", "loc": ["services", "jirafeau", "nginxConfig", "quic"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.redirectCode": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "301"}, "description": "HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases\ninclude temporary (302, 307) redirects, keeping the request method and\nbody (307, 308), or explicitly resetting the method to GET (303).\nSee <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.\n", "example": {"_type": "literalExpression", "text": "308"}, "loc": ["services", "jirafeau", "nginxConfig", "redirectCode"], "readOnly": false, "type": "integer between 300 and 399 (both inclusive)"}, "services.jirafeau.nginxConfig.rejectSSL": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to listen for and reject all HTTPS connections to this vhost. Useful in\n[default](#opt-services.nginx.virtualHosts._name_.default)\nserver blocks to avoid serving the certificate for another vhost. Uses the\n`ssl_reject_handshake` directive available in nginx versions\n1.19.4 and above.\n", "loc": ["services", "jirafeau", "nginxConfig", "rejectSSL"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.reuseport": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create an individual listening socket .\nIt is required to specify only once on one of the hosts.\n", "loc": ["services", "jirafeau", "nginxConfig", "reuseport"], "readOnly": false, "type": "boolean"}, "services.jirafeau.nginxConfig.root": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path of the web root directory.\n", "example": {"_type": "literalExpression", "text": "\"/data/webserver/docs\""}, "loc": ["services", "jirafeau", "nginxConfig", "root"], "readOnly": false, "type": "null or absolute path"}, "services.jirafeau.nginxConfig.serverAliases": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional names of virtual hosts served by this virtual host configuration.\n", "example": {"_type": "literalExpression", "text": "[\n  \"www.example.org\"\n  \"example.org\"\n]"}, "loc": ["services", "jirafeau", "nginxConfig", "serverAliases"], "readOnly": false, "type": "list of string"}, "services.jirafeau.nginxConfig.serverName": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Name of this virtual host. Defaults to attribute name in virtualHosts.\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "jirafeau", "nginxConfig", "serverName"], "readOnly": false, "type": "null or string"}, "services.jirafeau.nginxConfig.sslCertificate": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "description": "Path to server SSL certificate.", "example": {"_type": "literalExpression", "text": "\"/var/host.cert\""}, "loc": ["services", "jirafeau", "nginxConfig", "sslCertificate"], "readOnly": false, "type": "absolute path"}, "services.jirafeau.nginxConfig.sslCertificateKey": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "description": "Path to server SSL certificate key.", "example": {"_type": "literalExpression", "text": "\"/var/host.key\""}, "loc": ["services", "jirafeau", "nginxConfig", "sslCertificateKey"], "readOnly": false, "type": "absolute path"}, "services.jirafeau.nginxConfig.sslTrustedCertificate": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to root SSL certificate for stapling and client certificates.", "example": {"_type": "literalExpression", "text": "\"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\""}, "loc": ["services", "jirafeau", "nginxConfig", "sslTrustedCertificate"], "readOnly": false, "type": "null or absolute path"}, "services.jirafeau.nginxConfig.useACMEHost": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A host of an existing Let's Encrypt certificate to use.\nThis is useful if you have many subdomains and want to avoid hitting the\n[rate limit](https://letsencrypt.org/docs/rate-limits).\nAlternately, you can generate a certificate through {option}`enableACME`.\n*Note that this option does not create any certificates, nor it does add subdomains to existing ones \u2013 you will need to create them manually using [](#opt-security.acme.certs).*\n", "loc": ["services", "jirafeau", "nginxConfig", "useACMEHost"], "readOnly": false, "type": "null or string"}, "services.jirafeau.package": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "pkgs.jirafeau"}, "description": "The jirafeau package to use.", "loc": ["services", "jirafeau", "package"], "readOnly": false, "type": "package"}, "services.jirafeau.poolConfig": {"declarations": ["nixos/modules/services/web-apps/jirafeau.nix"], "default": {"_type": "literalExpression", "text": "{\n  pm = \"dynamic\";\n  \"pm.max_children\" = 32;\n  \"pm.max_requests\" = 500;\n  \"pm.max_spare_servers\" = 4;\n  \"pm.min_spare_servers\" = 2;\n  \"pm.start_servers\" = 2;\n}"}, "description": "Options for Jirafeau PHP pool. See documentation on `php-fpm.conf` for\ndetails on configuration directives.\n", "loc": ["services", "jirafeau", "poolConfig"], "readOnly": false, "type": "attribute set of (string or signed integer or boolean)"}, "services.k3s.agentToken": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The k3s token agents can use to connect to the server.\nThis option only makes sense on server nodes (`role = server`).\n\n**WARNING**: This option will expose your token unencrypted in the world-readable nix store.\nIf this is undesired use the tokenFile option instead.\n", "loc": ["services", "k3s", "agentToken"], "readOnly": false, "type": "string"}, "services.k3s.agentTokenFile": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing the k3s token agents can use to connect to the server.\nThis option only makes sense on server nodes (`role = server`).\n", "loc": ["services", "k3s", "agentTokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.k3s.autoDeployCharts": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Auto deploying Helm charts that are installed by the k3s Helm controller. Avoid using\nattribute names that are also used in the [](#opt-services.k3s.manifests) and\n[](#opt-services.k3s.charts) options. Manifests with the same name will override\nauto deploying charts with the same name.\nThis option only makes sense on server nodes (`role = server`). See the\n[k3s Helm documentation](https://docs.k3s.io/helm) for further information.\n\n**WARNING**: If you have multiple server nodes, and set this option on more than one server,\nit is your responsibility to ensure that files stay in sync across those nodes. AddOn content is\nnot synced between nodes, and k3s cannot guarantee correct behavior if different servers attempt\nto deploy conflicting manifests.\n", "example": {"_type": "literalExpression", "text": "{\n  harbor = {\n    name = \"harbor\";\n    repo = \"https://helm.goharbor.io\";\n    version = \"1.14.0\";\n    hash = \"sha256-fMP7q1MIbvzPGS9My91vbQ1d3OJMjwc+o8YE/BXZaYU=\";\n    values = {\n      existingSecretAdminPassword = \"harbor-admin\";\n      expose = {\n        tls = {\n          enabled = true;\n          certSource = \"secret\";\n          secret.secretName = \"my-tls-secret\";\n        };\n        ingress = {\n          hosts.core = \"example.com\";\n          className = \"nginx\";\n        };\n      };\n    };\n  };\n  nginx = {\n    repo = \"oci://registry-1.docker.io/bitnamicharts/nginx\";\n    version = \"20.0.0\";\n    hash = \"sha256-sy+tzB+i9jIl/tqOMzzuhVhTU4EZVsoSBtPznxF/36c=\";\n  };\n  custom-chart = {\n    package = ../charts/my-chart.tgz;\n    values = ../values/my-values.yaml;\n    extraFieldDefinitions = {\n      spec.timeout = \"60s\";\n    };\n  };\n}\n"}, "loc": ["services", "k3s", "autoDeployCharts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.k3s.autoDeployCharts.<name>.createNamespace": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create the target namespace if not present.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "createNamespace"], "readOnly": false, "type": "boolean"}, "services.k3s.autoDeployCharts.<name>.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the installation of this Helm chart. Note that setting\nthis option to `false` will not uninstall the chart from the cluster, if\nit was previously installed. Please use the the `--disable` flag or `.skip`\nfiles to delete/disable Helm charts, as mentioned in the\n[docs](https://docs.k3s.io/installation/packaged-components#disabling-manifests).\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.k3s.autoDeployCharts.<name>.extraDeploy": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra Kubernetes manifests to deploy with this Helm chart.", "example": {"_type": "literalExpression", "text": "[\n  ../manifests/my-extra-deployment.yaml\n  {\n    apiVersion = \"v1\";\n    kind = \"Service\";\n    metadata = {\n      name = \"app-service\";\n    };\n    spec = {\n      selector = {\n        \"app.kubernetes.io/name\" = \"MyApp\";\n      };\n      ports = [\n        {\n          name = \"name-of-service-port\";\n          protocol = \"TCP\";\n          port = 80;\n          targetPort = \"http-web-svc\";\n        }\n      ];\n    };\n  }\n];\n"}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "extraDeploy"], "readOnly": false, "type": "list of (absolute path or (attribute set))"}, "services.k3s.autoDeployCharts.<name>.extraFieldDefinitions": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra HelmChart field definitions that are merged with the rest of the HelmChart\ncustom resource. This can be used to set advanced fields or to overwrite\ngenerated fields. See <https://docs.k3s.io/helm#helmchart-field-definitions>\nfor possible fields.\n", "example": {"_type": "literalExpression", "text": "{\n  spec = {\n    backOffLimit = 3;\n    bootstrap = true;\n    helmVersion = \"v2\";\n    jobImage = \"custom-helm-controller:v0.0.1\";\n  };\n}"}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "extraFieldDefinitions"], "readOnly": false, "type": "YAML 1.1 value"}, "services.k3s.autoDeployCharts.<name>.hash": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The hash of the packaged Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"sha256-ej+vpPNdiOoXsaj1jyRpWLisJgWo8EqX+Z5VbpSjsPA=\""}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "hash"], "readOnly": false, "type": "string"}, "services.k3s.autoDeployCharts.<name>.name": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The name of the Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"ingress-nginx\""}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "name"], "readOnly": false, "type": "non-empty string"}, "services.k3s.autoDeployCharts.<name>.package": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The packaged Helm chart. Overwrites the options `repo`, `name`, `version`\nand `hash` in case of conflicts.\n", "example": {"_type": "literalExpression", "text": "../my-helm-chart.tgz"}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "package"], "readOnly": false, "type": "absolute path or package"}, "services.k3s.autoDeployCharts.<name>.repo": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The repo of the Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"https://kubernetes.github.io/ingress-nginx\""}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "repo"], "readOnly": false, "type": "non-empty string"}, "services.k3s.autoDeployCharts.<name>.targetNamespace": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "The namespace in which the Helm chart gets installed.", "example": {"_type": "literalExpression", "text": "\"kube-system\""}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "targetNamespace"], "readOnly": false, "type": "non-empty string"}, "services.k3s.autoDeployCharts.<name>.values": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Override default chart values via Nix expressions. This is equivalent to setting\nvalues in a `values.yaml` file.\n\n**WARNING**: The values (including secrets!) specified here are exposed unencrypted\nin the world-readable nix store.\n", "example": {"_type": "literalExpression", "text": "{\n  hostName = \"my-host\";\n  replicaCount = 3;\n  server = {\n    name = \"nginx\";\n    port = 80;\n  };\n}"}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "values"], "readOnly": false, "type": "absolute path or (attribute set)"}, "services.k3s.autoDeployCharts.<name>.version": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The version of the Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"4.7.0\""}, "loc": ["services", "k3s", "autoDeployCharts", "<name>", "version"], "readOnly": false, "type": "non-empty string"}, "services.k3s.charts": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Packaged Helm charts that are linked to {file}`/var/lib/rancher/k3s/server/static/charts` before k3s starts.\nThe attribute name will be used as the link target (relative to {file}`/var/lib/rancher/k3s/server/static/charts`).\nThe specified charts will only be placed on the file system and made available via the Kubernetes APIServer from within the cluster. See the [](#opt-services.k3s.autoDeployCharts) option and the\n[k3s Helm controller docs](https://docs.k3s.io/helm#using-the-helm-controller)\nto deploy Helm charts. This option only makes sense on server nodes (`role = server`).\n", "example": {"_type": "literalExpression", "text": "nginx = ../charts/my-nginx-chart.tgz;\nredis = ../charts/my-redis-chart.tgz;\n"}, "loc": ["services", "k3s", "charts"], "readOnly": false, "type": "attribute set of (absolute path or package)"}, "services.k3s.clusterInit": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Initialize HA cluster using an embedded etcd datastore.\n\nIf this option is `false` and `role` is `server`\n\nOn a server that was using the default embedded sqlite backend,\nenabling this option will migrate to an embedded etcd DB.\n\nIf an HA cluster using the embedded etcd datastore was already initialized,\nthis option has no effect.\n\nThis option only makes sense in a server that is not connecting to another server.\n\nIf you are configuring an HA cluster with an embedded etcd,\nthe 1st server must have `clusterInit = true`\nand other servers must connect to it using `serverAddr`.\n", "loc": ["services", "k3s", "clusterInit"], "readOnly": false, "type": "boolean"}, "services.k3s.configPath": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot).", "loc": ["services", "k3s", "configPath"], "readOnly": false, "type": "null or absolute path"}, "services.k3s.containerdConfigTemplate": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Config template for containerd, to be placed at\n`/var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl`.\nSee the docs on [configuring containerd](https://docs.k3s.io/advanced#configuring-containerd).\n", "example": {"_type": "literalExpression", "text": "# Base config\n{{ template \"base\" . }}\n\n# Add a custom runtime\n[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.\"custom\"]\n  runtime_type = \"io.containerd.runc.v2\"\n[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.\"custom\".options]\n  BinaryName = \"/path/to/custom-container-runtime\"\n"}, "loc": ["services", "k3s", "containerdConfigTemplate"], "readOnly": false, "type": "null or string"}, "services.k3s.disable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Disable default components, see the [K3s documentation](https://docs.k3s.io/installation/packaged-components#using-the---disable-flag).\n", "loc": ["services", "k3s", "disable"], "readOnly": false, "type": "list of string"}, "services.k3s.disableAgent": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Only run the server. This option only makes sense for a server.", "loc": ["services", "k3s", "disableAgent"], "readOnly": false, "type": "boolean"}, "services.k3s.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable k3s.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "k3s", "enable"], "readOnly": false, "type": "boolean"}, "services.k3s.environmentFile": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See {manpage}`systemd.exec(5)`.\n", "loc": ["services", "k3s", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.k3s.extraFlags": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to the k3s command.", "example": {"_type": "literalExpression", "text": "[\n  \"--etcd-expose-metrics\"\n  \"--cluster-cidr 10.24.0.0/16\"\n]"}, "loc": ["services", "k3s", "extraFlags"], "readOnly": false, "type": "string or list of string"}, "services.k3s.extraKubeProxyConfig": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the kube-proxy's configuration file. The subset of the kube-proxy's\nconfiguration that can be configured via a file is defined by the\n[KubeProxyConfiguration](https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/)\nstruct. Note that the kubeconfig param will be overriden by `clientConnection.kubeconfig`, so you must\nset the `clientConnection.kubeconfig` option if you want to use `extraKubeProxyConfig`.\n", "example": {"_type": "literalExpression", "text": "{\n  clientConnection = {\n    kubeconfig = \"/var/lib/rancher/k3s/agent/kubeproxy.kubeconfig\";\n  };\n  mode = \"nftables\";\n}"}, "loc": ["services", "k3s", "extraKubeProxyConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.k3s.extraKubeletConfig": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the kubelet's configuration file. The subset of the kubelet's\nconfiguration that can be configured via a file is defined by the\n[KubeletConfiguration](https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/)\nstruct. See the\n[documentation](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)\nfor further information.\n", "example": {"_type": "literalExpression", "text": "{\n  containerLogMaxSize = \"5Mi\";\n  memoryThrottlingFactor = 0.69;\n  podsPerCore = 3;\n}"}, "loc": ["services", "k3s", "extraKubeletConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.k3s.gracefulNodeShutdown.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable graceful node shutdowns where the kubelet attempts to detect\nnode system shutdown and terminates pods running on the node. See the\n[documentation](https://kubernetes.io/docs/concepts/cluster-administration/node-shutdown/#graceful-node-shutdown)\nfor further information.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "k3s", "gracefulNodeShutdown", "enable"], "readOnly": false, "type": "boolean"}, "services.k3s.gracefulNodeShutdown.shutdownGracePeriod": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Specifies the total duration that the node should delay the shutdown by. This is the total\ngrace period for pod termination for both regular and critical pods.\n", "example": {"_type": "literalExpression", "text": "\"1m30s\""}, "loc": ["services", "k3s", "gracefulNodeShutdown", "shutdownGracePeriod"], "readOnly": false, "type": "non-empty string"}, "services.k3s.gracefulNodeShutdown.shutdownGracePeriodCriticalPods": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"10s\""}, "description": "Specifies the duration used to terminate critical pods during a node shutdown. This should be\nless than `shutdownGracePeriod`.\n", "example": {"_type": "literalExpression", "text": "\"15s\""}, "loc": ["services", "k3s", "gracefulNodeShutdown", "shutdownGracePeriodCriticalPods"], "readOnly": false, "type": "non-empty string"}, "services.k3s.images": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of derivations that provide container images.\nAll images are linked to {file}`/var/lib/rancher/k3s/agent/images` before k3s starts and are consequently imported\nby the k3s agent. Consider importing the k3s airgap images archive of the k3s package in\nuse, if you want to pre-provision this node with all k3s container images. This option\nonly makes sense on nodes with an enabled agent.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.dockerTools.pullImage {\n    imageName = \"docker.io/bitnami/keycloak\";\n    imageDigest = \"sha256:714dfadc66a8e3adea6609bda350345bd3711657b7ef3cf2e8015b526bac2d6b\";\n    hash = \"sha256-IM2BLZ0EdKIZcRWOtuFY9TogZJXCpKtPZnMnPsGlq0Y=\";\n    finalImageTag = \"21.1.2-debian-11-r0\";\n  })\n\n  config.services.k3s.package.airgap-images\n]\n"}, "loc": ["services", "k3s", "images"], "readOnly": false, "type": "list of package"}, "services.k3s.manifests": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Auto-deploying manifests that are linked to {file}`/var/lib/rancher/k3s/server/manifests` before k3s starts.\nNote that deleting manifest files will not remove or otherwise modify the resources\nit created. Please use the the `--disable` flag or `.skip` files to delete/disable AddOns,\nas mentioned in the [docs](https://docs.k3s.io/installation/packaged-components#disabling-manifests).\nThis option only makes sense on server nodes (`role = server`).\nRead the [auto-deploying manifests docs](https://docs.k3s.io/installation/packaged-components#auto-deploying-manifests-addons)\nfor further information.\n\n**WARNING**: If you have multiple server nodes, and set this option on more than one server,\nit is your responsibility to ensure that files stay in sync across those nodes. AddOn content is\nnot synced between nodes, and k3s cannot guarantee correct behavior if different servers attempt\nto deploy conflicting manifests.\n", "example": {"_type": "literalExpression", "text": "{\n  deployment.source = ../manifests/deployment.yaml;\n  my-service = {\n    enable = false;\n    target = \"app-service.yaml\";\n    content = {\n      apiVersion = \"v1\";\n      kind = \"Service\";\n      metadata = {\n        name = \"app-service\";\n      };\n      spec = {\n        selector = {\n          \"app.kubernetes.io/name\" = \"MyApp\";\n        };\n        ports = [\n          {\n            name = \"name-of-service-port\";\n            protocol = \"TCP\";\n            port = 80;\n            targetPort = \"http-web-svc\";\n          }\n        ];\n      };\n    };\n  };\n\n  nginx.content = [\n    {\n      apiVersion = \"v1\";\n      kind = \"Pod\";\n      metadata = {\n        name = \"nginx\";\n        labels = {\n          \"app.kubernetes.io/name\" = \"MyApp\";\n        };\n      };\n      spec = {\n        containers = [\n          {\n            name = \"nginx\";\n            image = \"nginx:1.14.2\";\n            ports = [\n              {\n                containerPort = 80;\n                name = \"http-web-svc\";\n              }\n            ];\n          }\n        ];\n      };\n    }\n    {\n      apiVersion = \"v1\";\n      kind = \"Service\";\n      metadata = {\n        name = \"nginx-service\";\n      };\n      spec = {\n        selector = {\n          \"app.kubernetes.io/name\" = \"MyApp\";\n        };\n        ports = [\n          {\n            name = \"name-of-service-port\";\n            protocol = \"TCP\";\n            port = 80;\n            targetPort = \"http-web-svc\";\n          }\n        ];\n      };\n    }\n  ];\n};\n"}, "loc": ["services", "k3s", "manifests"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.k3s.manifests.<name>.content": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Content of the manifest file. A single attribute set will\ngenerate a single document YAML file. A list of attribute sets\nwill generate multiple documents separated by `---` in a single\nYAML file.\n", "loc": ["services", "k3s", "manifests", "<name>", "content"], "readOnly": false, "type": "null or (attribute set) or list of (attribute set)"}, "services.k3s.manifests.<name>.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this manifest file should be generated.", "loc": ["services", "k3s", "manifests", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.k3s.manifests.<name>.source": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "Path of the source `.yaml` file.\n", "example": {"_type": "literalExpression", "text": "./manifests/app.yaml"}, "loc": ["services", "k3s", "manifests", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "services.k3s.manifests.<name>.target": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "Name of the symlink (relative to {file}`/var/lib/rancher/k3s/server/manifests`).\nDefaults to the attribute name.\n", "example": {"_type": "literalExpression", "text": "\"manifest.yaml\""}, "loc": ["services", "k3s", "manifests", "<name>", "target"], "readOnly": false, "type": "non-empty string"}, "services.k3s.nodeIP": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4/IPv6 addresses to advertise for node.", "loc": ["services", "k3s", "nodeIP"], "readOnly": false, "type": "null or string"}, "services.k3s.nodeLabel": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Registering and starting kubelet with set of labels.", "loc": ["services", "k3s", "nodeLabel"], "readOnly": false, "type": "list of string"}, "services.k3s.nodeName": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Node name.", "loc": ["services", "k3s", "nodeName"], "readOnly": false, "type": "null or string"}, "services.k3s.nodeTaint": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Registering kubelet with set of taints.", "loc": ["services", "k3s", "nodeTaint"], "readOnly": false, "type": "list of string"}, "services.k3s.package": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.k3s"}, "description": "The k3s package to use.", "loc": ["services", "k3s", "package"], "readOnly": false, "type": "package"}, "services.k3s.role": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"server\""}, "description": "Whether k3s should run as a server or agent.\n\nIf it's a server:\n\n- By default it also runs workloads as an agent.\n- Starts by default as a standalone server using an embedded sqlite datastore.\n- Configure `clusterInit = true` to switch over to embedded etcd datastore and enable HA mode.\n- Configure `serverAddr` to join an already-initialized HA cluster.\n\nIf it's an agent:\n\n- `serverAddr` is required.\n", "loc": ["services", "k3s", "role"], "readOnly": false, "type": "one of \"server\", \"agent\""}, "services.k3s.selinux": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SELinux in containerd.", "loc": ["services", "k3s", "selinux"], "readOnly": false, "type": "boolean"}, "services.k3s.serverAddr": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The k3s server to connect to.\n\nServers and agents need to communicate each other. Read\n[the networking docs](https://rancher.com/docs/k3s/latest/en/installation/installation-requirements/#networking)\nto know how to configure the firewall.\n", "example": {"_type": "literalExpression", "text": "\"https://10.0.0.10:6443\""}, "loc": ["services", "k3s", "serverAddr"], "readOnly": false, "type": "string"}, "services.k3s.token": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The k3s token to use when connecting to a server.\n\n**WARNING**: This option will expose your token unencrypted in the world-readable nix store.\nIf this is undesired use the tokenFile option instead.\n", "loc": ["services", "k3s", "token"], "readOnly": false, "type": "string"}, "services.k3s.tokenFile": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing the k3s token to use when connecting to a server.", "loc": ["services", "k3s", "tokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanidm.client.enable": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Kanidm client.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanidm", "client", "enable"], "readOnly": false, "type": "boolean"}, "services.kanidm.client.settings": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "Configure Kanidm clients, needed for the PAM daemon. See\n[the documentation](https://kanidm.github.io/kanidm/stable/client_tools.html#kanidm-configuration)\nand [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/config)\nfor possible values.\n", "loc": ["services", "kanidm", "client", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.kanidm.client.settings.uri": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "Address of the Kanidm server.", "example": {"_type": "literalExpression", "text": "\"http://127.0.0.1:8080\""}, "loc": ["services", "kanidm", "client", "settings", "uri"], "readOnly": false, "type": "string"}, "services.kanidm.package": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kanidm"}, "description": "The kanidm package to use. Must be set to an explicit version.", "example": {"_type": "literalExpression", "text": "kanidm_1_8"}, "loc": ["services", "kanidm", "package"], "readOnly": false, "type": "package"}, "services.kanidm.provision.acceptInvalidCerts": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"hasPrefix \\\"https://localhost:\\\" cfg.provision.instanceUrl\""}, "description": "Whether to allow invalid certificates when provisioning the target instance.\nBy default this is only allowed when the instanceUrl is localhost. This is\ndangerous when used with an external URL.\n", "loc": ["services", "kanidm", "provision", "acceptInvalidCerts"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.adminPasswordFile": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the admin password for kanidm. Do NOT use a file from the nix store here!", "example": {"_type": "literalExpression", "text": "\"/run/secrets/kanidm-admin-password\""}, "loc": ["services", "kanidm", "provision", "adminPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanidm.provision.autoRemove": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Determines whether deleting an entity in this provisioning config should automatically\ncause them to be removed from kanidm, too. This works because the provisioning tool tracks\nall entities it has ever created. If this is set to false, you need to explicitly specify\n`present = false` to delete an entity.\n", "loc": ["services", "kanidm", "provision", "autoRemove"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.enable": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable provisioning of groups, users and oauth2 resource servers.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanidm", "provision", "enable"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.extraJsonFile": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A JSON file for provisioning persons, groups & systems.\nOptions set in this file take precedence over values set using the other options.\nThe files get deeply merged, and deduplicated.\nThe accepted JSON schema can be found at <https://github.com/oddlama/kanidm-provision#json-schema>.\n", "loc": ["services", "kanidm", "provision", "extraJsonFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanidm.provision.groups": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Provisioning of kanidm groups", "loc": ["services", "kanidm", "provision", "groups"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kanidm.provision.groups.<name>.members": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of kanidm entities (persons, groups, ...) which are part of this group.", "loc": ["services", "kanidm", "provision", "groups", "<name>", "members"], "readOnly": false, "type": "list of string"}, "services.kanidm.provision.groups.<name>.overwriteMembers": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the member list should be overwritten each time (true) or appended\n(false). Append mode allows interactive group management in addition to the\ndeclared members. Also, future member removals cannot be reflected\nautomatically in append mode.\n", "loc": ["services", "kanidm", "provision", "groups", "<name>", "overwriteMembers"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.groups.<name>.present": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this group is present or absent.", "loc": ["services", "kanidm", "provision", "groups", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.idmAdminPasswordFile": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a file containing the idm admin password for kanidm. Do NOT use a file from the nix store here!\nIf this is not given but provisioning is enabled, the idm_admin password will be reset on each restart.\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/kanidm-idm-admin-password\""}, "loc": ["services", "kanidm", "provision", "idmAdminPasswordFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanidm.provision.instanceUrl": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"https://localhost:<port from server.settings.bindaddress>\""}, "description": "The instance url to which the provisioning tool should connect.", "loc": ["services", "kanidm", "provision", "instanceUrl"], "readOnly": false, "type": "string"}, "services.kanidm.provision.persons": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Provisioning of kanidm persons", "loc": ["services", "kanidm", "provision", "persons"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kanidm.provision.persons.<name>.displayName": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "Display name", "example": {"_type": "literalExpression", "text": "\"My User\""}, "loc": ["services", "kanidm", "provision", "persons", "<name>", "displayName"], "readOnly": false, "type": "string"}, "services.kanidm.provision.persons.<name>.groups": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of groups this person should belong to.", "loc": ["services", "kanidm", "provision", "persons", "<name>", "groups"], "readOnly": false, "type": "list of string"}, "services.kanidm.provision.persons.<name>.legalName": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Full legal name", "example": {"_type": "literalExpression", "text": "\"Jane Doe\""}, "loc": ["services", "kanidm", "provision", "persons", "<name>", "legalName"], "readOnly": false, "type": "null or string"}, "services.kanidm.provision.persons.<name>.mailAddresses": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Mail addresses. First given address is considered the primary address.", "example": {"_type": "literalExpression", "text": "[\n  \"jane.doe@example.com\"\n]"}, "loc": ["services", "kanidm", "provision", "persons", "<name>", "mailAddresses"], "readOnly": false, "type": "list of string"}, "services.kanidm.provision.persons.<name>.present": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this person is present or absent.", "loc": ["services", "kanidm", "provision", "persons", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Provisioning of oauth2 resource servers", "loc": ["services", "kanidm", "provision", "systems", "oauth2"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable PKCE on this oauth2 resource server to work around insecure clients\nthat may not support it. You should request the client to enable PKCE!\nOnly for non-public clients.\n", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "allowInsecureClientDisablePkce"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.basicSecretFile": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The basic secret to use for this service. If null, the random secret generated\nby kanidm will not be touched. Do NOT use a path from the nix store here!\n", "example": {"_type": "literalExpression", "text": "\"/run/secrets/some-oauth2-basic-secret\""}, "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "basicSecretFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanidm.provision.systems.oauth2.<name>.claimMaps": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to.\nSee [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.\n", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "claimMaps"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.joinType": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"array\""}, "description": "Determines how multiple values are joined to create the claim value.\nSee [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.\n", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "claimMaps", "<name>", "joinType"], "readOnly": false, "type": "one of \"array\", \"csv\", \"ssv\""}, "services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Maps kanidm groups to values for the claim.", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "claimMaps", "<name>", "valuesByGroup"], "readOnly": false, "type": "attribute set of list of string"}, "services.kanidm.provision.systems.oauth2.<name>.displayName": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "Display name", "example": {"_type": "literalExpression", "text": "\"Some Service\""}, "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "displayName"], "readOnly": false, "type": "string"}, "services.kanidm.provision.systems.oauth2.<name>.enableLegacyCrypto": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256.", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "enableLegacyCrypto"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Allow localhost redirects. Only for public clients.", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "enableLocalhostRedirects"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.imageFile": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Application image to display in the WebUI.\nKanidm supports \"image/jpeg\", \"image/png\", \"image/gif\", \"image/svg+xml\", and \"image/webp\".\nThe image will be uploaded each time kanidm-provision is run.\n", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "imageFile"], "readOnly": false, "type": "null or absolute path"}, "services.kanidm.provision.systems.oauth2.<name>.originLanding": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.", "example": {"_type": "literalExpression", "text": "\"https://someservice.example.com/home\""}, "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "originLanding"], "readOnly": false, "type": "string"}, "services.kanidm.provision.systems.oauth2.<name>.originUrl": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "The redirect URL of the service. These need to exactly match the OAuth2 redirect target", "example": {"_type": "literalExpression", "text": "\"https://someservice.example.com/auth/login\""}, "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "originUrl"], "readOnly": false, "type": "string matching the pattern .*://?.*$ or non-empty (list of string matching the pattern .*://?.*$)"}, "services.kanidm.provision.systems.oauth2.<name>.preferShortUsername": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use 'name' instead of 'spn' in the preferred_username claim", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "preferShortUsername"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.present": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to ensure that this oauth2 resource server is present or absent.", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "present"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.public": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this is a public client (enforces PKCE, doesn't use a basic secret)", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "public"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether claim maps not specified here but present in kanidm should be removed from kanidm.", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "removeOrphanedClaimMaps"], "readOnly": false, "type": "boolean"}, "services.kanidm.provision.systems.oauth2.<name>.scopeMaps": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Maps kanidm groups to returned oauth scopes.\nSee [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.\n", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "scopeMaps"], "readOnly": false, "type": "attribute set of list of string"}, "services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Maps kanidm groups to additionally returned oauth scopes.\nSee [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.\n", "loc": ["services", "kanidm", "provision", "systems", "oauth2", "<name>", "supplementaryScopeMaps"], "readOnly": false, "type": "attribute set of list of string"}, "services.kanidm.server.enable": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Kanidm server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanidm", "server", "enable"], "readOnly": false, "type": "boolean"}, "services.kanidm.server.settings": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings for Kanidm, see\n[the documentation](https://kanidm.github.io/kanidm/stable/server_configuration.html)\nand [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/server.toml)\nfor possible values.\n", "loc": ["services", "kanidm", "server", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.kanidm.server.settings.bindaddress": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1:8443\""}, "description": "Address/port combination the webserver binds to.", "example": {"_type": "literalExpression", "text": "\"[::1]:8443\""}, "loc": ["services", "kanidm", "server", "settings", "bindaddress"], "readOnly": false, "type": "string"}, "services.kanidm.server.settings.db_path": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kanidm/kanidm.db\""}, "description": "Path to Kanidm database.", "loc": ["services", "kanidm", "server", "settings", "db_path"], "readOnly": true, "type": "absolute path"}, "services.kanidm.server.settings.domain": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The `domain` that Kanidm manages. Must be below or equal to the domain\nspecified in `server.settings.origin`.\nThis can be left at `null`, only if your instance has the role `ReadOnlyReplica`.\nWhile it is possible to change the domain later on, it requires extra steps!\nPlease consider the warnings and execute the steps described\n[in the documentation](https://kanidm.github.io/kanidm/stable/administrivia.html#rename-the-domain).\n", "example": {"_type": "literalExpression", "text": "\"example.org\""}, "loc": ["services", "kanidm", "server", "settings", "domain"], "readOnly": false, "type": "null or string"}, "services.kanidm.server.settings.ldapbindaddress": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Address and port the LDAP server is bound to. Setting this to `null` disables the LDAP interface.\n", "example": {"_type": "literalExpression", "text": "\"[::1]:636\""}, "loc": ["services", "kanidm", "server", "settings", "ldapbindaddress"], "readOnly": false, "type": "null or string"}, "services.kanidm.server.settings.log_level": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"info\""}, "description": "Log level of the server.", "loc": ["services", "kanidm", "server", "settings", "log_level"], "readOnly": false, "type": "one of \"info\", \"debug\", \"trace\""}, "services.kanidm.server.settings.online_backup.path": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kanidm/backups\""}, "description": "Path to the output directory for backups.", "loc": ["services", "kanidm", "server", "settings", "online_backup", "path"], "readOnly": false, "type": "absolute path"}, "services.kanidm.server.settings.online_backup.schedule": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"00 22 * * *\""}, "description": "The schedule for backups in cron format.", "loc": ["services", "kanidm", "server", "settings", "online_backup", "schedule"], "readOnly": false, "type": "string"}, "services.kanidm.server.settings.online_backup.versions": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Number of backups to keep.\n\nThe default is set to `0`, in order to disable backups by default.\n", "example": {"_type": "literalExpression", "text": "7"}, "loc": ["services", "kanidm", "server", "settings", "online_backup", "versions"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.kanidm.server.settings.origin": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "The origin of your Kanidm instance. Must have https as protocol.", "example": {"_type": "literalExpression", "text": "\"https://idm.example.org\""}, "loc": ["services", "kanidm", "server", "settings", "origin"], "readOnly": false, "type": "string matching the pattern ^https://.*"}, "services.kanidm.server.settings.role": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"WriteReplica\""}, "description": "The role of this server. This affects the replication relationship and thereby available features.", "loc": ["services", "kanidm", "server", "settings", "role"], "readOnly": false, "type": "one of \"WriteReplica\", \"WriteReplicaNoUI\", \"ReadOnlyReplica\""}, "services.kanidm.server.settings.tls_chain": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "TLS chain in pem format.", "loc": ["services", "kanidm", "server", "settings", "tls_chain"], "readOnly": false, "type": "absolute path"}, "services.kanidm.server.settings.tls_key": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "TLS key in pem format.", "loc": ["services", "kanidm", "server", "settings", "tls_key"], "readOnly": false, "type": "absolute path"}, "services.kanidm.unix.enable": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Kanidm PAM and NSS integration.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanidm", "unix", "enable"], "readOnly": false, "type": "boolean"}, "services.kanidm.unix.settings": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "Configure Kanidm unix daemon.\nSee [the documentation](https://kanidm.github.io/kanidm/stable/integrations/pam_and_nsswitch.html#the-unix-daemon)\nand [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/unixd)\nfor possible values.\n", "loc": ["services", "kanidm", "unix", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.kanidm.unix.settings.hsm_pin_path": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "\"/var/cache/kanidm-unixd/hsm-pin\""}, "description": "Path to a HSM pin.", "loc": ["services", "kanidm", "unix", "settings", "hsm_pin_path"], "readOnly": false, "type": "absolute path"}, "services.kanidm.unix.settings.kanidm.pam_allowed_login_groups": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "description": "Kanidm groups that are allowed to login using PAM.", "example": {"_type": "literalExpression", "text": "\"my_pam_group\""}, "loc": ["services", "kanidm", "unix", "settings", "kanidm", "pam_allowed_login_groups"], "readOnly": false, "type": "list of string"}, "services.kanidm.unix.sshIntegration": {"declarations": ["nixos/modules/services/security/kanidm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kanidm SSH keys login.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kanidm", "unix", "sshIntegration"], "readOnly": false, "type": "boolean"}, "services.kea.ctrl-agent": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Kea Control Agent configuration\n", "loc": ["services", "kea", "ctrl-agent"], "readOnly": false, "type": "submodule"}, "services.kea.ctrl-agent.configFile": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea Control Agent configuration as a path, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html>.\n\nTakes preference over [settings](#opt-services.kea.ctrl-agent.settings).\nMost users should prefer using [settings](#opt-services.kea.ctrl-agent.settings) instead.\n", "loc": ["services", "kea", "ctrl-agent", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.kea.ctrl-agent.enable": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kea Control Agent.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kea", "ctrl-agent", "enable"], "readOnly": false, "type": "boolean"}, "services.kea.ctrl-agent.extraArgs": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional arguments to pass to the daemon.\n", "loc": ["services", "kea", "ctrl-agent", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.kea.ctrl-agent.settings": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea Control Agent configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html>.\n", "loc": ["services", "kea", "ctrl-agent", "settings"], "readOnly": false, "type": "JSON value"}, "services.kea.dhcp-ddns": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Kea DHCP-DDNS configuration\n", "loc": ["services", "kea", "dhcp-ddns"], "readOnly": false, "type": "submodule"}, "services.kea.dhcp-ddns.configFile": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea DHCP-DDNS configuration as a path, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html>.\n\nTakes preference over [settings](#opt-services.kea.dhcp-ddns.settings).\nMost users should prefer using [settings](#opt-services.kea.dhcp-ddns.settings) instead.\n", "loc": ["services", "kea", "dhcp-ddns", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.kea.dhcp-ddns.enable": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kea DDNS server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kea", "dhcp-ddns", "enable"], "readOnly": false, "type": "boolean"}, "services.kea.dhcp-ddns.extraArgs": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional arguments to pass to the daemon.\n", "loc": ["services", "kea", "dhcp-ddns", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.kea.dhcp-ddns.settings": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea DHCP-DDNS configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  dns-server-timeout = 100;\n  forward-ddns = {\n    ddns-domains = [ ];\n  };\n  ip-address = \"127.0.0.1\";\n  ncr-format = \"JSON\";\n  ncr-protocol = \"UDP\";\n  port = 53001;\n  reverse-ddns = {\n    ddns-domains = [ ];\n  };\n  tsig-keys = [ ];\n}"}, "loc": ["services", "kea", "dhcp-ddns", "settings"], "readOnly": false, "type": "JSON value"}, "services.kea.dhcp4": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "DHCP4 Server configuration\n", "loc": ["services", "kea", "dhcp4"], "readOnly": false, "type": "submodule"}, "services.kea.dhcp4.configFile": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea DHCP4 configuration as a path, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp4-srv.html>.\n\nTakes preference over [settings](#opt-services.kea.dhcp4.settings).\nMost users should prefer using [settings](#opt-services.kea.dhcp4.settings) instead.\n", "loc": ["services", "kea", "dhcp4", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.kea.dhcp4.enable": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kea DHCP4 server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kea", "dhcp4", "enable"], "readOnly": false, "type": "boolean"}, "services.kea.dhcp4.extraArgs": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional arguments to pass to the daemon.\n", "loc": ["services", "kea", "dhcp4", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.kea.dhcp4.settings": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea DHCP4 configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp4-srv.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  interfaces-config = {\n    interfaces = [\n      \"eth0\"\n    ];\n  };\n  lease-database = {\n    name = \"/var/lib/kea/dhcp4.leases\";\n    persist = true;\n    type = \"memfile\";\n  };\n  rebind-timer = 2000;\n  renew-timer = 1000;\n  subnet4 = [\n    {\n      id = 1;\n      pools = [\n        {\n          pool = \"192.0.2.100 - 192.0.2.240\";\n        }\n      ];\n      subnet = \"192.0.2.0/24\";\n    }\n  ];\n  valid-lifetime = 4000;\n}"}, "loc": ["services", "kea", "dhcp4", "settings"], "readOnly": false, "type": "JSON value"}, "services.kea.dhcp6": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "DHCP6 Server configuration\n", "loc": ["services", "kea", "dhcp6"], "readOnly": false, "type": "submodule"}, "services.kea.dhcp6.configFile": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea DHCP6 configuration as a path, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp6-srv.html>.\n\nTakes preference over [settings](#opt-services.kea.dhcp6.settings).\nMost users should prefer using [settings](#opt-services.kea.dhcp6.settings) instead.\n", "loc": ["services", "kea", "dhcp6", "configFile"], "readOnly": false, "type": "null or absolute path"}, "services.kea.dhcp6.enable": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kea DHCP6 server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kea", "dhcp6", "enable"], "readOnly": false, "type": "boolean"}, "services.kea.dhcp6.extraArgs": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional arguments to pass to the daemon.\n", "loc": ["services", "kea", "dhcp6", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.kea.dhcp6.settings": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kea DHCP6 configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp6-srv.html>.\n", "example": {"_type": "literalExpression", "text": "{\n  interfaces-config = {\n    interfaces = [\n      \"eth0\"\n    ];\n  };\n  lease-database = {\n    name = \"/var/lib/kea/dhcp6.leases\";\n    persist = true;\n    type = \"memfile\";\n  };\n  preferred-lifetime = 3000;\n  rebind-timer = 2000;\n  renew-timer = 1000;\n  subnet6 = [\n    {\n      id = 1;\n      pools = [\n        {\n          pool = \"2001:db8:1::1-2001:db8:1::ffff\";\n        }\n      ];\n      subnet = \"2001:db8:1::/64\";\n    }\n  ];\n  valid-lifetime = 4000;\n}"}, "loc": ["services", "kea", "dhcp6", "settings"], "readOnly": false, "type": "JSON value"}, "services.kea.package": {"declarations": ["nixos/modules/services/networking/kea.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kea"}, "description": "The kea package to use.", "loc": ["services", "kea", "package"], "readOnly": false, "type": "package"}, "services.kubernetes.addonManager.addons": {"declarations": ["nixos/modules/services/cluster/kubernetes/addon-manager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Kubernetes addons (any kind of Kubernetes resource can be an addon).", "example": {"_type": "literalExpression", "text": "{\n  \"my-service\" = {\n    \"apiVersion\" = \"v1\";\n    \"kind\" = \"Service\";\n    \"metadata\" = {\n      \"name\" = \"my-service\";\n      \"namespace\" = \"default\";\n    };\n    \"spec\" = { ... };\n  };\n}\n// import <nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix> { cfg = config.services.kubernetes; };\n"}, "loc": ["services", "kubernetes", "addonManager", "addons"], "readOnly": false, "type": "attribute set of ((attribute set) or list of (attribute set))"}, "services.kubernetes.addonManager.bootstrapAddons": {"declarations": ["nixos/modules/services/cluster/kubernetes/addon-manager.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Bootstrap addons are like regular addons, but they are applied with cluster-admin rights.\nThey are applied at addon-manager startup only.\n", "example": {"_type": "literalExpression", "text": "{\n  \"my-service\" = {\n    \"apiVersion\" = \"v1\";\n    \"kind\" = \"Service\";\n    \"metadata\" = {\n      \"name\" = \"my-service\";\n      \"namespace\" = \"default\";\n    };\n    \"spec\" = { ... };\n  };\n}\n"}, "loc": ["services", "kubernetes", "addonManager", "bootstrapAddons"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.kubernetes.addonManager.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/addon-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kubernetes addon manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "addonManager", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.addons.dns.clusterDomain": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalExpression", "text": "\"cluster.local\""}, "description": "Dns cluster domain", "loc": ["services", "kubernetes", "addons", "dns", "clusterDomain"], "readOnly": false, "type": "string"}, "services.kubernetes.addons.dns.clusterIp": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalMD", "text": "The `x.y.z.254` IP of\n`config.services.kubernetes.apiserver.serviceClusterIpRange`.\n"}, "description": "Dns addon clusterIP", "loc": ["services", "kubernetes", "addons", "dns", "clusterIp"], "readOnly": false, "type": "string"}, "services.kubernetes.addons.dns.corednsImage": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalExpression", "text": "<derivation docker-image-coredns.tar.gz>"}, "description": "Docker image to seed for the CoreDNS container.", "loc": ["services", "kubernetes", "addons", "dns", "corednsImage"], "readOnly": false, "type": "package"}, "services.kubernetes.addons.dns.corefile": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalExpression", "text": "''\n  .:10053 {\n    errors\n    health :10054\n    kubernetes ${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa {\n      pods insecure\n      fallthrough in-addr.arpa ip6.arpa\n    }\n    prometheus :10055\n    forward . /etc/resolv.conf\n    cache 30\n    loop\n    reload\n    loadbalance\n  }\n''\n"}, "description": "Custom coredns corefile configuration.\n\nSee: <https://coredns.io/manual/toc/#configuration>.\n", "loc": ["services", "kubernetes", "addons", "dns", "corefile"], "readOnly": false, "type": "string"}, "services.kubernetes.addons.dns.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable kubernetes dns addon.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "addons", "dns", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.addons.dns.reconcileMode": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalExpression", "text": "\"Reconcile\""}, "description": "Controls the addon manager reconciliation mode for the DNS addon.\n\nSetting reconcile mode to EnsureExists makes it possible to tailor DNS behavior by editing the coredns ConfigMap.\n\nSee: <https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/addon-manager/README.md>.\n", "loc": ["services", "kubernetes", "addons", "dns", "reconcileMode"], "readOnly": false, "type": "one of \"Reconcile\", \"EnsureExists\""}, "services.kubernetes.addons.dns.replicas": {"declarations": ["nixos/modules/services/cluster/kubernetes/addons/dns.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Number of DNS pod replicas to deploy in the cluster.", "loc": ["services", "kubernetes", "addons", "dns", "replicas"], "readOnly": false, "type": "signed integer"}, "services.kubernetes.apiserver.advertiseAddress": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes apiserver IP address on which to advertise the apiserver\nto members of the cluster. This address must be reachable by the rest\nof the cluster.\n", "loc": ["services", "kubernetes", "apiserver", "advertiseAddress"], "readOnly": false, "type": "null or string"}, "services.kubernetes.apiserver.allowPrivileged": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow privileged containers on Kubernetes.", "loc": ["services", "kubernetes", "apiserver", "allowPrivileged"], "readOnly": false, "type": "boolean"}, "services.kubernetes.apiserver.apiAudiences": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"api,https://kubernetes.default.svc\""}, "description": "Kubernetes apiserver ServiceAccount issuer.\n", "loc": ["services", "kubernetes", "apiserver", "apiAudiences"], "readOnly": false, "type": "string"}, "services.kubernetes.apiserver.authorizationMode": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"RBAC\"\n  \"Node\"\n]"}, "description": "Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node). See\n<https://kubernetes.io/docs/reference/access-authn-authz/authorization/>\n", "loc": ["services", "kubernetes", "apiserver", "authorizationMode"], "readOnly": false, "type": "list of (one of \"AlwaysAllow\", \"AlwaysDeny\", \"ABAC\", \"Webhook\", \"RBAC\", \"Node\")"}, "services.kubernetes.apiserver.authorizationPolicy": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Kubernetes apiserver authorization policy file. See\n<https://kubernetes.io/docs/reference/access-authn-authz/authorization/>\n", "loc": ["services", "kubernetes", "apiserver", "authorizationPolicy"], "readOnly": false, "type": "list of (attribute set)"}, "services.kubernetes.apiserver.basicAuthFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes apiserver basic authentication file. See\n<https://kubernetes.io/docs/reference/access-authn-authz/authentication>\n", "loc": ["services", "kubernetes", "apiserver", "basicAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.bindAddress": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "The IP address on which to listen for the --secure-port port.\nThe associated interface(s) must be reachable by the rest\nof the cluster, and by CLI/web clients.\n", "loc": ["services", "kubernetes", "apiserver", "bindAddress"], "readOnly": false, "type": "string"}, "services.kubernetes.apiserver.clientCaFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubernetes apiserver CA file for client auth.", "loc": ["services", "kubernetes", "apiserver", "clientCaFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.disableAdmissionPlugins": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Kubernetes admission control plugins to disable. See\n<https://kubernetes.io/docs/admin/admission-controllers/>\n", "loc": ["services", "kubernetes", "apiserver", "disableAdmissionPlugins"], "readOnly": false, "type": "list of string"}, "services.kubernetes.apiserver.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kubernetes apiserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "apiserver", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.apiserver.enableAdmissionPlugins": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"NamespaceLifecycle\"\n  \"LimitRanger\"\n  \"ServiceAccount\"\n  \"ResourceQuota\"\n  \"DefaultStorageClass\"\n  \"DefaultTolerationSeconds\"\n  \"NodeRestriction\"\n]"}, "description": "Kubernetes admission control plugins to enable. See\n<https://kubernetes.io/docs/admin/admission-controllers/>\n", "example": {"_type": "literalExpression", "text": "[\n  \"NamespaceLifecycle\"\n  \"NamespaceExists\"\n  \"LimitRanger\"\n  \"SecurityContextDeny\"\n  \"ServiceAccount\"\n  \"ResourceQuota\"\n  \"PodSecurityPolicy\"\n  \"NodeRestriction\"\n  \"DefaultStorageClass\"\n]"}, "loc": ["services", "kubernetes", "apiserver", "enableAdmissionPlugins"], "readOnly": false, "type": "list of string"}, "services.kubernetes.apiserver.etcd.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Etcd ca file.", "loc": ["services", "kubernetes", "apiserver", "etcd", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.etcd.certFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Etcd cert file.", "loc": ["services", "kubernetes", "apiserver", "etcd", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.etcd.keyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Etcd key file.", "loc": ["services", "kubernetes", "apiserver", "etcd", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.etcd.servers": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"http://127.0.0.1:2379\"\n]"}, "description": "List of etcd servers.", "loc": ["services", "kubernetes", "apiserver", "etcd", "servers"], "readOnly": false, "type": "list of string"}, "services.kubernetes.apiserver.extraOpts": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kubernetes apiserver extra command line options.", "loc": ["services", "kubernetes", "apiserver", "extraOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.kubernetes.apiserver.extraSANs": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.", "loc": ["services", "kubernetes", "apiserver", "extraSANs"], "readOnly": false, "type": "list of string"}, "services.kubernetes.apiserver.featureGates": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.featureGates"}, "description": "Attribute set of feature gates.", "loc": ["services", "kubernetes", "apiserver", "featureGates"], "readOnly": false, "type": "attribute set of boolean"}, "services.kubernetes.apiserver.kubeletClientCaFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Path to a cert file for connecting to kubelet.", "loc": ["services", "kubernetes", "apiserver", "kubeletClientCaFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.kubeletClientCertFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Client certificate to use for connections to kubelet.", "loc": ["services", "kubernetes", "apiserver", "kubeletClientCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.kubeletClientKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key to use for connections to kubelet.", "loc": ["services", "kubernetes", "apiserver", "kubeletClientKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.preferredAddressTypes": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "List of the preferred NodeAddressTypes to use for kubelet connections.", "loc": ["services", "kubernetes", "apiserver", "preferredAddressTypes"], "readOnly": false, "type": "null or string"}, "services.kubernetes.apiserver.proxyClientCertFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Client certificate to use for connections to proxy.", "loc": ["services", "kubernetes", "apiserver", "proxyClientCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.proxyClientKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Key to use for connections to proxy.", "loc": ["services", "kubernetes", "apiserver", "proxyClientKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.runtimeConfig": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"authentication.k8s.io/v1beta1=true\""}, "description": "Api runtime configuration. See\n<https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/>\n", "example": {"_type": "literalExpression", "text": "\"api/all=false,api/v1=true\""}, "loc": ["services", "kubernetes", "apiserver", "runtimeConfig"], "readOnly": false, "type": "string"}, "services.kubernetes.apiserver.securePort": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "6443"}, "description": "Kubernetes apiserver secure port.", "loc": ["services", "kubernetes", "apiserver", "securePort"], "readOnly": false, "type": "signed integer"}, "services.kubernetes.apiserver.serviceAccountIssuer": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"https://kubernetes.default.svc\""}, "description": "Kubernetes apiserver ServiceAccount issuer.\n", "loc": ["services", "kubernetes", "apiserver", "serviceAccountIssuer"], "readOnly": false, "type": "string"}, "services.kubernetes.apiserver.serviceAccountKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "description": "File containing PEM-encoded x509 RSA or ECDSA private or public keys,\nused to verify ServiceAccount tokens. The specified file can contain\nmultiple keys, and the flag can be specified multiple times with\ndifferent files. If unspecified, --tls-private-key-file is used.\nMust be specified when --service-account-signing-key is provided\n", "loc": ["services", "kubernetes", "apiserver", "serviceAccountKeyFile"], "readOnly": false, "type": "absolute path"}, "services.kubernetes.apiserver.serviceAccountSigningKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "description": "Path to the file that contains the current private key of the service\naccount token issuer. The issuer will sign issued ID tokens with this\nprivate key.\n", "loc": ["services", "kubernetes", "apiserver", "serviceAccountSigningKeyFile"], "readOnly": false, "type": "absolute path"}, "services.kubernetes.apiserver.serviceClusterIpRange": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"10.0.0.0/24\""}, "description": "A CIDR notation IP range from which to assign service cluster IPs.\nThis must not overlap with any IP ranges assigned to nodes for pods.\n", "loc": ["services", "kubernetes", "apiserver", "serviceClusterIpRange"], "readOnly": false, "type": "string"}, "services.kubernetes.apiserver.storageBackend": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "\"etcd3\""}, "description": "Kubernetes apiserver storage backend.\n", "loc": ["services", "kubernetes", "apiserver", "storageBackend"], "readOnly": false, "type": "one of \"etcd2\", \"etcd3\""}, "services.kubernetes.apiserver.tlsCertFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes apiserver certificate file.", "loc": ["services", "kubernetes", "apiserver", "tlsCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.tlsKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes apiserver private key file.", "loc": ["services", "kubernetes", "apiserver", "tlsKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.tokenAuthFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes apiserver token authentication file. See\n<https://kubernetes.io/docs/reference/access-authn-authz/authentication>\n", "loc": ["services", "kubernetes", "apiserver", "tokenAuthFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserver.verbosity": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional glog verbosity level for logging statements. See\n<https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md>\n", "loc": ["services", "kubernetes", "apiserver", "verbosity"], "readOnly": false, "type": "null or signed integer"}, "services.kubernetes.apiserver.webhookConfig": {"declarations": ["nixos/modules/services/cluster/kubernetes/apiserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes apiserver Webhook config file. It uses the kubeconfig file format.\nSee <https://kubernetes.io/docs/reference/access-authn-authz/webhook/>\n", "loc": ["services", "kubernetes", "apiserver", "webhookConfig"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.apiserverAddress": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "description": "Clusterwide accessible address for the kubernetes apiserver,\nincluding protocol and optional port.\n", "example": {"_type": "literalExpression", "text": "\"https://kubernetes-apiserver.example.com:6443\""}, "loc": ["services", "kubernetes", "apiserverAddress"], "readOnly": false, "type": "string"}, "services.kubernetes.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default kubernetes certificate authority", "loc": ["services", "kubernetes", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.clusterCidr": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "\"10.1.0.0/16\""}, "description": "Kubernetes controller manager and proxy CIDR Range for Pods in cluster.", "loc": ["services", "kubernetes", "clusterCidr"], "readOnly": false, "type": "null or string"}, "services.kubernetes.controllerManager.allocateNodeCIDRs": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically allocate CIDR ranges for cluster nodes.", "loc": ["services", "kubernetes", "controllerManager", "allocateNodeCIDRs"], "readOnly": false, "type": "boolean"}, "services.kubernetes.controllerManager.bindAddress": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Kubernetes controller manager listening address.", "loc": ["services", "kubernetes", "controllerManager", "bindAddress"], "readOnly": false, "type": "string"}, "services.kubernetes.controllerManager.clusterCidr": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.clusterCidr"}, "description": "Kubernetes CIDR Range for Pods in cluster.", "loc": ["services", "kubernetes", "controllerManager", "clusterCidr"], "readOnly": false, "type": "string"}, "services.kubernetes.controllerManager.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kubernetes controller manager.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "controllerManager", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.controllerManager.extraOpts": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kubernetes controller manager extra command line options.", "loc": ["services", "kubernetes", "controllerManager", "extraOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.kubernetes.controllerManager.featureGates": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.featureGates"}, "description": "Attribute set of feature gates.", "loc": ["services", "kubernetes", "controllerManager", "featureGates"], "readOnly": false, "type": "attribute set of boolean"}, "services.kubernetes.controllerManager.kubeconfig.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubernetes controller manager certificate authority file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "controllerManager", "kubeconfig", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.kubeconfig.certFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes controller manager client certificate file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "controllerManager", "kubeconfig", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.kubeconfig.keyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes controller manager client key file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "controllerManager", "kubeconfig", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.kubeconfig.server": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "description": "Kubernetes controller manager kube-apiserver server address.", "loc": ["services", "kubernetes", "controllerManager", "kubeconfig", "server"], "readOnly": false, "type": "string"}, "services.kubernetes.controllerManager.leaderElect": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to start leader election before executing main loop.", "loc": ["services", "kubernetes", "controllerManager", "leaderElect"], "readOnly": false, "type": "boolean"}, "services.kubernetes.controllerManager.rootCaFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubernetes controller manager certificate authority file included in\nservice account's token secret.\n", "loc": ["services", "kubernetes", "controllerManager", "rootCaFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.securePort": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "10252"}, "description": "Kubernetes controller manager secure listening port.", "loc": ["services", "kubernetes", "controllerManager", "securePort"], "readOnly": false, "type": "signed integer"}, "services.kubernetes.controllerManager.serviceAccountKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes controller manager PEM-encoded private RSA key file used to\nsign service account tokens\n", "loc": ["services", "kubernetes", "controllerManager", "serviceAccountKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.tlsCertFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes controller-manager certificate file.", "loc": ["services", "kubernetes", "controllerManager", "tlsCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.tlsKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes controller-manager private key file.", "loc": ["services", "kubernetes", "controllerManager", "tlsKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.controllerManager.verbosity": {"declarations": ["nixos/modules/services/cluster/kubernetes/controller-manager.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional glog verbosity level for logging statements. See\n<https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md>\n", "loc": ["services", "kubernetes", "controllerManager", "verbosity"], "readOnly": false, "type": "null or signed integer"}, "services.kubernetes.dataDir": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/kubernetes\""}, "description": "Kubernetes root directory for managing kubelet files.", "loc": ["services", "kubernetes", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.kubernetes.easyCerts": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically setup x509 certificates and keys for the entire cluster.", "loc": ["services", "kubernetes", "easyCerts"], "readOnly": false, "type": "boolean"}, "services.kubernetes.featureGates": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List set of feature gates.", "loc": ["services", "kubernetes", "featureGates"], "readOnly": false, "type": "attribute set of boolean"}, "services.kubernetes.flannel.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/flannel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable flannel networking.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "flannel", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.flannel.openFirewallPorts": {"declarations": ["nixos/modules/services/cluster/kubernetes/flannel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to open the Flannel UDP ports in the firewall on all interfaces.", "loc": ["services", "kubernetes", "flannel", "openFirewallPorts"], "readOnly": false, "type": "boolean"}, "services.kubernetes.kubeconfig.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Default kubeconfig certificate authority file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "kubeconfig", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubeconfig.certFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default kubeconfig client certificate file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "kubeconfig", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubeconfig.keyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Default kubeconfig client key file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "kubeconfig", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubeconfig.server": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "description": "Default kubeconfig kube-apiserver server address.", "loc": ["services", "kubernetes", "kubeconfig", "server"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.address": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Kubernetes kubelet info server listening address.", "loc": ["services", "kubernetes", "kubelet", "address"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.clientCaFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubernetes apiserver CA file for client authentication.", "loc": ["services", "kubernetes", "kubelet", "clientCaFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.clusterDns": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"10.1.0.1\"\n]"}, "description": "Use alternative DNS.", "loc": ["services", "kubernetes", "kubelet", "clusterDns"], "readOnly": false, "type": "list of string"}, "services.kubernetes.kubelet.clusterDomain": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.addons.dns.clusterDomain"}, "description": "Use alternative domain.", "loc": ["services", "kubernetes", "kubelet", "clusterDomain"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.cni.config": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Kubernetes CNI configuration.", "example": {"_type": "literalExpression", "text": "[{\n  \"cniVersion\": \"0.3.1\",\n  \"name\": \"mynet\",\n  \"type\": \"bridge\",\n  \"bridge\": \"cni0\",\n  \"isGateway\": true,\n  \"ipMasq\": true,\n  \"ipam\": {\n      \"type\": \"host-local\",\n      \"subnet\": \"10.22.0.0/16\",\n      \"routes\": [\n          { \"dst\": \"0.0.0.0/0\" }\n      ]\n  }\n} {\n  \"cniVersion\": \"0.3.1\",\n  \"type\": \"loopback\"\n}]\n"}, "loc": ["services", "kubernetes", "kubelet", "cni", "config"], "readOnly": false, "type": "list of (attribute set)"}, "services.kubernetes.kubelet.cni.configDir": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to Kubernetes CNI configuration directory.", "loc": ["services", "kubernetes", "kubelet", "cni", "configDir"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.cni.packages": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of network plugin packages to install.", "loc": ["services", "kubernetes", "kubelet", "cni", "packages"], "readOnly": false, "type": "list of package"}, "services.kubernetes.kubelet.containerRuntimeEndpoint": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "\"unix:///run/containerd/containerd.sock\""}, "description": "Endpoint at which to find the container runtime api interface/socket", "loc": ["services", "kubernetes", "kubelet", "containerRuntimeEndpoint"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kubernetes kubelet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "kubelet", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.kubelet.extraConfig": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Kubernetes kubelet extra configuration file entries.\n\nSee also [Set Kubelet Parameters Via A Configuration File](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)\nand [Kubelet Configuration](https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/).\n", "loc": ["services", "kubernetes", "kubelet", "extraConfig"], "readOnly": false, "type": "attribute set of (JSON value)"}, "services.kubernetes.kubelet.extraOpts": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kubernetes kubelet extra command line options.", "loc": ["services", "kubernetes", "kubelet", "extraOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.kubernetes.kubelet.featureGates": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.featureGates"}, "description": "Attribute set of feature gate", "loc": ["services", "kubernetes", "kubelet", "featureGates"], "readOnly": false, "type": "attribute set of boolean"}, "services.kubernetes.kubelet.healthz.bind": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Kubernetes kubelet healthz listening address.", "loc": ["services", "kubernetes", "kubelet", "healthz", "bind"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.healthz.port": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "10248"}, "description": "Kubernetes kubelet healthz port.", "loc": ["services", "kubernetes", "kubelet", "healthz", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kubernetes.kubelet.hostname": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "config.networking.fqdnOrHostName"}, "description": "Kubernetes kubelet hostname override.", "loc": ["services", "kubernetes", "kubelet", "hostname"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.kubeconfig.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubelet certificate authority file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "kubelet", "kubeconfig", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.kubeconfig.certFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubelet client certificate file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "kubelet", "kubeconfig", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.kubeconfig.keyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubelet client key file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "kubelet", "kubeconfig", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.kubeconfig.server": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "description": "Kubelet kube-apiserver server address.", "loc": ["services", "kubernetes", "kubelet", "kubeconfig", "server"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.manifests": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)", "loc": ["services", "kubernetes", "kubelet", "manifests"], "readOnly": false, "type": "attribute set of (attribute set)"}, "services.kubernetes.kubelet.nodeIp": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IP address of the node. If set, kubelet will use this IP address for the node.", "loc": ["services", "kubernetes", "kubelet", "nodeIp"], "readOnly": false, "type": "null or string"}, "services.kubernetes.kubelet.port": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "10250"}, "description": "Kubernetes kubelet info server listening port.", "loc": ["services", "kubernetes", "kubelet", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kubernetes.kubelet.registerNode": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to auto register kubelet with API server.", "loc": ["services", "kubernetes", "kubelet", "registerNode"], "readOnly": false, "type": "boolean"}, "services.kubernetes.kubelet.seedDockerImages": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of docker images to preload on system", "loc": ["services", "kubernetes", "kubelet", "seedDockerImages"], "readOnly": false, "type": "list of package"}, "services.kubernetes.kubelet.taints": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Node taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).", "loc": ["services", "kubernetes", "kubelet", "taints"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.kubernetes.kubelet.taints.<name>.effect": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "description": "Effect of taint.", "example": {"_type": "literalExpression", "text": "\"NoSchedule\""}, "loc": ["services", "kubernetes", "kubelet", "taints", "<name>", "effect"], "readOnly": false, "type": "one of \"NoSchedule\", \"PreferNoSchedule\", \"NoExecute\""}, "services.kubernetes.kubelet.taints.<name>.key": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalMD", "text": "Name of this submodule."}, "description": "Key of taint.", "loc": ["services", "kubernetes", "kubelet", "taints", "<name>", "key"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.taints.<name>.value": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "description": "Value of taint.", "loc": ["services", "kubernetes", "kubelet", "taints", "<name>", "value"], "readOnly": false, "type": "string"}, "services.kubernetes.kubelet.tlsCertFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing x509 Certificate for HTTPS.", "loc": ["services", "kubernetes", "kubelet", "tlsCertFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.tlsKeyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing x509 private key matching tlsCertFile.", "loc": ["services", "kubernetes", "kubelet", "tlsKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.kubelet.unschedulable": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to set node taint to unschedulable=true as it is the case of node that has only master role.", "loc": ["services", "kubernetes", "kubelet", "unschedulable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.kubelet.verbosity": {"declarations": ["nixos/modules/services/cluster/kubernetes/kubelet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional glog verbosity level for logging statements. See\n<https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md>\n", "loc": ["services", "kubernetes", "kubelet", "verbosity"], "readOnly": false, "type": "null or signed integer"}, "services.kubernetes.lib": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  mkCert = <function, args: {CN, action?, fields?, hosts?, name, privateKeyGroup?, privateKeyOwner?}>;\n  mkKubeConfig = <function>;\n  mkKubeConfigOptions = <function>;\n}"}, "description": "Common functions for the kubernetes modules.", "loc": ["services", "kubernetes", "lib"], "readOnly": false, "type": "attribute set"}, "services.kubernetes.masterAddress": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "description": "Clusterwide available network address or hostname for the kubernetes master server.", "example": {"_type": "literalExpression", "text": "\"master.example.com\""}, "loc": ["services", "kubernetes", "masterAddress"], "readOnly": false, "type": "string"}, "services.kubernetes.package": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.kubernetes"}, "description": "The kubernetes package to use.", "loc": ["services", "kubernetes", "package"], "readOnly": false, "type": "package"}, "services.kubernetes.path": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added.", "loc": ["services", "kubernetes", "path"], "readOnly": false, "type": "list of package"}, "services.kubernetes.pki.caCertPathPrefix": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "\"${config.services.cfssl.dataDir}/ca\""}, "description": "Path-prefrix for the CA-certificate to be used for cfssl signing.\nSuffixes \".pem\" and \"-key.pem\" will be automatically appended for\nthe public and private keys respectively.\n", "loc": ["services", "kubernetes", "pki", "caCertPathPrefix"], "readOnly": false, "type": "string"}, "services.kubernetes.pki.caSpec": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "{\n  CN = \"kubernetes-cluster-ca\";\n  L = \"auto-generated\";\n  O = \"NixOS\";\n  OU = \"services.kubernetes.pki.caSpec\";\n}"}, "description": "Certificate specification for the auto-generated CAcert.", "loc": ["services", "kubernetes", "pki", "caSpec"], "readOnly": false, "type": "attribute set"}, "services.kubernetes.pki.certs": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "List of certificate specs to feed to cert generator.", "loc": ["services", "kubernetes", "pki", "certs"], "readOnly": false, "type": "attribute set"}, "services.kubernetes.pki.cfsslAPIExtraSANs": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.\n", "example": {"_type": "literalExpression", "text": "[\n  \"subdomain.example.com\"\n]"}, "loc": ["services", "kubernetes", "pki", "cfsslAPIExtraSANs"], "readOnly": false, "type": "list of string"}, "services.kubernetes.pki.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable easyCert issuer service.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "pki", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.pki.etcClusterAdminKubeconfig": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Symlink a kubeconfig with cluster-admin privileges to environment path\n(/etc/\\<path\\>).\n", "loc": ["services", "kubernetes", "pki", "etcClusterAdminKubeconfig"], "readOnly": false, "type": "null or string"}, "services.kubernetes.pki.genCfsslAPICerts": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically generate cfssl API webserver TLS cert and key,\nif they don't exist.\n", "loc": ["services", "kubernetes", "pki", "genCfsslAPICerts"], "readOnly": false, "type": "boolean"}, "services.kubernetes.pki.genCfsslAPIToken": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically generate cfssl API-token secret,\nif they doesn't exist.\n", "loc": ["services", "kubernetes", "pki", "genCfsslAPIToken"], "readOnly": false, "type": "boolean"}, "services.kubernetes.pki.genCfsslCACert": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to automatically generate cfssl CA certificate and key,\nif they don't exist.\n", "loc": ["services", "kubernetes", "pki", "genCfsslCACert"], "readOnly": false, "type": "boolean"}, "services.kubernetes.pki.pkiTrustOnBootstrap": {"declarations": ["nixos/modules/services/cluster/kubernetes/pki.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to always trust remote cfssl server upon initial PKI bootstrap.", "loc": ["services", "kubernetes", "pki", "pkiTrustOnBootstrap"], "readOnly": false, "type": "boolean"}, "services.kubernetes.proxy.bindAddress": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "\"0.0.0.0\""}, "description": "Kubernetes proxy listening address.", "loc": ["services", "kubernetes", "proxy", "bindAddress"], "readOnly": false, "type": "string"}, "services.kubernetes.proxy.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kubernetes proxy.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "proxy", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.proxy.extraOpts": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kubernetes proxy extra command line options.", "loc": ["services", "kubernetes", "proxy", "extraOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.kubernetes.proxy.featureGates": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.featureGates"}, "description": "Attribute set of feature gates.", "loc": ["services", "kubernetes", "proxy", "featureGates"], "readOnly": false, "type": "attribute set of boolean"}, "services.kubernetes.proxy.hostname": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "Kubernetes proxy hostname override.", "loc": ["services", "kubernetes", "proxy", "hostname"], "readOnly": false, "type": "string"}, "services.kubernetes.proxy.kubeconfig.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubernetes proxy certificate authority file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "proxy", "kubeconfig", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.proxy.kubeconfig.certFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes proxy client certificate file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "proxy", "kubeconfig", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.proxy.kubeconfig.keyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes proxy client key file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "proxy", "kubeconfig", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.proxy.kubeconfig.server": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "description": "Kubernetes proxy kube-apiserver server address.", "loc": ["services", "kubernetes", "proxy", "kubeconfig", "server"], "readOnly": false, "type": "string"}, "services.kubernetes.proxy.verbosity": {"declarations": ["nixos/modules/services/cluster/kubernetes/proxy.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional glog verbosity level for logging statements. See\n<https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md>\n", "loc": ["services", "kubernetes", "proxy", "verbosity"], "readOnly": false, "type": "null or signed integer"}, "services.kubernetes.roles": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Kubernetes role that this machine should take.\n\nMaster role will enable etcd, apiserver, scheduler, controller manager\naddon manager, flannel and proxy services.\nNode role will enable flannel, docker, kubelet and proxy services.\n", "loc": ["services", "kubernetes", "roles"], "readOnly": false, "type": "list of (one of \"master\", \"node\")"}, "services.kubernetes.scheduler.address": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"127.0.0.1\""}, "description": "Kubernetes scheduler listening address.", "loc": ["services", "kubernetes", "scheduler", "address"], "readOnly": false, "type": "string"}, "services.kubernetes.scheduler.enable": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Kubernetes scheduler.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "kubernetes", "scheduler", "enable"], "readOnly": false, "type": "boolean"}, "services.kubernetes.scheduler.extraOpts": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Kubernetes scheduler extra command line options.", "loc": ["services", "kubernetes", "scheduler", "extraOpts"], "readOnly": false, "type": "strings concatenated with \" \""}, "services.kubernetes.scheduler.featureGates": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.featureGates"}, "description": "Attribute set of feature gates.", "loc": ["services", "kubernetes", "scheduler", "featureGates"], "readOnly": false, "type": "attribute set of boolean"}, "services.kubernetes.scheduler.kubeconfig.caFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.caFile"}, "description": "Kubernetes scheduler certificate authority file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "scheduler", "kubeconfig", "caFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.scheduler.kubeconfig.certFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes scheduler client certificate file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "scheduler", "kubeconfig", "certFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.scheduler.kubeconfig.keyFile": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Kubernetes scheduler client key file used to connect to kube-apiserver.", "loc": ["services", "kubernetes", "scheduler", "kubeconfig", "keyFile"], "readOnly": false, "type": "null or absolute path"}, "services.kubernetes.scheduler.kubeconfig.server": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "description": "Kubernetes scheduler kube-apiserver server address.", "loc": ["services", "kubernetes", "scheduler", "kubeconfig", "server"], "readOnly": false, "type": "string"}, "services.kubernetes.scheduler.leaderElect": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to start leader election before executing main loop.", "loc": ["services", "kubernetes", "scheduler", "leaderElect"], "readOnly": false, "type": "boolean"}, "services.kubernetes.scheduler.port": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "10251"}, "description": "Kubernetes scheduler listening port.", "loc": ["services", "kubernetes", "scheduler", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.kubernetes.scheduler.verbosity": {"declarations": ["nixos/modules/services/cluster/kubernetes/scheduler.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Optional glog verbosity level for logging statements. See\n<https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md>\n", "loc": ["services", "kubernetes", "scheduler", "verbosity"], "readOnly": false, "type": "null or signed integer"}, "services.kubernetes.secretsPath": {"declarations": ["nixos/modules/services/cluster/kubernetes/default.nix"], "default": {"_type": "literalExpression", "text": "config.services.kubernetes.dataDir + \"/secrets\"\n"}, "description": "Default location for kubernetes secrets. Not a store location.", "loc": ["services", "kubernetes", "secretsPath"], "readOnly": false, "type": "absolute path"}, "services.lasuite-docs.backendPackage": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lasuite-docs"}, "description": "The lasuite-docs package to use.", "loc": ["services", "lasuite-docs", "backendPackage"], "readOnly": false, "type": "package"}, "services.lasuite-docs.bind": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "\"unix:/run/lasuite-docs/gunicorn.sock\""}, "description": "The path, host/port or file descriptior to bind the gunicorn socket to.\n\nSee  <https://docs.gunicorn.org/en/stable/settings.html#bind> for possible options.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "loc": ["services", "lasuite-docs", "bind"], "readOnly": false, "type": "string"}, "services.lasuite-docs.celery.extraArgs": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the celery process.\n", "loc": ["services", "lasuite-docs", "celery", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.lasuite-docs.collaborationServer.package": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lasuite-docs-collaboration-server"}, "description": "The lasuite-docs-collaboration-server package to use.", "loc": ["services", "lasuite-docs", "collaborationServer", "package"], "readOnly": false, "type": "package"}, "services.lasuite-docs.collaborationServer.port": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "4444"}, "description": "Port used by the collaboration server to listen.\n", "loc": ["services", "lasuite-docs", "collaborationServer", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.lasuite-docs.collaborationServer.settings": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options of collaboration server.\n\nSee <https://github.com/suitenumerique/docs/blob/v4.4.0/docs/env.md>\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    COLLABORATION_LOGGING = true;\n  }\n''"}, "loc": ["services", "lasuite-docs", "collaborationServer", "settings"], "readOnly": false, "type": "open submodule of attribute set of (string or boolean)"}, "services.lasuite-docs.collaborationServer.settings.COLLABORATION_BACKEND_BASE_URL": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "https://${cfg.domain}"}, "description": "URL to the backend server base", "loc": ["services", "lasuite-docs", "collaborationServer", "settings", "COLLABORATION_BACKEND_BASE_URL"], "readOnly": false, "type": "string"}, "services.lasuite-docs.collaborationServer.settings.COLLABORATION_SERVER_ORIGIN": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "https://${cfg.domain}"}, "description": "Origins allowed to connect to the collaboration server", "loc": ["services", "lasuite-docs", "collaborationServer", "settings", "COLLABORATION_SERVER_ORIGIN"], "readOnly": false, "type": "string"}, "services.lasuite-docs.collaborationServer.settings.PORT": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "\"4444\""}, "description": "Port used by collaboration server to listen to", "loc": ["services", "lasuite-docs", "collaborationServer", "settings", "PORT"], "readOnly": true, "type": "string"}, "services.lasuite-docs.domain": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "description": "Domain name of the docs instance.\n", "loc": ["services", "lasuite-docs", "domain"], "readOnly": false, "type": "string"}, "services.lasuite-docs.enable": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SuiteNum\u00e9rique Docs.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-docs", "enable"], "readOnly": false, "type": "boolean"}, "services.lasuite-docs.enableNginx": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable enable and configure Nginx for reverse proxying.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-docs", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.lasuite-docs.environmentFile": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to environment file.\n\nThis can be useful to pass secrets to docs via tools like `agenix` or `sops`.\n", "loc": ["services", "lasuite-docs", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.lasuite-docs.frontendPackage": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lasuite-docs-frontend"}, "description": "The lasuite-docs-frontend package to use.", "loc": ["services", "lasuite-docs", "frontendPackage"], "readOnly": false, "type": "package"}, "services.lasuite-docs.gunicorn.extraArgs": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--name=impress\"\n  \"--workers=3\"\n]"}, "description": "Extra arguments to pass to the gunicorn process.\n", "loc": ["services", "lasuite-docs", "gunicorn", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.lasuite-docs.postgresql.createLocally": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local PostgreSQL database server for docs.\n", "loc": ["services", "lasuite-docs", "postgresql", "createLocally"], "readOnly": false, "type": "boolean"}, "services.lasuite-docs.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Configure local Redis cache server for docs.\n", "loc": ["services", "lasuite-docs", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.lasuite-docs.s3Url": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "description": "URL of the S3 bucket.\n", "loc": ["services", "lasuite-docs", "s3Url"], "readOnly": false, "type": "string"}, "services.lasuite-docs.secretKeyPath": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the Django secret key.\n\nThe key can be generated using:\n```\npython3 -c 'import secrets; print(secrets.token_hex())'\n```\n\nIf not set, the secret key will be automatically generated.\n", "loc": ["services", "lasuite-docs", "secretKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.lasuite-docs.settings": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options of docs.\n\nSee <https://github.com/suitenumerique/docs/blob/v4.5.0/docs/env.md>\n\n`REDIS_URL` and `CELERY_BROKER_URL` are set if `services.lasuite-docs.redis.createLocally` is true.\n`DB_HOST` is set if `services.lasuite-docs.postgresql.createLocally` is true.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    DJANGO_ALLOWED_HOSTS = \"*\";\n  }\n''"}, "loc": ["services", "lasuite-docs", "settings"], "readOnly": false, "type": "open submodule of attribute set of (null or string or boolean or absolute path or signed integer)"}, "services.lasuite-docs.settings.CELERY_BROKER_URL": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the redis backend for celery", "loc": ["services", "lasuite-docs", "settings", "CELERY_BROKER_URL"], "readOnly": false, "type": "null or string"}, "services.lasuite-docs.settings.DATA_DIR": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lasuite-docs\""}, "description": "Path to the data directory", "loc": ["services", "lasuite-docs", "settings", "DATA_DIR"], "readOnly": false, "type": "absolute path"}, "services.lasuite-docs.settings.DB_HOST": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host of the database", "loc": ["services", "lasuite-docs", "settings", "DB_HOST"], "readOnly": false, "type": "null or string"}, "services.lasuite-docs.settings.DB_NAME": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "\"lasuite-docs\""}, "description": "Name of the database", "loc": ["services", "lasuite-docs", "settings", "DB_NAME"], "readOnly": false, "type": "string"}, "services.lasuite-docs.settings.DB_USER": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "\"lasuite-docs\""}, "description": "User of the database", "loc": ["services", "lasuite-docs", "settings", "DB_USER"], "readOnly": false, "type": "string"}, "services.lasuite-docs.settings.DJANGO_ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "if cfg.enableNginx then \"localhost,127.0.0.1,${cfg.domain}\" else \"\"\n"}, "description": "Comma-separated list of hosts that are able to connect to the server", "loc": ["services", "lasuite-docs", "settings", "DJANGO_ALLOWED_HOSTS"], "readOnly": false, "type": "string"}, "services.lasuite-docs.settings.DJANGO_SECRET_KEY_FILE": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lasuite-docs/django_secret_key\""}, "description": "The path to the file containing Django's secret key", "loc": ["services", "lasuite-docs", "settings", "DJANGO_SECRET_KEY_FILE"], "readOnly": false, "type": "absolute path"}, "services.lasuite-docs.settings.REDIS_URL": {"declarations": ["nixos/modules/services/web-apps/lasuite-docs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the redis backend", "loc": ["services", "lasuite-docs", "settings", "REDIS_URL"], "readOnly": false, "type": "null or string"}, "services.lasuite-meet.backendPackage": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lasuite-meet"}, "description": "The lasuite-meet package to use.", "loc": ["services", "lasuite-meet", "backendPackage"], "readOnly": false, "type": "package"}, "services.lasuite-meet.bind": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "\"unix:/run/lasuite-meet/gunicorn.sock\""}, "description": "The path, host/port or file descriptior to bind the gunicorn socket to.\n\nSee  <https://docs.gunicorn.org/en/stable/settings.html#bind> for possible options.\n", "example": {"_type": "literalExpression", "text": "\"127.0.0.1:8000\""}, "loc": ["services", "lasuite-meet", "bind"], "readOnly": false, "type": "string"}, "services.lasuite-meet.celery.extraArgs": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the celery process.\n", "loc": ["services", "lasuite-meet", "celery", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.lasuite-meet.domain": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "description": "Domain name of the meet instance.\n", "loc": ["services", "lasuite-meet", "domain"], "readOnly": false, "type": "string"}, "services.lasuite-meet.enable": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable SuiteNum\u00e9rique Meet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-meet", "enable"], "readOnly": false, "type": "boolean"}, "services.lasuite-meet.enableNginx": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable enable and configure Nginx for reverse proxying.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-meet", "enableNginx"], "readOnly": false, "type": "boolean"}, "services.lasuite-meet.environmentFile": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to environment file.\n\nThis can be useful to pass secrets to meet via tools like `agenix` or `sops`.\n", "loc": ["services", "lasuite-meet", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.lasuite-meet.frontendPackage": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "pkgs.lasuite-meet-frontend"}, "description": "The lasuite-meet-frontend package to use.", "loc": ["services", "lasuite-meet", "frontendPackage"], "readOnly": false, "type": "package"}, "services.lasuite-meet.gunicorn.extraArgs": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--name=meet\"\n  \"--workers=3\"\n]"}, "description": "Extra arguments to pass to the gunicorn process.\n", "loc": ["services", "lasuite-meet", "gunicorn", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.lasuite-meet.livekit.enable": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable Configure local livekit server.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-meet", "livekit", "enable"], "readOnly": false, "type": "boolean"}, "services.lasuite-meet.livekit.keyFile": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "description": "LiveKit key file holding one or multiple application secrets.\nUse `livekit-server generate-keys` to generate a random key name and secret.\n\nThe file should have the YAML format `<keyname>: <secret>`.\nExample:\n`lasuite-meet: f6lQGaHtM5HfgZjIcec3cOCRfiDqIine4CpZZnqdT5cE`\n\nIndividual key/secret pairs need to be passed to clients to connect to this instance.\n", "loc": ["services", "lasuite-meet", "livekit", "keyFile"], "readOnly": false, "type": "absolute path"}, "services.lasuite-meet.livekit.openFirewall": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Open firewall ports for livekit.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-meet", "livekit", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.lasuite-meet.livekit.settings": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Settings to pass to the livekit server.\n\nSee `services.livekit.settings` for more details.\n", "loc": ["services", "lasuite-meet", "livekit", "settings"], "readOnly": false, "type": "attribute set"}, "services.lasuite-meet.postgresql.createLocally": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Configure local PostgreSQL database server for meet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-meet", "postgresql", "createLocally"], "readOnly": false, "type": "boolean"}, "services.lasuite-meet.redis.createLocally": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Configure local Redis cache server for meet.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "lasuite-meet", "redis", "createLocally"], "readOnly": false, "type": "boolean"}, "services.lasuite-meet.secretKeyPath": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to the Django secret key.\n\nThe key can be generated using:\n```\npython3 -c 'import secrets; print(secrets.token_hex())'\n```\n\nIf not set, the secret key will be automatically generated.\n", "loc": ["services", "lasuite-meet", "secretKeyPath"], "readOnly": false, "type": "null or absolute path"}, "services.lasuite-meet.settings": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options of meet.\nSee https://github.com/suitenumerique/meet/blob/v1.6.0/docs/env.md\n`REDIS_URL` and `CELERY_BROKER_URL` are set if `services.lasuite-meet.redis.createLocally` is true.\n`DB_NAME` `DB_USER` and `DB_HOST` are set if `services.lasuite-meet.postgresql.createLocally` is true.\n", "example": {"_type": "literalExpression", "text": "''\n  {\n    DJANGO_ALLOWED_HOSTS = \"*\";\n  }\n''"}, "loc": ["services", "lasuite-meet", "settings"], "readOnly": false, "type": "open submodule of lazy attribute set of (null or string or boolean or absolute path or signed integer)"}, "services.lasuite-meet.settings.CELERY_BROKER_URL": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the redis backend for celery", "loc": ["services", "lasuite-meet", "settings", "CELERY_BROKER_URL"], "readOnly": false, "type": "null or string"}, "services.lasuite-meet.settings.DB_HOST": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Host of the database", "loc": ["services", "lasuite-meet", "settings", "DB_HOST"], "readOnly": false, "type": "null or string"}, "services.lasuite-meet.settings.DB_NAME": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "\"lasuite-meet\""}, "description": "Name of the database", "loc": ["services", "lasuite-meet", "settings", "DB_NAME"], "readOnly": false, "type": "string"}, "services.lasuite-meet.settings.DB_USER": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "\"lasuite-meet\""}, "description": "User of the database", "loc": ["services", "lasuite-meet", "settings", "DB_USER"], "readOnly": false, "type": "string"}, "services.lasuite-meet.settings.DJANGO_ALLOWED_HOSTS": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "if cfg.enableNginx then \"localhost,127.0.0.1,${cfg.domain}\" else \"\"\n"}, "description": "Comma-separated list of hosts that are able to connect to the server", "loc": ["services", "lasuite-meet", "settings", "DJANGO_ALLOWED_HOSTS"], "readOnly": false, "type": "string"}, "services.lasuite-meet.settings.DJANGO_DATA_DIR": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lasuite-meet\""}, "description": "Path to the data directory", "loc": ["services", "lasuite-meet", "settings", "DJANGO_DATA_DIR"], "readOnly": false, "type": "absolute path"}, "services.lasuite-meet.settings.DJANGO_SECRET_KEY_FILE": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/lasuite-meet/django_secret_key\""}, "description": "The path to the file containing Django's secret key", "loc": ["services", "lasuite-meet", "settings", "DJANGO_SECRET_KEY_FILE"], "readOnly": false, "type": "absolute path"}, "services.lasuite-meet.settings.LIVEKIT_API_URL": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "if cfg.enableNginx && cfg.livekit.enable then\n  \"http://$${cfg.domain}/livekit\"\nelse\n  null\n"}, "description": "URL to the livekit server", "loc": ["services", "lasuite-meet", "settings", "LIVEKIT_API_URL"], "readOnly": false, "type": "null or string"}, "services.lasuite-meet.settings.REDIS_URL": {"declarations": ["nixos/modules/services/web-apps/lasuite-meet.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "URL of the redis backend", "loc": ["services", "lasuite-meet", "settings", "REDIS_URL"], "readOnly": false, "type": "null or string"}, "services.matrix-appservice-irc.enable": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the Matrix/IRC bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-appservice-irc", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-appservice-irc.localpart": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "\"appservice-irc\""}, "description": "The user_id localpart to assign to the appservice", "loc": ["services", "matrix-appservice-irc", "localpart"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.needBindingCap": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the daemon needs to bind to ports below 1024 (e.g. for the ident service)", "loc": ["services", "matrix-appservice-irc", "needBindingCap"], "readOnly": false, "type": "boolean"}, "services.matrix-appservice-irc.passwordEncryptionKeyLength": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "4096"}, "description": "Length of the key to encrypt IRC passwords with", "example": {"_type": "literalExpression", "text": "8192"}, "loc": ["services", "matrix-appservice-irc", "passwordEncryptionKeyLength"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.matrix-appservice-irc.port": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "8009"}, "description": "The port to listen on", "loc": ["services", "matrix-appservice-irc", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-appservice-irc.registrationUrl": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "description": "The URL where the application service is listening for homeserver requests,\nfrom the Matrix homeserver perspective.\n", "example": {"_type": "literalExpression", "text": "\"http://localhost:8009\""}, "loc": ["services", "matrix-appservice-irc", "registrationUrl"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for the appservice, see\n<https://github.com/matrix-org/matrix-appservice-irc/blob/4.0.0/config.sample.yaml>\nfor supported values\n", "loc": ["services", "matrix-appservice-irc", "settings"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.matrix-appservice-irc.settings.database": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration for the database", "loc": ["services", "matrix-appservice-irc", "settings", "database"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.matrix-appservice-irc.settings.database.connectionString": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "\"nedb://var/lib/matrix-appservice-irc/data\""}, "description": "The database connection string", "example": {"_type": "literalExpression", "text": "\"postgres://username:password@host:port/databasename\""}, "loc": ["services", "matrix-appservice-irc", "settings", "database", "connectionString"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings.database.engine": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "\"nedb\""}, "description": "Which database engine to use", "example": {"_type": "literalExpression", "text": "\"postgres\""}, "loc": ["services", "matrix-appservice-irc", "settings", "database", "engine"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings.homeserver": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Homeserver configuration", "loc": ["services", "matrix-appservice-irc", "settings", "homeserver"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.matrix-appservice-irc.settings.homeserver.domain": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "description": "The 'domain' part for user IDs on this home server. Usually\n(but not always) is the \"domain name\" part of the homeserver URL.\n", "loc": ["services", "matrix-appservice-irc", "settings", "homeserver", "domain"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings.homeserver.url": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "description": "The URL to the home server for client-server API calls", "loc": ["services", "matrix-appservice-irc", "settings", "homeserver", "url"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings.ircService": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "IRC bridge configuration", "loc": ["services", "matrix-appservice-irc", "settings", "ircService"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.matrix-appservice-irc.settings.ircService.mediaProxy.bindPort": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "11111"}, "description": "Port that the media proxy binds to.\n", "loc": ["services", "matrix-appservice-irc", "settings", "ircService", "mediaProxy", "bindPort"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-appservice-irc.settings.ircService.mediaProxy.publicUrl": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "description": "URL under which the media proxy is publicly acccessible.\n", "example": {"_type": "literalExpression", "text": "\"https://matrix.example.com/media\""}, "loc": ["services", "matrix-appservice-irc", "settings", "ircService", "mediaProxy", "publicUrl"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-appservice-irc/media-signingkey.jwk\""}, "description": "Path to the signing key file for authenticated media.\n", "loc": ["services", "matrix-appservice-irc", "settings", "ircService", "mediaProxy", "signingKeyPath"], "readOnly": false, "type": "absolute path"}, "services.matrix-appservice-irc.settings.ircService.mediaProxy.ttlSeconds": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "3600"}, "description": "Lifetime in seconds, that generated URLs stay valid.\n\nSet the lifetime to 0 to prevent URLs from becoming invalid.\n", "example": {"_type": "literalExpression", "text": "0"}, "loc": ["services", "matrix-appservice-irc", "settings", "ircService", "mediaProxy", "ttlSeconds"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPath": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-appservice-irc/passkey.pem\""}, "description": "Location of the key with which IRC passwords are encrypted\nfor storage. Will be generated on first run if not present.\n", "loc": ["services", "matrix-appservice-irc", "settings", "ircService", "passwordEncryptionKeyPath"], "readOnly": false, "type": "string"}, "services.matrix-appservice-irc.settings.ircService.servers": {"declarations": ["nixos/modules/services/matrix/appservice-irc.nix"], "description": "IRC servers to connect to", "loc": ["services", "matrix-appservice-irc", "settings", "ircService", "servers"], "readOnly": false, "type": "open submodule of (JSON value)"}, "services.matrix-synapse.configFile": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "Path to the configuration file on the target system. Useful to configure e.g. workers\nthat also need this.\n", "loc": ["services", "matrix-synapse", "configFile"], "readOnly": true, "type": "absolute path"}, "services.matrix-synapse.configureRedisLocally": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to automatically configure a local redis server for matrix-synapse.\n", "loc": ["services", "matrix-synapse", "configureRedisLocally"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.dataDir": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-synapse\""}, "description": "The directory where matrix-synapse stores its stateful data such as\ncertificates, media and uploads.\n", "loc": ["services", "matrix-synapse", "dataDir"], "readOnly": false, "type": "string"}, "services.matrix-synapse.enable": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable matrix.org synapse, the reference homeserver.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-synapse", "enable"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.enableRegistrationScript": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "''\n  Enabled if the client listener uses TCP sockets\n''"}, "description": "Whether to install the `register_new_matrix_user` script, that\nallows account creation on the terminal.\n\n::: {.note}\n  This script does not work when the client listener uses UNIX domain sockets\n:::\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "matrix-synapse", "enableRegistrationScript"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.extraArgs": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra command lines argument that are passed to synapse and workers.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--no-secrets-in-config\"\n]"}, "loc": ["services", "matrix-synapse", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.matrix-synapse.extraConfigFiles": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra config files to include.\n\nThe configuration files will be included based on the command line\nargument --config-path. This allows to configure secrets without\nhaving to go through the Nix store, e.g. based on deployment keys if\nNixOps is in use.\n", "loc": ["services", "matrix-synapse", "extraConfigFiles"], "readOnly": false, "type": "list of absolute path"}, "services.matrix-synapse.extras": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"systemd\"\n  \"postgres\"\n  \"url-preview\"\n]"}, "description": "Explicitly install extras provided by matrix-synapse. Most\nwill require some additional configuration.\n\nExtras will automatically be enabled, when the relevant\nconfiguration sections are present.\n\nPlease note that this option is additive: i.e. when adding a new item\nto this list, the defaults are still kept. To override the defaults as well,\nuse `lib.mkForce`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"cache-memory\" # Provide statistics about caching memory consumption\n  \"jwt\"          # JSON Web Token authentication\n  \"oidc\"         # OpenID Connect authentication\n  \"postgres\"     # PostgreSQL database backend\n  \"redis\"        # Redis support for the replication stream between worker processes\n  \"saml2\"        # SAML2 authentication\n  \"sentry\"       # Error tracking and performance metrics\n  \"systemd\"      # Provide the JournalHandler used in the default log_config\n  \"url-preview\"  # Support for oEmbed URL previews\n]\n"}, "loc": ["services", "matrix-synapse", "extras"], "readOnly": false, "type": "list of (one of \"cache-memory\", \"jwt\", \"oidc\", \"postgres\", \"redis\", \"saml2\", \"sentry\", \"systemd\", \"url-preview\")"}, "services.matrix-synapse.log": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "{\n  disable_existing_loggers = false;\n  formatters = {\n    journal_fmt = {\n      format = \"%(name)s: [%(request)s] %(message)s\";\n    };\n  };\n  handlers = {\n    journal = {\n      class = \"systemd.journal.JournalHandler\";\n      formatter = \"journal_fmt\";\n    };\n  };\n  root = {\n    handlers = [\n      \"journal\"\n    ];\n    level = \"INFO\";\n  };\n  version = 1;\n}"}, "description": "Default configuration for the loggers used by `matrix-synapse` and its workers.\nThe defaults are added with the default priority which means that\nthese will be merged with additional declarations. These additional\ndeclarations also take precedence over the defaults when declared\nwith at least normal priority. For instance\nthe log-level for synapse and its workers can be changed like this:\n\n```nix\n{ lib, ... }: {\n  services.matrix-synapse.log.root.level = \"WARNING\";\n}\n```\n\nAnd another field can be added like this:\n\n```nix\n{\n  services.matrix-synapse.log = {\n    loggers.\"synapse.http.matrixfederationclient\".level = \"DEBUG\";\n  };\n}\n```\n\nAdditionally, the field `handlers.journal.SYSLOG_IDENTIFIER` will be added to\neach log config, i.e.\n* `synapse` for `matrix-synapse.service`\n* `synapse-<worker name>` for `matrix-synapse-worker-<worker name>.service`\n\nThis is only done if this option has a `handlers.journal` field declared.\n\nTo discard all settings declared by this option for each worker and synapse,\n`lib.mkForce` can be used.\n\nTo discard all settings declared by this option for a single worker or synapse only,\n[](#opt-services.matrix-synapse.workers._name_.worker_log_config) or\n[](#opt-services.matrix-synapse.settings.log_config) can be used.\n", "loc": ["services", "matrix-synapse", "log"], "readOnly": false, "type": "attribute set of (YAML 1.1 value)"}, "services.matrix-synapse.package": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "Reference to the `matrix-synapse` wrapper with all extras\n(e.g. for `oidc` or `saml2`) added to the `PYTHONPATH` of all executables.\n\nThis option is useful to reference the \"final\" `matrix-synapse` package that's\nactually used by `matrix-synapse.service`. For instance, when using\nworkers, it's possible to run\n`${config.services.matrix-synapse.package}/bin/synapse_worker` and\nno additional PYTHONPATH needs to be specified for extras or plugins configured\nvia `services.matrix-synapse`.\n\nHowever, this means that this option is supposed to be only declared\nby the `services.matrix-synapse` module itself and is thus read-only.\nIn order to modify `matrix-synapse` itself, use an overlay to override\n`pkgs.matrix-synapse-unwrapped`.\n", "loc": ["services", "matrix-synapse", "package"], "readOnly": true, "type": "package"}, "services.matrix-synapse.plugins": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of additional Matrix plugins to make available.\n", "example": {"_type": "literalExpression", "text": "with config.services.matrix-synapse.package.plugins; [\n  matrix-synapse-ldap3\n  matrix-synapse-pam\n];\n"}, "loc": ["services", "matrix-synapse", "plugins"], "readOnly": false, "type": "list of package"}, "services.matrix-synapse.serviceUnit": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "The systemd unit (a service or a target) for other services to depend on if they\nneed to be started after matrix-synapse.\n\nThis option is useful as the actual parent unit for all matrix-synapse processes\nchanges when configuring workers.\n", "loc": ["services", "matrix-synapse", "serviceUnit"], "readOnly": true, "type": "string"}, "services.matrix-synapse.settings": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The primary synapse configuration. See the\n[sample configuration](https://github.com/element-hq/synapse/blob/v1.147.1/docs/sample_config.yaml)\nfor possible values.\n\nSecrets should be passed in by using the `extraConfigFiles` option.\n", "loc": ["services", "matrix-synapse", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.matrix-synapse.settings.app_service_config_files": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of application service config file to use\n", "loc": ["services", "matrix-synapse", "settings", "app_service_config_files"], "readOnly": false, "type": "list of absolute path"}, "services.matrix-synapse.settings.database.args.database": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "{\n  sqlite3 = \"${services.matrix-synapse.dataDir}/homeserver.db\";\n  psycopg2 = \"matrix-synapse\";\n}.${services.matrix-synapse.settings.database.name};\n"}, "description": "Name of the database when using the psycopg2 backend,\npath to the database location when using sqlite3.\n", "loc": ["services", "matrix-synapse", "settings", "database", "args", "database"], "readOnly": false, "type": "string"}, "services.matrix-synapse.settings.database.args.user": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "{\n  sqlite3 = null;\n  psycopg2 = \"matrix-synapse\";\n}.${cfg.settings.database.name};\n"}, "description": "Username to connect with psycopg2, set to null\nwhen using sqlite3.\n", "loc": ["services", "matrix-synapse", "settings", "database", "args", "user"], "readOnly": false, "type": "null or string"}, "services.matrix-synapse.settings.database.name": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "if versionAtLeast config.system.stateVersion \"18.03\"\nthen \"psycopg2\"\nelse \"sqlite3\"\n"}, "description": "The database engine name. Can be sqlite3 or psycopg2.\n", "loc": ["services", "matrix-synapse", "settings", "database", "name"], "readOnly": false, "type": "one of \"sqlite3\", \"psycopg2\""}, "services.matrix-synapse.settings.dynamic_thumbnails": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to generate new thumbnails on the fly to precisely match\nthe resolution requested by the client. If true then whenever\na new resolution is requested by the client the server will\ngenerate a new thumbnail. If false the server will pick a thumbnail\nfrom a precalculated list.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-synapse", "settings", "dynamic_thumbnails"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.enable_metrics": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable collection and rendering of performance metrics\n", "loc": ["services", "matrix-synapse", "settings", "enable_metrics"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.enable_registration": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable registration for new users.\n", "loc": ["services", "matrix-synapse", "settings", "enable_registration"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.listeners": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    bind_addresses = [\n      \"127.0.0.1\"\n    ];\n    port = 8008;\n    resources = [\n      {\n        compress = true;\n        names = [\n          \"client\"\n        ];\n      }\n      {\n        compress = false;\n        names = [\n          \"federation\"\n        ];\n      }\n    ];\n    tls = false;\n    type = \"http\";\n    x_forwarded = true;\n  }\n]"}, "description": "List of ports that Synapse should listen on, their purpose and their configuration.\n\nBy default, synapse will be configured for client and federation traffic on port 8008, and\nuse a UNIX domain socket for worker replication. See [`services.matrix-synapse.workers`](#opt-services.matrix-synapse.workers)\nfor more details.\n", "loc": ["services", "matrix-synapse", "settings", "listeners"], "readOnly": false, "type": "list of (submodule)"}, "services.matrix-synapse.settings.listeners.*.bind_addresses": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "if path != null then\n  null\nelse\n  [\n    \"::1\"\n    \"127.0.0.1\"\n  ]\n"}, "description": "IP addresses to bind the listener to.\n", "example": {"_type": "literalExpression", "text": "[\n  \"::\"\n  \"0.0.0.0\"\n]\n"}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "bind_addresses"], "readOnly": false, "type": "null or (list of string)"}, "services.matrix-synapse.settings.listeners.*.mode": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "if path != null then\n  \"660\"\nelse\n  null\n"}, "description": "File permissions on the UNIX domain socket.\n", "example": {"_type": "literalExpression", "text": "\"660\""}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "mode"], "readOnly": false, "type": "null or string matching the pattern ^[0,2-7]{3,4}$"}, "services.matrix-synapse.settings.listeners.*.path": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Unix domain socket path to bind this listener to.\n\n::: {.note}\n  This option is incompatible with {option}`bind_addresses`, {option}`port`, {option}`tls`\n  and also does not support the `metrics` and `manhole` listener {option}`type`.\n:::\n", "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "path"], "readOnly": false, "type": "null or absolute path"}, "services.matrix-synapse.settings.listeners.*.port": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to listen for HTTP(S) requests on.\n", "example": {"_type": "literalExpression", "text": "8448"}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-synapse.settings.listeners.*.resources": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "List of HTTP resources to serve on this listener.\n", "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "resources"], "readOnly": false, "type": "list of (submodule)"}, "services.matrix-synapse.settings.listeners.*.resources.*.compress": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether synapse should compress HTTP responses to clients that support it.\nThis should be disabled if running synapse behind a load balancer\nthat can do automatic compression.\n", "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "resources", "*", "compress"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.listeners.*.resources.*.names": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "List of resources to host on this listener.\n", "example": {"_type": "literalExpression", "text": "[\n  \"client\"\n]"}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "resources", "*", "names"], "readOnly": false, "type": "list of (one of \"client\", \"consent\", \"federation\", \"health\", \"keys\", \"media\", \"metrics\", \"openid\", \"replication\", \"static\")"}, "services.matrix-synapse.settings.listeners.*.tls": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "''\n  Enabled for the main instance listener, unless it is configured with a UNIX domain socket path.\n''"}, "description": "Whether to enable TLS on the listener socket.\n\n::: {.note}\n  This option will be ignored for UNIX domain sockets.\n:::\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "tls"], "readOnly": false, "type": "null or boolean"}, "services.matrix-synapse.settings.listeners.*.type": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "The type of the listener, usually http.\n", "example": {"_type": "literalExpression", "text": "\"metrics\""}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "type"], "readOnly": false, "type": "one of \"http\", \"manhole\", \"metrics\", \"replication\""}, "services.matrix-synapse.settings.listeners.*.x_forwarded": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "''\n  Enabled if the listener is configured with a UNIX domain socket path\n''"}, "description": "Use the X-Forwarded-For (XFF) header as the client IP and not the\nactual client IP.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-synapse", "settings", "listeners", "*", "x_forwarded"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.log_config": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalMD", "text": "Path to a yaml file generated from this Nix expression:\n\n```\n{\n  disable_existing_loggers = false;\n  formatters = {\n    journal_fmt = {\n      format = \"%(name)s: [%(request)s] %(message)s\";\n    };\n  };\n  handlers = {\n    journal = {\n      SYSLOG_IDENTIFIER = \"synapse\";\n      class = \"systemd.journal.JournalHandler\";\n      formatter = \"journal_fmt\";\n    };\n  };\n  root = {\n    handlers = [\n      \"journal\"\n    ];\n    level = \"INFO\";\n  };\n  version = 1;\n}\n```\n"}, "description": "The file that holds the logging configuration.\n", "loc": ["services", "matrix-synapse", "settings", "log_config"], "readOnly": false, "type": "absolute path"}, "services.matrix-synapse.settings.macaroon_secret_key": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Secret key for authentication tokens. If none is specified,\nthe registration_shared_secret is used, if one is given; otherwise,\na secret key is derived from the signing key.\n\nSecrets should be passed in via `extraConfigFiles`!\n", "loc": ["services", "matrix-synapse", "settings", "macaroon_secret_key"], "readOnly": false, "type": "null or string"}, "services.matrix-synapse.settings.max_image_pixels": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"32M\""}, "description": "Maximum number of pixels that will be thumbnailed\n", "example": {"_type": "literalExpression", "text": "\"64M\""}, "loc": ["services", "matrix-synapse", "settings", "max_image_pixels"], "readOnly": false, "type": "string"}, "services.matrix-synapse.settings.max_upload_size": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"50M\""}, "description": "The largest allowed upload size in bytes\n", "example": {"_type": "literalExpression", "text": "\"100M\""}, "loc": ["services", "matrix-synapse", "settings", "max_upload_size"], "readOnly": false, "type": "string"}, "services.matrix-synapse.settings.media_store_path": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-synapse/media_store for when system.stateVersion is at least 22.05, /var/lib/matrix-synapse/media when lower than 22.05\""}, "description": "Directory where uploaded images and attachments are stored.\n", "loc": ["services", "matrix-synapse", "settings", "media_store_path"], "readOnly": false, "type": "absolute path"}, "services.matrix-synapse.settings.pid_file": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"/run/matrix-synapse.pid\""}, "description": "The file to store the PID in.\n", "loc": ["services", "matrix-synapse", "settings", "pid_file"], "readOnly": true, "type": "absolute path"}, "services.matrix-synapse.settings.presence.enabled": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable presence tracking.\n\nPresence tracking allows users to see the state (e.g online/offline)\nof other local and remote users.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "matrix-synapse", "settings", "presence", "enabled"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.public_baseurl": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The public-facing base URL for the client API (not including _matrix/...)\n", "example": {"_type": "literalExpression", "text": "\"https://example.com:8448/\""}, "loc": ["services", "matrix-synapse", "settings", "public_baseurl"], "readOnly": false, "type": "null or string"}, "services.matrix-synapse.settings.redis": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Redis configuration for synapse.\n\nSee the\n[upstream documentation](https://github.com/element-hq/synapse/blob/v1.147.1/docs/usage/configuration/config_documentation.md#redis)\nfor available options.\n", "loc": ["services", "matrix-synapse", "settings", "redis"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.matrix-synapse.settings.redis.enabled": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to use redis support\n", "loc": ["services", "matrix-synapse", "settings", "redis", "enabled"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.registration_shared_secret": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "If set, allows registration by anyone who also has the shared\nsecret, even if registration is otherwise disabled.\n\nSecrets should be passed in via `extraConfigFiles`!\n", "loc": ["services", "matrix-synapse", "settings", "registration_shared_secret"], "readOnly": false, "type": "null or string"}, "services.matrix-synapse.settings.report_stats": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether or not to report anonymized homeserver usage statistics.\n", "loc": ["services", "matrix-synapse", "settings", "report_stats"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.server_name": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName"}, "description": "The domain name of the server, with optional explicit port.\nThis is used by remote servers to look up the server address.\nThis is also the last part of your UserID.\n\nThe server_name cannot be changed later so it is important to configure this correctly before you start Synapse.\n", "example": {"_type": "literalExpression", "text": "\"example.com\""}, "loc": ["services", "matrix-synapse", "settings", "server_name"], "readOnly": false, "type": "string"}, "services.matrix-synapse.settings.signing_key_path": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/matrix-synapse/homeserver.signing.key\""}, "description": "Path to the signing key to sign messages with.\n", "loc": ["services", "matrix-synapse", "settings", "signing_key_path"], "readOnly": false, "type": "absolute path"}, "services.matrix-synapse.settings.tls_certificate_path": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "PEM encoded X509 certificate for TLS.\nYou can replace the self-signed certificate that synapse\nautogenerates on launch with your own SSL certificate + key pair\nif you like.  Any required intermediary certificates can be\nappended after the primary certificate in hierarchical order.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/example.com/fullchain.pem\""}, "loc": ["services", "matrix-synapse", "settings", "tls_certificate_path"], "readOnly": false, "type": "null or string"}, "services.matrix-synapse.settings.tls_private_key_path": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "PEM encoded private key for TLS. Specify null if synapse is not\nspeaking TLS directly.\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/acme/example.com/key.pem\""}, "loc": ["services", "matrix-synapse", "settings", "tls_private_key_path"], "readOnly": false, "type": "null or string"}, "services.matrix-synapse.settings.trusted_key_servers": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    server_name = \"matrix.org\";\n    verify_keys = {\n      \"ed25519:auto\" = \"Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw\";\n    };\n  }\n]"}, "description": "The trusted servers to download signing keys from.\n", "loc": ["services", "matrix-synapse", "settings", "trusted_key_servers"], "readOnly": false, "type": "list of (open submodule of (YAML 1.1 value))"}, "services.matrix-synapse.settings.trusted_key_servers.*.server_name": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "Hostname of the trusted server.\n", "example": {"_type": "literalExpression", "text": "\"matrix.org\""}, "loc": ["services", "matrix-synapse", "settings", "trusted_key_servers", "*", "server_name"], "readOnly": false, "type": "string"}, "services.matrix-synapse.settings.turn_shared_secret": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The shared secret used to compute passwords for the TURN server.\n\nSecrets should be passed in via `extraConfigFiles`!\n", "example": {"_type": "literalExpression", "text": "config.services.coturn.static-auth-secret\n"}, "loc": ["services", "matrix-synapse", "settings", "turn_shared_secret"], "readOnly": false, "type": "string"}, "services.matrix-synapse.settings.turn_uris": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The public URIs of the TURN server to give to clients\n", "example": {"_type": "literalExpression", "text": "[\n  \"turn:turn.example.com:3487?transport=udp\"\n  \"turn:turn.example.com:3487?transport=tcp\"\n  \"turns:turn.example.com:5349?transport=udp\"\n  \"turns:turn.example.com:5349?transport=tcp\"\n]"}, "loc": ["services", "matrix-synapse", "settings", "turn_uris"], "readOnly": false, "type": "list of string"}, "services.matrix-synapse.settings.url_preview_enabled": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Is the preview URL API enabled?  If enabled, you *must* specify an\nexplicit url_preview_ip_range_blacklist of IPs that the spider is\ndenied from accessing.\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "matrix-synapse", "settings", "url_preview_enabled"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.settings.url_preview_ip_range_blacklist": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"10.0.0.0/8\"\n  \"100.64.0.0/10\"\n  \"127.0.0.0/8\"\n  \"169.254.0.0/16\"\n  \"172.16.0.0/12\"\n  \"192.0.0.0/24\"\n  \"192.0.2.0/24\"\n  \"192.168.0.0/16\"\n  \"192.88.99.0/24\"\n  \"198.18.0.0/15\"\n  \"198.51.100.0/24\"\n  \"2001:db8::/32\"\n  \"203.0.113.0/24\"\n  \"224.0.0.0/4\"\n  \"::1/128\"\n  \"fc00::/7\"\n  \"fe80::/10\"\n  \"fec0::/10\"\n  \"ff00::/8\"\n]"}, "description": "List of IP address CIDR ranges that the URL preview spider is denied\nfrom accessing.\n", "loc": ["services", "matrix-synapse", "settings", "url_preview_ip_range_blacklist"], "readOnly": false, "type": "list of string"}, "services.matrix-synapse.settings.url_preview_ip_range_whitelist": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of IP address CIDR ranges that the URL preview spider is allowed\nto access even if they are specified in url_preview_ip_range_blacklist.\n", "loc": ["services", "matrix-synapse", "settings", "url_preview_ip_range_whitelist"], "readOnly": false, "type": "list of string"}, "services.matrix-synapse.settings.url_preview_url_blacklist": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Optional list of URL matches that the URL preview spider is\ndenied from accessing.\n", "example": {"_type": "literalExpression", "text": "[\n  { scheme = \"http\"; } # no http previews\n  { netloc = \"www.acme.com\"; path = \"/foo\"; } # block http(s)://www.acme.com/foo\n]\n"}, "loc": ["services", "matrix-synapse", "settings", "url_preview_url_blacklist"], "readOnly": false, "type": "list of ((attribute set of string) or string convertible to it)"}, "services.matrix-synapse.withJemalloc": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to preload jemalloc to reduce memory fragmentation and overall usage.\n", "loc": ["services", "matrix-synapse", "withJemalloc"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.workers": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Options for configuring workers. Worker support will be enabled if at least one worker is configured here.\n\nSee the [worker documention](https://element-hq.github.io/synapse/latest/workers.html#worker-configuration)\nfor possible options for each worker. Worker-specific options overriding the shared homeserver configuration can be\nspecified here for each worker.\n\n::: {.note}\n  Worker support will add a replication listener on port 9093 to the main synapse process using the default\n  value of [`services.matrix-synapse.settings.listeners`](#opt-services.matrix-synapse.settings.listeners) and configure that\n  listener as `services.matrix-synapse.settings.instance_map.main`.\n  If you set either of those options, make sure to configure a replication listener yourself.\n\n  A redis server is required for running workers. A local one can be enabled\n  using [`services.matrix-synapse.configureRedisLocally`](#opt-services.matrix-synapse.configureRedisLocally).\n\n  Workers also require a proper reverse proxy setup to direct incoming requests to the appropriate process. See\n  the [reverse proxy documentation](https://element-hq.github.io/synapse/latest/reverse_proxy.html) for a\n  general reverse proxying setup and\n  the [worker documentation](https://element-hq.github.io/synapse/latest/workers.html#available-worker-applications)\n  for the available endpoints per worker application.\n:::\n", "example": {"_type": "literalExpression", "text": "{\n  \"federation_sender\" = { };\n  \"federation_receiver\" = {\n    worker_listeners = [\n      {\n        type = \"http\";\n        port = 8009;\n        bind_addresses = [ \"127.0.0.1\" ];\n        tls = false;\n        x_forwarded = true;\n        resources = [{\n          names = [ \"federation\" ];\n        }];\n      }\n    ];\n  };\n}\n"}, "loc": ["services", "matrix-synapse", "workers"], "readOnly": false, "type": "attribute set of (open submodule of (YAML 1.1 value))"}, "services.matrix-synapse.workers.<name>.worker_app": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"synapse.app.generic_worker\""}, "description": "Type of this worker", "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_app"], "readOnly": false, "type": "one of \"synapse.app.generic_worker\", \"synapse.app.media_repository\""}, "services.matrix-synapse.workers.<name>.worker_listeners": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of ports that this worker should listen on, their purpose and their configuration.\n", "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners"], "readOnly": false, "type": "list of (submodule)"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.bind_addresses": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "if path != null then\n  null\nelse\n  [\n    \"::1\"\n    \"127.0.0.1\"\n  ]\n"}, "description": "IP addresses to bind the listener to.\n", "example": {"_type": "literalExpression", "text": "[\n  \"::\"\n  \"0.0.0.0\"\n]\n"}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "bind_addresses"], "readOnly": false, "type": "null or (list of string)"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.mode": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "if path != null then\n  \"660\"\nelse\n  null\n"}, "description": "File permissions on the UNIX domain socket.\n", "example": {"_type": "literalExpression", "text": "\"660\""}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "mode"], "readOnly": false, "type": "null or string matching the pattern ^[0,2-7]{3,4}$"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.path": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Unix domain socket path to bind this listener to.\n\n::: {.note}\n  This option is incompatible with {option}`bind_addresses`, {option}`port`, {option}`tls`\n  and also does not support the `metrics` and `manhole` listener {option}`type`.\n:::\n", "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "path"], "readOnly": false, "type": "null or absolute path"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.port": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The port to listen for HTTP(S) requests on.\n", "example": {"_type": "literalExpression", "text": "8448"}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "port"], "readOnly": false, "type": "null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.resources": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "List of HTTP resources to serve on this listener.\n", "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "resources"], "readOnly": false, "type": "list of (submodule)"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether synapse should compress HTTP responses to clients that support it.\nThis should be disabled if running synapse behind a load balancer\nthat can do automatic compression.\n", "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "resources", "*", "compress"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "description": "List of resources to host on this listener.\n", "example": {"_type": "literalExpression", "text": "[\n  \"client\"\n]"}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "resources", "*", "names"], "readOnly": false, "type": "list of (one of \"client\", \"consent\", \"federation\", \"health\", \"keys\", \"media\", \"metrics\", \"openid\", \"replication\", \"static\")"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.tls": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "''\n  Enabled for the main instance listener, unless it is configured with a UNIX domain socket path.\n''"}, "description": "Whether to enable TLS on the listener socket.\n\n::: {.note}\n  This option will be ignored for UNIX domain sockets.\n:::\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "tls"], "readOnly": false, "type": "null or boolean"}, "services.matrix-synapse.workers.<name>.worker_listeners.*.type": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "\"http\""}, "description": "The type of the listener, usually http.\n", "example": {"_type": "literalExpression", "text": "\"metrics\""}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "type"], "readOnly": false, "type": "one of \"http\", \"manhole\", \"metrics\", \"replication\""}, "services.matrix-synapse.workers.<name>.worker_listeners.*.x_forwarded": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalExpression", "text": "''\n  Enabled if the listener is configured with a UNIX domain socket path\n''"}, "description": "Use the X-Forwarded-For (XFF) header as the client IP and not the\nactual client IP.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_listeners", "*", "x_forwarded"], "readOnly": false, "type": "boolean"}, "services.matrix-synapse.workers.<name>.worker_log_config": {"declarations": ["nixos/modules/services/matrix/synapse.nix"], "default": {"_type": "literalMD", "text": "Path to a yaml file generated from this Nix expression:\n\n```\n{\n  disable_existing_loggers = false;\n  formatters = {\n    journal_fmt = {\n      format = \"%(name)s: [%(request)s] %(message)s\";\n    };\n  };\n  handlers = {\n    journal = {\n      SYSLOG_IDENTIFIER = \"synapse-\u2039name\u203a\";\n      class = \"systemd.journal.JournalHandler\";\n      formatter = \"journal_fmt\";\n    };\n  };\n  root = {\n    handlers = [\n      \"journal\"\n    ];\n    level = \"INFO\";\n  };\n  version = 1;\n}\n```\n"}, "description": "The file for log configuration.\n\nSee the [python documentation](https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema)\nfor the schema and the [upstream repository](https://github.com/element-hq/synapse/blob/v1.147.1/docs/sample_log_config.yaml)\nfor an example.\n", "loc": ["services", "matrix-synapse", "workers", "<name>", "worker_log_config"], "readOnly": false, "type": "absolute path"}, "services.mautrix-signal.enable": {"declarations": ["nixos/modules/services/matrix/mautrix-signal.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mautrix-signal, a Matrix-Signal puppeting bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mautrix-signal", "enable"], "readOnly": false, "type": "boolean"}, "services.mautrix-signal.environmentFile": {"declarations": ["nixos/modules/services/matrix/mautrix-signal.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to the mautrix-signal service.\nIf an environment variable `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET` is set,\nthen its value will be used in the configuration file for the option\n`double_puppet.secrets` without leaking it to the store, using the configured\n`homeserver.domain` as key.\n", "loc": ["services", "mautrix-signal", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mautrix-signal.package": {"declarations": ["nixos/modules/services/matrix/mautrix-signal.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mautrix-signal"}, "description": "The mautrix-signal package to use.", "loc": ["services", "mautrix-signal", "package"], "readOnly": false, "type": "package"}, "services.mautrix-signal.registerToSynapse": {"declarations": ["nixos/modules/services/matrix/mautrix-signal.nix"], "default": {"_type": "literalExpression", "text": "config.services.matrix-synapse.enable\n"}, "description": "Whether to add the bridge's app service registration file to\n`services.matrix-synapse.settings.app_service_config_files`.\n", "loc": ["services", "mautrix-signal", "registerToSynapse"], "readOnly": false, "type": "boolean"}, "services.mautrix-signal.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/mautrix-signal.nix"], "default": {"_type": "literalExpression", "text": "(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)\n++ (optional config.services.matrix-conduit.enable \"conduit.service\")\n"}, "description": "List of systemd units to require and wait for when starting the application service.\n", "loc": ["services", "mautrix-signal", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.mautrix-signal.settings": {"declarations": ["nixos/modules/services/matrix/mautrix-signal.nix"], "default": {"_type": "literalExpression", "text": "{\n  appservice = {\n    as_token = \"\";\n    bot = {\n      displayname = \"Signal Bridge Bot\";\n      username = \"signalbot\";\n    };\n    hostname = \"[::]\";\n    hs_token = \"\";\n    id = \"signal\";\n    port = 29328;\n    username_template = \"signal_{{.}}\";\n  };\n  bridge = {\n    command_prefix = \"!signal\";\n    permissions = {\n      \"*\" = \"relay\";\n    };\n    relay = {\n      enabled = true;\n    };\n  };\n  database = {\n    type = \"sqlite3\";\n    uri = \"file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate\";\n  };\n  direct_media = {\n    server_key = \"\";\n  };\n  double_puppet = {\n    secrets = { };\n    servers = { };\n  };\n  encryption = {\n    pickle_key = \"\";\n  };\n  homeserver = {\n    address = \"http://localhost:8448\";\n  };\n  logging = {\n    min_level = \"info\";\n    writers = [\n      {\n        format = \"pretty-colored\";\n        time_format = \" \";\n        type = \"stdout\";\n      }\n    ];\n  };\n  network = {\n    displayname_template = \"{{or .ProfileName .PhoneNumber \\\"Unknown user\\\"}}\";\n  };\n  provisioning = {\n    shared_secret = \"\";\n  };\n  public_media = {\n    signing_key = \"\";\n  };\n}"}, "description": "{file}`config.yaml` configuration as a Nix attribute set.\nConfiguration options should match those described in the example configuration.\nGet an example configuration by executing `mautrix-signal -c example.yaml --generate-example-config`\nSecret tokens should be specified using {option}`environmentFile`\ninstead of this world-readable attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  appservice = {\n    ephemeral_events = false;\n    id = \"signal\";\n  };\n  backfill = {\n    enabled = true;\n  };\n  bridge = {\n    mute_only_on_create = false;\n    permissions = {\n      \"example.com\" = \"user\";\n    };\n    private_chat_portal_meta = true;\n  };\n  database = {\n    type = \"postgres\";\n    uri = \"postgresql:///mautrix_signal?host=/run/postgresql\";\n  };\n  encryption = {\n    allow = true;\n    default = true;\n    pickle_key = \"$ENCRYPTION_PICKLE_KEY\";\n    require = true;\n  };\n  homeserver = {\n    address = \"http://[::1]:8008\";\n    domain = \"my-domain.tld\";\n  };\n  matrix = {\n    message_status_events = true;\n  };\n  provisioning = {\n    shared_secret = \"disable\";\n  };\n}"}, "loc": ["services", "mautrix-signal", "settings"], "readOnly": false, "type": "JSON value"}, "services.mautrix-whatsapp.enable": {"declarations": ["nixos/modules/services/matrix/mautrix-whatsapp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable mautrix-whatsapp, a Matrix-WhatsApp puppeting bridge.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "mautrix-whatsapp", "enable"], "readOnly": false, "type": "boolean"}, "services.mautrix-whatsapp.environmentFile": {"declarations": ["nixos/modules/services/matrix/mautrix-whatsapp.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File containing environment variables to be passed to the mautrix-whatsapp service.\nIf an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,\nthen its value will be used in the configuration file for the option\n`double_puppet.secrets` without leaking it to the store, using the configured\n`homeserver.domain` as key.\n", "loc": ["services", "mautrix-whatsapp", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.mautrix-whatsapp.package": {"declarations": ["nixos/modules/services/matrix/mautrix-whatsapp.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mautrix-whatsapp"}, "description": "The mautrix-whatsapp package to use.", "loc": ["services", "mautrix-whatsapp", "package"], "readOnly": false, "type": "package"}, "services.mautrix-whatsapp.registerToSynapse": {"declarations": ["nixos/modules/services/matrix/mautrix-whatsapp.nix"], "default": {"_type": "literalExpression", "text": "config.services.matrix-synapse.enable"}, "description": "Whether to add the bridge's app service registration file to\n`services.matrix-synapse.settings.app_service_config_files`.\n", "loc": ["services", "mautrix-whatsapp", "registerToSynapse"], "readOnly": false, "type": "boolean"}, "services.mautrix-whatsapp.serviceDependencies": {"declarations": ["nixos/modules/services/matrix/mautrix-whatsapp.nix"], "default": {"_type": "literalExpression", "text": "optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit\n++ optional config.services.matrix-conduit.enable \"conduit.service\"\n"}, "description": "List of systemd units to require and wait for when starting the application service.\n", "loc": ["services", "mautrix-whatsapp", "serviceDependencies"], "readOnly": false, "type": "list of string"}, "services.mautrix-whatsapp.settings": {"declarations": ["nixos/modules/services/matrix/mautrix-whatsapp.nix"], "default": {"_type": "literalExpression", "text": "{\n  appservice = {\n    as_token = \"\";\n    bot = {\n      displayname = \"WhatsApp Bridge Bot\";\n      username = \"whatsappbot\";\n    };\n    hostname = \"[::]\";\n    hs_token = \"\";\n    id = \"whatsapp\";\n    port = 29318;\n    username_template = \"whatsapp_{{.}}\";\n  };\n  bridge = {\n    command_prefix = \"!wa\";\n    permissions = {\n      \"*\" = \"relay\";\n    };\n    relay = {\n      enabled = true;\n    };\n  };\n  database = {\n    type = \"sqlite3-fk-wal\";\n    uri = \"file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate\";\n  };\n  direct_media = {\n    server_key = \"\";\n  };\n  double_puppet = {\n    secrets = { };\n    servers = { };\n  };\n  encryption = {\n    pickle_key = \"\";\n  };\n  homeserver = {\n    address = \"http://localhost:8448\";\n  };\n  logging = {\n    min_level = \"info\";\n    writers = [\n      {\n        format = \"pretty-colored\";\n        time_format = \" \";\n        type = \"stdout\";\n      }\n    ];\n  };\n  network = {\n    displayname_template = \"{{or .BusinessName .PushName .Phone}} (WA)\";\n    history_sync = {\n      request_full_sync = true;\n    };\n    identity_change_notices = true;\n  };\n  provisioning = {\n    shared_secret = \"\";\n  };\n  public_media = {\n    signing_key = \"\";\n  };\n}"}, "description": "{file}`config.yaml` configuration as a Nix attribute set.\nConfiguration options should match those described in the example configuration.\nGet an example configuration by executing `mautrix-whatsapp -c example.yaml --generate-example-config`\nSecret tokens should be specified using {option}`environmentFile`\ninstead of this world-readable attribute set.\n", "example": {"_type": "literalExpression", "text": "{\n  appservice = {\n    ephemeral_events = false;\n    id = \"whatsapp\";\n  };\n  backfill = {\n    enabled = true;\n  };\n  bridge = {\n    mute_only_on_create = false;\n    permissions = {\n      \"example.com\" = \"user\";\n    };\n    private_chat_portal_meta = true;\n  };\n  database = {\n    type = \"postgres\";\n    uri = \"postgresql:///mautrix_whatsapp?host=/run/postgresql\";\n  };\n  encryption = {\n    allow = true;\n    default = true;\n    pickle_key = \"$ENCRYPTION_PICKLE_KEY\";\n    require = true;\n  };\n  homeserver = {\n    address = \"http://[::1]:8008\";\n    domain = \"my-domain.tld\";\n  };\n  matrix = {\n    message_status_events = true;\n  };\n  provisioning = {\n    shared_secret = \"disable\";\n  };\n}"}, "loc": ["services", "mautrix-whatsapp", "settings"], "readOnly": false, "type": "JSON value"}, "services.music-assistant.enable": {"declarations": ["nixos/modules/services/audio/music-assistant.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Music Assistant.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "music-assistant", "enable"], "readOnly": false, "type": "boolean"}, "services.music-assistant.extraOptions": {"declarations": ["nixos/modules/services/audio/music-assistant.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"--config\"\n  \"/var/lib/music-assistant\"\n]"}, "description": "List of extra options to pass to the music-assistant executable.\n", "example": {"_type": "literalExpression", "text": "[\n  \"--log-level\"\n  \"DEBUG\"\n]"}, "loc": ["services", "music-assistant", "extraOptions"], "readOnly": false, "type": "list of string"}, "services.music-assistant.package": {"declarations": ["nixos/modules/services/audio/music-assistant.nix"], "default": {"_type": "literalExpression", "text": "pkgs.music-assistant"}, "description": "The music-assistant package to use.", "loc": ["services", "music-assistant", "package"], "readOnly": false, "type": "package"}, "services.music-assistant.providers": {"declarations": ["nixos/modules/services/audio/music-assistant.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of provider names for which dependencies will be installed.\n", "example": {"_type": "literalExpression", "text": "[\n  \"opensubsonic\"\n  \"snapcast\"\n]"}, "loc": ["services", "music-assistant", "providers"], "readOnly": false, "type": "list of (one of \"airplay\", \"airplay_receiver\", \"alexa\", \"apple_music\", \"ard_audiothek\", \"audible\", \"audiobookshelf\", \"bbc_sounds\", \"bluesound\", \"builtin\", \"chromecast\", \"deezer\", \"digitally_incorporated\", \"dlna\", \"fanarttv\", \"filesystem_local\", \"filesystem_smb\", \"fully_kiosk\", \"genius_lyrics\", \"gpodder\", \"hass\", \"hass_players\", \"ibroadcast\", \"internet_archive\", \"itunes_podcasts\", \"jellyfin\", \"lastfm_scrobble\", \"listenbrainz_scrobble\", \"lrclib\", \"musicbrainz\", \"musiccast\", \"nicovideo\", \"nugs\", \"opensubsonic\", \"phishin\", \"plex\", \"plex_connect\", \"podcast_index\", \"podcastfeed\", \"qobuz\", \"radiobrowser\", \"radioparadise\", \"roku_media_assistant\", \"sendspin\", \"siriusxm\", \"snapcast\", \"sonos\", \"sonos_s1\", \"soundcloud\", \"spotify\", \"spotify_connect\", \"squeezelite\", \"subsonic_scrobble\", \"test\", \"theaudiodb\", \"tidal\", \"tunein\", \"universal_group\", \"vban_receiver\", \"ytmusic\")"}, "services.nghttpx.backend-address-family": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Specify address family of backend connections. If \"auto\" is\ngiven, both IPv4 and IPv6 are considered. If \"IPv4\" is given,\nonly IPv4 address is considered. If \"IPv6\" is given, only IPv6\naddress is considered.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backend-address-family>\n", "loc": ["services", "nghttpx", "backend-address-family"], "readOnly": false, "type": "one of \"auto\", \"IPv4\", \"IPv6\""}, "services.nghttpx.backends": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "description": "A list of backend specifications.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    params = {\n      proto = \"http/1.1\";\n      redirect-if-not-tls = true;\n    };\n    patterns = [\n      \"/\"\n    ];\n    server = {\n      host = \"172.16.0.22\";\n      port = 8443;\n    };\n  }\n]"}, "loc": ["services", "nghttpx", "backends"], "readOnly": false, "type": "list of (submodule)"}, "services.nghttpx.backends.*.params": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Parameters to configure a backend.\n", "example": {"_type": "literalExpression", "text": "{\n  proto = \"h2\";\n  tls = true;\n}"}, "loc": ["services", "nghttpx", "backends", "*", "params"], "readOnly": false, "type": "null or (submodule)"}, "services.nghttpx.backends.*.params.affinity": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"none\""}, "description": "If \"ip\" is given, client IP based session affinity is\nenabled. If \"none\" is given, session affinity is disabled.\n\nSession affinity is enabled (by nghttpx) per-backend\npattern. If at least one backend has a non-\"none\" affinity,\nthen session affinity is enabled for all backend servers\nsharing the same pattern.\n\nIt is advised to set affinity on all backends explicitly if\nsession affinity is desired. The session affinity may break if\none of the backend gets unreachable, or backend settings are\nreloaded or replaced by API.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "affinity"], "readOnly": false, "type": "one of \"ip\", \"none\""}, "services.nghttpx.backends.*.params.dns": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Name resolution of a backends host name is done at start up,\nor configuration reload. If \"dns\" is true, name resolution\ntakes place dynamically.\n\nThis is useful if a backends address changes frequently. If\n\"dns\" is true, name resolution of a backend's host name at\nstart up, or configuration reload is skipped.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "dns"], "readOnly": false, "type": "boolean"}, "services.nghttpx.backends.*.params.fall": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "If nghttpx cannot connect to the backend N times in a row, the\nbackend is assumed to be offline and is excluded from load\nbalancing. If N is 0 the backend is never excluded from load\nbalancing.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "fall"], "readOnly": false, "type": "signed integer"}, "services.nghttpx.backends.*.params.proto": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"http/1.1\""}, "description": "This option configures the protocol the backend server expects\nto use.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "proto"], "readOnly": false, "type": "one of \"h2\", \"http/1.1\""}, "services.nghttpx.backends.*.params.redirect-if-not-tls": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If true, a backend match requires the frontend connection be\nTLS encrypted. If it is not, nghttpx responds to the request\nwith a 308 status code and https URI the client should use\ninstead in the Location header.\n\nThe port number in the redirect URI is 443 by default and can\nbe changed using 'services.nghttpx.redirect-https-port'\noption.\n\nIf at least one backend has \"redirect-if-not-tls\" set to true,\nthis feature is enabled for all backend servers with the same\npattern. It is advised to set \"redirect-if-no-tls\" parameter\nto all backends explicitly if this feature is desired.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "redirect-if-not-tls"], "readOnly": false, "type": "boolean"}, "services.nghttpx.backends.*.params.rise": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "If the backend is excluded from load balancing, nghttpx will\nperiodically attempt to make a connection to the backend. If\nthe connection is successful N times in a row the backend is\nre-included in load balancing. If N is 0 a backend is never\nreconsidered for load balancing once it falls.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "rise"], "readOnly": false, "type": "signed integer"}, "services.nghttpx.backends.*.params.sni": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Override the TLS SNI field value. This value (in nghttpx)\ndefaults to the host value of the backend configuration.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "sni"], "readOnly": false, "type": "null or string"}, "services.nghttpx.backends.*.params.tls": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "This option determines whether nghttpx will negotiate its\nconnection with a backend server using TLS or not. The burden\nis on the backend server to provide the TLS certificate!\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more detail.\n", "loc": ["services", "nghttpx", "backends", "*", "params", "tls"], "readOnly": false, "type": "boolean"}, "services.nghttpx.backends.*.patterns": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of nghttpx backend patterns.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>\nfor more information on the pattern syntax and nghttpxs behavior.\n", "example": {"_type": "literalExpression", "text": "[\n  \"*.host.net/v1/\"\n  \"host.org/v2/mypath\"\n  \"/somepath\"\n]"}, "loc": ["services", "nghttpx", "backends", "*", "patterns"], "readOnly": false, "type": "list of string"}, "services.nghttpx.backends.*.server": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "{\n  host = \"127.0.0.1\";\n  port = 80;\n}"}, "description": "Backend server location specified as either a host:port pair\nor a unix domain docket.\n", "example": {"_type": "literalExpression", "text": "{\n  host = \"127.0.0.1\";\n  port = 8888;\n}"}, "loc": ["services", "nghttpx", "backends", "*", "server"], "readOnly": false, "type": "(submodule) or absolute path"}, "services.nghttpx.backlog": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "65536"}, "description": "Listen backlog size.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog>\n", "loc": ["services", "nghttpx", "backlog"], "readOnly": false, "type": "signed integer"}, "services.nghttpx.enable": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable nghttpx.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "nghttpx", "enable"], "readOnly": false, "type": "boolean"}, "services.nghttpx.extraConfig": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra configuration options to be appended to the generated\nconfiguration file.\n", "loc": ["services", "nghttpx", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.nghttpx.frontends": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "description": "A list of frontend listener specifications.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    params = {\n      tls = \"no-tls\";\n    };\n    server = {\n      host = \"*\";\n      port = 80;\n    };\n  }\n]"}, "loc": ["services", "nghttpx", "frontends"], "readOnly": false, "type": "list of (submodule)"}, "services.nghttpx.frontends.*.params": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Parameters to configure a backend.\n", "example": {"_type": "literalExpression", "text": "{\n  tls = \"tls\";\n}"}, "loc": ["services", "nghttpx", "frontends", "*", "params"], "readOnly": false, "type": "null or (submodule)"}, "services.nghttpx.frontends.*.params.api": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable API access for this frontend. This enables you to\ndynamically modify nghttpx at run-time therefore this feature\nis disabled by default and should be turned on with care.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f>\nfor more detail.\n", "loc": ["services", "nghttpx", "frontends", "*", "params", "api"], "readOnly": false, "type": "boolean"}, "services.nghttpx.frontends.*.params.healthmon": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Make this frontend a health monitor endpoint. Any request\nreceived on this frontend is responded to with a 200 OK.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f>\nfor more detail.\n", "loc": ["services", "nghttpx", "frontends", "*", "params", "healthmon"], "readOnly": false, "type": "boolean"}, "services.nghttpx.frontends.*.params.proxyproto": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Accept PROXY protocol version 1 on frontend connection.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f>\nfor more detail.\n", "loc": ["services", "nghttpx", "frontends", "*", "params", "proxyproto"], "readOnly": false, "type": "boolean"}, "services.nghttpx.frontends.*.params.sni-fwd": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "When performing a match to select a backend server, SNI host\nname received from the client is used instead of the request\nhost. See --backend option about the pattern match.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f>\nfor more detail.\n", "loc": ["services", "nghttpx", "frontends", "*", "params", "sni-fwd"], "readOnly": false, "type": "boolean"}, "services.nghttpx.frontends.*.params.tls": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"tls\""}, "description": "Enable or disable TLS. If true (enabled) the key and\ncertificate must be configured for nghttpx.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f>\nfor more detail.\n", "loc": ["services", "nghttpx", "frontends", "*", "params", "tls"], "readOnly": false, "type": "one of \"tls\", \"no-tls\""}, "services.nghttpx.frontends.*.server": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "{\n  host = \"127.0.0.1\";\n  port = 80;\n}"}, "description": "Frontend server interface binding specification as either a\nhost:port pair or a unix domain docket.\n\nNB: a host of \"*\" listens on all interfaces and includes IPv6\naddresses.\n", "example": {"_type": "literalExpression", "text": "{\n  host = \"127.0.0.1\";\n  port = 8888;\n}"}, "loc": ["services", "nghttpx", "frontends", "*", "server"], "readOnly": false, "type": "(submodule) or absolute path"}, "services.nghttpx.rlimit-nofile": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Set maximum number of open files (RLIMIT_NOFILE) to \\<N\\>. If 0\nis given, nghttpx does not set the limit.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--rlimit-nofile>\n", "loc": ["services", "nghttpx", "rlimit-nofile"], "readOnly": false, "type": "signed integer"}, "services.nghttpx.single-process": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run this program in a single process mode for debugging\npurpose. Without this option, nghttpx creates at least 2\nprocesses: master and worker processes. If this option is\nused, master and worker are unified into a single\nprocess. nghttpx still spawns additional process if neverbleed\nis used. In the single process mode, the signal handling\nfeature is disabled.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-process>\n", "loc": ["services", "nghttpx", "single-process"], "readOnly": false, "type": "boolean"}, "services.nghttpx.single-thread": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Run everything in one thread inside the worker process. This\nfeature is provided for better debugging experience, or for\nthe platforms which lack thread support. If threading is\ndisabled, this option is always enabled.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-thread>\n", "loc": ["services", "nghttpx", "single-thread"], "readOnly": false, "type": "boolean"}, "services.nghttpx.tls": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "TLS certificate and key paths. Note that this does not enable\nTLS for a frontend listener, to do so, a frontend\nspecification must set `params.tls` to true.\n", "example": {"_type": "literalExpression", "text": "{\n  crt = \"/etc/ssl/certs/server.crt\";\n  key = \"/etc/ssl/keys/server.key\";\n}"}, "loc": ["services", "nghttpx", "tls"], "readOnly": false, "type": "null or (submodule)"}, "services.nghttpx.tls.crt": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ssl/certs/server.crt\""}, "description": "Path to the TLS certificate file.\n", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/certs/mycert.crt\""}, "loc": ["services", "nghttpx", "tls", "crt"], "readOnly": false, "type": "string"}, "services.nghttpx.tls.key": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "\"/etc/ssl/keys/server.key\""}, "description": "Path to the TLS key file.\n", "example": {"_type": "literalExpression", "text": "\"/etc/ssl/keys/mykeyfile.key\""}, "loc": ["services", "nghttpx", "tls", "key"], "readOnly": false, "type": "string"}, "services.nghttpx.workers": {"declarations": ["nixos/modules/services/networking/nghttpx/nghttpx-options.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Set the number of worker threads.\n\nPlease see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n>\n", "loc": ["services", "nghttpx", "workers"], "readOnly": false, "type": "signed integer"}, "services.pinnwand.enable": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Pinnwand, a pastebin.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "pinnwand", "enable"], "readOnly": false, "type": "boolean"}, "services.pinnwand.port": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "8000"}, "description": "The port to listen on.", "loc": ["services", "pinnwand", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.pinnwand.settings": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Your {file}`pinnwand.toml` as a Nix attribute set. Look up\npossible options in the [documentation](https://pinnwand.readthedocs.io/en/v1.6.0/configuration.html).\n", "loc": ["services", "pinnwand", "settings"], "readOnly": false, "type": "open submodule of (TOML value)"}, "services.pinnwand.settings.database_uri": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite:////var/lib/pinnwand/pinnwand.db\""}, "description": "Database URI compatible with [SQLAlchemy](https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls).\n\nAdditional packages may need to be introduced into the environment for certain databases.\n", "example": {"_type": "literalExpression", "text": "\"sqlite:///:memory\""}, "loc": ["services", "pinnwand", "settings", "database_uri"], "readOnly": false, "type": "string"}, "services.pinnwand.settings.footer": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "''\n  View <a href=\"//github.com/supakeen/pinnwand\" target=\"_BLANK\">source code</a>, the <a href=\"/removal\">removal</a> or <a href=\"/expiry\">expiry</a> stories, or read the <a href=\"/about\">about</a> page.\n''"}, "description": "The footer in raw HTML.\n", "loc": ["services", "pinnwand", "settings", "footer"], "readOnly": false, "type": "string"}, "services.pinnwand.settings.paste_help": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "''\n  <p>Welcome to pinnwand, this site is a pastebin. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p>\n''"}, "description": "Raw HTML help text shown in the header area.\n", "loc": ["services", "pinnwand", "settings", "paste_help"], "readOnly": false, "type": "string"}, "services.pinnwand.settings.paste_size": {"declarations": ["nixos/modules/services/misc/pinnwand.nix"], "default": {"_type": "literalExpression", "text": "262144"}, "description": "Maximum size of a paste in bytes.\n", "example": {"_type": "literalExpression", "text": "524288"}, "loc": ["services", "pinnwand", "settings", "paste_size"], "readOnly": false, "type": "positive integer, meaning >0"}, "services.postsrsd.configurePostfix": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to configure the required settings to use postsrsd in the local Postfix instance.\n", "loc": ["services", "postsrsd", "configurePostfix"], "readOnly": false, "type": "boolean"}, "services.postsrsd.enable": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the postsrsd SRS server for Postfix..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "postsrsd", "enable"], "readOnly": false, "type": "boolean"}, "services.postsrsd.group": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"postsrsd\""}, "description": "Group for the daemon", "loc": ["services", "postsrsd", "group"], "readOnly": false, "type": "string"}, "services.postsrsd.package": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.postsrsd"}, "description": "The postsrsd package to use.", "loc": ["services", "postsrsd", "package"], "readOnly": false, "type": "package"}, "services.postsrsd.secretsFile": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/postsrsd/postsrsd.secret\""}, "description": "Secret keys used for signing and verification.\n\n::: {.note}\nThe secret will be generated, if it does not exist at the given path.\n:::\n", "loc": ["services", "postsrsd", "secretsFile"], "readOnly": false, "type": "absolute path"}, "services.postsrsd.settings": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Configuration options for the postsrsd.conf file.\n\nSee the [example configuration](https://github.com/roehling/postsrsd/blob/2.0.11/doc/postsrsd.conf) for possible values.\n", "loc": ["services", "postsrsd", "settings"], "readOnly": false, "type": "open submodule of attribute set of (boolean or floating point number or signed integer or absolute path or string or list of string)"}, "services.postsrsd.settings.chroot-dir": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Path to chroot into at runtime as an additional layer of protection.\n\n::: {.note}\nWe confine the runtime environment through systemd hardening instead, so this option is read-only.\n:::\n", "loc": ["services", "postsrsd", "settings", "chroot-dir"], "readOnly": true, "type": "string"}, "services.postsrsd.settings.domains": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of local domains, that do not require rewriting.\n", "example": {"_type": "literalExpression", "text": "[\n  \"example.com\"\n]"}, "loc": ["services", "postsrsd", "settings", "domains"], "readOnly": false, "type": "list of string"}, "services.postsrsd.settings.secrets-file": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"\\${CREDENTIALS_DIRECTORY}/secrets-file\""}, "description": "Path to the file containing the secret keys.\n\n::: {.note}\nSecrets are passed using `LoadCredential=` on the systemd unit,\nso this options is read-only.\n\nConfigure {option}`services.postsrsd.secretsFile` instead.\n", "loc": ["services", "postsrsd", "settings", "secrets-file"], "readOnly": true, "type": "string"}, "services.postsrsd.settings.separator": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"=\""}, "description": "SRS tag separator used in generated sender addresses.\n\nUnless you have a very good reason, you should leave this\nsetting at its default.\n", "loc": ["services", "postsrsd", "settings", "separator"], "readOnly": false, "type": "one of \"-\", \"=\", \"+\""}, "services.postsrsd.settings.socketmap": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"unix:/run/postsrsd/socket\""}, "description": "Listener configuration in socket map format native to Postfix configuration.\n", "example": {"_type": "literalExpression", "text": "\"inet:localhost:10003\""}, "loc": ["services", "postsrsd", "settings", "socketmap"], "readOnly": false, "type": "string matching the pattern ^(unix|inet):.+"}, "services.postsrsd.settings.srs-domain": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Dedicated mail domain used for ephemeral SRS envelope addresses.\n\nRecommended to configure, when hosting multiple unrelated mail\ndomains (e.g. for different customers), to prevent privacy\nissues.\n\nSet to `null` to not configure any `srs-domain`.\n", "example": {"_type": "literalExpression", "text": "\"srs.example.com\""}, "loc": ["services", "postsrsd", "settings", "srs-domain"], "readOnly": false, "type": "null or string"}, "services.postsrsd.settings.unprivileged-user": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Unprivileged user to drop privileges to.\n\n::: {.note}\nOur systemd unit never runs postsrsd as a privileged process, so this option is read-only.\n:::\n", "loc": ["services", "postsrsd", "settings", "unprivileged-user"], "readOnly": true, "type": "string"}, "services.postsrsd.user": {"declarations": ["nixos/modules/services/mail/postsrsd.nix"], "default": {"_type": "literalExpression", "text": "\"postsrsd\""}, "description": "User for the daemon", "loc": ["services", "postsrsd", "user"], "readOnly": false, "type": "string"}, "services.powerdns-admin.config": {"declarations": ["nixos/modules/services/web-apps/powerdns-admin.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Configuration python file.\nSee [the example configuration](https://github.com/ngoduykhanh/PowerDNS-Admin/blob/v0.4.2/configs/development.py)\nfor options.\nAlso see [Flask Session configuration](https://flask-session.readthedocs.io/en/latest/config.html#SESSION_TYPE)\nas the version shipped with NixOS is more recent than the one PowerDNS-Admin expects\nand it requires explicit configuration.\n", "example": {"_type": "literalExpression", "text": "''\n  import cachelib\n  \n  BIND_ADDRESS = '127.0.0.1'\n  PORT = 8000\n  SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql'\n  SESSION_TYPE = 'cachelib'\n  SESSION_CACHELIB = cachelib.simple.SimpleCache()\n''"}, "loc": ["services", "powerdns-admin", "config"], "readOnly": false, "type": "string"}, "services.powerdns-admin.enable": {"declarations": ["nixos/modules/services/web-apps/powerdns-admin.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the PowerDNS web interface.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "powerdns-admin", "enable"], "readOnly": false, "type": "boolean"}, "services.powerdns-admin.extraArgs": {"declarations": ["nixos/modules/services/web-apps/powerdns-admin.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments passed to powerdns-admin.\n", "example": {"_type": "literalExpression", "text": "[ \"-b\" \"127.0.0.1:8000\" ]\n"}, "loc": ["services", "powerdns-admin", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.powerdns-admin.saltFile": {"declarations": ["nixos/modules/services/web-apps/powerdns-admin.nix"], "description": "The salt used for serialization.\nThis should be set, otherwise the default is used.\nSet this to null to ignore this setting and configure it through another way.\n", "example": {"_type": "literalExpression", "text": "\"/etc/powerdns-admin/salt\""}, "loc": ["services", "powerdns-admin", "saltFile"], "readOnly": false, "type": "null or absolute path"}, "services.powerdns-admin.secretKeyFile": {"declarations": ["nixos/modules/services/web-apps/powerdns-admin.nix"], "description": "The secret used to create cookies.\nThis needs to be set, otherwise the default is used and everyone can forge valid login cookies.\nSet this to null to ignore this setting and configure it through another way.\n", "example": {"_type": "literalExpression", "text": "\"/etc/powerdns-admin/secret\""}, "loc": ["services", "powerdns-admin", "secretKeyFile"], "readOnly": false, "type": "null or absolute path"}, "services.rke2.agentToken": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The rke2 token agents can use to connect to the server.\nThis option only makes sense on server nodes (`role = server`).\n\n**WARNING**: This option will expose your token unencrypted in the world-readable nix store.\nIf this is undesired use the tokenFile option instead.\n", "loc": ["services", "rke2", "agentToken"], "readOnly": false, "type": "string"}, "services.rke2.agentTokenFile": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing the rke2 token agents can use to connect to the server.\nThis option only makes sense on server nodes (`role = server`).\n", "loc": ["services", "rke2", "agentTokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.rke2.autoDeployCharts": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Auto deploying Helm charts that are installed by the rke2 Helm controller. Avoid using\nattribute names that are also used in the [](#opt-services.rke2.manifests) and\n[](#opt-services.rke2.charts) options. Manifests with the same name will override\nauto deploying charts with the same name.\nThis option only makes sense on server nodes (`role = server`). See the\n[rke2 Helm documentation](https://docs.rke2.io/helm) for further information.\n\n**WARNING**: If you have multiple server nodes, and set this option on more than one server,\nit is your responsibility to ensure that files stay in sync across those nodes. AddOn content is\nnot synced between nodes, and rke2 cannot guarantee correct behavior if different servers attempt\nto deploy conflicting manifests.\n", "example": {"_type": "literalExpression", "text": "{\n  harbor = {\n    name = \"harbor\";\n    repo = \"https://helm.goharbor.io\";\n    version = \"1.14.0\";\n    hash = \"sha256-fMP7q1MIbvzPGS9My91vbQ1d3OJMjwc+o8YE/BXZaYU=\";\n    values = {\n      existingSecretAdminPassword = \"harbor-admin\";\n      expose = {\n        tls = {\n          enabled = true;\n          certSource = \"secret\";\n          secret.secretName = \"my-tls-secret\";\n        };\n        ingress = {\n          hosts.core = \"example.com\";\n          className = \"nginx\";\n        };\n      };\n    };\n  };\n  nginx = {\n    repo = \"oci://registry-1.docker.io/bitnamicharts/nginx\";\n    version = \"20.0.0\";\n    hash = \"sha256-sy+tzB+i9jIl/tqOMzzuhVhTU4EZVsoSBtPznxF/36c=\";\n  };\n  custom-chart = {\n    package = ../charts/my-chart.tgz;\n    values = ../values/my-values.yaml;\n    extraFieldDefinitions = {\n      spec.timeout = \"60s\";\n    };\n  };\n}\n"}, "loc": ["services", "rke2", "autoDeployCharts"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rke2.autoDeployCharts.<name>.createNamespace": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to create the target namespace if not present.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "createNamespace"], "readOnly": false, "type": "boolean"}, "services.rke2.autoDeployCharts.<name>.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the installation of this Helm chart. Note that setting\nthis option to `false` will not uninstall the chart from the cluster, if\nit was previously installed. Please use the the `--disable` flag or `.skip`\nfiles to delete/disable Helm charts, as mentioned in the\n[docs](https://docs.k3s.io/installation/packaged-components#disabling-manifests).\n", "example": {"_type": "literalExpression", "text": "false"}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.rke2.autoDeployCharts.<name>.extraDeploy": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of extra Kubernetes manifests to deploy with this Helm chart.", "example": {"_type": "literalExpression", "text": "[\n  ../manifests/my-extra-deployment.yaml\n  {\n    apiVersion = \"v1\";\n    kind = \"Service\";\n    metadata = {\n      name = \"app-service\";\n    };\n    spec = {\n      selector = {\n        \"app.kubernetes.io/name\" = \"MyApp\";\n      };\n      ports = [\n        {\n          name = \"name-of-service-port\";\n          protocol = \"TCP\";\n          port = 80;\n          targetPort = \"http-web-svc\";\n        }\n      ];\n    };\n  }\n];\n"}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "extraDeploy"], "readOnly": false, "type": "list of (absolute path or (attribute set))"}, "services.rke2.autoDeployCharts.<name>.extraFieldDefinitions": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra HelmChart field definitions that are merged with the rest of the HelmChart\ncustom resource. This can be used to set advanced fields or to overwrite\ngenerated fields. See <https://docs.rke2.io/helm#helmchart-field-definitions>\nfor possible fields.\n", "example": {"_type": "literalExpression", "text": "{\n  spec = {\n    backOffLimit = 3;\n    bootstrap = true;\n    helmVersion = \"v2\";\n    jobImage = \"custom-helm-controller:v0.0.1\";\n  };\n}"}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "extraFieldDefinitions"], "readOnly": false, "type": "JSON value"}, "services.rke2.autoDeployCharts.<name>.hash": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The hash of the packaged Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"sha256-ej+vpPNdiOoXsaj1jyRpWLisJgWo8EqX+Z5VbpSjsPA=\""}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "hash"], "readOnly": false, "type": "string"}, "services.rke2.autoDeployCharts.<name>.name": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The name of the Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"ingress-nginx\""}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "name"], "readOnly": false, "type": "non-empty string"}, "services.rke2.autoDeployCharts.<name>.package": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The packaged Helm chart. Overwrites the options `repo`, `name`, `version`\nand `hash` in case of conflicts.\n", "example": {"_type": "literalExpression", "text": "../my-helm-chart.tgz"}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "package"], "readOnly": false, "type": "absolute path or package"}, "services.rke2.autoDeployCharts.<name>.repo": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The repo of the Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"https://kubernetes.github.io/ingress-nginx\""}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "repo"], "readOnly": false, "type": "non-empty string"}, "services.rke2.autoDeployCharts.<name>.targetNamespace": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"default\""}, "description": "The namespace in which the Helm chart gets installed.", "example": {"_type": "literalExpression", "text": "\"kube-system\""}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "targetNamespace"], "readOnly": false, "type": "non-empty string"}, "services.rke2.autoDeployCharts.<name>.values": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Override default chart values via Nix expressions. This is equivalent to setting\nvalues in a `values.yaml` file.\n\n**WARNING**: The values (including secrets!) specified here are exposed unencrypted\nin the world-readable nix store.\n", "example": {"_type": "literalExpression", "text": "{\n  hostName = \"my-host\";\n  replicaCount = 3;\n  server = {\n    name = \"nginx\";\n    port = 80;\n  };\n}"}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "values"], "readOnly": false, "type": "absolute path or (attribute set)"}, "services.rke2.autoDeployCharts.<name>.version": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "The version of the Helm chart. Only has an effect if `package` is not set.\nThe Helm chart is fetched during build time and placed as a `.tgz` archive on the\nfilesystem.\n", "example": {"_type": "literalExpression", "text": "\"4.7.0\""}, "loc": ["services", "rke2", "autoDeployCharts", "<name>", "version"], "readOnly": false, "type": "non-empty string"}, "services.rke2.charts": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Packaged Helm charts that are linked to {file}`/var/lib/rancher/rke2/server/static/charts` before rke2 starts.\nThe attribute name will be used as the link target (relative to {file}`/var/lib/rancher/rke2/server/static/charts`).\nThe specified charts will only be placed on the file system and made available via port 9345 on server nodes. See the [](#opt-services.rke2.autoDeployCharts) option and the\n[rke2 Helm controller docs](https://docs.rke2.io/helm#using-the-helm-controller)\nto deploy Helm charts. This option only makes sense on server nodes (`role = server`).\n", "example": {"_type": "literalExpression", "text": "nginx = ../charts/my-nginx-chart.tgz;\nredis = ../charts/my-redis-chart.tgz;\n"}, "loc": ["services", "rke2", "charts"], "readOnly": false, "type": "attribute set of (absolute path or package)"}, "services.rke2.cisHardening": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable CIS Hardening for RKE2.\n\nThe OS-level configuration options required to pass the CIS benchmark are enabled by default.\nThis option only creates the `etcd` user and group, and passes the `--profile=cis` flag to RKE2.\n\nLearn more about [CIS Hardening for RKE2](https://docs.rke2.io/security/hardening_guide).\n", "loc": ["services", "rke2", "cisHardening"], "readOnly": false, "type": "boolean"}, "services.rke2.cni": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "CNI plugins to deploy, one of `none`, `calico`, `canal`, `cilium` or `flannel`.\n\nAll CNI plugins get installed via a helm chart after the main components are up and running\nand can be [customized by modifying the helm chart options](https://docs.rke2.io/helm).\n\n[Learn more about RKE2 and CNI plugins](https://docs.rke2.io/networking/basic_network_options)\n\n> **WARNING**: Flannel support in RKE2 is currently experimental.\n", "loc": ["services", "rke2", "cni"], "readOnly": false, "type": "null or one of \"none\", \"canal\", \"cilium\", \"calico\", \"flannel\""}, "services.rke2.configPath": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing the rke2 YAML config. This is useful when the config is generated (for example on boot).", "loc": ["services", "rke2", "configPath"], "readOnly": false, "type": "null or absolute path"}, "services.rke2.containerdConfigTemplate": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Config template for containerd, to be placed at\n`/var/lib/rancher/rke2/agent/etc/containerd/config.toml.tmpl`.\nSee the docs on [configuring containerd](https://docs.rke2.io/advanced#configuring-containerd).\n", "example": {"_type": "literalExpression", "text": "# Base config\n{{ template \"base\" . }}\n\n# Add a custom runtime\n[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.\"custom\"]\n  runtime_type = \"io.containerd.runc.v2\"\n[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.\"custom\".options]\n  BinaryName = \"/path/to/custom-container-runtime\"\n"}, "loc": ["services", "rke2", "containerdConfigTemplate"], "readOnly": false, "type": "null or string"}, "services.rke2.disable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Disable default components, see the [RKE2 documentation](https://docs.rke2.io/install/packaged_components#using-the---disable-flag).\n", "loc": ["services", "rke2", "disable"], "readOnly": false, "type": "list of string"}, "services.rke2.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable rke2.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rke2", "enable"], "readOnly": false, "type": "boolean"}, "services.rke2.environmentFile": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing environment variables for configuring the rke2 service in the format of an EnvironmentFile. See {manpage}`systemd.exec(5)`.\n", "loc": ["services", "rke2", "environmentFile"], "readOnly": false, "type": "null or absolute path"}, "services.rke2.extraFlags": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra flags to pass to the rke2 command.", "example": {"_type": "literalExpression", "text": "[\n  \"--etcd-expose-metrics\"\n  \"--cluster-cidr 10.24.0.0/16\"\n]"}, "loc": ["services", "rke2", "extraFlags"], "readOnly": false, "type": "string or list of string"}, "services.rke2.extraKubeProxyConfig": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the kube-proxy's configuration file. The subset of the kube-proxy's\nconfiguration that can be configured via a file is defined by the\n[KubeProxyConfiguration](https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/)\nstruct. Note that the kubeconfig param will be overriden by `clientConnection.kubeconfig`, so you must\nset the `clientConnection.kubeconfig` option if you want to use `extraKubeProxyConfig`.\n", "example": {"_type": "literalExpression", "text": "{\n  clientConnection = {\n    kubeconfig = \"/var/lib/rancher/rke2/agent/kubeproxy.kubeconfig\";\n  };\n  mode = \"nftables\";\n}"}, "loc": ["services", "rke2", "extraKubeProxyConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.rke2.extraKubeletConfig": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra configuration to add to the kubelet's configuration file. The subset of the kubelet's\nconfiguration that can be configured via a file is defined by the\n[KubeletConfiguration](https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/)\nstruct. See the\n[documentation](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/)\nfor further information.\n", "example": {"_type": "literalExpression", "text": "{\n  containerLogMaxSize = \"5Mi\";\n  memoryThrottlingFactor = 0.69;\n  podsPerCore = 3;\n}"}, "loc": ["services", "rke2", "extraKubeletConfig"], "readOnly": false, "type": "attribute set of anything"}, "services.rke2.gracefulNodeShutdown.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable graceful node shutdowns where the kubelet attempts to detect\nnode system shutdown and terminates pods running on the node. See the\n[documentation](https://kubernetes.io/docs/concepts/cluster-administration/node-shutdown/#graceful-node-shutdown)\nfor further information.\n.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "rke2", "gracefulNodeShutdown", "enable"], "readOnly": false, "type": "boolean"}, "services.rke2.gracefulNodeShutdown.shutdownGracePeriod": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"30s\""}, "description": "Specifies the total duration that the node should delay the shutdown by. This is the total\ngrace period for pod termination for both regular and critical pods.\n", "example": {"_type": "literalExpression", "text": "\"1m30s\""}, "loc": ["services", "rke2", "gracefulNodeShutdown", "shutdownGracePeriod"], "readOnly": false, "type": "non-empty string"}, "services.rke2.gracefulNodeShutdown.shutdownGracePeriodCriticalPods": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"10s\""}, "description": "Specifies the duration used to terminate critical pods during a node shutdown. This should be\nless than `shutdownGracePeriod`.\n", "example": {"_type": "literalExpression", "text": "\"15s\""}, "loc": ["services", "rke2", "gracefulNodeShutdown", "shutdownGracePeriodCriticalPods"], "readOnly": false, "type": "non-empty string"}, "services.rke2.images": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of derivations that provide container images.\nAll images are linked to {file}`/var/lib/rancher/rke2/agent/images` before rke2 starts and are consequently imported\nby the rke2 agent. Consider importing the rke2 core and CNI image archives of the rke2 package in\nuse, if you want to pre-provision this node with all rke2 container images. For a full list of available airgap images, check the\n[source](https://github.com/NixOS/nixpkgs/blob/c8a1939887ee6e5f5aae29ce97321c0d83165f7d/pkgs/applications/networking/cluster/rke2/1_32/images-versions.json).\nof the rke2 package in use.\n", "example": {"_type": "literalExpression", "text": "[\n  (pkgs.dockerTools.pullImage {\n    imageName = \"docker.io/bitnami/keycloak\";\n    imageDigest = \"sha256:714dfadc66a8e3adea6609bda350345bd3711657b7ef3cf2e8015b526bac2d6b\";\n    hash = \"sha256-IM2BLZ0EdKIZcRWOtuFY9TogZJXCpKtPZnMnPsGlq0Y=\";\n    finalImageTag = \"21.1.2-debian-11-r0\";\n  })\n\n  config.services.rke2.package.images-core-linux-amd64-tar-zst\n  config.services.rke2.package.images-canal-linux-amd64-tar-zst\n]\n"}, "loc": ["services", "rke2", "images"], "readOnly": false, "type": "list of package"}, "services.rke2.manifests": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Auto-deploying manifests that are linked to {file}`/var/lib/rancher/rke2/server/manifests` before rke2 starts.\nNote that deleting manifest files will not remove or otherwise modify the resources\nit created. Please use the the `--disable` flag or `.skip` files to delete/disable AddOns,\nas mentioned in the [docs](https://docs.k3s.io/installation/packaged-components#disabling-manifests).\nThis option only makes sense on server nodes (`role = server`).\nRead the [auto-deploying manifests docs](https://docs.k3s.io/installation/packaged-components#auto-deploying-manifests-addons)\nfor further information.\n\n**WARNING**: If you have multiple server nodes, and set this option on more than one server,\nit is your responsibility to ensure that files stay in sync across those nodes. AddOn content is\nnot synced between nodes, and rke2 cannot guarantee correct behavior if different servers attempt\nto deploy conflicting manifests.\n", "example": {"_type": "literalExpression", "text": "{\n  deployment.source = ../manifests/deployment.yaml;\n  my-service = {\n    enable = false;\n    target = \"app-service.yaml\";\n    content = {\n      apiVersion = \"v1\";\n      kind = \"Service\";\n      metadata = {\n        name = \"app-service\";\n      };\n      spec = {\n        selector = {\n          \"app.kubernetes.io/name\" = \"MyApp\";\n        };\n        ports = [\n          {\n            name = \"name-of-service-port\";\n            protocol = \"TCP\";\n            port = 80;\n            targetPort = \"http-web-svc\";\n          }\n        ];\n      };\n    };\n  };\n\n  nginx.content = [\n    {\n      apiVersion = \"v1\";\n      kind = \"Pod\";\n      metadata = {\n        name = \"nginx\";\n        labels = {\n          \"app.kubernetes.io/name\" = \"MyApp\";\n        };\n      };\n      spec = {\n        containers = [\n          {\n            name = \"nginx\";\n            image = \"nginx:1.14.2\";\n            ports = [\n              {\n                containerPort = 80;\n                name = \"http-web-svc\";\n              }\n            ];\n          }\n        ];\n      };\n    }\n    {\n      apiVersion = \"v1\";\n      kind = \"Service\";\n      metadata = {\n        name = \"nginx-service\";\n      };\n      spec = {\n        selector = {\n          \"app.kubernetes.io/name\" = \"MyApp\";\n        };\n        ports = [\n          {\n            name = \"name-of-service-port\";\n            protocol = \"TCP\";\n            port = 80;\n            targetPort = \"http-web-svc\";\n          }\n        ];\n      };\n    }\n  ];\n};\n"}, "loc": ["services", "rke2", "manifests"], "readOnly": false, "type": "attribute set of (submodule)"}, "services.rke2.manifests.<name>.content": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Content of the manifest file. A single attribute set will\ngenerate a single document YAML file. A list of attribute sets\nwill generate multiple documents separated by `---` in a single\nYAML file.\n", "loc": ["services", "rke2", "manifests", "<name>", "content"], "readOnly": false, "type": "null or (attribute set) or list of (attribute set)"}, "services.rke2.manifests.<name>.enable": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether this manifest file should be generated.", "loc": ["services", "rke2", "manifests", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "services.rke2.manifests.<name>.source": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "Path of the source `.yaml` file.\n", "example": {"_type": "literalExpression", "text": "./manifests/app.yaml"}, "loc": ["services", "rke2", "manifests", "<name>", "source"], "readOnly": false, "type": "absolute path"}, "services.rke2.manifests.<name>.target": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "description": "Name of the symlink (relative to {file}`/var/lib/rancher/rke2/server/manifests`).\nDefaults to the attribute name.\n", "example": {"_type": "literalExpression", "text": "\"manifest.yaml\""}, "loc": ["services", "rke2", "manifests", "<name>", "target"], "readOnly": false, "type": "non-empty string"}, "services.rke2.nodeIP": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "IPv4/IPv6 addresses to advertise for node.", "loc": ["services", "rke2", "nodeIP"], "readOnly": false, "type": "null or string"}, "services.rke2.nodeLabel": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Registering and starting kubelet with set of labels.", "loc": ["services", "rke2", "nodeLabel"], "readOnly": false, "type": "list of string"}, "services.rke2.nodeName": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Node name.", "loc": ["services", "rke2", "nodeName"], "readOnly": false, "type": "null or string"}, "services.rke2.nodeTaint": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Registering kubelet with set of taints.", "loc": ["services", "rke2", "nodeTaint"], "readOnly": false, "type": "list of string"}, "services.rke2.package": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.rke2"}, "description": "The rke2 package to use.", "loc": ["services", "rke2", "package"], "readOnly": false, "type": "package"}, "services.rke2.role": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"server\""}, "description": "Whether rke2 should run as a server or agent.\n\nIf it's a server:\n\n- By default it also runs workloads as an agent.\n- All options can be set.\n\nIf it's an agent:\n\n- `serverAddr` is required.\n- `token` or `tokenFile` is required.\n- `agentToken`, `agentTokenFile`, `disable` and `cni` should not be set.\n", "loc": ["services", "rke2", "role"], "readOnly": false, "type": "one of \"server\", \"agent\""}, "services.rke2.selinux": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable SELinux in containerd.", "loc": ["services", "rke2", "selinux"], "readOnly": false, "type": "boolean"}, "services.rke2.serverAddr": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The rke2 server to connect to, used to join a cluster.", "example": {"_type": "literalExpression", "text": "\"https://10.0.0.10:6443\""}, "loc": ["services", "rke2", "serverAddr"], "readOnly": false, "type": "string"}, "services.rke2.token": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The rke2 token to use when connecting to a server.\n\n**WARNING**: This option will expose your token unencrypted in the world-readable nix store.\nIf this is undesired use the tokenFile option instead.\n", "loc": ["services", "rke2", "token"], "readOnly": false, "type": "string"}, "services.rke2.tokenFile": {"declarations": ["nixos/modules/services/cluster/rancher/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "File path containing the rke2 token to use when connecting to a server.", "loc": ["services", "rke2", "tokenFile"], "readOnly": false, "type": "null or absolute path"}, "services.sslh.enable": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable sslh, protocol demultiplexer.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "sslh", "enable"], "readOnly": false, "type": "boolean"}, "services.sslh.listenAddresses": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"0.0.0.0\"\n  \"[::]\"\n]"}, "description": "Listening addresses or hostnames.", "loc": ["services", "sslh", "listenAddresses"], "readOnly": false, "type": "(list of string) or string convertible to it"}, "services.sslh.method": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "\"fork\""}, "description": "The method to use for handling connections:\n\n  - `fork` forks a new process for each incoming connection. It is\n  well-tested and very reliable, but incurs the overhead of many\n  processes.\n\n  - `select` uses only one thread, which monitors all connections at once.\n  It has lower overhead per connection, but if it stops, you'll lose all\n  connections.\n\n  - `ev` is implemented using libev, it's similar to `select` but\n    scales better to a large number of connections.\n", "loc": ["services", "sslh", "method"], "readOnly": false, "type": "one of \"fork\", \"select\", \"ev\""}, "services.sslh.port": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "443"}, "description": "Listening port.", "loc": ["services", "sslh", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.sslh.settings": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "description": "sslh configuration. See {manpage}`sslh(8)` for available settings.", "loc": ["services", "sslh", "settings"], "readOnly": false, "type": "open submodule of attribute set of (libconfig value)"}, "services.sslh.settings.numeric": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to disable reverse DNS lookups, thus keeping IP\naddress literals in the log.\n", "loc": ["services", "sslh", "settings", "numeric"], "readOnly": false, "type": "boolean"}, "services.sslh.settings.protocols": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "[\n  {\n    host = \"localhost\";\n    name = \"ssh\";\n    port = \"22\";\n    service = \"ssh\";\n  }\n  {\n    host = \"localhost\";\n    name = \"openvpn\";\n    port = \"1194\";\n  }\n  {\n    host = \"localhost\";\n    name = \"xmpp\";\n    port = \"5222\";\n  }\n  {\n    host = \"localhost\";\n    name = \"http\";\n    port = \"80\";\n  }\n  {\n    host = \"localhost\";\n    name = \"tls\";\n    port = \"443\";\n  }\n  {\n    host = \"localhost\";\n    name = \"anyprot\";\n    port = \"443\";\n  }\n]"}, "description": "List of protocols sslh will probe for and redirect.\nEach protocol entry consists of:\n\n  - `name`: name of the probe.\n\n  - `service`: libwrap service name (see {manpage}`hosts_access(5)`),\n\n  - `host`, `port`: where to connect when this probe succeeds,\n\n  - `log_level`: to log incoming connections,\n\n  - `transparent`: proxy this protocol transparently,\n\n  - etc.\n\nSee the documentation for all options, including probe-specific ones.\n", "loc": ["services", "sslh", "settings", "protocols"], "readOnly": false, "type": "list of attribute set of (libconfig value)"}, "services.sslh.settings.timeout": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Timeout in seconds.", "loc": ["services", "sslh", "settings", "timeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "services.sslh.settings.transparent": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether the services behind sslh (Apache, sshd and so on) will see the\nexternal IP and ports as if the external world connected directly to\nthem.\n", "loc": ["services", "sslh", "settings", "transparent"], "readOnly": false, "type": "boolean"}, "services.sslh.settings.verbose-connections": {"declarations": ["nixos/modules/services/networking/sslh.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Where to log connections information. Possible values are:\n\n 0. don't log anything\n 1. write log to stdout\n 2. write log to syslog\n 3. write log to both stdout and syslog\n 4. write to a log file ({option}`sslh.settings.logfile`)\n", "loc": ["services", "sslh", "settings", "verbose-connections"], "readOnly": false, "type": "integer between 0 and 4 (both inclusive)"}, "services.stash.dataDir": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash\""}, "description": "The directory where Stash stores its files.", "loc": ["services", "stash", "dataDir"], "readOnly": false, "type": "absolute path"}, "services.stash.enable": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable stash.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stash", "enable"], "readOnly": false, "type": "boolean"}, "services.stash.group": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"stash\""}, "description": "Group under which Stash runs.", "loc": ["services", "stash", "group"], "readOnly": false, "type": "string"}, "services.stash.jwtSecretKeyFile": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "Path to file containing a secret used to sign JWT tokens.", "loc": ["services", "stash", "jwtSecretKeyFile"], "readOnly": false, "type": "absolute path"}, "services.stash.mutablePlugins": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether plugins/themes can be installed, updated, uninstalled manually..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stash", "mutablePlugins"], "readOnly": false, "type": "boolean"}, "services.stash.mutableScrapers": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Whether scrapers can be installed, updated, uninstalled manually..", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "stash", "mutableScrapers"], "readOnly": false, "type": "boolean"}, "services.stash.mutableSettings": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether the Stash config.yml is writeable by Stash.\n\nIf `false`, Any config changes done from within Stash UI will be temporary and reset to those defined in {option}`services.stash.settings` upon `Stash.service` restart.\nIf `true`, the {option}`services.stash.settings` will only be used to initialize the Stash configuration if it does not exist, and are subsequently ignored.\n", "loc": ["services", "stash", "mutableSettings"], "readOnly": false, "type": "boolean"}, "services.stash.openFirewall": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Open ports in the firewall for the Stash web interface.", "loc": ["services", "stash", "openFirewall"], "readOnly": false, "type": "boolean"}, "services.stash.package": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "pkgs.stash"}, "description": "The stash package to use.", "loc": ["services", "stash", "package"], "readOnly": false, "type": "package"}, "services.stash.passwordFile": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to file containing password for login.\n\n::: {.warning}\n  This option takes precedence over {option}`services.stash.settings.password`\n::\n\n", "example": {"_type": "literalExpression", "text": "\"/path/to/password/file\""}, "loc": ["services", "stash", "passwordFile"], "readOnly": false, "type": "null or absolute path"}, "services.stash.plugins": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The plugins Stash should be started with.\n", "loc": ["services", "stash", "plugins"], "readOnly": false, "type": "list of package"}, "services.stash.scrapers": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The scrapers Stash should be started with.\n", "loc": ["services", "stash", "scrapers"], "readOnly": false, "type": "list of package"}, "services.stash.sessionStoreKeyFile": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "Path to file containing a secret for session store.", "loc": ["services", "stash", "sessionStoreKeyFile"], "readOnly": false, "type": "absolute path"}, "services.stash.settings": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "Stash configuration", "loc": ["services", "stash", "settings"], "readOnly": false, "type": "open submodule of (YAML 1.1 value)"}, "services.stash.settings.blobs_path": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash/blobs\""}, "description": "Path to blobs", "loc": ["services", "stash", "settings", "blobs_path"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.blobs_storage": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"FILESYSTEM\""}, "description": "Where to store blobs", "loc": ["services", "stash", "settings", "blobs_storage"], "readOnly": false, "type": "one of \"FILESYSTEM\", \"DATABASE\""}, "services.stash.settings.cache": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash/cache\""}, "description": "Path to cache", "loc": ["services", "stash", "settings", "cache"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.calculate_md5": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to calculate MD5 checksums for scene video files", "loc": ["services", "stash", "settings", "calculate_md5"], "readOnly": false, "type": "boolean"}, "services.stash.settings.create_image_clip_from_videos": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Create Image Clips from Video extensions when Videos are disabled in Library", "loc": ["services", "stash", "settings", "create_image_clip_from_videos"], "readOnly": false, "type": "boolean"}, "services.stash.settings.dangerous_allow_public_without_auth": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Learn more at <https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/>", "loc": ["services", "stash", "settings", "dangerous_allow_public_without_auth"], "readOnly": false, "type": "boolean"}, "services.stash.settings.database": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash/go.sqlite\""}, "description": "Path to the SQLite database", "loc": ["services", "stash", "settings", "database"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.gallery_cover_regex": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"(poster|cover|folder|board)\\\\.[^.]+$\""}, "description": "Regex used to identify images as gallery covers", "loc": ["services", "stash", "settings", "gallery_cover_regex"], "readOnly": false, "type": "string"}, "services.stash.settings.generated": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash/generated\""}, "description": "Path to generated files", "loc": ["services", "stash", "settings", "generated"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.host": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"localhost\""}, "description": "The ip address that Stash should bind to.", "example": {"_type": "literalExpression", "text": "\"::1\""}, "loc": ["services", "stash", "settings", "host"], "readOnly": false, "type": "string"}, "services.stash.settings.no_proxy": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"localhost,127.0.0.1,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12\""}, "description": "A list of domains for which the proxy must not be used", "loc": ["services", "stash", "settings", "no_proxy"], "readOnly": false, "type": "string"}, "services.stash.settings.nobrowser": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If we should not auto-open a browser window on startup", "loc": ["services", "stash", "settings", "nobrowser"], "readOnly": false, "type": "boolean"}, "services.stash.settings.notifications_enabled": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If we should send notifications to the desktop", "loc": ["services", "stash", "settings", "notifications_enabled"], "readOnly": false, "type": "boolean"}, "services.stash.settings.parallel_tasks": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Number of parallel tasks to start during scan/generate", "loc": ["services", "stash", "settings", "parallel_tasks"], "readOnly": false, "type": "signed integer"}, "services.stash.settings.plugins_path": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash/plugins\""}, "description": "Path to scrapers", "loc": ["services", "stash", "settings", "plugins_path"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.port": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "9999"}, "description": "The port that Stash should listen on.", "example": {"_type": "literalExpression", "text": "1234"}, "loc": ["services", "stash", "settings", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "services.stash.settings.preview_audio": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Include audio stream in previews", "loc": ["services", "stash", "settings", "preview_audio"], "readOnly": false, "type": "boolean"}, "services.stash.settings.preview_exclude_end": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Duration of start of video to exclude when generating previews", "loc": ["services", "stash", "settings", "preview_exclude_end"], "readOnly": false, "type": "signed integer"}, "services.stash.settings.preview_exclude_start": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Duration of end of video to exclude when generating previews", "loc": ["services", "stash", "settings", "preview_exclude_start"], "readOnly": false, "type": "signed integer"}, "services.stash.settings.preview_segment_duration": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "0.75"}, "description": "Preview segment duration, in seconds", "loc": ["services", "stash", "settings", "preview_segment_duration"], "readOnly": false, "type": "floating point number"}, "services.stash.settings.preview_segments": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "12"}, "description": "Number of segments in a preview file", "loc": ["services", "stash", "settings", "preview_segments"], "readOnly": false, "type": "signed integer"}, "services.stash.settings.scrapers_path": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"/var/lib/stash/scrapers\""}, "description": "Path to scrapers", "loc": ["services", "stash", "settings", "scrapers_path"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.security_tripwire_accessed_from_public_internet": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Learn more at <https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/>", "loc": ["services", "stash", "settings", "security_tripwire_accessed_from_public_internet"], "readOnly": false, "type": "null or string"}, "services.stash.settings.sequential_scanning": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Modifies behaviour of the scanning functionality to generate support files (previews/sprites/phash) at the same time as fingerprinting/screenshotting", "loc": ["services", "stash", "settings", "sequential_scanning"], "readOnly": false, "type": "boolean"}, "services.stash.settings.show_one_time_moved_notification": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether a small notification to inform the user that Stash will no longer show a terminal window, and instead will be available in the tray", "loc": ["services", "stash", "settings", "show_one_time_moved_notification"], "readOnly": false, "type": "boolean"}, "services.stash.settings.sound_on_preview": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable sound on mouseover previews", "loc": ["services", "stash", "settings", "sound_on_preview"], "readOnly": false, "type": "boolean"}, "services.stash.settings.stash": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "Add directories containing your adult videos and images.\nStash will use these directories to find videos and/or images during scanning.\n", "example": {"_type": "literalExpression", "text": "{\n  stash = [\n    {\n      Path = \"/media/drive/videos\";\n      ExcludeImage = true;\n    }\n  ];\n}\n"}, "loc": ["services", "stash", "settings", "stash"], "readOnly": false, "type": "list of (submodule)"}, "services.stash.settings.stash.*.excludeimage": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to exclude image files from being scanned into Stash", "loc": ["services", "stash", "settings", "stash", "*", "excludeimage"], "readOnly": false, "type": "boolean"}, "services.stash.settings.stash.*.excludevideo": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to exclude video files from being scanned into Stash", "loc": ["services", "stash", "settings", "stash", "*", "excludevideo"], "readOnly": false, "type": "boolean"}, "services.stash.settings.stash.*.path": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "location of your media files", "loc": ["services", "stash", "settings", "stash", "*", "path"], "readOnly": false, "type": "absolute path"}, "services.stash.settings.stash_boxes": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Stash-box facilitates automated tagging of scenes and performers based on fingerprints and filenames", "example": {"_type": "literalExpression", "text": "{\n  stash_boxes = [\n    {\n      name = \"StashDB\";\n      endpoint = \"https://stashdb.org/graphql\";\n      apikey = \"aaaaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbb.cccccccccccccc\";\n    }\n  ];\n}\n"}, "loc": ["services", "stash", "settings", "stash_boxes"], "readOnly": false, "type": "list of (submodule)"}, "services.stash.settings.stash_boxes.*.apikey": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "Stash Box API key", "loc": ["services", "stash", "settings", "stash_boxes", "*", "apikey"], "readOnly": false, "type": "string"}, "services.stash.settings.stash_boxes.*.endpoint": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "URL to the Stash Box graphql api", "loc": ["services", "stash", "settings", "stash_boxes", "*", "endpoint"], "readOnly": false, "type": "string"}, "services.stash.settings.stash_boxes.*.name": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "description": "The name of the Stash Box", "loc": ["services", "stash", "settings", "stash_boxes", "*", "name"], "readOnly": false, "type": "string"}, "services.stash.settings.theme_color": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"#202b33\""}, "description": "Sets the `theme-color` property in the UI", "loc": ["services", "stash", "settings", "theme_color"], "readOnly": false, "type": "string"}, "services.stash.settings.ui.frontPageContent": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "<function>"}, "description": "Search filters to display on the front page.", "example": {"_type": "literalExpression", "text": "presets: [\n  # To get the savedFilterId, you can query `{ findSavedFilters(mode: <FilterMode>) { id name } }` on localhost:9999/graphql\n  {\n    __typename = \"SavedFilter\";\n    savedFilterId = 1;\n  }\n  # basic custom filter\n  {\n    __typename = \"CustomFilter\";\n    title = \"Random Scenes\";\n    mode = \"SCENES\";\n    sortBy = \"random\";\n    direction = \"DESC\";\n  }\n  presets.recentlyAddedImages\n]\n"}, "loc": ["services", "stash", "settings", "ui", "frontPageContent"], "readOnly": false, "type": "(list of (attribute set)) or function that evaluates to a(n) list of (attribute set)"}, "services.stash.settings.video_file_naming_algorithm": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"OSHASH\""}, "description": "Hash algorithm to use for generated file naming", "loc": ["services", "stash", "settings", "video_file_naming_algorithm"], "readOnly": false, "type": "one of \"OSHASH\", \"MD5\""}, "services.stash.settings.write_image_thumbnails": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Write image thumbnails to disk when generating on the fly", "loc": ["services", "stash", "settings", "write_image_thumbnails"], "readOnly": false, "type": "boolean"}, "services.stash.user": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "\"stash\""}, "description": "User under which Stash runs.", "loc": ["services", "stash", "user"], "readOnly": false, "type": "string"}, "services.stash.username": {"declarations": ["nixos/modules/services/web-apps/stash.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Username for login.\n\n::: {.warning}\n  This option takes precedence over {option}`services.stash.settings.username`\n::\n\n", "example": {"_type": "literalExpression", "text": "\"admin\""}, "loc": ["services", "stash", "username"], "readOnly": false, "type": "null or non-empty string"}, "services.vaultwarden.backupDir": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The directory under which vaultwarden will backup its persistent data.\n", "example": {"_type": "literalExpression", "text": "\"/var/backup/vaultwarden\""}, "loc": ["services", "vaultwarden", "backupDir"], "readOnly": false, "type": "null or string"}, "services.vaultwarden.config": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "{\n  ROCKET_ADDRESS = \"::1\";\n  ROCKET_PORT = 8222;\n}"}, "description": "The configuration of vaultwarden is done through environment variables,\ntherefore it is recommended to use upper snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).\n\nHowever, camel case (e.g. `disable2FARemember`) is also supported:\nThe NixOS module will convert it automatically to\nupper case snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).\nIn this conversion digits (0-9) are handled just like upper case characters,\nso `foo2` would be converted to {env}`FOO_2`.\nNames already in this format remain unchanged, so `FOO2` remains `FOO2` if passed as such,\neven though `foo2` would have been converted to {env}`FOO_2`.\nThis allows working around any potential future conflicting naming conventions.\n\nBased on the attributes passed to this config option an environment file will be generated\nthat is passed to vaultwarden's systemd service.\n\nThe available configuration options can be found in\n[the environment template file](https://github.com/dani-garcia/vaultwarden/blob/1.35.3/.env.template).\n\nSee [](#opt-services.vaultwarden.environmentFile) for how\nto set up access to the Admin UI to invite initial users.\n", "example": {"_type": "literalExpression", "text": "{\n  DOMAIN = \"https://bitwarden.example.com\";\n  SIGNUPS_ALLOWED = false;\n\n  # Vaultwarden recommends running behind a reverse proxy, the configureNginx option can be used for that.\n  ROCKET_ADDRESS = \"127.0.0.1\";\n  ROCKET_PORT = 8222;\n\n  ROCKET_LOG = \"critical\";\n\n  # This example assumes a mailserver running on localhost,\n  # thus without transport encryption.\n  # If you use an external mail server, follow:\n  #   https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration\n  SMTP_HOST = \"127.0.0.1\";\n  SMTP_PORT = 25;\n  SMTP_SSL = false;\n\n  SMTP_FROM = \"admin@bitwarden.example.com\";\n  SMTP_FROM_NAME = \"example.com Bitwarden server\";\n}\n"}, "loc": ["services", "vaultwarden", "config"], "readOnly": false, "type": "attribute set of (null or boolean or signed integer or string)"}, "services.vaultwarden.configureNginx": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure nginx to serve VaultWarden.", "loc": ["services", "vaultwarden", "configureNginx"], "readOnly": false, "type": "boolean"}, "services.vaultwarden.configurePostgres": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to configure a local PostgreSQL server.", "loc": ["services", "vaultwarden", "configurePostgres"], "readOnly": false, "type": "boolean"}, "services.vaultwarden.dbBackend": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "\"sqlite\""}, "description": "Which database backend vaultwarden will be using.\n", "loc": ["services", "vaultwarden", "dbBackend"], "readOnly": false, "type": "one of \"sqlite\", \"mysql\", \"postgresql\""}, "services.vaultwarden.domain": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The domain under which VaultWarden will be reachable.", "loc": ["services", "vaultwarden", "domain"], "readOnly": false, "type": "null or string"}, "services.vaultwarden.enable": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable vaultwarden.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "vaultwarden", "enable"], "readOnly": false, "type": "boolean"}, "services.vaultwarden.environmentFile": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional environment file or files as defined in {manpage}`systemd.exec(5)`.\n\nSecrets like {env}`ADMIN_TOKEN` and {env}`SMTP_PASSWORD`\nshould be passed to the service without adding them to the world-readable Nix store.\n\nNote that this file needs to be available on the host on which `vaultwarden` is running.\n\nAs a concrete example, to make the Admin UI available (from which new users can be invited initially),\nthe secret {env}`ADMIN_TOKEN` needs to be defined as described\n[here](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page):\n\n```\n# Admin secret token, see\n# https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page\nADMIN_TOKEN=...copy-paste a unique generated secret token here...\n```\n", "example": {"_type": "literalExpression", "text": "\"/var/lib/vaultwarden.env\""}, "loc": ["services", "vaultwarden", "environmentFile"], "readOnly": false, "type": "(list of absolute path) or absolute path convertible to it"}, "services.vaultwarden.package": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vaultwarden"}, "description": "The vaultwarden package to use.", "loc": ["services", "vaultwarden", "package"], "readOnly": false, "type": "package"}, "services.vaultwarden.webVaultPackage": {"declarations": ["nixos/modules/services/security/vaultwarden/default.nix"], "default": {"_type": "literalExpression", "text": "pkgs.vaultwarden.webvault"}, "description": "The webvault package to use.", "loc": ["services", "vaultwarden", "webVaultPackage"], "readOnly": false, "type": "package"}, "services.wyoming.satellite.area": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Area to the satellite.\n", "example": {"_type": "literalExpression", "text": "\"Kitchen\""}, "loc": ["services", "wyoming", "satellite", "area"], "readOnly": false, "type": "null or string"}, "services.wyoming.satellite.enable": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable Wyoming Satellite.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "wyoming", "satellite", "enable"], "readOnly": false, "type": "boolean"}, "services.wyoming.satellite.extraArgs": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Extra arguments to pass to the executable.\n\nCheck `wyoming-satellite --help` for possible options.\n", "loc": ["services", "wyoming", "satellite", "extraArgs"], "readOnly": false, "type": "list of string"}, "services.wyoming.satellite.group": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "\"users\""}, "description": "Group to run wyoming-satellite under.\n", "loc": ["services", "wyoming", "satellite", "group"], "readOnly": false, "type": "string"}, "services.wyoming.satellite.microphone.autoGain": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": "Automatic gain control in dbFS, with 31 being the loudest value. Set to 0 to disable.\n", "example": {"_type": "literalExpression", "text": "15"}, "loc": ["services", "wyoming", "satellite", "microphone", "autoGain"], "readOnly": false, "type": "integer between 0 and 31 (both inclusive)"}, "services.wyoming.satellite.microphone.command": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "\"arecord -r 16000 -c 1 -f S16_LE -t raw\""}, "description": "Program to run for audio input.\n", "loc": ["services", "wyoming", "satellite", "microphone", "command"], "readOnly": false, "type": "string"}, "services.wyoming.satellite.microphone.noiseSuppression": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": "Noise suppression level with 4 being the maximum suppression,\nwhich may cause audio distortion. Set to 0 to disable.\n", "example": {"_type": "literalExpression", "text": "3"}, "loc": ["services", "wyoming", "satellite", "microphone", "noiseSuppression"], "readOnly": false, "type": "integer between 0 and 4 (both inclusive)"}, "services.wyoming.satellite.name": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "config.networking.hostName\n"}, "description": "Name of the satellite.\n", "loc": ["services", "wyoming", "satellite", "name"], "readOnly": false, "type": "string"}, "services.wyoming.satellite.package": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "pkgs.wyoming-satellite"}, "description": "The wyoming-satellite package to use.", "loc": ["services", "wyoming", "satellite", "package"], "readOnly": false, "type": "package"}, "services.wyoming.satellite.sound.command": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "\"aplay -r 22050 -c 1 -f S16_LE -t raw\""}, "description": "Program to run for sound output.\n", "loc": ["services", "wyoming", "satellite", "sound", "command"], "readOnly": false, "type": "null or string"}, "services.wyoming.satellite.sounds.awake": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to audio file in WAV format to play when wake word is detected.\n", "loc": ["services", "wyoming", "satellite", "sounds", "awake"], "readOnly": false, "type": "null or absolute path"}, "services.wyoming.satellite.sounds.done": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to audio file in WAV format to play when voice command recording has ended.\n", "loc": ["services", "wyoming", "satellite", "sounds", "done"], "readOnly": false, "type": "null or absolute path"}, "services.wyoming.satellite.uri": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "\"tcp://0.0.0.0:10700\""}, "description": "URI where wyoming-satellite will bind its socket.\n", "loc": ["services", "wyoming", "satellite", "uri"], "readOnly": false, "type": "string"}, "services.wyoming.satellite.user": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "description": "User to run wyoming-satellite under.\n", "example": {"_type": "literalExpression", "text": "\"alice\""}, "loc": ["services", "wyoming", "satellite", "user"], "readOnly": false, "type": "string"}, "services.wyoming.satellite.vad.enable": {"declarations": ["nixos/modules/services/home-automation/wyoming/satellite.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable voice activity detection.\n\nEnabling will result in only streaming audio, when speech gets\ndetected.\n", "loc": ["services", "wyoming", "satellite", "vad", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.autoRepeatDelay": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts).\n", "loc": ["services", "xserver", "autoRepeatDelay"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.autoRepeatInterval": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Sets the autorepeat interval (length of time in milliseconds that should elapse between autorepeat-generated keystrokes).\n", "loc": ["services", "xserver", "autoRepeatInterval"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.autorun": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to start the X server automatically.\n", "loc": ["services", "xserver", "autorun"], "readOnly": false, "type": "boolean"}, "services.xserver.config": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "description": "The contents of the configuration file of the X server\n({file}`xorg.conf`).\n\nThis option is set by multiple modules, and the configs are\nconcatenated together.\n\nIn Xorg configs the last config entries take precedence,\nso you may want to use `lib.mkAfter` on this option\nto override NixOS's defaults.\n", "loc": ["services", "xserver", "config"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.defaultDepth": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Default colour depth.", "example": {"_type": "literalExpression", "text": "8"}, "loc": ["services", "xserver", "defaultDepth"], "readOnly": false, "type": "signed integer"}, "services.xserver.deviceSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the first Device section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "\"VideoRAM 131072\""}, "loc": ["services", "xserver", "deviceSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.display": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": "Display number for the X server.", "loc": ["services", "xserver", "display"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.dpi": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Force global DPI resolution to use for X server. It's recommended to\nuse this only when DPI is detected incorrectly; also consider using\n`Monitor` section in configuration file instead.\n", "loc": ["services", "xserver", "dpi"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.enable": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the X server.\n", "loc": ["services", "xserver", "enable"], "readOnly": false, "type": "boolean"}, "services.xserver.enableCtrlAltBackspace": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace\nto forcefully kill X. This can lead to data loss and is disabled\nby default.\n", "loc": ["services", "xserver", "enableCtrlAltBackspace"], "readOnly": false, "type": "boolean"}, "services.xserver.enableTCP": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to allow the X server to accept TCP connections.\n", "loc": ["services", "xserver", "enableTCP"], "readOnly": false, "type": "boolean"}, "services.xserver.enableTearFree": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable the TearFree option in the first Device section.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["services", "xserver", "enableTearFree"], "readOnly": false, "type": "boolean"}, "services.xserver.excludePackages": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Which X11 packages to exclude from the default environment", "example": {"_type": "literalExpression", "text": "[ pkgs.xterm ]"}, "loc": ["services", "xserver", "excludePackages"], "readOnly": false, "type": "list of package"}, "services.xserver.exportConfiguration": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to symlink the X server configuration under\n{file}`/etc/X11/xorg.conf`.\n", "loc": ["services", "xserver", "exportConfiguration"], "readOnly": false, "type": "boolean"}, "services.xserver.extraConfig": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Additional contents (sections) included in the X server configuration file", "loc": ["services", "xserver", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.extraDisplaySettings": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Lines to be added to every Display subsection of the Screen section.", "example": {"_type": "literalExpression", "text": "\"Virtual 2048 2048\""}, "loc": ["services", "xserver", "extraDisplaySettings"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.filesSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the first `Files` section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "\"FontPath \\\"/path/to/my/fonts\\\"\""}, "loc": ["services", "xserver", "filesSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.fontPath": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Set the X server FontPath. Defaults to null, which\nmeans the compiled in defaults will be used. See\nman xorg.conf for details.\n", "example": {"_type": "literalExpression", "text": "\"unix/:7100\""}, "loc": ["services", "xserver", "fontPath"], "readOnly": false, "type": "null or string"}, "services.xserver.inputClassSections": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Content of additional InputClass sections of the X server configuration file.", "example": {"_type": "literalExpression", "text": "[ ''\n    Identifier      \"Trackpoint Wheel Emulation\"\n    MatchProduct    \"ThinkPad USB Keyboard with TrackPoint\"\n    Option          \"EmulateWheel\"          \"true\"\n    Option          \"EmulateWheelButton\"    \"2\"\n    Option          \"Emulate3Buttons\"       \"false\"\n  ''\n]\n"}, "loc": ["services", "xserver", "inputClassSections"], "readOnly": false, "type": "list of strings concatenated with \"\\n\""}, "services.xserver.logFile": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/null\""}, "description": "Controls the file Xorg logs to.\n\nThe default of `/dev/null` is set so that systemd services (like `displayManagers`) only log to the journal and don't create their own log files.\n\nSetting this to `null` will not pass the `-logfile` argument to Xorg which allows it to log to its default logfile locations instead (see `man Xorg`). You probably only want this behaviour when running Xorg manually (e.g. via `startx`).\n", "example": {"_type": "literalExpression", "text": "\"/var/log/Xorg.0.log\""}, "loc": ["services", "xserver", "logFile"], "readOnly": false, "type": "null or string"}, "services.xserver.moduleSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the Module section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "''\n  SubSection \"extmod\"\n  EndSubsection\n''"}, "loc": ["services", "xserver", "moduleSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.modules": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Packages to be added to the module search path of the X server.", "example": {"_type": "literalExpression", "text": "[ pkgs.xf86-input-wacom ]"}, "loc": ["services", "xserver", "modules"], "readOnly": false, "type": "list of absolute path"}, "services.xserver.monitorSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the first Monitor section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "\"HorizSync 28-49\""}, "loc": ["services", "xserver", "monitorSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.resolutions": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "The screen resolutions for the X server.  The first element\nis the default resolution.  If this list is empty, the X\nserver will automatically configure the resolution.\n", "example": {"_type": "literalExpression", "text": "[\n  {\n    x = 1600;\n    y = 1200;\n  }\n  {\n    x = 1024;\n    y = 786;\n  }\n]"}, "loc": ["services", "xserver", "resolutions"], "readOnly": false, "type": "list of (attribute set)"}, "services.xserver.screenSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the first Screen section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "''\n  Option \"RandRRotation\" \"on\"\n''"}, "loc": ["services", "xserver", "screenSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.serverFlagsSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the ServerFlags section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "''\n  Option \"BlankTime\" \"0\"\n  Option \"StandbyTime\" \"0\"\n  Option \"SuspendTime\" \"0\"\n  Option \"OffTime\" \"0\"\n''"}, "loc": ["services", "xserver", "serverFlagsSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.serverLayoutSection": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Contents of the ServerLayout section of the X server configuration file.", "example": {"_type": "literalExpression", "text": "''\n  Option \"AIGLX\" \"true\"\n''"}, "loc": ["services", "xserver", "serverLayoutSection"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.terminateOnReset": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to terminate X upon server reset.\n", "loc": ["services", "xserver", "terminateOnReset"], "readOnly": false, "type": "boolean"}, "services.xserver.updateDbusEnvironment": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to update the DBus activation environment after launching the\ndesktop manager.\n", "loc": ["services", "xserver", "updateDbusEnvironment"], "readOnly": false, "type": "boolean"}, "services.xserver.upscaleDefaultCursor": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Upscale the default X cursor to be more visible on high-density displays.\nRequires `config.services.xserver.dpi` to be set.\n", "loc": ["services", "xserver", "upscaleDefaultCursor"], "readOnly": false, "type": "boolean"}, "services.xserver.verbose": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "3"}, "description": "Controls verbosity of X logging.\n", "example": {"_type": "literalExpression", "text": "7"}, "loc": ["services", "xserver", "verbose"], "readOnly": false, "type": "null or signed integer"}, "services.xserver.videoDriver": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The name of the video driver for your graphics card.  This\noption is obsolete; please set the\n{option}`services.xserver.videoDrivers` instead.\n", "example": {"_type": "literalExpression", "text": "\"i810\""}, "loc": ["services", "xserver", "videoDriver"], "readOnly": false, "type": "null or string"}, "services.xserver.videoDrivers": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"modesetting\"\n  \"fbdev\"\n]"}, "description": "The names of the video drivers the configuration\nsupports. They will be tried in order until one that\nsupports your card is found.\nDon't combine those with \"incompatible\" OpenGL implementations,\ne.g. free ones (mesa-based) with proprietary ones.\n\nFor unfree \"nvidia*\", the supported GPU lists are on\nhttps://www.nvidia.com/object/unix.html\n", "example": {"_type": "literalExpression", "text": "[\n  \"nvidia\"\n  \"amdgpu\"\n]"}, "loc": ["services", "xserver", "videoDrivers"], "readOnly": false, "relatedPackages": "- [amdgpu aka `pkgs.xf86-video-amdgpu`](\n    https://search.nixos.org/packages?show=xf86-video-amdgpu&sort=relevance&query=xf86-video-amdgpu\n  )\n- [apm aka `pkgs.xf86-video-apm`](\n    https://search.nixos.org/packages?show=xf86-video-apm&sort=relevance&query=xf86-video-apm\n  )\n- [ark aka `pkgs.xf86-video-ark`](\n    https://search.nixos.org/packages?show=xf86-video-ark&sort=relevance&query=xf86-video-ark\n  )\n- [ast aka `pkgs.xf86-video-ast`](\n    https://search.nixos.org/packages?show=xf86-video-ast&sort=relevance&query=xf86-video-ast\n  )\n- [ati aka `pkgs.xf86-video-ati`](\n    https://search.nixos.org/packages?show=xf86-video-ati&sort=relevance&query=xf86-video-ati\n  )\n- [chips aka `pkgs.xf86-video-chips`](\n    https://search.nixos.org/packages?show=xf86-video-chips&sort=relevance&query=xf86-video-chips\n  )\n- [cirrus aka `pkgs.xf86-video-cirrus`](\n    https://search.nixos.org/packages?show=xf86-video-cirrus&sort=relevance&query=xf86-video-cirrus\n  )\n- [dummy aka `pkgs.xf86-video-dummy`](\n    https://search.nixos.org/packages?show=xf86-video-dummy&sort=relevance&query=xf86-video-dummy\n  )\n- [fbdev aka `pkgs.xf86-video-fbdev`](\n    https://search.nixos.org/packages?show=xf86-video-fbdev&sort=relevance&query=xf86-video-fbdev\n  )\n- [geode aka `pkgs.xf86-video-geode`](\n    https://search.nixos.org/packages?show=xf86-video-geode&sort=relevance&query=xf86-video-geode\n  )\n- [i128 aka `pkgs.xf86-video-i128`](\n    https://search.nixos.org/packages?show=xf86-video-i128&sort=relevance&query=xf86-video-i128\n  )\n- [i740 aka `pkgs.xf86-video-i740`](\n    https://search.nixos.org/packages?show=xf86-video-i740&sort=relevance&query=xf86-video-i740\n  )\n- [intel aka `pkgs.xf86-video-intel`](\n    https://search.nixos.org/packages?show=xf86-video-intel&sort=relevance&query=xf86-video-intel\n  )\n- [mga aka `pkgs.xf86-video-mga`](\n    https://search.nixos.org/packages?show=xf86-video-mga&sort=relevance&query=xf86-video-mga\n  )\n- [neomagic aka `pkgs.xf86-video-neomagic`](\n    https://search.nixos.org/packages?show=xf86-video-neomagic&sort=relevance&query=xf86-video-neomagic\n  )\n- [nested aka `pkgs.xf86-video-nested`](\n    https://search.nixos.org/packages?show=xf86-video-nested&sort=relevance&query=xf86-video-nested\n  )\n- [nouveau aka `pkgs.xf86-video-nouveau`](\n    https://search.nixos.org/packages?show=xf86-video-nouveau&sort=relevance&query=xf86-video-nouveau\n  )\n- [nv aka `pkgs.xf86-video-nv`](\n    https://search.nixos.org/packages?show=xf86-video-nv&sort=relevance&query=xf86-video-nv\n  )\n- [omap aka `pkgs.xf86-video-omap`](\n    https://search.nixos.org/packages?show=xf86-video-omap&sort=relevance&query=xf86-video-omap\n  )\n- [openchrome aka `pkgs.xf86-video-openchrome`](\n    https://search.nixos.org/packages?show=xf86-video-openchrome&sort=relevance&query=xf86-video-openchrome\n  )\n- [qxl aka `pkgs.xf86-video-qxl`](\n    https://search.nixos.org/packages?show=xf86-video-qxl&sort=relevance&query=xf86-video-qxl\n  )\n- [r128 aka `pkgs.xf86-video-r128`](\n    https://search.nixos.org/packages?show=xf86-video-r128&sort=relevance&query=xf86-video-r128\n  )\n- [s3virge aka `pkgs.xf86-video-s3virge`](\n    https://search.nixos.org/packages?show=xf86-video-s3virge&sort=relevance&query=xf86-video-s3virge\n  )\n- [savage aka `pkgs.xf86-video-savage`](\n    https://search.nixos.org/packages?show=xf86-video-savage&sort=relevance&query=xf86-video-savage\n  )\n- [siliconmotion aka `pkgs.xf86-video-siliconmotion`](\n    https://search.nixos.org/packages?show=xf86-video-siliconmotion&sort=relevance&query=xf86-video-siliconmotion\n  )\n- [sis aka `pkgs.xf86-video-sis`](\n    https://search.nixos.org/packages?show=xf86-video-sis&sort=relevance&query=xf86-video-sis\n  )\n- [sisusb aka `pkgs.xf86-video-sisusb`](\n    https://search.nixos.org/packages?show=xf86-video-sisusb&sort=relevance&query=xf86-video-sisusb\n  )\n- [suncg6 aka `pkgs.xf86-video-suncg6`](\n    https://search.nixos.org/packages?show=xf86-video-suncg6&sort=relevance&query=xf86-video-suncg6\n  )\n- [sunffb aka `pkgs.xf86-video-sunffb`](\n    https://search.nixos.org/packages?show=xf86-video-sunffb&sort=relevance&query=xf86-video-sunffb\n  )\n- [sunleo aka `pkgs.xf86-video-sunleo`](\n    https://search.nixos.org/packages?show=xf86-video-sunleo&sort=relevance&query=xf86-video-sunleo\n  )\n- [tdfx aka `pkgs.xf86-video-tdfx`](\n    https://search.nixos.org/packages?show=xf86-video-tdfx&sort=relevance&query=xf86-video-tdfx\n  )\n- [trident aka `pkgs.xf86-video-trident`](\n    https://search.nixos.org/packages?show=xf86-video-trident&sort=relevance&query=xf86-video-trident\n  )\n- [v4l aka `pkgs.xf86-video-v4l`](\n    https://search.nixos.org/packages?show=xf86-video-v4l&sort=relevance&query=xf86-video-v4l\n  )\n- [vbox aka `pkgs.xf86-video-vbox`](\n    https://search.nixos.org/packages?show=xf86-video-vbox&sort=relevance&query=xf86-video-vbox\n  )\n- [vesa aka `pkgs.xf86-video-vesa`](\n    https://search.nixos.org/packages?show=xf86-video-vesa&sort=relevance&query=xf86-video-vesa\n  )\n- [vmware aka `pkgs.xf86-video-vmware`](\n    https://search.nixos.org/packages?show=xf86-video-vmware&sort=relevance&query=xf86-video-vmware\n  )\n- [voodoo aka `pkgs.xf86-video-voodoo`](\n    https://search.nixos.org/packages?show=xf86-video-voodoo&sort=relevance&query=xf86-video-voodoo\n  )\n", "type": "list of string"}, "services.xserver.virtualScreen": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Virtual screen size for Xrandr.\n", "example": {"_type": "literalExpression", "text": "{\n  x = 2048;\n  y = 2048;\n}"}, "loc": ["services", "xserver", "virtualScreen"], "readOnly": false, "type": "null or (attribute set)"}, "services.xserver.xkb.dir": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.xkeyboard_config}/etc/X11/xkb\""}, "description": "Path used for -xkbdir xserver parameter.\n", "loc": ["services", "xserver", "xkb", "dir"], "readOnly": false, "type": "absolute path"}, "services.xserver.xkb.layout": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"us\""}, "description": "X keyboard layout, or multiple keyboard layouts separated by commas.\n", "loc": ["services", "xserver", "xkb", "layout"], "readOnly": false, "type": "string"}, "services.xserver.xkb.model": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"pc104\""}, "description": "X keyboard model.\n", "example": {"_type": "literalExpression", "text": "\"presario\""}, "loc": ["services", "xserver", "xkb", "model"], "readOnly": false, "type": "string"}, "services.xserver.xkb.options": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"terminate:ctrl_alt_bksp\""}, "description": "X keyboard options; layout switching goes here.\n", "example": {"_type": "literalExpression", "text": "\"grp:caps_toggle,grp_led:scroll\""}, "loc": ["services", "xserver", "xkb", "options"], "readOnly": false, "type": "strings concatenated with \",\""}, "services.xserver.xkb.variant": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "X keyboard variant.\n", "example": {"_type": "literalExpression", "text": "\"colemak\""}, "loc": ["services", "xserver", "xkb", "variant"], "readOnly": false, "type": "string"}, "services.xserver.xrandrHeads": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Multiple monitor configuration, just specify a list of XRandR\noutputs. The individual elements should be either simple strings or\nan attribute set of output options.\n\nIf the element is a string, it is denoting the physical output for a\nmonitor, if it's an attribute set, you must at least provide the\n{option}`output` option.\n\nThe monitors will be mapped from left to right in the order of the\nlist.\n\nBy default, the first monitor will be set as the primary monitor if\nnone of the elements contain an option that has set\n{option}`primary` to `true`.\n\n::: {.note}\nOnly one monitor is allowed to be primary.\n:::\n\nBe careful using this option with multiple graphic adapters or with\ndrivers that have poor support for XRandR, unexpected things might\nhappen with those.\n", "example": {"_type": "literalExpression", "text": "[\n  \"HDMI-0\"\n  {\n    output = \"DVI-0\";\n    primary = true;\n  }\n  {\n    monitorConfig = \"Option \\\"Rotate\\\" \\\"left\\\"\";\n    output = \"DVI-1\";\n  }\n]"}, "loc": ["services", "xserver", "xrandrHeads"], "readOnly": false, "type": "list of ((submodule) or string convertible to it)"}, "services.xserver.xrandrHeads.*.monitorConfig": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "Extra lines to append to the `Monitor` section\nverbatim. Available options are documented in the MONITOR section in\n{manpage}`xorg.conf(5)`.\n", "example": {"_type": "literalExpression", "text": "''\n  DisplaySize 408 306\n  Option \"DPMS\" \"false\"\n''"}, "loc": ["services", "xserver", "xrandrHeads", "*", "monitorConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "services.xserver.xrandrHeads.*.output": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "description": "The output name of the monitor, as shown by\n{manpage}`xrandr(1)` invoked without arguments.\n", "example": {"_type": "literalExpression", "text": "\"DVI-0\""}, "loc": ["services", "xserver", "xrandrHeads", "*", "output"], "readOnly": false, "type": "string"}, "services.xserver.xrandrHeads.*.primary": {"declarations": ["nixos/modules/services/x11/xserver.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether this head is treated as the primary monitor,\n", "loc": ["services", "xserver", "xrandrHeads", "*", "primary"], "readOnly": false, "type": "boolean"}, "specialisation": {"declarations": ["nixos/modules/system/activation/specialisation.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Additional configurations to build. If\n`inheritParentConfig` is true, the system\nwill be based on the overall system configuration.\n\nTo switch to a specialised configuration\n(e.g. `fewJobsManyCores`) at runtime, run:\n\n```\nsudo /run/current-system/specialisation/fewJobsManyCores/bin/switch-to-configuration test\n```\n", "example": {"_type": "literalExpression", "text": "{ fewJobsManyCores.configuration = { nix.settings = { core = 0; max-jobs = 1; }; }; }"}, "loc": ["specialisation"], "readOnly": false, "type": "attribute set of (submodule)"}, "specialisation.<name>.configuration": {"declarations": ["nixos/modules/system/activation/specialisation.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Arbitrary NixOS configuration.\n\nAnything you can add to a normal NixOS configuration, you can add\nhere, including imports and config values, although nested\nspecialisations will be ignored.\n", "loc": ["specialisation", "<name>", "configuration"], "readOnly": false, "type": "submodule"}, "specialisation.<name>.inheritParentConfig": {"declarations": ["nixos/modules/system/activation/specialisation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Include the entire system's configuration. Set to false to make a completely differently configured system.", "loc": ["specialisation", "<name>", "inheritParentConfig"], "readOnly": false, "type": "boolean"}, "system.configurationRevision": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The Git revision of the top-level flake from which this configuration was built.", "loc": ["system", "configurationRevision"], "readOnly": false, "type": "null or string"}, "system.image.id": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Image identifier.\n\nThis corresponds to the `IMAGE_ID` field in {manpage}`os-release(5)`. See the\nupstream docs for more details on valid characters for this field:\n<https://www.freedesktop.org/software/systemd/man/latest/os-release.html#IMAGE_ID=>\n\nYou would only want to set this option if you're build NixOS appliance images.\n", "loc": ["system", "image", "id"], "readOnly": false, "type": "null or string"}, "system.image.version": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Image version.\n\nThis corresponds to the `IMAGE_VERSION` field in {manpage}`os-release(5)`. See the\nupstream docs for more details on valid characters for this field:\n<https://www.freedesktop.org/software/systemd/man/latest/os-release.html#IMAGE_VERSION=>\n\nYou would only want to set this option if you're build NixOS appliance images.\n", "loc": ["system", "image", "version"], "readOnly": false, "type": "null or string"}, "system.nixos.codeName": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "\"Yarara\""}, "description": "The NixOS release code name (e.g. `Emu`).", "loc": ["system", "nixos", "codeName"], "readOnly": true, "type": "string"}, "system.nixos.release": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "\"26.05\""}, "description": "The NixOS release (e.g. `16.03`).", "loc": ["system", "nixos", "release"], "readOnly": true, "type": "string"}, "system.nixos.variantName": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A string identifying a specific variant or edition of the operating system suitable for presentation to the user", "example": {"_type": "literalExpression", "text": "\"NixOS Installer Image\""}, "loc": ["system", "nixos", "variantName"], "readOnly": false, "type": "null or string"}, "system.nixos.variant_id": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A lower-case string identifying a specific variant or edition of the operating system", "example": {"_type": "literalExpression", "text": "\"installer\""}, "loc": ["system", "nixos", "variant_id"], "readOnly": false, "type": "null or string matching the pattern ^[a-z0-9._-]+$"}, "system.stateVersion": {"declarations": ["nixos/modules/misc/version.nix"], "default": {"_type": "literalExpression", "text": "config.system.nixos.release"}, "description": "This option defines the first version of NixOS you have installed on this particular machine,\nand is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.\n\nFor example, if NixOS version XX.YY ships with AwesomeDB version N by default, and is then\nupgraded to version XX.YY+1, which ships AwesomeDB version N+1, the existing databases\nmay no longer be compatible, causing applications to fail, or even leading to data loss.\n\nThe `stateVersion` mechanism avoids this situation by making the default version of such packages\nconditional on the first version of NixOS you've installed (encoded in `stateVersion`), instead of\nsimply always using the latest one.\n\nNote that this generally only affects applications that can't upgrade their data automatically -\napplications and services supporting automatic migrations will remain on latest versions when\nyou upgrade.\n\nMost users should **never** change this value after the initial install, for any reason,\neven if you've upgraded your system to a new NixOS release.\n\nThis value does **not** affect the Nixpkgs version your packages and OS are pulled from,\nso changing it will **not** upgrade your system.\n\nThis value being lower than the current NixOS release does **not** mean your system is\nout of date, out of support, or vulnerable.\n\nDo **not** change this value unless you have manually inspected all the changes it would\nmake to your configuration, and migrated your data accordingly.\n", "loc": ["system", "stateVersion"], "readOnly": false, "type": "string"}, "virtualisation.additionalPaths": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "A list of paths whose closure should be made available to\nthe VM.\n\nWhen 9p is used, the closure is registered in the Nix\ndatabase in the VM. All other paths in the host Nix store\nappear in the guest Nix store as well, but are considered\ngarbage (because they are not registered in the Nix\ndatabase of the guest).\n\nWhen {option}`virtualisation.useNixStoreImage` is\nset, the closure is copied to the Nix store image.\n", "loc": ["virtualisation", "additionalPaths"], "readOnly": false, "type": "list of absolute path"}, "virtualisation.allInterfaces": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "{\n  eth1 = {\n    assignIP = true;\n    name = \"eth1\";\n    vlan = 1;\n  };\n}"}, "description": "All network interfaces for the container or VM. Combines\n{option}`virtualisation.vlans` and {option}`virtualisation.interfaces`.\n", "loc": ["virtualisation", "allInterfaces"], "readOnly": true, "type": "attribute set of (submodule)"}, "virtualisation.allInterfaces.<name>.assignIP": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically assign an IP address to the network interface using the same scheme as\nvirtualisation.vlans.\n", "loc": ["virtualisation", "allInterfaces", "<name>", "assignIP"], "readOnly": false, "type": "boolean"}, "virtualisation.allInterfaces.<name>.name": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Interface name\n", "loc": ["virtualisation", "allInterfaces", "<name>", "name"], "readOnly": false, "type": "string"}, "virtualisation.allInterfaces.<name>.vlan": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "description": "VLAN to which the network interface is connected.\n", "loc": ["virtualisation", "allInterfaces", "<name>", "vlan"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.bios": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "An alternate BIOS (such as `qboot`) with which to start the VM.\nShould contain a file named `bios.bin`.\nIf `null`, QEMU's builtin SeaBIOS will be used.\n", "loc": ["virtualisation", "bios"], "readOnly": false, "type": "null or package"}, "virtualisation.bootLoaderDevice": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "/dev/disk/by-id/virtio-root"}, "description": "The path (inside th VM) to the device to boot from when legacy booting.\n", "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-id/virtio-boot-loader-device\""}, "loc": ["virtualisation", "bootLoaderDevice"], "readOnly": false, "type": "absolute path"}, "virtualisation.bootPartition": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "if cfg.useEFIBoot then \"/dev/disk/by-label/ESP\"\nelse if cfg.useBIOSBoot then \"/dev/disk/by-label/BOOT\"\nelse null"}, "description": "The path (inside the VM) to the device containing the EFI System Partition (ESP).\n\nIf you are *not* booting from a UEFI firmware, this value is, by\ndefault, `null`. The ESP is mounted to `boot.loader.efi.efiSysMountpoint`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-label/esp\""}, "loc": ["virtualisation", "bootPartition"], "readOnly": false, "type": "null or absolute path"}, "virtualisation.cores": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": "Specify the number of cores the guest is permitted to use.\nThe number can be higher than the available cores on the\nhost system.\n", "loc": ["virtualisation", "cores"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.credentials": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Credentials to pass to the VM using systemd's credential system.\n\nSee {manpage}`systemd.exec(5)` , {manpage}`systemd-creds(1)` and https://systemd.io/CREDENTIALS/ for more\ninformation about systemd credentials.\n", "example": {"_type": "literalExpression", "text": "{\n  binary-key = {\n    mechanism = \"fw_cfg\";\n    source = \"./private.der\";\n  };\n  config-file = {\n    mechanism = \"smbios\";\n    text = ''\n      [database]\n      host=localhost\n      port=5432\n    '';\n  };\n  database-password = {\n    text = \"my-secret-password\";\n  };\n  ssl-cert = {\n    source = \"./cert.pem\";\n  };\n}"}, "loc": ["virtualisation", "credentials"], "readOnly": false, "type": "attribute set of (submodule)"}, "virtualisation.credentials.<name>.mechanism": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "if pkgs.stdenv.hostPlatform.isx86 then \"smbios\" else \"fw_cfg\""}, "description": "The mechanism used to pass the credential to the VM.\n", "loc": ["virtualisation", "credentials", "<name>", "mechanism"], "readOnly": false, "type": "one of \"fw_cfg\", \"smbios\""}, "virtualisation.credentials.<name>.source": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Source file on the host containing the credential data.\n", "loc": ["virtualisation", "credentials", "<name>", "source"], "readOnly": false, "type": "null or path"}, "virtualisation.credentials.<name>.text": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Text content of the credential.\n\nFor binary data or when the credential content should come from\nan existing file, use `source` instead.\n\n::: {.warning}\nThe text here is stored in the host's nix store as a file.\n:::\n", "loc": ["virtualisation", "credentials", "<name>", "text"], "readOnly": false, "type": "null or string"}, "virtualisation.directBoot.enable": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"!cfg.useBootLoader\""}, "description": "If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader.\nRead more about this feature in the [QEMU documentation on Direct Linux Boot](https://qemu-project.gitlab.io/qemu/system/linuxboot.html)\n\nThis is enabled by default.\nIf you want to test netboot, consider disabling this option.\nEnable a bootloader with {option}`virtualisation.useBootLoader` if you need.\n\nRelevant parameters such as those set in `boot.initrd` and `boot.kernelParams` are also passed to QEMU.\nAdditional parameters can be supplied on invocation through the environment variable `$QEMU_KERNEL_PARAMS`.\nThey are added to the `-append` option, see [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for details\nFor example, to let QEMU use the parent terminal as the serial console, set `QEMU_KERNEL_PARAMS=\"console=ttyS0\"`.\n\nThis will not (re-)boot correctly into a system that has switched to a different configuration on disk.\n", "loc": ["virtualisation", "directBoot", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.directBoot.initrd": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"\\${config.system.build.initialRamdisk}/\\${config.system.boot.loader.initrdFile}\""}, "description": "In direct boot situations, you may want to influence the initrd to load\nto use your own customized payload.\n\nThis is useful if you want to test the netboot image without\ntesting the firmware or the loading part.\n", "loc": ["virtualisation", "directBoot", "initrd"], "readOnly": false, "type": "string"}, "virtualisation.diskImage": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"./${config.system.name}.qcow2\""}, "description": "Path to the disk image containing the root filesystem.\nThe image will be created on startup if it does not\nexist.\n\nIf null, a tmpfs will be used as the root filesystem and\nthe VM's state will not be persistent.\n", "loc": ["virtualisation", "diskImage"], "readOnly": false, "type": "null or string"}, "virtualisation.efi.OVMF": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "''\n  (pkgs.OVMF.override {\n            secureBoot = cfg.useSecureBoot;\n          }).fd''"}, "description": "OVMF firmware package, defaults to OVMF configured with secure boot if needed.", "loc": ["virtualisation", "efi", "OVMF"], "readOnly": false, "type": "package"}, "virtualisation.efi.firmware": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "cfg.efi.OVMF.firmware"}, "description": "Firmware binary for EFI implementation, defaults to OVMF.\n", "loc": ["virtualisation", "efi", "firmware"], "readOnly": false, "type": "absolute path"}, "virtualisation.efi.keepVariables": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "cfg.useBootLoader"}, "description": "Whether to keep EFI variable values from the generated system image", "loc": ["virtualisation", "efi", "keepVariables"], "readOnly": false, "type": "boolean"}, "virtualisation.efi.variables": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "cfg.efi.OVMF.variables"}, "description": "Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware.\nDefaults to OVMF.\n", "loc": ["virtualisation", "efi", "variables"], "readOnly": false, "type": "absolute path"}, "virtualisation.emptyDiskImages": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Additional disk images to provide to the VM. The value is\na list of size in MiB (1024\u00d71024 bytes) of each disk. These disks are\nwriteable by the VM.\n", "loc": ["virtualisation", "emptyDiskImages"], "readOnly": false, "type": "list of ((submodule) or (positive integer, meaning >0) convertible to it)"}, "virtualisation.emptyDiskImages.*.driveConfig": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Drive configuration to pass to {option}`virtualisation.qemu.drives`", "loc": ["virtualisation", "emptyDiskImages", "*", "driveConfig"], "readOnly": false, "type": "submodule"}, "virtualisation.emptyDiskImages.*.driveConfig.deviceExtraOpts": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options passed to device flag.", "loc": ["virtualisation", "emptyDiskImages", "*", "driveConfig", "deviceExtraOpts"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.emptyDiskImages.*.driveConfig.driveExtraOpts": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options passed to drive flag.", "loc": ["virtualisation", "emptyDiskImages", "*", "driveConfig", "driveExtraOpts"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.emptyDiskImages.*.driveConfig.name": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A name for the drive. Must be unique in the drives list. Not passed to qemu.", "loc": ["virtualisation", "emptyDiskImages", "*", "driveConfig", "name"], "readOnly": false, "type": "null or string"}, "virtualisation.emptyDiskImages.*.size": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "The size of the disk in MiB", "loc": ["virtualisation", "emptyDiskImages", "*", "size"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.fileSystems": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "The file systems to be mounted.  It must include an entry for\nthe root directory (`mountPoint = \"/\"`).  Each\nentry in the list is an attribute set with the following fields:\n`mountPoint`, `device`,\n`fsType` (a file system type recognised by\n{command}`mount`; defaults to\n`\"auto\"`), and `options`\n(the mount options passed to {command}`mount` using the\n{option}`-o` flag; defaults to `[ \"defaults\" ]`).\n\nInstead of specifying `device`, you can also\nspecify a volume label (`label`) for file\nsystems that support it, such as ext2/ext3 (see {command}`mke2fs -L`).\n", "example": {"_type": "literalExpression", "text": "{\n  \"/\".device = \"/dev/hda1\";\n  \"/data\" = {\n    device = \"/dev/hda2\";\n    fsType = \"ext3\";\n    options = [ \"data=journal\" ];\n  };\n  \"/bigdisk\".label = \"bigdisk\";\n}\n"}, "loc": ["virtualisation", "fileSystems"], "readOnly": false, "type": "attribute set of (submodule)"}, "virtualisation.fileSystems.<name>.autoFormat": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If the device does not currently contain a filesystem (as\ndetermined by {command}`blkid`), then automatically\nformat it with the filesystem type specified in\n{option}`fsType`.  Use with caution.\n", "loc": ["virtualisation", "fileSystems", "<name>", "autoFormat"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.autoResize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, the filesystem is grown to its maximum size before\nbeing mounted. (This is typically the size of the containing\npartition.) This is currently only supported for ext2/3/4\nfilesystems that are mounted during early boot.\n", "loc": ["virtualisation", "fileSystems", "<name>", "autoResize"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.depends": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "List of paths that should be mounted before this one. This filesystem's\n{option}`device` and {option}`mountPoint` are always\nchecked and do not need to be included explicitly. If a path is added\nto this list, any other filesystem whose mount point is a parent of\nthe path will be mounted before this filesystem. The paths do not need\nto actually be the {option}`mountPoint` of some other filesystem.\n\nThis is useful for mounts which require keys and/or configuration files residing on another filesystem.\n", "example": {"_type": "literalExpression", "text": "[\n  \"/persist\"\n]"}, "loc": ["virtualisation", "fileSystems", "<name>", "depends"], "readOnly": false, "type": "list of string (with check: non-empty without trailing slash)"}, "virtualisation.fileSystems.<name>.device": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The device as passed to `mount`.\n\nThis can be any of:\n\n- a filename of a block special device such as `/dev/sdc3`\n- a tag such as `UUID=fdd68895-c307-4549-8c9c-90e44c71f5b7`\n- (for bind mounts only) the source path\n- something else depending on the {option}`fsType`. For example, `nfs` device may look like `knuth.cwi.nl:/dir`\n\nThis is called `device` in {manpage}`mount(8)` and `fs_spec` in {manpage}`fstab(5)`.\n", "example": {"_type": "literalExpression", "text": "\"/dev/sda\""}, "loc": ["virtualisation", "fileSystems", "<name>", "device"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "virtualisation.fileSystems.<name>.enable": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to enable the filesystem mount.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "fileSystems", "<name>", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.encrypted.blkDev": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Location of the backing encrypted device.", "example": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "loc": ["virtualisation", "fileSystems", "<name>", "encrypted", "blkDev"], "readOnly": false, "type": "null or string"}, "virtualisation.fileSystems.<name>.encrypted.enable": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "The block device is backed by an encrypted one, adds this device as a initrd luks entry.", "loc": ["virtualisation", "fileSystems", "<name>", "encrypted", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.encrypted.keyFile": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Path to a keyfile used to unlock the backing encrypted\ndevice. When systemd stage 1 is not enabled, at the time\nthis keyfile is accessed, the `neededForBoot` filesystems\n(see `utils.fsNeededForBoot`) will have been mounted under\n`/mnt-root`, so the keyfile path should usually start with\n\"/mnt-root/\". When systemd stage 1 is enabled,\n`fsNeededForBoot` file systems will be mounted as needed\nunder `/sysroot`, and the keyfile will not be accessed until\nits requisite mounts are done.\n", "example": {"_type": "literalExpression", "text": "\"/mnt-root/root/.swapkey\""}, "loc": ["virtualisation", "fileSystems", "<name>", "encrypted", "keyFile"], "readOnly": false, "type": "null or string"}, "virtualisation.fileSystems.<name>.encrypted.label": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label of the unlocked encrypted device. Set `fileSystems.<name?>.device` to `/dev/mapper/<label>` to mount the unlocked device.", "example": {"_type": "literalExpression", "text": "\"rootfs\""}, "loc": ["virtualisation", "fileSystems", "<name>", "encrypted", "label"], "readOnly": false, "type": "null or string"}, "virtualisation.fileSystems.<name>.fsType": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": "Type of the file system.\n\nThis is the `fstype` passed to `-t` in the {manpage}`mount(8)` command, and is called `fs_vfstype` in {manpage}`fstab(5)`.\n", "example": {"_type": "literalExpression", "text": "\"ext3\""}, "loc": ["virtualisation", "fileSystems", "<name>", "fsType"], "readOnly": false, "type": "string (with check: non-empty)"}, "virtualisation.fileSystems.<name>.label": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Label of the device. This simply sets {option}`device` to\n`/dev/disk/by-label/${label}`. Note that devices will not\nhave a label unless they contain a filesystem which\nsupports labels, such as ext4 or fat32.\n", "example": {"_type": "literalExpression", "text": "\"root-partition\""}, "loc": ["virtualisation", "fileSystems", "<name>", "label"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "virtualisation.fileSystems.<name>.mountPoint": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Location where the file system will be mounted.\n\nThis is called `mountpoint` in {manpage}`mount(8)` and `fs_file` in {manpage}`fstab(5)`\n", "example": {"_type": "literalExpression", "text": "\"/mnt/usb\""}, "loc": ["virtualisation", "fileSystems", "<name>", "mountPoint"], "readOnly": false, "type": "string (with check: non-empty without trailing slash)"}, "virtualisation.fileSystems.<name>.neededForBoot": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If set, this file system will be mounted in the initial ramdisk.\nNote that the file system will always be mounted in the initial\nramdisk if its mount point is one of the following:\n{file}`/`, {file}`/nix`, {file}`/nix/store`, {file}`/var`, {file}`/var/log`, {file}`/var/lib`, {file}`/var/lib/nixos`, {file}`/etc`, {file}`/usr`.\n", "loc": ["virtualisation", "fileSystems", "<name>", "neededForBoot"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.noCheck": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Disable running fsck on this filesystem.", "loc": ["virtualisation", "fileSystems", "<name>", "noCheck"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.options": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"defaults\"\n]"}, "description": "Options used to mount the file system.\n\nThis is called `options` in {manpage}`mount(8)` and `fs_mntops` in {manpage}`fstab(5)`\n\nSome options that can be used for all mounts are documented in {manpage}`mount(8)` under `FILESYSTEM-INDEPENDENT MOUNT OPTIONS`.\n\nOptions that systemd understands are documented in {manpage}`systemd.mount(5)` under `FSTAB`.\n\nEach filesystem supports additional options, see the docs for that filesystem.\n", "example": {"_type": "literalExpression", "text": "[\n  \"data=journal\"\n]"}, "loc": ["virtualisation", "fileSystems", "<name>", "options"], "readOnly": false, "type": "non-empty (list of string (with check: non-empty))"}, "virtualisation.fileSystems.<name>.overlay.lowerdir": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The list of path(s) to the lowerdir(s).\n\nTo create a writable overlay, you MUST provide an `upperdir` and a\n`workdir`.\n\nYou can create a read-only overlay when you provide multiple (at\nleast 2!) lowerdirs and neither an `upperdir` nor a `workdir`.\n", "loc": ["virtualisation", "fileSystems", "<name>", "overlay", "lowerdir"], "readOnly": false, "type": "null or (non-empty (list of (string or path in the Nix store)))"}, "virtualisation.fileSystems.<name>.overlay.upperdir": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the upperdir.\n\nIf this is null, a read-only overlay is created using the lowerdir.\n\nIf the filesystem is `neededForBoot`, this will be prefixed with `/sysroot`,\nunless `useStage1BaseDirectories` is set to `true`.\n\nIf you set this to some value you MUST also set `workdir`.\n", "loc": ["virtualisation", "fileSystems", "<name>", "overlay", "upperdir"], "readOnly": false, "type": "null or string"}, "virtualisation.fileSystems.<name>.overlay.useStage1BaseDirectories": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, `lowerdir`, `upperdir` and `workdir` will be prefixed with `/sysroot`.\n\nDisabling this can be useful to create an overlay over directories which aren't on the real root.\n\nDisabling this does not work with the scripted (i.e. non-systemd) initrd.\n", "loc": ["virtualisation", "fileSystems", "<name>", "overlay", "useStage1BaseDirectories"], "readOnly": false, "type": "boolean"}, "virtualisation.fileSystems.<name>.overlay.workdir": {"declarations": ["nixos/modules/tasks/filesystems/overlayfs.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "The path to the workdir.\n\nIf the filesystem is `neededForBoot`, this will be prefixed with `/sysroot`,\nunless `useStage1BaseDirectories` is set to `true`.\n\nThis MUST be set if you set `upperdir`.\n", "loc": ["virtualisation", "fileSystems", "<name>", "overlay", "workdir"], "readOnly": false, "type": "null or string"}, "virtualisation.fileSystems.<name>.stratis.poolUuid": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "UUID of the stratis pool that the fs is located in\n\nThis is only relevant if you are using [stratis](https://stratis-storage.github.io/).\n", "example": {"_type": "literalExpression", "text": "\"04c68063-90a5-4235-b9dd-6180098a20d9\""}, "loc": ["virtualisation", "fileSystems", "<name>", "stratis", "poolUuid"], "readOnly": false, "type": "null or string"}, "virtualisation.forwardPorts": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "When using the SLiRP user networking (default), this option allows to\nforward ports to/from the host/guest.\n\n::: {.warning}\nIf the NixOS firewall on the virtual machine is enabled, you also\nhave to open the guest ports to enable the traffic between host and\nguest.\n:::\n\n::: {.note}\nCurrently QEMU supports only IPv4 forwarding.\n:::\n", "example": {"_type": "literalExpression", "text": "[ # forward local port 2222 -> 22, to ssh into the VM\n  { from = \"host\"; host.port = 2222; guest.port = 22; }\n\n  # forward local port 80 -> 10.0.2.10:80 in the VLAN\n  { from = \"guest\";\n    guest.address = \"10.0.2.10\"; guest.port = 80;\n    host.address = \"127.0.0.1\"; host.port = 80;\n  }\n]\n"}, "loc": ["virtualisation", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "virtualisation.forwardPorts.*.from": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"host\""}, "description": "Controls the direction in which the ports are mapped:\n\n- `\"host\"` means traffic from the host ports\n  is forwarded to the given guest port.\n- `\"guest\"` means traffic from the guest ports\n  is forwarded to the given host port.\n", "loc": ["virtualisation", "forwardPorts", "*", "from"], "readOnly": false, "type": "one of \"host\", \"guest\""}, "virtualisation.forwardPorts.*.guest.address": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The IPv4 address on the guest VLAN.", "loc": ["virtualisation", "forwardPorts", "*", "guest", "address"], "readOnly": false, "type": "string"}, "virtualisation.forwardPorts.*.guest.port": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "The guest port to be mapped.", "loc": ["virtualisation", "forwardPorts", "*", "guest", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "virtualisation.forwardPorts.*.host.address": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": "The IPv4 address of the host.", "loc": ["virtualisation", "forwardPorts", "*", "host", "address"], "readOnly": false, "type": "string"}, "virtualisation.forwardPorts.*.host.port": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "The host port to be mapped.", "loc": ["virtualisation", "forwardPorts", "*", "host", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "virtualisation.forwardPorts.*.proto": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": "The protocol to forward.", "loc": ["virtualisation", "forwardPorts", "*", "proto"], "readOnly": false, "type": "one of \"tcp\", \"udp\""}, "virtualisation.graphics": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Whether to run QEMU with a graphics window, or in nographic mode.\nSerial console will be enabled on both settings, but this will\nchange the preferred console.\n", "loc": ["virtualisation", "graphics"], "readOnly": false, "type": "boolean"}, "virtualisation.host.pkgs": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "pkgs"}, "description": "Package set to use for the host-specific packages of the VM runner.\nChanging this to e.g. a Darwin package set allows running NixOS VMs on Darwin.\n", "example": {"_type": "literalExpression", "text": "import pkgs.path { system = \"x86_64-darwin\"; }\n"}, "loc": ["virtualisation", "host", "pkgs"], "readOnly": false, "type": "An evaluation of Nixpkgs; the top level attribute set of packages"}, "virtualisation.installBootLoader": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"cfg.useBootLoader && cfg.useDefaultFilesystems\""}, "description": "Install boot loader to target image.\n\nThis is best-effort and may break with unconventional partition setups.\nUse `virtualisation.useDefaultFilesystems` for a known-working configuration.\n", "loc": ["virtualisation", "installBootLoader"], "readOnly": false, "type": "boolean"}, "virtualisation.interfaces": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra network interfaces to add to the container or VM in addition to the ones\ncreated by {option}`virtualisation.vlans`.\n", "example": {"_type": "literalExpression", "text": "{\n  enp1s0 = {\n    vlan = 1;\n  };\n}"}, "loc": ["virtualisation", "interfaces"], "readOnly": false, "type": "attribute set of (submodule)"}, "virtualisation.interfaces.<name>.assignIP": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Automatically assign an IP address to the network interface using the same scheme as\nvirtualisation.vlans.\n", "loc": ["virtualisation", "interfaces", "<name>", "assignIP"], "readOnly": false, "type": "boolean"}, "virtualisation.interfaces.<name>.name": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": "Interface name\n", "loc": ["virtualisation", "interfaces", "<name>", "name"], "readOnly": false, "type": "string"}, "virtualisation.interfaces.<name>.vlan": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "description": "VLAN to which the network interface is connected.\n", "loc": ["virtualisation", "interfaces", "<name>", "vlan"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "virtualisation.memorySize": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "1024"}, "description": "The memory size of the virtual machine in MiB (1024\u00d71024 bytes).\n", "loc": ["virtualisation", "memorySize"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.mountHostNixStore": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "!cfg.useNixStoreImage && !cfg.useBootLoader"}, "description": "Mount the host Nix store as a 9p mount.\n", "loc": ["virtualisation", "mountHostNixStore"], "readOnly": false, "type": "boolean"}, "virtualisation.msize": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "16384"}, "description": "The msize (maximum packet size) option passed to 9p file systems, in\nbytes. Increasing this should increase performance significantly,\nat the cost of higher RAM usage.\n", "loc": ["virtualisation", "msize"], "readOnly": false, "type": "positive integer, meaning >0"}, "virtualisation.nixStore9pCache": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"loose\""}, "description": "Type of 9p cache to use when mounting host nix store. \"none\" provides\nno caching. \"loose\" enables Linux's local VFS cache. \"fscache\" uses Linux's\nfscache subsystem.\n\nThis option is only respected when {option}`virtualisation.mountHostNixStore`\nis enabled.\n", "loc": ["virtualisation", "nixStore9pCache"], "readOnly": false, "type": "one of \"loose\", \"none\", \"fscache\""}, "virtualisation.qemu.consoles": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "[\n  \"ttyS0,115200n8\"\n  \"tty0\"\n]"}, "description": "The output console devices to pass to the kernel command line via the\n`console` parameter, the primary console is the last\nitem of this list.\n\nBy default it enables both serial console and\n`tty0`. The preferred console (last one) is based on\nthe value of {option}`virtualisation.graphics`.\n", "example": {"_type": "literalExpression", "text": "[\n  \"console=tty1\"\n]"}, "loc": ["virtualisation", "qemu", "consoles"], "readOnly": false, "type": "list of string"}, "virtualisation.qemu.diskInterface": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"virtio\""}, "description": "The interface used for the virtual hard disks.", "example": {"_type": "literalExpression", "text": "\"scsi\""}, "loc": ["virtualisation", "qemu", "diskInterface"], "readOnly": false, "type": "one of \"virtio\", \"scsi\", \"ide\""}, "virtualisation.qemu.drives": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "Drives passed to qemu.", "loc": ["virtualisation", "qemu", "drives"], "readOnly": false, "type": "list of (submodule)"}, "virtualisation.qemu.drives.*.deviceExtraOpts": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options passed to device flag.", "loc": ["virtualisation", "qemu", "drives", "*", "deviceExtraOpts"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.qemu.drives.*.driveExtraOpts": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Extra options passed to drive flag.", "loc": ["virtualisation", "qemu", "drives", "*", "driveExtraOpts"], "readOnly": false, "type": "attribute set of string"}, "virtualisation.qemu.drives.*.file": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "The file image used for this drive.", "loc": ["virtualisation", "qemu", "drives", "*", "file"], "readOnly": false, "type": "string"}, "virtualisation.qemu.drives.*.name": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "A name for the drive. Must be unique in the drives list. Not passed to qemu.", "loc": ["virtualisation", "qemu", "drives", "*", "name"], "readOnly": false, "type": "null or string"}, "virtualisation.qemu.guestAgent.enable": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the Qemu guest agent.\n", "loc": ["virtualisation", "qemu", "guestAgent", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.qemu.networkingOptions": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Networking-related command-line options that should be passed to qemu.\nThe default is to use userspace networking (SLiRP).\nSee the [QEMU Wiki on Networking](https://wiki.qemu.org/Documentation/Networking) for details.\n\nIf you override this option, be advised to keep\n`${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}` (as seen in the example)\nto keep the default runtime behaviour.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-net nic,netdev=user.0,model=virtio\"\n  \"-netdev user,id=user.0,\\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}\"\n]"}, "loc": ["virtualisation", "qemu", "networkingOptions"], "readOnly": false, "type": "list of string"}, "virtualisation.qemu.options": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": "Options passed to QEMU.\nSee [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for a complete list.\n", "example": {"_type": "literalExpression", "text": "[\n  \"-vga std\"\n]"}, "loc": ["virtualisation", "qemu", "options"], "readOnly": false, "type": "list of string"}, "virtualisation.qemu.package": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then config.virtualisation.host.pkgs.qemu_kvm else config.virtualisation.host.pkgs.qemu"}, "description": "QEMU package to use.", "example": {"_type": "literalExpression", "text": "pkgs.qemu_test"}, "loc": ["virtualisation", "qemu", "package"], "readOnly": false, "type": "package"}, "virtualisation.qemu.virtioKeyboard": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Enable the virtio-keyboard device.\n", "loc": ["virtualisation", "qemu", "virtioKeyboard"], "readOnly": false, "type": "boolean"}, "virtualisation.resolution": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{\n  x = 1024;\n  y = 768;\n}"}, "description": "The resolution of the virtual machine display.\n", "loc": ["virtualisation", "resolution"], "readOnly": false, "type": "attribute set"}, "virtualisation.restrictNetwork": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If this option is enabled, the guest will be isolated, i.e. it will\nnot be able to contact the host and no guest IP packets will be\nrouted over the host to the outside. This option does not affect\nany explicitly set forwarding rules.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "restrictNetwork"], "readOnly": false, "type": "boolean"}, "virtualisation.rootDevice": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "/dev/disk/by-label/nixos"}, "description": "The path (inside the VM) to the device containing the root filesystem.\n", "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-label/nixos\""}, "loc": ["virtualisation", "rootDevice"], "readOnly": false, "type": "null or absolute path"}, "virtualisation.sharedDirectories": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "An attributes set of directories that will be shared with the\nvirtual machine using VirtFS (9P filesystem over VirtIO).\nThe attribute name will be used as the 9P mount tag.\n", "example": {"_type": "literalExpression", "text": "{\n  my-share = {\n    source = \"/path/to/be/shared\";\n    target = \"/mnt/shared\";\n  };\n}"}, "loc": ["virtualisation", "sharedDirectories"], "readOnly": false, "type": "attribute set of (submodule)"}, "virtualisation.sharedDirectories.<name>.securityModel": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "\"mapped-xattr\""}, "description": "The security model to use for this share:\n\n- `passthrough`: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)\n- `mapped-xattr`: some of the file attributes like uid, gid, mode bits and link target are stored as file attributes\n- `mapped-file`: the attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools\n- `none`: same as \"passthrough\" except the sever won't report failures if it fails to set file attributes like ownership\n", "loc": ["virtualisation", "sharedDirectories", "<name>", "securityModel"], "readOnly": false, "type": "one of \"passthrough\", \"mapped-xattr\", \"mapped-file\", \"none\""}, "virtualisation.sharedDirectories.<name>.source": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "The path of the directory to share, can be a shell variable", "loc": ["virtualisation", "sharedDirectories", "<name>", "source"], "readOnly": false, "type": "string"}, "virtualisation.sharedDirectories.<name>.target": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "description": "The mount point of the directory inside the virtual machine", "loc": ["virtualisation", "sharedDirectories", "<name>", "target"], "readOnly": false, "type": "absolute path"}, "virtualisation.tpm.deviceModel": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "''\n  Based on the guest platform Linux system:\n  \n  - `tpm-tis` for (i686, x86_64)\n  - `tpm-spapr` for ppc64\n  - `tpm-tis-device` for (armv7, aarch64)\n''"}, "description": "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.", "example": {"_type": "literalExpression", "text": "\"tpm-tis-device\""}, "loc": ["virtualisation", "tpm", "deviceModel"], "readOnly": false, "type": "string"}, "virtualisation.tpm.enable": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Whether to enable a TPM device in the virtual machine with a driver, using swtpm.", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "tpm", "enable"], "readOnly": false, "type": "boolean"}, "virtualisation.tpm.package": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "pkgs.swtpm"}, "description": "The swtpm package to use.", "loc": ["virtualisation", "tpm", "package"], "readOnly": false, "type": "package"}, "virtualisation.tpm.provisioning": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": "Script to provision the TPM before control is handed off to the VM.\n\n`TPM2TOOLS_TCTI` will be provided to configure tpm2-tools to use the\nswtpm instance transparently.\n`TCTI` is also provided as a generic value, consumer is expected to\nre-export it however it may need (`TPM2OPENSSL_TCTI`, `TPM2_PKCS11_TCTI`,\n...).\n", "example": {"_type": "literalExpression", "text": "tpm2_nvdefine 0xcafecafe \\\n  -C o \\\n  -a \"ownerread|policyread|policywrite|ownerwrite|authread|authwrite\"\necho \"foobar\" | tpm2_nvwrite 0xcafecafe -C o\n"}, "loc": ["virtualisation", "tpm", "provisioning"], "readOnly": false, "type": "null or string"}, "virtualisation.useBIOSBoot": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled for legacy MBR VMs, the VM image will have a separate boot\npartition mounted at /boot.\nuseBIOSBoot is ignored if useEFIBoot == true.\n", "example": {"_type": "literalExpression", "text": "true"}, "loc": ["virtualisation", "useBIOSBoot"], "readOnly": false, "type": "boolean"}, "virtualisation.useBootLoader": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Use a boot loader to boot the system.\nThis allows, among other things, testing the boot loader.\n\nIf disabled, the kernel and initrd are directly booted,\nforgoing any bootloader.\n\nCheck the documentation on {option}`virtualisation.directBoot.enable` for details.\n", "loc": ["virtualisation", "useBootLoader"], "readOnly": false, "type": "boolean"}, "virtualisation.useDefaultFilesystems": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "If enabled, the boot disk of the virtual machine will be\nformatted and mounted with the default filesystems for\ntesting. Swap devices and LUKS will be disabled.\n\nIf disabled, a root filesystem has to be specified and\nformatted (for example in the initial ramdisk).\n", "loc": ["virtualisation", "useDefaultFilesystems"], "readOnly": false, "type": "boolean"}, "virtualisation.useEFIBoot": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, the virtual machine will provide a EFI boot\nmanager.\nuseEFIBoot is ignored if useBootLoader == false.\n", "loc": ["virtualisation", "useEFIBoot"], "readOnly": false, "type": "boolean"}, "virtualisation.useHostCerts": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "If enabled, when `NIX_SSL_CERT_FILE` is set on the host,\npass the CA certificates from the host to the VM.\n", "loc": ["virtualisation", "useHostCerts"], "readOnly": false, "type": "boolean"}, "virtualisation.useNixStoreImage": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Build and use a disk image for the Nix store, instead of\naccessing the host's one through 9p.\n\nFor applications which do a lot of reads from the store,\nthis can drastically improve performance, but at the cost of\ndisk space and image build time.\n\nThe Nix store image is built just-in-time right before the VM is\nstarted. Because it does not produce another derivation, the image is\nnot cached between invocations and never lands in the store or binary\ncache.\n\nIf you want a full disk image with a partition table and a root\nfilesystem instead of only a store image, enable\n{option}`virtualisation.useBootLoader` instead.\n", "loc": ["virtualisation", "useNixStoreImage"], "readOnly": false, "type": "boolean"}, "virtualisation.useSecureBoot": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": "Enable Secure Boot support in the EFI firmware.\n", "loc": ["virtualisation", "useSecureBoot"], "readOnly": false, "type": "boolean"}, "virtualisation.vlans": {"declarations": ["nixos/modules/virtualisation/guest-networking-options.nix"], "default": {"_type": "literalExpression", "text": "if cfg.interfaces == {} then [ 1 ] else [ ]"}, "description": "Virtual networks to which the container or VM is connected. Each number \u00abN\u00bb in\nthis list causes the container to have a virtual Ethernet interface\nattached to a separate virtual network on which it will be assigned IP\naddress `192.168.\u00abN\u00bb.\u00abM\u00bb`, where \u00abM\u00bb is the index of this container in\nthe list of containers.\n", "example": {"_type": "literalExpression", "text": "[\n  1\n  2\n]"}, "loc": ["virtualisation", "vlans"], "readOnly": false, "type": "list of (unsigned integer, meaning >=0)"}, "virtualisation.vmVariant": {"declarations": ["nixos/modules/virtualisation/build-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Machine configuration to be added for the vm script produced by `nixos-rebuild build-vm`.\n", "loc": ["virtualisation", "vmVariant"], "readOnly": false, "type": "submodule"}, "virtualisation.vmVariantWithBootLoader": {"declarations": ["nixos/modules/virtualisation/build-vm.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": "Machine configuration to be added for the vm script produced by `nixos-rebuild build-vm-with-bootloader`.\n", "loc": ["virtualisation", "vmVariantWithBootLoader"], "readOnly": false, "type": "submodule"}, "virtualisation.writableStore": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "cfg.mountHostNixStore"}, "description": "If enabled, the Nix store in the VM is made writable by\nlayering an overlay filesystem on top of the host's Nix\nstore.\n\nBy default, this is enabled if you mount a host Nix store.\n", "loc": ["virtualisation", "writableStore"], "readOnly": false, "type": "boolean"}, "virtualisation.writableStoreUseTmpfs": {"declarations": ["nixos/modules/virtualisation/qemu-vm.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": "Use a tmpfs for the writable store instead of writing to the VM's\nown filesystem.\n", "loc": ["virtualisation", "writableStoreUseTmpfs"], "readOnly": false, "type": "boolean"}}